[metaslider id=2951] … Read More
Archives for June 2016
Most SMBs Completely Unprepared for Ransomware
Tara Seals – InfoSecurity – June 21, 2016
A majority of American small and medium-sized business (SMB) owners say they recognize the severity of ransomware but lack the necessary resources, such as cyber-insurance or extra funds, to become operational once again if hit.
According to theft protection firm IDT911, one out of three say they could not go without access to critical business systems for any length of time. It added that SMBs, defined as businesses with less than 1,000 employees, have a lot to learn in terms of how to prepare for this risk and deal with the situation once impacted—making them prime targets.
Three-quarters of SMBs (75%) do not have cyber-insurance, or are unsure if their policy includes cyber protection; and 65% of SMB owners say they currently do not, nor plan to, budget extra funds. More than two out of 10 (22%) of SMB owners say they are unsure how to, or were not aware of the need to, back up their system and files.
The good news is that a majority (84%) said they would not pay in the event of an attack; and only 3% say they would pay $10,000 or more. About 10 percent would pay between $1 and $100.
Interestingly, Millennials (ages 18 to 34) are more likely to have cyber insurance protecting their business than those respondents aged 35 to 44. And female business owners are more likely than men to report ransomware attacks to authorities right away.
The FBI’s Internet Crime Compliant Center reported that a total of 2,453 ransomware complaints were received in 2015, costing victims more than $24 million dollars. And since January 1, Symantec Security Response has seen an average of 4,000 ransomware attacks per day—a 300-percent increase from last year.
“Ransomware is the Zika virus of the business world and there is absolutely no telling how far and wide this will spread,” said Adam Levin, founder and chairman of IDT911, and author of Swiped. “Training alone isn’t enough, cyber-insurance alone isn’t enough and, sure as heck, backed-up data alone isn’t enough. We’re talking about complete and utter paralysis of systems that could spell lost revenue, viciously impacted customers and a potential near-extinction level event for a business. Businesses need a comprehensive cyber security strategy that includes prevention, monitoring and damage control.”
There’s much riding on getting this right: More than half (60%) of business owners said that they would immediately report an attack to law enforcement authorities, as one out of three respondents (33%) say they could not go without access to critical business systems for any length of time.
Contact us to find out more about how to block, detect and protect your network from ransomware.
Next-Gen Endpoint Protection – Explained
What should you expect from a next-gen endpoint protection solution?
Everyone knows that traditional antivirus isn’t enough to stop today’s advanced threats, so endpoint security vendors are hoping you’ll consider their “next-gen” solutions. But what exactly does “next-gen” mean, and what capabilities should you expect?
At Sophos, we believe next-gen endpoint protection means an integrated system of technologies that protect against all stages of an attack:
1. Prevention: Stopping malware before it can execute.
2. Detection: Identifying quickly when malware is deployed.
3. Response: Taking action instantly when malware is detected.
Let’s take a quick look at the capabilities your endpoint protection needs to counter threats at each stage.
1. Prevention: The defensive front line
Prevention focuses on stopping malware from ever reaching the device in the first place. Prevention capabilities can be broken down into exposure prevention and pre-execution defense.
– Web protection – can you block malicious webpages?
– Device control – which devices (e.g., USB drives) are allowed to access the endpoint?
– Download reputation – where does the file come from, do other machines in the organization use it?
– File analytics/HIPS – does a file contain code trying to modify the registry?
– Emulator – can you execute the file in a safe environment to test it?
2. Detection: Catching malware in the act
Detection uses a variety of methods to identify malware that has reached a device. A next-gen endpoint solution should have these run-time detection capabilities.
– Malicious traffic detection – are processes communicating with known threat locations (phoning home)?
– Memory scanning – is a file exhibiting behavior of known malware?
– Exploit detection – is the suspect process cataloging the memory of another process?
3. Response: Clean-up and analysis
Response capabilities should eliminate the malware and perform analysis to identify the entry point of the malware.
– Malware removal – can your endpoint solution remove the executable and other malware components?
– Root cause analysis – can it identify the malware’s origin to understand what was compromised?
Choosing a truly “next-gen” endpoint solution
Sophos experts have written a simple guide to explain why organizations like yours need next-gen endpoint protection. It also explains in straightforward terms the features that a next-gen endpoint solution should have, and how they keep your users and systems secure.
Download the free whitepaper, or sign up for a free 30-day trial of Sophos Next-Gen Endpoint Protection.
APT-style attacks: How cybercriminals are using them
New research shows cybercriminals are using more advanced attack techniques. Expert Nick Lewis explains what enterprises need to know about the APT-style attacks.
The definitions of advanced cyberattacks and cyberwar are hotly debated terms in information security, and they are used frequently in marketing materials. Advanced persistent threat, or APT, groups were once equivalent to nation-state attackers, but the term has started to include other organized cybercrime gangs that bypass the security controls of enterprises assumed to have high security, such as financial institutions.
Over time, advanced techniques will be adopted by less advanced attackers, which will result in enterprises implementing security controls to prevent these attacks. The advanced threat actors will then develop new attack techniques to bypass these new controls in the endless cat-and-mouse game that persists in information security. New research from Kaspersky Lab on several cybercrime gangs details the advanced APT-style attack techniques being adopted more broadly, which enterprises need to devote more resources to defend against.
This tip will take a look at the APT-style attacks reported by Kaspersky Lab, and how enterprises can update their security programs.
Verify your Endpoint Protection with Sophos Clean
One of the key phrases we use is test and verify, however with endpoint solutions this can be difficult as most requires you to uninstall what you currently are using in order to run another product, which can be problematic -introducing Sophos Clean.
Sophos Clean is a signatureless, on-demand malware scanner that’s just 11 MB and does not need to be installed. You can run it from a USB flash drive, a cd/dvd, or from network attached storage, which is nice if malware is manipulating the installed antivirus software and its updates. So How does it work:
Run a Second Opinion Scan – Instead of relying on signatures, Sophos Clean gathers actionable intelligence and examines the collected information. This signatureless approach allows the scanner to discover which files act and look like malware.
Discovery – It’s designed to discover viruses, trojans, rootkits, spyware and other malware on up-to-date and fully protected computers. It searches for early-life and next-generation malware; the kind of malware that doesn’t yet have a detection signature.
Fix It – Sophos Clean removes persistent threats from within the operating system and replaces infected Windows resources with the original, safe versions. Reinfection attempts are proactively blocked until threat remediation is completed.
Download your 30 day evaluation and verify your protection