World Backup Day: Because Real Life Can Have Save Points Too

March 31 is World Backup Day. Get 1-up on theft, device failure and data loss by creating and checking backups — both for your organization and for yourself. 

You’ve been playing for hours. You’ve faced two tough enemies in a row, and all signs indicate you’re about to take your remaining 12 hit points straight into a boss fight.

Up ahead a glowing stone beckons like a glimmering oasis.

“Would you like to save your progress?” a popup asks as you approach.

Um. YES!

But as obvious a choice as that seems, when the same opportunity presents itself in real life, a shocking number of people don’t take advantage of it.

What Do You Have to Lose?

The digital revolution has brought about unprecedented efficiency and convenience, ridding us of the need for bulky filing cabinets, media storage, photo albums, rolodexes and more. But every time we outsource the storage of our data to the cloud, we become a little more reliant on digital devices that are anything but infallible.

According to, more than 60 million computers worldwide will fail this year, and more than 200,000 smartphones—113 every minute—will be lost or stolen. But while the devices themselves are replaceable, their contents often aren’t. Imagine what could be at stake: All the photos you’ve taken of your children over the past two years. Every message you ever sent your spouse, all the way back to the very beginning. The last voicemail you ever got from your grandmother. All could disappear in an instant, even when associated with cloud accounts, as experienced below.

But the loss isn’t always just sentimental. Sometimes it’s professional too, as journalist Matt Honan found out in 2012. Honan used an iCloud account for his data, but had no backups — and when hackers gained access to the account, they remotely wiped his phone, tablet and computer. They also took over and deleted his Google account. “In the space of one hour,” Honan told Wired, “my entire digital life was destroyed.”

Good Backups Are Good Business

Businesses have fallen victim to devastating data loss, as well. In 1998, Pixar lost 90% of its film “Toy Story 2,” then in progress, due to the combination of a faulty command and insufficient backups.

And when social media/bookmarking site experienced a database failure resulting in the loss of all user data, it ultimately shuttered the company. “I made a huge mistake in how I set up my [backup] system,” founder Larry Halff said of the incident. 

The Cultural Cost of Insufficient Backups

While World Backup Day’s primary goal is to encourage people to create and check their backups, it also aims to spark discussion of an enormous task: how to preserve our increasingly digital heritage and cultural works for future generations.

Due to insufficient archiving and backup practices, many cultural properties have already disappeared. For example, an entire season of the children’s TV show “Zodiac Island” was lost forever when a former employee at the show’s internet service provider deleted over 300GB of video files, resulting in a lawsuit over the ISP’s lack of backups.

And decades before, a similar fate befell the now-iconic sci-fi series “Dr. Who.” The Film Library of Britain and BBC Enterprises each believed the other party was responsible for archiving the material. As a result, the BBC destroyed its own copies at will, resulting in the master videotapes of the series’ first 253 episodes being recorded over or destroyed. Despite the existence of secondary recordings and showrunners obtaining copies from as far away as Nigeria, 97 episodes are still unaccounted for and presumed lost for good.

How to Ensure Your Digital Future Today

With so much at stake, you’d think almost everyone would back up their data at least occasionally. This isn’t the case, however. According to, only about 1 in 4 people are backing up their data regularly, and an astounding 21% have never made a backup.

This phenomenon is also seen at the corporate level. While 45% of companies have reported downtime from hardware failure and 28% reported a data loss event in the past 12 months, FEMA reports that 1 in 5 companies don’t have a disaster recovery/business continuity plan (and thus don’t typically have current backups.) With 20% of SMBs facing catastrophic data loss every five years, being left unprepared is much less an “if” than a “when.”

The difference in outcome for these businesses is stark. Ninety-three of businesses that experienced data loss and more than ten days of downtime filed for bankruptcy within a year. But 96% of businesses that had a disaster recovery plan fully recovered operations.

While a good backup plan will require ongoing attention, today is a great day to start — and even one backup is a tremendous improvement over no backups at all. The World Backup Day website is full of information on online backup services, external hard drive backup, computer backup, smartphone backup, creating a NAS backup, and other methods of preserving your data.

If you’re like many IT professionals and already understand the importance of backups, today’s a perfect day to test your backups out and make sure they’re still fully operational. It’s also a good opportunity to share the importance of backups with bosses, colleagues and friends.

After all, if you’re an individual, you won’t get an “extra life” to go back and relive all the memories you might lose if your device fails. And if you’re a small- or medium-sized business owner and lose all your data, having backups might be the difference between “Continue” and “Game Over.” On World Backup Day and every day, the choice is up to you.

To learn more about backups, visit

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide

We’re thrilled to announce that SonicWall is being celebrated by CRN, a brand of The Channel Company, with a prestigious 5-star rating in its 2022 Partner Program Guide.

CRN’s annual Partner Program Guide provides a definitive list of the most notable partner programs from industry-leading technology vendors that provide innovative products and flexible services through the IT channel. The 5-star rating is achieved only by select vendors that deliver the best of the best, going above and beyond in their partner programs to help push growth and positive change.

“SonicWall has been dedicated to enabling its partners to succeed now and into the future,” said HoJin Kim, SonicWall SVP, Worldwide Channel, North American Sales. “We always try to anticipate our partners’ needs to help them exceed their annual sales goals and objectives. We appreciate the recognition from CRN as a world-class partner.”

The Partner Program Guide provides the channel community with a deep dive into the partner programs offered by IT vendors, service providers and distributors. Companies are scored based on their investments in program offerings, partner profitability, partner training, education and support, marketing programs and resources, sales support, and communication. A 5-star rating helps narrow the field to find the best fit, identifying the most rewarding partner programs and providing crucial insight into their strengths.

“CRN’s Partner Program Guide delves into the strengths of each organization’s partner program in order to honor those that consistently support and promote good change within the IT channel,” said Blaine Raddon, CEO of The Channel Company. “As innovation fuels the speed and complexity of technology today, solution providers want partners that can keep up with and assist their growing business.”

The 2022 Partner Program Guide will be featured in the April 2022 issue of CRN and online at˚m/PPG.

Cyberattacks on Government Skyrocketed in 2021

The 2022 SonicWall Cyber Threat Report stats show an increase in attacks on federal, state and local governments, including ransomware, IoT, cryptojacking and more.

Over the past several years, cybersecurity researchers (including those at SonicWall) have noted a growing shift away from the “spray-and-pray” tactics that dominated much of the past decade, to a more targeted “big-game hunting” approach.

We’ve seen the effects of this strategic transition for a little while, as attackers have increasingly looked for targets that would cause the most disruption, that would have the most valuable information, and so on. And accordingly, in 2021 cybercriminals focused a lot of their attention on local, state and federal governments.

The year’s headlines offered snapshots of this trend, as threat actors launched attacks on a diverse set of targets including the governments of Indonesia and Israel, India’s prime minister, Belgium’s ministry of defense, Australia’s government-owned telecommunications systems, and multiple U.S. defense firms.

But a look at the exclusive threat data from the 2022 SonicWall Cyber Threat Report tells a larger picture about when, how and how much government customers are being targeted as compared with those in other industries.


In 2021, global ransomware volume skyrocketed, rising 105% year over year. But while “The Year of Ransomware” spared no country, region or industry, the stats were particularly grim for those in government. Ransomware attempts among government customers rose a staggering 1,885% — more than double the increase seen in healthcare (+755%), education (152%) and retail (21%) combined.


For 2020 to 2021, global malware — affecting all customers across all regions and industries — fell 4%. But among government customers, malware actually increased 94%. The percentage of SonicWall customers targeted further highlights this rise: Each month, an average of 19.6% of government customers saw a malware attempt.

Government devices were increasingly attacked last year, as well. In 2021, IoT malware increased 6% globally — but among government customers, these attacks spiked 46%. Government customers were second only to those in education in terms of how likely they were to see an attempted attack, with an average of roughly 9% of customers targeted by IoT malware each month.


Unfortunately, IoT malware attacks aren’t the only way that cybercriminals leverage government customers’ devices against them. Cryptojacking, a type of attack in which cybercriminals use a victim’s device to mine cryptocurrency without their knowledge or consent, also spiked last year, buoyed by record-high cryptocurrency prices.

Global cryptojacking volume in 2021 jumped 19% year-over-year, reaching the highest point ever recorded by SonicWall Capture Labs threat researchers. But this jump disproportionately affected those involved in government: Cryptojacking attempts on government customers rose 709% in 2021.

Governments Fight Back

But as cyberattacks on government continued to increase in 2021, efforts at the state, federal and local level increasingly turned to strengthening defenses . At least 45 U.S. states considered their own cybersecurity bills in 2021, up 18% from 2020. And many of their cybersecurity efforts were bolstered by the passage of a historic U.S. infrastructure bill in November 2021, which included $1 billion for state, local, tribal and territorial cybersecurity.

Advances were made at the federal level, as well. U.S. President Joe Biden signed an executive order in May 2021 aimed at modernizing the government’s response to cyberattacks, joining Japan, Australia, Germany and countless other countries in passing measures to improve national security in 2021.

Biden reiterated his commitment to cybersecurity, particularly concerning the nation’s infrastructure, in a statement last week:

“From day one, my administration has worked to strengthen our national cyberdefenses, mandating extensive cybersecurity measures for the federal government and those critical infrastructure setors where we have authority to do so, and creating innovative public-private partnerships and initiatives to enhance cybersecurity across all our critical infrastructure.

“My administration will continue to use every tool to deter, disrupt and, if necessary, respond to cyberattacks against critical infrastructure,” Biden said.

As part of the United States’ increased focus on cybersecurity, the Department of Justice in June announced the formation of its Ransomware and Digital Extortion Task Force, increasing the resources and personnel available for pursuing cybercriminals. As a result of the efforts made by this task force and other enforcement agencies, members of the REvil ransomware gang, the Trickbot group, the DarkSide ransomware group and more were brought to justice in 2021.

Cybersecurity News & Trends

This week, we continue to pick up new mentions for the 2022 SonicWall Cyber Threat Report, including an excellent product review for Capture Client by BizTech Magazine. Our own Debasish Mukherjee, Vice President of Regional Sales APAC, was interviewed by regional industry trade journal, Express Computer. Industry news remains largely focused on national reactions to the ongoing Ukrainian crisis, with President Biden issuing an ominous-sounding warning to businesses that evolving Russian cyber threats are “coming.” Some observers added to our collective fear that undersea cables used by nearly every country around the globe are vulnerable. Meanwhile, health data of almost 50 million Americans were compromised last year, HubSpot was breached, members of the gang that hacked Okta and Microsoft were arrested in the UK, and Nestlé denies Anonymous claims that it was hacked.

SonicWall News

Securing Information in A Boundless World Is Virtually Impossible

Express Computer: An exclusive interview with Debasish Mukherjee, Vice President, Regional Sales APAC, SonicWall Inc, shares the significance of new threats to cybersecurity and the impact on Indian companies while heavily citing the SonicWall Cyber Threat Report 2022.

Review: SonicWall Capture Client Makes Security Seamless

BizTech Magazine: A recent test of SonicWall’s advanced endpoint protection solution left us impressed with its ability to provide continuous behavioral monitoring, easy threat hunting, and a multilayered heuristic approach to determining potential network anomalies. It all combines to produce highly accurate determinations of active threats with very little noise or false positives.

Irish Charity Rehab Group Targeted by Cyberattack

Silicon Republic: SonicWall’s latest cyberthreat report highlighted the variety of cybersecurity threats that increased to unprecedented levels in 2021, with ransomware attacks up 105pc and encrypted threats increasing 167pc.

Ransomware Attacks Rose 105% In 2021

Staffing Industry Analysts: There were 623 million ransomware attacks globally in 2021, an increase of 105% from the previous year, according to a report released last month by SonicWall, a San Jose, California-based cybersecurity firm. Separately, staffing firms can take steps to reduce the chance of becoming victims of such attacks.

Investing In Thematics: Big Data

Benzinga: In 2020, ransomware attacks increased by 62% globally and 158% in North America compared to 2019, citing data from the 2021 SonicWall Cyber Threat Report. The story uses the data to conclude that malicious attacks have real consequences for business, infrastructure, and end-users beyond lost data and operational disruptions.

Mobile Traffic Dominates with Spike In Digital Fraud

IT Wire: The past year has seen a meteoric rise in ransomware incidents worldwide. Over the past 12 months, SonicWall threat researchers have diligently tracked the meteoric rise in cyberattacks and trends and activity across all threat vectors.

What Are the Biggest Ransomware Trends Facing US Businesses?

Insurance Business Magazine: SonicWall’s 2022 Cyber Threat Report described 2021 as “one of the worst years for ransomware ever recorded” as attack volume rose to a staggering 623.3 million. The number is equivalent to 2,170 ransomware attempts per customer and almost 20 attempts every second.

Big Data Cloud Computing and Cybersecurity

Seeking Alpha: In 2020, ransomware attacks increased by 62% globally and 158% in North America compared to 2019, according to the SonicWall Cyber Threat Report.

Microsoft And Okta Investigate Data Breach Claims

Silicon Republic: SonicWall’s latest cyberthreat report highlights the variety of threats that increased to unprecedented levels in 2021, with ransomware attacks up 105pc and encrypted threats increasing 167pc.

Industry News

“It’s coming”: President Biden warns of “evolving” Russian cyber threat to US

CBS News: Monday’s warning by President Biden culminated with “evolving intelligence” that suggests Russia has explored options for cyberattacks against US critical infrastructure. Biden addressed the Business Roundtable, a group of some of America’s largest corporations. He also said that “the magnitude of Russia’s cyber capability is quite consequential… and it’s coming.” Although there is no evidence of a specific threat to cybersecurity, Anne Neuberger, Biden’s deputy national security advisor for cyber and emerging technologies, explained to reporters Monday that US officials had observed “preparatory works” linking to nation-state actors. This activity could indicate an increase in US companies scanning websites and searching for vulnerabilities.

Threat Looms of Russian Attack On Undersea Cables To Shut Down West’s Internet

France 24: The twin global crises of cyber warfare and war in Ukraine have revived fears of a digital catastrophe scenario in which Russia would take over the internet, destroying its undersea cables. Since the outbreak of the Ukrainian crisis, this possibility has been raised many times, even by military leaders. For example, according to Guardian newspaper, Admiral Tony Radakin of the British Armed Forces stated, in January 2022, that Moscow could “put at danger and potentially exploit the real world’s information system, which are undersea cables that run all around the globe.” The influential American think tank Atlantic Council shared Radakin’s theory and published an article about the possibility of the Kremlin cutting global internet cables.
Anyone looking to disrupt cybersecurity and global connectivity will find that there are more than 430 undersea Internet cables. These cables are often seen as the weakest link in the worldwide network. They “look like large garden hoses lying at sea,” according to Tobias Liebetrau, an expert in international relations at the Danish Institute for International Studies. Except for integrated surveillance systems, which can only send alerts if there’s danger nearby, the cables don’t have any special protection.

Russian Spies Indicted in Worldwide Hacks of Energy Industry, Including Kansas Nuclear Plant

Politico: The US Department of Justice claims that three Russian spies spent five years targeting 135 countries’ energy infrastructures to allow the Russian government remote control of power stations. Wired Magazine reported that the attacks spanned 2012 to 2014. According to an indictment in Kansas’s district court, the three FSB officers — Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov — conspired to conceal malware in software updates used to control power plant equipment. This tactic, along with others, allowed the accused agents to install malware on more than 17,000 devices worldwide. These attacks were disclosed previously in 2018.

HubSpot Data Breach Ripples Through Cryptocurrency Industry

Threat Post: A HubSpot rogue employee was fired for leaking information about cryptocurrency customers. More than 135,000 customers use HubSpot. Analysts suspect the breach could affect approximately 30 crypto-companies, including BlockFi, NYDIG, Swan Bitcoin, Circle, and Pantera Capital. The breach reminds us of the amount of data CRM systems can gobble up.

Health Data Breaches Swell In 2021 Amid Hacking Surge

Politico: According to analysis, nearly 50 million Americans saw their sensitive healthcare data compromised in 2021. This is a threefold increase over the previous three years. These cybersecurity incidents were reported by health care providers, insurers and state officials last year. According to the analysis, more than half of all states and Washington, DC had more than one in 10 residents affected by unauthorized access to their health data. Hacking was responsible for almost 75% of these breaches, up from 35% in 2016.

Alleged Microsoft, Okta Hackers Arrested In UK

The Hill: British authorities arrested seven individuals on Thursday suspected of hacking major tech companies, including Okta and Microsoft, also reported by Reuters. The individuals arrested are between the ages of 16 and 21 and are likely members of the hacking group. The Verge also reported that this group had taken responsibility for some major security breaches at tech companies, including NvidiaSamsung, and Ubisoft. On Wednesday, reports surfaced indicating an Oxford-based teenager is the mastermind of the group. City of London Police did not say if this teenager was among those arrested

Nestlé Denies Anonymous Hacked It

Fortune Magazine: Nestlé has denied claims that hacker collective Anonymous published sensitive information it stole from the Swiss food giant as punishment for doing business in Russia. Responding to increasing consumer pressure, Nestlé said it is reducing its offering of consumer brands in Russia, including Kit Kat and Nesquik, as quickly as possible in response to Vladimir Putin’s unprovoked war of aggression against Ukraine.

In Case You Missed It

Meeting the Cybersecurity Needs of the Hybrid Workforce

Join a discussion about the business and security challenges IT managers currently face in a rapidly expanding remote workforce.

Not only is the hybrid workforce here to stay, but it’s growing as well. And along with it come massive business and technical challenges. In April, SonicWall’s senior solution engineer, Rajesh Agnihotri, will lead a webcast exploring these and other challenges.

Given the unprecedented growth of remote working, this edition of MindHunter is sure to draw an international audience of thought leaders and solutions professionals.

The Unstoppable Growth of the Hybrid Workforce

Most workforce professionals define a “hybrid workforce” as consisting of employees that work remotely (usually from home), those who work in an office setting, and those who work a combination of both.

According to Global Workplace Analytics, a business management firm in California, up to 30% of the American workforce is now considered “hybrid,” with expectations of 36.2 million Americans working remotely by 2025. The World Economic Forum reported that in Europe, less than 5% of the workforce worked remotely before the COVID pandemic. Today that number has risen to 12.3%, with Finland leading the way at more than 25%.

PriceWaterhouseCoopers released a study last year that shows remote work has been an overwhelming success for both employees and employers. But unfortunately, this success fuels growing worries from the people entrusted with protecting the company networks.

How the Hybrid Workforce Impacts Your Cybersecurity Posture

According to the 2022 SonicWall Cyber Threat Report, global ransomware attacks jumped dramatically in 2021, showing a 105% year-over-year increase. This includes massive spikes in a number of industries, including government (+1,885%), healthcare (755%) and education (152%.)

Yet, in a survey of remote workers conducted by the global information technology company Unisys, a shockingly small 61% of remote workers reported feeling primarily responsible for helping to maintain their organization’s digital security. For example, only 21% are on alert for sophisticated online threats in real-time, and about 39% of respondents to the Unisys survey admitted to not being wary of clicking suspicious links in their email.

AT&T surveyed 800 EMEA cybersecurity specialists in 2021 and found that 70% of large businesses (companies with 5,000 or more employees) believed that the hybrid remote work made them more susceptible to cyberattacks. Adding to their concern was an admission by 31% of the respondents that their biggest cybersecurity threat was employees working from home and using their own computers and IoT devices.

The AT&T survey also revealed that not all employers had taken basic steps towards improving cybersecurity. For example, 32% of employees say that their company has not implemented additional login protocols to protect against cyber-based threats. In addition, 50% also claim they have not needed additional cybersecurity training since moving to remote work.

Peeling Back the Onion on Layered Cybersecurity

In this webcast, participants will look squarely at the business and technological challenges presented by the hybrid workforce. The discussion will center around real-world solutions, and feature advice from IT management and cybersecurity experts on implementing layered cybersecurity.

Attendees will learn how these challenges apply to their role as IT managers and why they are increasingly relevant in the hybrid workforce environment.

  • Ways to deal with capacity and network traffic visibility issues when there are more users outside the office network than inside
  • How to deploy layered security when you’re not confident about the connected devices’ identity and nature
  • How solutions that follow the Secure Access Service Edge (SASE) model and Zero Trust Network Architecture (ZTNA) may address many concerns about the hybrid networking environment
  • Why SASE itself may advance IT cybersecurity readiness and effectiveness against advanced threats.

Learning and Exploring with Cybersecurity Thought Leaders

Considering how quickly the threat landscape has grown these past two years, we are in a race against time to implement better cybersecurity as the hybrid workforce augments the risks everyone faces.

This is your invitation to engage cybersecurity thought leaders and explore methods and techniques that can protect your business today.

Additional reading:

World Economic Forum, how many remote workers are there in different parts of Europe?

Apollo Technical, Statistics on Remote Workers that will Surprise you (2022);

Forbes, Cybersecurity Challenges Call For Ways To Secure Working Remote;

Cybersecurity News & Trends

More business and trade journals mentioned the 2022 SonicWall Cyber Threat Report this week. One mention found its way into Silicon Republic’s report on Ubisoft’s company-wide password reset after the hack last week. Industry news this entire week was focused on the fallout from the Russia-Ukraine conflict. We found numerous reports on activist attempts to break through Russia’s “digital iron curtain,” with cybersecurity experts pleading for caution as the “cyber war” escalates. Today’s headlines include Russia facing an “unprecedented” wave of cyberattacks, a nine-year-old Microsoft flaw is back, hackers getting around multi-factor authentication, and the hybrid cyber war unfolds.

SonicWall News

Ubisoft Issues Company-Wide Password Reset After Hack

Silicon Republic: As previously reported, Gaming giant Ubisoft confirmed a “cybersecurity incident” where the ransomware group Lapsus$ claims to have disrupted games, systems and services. The company further confirmed that it initiated a company-wide password reset. As part of this report, Silicon Republic also cited SonicWall’s latest cyberthreat report, highlighting the variety of threats that increased to unprecedented levels in 2021, with ransomware attacks up 105pc and encrypted threats increasing 167pc.

Putting Brakes on Cybersecurity Threats: Practical Strategies to Mitigate Cybersecurity Risk

National Law Review: Ransomware attacks frequently made headlines in 2021 and substantially impacted many US companies. In the first six months of last year alone, ransomware attacks on US companies were up 148% from 2020 (footnote: “SonicWall 2022 Cyber Threat Report”).

What are the biggest ransomware trends facing US businesses?

Insurance Business Magazine: The US alone accounted for more than two-thirds (67.6%) of all ransomware attacks worldwide last year as the nation logged almost 421.5 million hits – a 98% rise year-on-year, according to a new report by cybersecurity firm SonicWall.

SonicWall Cyber Threat Report Highlights That Ransomware Attacks Doubled In 2021

Continuity Central: SonicWall has released its 2022 Cyber Threat Report. This details a sustained surge in ransomware with 623.3 million attacks globally. Nearly all monitored threats, cyber attacks and malicious digital assaults rose in 2021, including ransomware, encrypted threats, IoT malware, and cryptojacking. SonicWall researchers diligently tracked the dramatic rise in ransomware, recording an astounding 318.6 million more ransomware attacks than 2020, a 105 percent increase. Ransomware volume has risen 232 percent since 2019. Following global trends, all industries faced significant increases in ransomware volume, including government (+1,885 percent), healthcare (755 percent), education (152 percent) and retail (21 percent).

Why Ransomware Attacks Steer Clear of the Cloud – 1

Martech Series: The most recent edition of SonicWall’s annual threat report states that the volume of ransomware attacks in 2021 has risen 231.7% since 2019.

Why Ransomware Attacks Steer Clear of the Cloud – 2

Yahoo Finance: Ransomware made news headlines worldwide earlier this month after a successful attack against one of Toyota Motor Corp.’s parts suppliers forced the automaker to shut down 14 factories in Japan for a day, halting their combined output of around 13,000 vehicles. That attack was the latest example of ransomware’s threat to all industries. The most recent edition of SonicWall’s annual threat report states that the volume of ransomware attacks in 2021 has risen 231.7% since 2019.

Cybersecurity Tool Positions Company in Trillion-Dollar Market

Digital Journal: Sonic Wall’s 2022 Cyber Threat Report shows that every category of cyberattack increased in volume throughout 2021. The number of encrypted threats spiked by 167% (10.4 million attacks), ransomware rose by 105% to 623.3 million attacks, cryptojacking rose by 19% (97.1 million attacks), intrusion attempts by 11% (a whopping 5.3 trillion) and IoT malware rose by 6% to 60.1 million attacks.

How to Become a Cybersecurity Pro: A Cheat Sheet

WOLL (Germany): Encrypted threats skyrocketed in 2021 by 229% (00.4 million attacks), ransomware up 103% to 623.3 million attacks, cryptojacking up 22% (33.1 million attacks), intrusion attempts up 10% (a whopping 5.3 trillion), and IoT malware increased 6% to 30.1 million attacks according to SonicWall’s Cyber ​​Threat Report.

Industry News

Hackers Try to Break Through Putin’s Digital Iron Curtain

Here are summaries from the several outlets reporting on this item. The headline from CNN is a culmination of worry from many who work in cybersecurity. Hackers and activists are trying to break through Putin’s digital iron curtain after Russia shut down Twitter and Facebook in the country. According to a report from The Guardian, Ukraine’s cyber-response to the Russian invasion has been bolstered by hackers organizing on the Telegram messaging app under the IT Army of Ukraine banner. In the meantime, amateur hackers are being warned of joining Ukraine’s “IT army” amid fears that activists could break the law or launch attacks that spiral out of control. More than 300,000 people have signed up to the group, including members outside Ukraine. Western officials said they would “strongly discourage” joining the group and participating in hacking activity against Russia.”

Ukraine’s cyber-offensive has had particular success with distributed denial of service (DDoS) attacks, in which websites are rendered unreachable by being bombarded with traffic. Russian government websites, including the Kremlin and the Duma, have been targeted in this way and Russia Today, the state-media-owned news service.

Anonymous, a hacking collective, has also claimed credit for DDoS attacks. Speaking of the Anonymous hacking collective, the GTSC Homeland Security newsletter says that the group has recently vowed to accelerate the cyberwar they declared on Russia last week. The goal, they say, is to paralyze the Russian government “by any means necessary.”

Experts and some officials are trying to warn people off from participating in any group actions such as a “cyber war.” They remind would-be joiners that cyber-attacks from the US or the UK break several laws in those countries, such as the Computer Fraud and Abuse Act in the US and the computer misuse act in the UK. “Whilst I totally understand the sentiment behind the actions of many in this IT army, two wrongs do not make a right. Not only might it be illegal but it runs the risk of playing into Putin’s hands by enabling him to talk about ‘attacks from the west’,” said Alan Woodward, a professor of cybersecurity at Surrey University.

And as reported by CNBC, cyberattacks worldwide are on the rise as hackers use the Russia-Ukraine war as a distraction. Incidents involving almost every kind of cybercrime have been on the rise since the war in Ukraine started. While many people look to nation-state actors as the primary drivers, threat actors take advantage of the distraction, ramping up their activities and extorting money from more and more victims.

Yet, celebrities like Arnold Schwarzenegger are applauding the effort, according to a story in The Mercury News. From the activist perspective, they are desperate to advance an information campaign to bring the truth to the Russian people about the war in Ukraine. “I love the Russian people. That is why I have to tell you the truth,” posted Schwarzenegger yesterday on Twitter.

Russian Government Websites Face ‘Unprecedented’ Wave of Hacking Attacks

Washington Post: Russian government websites and state-run media face an “unprecedented” wave of hacking attacks, the government said Thursday, prompting regulators to filter traffic coming abroad. The Ministry of Digital Development and Communications said the attacks were at least twice as powerful as any previous ones. It did not elaborate on what filtering measures had been implemented, but this has often meant barring Russian government websites to users abroad in the past. Wednesday evening, the Russian Emergency Situations Ministry website was defaced by hackers, who altered its content. Notably, the hack replaced the department hotline with a number for Russian soldiers to call if they want to defect from the army — under the title “Come back from Ukraine alive.”

Ransomware Hackers Used AI Images, Microsoft Flaw in Campaign

Bloomberg: A group of ransomware hackers used various techniques to try breaching hundreds of companies last year, exploiting a vulnerability in Microsoft Corp.’s Windows and using artificial intelligence technology to create fake LinkedIn profiles, Alphabet Inc.’s Google found.

In research published Thursday, the group, which Google refers to as Exotic Lily, is known as an initial access broker. Such groups specialize at breaking into corporate computer networks and then providing that access to other cybercriminal syndicates that deploy malware that locks computers and demands a ransom.

The findings help illuminate the ransomware-as-a-service model, a cybercriminal business strategy in which different hacking groups pool their resources to extort victims then split the proceeds. The Exotic Lily group sent over 5,000 malicious emails a day, Google observed, to as many as 650 organizations worldwide, often leveraging a flaw in MSHTML, a proprietary browser engine for Windows. Microsoft issued a security fix for the Windows vulnerability in late 2021. Google did not identify victims by name.

Hackers Are Dodging Multi-Factor Authentication

ZD Net: Russian state-sponsored hackers have used a clever technique to disable multi-factor authentication (MFA) and exploit a Windows 10 printer spooler flaw to compromise networks and high-value domain accounts. The goal? Accessing the victim’s cloud and email.

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about Russian state-sponsored activity that pre-dates recent warnings over cyber activity related to Russia’s military invasion of Ukraine. As early as May 2021, the hackers combined a default configuration issue in a Duo MFA setup at one organization with the critical Windows 10 PrintNightmare flaw CVE-2021-34481 to compromise it. Microsoft patched that elevation of privilege issue in August.

In one case, an organization allowed weak passwords, which were subsequently hacked using a typical password-guessing attack to gain the credentials for initial access. The attackers also used the fact that Duo MFA’s default configuration setting allows the enrollment of a new device for dormant accounts.

Hacktivists, Gangs, And Cyber Ops Locked in A Hybrid War

The Cyber Wire and other outlets note that cyber operations in this hybrid war have failed to develop into the catastrophes that seemed well within Russian capabilities. The US Cybersecurity and Infrastructure Security Agency (CISA) and its FBI partners have continued to update the guidance they’ve issued on the wiper malware observed in sporadic use against Ukrainian targets. The Globe and Mail reports that Canadian authorities offer comparable advice to their country’s own businesses. Yet, in 2016 and 2017 attacks on sections of the Ukrainian power grid, Russia had shown the ability to mount large-scale and destructive operations against its neighbor. But so far, the cyber war has been limited to relatively confined wiper attacks (cyberattacks that wipe out digital device memory) and influence operations with disinformation. The Washington Post describes the relatively quiet cyber front, noting that the situation could change at any time.

In Case You Missed It

Third-Party ICSA Testing – Perfect Score Number 4

SonicWall Capture ATP with RTDMI identified all malicious samples with no false positives — four times in a row.

As those in the cybersecurity industry know, ICSA doesn’t grade on a curve: testing rounds with no perfect scores are common, and the standards are both objective and unforgiving. It’s highly unusual for any vendor solution to identify 100% of malicious threats without flagging a single benign sample.

So when SonicWall’s Capture Advanced Threat Protection (ATP) with patented Real-Time Deep Memory Inspection (RTDMI)™ did just that in Q1 2021, it was quite the accomplishment.

Then we did the same thing in Q2, Q3 and Q4, becoming the first cybersecurity vendor in history to earn four consecutive perfect scores in Standard ICSA Labs Advanced Threat Defense (ATD) testing.

How ICSA Testing Works

Standard ICSA Labs Advanced Threat Defense (ATD) testing is designed with vendor solutions in mind, and helps determine new threats traditional security products do not detect. Eligible security vendors are tested quarterly for a minimum of three weeks. During that time, the ICSA Labs subjects advanced threat defense solutions to hundreds of test runs. The test set is comprised of a mixture of new threats, little-known threats and innocuous applications and activities.

Q4 2021’s testing cycle was particularly rigorous. Over 32 days of continuous testing, a SonicWall NSa 3600 NGFW with Capture ATP was subjected to 1,625 total test runs. During this time, SonicWall Capture ATP detected all 801 of the malicious samples, including the 432 threats that were four hours old or less. The testing also included 824 innocuous apps — none of which were improperly categorized as malicious by Capture ATP.

As a result, SonicWall received the highest ranking in this category, concluding a full year of perfect scores and eight consecutive ICSA certifications for SonicWall Capture ATP.

Capture ATP: Superior Threat Detection

Third-party testing cycles like these become even more important as cyberattacks become increasingly sophisticated and stealthy. The introduction of state-sponsored attacks in particular has changed the game, and what used to be no more than a hobby or a source of secondary income has turned into a full-time job. As a result, we are seeing a slew of complex and refined never-before-seen attacks that are capable of passing through the defenses of many organizations.

This highlights two tenets of modern cybersecurity:  the importance of sandboxing technology for a security vendor and the fact that not all technologies are created equally.

SonicWall Capture ATP — a cloud-based service available with SonicWall firewalls — detects and can block advanced threats at the gateway until verdict. This service is the only advanced threat-detection offering that combines multi-layer sandboxing (including SonicWall’s RTDMI™ technology), full-system emulation and virtualization techniques in order to analyze suspicious code behavior.

A graph showing the results of malware variants found by SonicWall Capture ATP

This combination allows Capture ATP to detect more threats than single-engine sandbox solutions, which are compute-environment specific and susceptible to evasion. And because it incorporates AI and machine learning technologies, it’s constantly becoming more effective.

For example, 141,390 never-before-seen malware variants were recorded in Q4 2021 — more than any quarter on record. A total of 442,151 total never-before-seen malware variants was identified in 2021, a 65% increase over 2020’s count and an average of 1,211 per day.

The full ICSA Labs report can be downloaded here. To learn more about SonicWall Capture ATP with RTDMI, visit our website.


Cybersecurity News & Trends

Reports on new attacks have dropped off a bit, but the 2022 SonicWall Cyber Threat Report continues to appear in many general and vertical business journals. Meanwhile, in industry news, the SEC is pushing out updated rules to improve cybersecurity transparency among public entities in the general news. Ubisoft and Samsung says they were hacked. In Ubisoft’s case, player information is safe, but Samsung saw thousands of employee credentials released to the dark web and hackers now have the algorithms they need to unlock Samsung biometric security measures. Plus, a vulnerability was found in APC uninterruptible power supplies used by networks and data centers worldwide. Two new surveys reveal weaknesses in cybersecurity that stem from human behavior: security teams react too slowly, and most companies say that they’d rather wrestle with their security bugs quietly than have ethical hacking reveal all.

SonicWall News

SonicWall Cyber Threat Report highlights that ransomware attacks doubled in 2021

Continuity Central: SonicWall has released its 2022 Cyber Threat Report. This report details a sustained surge in ransomware with 623.3 million attacks globally. Additionally, nearly all monitored threats, cyber-attacks and malicious digital assaults rose in 2021, including ransomware, encrypted threats, IoT malware, and cryptojacking.

SonicWall Threat Intelligence Confirms 981% Increase of Ransomware Attacks in India

EleTimes (India): SonicWall, the publisher of the world’s most quoted ransomware threat intelligence, today released the 2022 SonicWall Cyber Threat Report. The bi-annual report details a sustained meteoric rise in ransomware with 623.3 million attacks globally. Nearly all monitored threats, cyberattacks and malicious digital assaults rose in 2021, including ransomware, encrypted threats, IoT malware and cryptojacking.

Ransomware, threats, IoT malware, cryptojacking on the rise

IT Brief (Australia): There has been a sustained meteoric rise in ransomware in 2021, with 623.3 million attacks globally, according to new research from SonicWall. The bi-annual 2022 SonicWall Cyber Threat Report showed nearly all monitored threats, cyberattacks and malicious digital assaults rose in 2021, including ransomware, encrypted threats, IoT malware and cryptojacking.

Navigate the unknowns of tomorrow in this must-read report for CISOs, CTOs, and CIOs

IT Wire: What a year. On top of the global pandemic, 2021 brought us 623.3 million ransomware attacks, 60.1 million IoT attacks, 97.1 million cryptojacking attacks, and much more. So much happened that SonicWall viewed 2021 as a turning point in the war on ransomware with increasing recognition from businesses and governments. SonicWall found the number of CEOs who said cybersecurity risks were the biggest threat to short-term growth nearly doubled. In addition, Australia, the United States, Japan, Germany, and other countries passed measures strengthening national cybersecurity.

Officials tighten cybersecurity measures amid potential threats from Russia

News12 Bronx: Ransomware attacks were up 92% last year, according to the 2022 Cyber Threat Report from Sonic Wall, a leading cybersecurity firm. The Colonial Pipeline, Hackensack Meridian Health and the world’s largest meat processing company, KBS, are just some of the corporations that had their files stolen or encrypted and held for ransom, often by cyber-gangs based in Russia.

Report: Ransomware attacks on networks soared in 2021

CSCMP Supply Chain Quarterly: Business leaders are worried about the growing volume of malicious attacks on IT networks, and are especially concerned about supply chain vulnerability in 2022, according to a report from cybersecurity firm SonicWall, released this month. The company’s 2022 Cyber Threat Report tracked a 232% increase in ransomware globally since 2019 and a 105% increase from 2020 to 2021. Ransomware is malware that uses encryption to hold a person or organization’s data captive, so they cannot access files, databases, or applications. According to the report, such attacks were up 98% in the United States last year and 227% in the United Kingdom.

Industry News

The SEC Makes Its Move to Improve Cybersecurity Transparency

In January, SEC Chair Gary Gensler discussed cybersecurity in securities laws with his remarks before the Northwestern Pritzker School of Law’s Annual Securities Regulation Institute. See this Cooly PubCo posting. Gensler said that cyberattacks could have a substantial economic impact on the economy which includes malware, ransomware, denial-of-service, business email compromises and other attacks. Gensler also stated that cyberattacks are a national security problem and reminds us that “cybersecurity is a team sport” with the private sector often at the front lines. The New York Times reported that this has been particularly true in the recent weeks, when “the war in Ukraine stress-tests the system.” According to Renee Jones, Corp Fin Director, today’s events are more severe than ever, escalating cybersecurity risks affecting almost all reporting companies. The SEC’s concerns about cybersecurity disclosure are not new. This week, they released proposed rule changes. If enacted as law, the rules would require up-to-date disclosures about material cybersecurity incidents and tighter reporting on policies, management activity, and company in-house expertise in cybersecurity. Harvard Law School released an assessment about the proposed rule changes, which is recommended reading for managers of public entities.

Ubisoft says it experienced a ‘cyber security incident’

The Verge: Ubisoft, a major game company based in France, says that it experienced a “cyber security incident” last week that temporarily disrupted some games, systems, and services, the company reported Thursday. Ubisoft said it believes that “at this time there is no evidence any player personal information was accessed or exposed as a by-product of this incident” and says that games and services are now “functioning normally.” Out of caution, the company also “initiated a company-wide password reset.”

Vulnerabilities found in APC power supplies is a warning to ServiceNow administrators

IT World (Canada): Security professionals don’t believe hackers could use an uninterruptible power supply box to bridge a threat to a connected network. The fact is anything connected to the internet can pose a threat. According to this report, three critical firmware flaws were discovered in APC Smart-UPS devices. Security researchers at Armis say cyber attackers could exploit the flaws and damage sensitive devices, such as critical industrial or medical equipment. The bugs, the report says, could be used to hack into corporate IT networks to install malware. Schneider Electric, the manufacturer of APC lines, has developed a patch that administrators must install quickly. According to this report, the ServiceNow platform for IT support is not correctly locking down their systems. A security researcher at AppOmni reported that nearly 70% of ServiceNow instances tested were not correctly configured.

Samsung confirms data breach after hackers leak internal source code

Tech Crunch: Samsung has confirmed that there was a security breach. Hackers obtained nearly 200 gigabytes (including source code) of sensitive data. These include algorithms and technologies for biometric unlocking operations. Lapsus$ hackers – who also infiltrated Nvidia and then published thousands of employee credentials online – claimed responsibility for the breach. The hackers also claimed to have obtained source code from Samsung’s TrustZone environment where Samsung phones perform sensitive operations and maintain algorithms for unlocking biometric security measures.

Security Teams Prep Too Slowly for Cyberattacks

Dark Reading: Attackers often exploit new vulnerabilities in days or weeks. However, defenders take a long time to discover and act on critical issues. According to a new report, it takes defenders 96 days to identify and block cyber threats. Cyber Workforce Benchmark 2022 found that cybersecurity professionals are more inclined to concentrate on security issues that have received media attention, like Log4j, rather than less important ones. Additionally, the report showed that different industries achieve their security capabilities at very different rates. For example, security professionals working in the entertainment, leisure, and retail sectors are usually twice as fast responding to cyber threats as their counterparts in critical sectors such as transport and vital infrastructure. CISA states that security professionals should apply patches within 15 days. However, if the vulnerability is being exploited, it’s better to do so sooner.

Most Orgs Prefer Security Bugs Over Ethical Hackers

Threat Post: New research suggests that organizations are increasingly concerned about security, but they still rely on “security by obscurity.” According to HackerOne’s recent survey data, 65% of surveyed companies said they want to be considered infallible to their customer base. However, 64% said they have a culture that values security by obscurity. In other words, they’d rather wrestle with their security bugs in secret rather than have ethical hackers reveal all their security problems to the public.

In Case You Missed It

Understanding the MITRE ATT&CK Framework and Evaluations – Part 1

MITRE ATT&CK helps security teams across industries secure their organizations against known and emerging threats. Here’s how it works — and how it can help you.

The world as we know it is changing around us. The pandemic has acted as a major driver for digital adoption, and the need to increase the risk barrier has kept security teams on their toes. As traditional security techniques and methods evolve, there is a need to re-evaluate the way we think about detecting and reacting to a security incident.

At SonicWall, we are enthusiastic supporters of the work on the MITRE Engenuity ATT&CK framework, which seeks to define and continually expand a common cybersecurity language that describes how adversaries operate. This matters to you because ATT&CK Evaluations are both a unifier and a force multiplier for the people on security’s front line.

What Is the ATT&CK Framework?

The cyber adversaries we deal with today exhibit complex behaviors while trying to evade the defenses we have implemented. They develop increasingly sophisticated methodologies and approaches to achieve their objectives. They weave legitimate and atypical behaviors into different attack tapestries. And they all know what they’re after.

ATT&CK stands for Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK). MITRE Engenuity ATT&CK is a globally accessible knowledge base of cybercriminal behavior based on real-world observations. Its purpose is to be a common language whose components are used in endless combinations to describe how threat actors operate.

Consider this generic example for an attack methodology targeting exfiltration:

represent the “why” of an ATT&CK technique or sub-technique. We can describe the attack methodology as employing five Tactics — step 1: initial access through to step 5: exfiltration. The MITRE Engenuity ATT&CK framework currently consists of 14 tactics as seen in the Enterprise navigator tool.

The second key concept is the Techniques or Sub-Techniques employed within each tactical phase. For example, to achieve initial access, the adversary may send a phishing email with a link to a compromised website that takes advantage of an unpatched browser flaw. The ATT&CK framework currently consists of 200+ techniques and sub-techniques organized under the 14 tactics.

Procedures are the specific ways the adversary implements the techniques or sub-techniques. For example, a procedure could be an adversary using PowerShell to inject into lsass.exe to dump credentials by scraping LSASS memory on a victim. Procedures are categorized in ATT&CK as the observed-in-the-wild use of techniques. The ATT&CK framework has a documented list of 129 threat actor groups that cover a very broad set of procedures (using software or otherwise).

For more details, we recommend you take the guided tour from the ATT&CK website.

Why Do MITRE Engenuity ATT&CK Evaluations Matter?

MITRE Engenuity ATT&CK Evaluations emulations are constructed to mimic an adversary’s known TTPs. The emulations are conducted in a controlled lab environment to determine each participating vendor’s product efficacy. The aim is to put together a complete, logical attack simulation that moves through all the stages of a comprehensive, successful attack — from initial compromise to persistence, lateral movement, data exfiltration and so on.

Doing so offers three main benefits:

  1. We gain insight into the adversary’s game plan in terms of combinations of tactics and techniques.
  2. We can clearly communicate the exact nature of a threat and respond faster with greater insight.
  3. When we understand who our typical adversaries are and how they attack us, we can proactively design defenses to blunt them.

MITRE Engenuity points out that it is a “mid-level adversary model,” meaning that it is not too generalized and not too specific. High-level models like the Lockheed Martin Cyber Kill Chain illustrate adversary goals, but aren’t specific about how the goals are achieved. Conversely, exploit and malware databases specifically define IoC “jigsaw pieces” in a giant puzzle but aren’t necessarily connected to how the bad guys use them, nor do they typically identify who the bad guys are.


ATT&CK Evaluations focus on how detections occurred as each test moves through its steps. In its evaluation guide, MITRE Engenuity points out that not every detection is of the same quality. It’s pretty clear that, while a “Telemetry” detection is minimally processed data related to an adversary behavior, a “Technique” detection sits at the other end of the quality spectrum — it’s information-rich and orients the analyst at a glance. Consistent technique-driven detections are ideal for organizations that want more out of their tools.

In general, vendor tools ideally should automate real-time context creation related to adversary moves and bubble that up into the tool with as few alerts as possible. The more Techniques a tool can automatically provide and then aggregate into single incident alerts, the more the tool is automating the security function. This is critical for driving mean time to respond to as close to zero as possible.

In Part 2, we’ll take a look at the value the ATT&CK framework delivers to security leaders and decision-makers, and how SonicWall’s Capture Client powered by SentinelOne’s technology delivers capabilities that epitomize the ATT&CK framework. 

BEC Attacks: Inside a $26 Billion Scam

A new Osterman Research study explores why Business Email Compromise (BEC) attacks are more financially devastating than ransomware — and how they can be stopped.

Why would cybercriminals employ obfuscation tools, launch multi-stage cyberattacks, encrypt endpoints and haggle over ransom amounts … when they could just ask for the money? This is the concept behind Business Email Compromise (BEC) attacks — a type of cyberattack that has grown dramatically over the past few years.

The U.S. federal government’s Internet Complaint Center (IC3), which has been tracking these attacks since 2013, has dubbed BEC attacks the “$26 billion scam” — though this moniker is likely out of date due to escalating attack volumes and increased reliance on email throughout the pandemic.

And though high-profile ransomware attacks continue to dominate headlines, far more money is lost to BEC attacks. For example, in 2020, BEC attacks accounted for $1.8 billion in the U.S. alone, and an estimated 40% of cybercrime losses globally.

The Anatomy of a BEC Attack

While they’re considered a type of phishing attack, BEC attacks don’t rely on malicious code or links. Instead, they let social engineering do the heavy lifting. These attacks specifically target organizations that perform legitimate transfer-of-funds requests, and almost exclusively appeal to seniority to secure compliance.

According to the Osterman white paper sponsored by SonicWall, “How to Deal with Business Email Compromise,” BEC threat actors create email addresses that mimic those used by senior executives, use free services such as Gmail to create email addresses that appear to be an executive’s personal account, or, less commonly, gain access to executives’ actual corporate email accounts using phishing attacks or other means.

Image describing phishing

Above is a BEC email I’ve received. Note the appeal to authority — the message appears to come from SonicWall’s CEO, despite originating from an outside address — as well as the sense of urgency throughout. This is a rather clunky example; many of these emails are much more sophisticated in both language and execution.

Once the attacker has a plausible email account from which to operate, they use social engineering tactics to request the target either divert payment on a valid invoice to the criminal’s bank account, solicit payment via fake invoice or divert company payroll to a fraudulent bank account.

Since these attacks appeal to a sense of urgency and appear to come from a CEO, CFO or someone else in charge, many targets are eager to comply with the requests as quickly as possible. Once they do, the company is out a large sum of money, and the cybercriminal celebrates another payday.

How Common are BEC attacks?

BEC attacks have been recorded in every state in the U.S., as well as 177 countries around the world. Based on the latest report from IC3, nearly 20,000 of these attacks were reported in 2020 alone — likely an undercount, given that Osterman’s research found that four out of five organizations were targeted by at least one BEC attack in 2021. For mid-sized businesses (those with 500-2,500 email users), that number rose to nine out of 10.

Worse, almost 60% of the organizations surveyed reported being the victims of a successful or almost successful BEC attack. For those who were successfully targeted, the costs were significant: a combination of direct costs and indirect costs brought the total financial impact of a successful BEC incident to $114,762. Unfortunately, the direct costs, while significant for an individual organization, are often too small to trigger help from law enforcement agencies and insurance companies.

BEC Attacks Can Be Stopped (But Probably Not in the Way You Think.)

Many other attacks rely on malicious links and code, which can be spotted by anti-malware solutions and secure email gateways. But the sort of social engineering tactics used in BEC attacks — particularly those from a legitimate email address — often cannot be caught by these solutions.

Even so, while three-quarters of respondents say that protecting against these attacks is important to them, many are still depending primarily on technologies that were never designed to stop BEC attacks.

There’s not a lot you can do to prevent being among the 80% (and growing) of companies targeted by BEC attacks each year, but there’s plenty of other things you can do to safeguard your organization’s finances. But they all fall under three primary pillars: People, Process and Technology.

Technology is your first line of defense against BEC attacks. Many solutions claim the ability to combat BEC attacks, but their effectiveness varies widely. For best protection, look for one that will both block BEC attacks and guide employees.

Notice in the example above how there’s an alert warning that the email originated from outside the organization? While simple, these sorts of alerts can make the difference between a BEC attempt that’s ultimately successful, and one that’s scrutinized and deleted upon receipt.

Particularly in companies that are still relying on traditional technology protections, employee training an indispensable backup protection. Employees should be coached to look for spoofed email addresses, uncharacteristic grammar and syntax, and an unusual sense of urgency.

In the case of particularly sophisticated attempts, processes should be in place in case a BEC attempt makes it into the inbox and isn’t identified by the recipient as suspect. Policies such as a multi-person review of requests to change bank account details or mandated out-of-band confirmations are often successful as a last line of defense against BEC.