SonicWall Empowers Partners with MDR and SOCaaS

/0 Comments/in , /by

The cybersecurity landscape has never been more complex. As threats grow in number and sophistication, budgets and headcount can’t keep up. In response, many IT teams have turned to managed services for their cybersecurity needs — so much so that by the end of 2023, an estimated 41% of SMB cybersecurity spend will be allocated to managed service and system integrators, up from 35% in 2020.

But these MSPs (Managed Service Providers) and MSSPs (Managed Security Service Providers) are often facing the same challenges as their clients: they lack a team of dedicated threat analysts and researchers to help manage and respond to the never-ending stream of security alerts from disparate point solutions.

To effectively bridge these gaps, SonicWall’s global network of MSPs, MSSPs and other channel partners must move from a network of unmanaged point products to a seamless platform of managed security solutions. That’s why we’re pleased to announce we’ve acquired Solutions Granted, Inc., a top MSSP based in the United States — a move that will add several key technologies to the SonicWall portfolio, including Managed Detection and Response (MDR), Security Operations Center as a Service (SOCaaS) and other managed services.

Meet Solutions Granted

Since its inception, Solutions Granted has worked with SonicWall to deliver best-in-class cybersecurity to MSPs. The company has spent the past 18 years focusing on its open ecosystem, solving alert fatigue and empowering MSPs to better secure small- and medium-sized businesses (SMBs).

Solutions Granted currently delivers world-class managed security services to MSPs throughout North America, including thousands of channel partners serving SMBs. Based on the strength of its services and support, the company has emerged as a clear leader in the security space, winning countless awards including the CRN Security 100 list (2018-2021), Top Global MSSP List (2018-2021), and Blackberry Cylance MSSP Partner of the Year (2018, 2019, 2021).

We are excited to welcome the expertise of the Solutions Granted team, particularly their CEO Michael Crean. Crean will assume a critical leadership role, advising on the ongoing process of seamlessly integrating Solutions Granted services with our products and partner offerings.

Crean is a 20-year veteran of the channel who has built a career characterized by a passion for enabling the MSP community on practical approaches to cybersecurity.

His vision of bridging the gap between information technology and security — and his commitment to providing solutions tailored to customers’ business goals, ecosystem and compliance standards — pushed Solutions Granted to quick and enduring success.

New Solutions and Services

Solutions Granted will augment partners’ managed service portfolio by extending new core offerings:

MDR for Endpoint: Comprehensive service that includes 24×7 threat monitoring, threat hunting and detection/response to all types of threats from many different points of entry

MDR for Cloud: 24×7 protection from advanced phishing and SaaS threats that make it past Microsoft 365 and Google Workspace’s defenses

SOCaaS (Managed SIEM): Centralized log management service unifying disparate security alerts and logs, designed to aid with threat investigations and compliance

Vulnerability Management: Network discovery and vulnerability management solution that identifies and prioritizes risk to your attack surface.

These services represent natural add-ons for MSPs looking to better meet customers’ evolving security and regulatory requirements. Solutions Granted services are already integrated into existing SonicWall offerings, such as firewalls and SMA (Secure Mobile Access) series, and there are other exciting developments on the horizon — including an MDR solution leveraging SonicWall Capture Client.

Benefits to You, Our Partners, MSPs and End Users

The initial acquisition of Solutions Granted was driven by an increase in partner requests for these services — and our partners will remain at the heart of SonicWall’s strategic plans going forward. Solutions Granted’s customers are many of the partners we do business with today, and this move will help them expand their business, deliver a more complete service offering, and provide advanced tools and talent as a service.

In addition to nearly half a century of combined cybersecurity expertise, SonicWall and Solutions Granted partners will benefit from a streamlined approach for managing security across customer environments, all through the same MSP-friendly unified console they’re accustomed to. And by bringing SonicWall and Solutions Granted technologies together, partners will enjoy an even greater ease of doing business.

Forging Toward the Future Together

Over time, SonicWall and Solutions Granted offerings will become as synonymous and seamless as the products contained within their portfolio. And this portfolio will continue to grow as we harness the power of superior threat intelligence to develop a unified cybersecurity platform meeting the evolving needs of service providers.

To bring this vision to life, SonicWall will leverage internal development, acquisitions and strategic partnerships to constantly innovate and deliver cutting-edge defense capabilities to keep pace with the ever-changing threat landscape.

But above all, this represents a continuation of SonicWall’s renewed commitment to its partners — one that started over a year ago with the adoption of our “outside-in” strategy and has continued with the launch of our SecureFirst Partner Program. As this journey continues, we will empower our valued partner community with cost-effective threat defense services, industry expertise and innovative technology.

Learn more about becoming a partner, or register for our live webinar hosted by Bob VanKirk and Michael Crean to get more details on this important milestone.

 

Cybersecurity Awareness Month: Recognizing Phishing Attacks

/0 Comments/in , /by

October brings to mind three things: busting out the fall wardrobe, Halloween and, last but not least, cybersecurity awareness. If you read that list and thought to yourself, “Cybersecurity awareness? Not me!” then congratulations, you are our target audience.

In conjunction with the U.S. Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance (NCA), SonicWall is participating in Cybersecurity Awareness Month this October to spread awareness about key issues in cybersecurity.

In our last blog, we mentioned that while password hygiene and multifactor authentication are both crucial, they can be easily foiled by a successful phishing attack. Today, we’re going to cover the basics of recognizing phishing attempts and what to do if you spot one.

Phishing Frenzy

Phishing attacks are not a new phenomenon. They’ve been a favorite attack vectors of cybercriminals across the board for many years now. But every time cybersecurity tools get better at spotting them, they get better at hiding. That’s why knowing how to recognize phishing is more important than ever.

How to Spot a Phishing Attack

Hackers or scammers will often use emails or text messages to try and steal your login credentials, account numbers or even Social Security numbers. Once they have the information they want in hand, they can perform a multitude of nefarious deeds, such as accessing your email account or stealing money from your bank account. They may even be using you to access an organization you’re a part of, such as your workplace.

These cybercriminals are constantly updating their tactics to keep up with the latest news and trends, but they often exhibit some common characteristics that you can spot to avoid being their next victim.

These include the types of email or message phishers like to use. They’ll often be posing as your bank or a credit card company. It could be an email that looks like it’s from a coworker or your boss.

Oftentimes, these messages will say something like:

  • There’s been some suspicious activity with your account, and they need you to log in to verify.
  • You’ve missed an important payment or deadline and direct you to a link to rectify the situation.
  • You need to confirm some sort of personal information, like your Social Security number.
  • You must download an attachment or document, or login to your work email.

While some phishing emails have definite “tells,” the messages can also look quite convincing. They may look similar to emails you’ve received from real organizations in the past, even going so far as to use the official logo of the company in the header or a clone of it.

Some telltale signs of a phishing email include:

  • The message uses a generic greeting such as “Hello user” or “Hi dear.”
  • The message asks you to click on a link to update your payment details.

While real companies will sometimes communicate through email or text message, they will never email or text you asking for important financial or personal information.

What to Do When You Spot A Phishing Attack

If you receive a suspicious email or message that matches some of the criteria above, always leave the email or message and go to the company’s website directly to contact someone. (The links and numbers in phishing messages will always direct you back to the phisher themselves.)

By going to the company’s official website or calling their official phone number, you can ensure that you’re speaking with someone at the actual company and not a cybercriminal.

If you receive a suspicious email at work, you should report it to IT so they can be aware someone may be trying to infiltrate the company. If you received it in your personal email, you can forward the email to the Anti-Phishing Working Group at reportphishing@apwg.org. Suspected phishing via text message can be forwarded to SPAM (7726).

Protecting Yourself from Phishing

While phishing attempts can be scary, there are a number of tools and strategies that can help protect you and your organization. You can:

Taking just a few steps towards protecting your important information and accounts could be the difference in staying protected or becoming a victim of phishing.

Further Learning

While we’ve covered the basics, the more you learn about phishing, the better protected you’ll be. You can watch our School of Phish webinar series on-demand and learn about the different ways our cybersecurity experts handle real-world phishing incidents.

If you feel like you’re prepared to spot some phishing attacks, you can test your mettle against our phishing quiz, which will gauge your ability to identify phishing emails.

Better Together: The Role of Women in Securing Our World

/0 Comments/in /by

During a fireside chat last fall, Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly summed up the forward-looking stance that’s come to characterize her tenure. “We need to look at the possible,” she told audience members. “We’re all in this together.”

This philosophy of togetherness is what underpins the events of Cybersecurity Awareness Month each October. Every year, government agencies and the cybersecurity community come together to encourage individuals to play a more active role in keeping every aspect of our digital lives safe.

But this year’s Cybersecurity Awareness Month has been a true inspiration — and not just because it’s the 20th anniversary year. This October CISA also announced its new, enduring cybersecurity awareness program, “Secure Our World.” This exciting initiative was designed to encourage greater cyber-awareness across the U.S. by sharing ways that individuals, families, and small- and medium-sized businesses can minimize threats to our online universe.

With Secure Our World, Easterly and her team have done an amazing job of distilling a highly complex set of concepts into a powerful, bite-sized story. Some of the messages may be a bit oversimplified for those with working knowledge of cybersecurity, but given how uncommon this sort of knowledge still is, it’s definitely a step in the right direction.

Information security has been designated a government-wide high-risk area since 1997, and the federal government has focused on protecting critical cyber infrastructure since 2003. At no point in the 20 years since then has there been such a concerted and ongoing effort, globally or across the United States, to educate everyone about the importance of cybersecurity and our role in keeping our lives, and our families’ lives, secure. Dare I say it took a woman at the helm of CISA to help tell that story?

This sort of unique perspective is one of the reasons why it’s important to encourage women to enter the cybersecurity field. Today, the industry is only 25% female. And while that’s up dramatically from the 10% in 2013, women are still highly underrepresented.

This is unfortunate not just because women can bring so much to the cybersecurity community, but also because cybersecurity can offer such a fulfilling and enjoyable career. It certainly has been for me: I got my start with the Sourcefire marketing team, just after they were acquired by Cisco. The team — including then-CMO Marc Solomon, CP Morey, Jennifer Leggio and the company’s badass threat research team — welcomed me in.

While cybersecurity has its ups and downs like any industry, it’s been more than a dozen incredibly educational and rewarding years, and I’ve never looked back. Now that I’ve joined the team here at SonicWall, I’m super excited to bring my industry knowledge to a company with a rich history spanning decades. I joined SonicWall because of its phenomenal culture and established place in the cybersecurity industry, and because of its loyal partners.

I wholeheartedly agree with SonicWall’s vision. SonicWall is elevating its game, both in terms of empowering our partners and in upleveling our product and solution offerings. I’m excited for the chance to do my part to help further that journey.

It isn’t just a pivotal time for SonicWall, though. It’s a pivotal moment for cybersecurity in general. My work in cybersecurity has opened my eyes to so many dangers that a lot of people don’t even think about — and these risks are growing and expanding to some unexpected places.

I have a five-year-old and, unlike many of their friends, they don’t have a tablet. This might sound extreme, but I believe that if you leave online connected devices anywhere in your house, you’re basically letting a stranger into your home. From baby monitors that can be hacked to allow strangers to watch your children, to (often poorly secured) devices that track things like biometric data and the layout of your home, you can never be sure who’s watching what — or what they’ll do with the info they have.

This lack of visibility is just one of the reasons that initiatives like Secure Our World are so important. While there are so many benefits to the online world, risks abound. As end users, as employees, as parents — as citizens — we have to be more diligent about how we go about our digital lives. We can’t afford to see cybersecurity as “something tech workers do.” It must become something that all of us do.

That’s why, as a woman working in cybersecurity, I’m so excited to see what the future of CISA’s awareness initiatives holds. If this program someday becomes as well-known as, say, “Click It or Ticket” or “Safe to Sleep,” imagine how much more informed and safer the world could be!

National Cybersecurity Awareness Month: Turn On Your MFA

/0 Comments/in , /by

In “Star Trek: The Next Generation,” Jean-Luc Picard famously said, “It is possible to commit no mistakes and still lose.” This applies to many things, including passwords: Even if you follow all the established best practices for password hygiene, your credentials can still be compromised if your network is breached, if an organization you deal with is breached, or through social engineering.

But despite Picard’s reassurances, where your network is concerned, this is a weakness. The market for stolen credentials is huge and growing, and it’s estimated that almost half of breaches in 2022 began with stolen credentials. Fortunately, this weakness is one that can be largely mitigated through the implementation of multifactor authentication (MFA).

What is Multifactor Authentication?

Multifactor authentication creates a higher threshold for identity verification. The name comes from the fact that users are required to provide multiple pieces of evidence, or “factors,” that they are who they say they are before being given access to an account.

These factors can be sorted into three categories, from least secure to most secure:

  • Something you know: A password, passcode or PIN
  • Something you have: An email, a confirmation text on your phone or an alert from your authentication app
  • Something you are: A facial recognition scan, retina scan, fingerprint or other biometric marker

While multifactor authentication asks for at least two of these, standard authentication only asks for first-category verification, generally a username and password. But these are by far the easiest for threat actors to steal, purchase or brute-force. By requiring another layer of security more specific to the user, multifactor authentication can stop the overwhelming majority of attacks.

Despite its effectiveness, however, a recent survey found that over half of small- to medium-sized businesses haven’t implemented multifactor authentication for their business. Worse, only 28% of SMBs require MFA to be set up.

Are You Ready to Take the Next Step?

Multifactor authentication is a valuable tool in helping keep your accounts — and your network — safe. But how effectively it does this depends on how well it’s implemented. While CISA and others have released more in-depth guidance for moving to MFA, there are some best practices that can help ensure your MFA journey is as smooth as possible.

  1. Make MFA a must for your entire organization. Mandating MFA to protect top executives, R&D or finance alone won’t do much good if someone in marketing, customer service or HR falls for a phish.
  2. Choose an authenticator app over receiving codes via text where possible. SIM-jacking is uncommon, but it does happen. Plus, this will cover you in cases where your cellular signal is weak or nonexistent.
  3. Be flexible about the implementation method. Allowing verification via authentication app, email or SMS messaging, based on whatever is most convenient to the end user, will help encourage uptake. While some authentication methods are safer than others, any MFA is better than no MFA.
  4. Check the web services you log into frequently. A growing list of services, such as Gmail, Facebook and others, offer MFA as an option.
  5. Many of the popular password managers also include MFA (in case you needed yet another reason to start using a password manager.)
  6. Set up passwords/passcodes on your laptop and mobile devices (if you haven’t already). Multifactor authentication can help prevent the vast majority of breaches, but you shouldn’t depend on it as a guarantee: Unless you’ve set up a biometric factor, it can’t do much if someone gains possession of your devices, particularly if your browser or operating system stores your usernames and passwords.

It’s important to note, however, that while multifactor authentication can go a long way toward ensuring your accounts (and your network) remain safe, it does share a few weaknesses with standard authentication methods. One of these is phishing: In next week’s blog, we’ll build upon our recent School of Phish Master Class to offer valuable tips on how to avoid falling for a phishing attempt.

National Cybersecurity Awareness Month: Password Pro Tips

/0 Comments/in , /by

October is typically associated with pumpkin spice lattes, college football, crunching leaves underfoot and ghostly fun, but did you know it’s also Cybersecurity Awareness Month?

This is the month when industry and government alike come together to spread knowledge on good cybersecurity hygiene practices for both individuals and organizations. By raising cyber awareness, we hope to instill knowledge about various cybersecurity touchstones as well as best practices for staying safe in the constant churn and burn of cyber threats.

Throughout this month, SonicWall will be exploring four main cybersecurity awareness themes in four different blogs. Today’s focus: strong passwords.

What is a Strong Password?

A strong password is a password that uses multiple types of characters to make it harder for hackers to guess. In the modern world, hackers use all sorts of methods to brute force passwords, and if your password is something like halloween2023 or password1234, threat actors can crack your password through brute forcing in a matter of moments. A good password will be:

  • At least 16 characters long
  • Consist of uppercase letters, lowercase letters, numbers and symbols
  • Not based on your personal information
  • Unique to each account

For example, $4wDeX76PoTG7?!0 is going to be nearly impossible for a hacker to brute force.

Password Managers

You may, like me, look at a password such as $4wDeX76PoTG7?!0 and think, “How in the world would I remember a password like that for every account I have?”

Fret not – this is where password managers come into play.

Password managers are built specifically to help you create secure passwords and keep track of them. There are multiple free password managers that can be used by individuals such as KeePass or BitWarden. There are even password managers built specifically for businesses and larger organizations like DashLane.

Password managers securely store all of your unique passwords for each of your accounts, so when you use a password manager, you don’t have to worry about forgetting a password. They’ll be readily available any time you need them.

Get on Board

According to Dark Reading, weak and reused credentials are near the top of the list of vulnerabilities in many organizations. Despite efforts to increase awareness on strong password practices and password managers, many organizations and individuals continue to use weak passwords, making them prime targets for hackers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has its own guide on creating strong passwords that’s also worth a read.

The bottom line is that all organizations need to get on board with requiring strong, unique passwords that make it much more difficult for threat actors to guess. In our next Cybersecurity Awareness Month blog, we’ll cover multi-factor authentication (MFA), which is the perfect tool to pair with strong passwords to maximize protection.

National Cybersecurity Awareness Month: 20 Years of Securing Our World

/0 Comments/in , /by

Twenty years ago, the first Cybersecurity Awareness Month was celebrated—and every year since, it’s continued to serve as a reminder of the role we all play in ensuring the world’s networks remain safe.

Today, Cybersecurity Awareness Month has evolved into a collaborative effort between industry and government to enhance cyber-awareness, empower the public with actionable steps for reducing online risk, and encourage an ongoing dialogue about cyber threats on a national and global scale.

In concert with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA), who administer the program, SonicWall will spend this month exploring ways to help organizations and individuals protect their information and secure their systems and devices.

What’s In Store for Cybersecurity Awareness Month 2023?

During the month of October, we’ll explore four primary themes, offering background, tips and actionable strategies to help everyone in the workforce engage in reducing cyber risk:

  • Use Strong Passwords: Strong passwords are long, random, unique and include all four character types. Password managers can be a powerful tool in helping ensure your passwords are optimized for online safety, not maximum convenience.
  • Turn On MFA: Passwords alone aren’t enough: If your credentials are compromised in a breach, anyone can access your accounts. But using Multi-factor Authentication (MFA) makes it significantly less likely that you’ll get hacked.
  • Recognize and Report Phishing: Phishing messages are getting more sophisticated every day. Be wary of any unsolicited message requesting personal information: Don’t share your credentials with anyone, and never share sensitive information unless you can confirm the identity of the requestor.
  • Update Software: While zero-day exploits continue to dominate discussions about cybersecurity, the sad truth is that many breaches are the result of unpatched vulnerabilities that are years old. Ensuring that your software is up to date is an important way to ensure you’re not leaving an open door for attackers.

How CISA Is Working to Secure Our World

In conjunction with the year’s Cybersecurity Awareness Month themes, CISA also announced a new initiative in celebration of the Cybersecurity Awareness Month’s 20th anniversary. “Secure Our World” will be a new, enduring cybersecurity awareness campaign unifying messaging across CISA’s span of awareness programs and other efforts.

Secure Our World is designed to shape cyber behaviors nationwide, with a particular focus on how individuals, families and small- to medium-sized businesses (SMBs) can make a difference. It will encourage everyone to take action each day to protect themselves while online or using connected devices.

In the meantime, don’t forget to check back frequently during October — we’ll be adding a new blog each week to help SonicWall users and the wider community become significantly safer online.

Elevate Your Network with The Ultimate 3 & Free Promotion

/0 Comments/in , /by

As businesses of all sizes navigate the complexities of the modern cybersecurity landscape, finding the right firewall solution at the right price is critical to a successful IT strategy. Malware is a serious threat with serious consequences to your organization and its reputation — especially with ransomware gangs and other cybercriminals lying in wait for an opportunity to attack your network, steal your data and sow chaos within your organization.

You need a firewall appliance that can quickly detect and stop malware in real time, before it causes any damage.

Why ‘3 & Free’ is the Ultimate in Savings

The limited-time SonicWall 3 & Free NGFW promotion is a cost-efficient and painless way for new or existing customers to upgrade to the latest NGFW while getting an incredible service package at an unbeatable price.

In-line image that shows why ‘3 & Free’ provides the ultimate in savings for our customers.

Don’t miss out on this jaw-dropping offer: From now until December 31, 2023, you can get a free SonicWall NGFW when you buy our 3-Year Essential Protection Service Suite (EPSS) and upgrade or trade in your current competitor device or SonicWall legacy appliance.

With a new SonicWall NGFW equipped with our Essential Protection Service Suite (EPSS), you’ll have the industry-leading protection your organization needs to stay safe in the constantly evolving threat environment, including defense against advanced malware, ransomware, encrypted threats, viruses, spyware, zero-day exploits and so much more. You can rest assured that your data, devices and users are secure.

What Sets This Deal Apart

This promotion is right-sized for every business, providing not only the best opportunity to get a free next-gen firewall appliance, but also get the absolute best service and technology. And the savings continue even after you’ve deployed your new solution: Third-party testing by the Tolly Group compared SonicWall to Fortinet and found that the SonicWall solution has significantly lower 3-year TCO.

Our comprehensive EPSS package includes:

  • Capture Advanced Threat Protection (ATP) with our patented RTDMI™
  • Gateway Anti-Virus
  • Anti-Spyware
  • Comprehensive Anti-Spam
  • Content Filtering Service (CFS)
  • Application Control
  • Intrusion Prevention Services
  • 24×7 support including firmware

SonicWall’s Capture ATP is our award-winning cloud-based sandbox that uses multiple engines to scan and block the most advanced threats before they can infect your network. It offers industry-leading threat protection and simplified management.

One of the key features of Capture ATP is our patented Real-Time Deep Memory Inspection (RTDMI™) technology, which is a powerful tool that can detect and stop known and unknown threats in real-time. RTDMI utilizes a combination of memory inspection, CPU instruction tracking and machine learning to analyze the characteristics and behaviors of suspicious files and processes. Unlike traditional sandboxes, RTDMI can catch threats that don’t exhibit any malicious behavior or that use encryption techniques to conceal their malicious code.

With Capture ATP, you also gain the superior performance of our most advanced and user-friendly operating system ever — SonicOS7. SonicOS7 has been redesigned from scratch to be more agile, flexible and intuitive than any of its predecessors. It offers enhanced security, visibility and control over your network.

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows

/0 Comments/in , /by

Over the past five years, cybercriminal groups have become increasingly corporatized. The early 2020s even saw them starting to market themselves as they endeavored to become widely known — both to be taken more seriously and to build a reputation for “fair” dealings with their victims. Lesser-known groups were even known to borrow the branding of larger groups, hoping to cash in on the brand recognition surrounding them.

But while the paychecks kept pouring in, cybercriminal groups seemed to lose sight of one thing: they weren’t legal entities in the way the corporations they emulated were. In fact, there was nothing legal about them at all, as many were reminded when politicians and law enforcement ramped up enforcement efforts and they found the long arm of the law pointed squarely in their direction.

After every cybercriminal arrest, the same refrain is repeated: “We applaud the efforts of law enforcement, but we don’t expect the bust to bring about lasting change.” But a look at data from the first half of 2023, as reported in the just-released Mid-Year Update to the 2023 SonicWall Cyber Threat Report brings this accepted notion into question, as we’ve seen threat actors begin to shun the spotlight and focus more on lower-risk activities such as cryptojacking, IoT malware and encrypted threats.

A graph depicting the rise of cryptojacking hits in 2023.

Malware Continues its Migration

Malware remained essentially flat year-to-date, falling just two percent compared with the first half of 2022. But that doesn’t mean there isn’t a great deal of change going on below the surface. With 1.3 billion hits (out of a global total of 2.7 billion), North America still sees the lion’s share of malware, but it was also the only region to record a decrease. In contrast, Europe and LATAM saw double-digit growth, suggesting that cybercriminals are shifting their attention to new shores.

Customers working in education and finance saw particularly large increases in malware, though none of the industries we examined showed a decrease.

Ransomware is Down, but Poised for a Turnaround

If cybercriminals are showing a greater interest in remaining under the radar, then a decrease in ransomware — a form of cybercrime that relies on the threat actors announcing and introducing themselves — should be expected. Still, with attack volumes down 41% over the first six months of 2022, many might wonder whether cybercriminals are giving up on ransomware for good.

There are a number of reasons we don’t think so, one of which is the trend line for ransomware as we moved through 2023. While the year-to-year trend line still points downward, on a month-by-month basis, we’ve actually seen ransomware rise, with a second quarter 74% higher than the first.

Cryptojacking’s Record Surge Continues

But if ransomware is down, what’s rising to take its place? We’ve seen an increase in several attack types, but perhaps the most pronounced has been in cryptojacking.  The number of cryptojacking hits reached 332 million hits in the first half of 2023, up a staggering 399% year-to-date. This not only represents a new record high — it also puts 2023 on track to see more cryptojacking hits than all other years on record combined.

IoT Malware Jumps by More Than a Third

SonicWall Capture Labs threat researchers noted a continued increase in the amount of IoT malware in the first half of 2023, jumping 37% to 77.9 million. At this rate, the number of IoT malware attacks will easily eclipse last year’s total, itself a record high.

As we’ve seen with other threat types, North America saw a decrease in attacks. At a modest 3%, however, this dip was more than made up for by triple-digit jumps in Asia and Latin America. India, in particular, saw an outsized number of these attacks: IoT malware there skyrocketed 311%.

Malicious PDF and Office Files Fall by Double Digits

The number of attacks involving malicious PDFs dropped 10% in the first six months of 2023, but there was an even bigger decrease in the use of malicious Microsoft Office files: Those attacks fell a staggering 75% compared with the same time period in 2022. Some of this drop may be due to Microsoft’s recent efforts to increase security, but time will tell whether this is a sustained downturn or whether cybercriminals make inroads around these new restrictions.

“The seemingly endless digital assault on the enterprise, governments and global citizens is intensifying and the threat landscape continues to expand,” said SonicWall President and CEO Bob VanKirk. “Threat actors are relentless, and as our data indicates, more opportunistic than ever before, targeting schools, federal governments and retail organizations at unprecedented rates. The 2023 SonicWall Mid-Year Cyber Threat Report helps us understand both the criminal mindset and behavior, which will in turn help organizations protect themselves and build stronger defenses against malicious activities.”

Read the full report here.

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader

/0 Comments/in /by

SonicWall’s Traci McCulley Orr, Senior Director of Global Talent Acquisition, has been honored by Talent100, the definitive power list of talent acquisition leaders across the United States and Europe. The Talent100 list recognizes innovative talent leaders from around the globe, showcasing those who are driving positive change and pushing boundaries in talent acquisition.

The Talent100 list is run by HIGHER, the world’s biggest community of talent acquisition professionals, with over 10,000 members worldwide. Their mission is to help every talent acquisition professional reach their full potential. The list is sponsored by Talentful, a leading global embedded talent consultancy.

“Being recognized on the Talent100 list is a remarkable accomplishment,” said SonicWall Senior Vice President and Chief Administration Officer Liz Johnson. “Traci is deserving of the honor, and I’m grateful to work with someone who contributes so much to the company and the team.”

Congratulations to Traci on this incredible accomplishment!

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List

/0 Comments/in /by

SonicWall is delighted to share that CRN has honored four SonicWall team members on its 2023 Women of the Channel List. SonicWall’s new Vice President of North American Channels Michelle Ragusa-McBain, Regional Channel Sales Director Elizabeth Reynolds, Senior Manager Inside Sales Carlien de Vries and Senior Product Marketing manager Sarah Choi were recognized for their incredible accomplishments in the IT channel.

“Honoring Michelle, Elizabeth, Carlien and Sarah is an indication of SonicWall’s continued commitment to our partner network and validates the depth of talent within our organization,” said SonicWall Chief Revenue Officer Jason Carter. “SonicWall’s channel leaders recognized by CRN exceed what’s expected in safeguarding partners, and they are devoted to providing partners with unmatched resources to help their businesses suceed.”

Every year, CRN recognizes women from vendor, distributor, and solution provider organizations whose expertise and vision are leaving a noticeable and commendable mark on the technology industry.

The CRN 2023 Women of the Channel honorees bring their creativity, strategic thinking and leadership to bear in a variety of roles and responsibilities, but all are turning their unique talents toward driving success for their partners and customers. With this recognition, CRN honors these women for their unwavering dedication and commitment to furthering channel excellence.

By bringing innovative concepts, strategic business planning and comprehensive channel initiatives to life, these extraordinary women support partners and customers with exceptional leadership. CRN celebrates these women, who are so deserving of recognition, for their constant dedication to channel excellence.

“We are ecstatic to announce this year’s honorees and shine a light on these women for their significant achievements, knowing that what they’ve accomplished has paved the way for continued success within the IT channel,” said Blaine Raddon, CEO of The Channel Company. “The channel is stronger because of them, and we look forward to seeing what they do next.”

The 2023 Women of the Channel list will be featured in the June issue of CRN Magazine, with online coverage starting May 8 at www.CRN.com/WOTC.