National Cybersecurity Awareness Month Focuses on Protecting Digital Identities, Being Accountable for Online Safety

The 16th annual National Cybersecurity Awareness Month (NCSAM) begins today, but this year with a new emphasis: you.

Every October, the National Cyber Security Alliance collaborates with the Cybersecurity and Infrastructure Agency (CISA) to launch the month-long campaign to highlight new or emerging cyber threats against people and organizations, and provide tips and best practices to stay safer online.

The 2019 movement, “Own IT. Secure IT. Protect IT.”, highlights the fact that each and every online user, SMB and business should practice personal accountability and proactive behavior in today’s digital landscape.

During the next month, SonicWall cybersecurity experts will examine each of the three themes and explore key aspects of living and doing business in a modern, hyper-connected world.

Own IT.

  • Staying safe on social media
  • Update privacy settings
  • Best practices for device applications

Secure IT.

  • Create strong, unique passphrases for passwords
  • Turn on multi-factor authentication (MFA) or two-factor authentication (2FA) for various sites, services and applications
  • Shop safe online
  • How to spot and avoid email threats like phishing, smishing, vishing, business email compromise (BEC), etc.

Protect IT.

  • Ensure your software, web browser and operating systems are patched regularly
  • Guidance secure Wi-Fi and wireless
  • Keeping customer/consumer data and information safe


National Cybersecurity Awareness Month was launched by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) in October 2004 as a broad effort to help all Americans stay safer and more secure online. Following wide success of the ‘Our Shared Responsibility’ theme in years past, CISA and NCSA have shifted strategic focus to a message that promotes personal accountability.

To learn more about NCSAM, please visit

Cyber Security News & Trends

This week, catch the SonicWall roadshow across Europe, ransomware is targeting K-12 systems, and Magecart hasn’t gone away.

SonicWall Spotlight

Bill Conner: Ransomware Actively Targeting K-12 Districts, Municipalities – SonicWall Blog

  • SonicWall CEO Bill Conner outlines the current rising ransomware risks for K-12 institutions and city municipalities in his latest piece written for the Forbes Technology council, recommending a layered security strategy as the best way to stop the threats.

SonicWall Hits the Road for the 2019 EMEA SecureFirst Partner Roadshow SeriesSonicWall Blog

  • Hit the road and come back for more and more! SonicWall partners should take the chance to see the SonicWall Roadshow in their city over October and November. Catch up on new products, talk to SonicWall executives and join in the fun learning about the future direction of the company and the world of cyber in general.

SaaS Application Security: 7 Risks to Mitigate – MSSP Alert

  • Rule Number 1: It may be 2019 but don’t fool yourself into thinking that phishing is no longer a threat… Shannon Emmons of SonicWall lists the seven primary security risks that anyone considering SaaS security needs to consider.

SonicWall CEO: ‘Direct Touch’ Model Has Helped Us Win More Enterprise Accounts – Channel Partner Insight

  • Bill Conner, CEO of SonicWall, is quoted by Channel Partner Insight discussing winning contracts via a strategy of direct touch. EMEA Director Michael Berg also weighs in giving an update on the UK, Germany and Middle East market.

David Chamberlin, SVP & Chief Marketing Officer, SonicWall – VarIndia

  • SonicWall’s David Chamberlin explains the role of a Chief Marketing Officer to VarIndia, breaking down how the role has changed over the years and outlining SonicWall’s current market position and plans.

Cybersecurity News

The New Edward Snowden Book Is Being Used to Spread Malware – Verdict (UK)

  • Cybercriminals are capitalizing on the release of whistleblower Edward Snowden’s new book, Permanent Record, to spread banking malware Emotet via a spear phishing campaign that hides malware in a Microsoft Word file.

‘But Who’s in Charge’ Is the Question for Feds in Cybersecurity – Fifth Domain

  • The Cybersecurity and Infrastructure Security Agency’s (CISA) second annual national cybersecurity summit was recently held at National Harbor. Senator Ron Johnson drew attention to the growing need for guidance in cybersecurity in 5G technology and CISA Director Chris Krebs also spoke about how international boundaries can fall away when it comes to cyberthreats, calling for a greater participation between government and businesses so as to more effectively fight cybercrime.

Ransomware Strikes 49 School Districts & Colleges in 2019 – Dark Reading

  • Underlining SonicWall CEO Bill Conner’s article on rising ransomware threats in K-12 businesses, Dark Reading reports that almost 50 districts have been hit by Ransomware attacks in 2019, with ten victims in the previous nine days alone.

GDPR: Only One in Three Businesses Are Compliant – Here’s What Is Holding Them Back – ZDNet

  • In a survey of over 1000 industry personnel, a new study found that only 28% consider themselves to be fully GDPR compliant. In the responses, 36% believe the requirements of GDPR are too complex while one third of respondents say that the financial costs of achieving alignment with GDPR are too prohibitive.

Once Hacked, Twice Shy: How Auto Supplier Harman Learned to Fight Cyber Carjackers – Reuters

  • After suffering a number of public cybersecurity embarrassments in the past, the motor industry is now tackling the issue head-on; there has been exponential growth in the area with cybersecurity requirements now numbering in the hundreds of pages, up from just a single page five years ago.
And Finally:

Magecart Strikes Again: Hotel Booking Websites Come Under Fire ZDNet

  • It hasn’t gone away; a fresh wave of Magecart-linked attacks is currently taking place with the hotel booking websites the latest victims.

In Case You Missed It

it-SA 2019: SonicWall’s Integrated Cybersecurity Platform

Bringing together companies and leaders from around the world, it-sa 2019 is one of the most anticipated international technology events of the year, and it’s just around the corner! If you are attending, then expect to experience innovations and developments that will shape our future.

Visit SonicWall and its partners Axsos, Data-Sec, MCM, Takenet and Tarador at the technology fair from the 8th to the 10th of October at the Exhibition Center Nuremberg, Booth 9-538 in Hall 9.

About it-sa 2019

It-sa has established itself as Europe’s largest and most indispensable IT security exhibition and one of the most important platforms for cloud, mobile, data and network cybersecurity in the world. In 2018 around 700 exhibitors from 27 countries spread over 3 halls to present the latest IT security solutions to 14,290 trade visitors.

Based in Nuremberg since 2009, it-sa is a unique platform where C-Level experts and IT security officers from industry, services and administration get to meet developers and providers of products and services for IT security. It has successfully served as a catalyst for many innovative solutions.

From October 8 to 10, through a series of open forums, lectures and presentations, experts will be at hand to provide the most up-to-date information on strategies and technical solutions in IT security.

At the SonicWall stand

Learn about the latest cyber threats and solutions from SonicWall (booth: 9-538) and at the workstation of SonicWall distributor Infinigate (booth 9-416). Find out about:

Do you want to know if your company is safe from cyberattacks?

Cyber-threats do not discriminate or differentiate. Exposed networks, data, identities, and devices are identified, targeted and unscrupulously attacked by cybercriminals. Visit the SonicWall stand to learn how IT security issues like Internet of Things (IoT) vulnerabilities, constantly evolving malware variants, cloud threats and much more can be defeated.

Take the free security check at the SonicWall stand and then join our quiz – with a bit of luck, you can win a Moovi StVO e-scooter.

We’ll also be holding the presentation “Your account has been hacked” hosted by Silvan Noll, SE Manager Central Europe on 08.10.2019 at 13:15 in hall 10 or on 09.10.2019 at 10:00 in Hall 9.

And don’t miss the SonicWall Booth Party on 09.10.2019 from 18:00 clock in Hall 9 at Infinigate Stand 9-416!

“We look forward to demonstrating the depth of our growing portfolio of solutions, including our patent-pending RTDMI technology, which discovered 104,000 unprecedented attack variants from January to August alone,” says Jan-Patrick Schlögell, Regional Director Central Europe, SonicWall ,

Contact us on social media by tagging @SonicWall with the hashtag #itsa19. You can also follow us on social media throughout the it-sa event:

We look forward to seeing you there! Don’t forget: Hall 9.

SonicWall Hits the Road for the 2019 EMEA SecureFirst Partner Roadshow Series

Six weeks. Eight countries. Seventeen cities.

SonicWall is delighted to announce the launch of the 2019 SonicWall EMEA Partner Roadshow Series. The roadshow is taking place Oct. 1 through Nov. 14 in select cities across Europe and South Africa. This is an exciting opportunity for our SecureFirst Partners to gain insight into the vision, products, services and future direction of SonicWall.

Launched in 2016, the SecureFirst Partner Program has brought to market many new and exciting programs, incentives and tools for our partners. During our roadshow, partners will experience an immersive day of practical content including training and updates on a variety of valuable areas:

The roadshow will give partners an exclusive opportunity to learn about the future direction of the company, spend valuable time with SonicWall executives and product experts, and learn new ways to build their business. Partners will also get the opportunity to hear valuable feedback from each other and exchange ideas with their local SonicWall team.

“SonicWall Overdrive 2.0 has helped a lot for getting more sales, especially thanks to the included email campaigns. We would recommend Overdrive to all partners, as it is very easy to use and effective.”

Ryan Wade
Business Solutions Specialist
Turrito Networks

Register now

If you are interested in attending an upcoming Partner Roadshow event in Europe or Africa, please reference the table below and register for a city near you.

Date Location Registration Link
October 1 Johannesburg, South Africa Register
October 1 Madrid, Spain Register
October 2 Barcelona, Spain Register
October 3 Durban, South Africa Register
October 22 Bucharest, Romania Register
November 4 Neuss, Germany Register
November 5 Vienna, Austria Register
November 5 Lyon, France Register
November 6 Egerkingen, Switzerland Register
November 6 Paris, France Register
November 8 Frankfurt, Germany Register
November 11 Munich, Germany Register
November 12 Stuttgart, Germany Register
November 12 Milano, Italy Register
November 13 Roma, Italy Register
November 13 Hamburg, Germany Register
November 14 Leipzig, Germany Register

Please note availability is strictly limited and this event is targeted to the SonicWall SecureFirst Partner community.

More partner news

Keep up with partner news from SonicWall by following us on social media and by following our dedicated partner-focused Twitter account: @SNWLSecChannel

Bill Conner: Ransomware Actively Targeting K-12 Districts, Municipalities

Bill Conner has always had ransomware in his crosshairs. And despite the dangerous malware somewhat fading from media interest in 2018, he knew better.

And for good reason.

First, ransomware is too effective and easy for cybercriminals to extort payment from victims and doesn’t require risky data exfiltration and subsequent Dark Web sales. Second, cybercriminals are sophisticated enough to pivot their tactics by either creating new malware variants or by finding new and easier targets.

As Conner outlines in his latest article for Forbes, “Back-To-School Lists Should Now Include Ransomware,” the summer of 2019 had both. The season featured a handful of new ransomware variants, but the big news was the targeting of both K-12 school districts and state and city municipalities.

“It’s a deliberate and strategic shift from hospitals and other soft targets to K-12 districts and schools, where security controls and technology resources aren’t as always as robust despite housing some of the most sensitive and private data,” Conner wrote for Forbes.

The summer of 2019 also witnessed one of the most tactical and widespread ransomware attacks against a single state. In August 2019, the Texas Department of Information Resources (DIR) announced that 20-plus state agencies have been infected by ransomware. According to ZDnet, the “infection is blamed on strain of ransomware known only as the .JSE ransomware.”

In fact, the last 12 months have seen ransomware attacks bring city services to a halt, including those in Arizona, Florida, Georgia, Indiana, Maryland, Nevada, New York and more.

Ransomware protection requires layered, persistent protection

It’s an old cliché, but it’s true: cybersecurity is never finished. The same goes for malware and ransomware protection, which should be an evolving and ongoing practice.

“Regardless of industry, it’s important that C-level executives continue to be proactive in promoting cybersecurity investments as ransomware and the plethora of other kinds of cyberattacks continue to evolve in sophistication and volume,” Conner wrote.

The best approach is a layered security strategy that identifies and mitigates ransomware attacks across a number of vectors. One such approach is pairing a next-generation firewall with a multi-engine, cloud-based sandbox, such as the Capture Advanced Threat Protection (ATP) sandbox.


Cost-effective for K-12 districts as well as state and local governments, Capture ATP stops unknown, zero-day attacks, including ‘never-before-seen’ ransomware, at the gateway with automated remediation. Capture ATP analyzes suspicious code to help discover and block newly developed malware and ransomware from entering your network — all in real time.

Cyber Security News & Trends

This week, Ecuador suffers a country-sized data breach, smart cities are put under the cybersecurity microscope, and SonicWall take a look at emerging technologies.

SonicWall Spotlight

#074 – Bill Conner: You Cannot Have Privacy Without Security – Cyber Security Interviews

  • SonicWall CEO Bill Conner discusses the current state of the threat landscape and details his career path on the Cyber Security Interviews podcast with Douglas Brush. They cover encryption, security for the SMB market, SonicWall’s Capture Threat Network, malware cocktails, malware as a service, AI and machine learning, governments backdooring encryption, and more!

SonicWall Awarded USETPA Contract – SonicWall Blog

  • SonicWall has been awarded the U.S. Educational Technology Purchasing Alliance (USETPA) contract for wireless access points, firewalls, and related security services. The USETPA assists public agencies to help reduce the cost of purchased goods through strategic sourcing that combines the volumes and the purchasing power of public agencies nationwide.

Five Technologies Likely To Disrupt Industries – CEO Insights India

  • Emerging technologies are changing how enterprises function. SonicWall’s Debasish Mukherjee lists his top five technologies that he thinks will have a major impact.

Cybersecurity News

Arrest Made in Ecuador’s Massive Data Breach – ZDNet

  • After the personal data of almost every person in Ecuador was leaked, Ecuadorian authorities have been quick to make an arrest. There is an ongoing investigation into what happened and why the company involved had access to such a large amount of unnecessary private data.

CISA Chief Calls on Cybersecurity Community to ‘Stop Selling Fear’ – The Hill

  • The head of the Cybersecurity and Infrastructure Security Agency, Christopher Krebs, is calling on industry and government experts to do more to help society understand and grapple with growing cyber threats. He calls for more measured, reasonable and straightforward talk when explaining the cybersecurity landscape to the public.

Millions of Americans’ Medical Images and Data Are Available on the Internet. Anyone Can Take a Peek. – ProPublica

  • Hundreds of insecure computer servers worldwide store medical patient data that can easily be accessed. As one expert puts it, “It’s not even hacking. It’s walking into an open door.” ProPublica investigates the current privacy problems in medical technology.

How Hackers Could Break Into the Smart City – Wall Street Journal

  • With IoT devices growing at huge rates smart cities are rapidly becoming a reality. However, without a good cybersecurity plan in place this is a risky situation, the more connected a city is, the more vulnerable it is to cyberattacks.

Colorado Cites Cybersecurity Concerns in Banning QR Codes on Ballots – The Hill

  • Colorado has become the first U.S. state to ban the use of QR codes on ballots. Currently QR codes are used as a fast way of scanning votes but with hacking fears on the rise there is a fear that votes could be altered by a digital intruder.

Lion Air Breach Hits Millions of Passengers – InfoSecurity Magazine

  • Security researchers have found at least 35 million airline records circulating online with details belonging mostly to Lion Air companies. Details leaked include names, dates of birth, phone numbers, emails, addresses, passport numbers and expiration dates. The companies say they are investigating the breach.
And Finally:

Tackling Cybersecurity at the Rugby World CupTechradar

  • The 2019 Rugby World Cup is the most tech-enabled sports event yet and Japan has responded with a full cybersecurity sweep of network-connected IoT objects, checking for any vulnerabilities.

In Case You Missed It

SonicWall Awarded USETPA Contract

SonicWall has been awarded the U.S. Educational Technology Purchasing Alliance (USETPA) contract for wireless access pointsfirewalls (network security products) and related security services.

The USETPA assists public agencies to help reduce the cost of purchased goods through strategic sourcing that combines the volumes and the purchasing power of public agencies nationwide.

The USETPA reverse auction site helps K-12 schools, libraries, local government entities, community colleges and nonprofit groups request proposals from USETPA-approved vendors and select the proposal that offers the best value. This informal RFP allows users to negotiate the best value deal without the constraints of a formal RFP process.

Formed to leverage the purchasing power of schools, libraries and public entities, the USETPA created pre-bid convenience contracts on a ‘not-to-exceed-price basis,’ which means that every item purchased receives a discount while larger and aggregated orders may receive additional discounts.

End-users can be sure that all state and local procurement rules and regulations have been met — all while getting the lowest prices available.

E-rate and USETPA

USETPA subscribers applying for E-rate funding can use the USETPA Form 470 in lieu of, or in addition to, issuing their own Form 470. USETPA subscribers skip the burdensome 470 process while ensuring that all competitive bidding requirements have been met. By streamlining the E-rate application process, subscribers save valuable time and resources.

Purchasing Note

When filing Form 470s for SonicWall products through the USETPA program, please reference SonicWall USETPA contract number 719001. For additional questions related to USETPA and E-rate federal funding, please contact the USETPA at 910-333-6870.

How to USETPA services

Eligible or approved organizations may use USETPA in four ways:

  • Online Portal: End-users may register on the portal and request quotes via USETPA’s reverse auction process.
  • Offline Bid: ​Users can contact the USETPA (919-391-9558) which will conduct an offline bid on users’ behalf.
  • Direct with SonicWall Partners: Users may contact SonicWall, now an approved USETPA vendor, for pricing and to be paired with an authorized SonicWall SecureFirst partner. A copy of the invoice should be sent to the USETPA for certification.
  • Vendor Catalog: ​Users may purchase via a USETPA vendor catalog. In this case, all purchases are automatically registered.

SonicWall products eligible under USETPA

SonicWall cybersecurity products eligible under the new USETPA contract include a range of wireless access points and next-generation firewalls. This includes:

For assistance using the USETPA program, please contact your SonicWall SecureFirst partner representative or call SonicWall at +1-888-557-6642.

GITEX 2019: SonicWall Heads to the Biggest Tech Show in the Middle East, North Africa & South Asia

SonicWall at GITEX 2019

Oct 2019

Stand SR-B20
Sheikh Rashid Hall
Dubai World Trade Centre

One of the most important weeks on the international technology calendar is just around the corner. GITEX Technology Week 2019 is a must-attend, world-class event that promises to bring together investors, entrepreneurs and technology leaders from around the world and give attendees a chance to experience life-changing innovations that will shape our futures.

Join SonicWall at GITEX, the biggest tech show in the Middle East, North Africa and South Asia, Oct. 6-10 at the Dubai World Trade Centre. The GITEX 2019 agenda features a lineup of industry leaders, tech talks, X-Labs and demos, and 26 exhibiting zones.

You’ll find SonicWall on the Enterprise Networking & Security floor in Sheikh Rashid Hall at stand SR-B20, where more than 100,000 attendees from all over the world are expected to explore innovative technologies, learn about groundbreaking solutions and connect with more than 4,800 exhibitors impacting technology today.

SonicWall at GITEX 2019

Join SonicWall’s Atul Dhablania, Michael Berg, Mohamed Abdallah, Jose Cardoso, Luca Taglioretti and Thomas Buergis for discussions and interactive sessions with our global and regional experts as we dive into the latest in cybersecurity solutions and trends.

SonicWall will showcase its networking and security solutions including:

You’ll also have the chance to get insight into the latest findings from the SonicWall Capture Labs threat researchers, who monitor, collect and analyze millions of malware threats per day in real-time across than 215 countries and territories. These industry-leading insights about the threat landscape and sophisticated analytics broken down geographically will arm you so you can act rapidly against emerging threats.

“We look forward to demonstrating the depth of our growing solutions portfolio, including our patent-pending RTDMI technology that has discovered 104,000 never-before-seen attack variants from January to August alone.”

Mohamed Abdallah
Regional Director for Middle East & Turkey

Presentation Schedule: Stand SR-B20


6 Oct


7 Oct


8 Oct


9 Oct


10 Oct

11:00 – 11:30 Introduction to SonicWall Capture Cloud Platform Securing the Cloud (CSC, CAS, Virtual Firewall, Web Application Firewall) Securing the Cloud (CSC, CAS, Virtual Firewall, Web Application Firewall) Securing the Cloud

(CSC, CAS, Virtual Firewall, Web Application Firewall)

12:30 – 13:00 Securing the Cloud (CSC, CAS, Virtual Firewall, Web Application Firewall) Software-Defined Branch (SD-WAN, Wireless) Software-Defined Branch

(SD-WAN, Wireless)

Software-Defined Branch

(SD-WAN, Wireless)

14:00 – 14:30 Introduction to SonicWall Capture Cloud Platform Software-Defined Branch

(SD-WAN, Wireless)

Next-Gen Secure Wireless Network Next-Gen Secure Wireless Network Next-Gen Secure Wireless Network
15:30 – 16:00 Software-Defined Branch

(SD-WAN, Wireless)

Next-Gen Secure Wireless Network Secure Mobile Access platform Secure Mobile Access platform Next-Gen Email Security
17:00 – 17:30 Securing the Cloud (CSC, CAS, Virtual Firewall, Web Application Firewall) Next-Gen Email Security Next-Gen Endpoint Security  2019 SonicWall Cyber Threat Report Next-Gen Endpoint Security
18:00 – 1830 Next-Gen Secure Wireless Network

About GITEX 2019

Now in its 39th year, GITEX Technology Week allows its attendees to experience the future. See what’s coming next in the world of technology and business, as top technology enterprises, startups and think-tanks from around the world reveal their eureka moments and life-changing innovations.

  • Discover new tech from 4,800 global exhibitors and 97 countries
  • Explore and source solutions across 26 technology centers
  • Powerful insights from 250 pioneers & practitioners on stage

GITEX Trailblazer Awards
The inaugural GITEX Trailblazer Awards will honour the world’s technology first-movers and successful adopters that have set new benchmarks within their industry. More details on the awards to follow. Stay tuned.

GITEX Guided Tours
Returns with an even better highly-curated experience of GITEX with a special focus on the biggest technological showcases per sector including AI, smart cities, 5G, cloud, big data and lifestyle tech. Led by a technology specialist, the tours happen every hour on the hour, with coverage in 10 different languages.

SonicWall on social media

Engage with us on social media by tagging @SonicWall and using the hashtag #GITEX2019. You can follow us throughout the entire GITEX event on social media:

We look forward to seeing you at GITEX! Don’t forget, we’re in the Sheikh Rashid Hall, Stand SR-B20.

7 Key Security Risks to Address when Adopting SaaS Applications

Infrastructure? Who needs it. The modern organization is ditching traditional on-premise software and related infrastructure in favor of software-as-a-service (SaaS) offerings.  SaaS provides attractive and often essential options for reducing CapEx, operational overhead and decreased deployment time — all of which translate into increased business agility.

But the increased agility isn’t without risks. Eager to keep projects moving, many internal business units will procure new SaaS applications without the guidance or approval of appropriate IT or security teams. Multi-SaaS organizations are often left to manage, protect and report on each SaaS service separately, further increasing risk with inconsistent security policies.

If your business is deploying more and more SaaS applications, be on the lookout for these seven primary security risks to understand where proper SaaS security should be applied.

  1. Phishing is still a threat.

    Email remains the most common threat vector with over 90% of the successful cyberattacks starting with a phishing email. Cybercriminals use phishing email to trick victims into delivering payloads using malicious attachments or URLs, harvest credentials via fake login pages, or commit fraud through impersonation.But modern phishing attacks also are increasing in sophistication and are often highly targeted.

    In addition, phishing has evolved to cloud-based attacks as organizations continue to accelerate the adoption of SaaS email (e.g., Office 365 or G Suite) and other productivity apps. Cloud applications present the next frontier for phishing since users need to authenticate to access their accounts, and the authentication is driven through industry-standard protocols, such as OAuth.

    For example, cybercriminals targeted O365 with highly sophisticated phishing attacks — including baseStriker, ZeroFont and PhishPoint — to bypass Microsoft security controls. Many secure email gateways, such as Mimecast, also could not stop these phishing emails.

    In another case, Google’s Gmail suffered a mass phishing attack in 2017 with an authentic-looking email that asked for permission and opened access to their email accounts and documents. The attack exploited Google’s OAuth protocol.

  2. Account takeovers open the door.

    Account takeover (ATO) attacks involve threat actors compromising an employee’s corporate credentials by either launching a credential phishing campaign against an organization or buying credentials on the Dark Web due to third-party data leaks. A threat actor then leverages the stolen credentials to gain additional access or escalate privileges. It is possible that a compromised account may remain undiscovered for a long time — or never be found at all.

  3. Data theft still profitable no matter where it’s stored.

    The risk of data breach is a top concern for organizations moving to the cloud. Sanctioning SaaS applications implies moving and storing data outside the corporate data center, where the organization’s IT department does not have control or visibility, but is still responsible for data security.The data stored in SaaS applications could be customer data, financial information, personally identifiable information (PII) and intellectual property (IP). Cybercriminals typically initiate a targeted attack or exploit poor security practices and application vulnerabilities to exfiltrate data.

  4. Loss of control may result in unauthorized access.

    Another risk of moving to the cloud is that the IT department no longer has complete control over which user has access to what data and the level of access. Employees may accidentally delete data resulting in data loss or expose sensitive data to unauthorized users resulting in data leakage.

  5. The unknown of new malware and zero-days threats.

    SaaS applications, especially file storage and file-sharing services (e.g., Dropbox, Box, OneDrive, etc.), have become a strategic threat vector to propagate ransomware and zero-day malware.According to Bitglass, 44% of scanned organizations had some form of malware in at least one of their cloud applications. Attacks taking place within SaaS environments are difficult to identify and stop as these attacks can be carried out without users’ awareness.

    One advantage of using SaaS applications is that the files and data automatically sync across devices. This can also be a channel for malware to propagate. The attacker would only have to upload a malicious PDF or Office file to the file-sharing or storage SaaS apps; the syncing features would do the rest.

  6. Compliance and audit.

    Government mandates, such as GDPR, and regulations for industries such as healthcare (HIPAA), retail (PCI DSS) and finance (SOX) require auditing and reporting tools to demonstrate cloud compliance, in addition to data protection requirements. Organizations must make sure sensitive data is secured, deploy capabilities to log user activities and enable audit trails across all sanctioned applications.

  7. The threats within.

    When it comes to security, employees are often the weakest link. Insider threats don’t always include malicious intent. User negligence can result in the accidental insider attack, which remains a top risk for organizations of all sizes. This risk isn’t isolated to weak passwords, shared credentials or lost\stolen laptops. It extends to data stored in the cloud, where it can be shared with external sources and often accessed from any device or location.

    The darker side of insider threats includes malicious intent. Insiders, such as staff and administrators for both organizations and CSPs, who abuse their authorized access to an organization’s or CSP’s networks, systems and data can cause intentional damage or exfiltrate information.

How to secure SaaS applications

Rapid adoption of SaaS email and applications, coupled with continuous technological advances, has resulted in multiple options for securing both SaaS email and data.

Geared toward the large enterprise, security vendors introduced Cloud Access Security Brokers (CASB) as a solution providing visibility, access control and data protection across cloud computing services using a gateway, proxy or APIs.

While traditional CASBs provide robust capabilities for the large enterprise, this isn’t always practical for every organization. In additional to being costly — with often complex deployments — few CASBs provide email security for SaaS-based email like Office 365 Mail and Gmail, leaving organizations to implement and manage separate security controls.

Expanded adoption of SaaS email and applications across organizations has created a need for an affordable, easy-to-use SaaS security solution. Thankfully, there are some approaches that can help close or eliminate new risks caused by SaaS applications.

Secure Your Entire Cloud Office Suite, Including Office 365 or G Suite

For example, SonicWall Cloud App Security (CAS) combines advanced email protection and data protection for SaaS email and applications. This approach delivers advanced threat protection against targeted phishing attacks, business email compromise, zero-day threats, data loss and account takeovers.

Cloud App Security also seamlessly integrates with sanctioned SaaS applications using native APIs. This approach provides email security and CASB functionalities that are critical to protecting the SaaS landscape and ensure consistent policies across the cloud applications being used.

When used with Capture Security Center Analytics, and integrated with SonicWall next-generation firewalls, Cloud App Security delivers Shadow IT visibility and control through automated cloud discovery.

I sette principali rischi per la sicurezza legati alle applicazioni SaaS

Infrastrutture, a chi servono? Le aziende stanno abbandonando il software di tipo tradizionale installato in loco e le relative infrastrutture a tutto vantaggio delle soluzioni software-as-a-service (SaaS). Si tratta di opzioni interessanti e spesso essenziali per ridurre gli investimenti, i costi operativi e i tempi di messa in funzione. Il tutto si traduce in una maggiore flessibilità operativa.

Ma la maggiore flessibilità non è priva di rischi. Spinti dall’esigenza di portare avanti i progetti, non è infrequente che molti reparti aziendali decidano di acquistare applicazioni SaaS senza la consulenza o l’approvazione degli esperti informatici o degli addetti alla sicurezza aziendale. Spesso le organizzazioni multi-SaaS gestiscono, proteggono e riferiscono sui singoli servizi SaaS separatamente, il che aumenta ulteriormente il rischio legato alla mancanza di uniformità delle politiche di sicurezza.

Se la vostra azienda adotta in misura sempre maggiore le applicazioni SaaS, vi suggeriamo di fare attenzione ai sette principali rischi per la sicurezza, per poter essere in grado di adottare misure di sicurezza SaaS adeguate.

  1. Il phishing continua ad essere una minaccia.

    La posta elettronica resta uno dei vettori di minacce più comuni, con oltre il 90% dei ciberattacchi andati a buon fine originati da e-mail di phishing. I cibercriminali utilizzano le e-mail di phishing per ingannare le vittime, consegnando payload nocivi attraverso allegati o URL dannosi, acquisendo credenziali attraverso false pagine di accesso o commettendo frodi mediante impersonazione. Ma i moderni attacchi di phishing stanno diventando sempre più sofisticati e mirano spesso più in alto.

    Inoltre, il phishing si è evoluto in attacchi basati su cloud dal momento che le imprese stanno adottando in misura sempre maggiore la posta elettronica SaaS (ad esempio, Office 365 o G Suite) e altre applicazioni di produttività. Le applicazioni cloud costituiscono la prossima frontiera del phishing, poiché gli utenti devono autenticarsi per accedere agli account e l’autenticazione viene effettuata tramite protocolli standard industriali, come OAuth.

    Ad esempio, i cibercriminali hanno preso di mira O365 con attacchi di phishing molto sofisticati, tra cui baseStriker, ZeroFont e PhishPoint, per aggirare i controlli di sicurezza Microsoft. Neppure molti gateway di posta elettronica sicuri, come Mimecast, sono riusciti a bloccare queste e-mail di phishing.

    Anche Gmail di Google nel 2017 ha subìto un attacco massivo di phishing con un’e-mail che sembrava autentica, in cui si richiedevano il permesso e la possibilità di accesso a documenti ed account di posta elettronica. L’attacco è stato portato sfruttando il protocollo OAuth di Google.

  2. Porte aperte per la sottrazione di account.

    Gli attacchi di sottrazione di account (ATO) vengono portati compromettendo le credenziali aziendali di un dipendente, lanciando campagne di phishing delle credenziali nei confronti delle imprese o acquistando le credenziali stesse sul dark web a seguito di perdita di dati di terzi. Gli autori delle minacce possono utilizzare le credenziali sottratte per ottenere nuovi accessi o ulteriori privilegi. È possibile che la compromissione di un account non venga scoperta per molto tempo o non venga scoperta affatto.

  3. Il furto dei dati è ancora redditizio, indipendentemente dall’ubicazione dei dati.

    Il rischio di violazione dei dati è una delle preoccupazioni delle imprese che decidono di passare al cloud. L’approvazione delle applicazioni SaaS implica lo spostamento e la memorizzazione dei dati fuori dal centro di elaborazione aziendale, senza che il servizio informatico interno possa controllarli o visualizzarli, pur restando responsabile per la loro sicurezza. Tra i dati memorizzati nelle applicazioni SaaS figurano quelli dei clienti, le informazioni finanziarie, i dati personali identificabili (PII) e la proprietà intellettuale (IP). Tipicamente, per sottrarre i dati i cibercriminali avviano un attacco mirato o sfruttano prassi di sicurezza inadeguate e vulnerabilità delle applicazioni.

  4. La perdita di controllo può comportare accessi non autorizzati.

    Un altro rischio legato al passaggio al cloud è che il servizio informatico non ha più il controllo completo su quali sono gli utenti che accedono a determinati dati e sui livelli di accesso. I dipendenti possono cancellare inavvertitamente i dati, il che può comportare la perdita degli stessi o l’esposizione dei dati sensibili ad utenti non autorizzati, con conseguente perdita di dati.

  5. Le incertezze legate alle nuove minacce malware e zero-day.

    Le applicazioni SaaS, soprattutto i servizi di memorizzazione e di condivisione dei file (es., Dropbox, Box, OneDrive etc.), sono diventate un vettore di minacce strategico per propagare ransomware e malware zero-day. Secondo Bitglass, il 44% delle organizzazioni controllate ha subìto qualche tipo di malware in almeno una delle applicazioni cloud. Gli attacchi in ambienti SaaS sono difficili da identificare e da bloccare, dal momento che possono essere portati senza che gli utenti se ne accorgano.

    Uno dei vantaggi derivanti dall’uso delle applicazioni SaaS consiste nel fatto che i file e i dati si sincronizzano automaticamente sui dispositivi, il che può anche essere utilizzato come canale per propagare malware. Gli autori degli attacchi non devono far altro che caricare un file PDF o Office dannoso nelle applicazioni SaaS di condivisione o memorizzazione dei file, e le funzioni di sincronizzazione fanno il resto.

  6. Conformità e verifiche.

    Le direttive ufficiali, come il GDPR, e i regolamenti industriali, ad esempio quelli relativi alla sanità (HIPAA), alla grande distribuzione (PCI DSS) e alla finanza (SOX), impongono l’utilizzo di strumenti di verifica e di reporting per dimostrare la conformità del cloud, oltre ai requisiti di protezione dei dati. Le imprese devono garantire la sicurezza dei dati sensibili, installare funzioni di registrazione delle attività degli utenti e consentire le verifiche di tutte le applicazioni approvate.

  7. Le minacce dall’interno.

    Quando si tratta di sicurezza, i dipendenti costituiscono spesso l’anello debole della catena. Non sempre le minacce interne hanno una finalità dolosa. La negligenza degli utenti può comportare attacchi interni casuali, che restano uno dei rischi principali per qualsiasi tipo di azienda. Si tratta di rischi che non sono limitati alle password deboli, alle credenziali condivise o ai portatili persi o rubati, ma riguardano anche i dati memorizzati nel cloud, dove possono essere condivisi con fonti esterne ed è spesso possibile accedervi da qualsiasi dispositivo o sede.
    Il lato oscuro delle minacce interne comprende anche le finalità dolose. Il personale interno e gli amministratori delle aziende e dei fornitori di servizi cloud (CSP), che utilizzano impropriamente gli accessi autorizzati alle reti, ai sistemi e ai dati delle aziende o dei CSP, possono provocare danni intenzionali o sottrarre informazioni.

Come rendere sicure le applicazioni SaaS

La rapida diffusione della posta elettronica e delle applicazioni SaaS, di pari passo con i continui progressi tecnologici, ha reso disponibili diverse soluzioni di sicurezza delle e-mail e dei dati SaaS.

Avendo come riferimento le grandi aziende, i fornitori di soluzioni di sicurezza hanno introdotto i Cloud Access Security Brokers (CASB), una soluzione che consente visibilità, controllo degli accessi e protezione dei dati per i servizi informatici nel cloud tramite un gateway, un proxy o delle API.

Se i CASB di tipo tradizionale presentano notevoli capacità per le grandi aziende, il loro impiego non è sempre fattibile per tutte le aziende. Oltre ad essere costosi – e richiedere spesso complesse procedure di installazione – sono pochi i CASB in grado di garantire la sicurezza delle e-mail per le applicazioni di posta elettronica di tipo SaaS come Office 365 Mail e Gmail, perché sono le aziende a dover attuare e gestire controlli di sicurezza separati.

La costante diffusione della posta elettronica e delle applicazioni SaaS a livello aziendale ha fatto nascere l’esigenza di una soluzione di sicurezza SaaS affidabile e di facile uso. Per fortuna, esistono alcuni approcci in grado di contribuire a ridurre o eliminare i nuovi rischi legati alle applicazioni SaaS.

Sicurezza dell’intera suite Office su cloud, tra cui Office 365 e G Suite

Ad esempio, Cloud App Security (CAS) di SonicWall abbina la protezione avanzata delle e-mail e dei dati per la posta elettronica e le applicazioni SaaS. Si tratta di un approccio che garantisce una protezione avanzata contro gli attacchi di phishing mirati, la compromissione delle e-mail aziendali, le minacce zero-day, la perdita di dati e la sottrazione di account.

Inoltre, Cloud App Security si integra senza soluzione di continuità con le applicazioni SaaS approvate che utilizzano API native. Questo approccio prevede la sicurezza della posta elettronica e funzionalità CASB essenziali per proteggere l’ambiente SaaS e garantire politiche coerenti per tutte le applicazioni cloud in uso.

Utilizzata in abbinamento a Capture Security Center Analytics e integrata con i firewall SonicWall di prossima generazione, Cloud App Security consente la visibilità e il controllo delle attività informatiche nascoste grazie all’individuazione automatizzata nel cloud.