Posts

Cyber Security News & Trends

This week SonicWall has taken to the airwaves as CEO Bill Conner is profiled by KRLD Radio, and in industry news, more new breaches revealed but impacted companies like Quora are saying that Marriott International has it far worse.


SonicWall Spotlight

New Law Aids SMBs in Combating Cybersecurity Risks – The Channel Pro Network

CRN’s 2018 Products of the YearCRN

  • The SonicWall Capture Cloud Platform was announced as a finalist in CRN’s 2018 Products of the Year in the security-cloud category.

CEO Spotlight: Bill Conner, CEO, SonicWall – KRLD Radio (US)

  • SonicWall CEO Bill Conner is featured on KRLD’s CEO Spotlight radio segment discussing SonicWall’s holiday cyber threat data.

Cyber Security News

Cyber-espionage group uses Chrome extension to infect victims – ZD Net

  • Netscout researchers have released a report revealing details of a nation-state-backed hacking group’s efforts to target the academic sector by pushing a malicious Google Chrome extension through a spear-phishing email campaign.

DHS Says SamSam Ransomware is Targeting Critical Infrastructure Entities – Security Week

  • The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) issue an alert on activity related to SamSam, the malware which has supposedly cost private enterprises and organizations over $5.9 million in the last two years.

U.S. Financial Firms to Further Increase Cybersecurity Spending – Bloomberg

  • U.S. banks and other financial firms are projecting higher spending on cybersecurity as they face bigger threats and more attacks.

Marriott looking at China in data breach: report – The Hill

  • Investigators looking into the recent Marriott breach, which saw personal data belonging to over 500 million hotel guests exposed, are looking to China as the most likely source of the attack.

Quora reports data breach affecting 100 million users – Phys Org

  • Quora has notified users of a data breach involving the email addresses and encrypted passwords of about 100 million users. The question-and-answer website is downplaying the incident, claiming that it “is nothing like” the sustained breach suffered by Marriott International over the last four years.

Why Cyber Monday Is Just the Beginning of the Festive Hacking Season – ZDNet

  • Cyberattacks reach a peak around the holiday season but ZDNet argue that understaffing over Christmas leaves many companies open to further attacks.

Huawei Said to Plan $2 Billion Cybersecurity Reboot – Industry Week

  • Small companies often do not have the resources to be able to meet the strictest cybersecurity standards. Two academics argue that they should not be financially penalized in the same way as larger corporations can be.

In Case You Missed It

Cyber Security News & Trends

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

Cyber Monday, Black Friday Targeted by Spike in Ransomware Attacks – SonicWall

  • SonicWall researchers have completed a special analysis of cyber threat data and attacks for the busiest online shopping period of the year. SonicWall CMO David Chamberlin explains the newest cyberattack trends to have emerged over the Black Friday and Cyber Monday weekend.

Best in Biz Awards 2018 Winners – Best in Biz

  • SonicWall win two awards with a Gold for Most Innovative Product of the Year – SMB for our Capture Cloud Platform, and a Silver for Support Department of the Year.

SonicWall Aims to Be an All-Round Player in Security Solutions: COO Atul Dhablania – Tech Circle (India)

  • Atul Dhablania is interviewed by Tech Circle about SonicWall’s presence in the region, the Internet of Things, and the current cybersecurity landscape.

Cyber Security News

A Plan to Turn New York Into a Capital of Cybersecurity – New York Times

  • They’re calling it “Cyber NYC” and it’s an ambitious plan to turn New York City into a global leader of cybersecurity innovation and job creation.

ThreatList: Cryptominers Dominate Malware Growth in 2018 – Threat Post

  • Kaspersky Lab figures say cryptomining botnets have jumped from 2.9 percent of botnets in 2017 to 4.6 percent in 2018. It’s a problem SonicWall has noticed as well.

Buckle Up: A Closer Look at Airline Security Breaches  – Dark Reading

  • An in-depth look at how and why there has been so many Airline security breaches recently and the big question, could a cybercriminal take a plane down from the sky?

Half of All Phishing Sites Now Have the Padlock – Krebs on Security

  • Once upon a time the security padlock was enough to tell you if a website was legitimate, this is no longer the case.

Uber Fined £385,000 for Losing UK Customer Data – BBC

  • Having previously settled in the US, Uber received a fine in Europe for not sufficiently disclosing their 2016 data breach.

Why Cyber Monday Is Just the Beginning of the Festive Hacking Season – ZDNet

  • Cyberattacks reach a peak around the holiday season but ZDNet argue that understaffing over Christmas leaves many companies open to further attacks.

The Case for Protecting Small Firms From Cyber Lawsuits – Wall Street Journal

  • Small companies often do not have the resources to be able to meet the strictest cybersecurity standards. Two academics argue that they should not be financially penalized in the same way as larger corporations can be.

In Case You Missed It

Cyber Security News & Trends

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

Two Cybersecurity Policies, One Clear New Objective – The Hill

  • SonicWall CEO Bill Conner has written an op-ed with his three policy prescriptions for the U.S. government following the National Institute of Standards and Technology (NIST) Small Business Cybersecurity Act and The National Cyber Strategy being signed into law.

Historic Black Friday, Cyber Monday Threat Data Prepares Businesses, Shoppers for Holiday Cyberattacks – SonicWall Blog

  • With Black Friday and Cyber Monday upon us cybercriminals are working overtime to find a gap in your cyber defense. We look at last year’s leap in malware attacks and advise on how to protect your business.

SonicWall Launches SD-WAN, Risk Metrics and New UTM Hardware – eWEEK

  • Sean Michael Kerner, senior editor at eWEEK, speaks to SonicWall’s Lawrence Pingree about SonicWall’s recent product expansion.

5 Key Skills for Next-Gen Communicators – Commpro

  • SonicWall’s David Chamberlin was recently featured on a panel discussion, How To Stay Relevant as a Communications Executive in 2020. Commpro has pulled the discussion together into a handy infographic.

Cyber Security News

Amazon Data Breach Reveals Private Details of Customers Ahead of Black Friday – The Telegraph (UK)

  • On the eve of some of the busiest shopping days of the year, Amazon confirmed a leak of customer names and emails.

VisionDirect Blindsided by Magecart in Data Breach – Threat Post

  • After VisionDirect confirmed a data breach exposing full names, addresses, telephone numbers, email addresses, passwords and payment card data, security researchers are saying this is the latest case of the ever-prolific Magecart threat group.

Security Warning: UK Critical Infrastructure Still at Risk From Devastating Cyber Attack – ZDNet

  • With the head of the UK National Cyber Security Centre previously stating that a major cybersecurity attack is a matter of “when, not if”, a new report from the UK’s Joint Committee on the National Security Strategy says the UK is still not facing up to cybersecurity threats.

Nine Cyber Security Predictions for 2019 – CSO Online

  • Ransomware, regulation, cyberwarfare and more; CSO Online tries to predict where cybersecurity will go over the next 12 months.

Facebook Appeals Against Cambridge Analytica Fine – BBC (UK)

  • Facebook is appealing their £500,000 fine, arguing that there is no evidence that any UK citizens had their data shared with Cambridge Analytica.

L0rdix Becomes the New Swiss Army Knife of Windows Hacking – ZDNet

  • A new malware called L0rdix has been found by researchers. It still looks to be in the development stages but it already manages to combine cryptocurrency mining, data theft and the ability to avoid malware analysis.

Report Reveals Struggles of SMBs Navigating Cyber Threat Landscape – SC Magazine

  • A recent study of Small and Medium Sized Businesses found over half of those surveyed have suffered from a data breach in the past year. Most respondents blame insufficient staff or cash, and a general lack of understanding of the threat landscape. SonicWall’s Charles Ho has some suggestions.

In Case You Missed It

Cyber Security News & Trends

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

SonicWall Secures Hybrid Clouds by Simplifying, Enhancing Deployment for Enterprises, SMBs – SonicWall Press Release

  • This week SonicWall announced a major expansion of their Capture Cloud Platform including secure SD-WAN, Zero-Touch Deployment, and personalized cyber threat intelligence.

Congress Passes Bill Creating Cybersecurity Agency at DHS – Security Week

  • SonicWall CEO Bill Conner talks to Security Week with his thoughts on why the Cybersecurity and Infrastructure Security Agency (CISA) Act is paramount for securing critical digital infrastructure.

Free SD-WAN Capability Highlights New SonicWall Capture Cloud Platform Announcements – Channel Buzz (Canada)

  • SonicWall’s Lawrence Pingree talks to Channel Buzz about SonicWall’s recent product expansion announcement and how he sees SonicWall’s position now compared to 12 months ago.

13 Tech Experts Share What Facebook Should Do Post-Data Breach

  • Bill Conner, CEO of SonicWall, is featured as a member of the Forbes Tech Council highlighting why good policy is important for a company like Facebook if they want to be able to recover from a data breach.

Cyber Security News

Researchers Discover Seven New Meltdown and Spectre Attacks – ZDNet

  • A team of researchers have found that new variants of Meltdown and Spectre are being released. SonicWall confirmed that Capture ATP cloud sandbox with Real-Time Deep Memory Inspection will stop them.

Nordstrom Blames Breach of Employee Data on Contractor – BankInfoSecurity

  • US department store Nordstrom suffered from an internal breach of employee data in October and have pinned the problem on a contractor.

Scare Force: Pakistan Military Hit by Operation Shaheen Malware – The Register (UK)

  • The Pakistan Air Force and Government have been hit with a concentrated phishing and malware campaign according to new research by Cylance.

Mozilla: Firefox Will Start Alerting You to Recently Breached Sites – ZDNet

  • Firefox Monitor, previously a separate website, is being expanded and integrated into the Firefox web browser and will inform users with an alert if a website being visited has had a breach reported in the previous 12 months.

2018 on Track to Be One of the Worst Ever for Data Breaches – Dark Reading

  • A new report says that 2018 is currently only behind 2005 when it comes to data breaches, with up to 3.6 billion records compromised so far.

Ahead of Black Friday, Rash of Malware Families Takes Aim at Holiday Shoppers – Threat Post

  • As many as fourteen types of malware are found to be readying themselves to take advantage of unsuspecting online shoppers.

A Leaky Database of SMS Text Messages Exposed Password Resets and Two-Factor Codes – Tech Crunch

  • An exposed server was found with tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more all easily accessible.

In Case You Missed It

Cyber Security News & Trends

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

New NIST Small Business Cybersecurity Act to Provide Guidance for Protecting SMBs – SonicWall eBook

  • If you’re a small to medium-sized business (SMB) looking for guidance on the NIST Small Business Cybersecurity Act, get this eBook. It includes an explanation of the act and information on how best to protect yourself and your business.

Intel CPUs Fall to New Hyperthreading Exploit That Pilfers Crypto Keys – Ars Technica

  • PortSmash is a new attack that exploits Intel’s Hyper-Threading architecture. SonicWall adds a layer of protection against this exploit and other similar side-channel attacks.

Cyber Security News

The Mad Dash to Find a Cybersecurity Force – The New York Times

  • The need for skilled cybersecurity experts in the workplace is growing faster than the talent pool can provide with an estimated 3.5 million cybersecurity jobs available but unfilled by 2021.

Lazarus FASTCash ATM Attack Details Discovered – SC Magazine

  • North Korean hacker group Lazarus has been using FASTCash trojan on obsolete AIX servers to hack ATMs and steal tens of millions of dollars.

Data of Nearly 700,000 Amex India Customers Exposed via Unsecured MongoDB Server – ZDNet

  • American Express India has been caught with an unencrypted server accessible online without a password, exposing a huge amount of personal data.

HSBC Customers Hit by Data Breach in US Business – BBC News

  • At least one customer in every U.S. state has been affected by a data breach that occurred between October 4 and 14 of this year. HSBC say it affected less than 1 percent of its U.S. customer base but the details include account numbers and transaction histories.

Cambodia’s ISPs Hit by Some of the Biggest DDoS Attacks in the Country’s History – ZDNet

  • Someone is bombarding ISPs in Cambodia with DDoS attacks and ZDNet have a few theories on who it might be.

Private Messages From 81,000 Hacked Facebook Accounts for Sale – BBC

  • Hackers who claim to have access to 120 million Facebook accounts have been attempting to sell private messages online for as little as 10 cents per account.

Ransomware Keeps Ringing in Profits for Cybercrime Rings – BankInfoSecurity

  • If you’re confused by the many different types of ransomware in the news right now, BankInfoSecurity explain current trends and who is most at risk.

In Case You Missed It

Cyber Security News & Trends

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

Channelnomics Innovation Awards – Channelnomics

  • SonicWall’s Steve Pataky is up for Security Channel Chief of the Year, vote for him today!

British Airways Confirms Theft of Additional Data – Silicon (UK)

  • In light of many recent high-profile breaches, SonicWall CEO Bill Conner spoke to Silicon about the responsibility that companies bear when guarding customer data.

2018 ChannelPro SMB All-Stars – ChannelPro

  • SonicWall has been named one of the ChannelPro 2018 SMB All-Stars, an award that honors organizations that do something “truly special” with “significant impact on the SMB channel.”

Cyber Security News

Canada’s Mandatory Breach Notification Rules Now in Effect – Bank Info Security

  • As of Nov. 1, Canadian organizations must record all data breaches, big or small, and report major ones. Records must be kept for at least two years.

Radisson Hotel Group Suffers Data Breach, Customer Info Leaked  – ZDNet

  • Loyalty members of the Radisson Hotel Group have email addresses, phone numbers and more leaked. No financial data is said to be exposed.

White House Sets Deadlines for Agencies to Protect Their Digital Crown Jewels – NextGov

  • Homeland Security has until April 2019 to develop a tool that will map cybersecurity problems in federal agencies following a report in May of this year that found that up to three-quarters of federal agencies were at risk of a breach.

Nice Work if You Can Get It: GandCrab Ransomware Nets Millions Even Though It Has Been Broken – The Register

  • There’s a free decryption tool now available if you’re caught by GandCrab, but in the past 3 months alone the ransomware is still estimated to have netted its owners $300 million.

Mirai Co-Author Gets 6 Months Confinement, $8.6M in Fines for Rutgers Attacks – Krebs On Security

  • The convicted co-author of the Mirai botnet malware has been sentenced to 2,500 hours of community service, six months home confinement and ordered to pay $8.6 million for his use of Mirai in attacks against Rutgers University, New Jersey.

Assault and Battery: Malvertising Campaign Checks User Device’ Charge as Anti-Detection Technique – SC Magazine

  • JuiceChecker-3PC is a clever mobile malware that doesn’t run when a phone battery is low or high in an attempt to avoid detection by security programs that are activated when a phone is charging.

Magecart Claims Fresh Victim in Electronics Kit Seller Kitronik – ZDNet

  • Magecart’s prolific streak continues as electronics outlet Kitronik join British Airways and Ticketmaster in confirming that it has been hit by the malware. Data exposed this time includes complete card details, names and addresses.

In Case You Missed It

Cybersecurity for SMBs: Bundled Network Security Delivers Cost-Effective Protection

If you’re a small- or medium-sized business (SMB), don’t bury your head in the digital sand. Cybercriminals don’t discriminate. Your data, credentials or access could be valuable to them in ways not immediately apparent. SMB cybersecurity is critical.

Unfortunately, SMBs also haven’t received the necessary guidance in terms of government support. That’s alarming since in September 2018 alone, the average SonicWall customer faced 1,662 malware attacks. For the year, SonicWall recorded 8.5 billion malware attacks globally — a 54 percent increase over 2017.

There is good news, however. In August 2018, President Trump signed into law the new NIST Small Business Cybersecurity Act. New legislation in Canada and the UK bring hope for similar protections.

But in many cases, cybersecurity guidance isn’t immediately available. In the U.S., for example, NIST has a year to deliver the guidance (read our eBook to learn more). Regardless of geographic location, a year is a long time for SMBs to wait to either enhance or begin their cybersecurity strategy. For this reason, SonicWall has created cost-effective cybersecurity bundles tailored specifically for SMBs.

Bundled Security for SMBs

The SonicWall TotalSecure SMB Bundle* provides robust cybersecurity technology and services that defend growing SMBs from the volume and sophistication of modern cyberattacks.

The tailored package includes high-performance network security, endpoint protection, cloud sandbox, content filtering, online management and more. Admins can also use powerful reporting functions to easily check the health of the network and endpoints and remediate threats if ever needed.

What’s included What you get
  • Perimeter firewall protection, including SSL traffic inspection
  • Intrusion prevention
  • Content filtering
  • Zero-day defense via Capture ATP with RTDMI
  • Behavior-based endpoint security
  • Endpoint rollback (Windows only)
  • Advanced reporting and attack visualization

Bundled Security for Small Offices

The SonicWall TotalSecure SMB Bundle* also is available for small or home offices. It provides foundational cybersecurity tools that help smaller organizations mitigate cyberattacks from the perimeter to the endpoint.

It’s a comprehensive, out-of-the-box solution to stop cyberattacks, help remediate issues, protect endpoints and manage security — easily and efficiently.

What’s included What you get
  • Perimeter firewall protection, including SSL/TLS traffic inspection
  • Intrusion prevention
  • Content Filtering Service
  • Behavior-based endpoint security
  • Endpoint rollback (Windows only)
  • Advanced reporting and attack visualization

SonicWall has been protecting SMBs for more than 27 years. SonicWall is the No. 2 cybersecurity vendor in the SMB space, according to Gartner’s Market Share: Unified Threat Management (SMB Multifunction Firewalls), Worldwide, 2017 report.

Contact SonicWall to build or enhance your cybersecurity posture for true end-to-end protection from today’s most malicious cyberattacks, including never-before-seen threats.

Lock In Your SMB Bundle

It’s time to use real-time cybersecurity to protect your business from cyberattacks. Contact a SonicWall security expert today. We’re ready to help you build a sound, cost-effective security strategy that’s just right for your business.

* Please contact SonicWall or your SonicWall SecureFirst partner for regional availability.

Cyber Security News & Trends

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

Privacy Problems for FANG Companies Might Beget M&A Action in Cybersecurity – The Street

  • SonicWall CEO Bill Conner predicts that large tech companies and social media giants will look to mergers and acquisitions (M&A) to address the shortage of available cyber security talent and stave off further punishment and damages caused by breaches and other cyber security incidents.

WSJ Report: Facebook Breach the Work of Spammers, Not Nation-State Actors – Dark Reading

  • Lawrence Pingree offers his perspective on the most recent Facebook breach revelations.

Cyber Security News

Apple CEO Condemns ‘Data-Industrial Complex’ – The Wall Street Journal

  • Apple CEO Tim Cook is calling for new digital privacy laws in the United States to be drawn up, warning that the collection of huge amounts of private and everyday information is being “weaponized against us with military efficiency.”

EU Takes Step Toward Cyberattack Sanctions – Dark Reading

  • The European Union has approved a proposal to place further sanctions on nations proven to have carried out a cyberattack.

Cathay Pacific Says Data of 9.4 Million Passengers Stolen in Hack – The Telegraph (UK)

  • Hong Kong airline Cathay Pacific has suffered a breach affecting up to 9.4 million passengers, including over three quarters of a million passport numbers.

Super Micro to Review Hardware for Malicious Chips – Reuters

  • Super Micro is agreeing to review their hardware in the wake of reports that the Chinese authorities are placing spying chips in their hardware. They deny all the allegations.

Who Is Agent Tesla? – Krebs on Security

  • Openly available for commercial license, Agent Tesla is classified by many as password-stealing malware. Krebs on Security investigates the not-so-well-hidden identity of Agent Tesla’s creator following a 100 percent usage increase of the program in August 2018.

Yahoo to Pay $50M, Other Costs for Massive Security Breach – Associated Press

  • The fallout from the biggest security breach of all time looks to be finally drawing to a close.

Magecart Cybergang Targets 0days in Third-Party Magento Extensions – Threat Post

  • Magecart, the malware behind the Ticketmaster and British Airways breaches, continues to be updated and reconfigured, now targeting unpatched vulnerabilities in third-party plugins used in the Magento e-commerce platform.

In Case You Missed It

Cyber Security News & Trends

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

10 Security Advances That Could Change the Game  – Channel Partners Online

  • SonicWall’s Lawrence Pingree shares his perspective on the need for rapid chip augmentation in order to successfully combat the cybersecurity war in 2019.

SonicWall and Partners Take Part at GITEX Technology Week – Tahawul Tech

  • SonicWall is a major presence at GITEX Technology Week, one of the biggest technology events in the world.

How Cyberhardening Can Reduce Risk to the Entire Medical Community – Beckers Hospital Review

  • Data from SonicWall’s Capture Labs is used to help show just how much data in the medical industry is vulnerable to cyberattack.

Cyber Security News

Facebook Finds Hack Was Done by Spammers, Not Foreign State – The Wall Street Journal

  • Facebook thinks that spammers looking to make money through advertising, and not a nation-state, are responsible for a recent data breach involving the data of 30 million accounts.

The Mysterious Return of Years-Old Chinese Malware – Wired

  • A modified version of malware dating back to 2010, that has never been made public and is not known to have been sold on the black market, has had a mysterious resurgence in recent months.

Pentagon Discloses Card Breach – ZDNet

  • Only a week after reporting that it was struggling to meet the demands of cyberwarfare, the Pentagon confirms that a security breach affecting up to 30,000 personnel was discovered at the start of October this year.

UK Firms “Not Prepared” for Data Breaches – Tech Radar

  • It’s not just U.K. firms. According to a report released for European Cybersecurity Month. one in six European businesses are not prepared for a cyberattack, even though over a third of them have suffered from a data breach in the past year.

Zero-Days, Fileless Attacks Are Now the Most Dangerous Threats to the Enterprise  – ZDNet

  • According to a study conducted by the Ponemon Institute, the average cost of a successful endpoint-based attack has increased by roughly 42 percent year-on-year with the average organization losing over $7 million.

New Cyberdefenses to Protect Your Smart Appliances From Hackers – The Wall Street Journal

  • A partnership was announced between U.K. based chip-designers Arm and Boston-based cybersecurity firm Cyberreason; they aim to develop secure chip designs specifically protecting Internet of Things (IOT) devices from cyberattack.

Report: Cryptocurrency Exchanges Lost $882 Million to Hackers – Bank Info Security

  • Cryptocurrency exchanges continue to suffer from successful cyberattacks and a newly released study has tallied the damages at $882 million in the past two years, this is only expected to get worse in 2019.

In Case You Missed It

Workplace Cybersecurity Is Everyone’s Responsibility

The cyberthreat landscape is changing. An increasing number of cyberattacks are executed using sophisticated tactics. Earlier this year, SonicWall warned that malware volume increased 102 percent in the first half of 2018 compared to that of 2017.

The report also notes a significant increase in cyberattacks that leverage new variants of malware, including ransomware and encrypted threats. Further, attacks are becoming highly targeted, for example baseStriker and PhishPoint target Office 365 users.

Attackers are evolving to take advantage of workplace technology trends, including the cloud and BYOD. These trends empower workforces to be mobile and productive as demanded by today’s 24/7 hyper-connected reality. Unfortunately, these behavior changes are significantly expanding the attack surface area for cybercriminals to exploit.

“Attackers are evolving their tactics to take advantage of workplace technology trends, including the cloud and BYOD.”

Today, network security means more than just safeguarding data, applications and infrastructure. Employees are not only resources that need protection, but also weaknesses or valuable assets for a stronger cybersecurity posture.

It is, of course, essential for organizations to have necessary security in place to monitor and protect attack surface areas. But no security product can be a silver bullet to stop all cyberattacks. It is necessary to educate and empower the last and most crucial line of defense: your employees.

Build a Culture of Cybersecurity Awareness

Employees are a key resource for an organization. As driving revenue is the primary objective, safeguarding the organization must also become one of the main responsibilities for employees. With the right frameworks and security awareness training programs in place, they can also be an effective layer of defense — a human firewall.

By extending these responsibilities to all employees, organizations can prevent sophisticated cyberattacks, saving the organization from financial, legal and reputation damages.

Creating cybersecurity awareness and training programs must include what employees must be aware of, what they need to watch out for, what best practices should be leveraged and how to follow them. It also must be easy to report security incidents. These programs must be delivered efficiently, measured and be easy to use.

Since the cyber threat landscape is evolving, the “human firewall” needs continuous signature/intelligence updates in terms of the new threats and how to identify and stop them. This is modern cybersecurity awareness.

Stop the No. 1 Cyberattack Vector: Email

But cybercriminals also know to target the human element to execute attacks. Email is the No. 1 threat vector used by cybercriminals today; more than 90 percent of attacks start with a phishing campaign.

Modern phishing tactics can trick even the savviest users. Attacks that use fake login pages, impersonation and business email compromise (BEC) are difficult to detect and block as these emails do not contain malware.

Organizations would benefit from taking a human-centric approach to email security and include user training and awareness to spot and avoid clicking on phishing email threats. Organizations should train employees to:

Embrace security as one of their key responsibilities. Beware of sudden changes in business practices. For example, email requests for transfers of funds.
Treat any suspicious email with caution. Review the signature and legitimacy of the request.
Look at domain names from suspicious emails. Confirm requests for transfers of funds or confidential information, such as W-2 records.
Exercise extra caution if an email is from a free, web-based account. Do not use the “Reply” option to respond to any business emails. Instead, use the “Forward” option and either type in the correct email address or select it from the email address book to ensure the intended recipient’s correct email address is used.
Check for spelling mistakes and grammatical errors.

Spot Sophisticated Phishing Attacks

Want to brush up on your ability to spot a phishing attack? Take SonicWall’s quick Phishing IQ test or download our exclusive brief, “How to Stop Email Spoofing.”

Monitor and Manage Shadow IT

According to Gartner, by 2020 one-third of security breaches will be the result of shadow IT. The ease of SaaS adoption and deployment leads to the following problems:

  • Losing control over sensitive corporate data traversing through public or hybrid clouds and data centers introduces new risks such as unauthorized access, malware propagation, data leakage and non-compliance.
  • Balancing security budgets, shadow IT practices and employee productivity.

To address the above challenges, IT administrators need Cloud Access Security Broker (CASB) solutions to provide visibility for what applications are being used and where. This will help them better understand the overall risk posture.

To mitigate the risks of shadow IT and embrace productivity, both organizations and employees must understand the agreement on what constitutes a legitimate application allowed for official use. Employees must be trained to use judgement so that they do not upload sensitive or confidential data into cloud-based applications.

Protect Endpoints, Especially When Outside the Perimeter

Workforces today rely on the same device for business and personal use, resulting in intermingling of business and personal data and applications. This creates an increased risk of security breaches for organizations, including:

  • Unauthorized users gaining access to company data and applications
  • Malware-infected devices acting as conduits to infect company systems
  • Interception of company data in transit on unsecured public Wi-Fi networks
  • Compliance with audit and regulatory requirements
  • Loss of business data stored on devices if rogue personal apps or unauthorized users gain access to data

To ensure proper safety, employees must be educated on the risks an endpoint poses to an organization, especially when those devices are frequently used from home, mobile or public networks. This can start with the basics such as:

  • Lock mobile devices when not in use.
  • Don’t use USB drives you don’t trust.
  • Update all software, operating systems and malware signatures.
  • Use secure VPN connections when accessing corporate resources over unsecured networks.
  • Install next-generation anti-virus (NGAV) to stop the latest threats.

Cybersecurity: Our Shared Responsibility

As cyberattacks evolve, organizations need to take a human-centric approach to security. Cybersecurity is everyone’s job. It’s a shared responsibility. It’s critical that structures, guidelines and processes are in place to make employees care and be responsible to remain safe online while at work.

Organizations will greatly benefit by incorporating user awareness and training programs to educate and empower employees who will form a critical line of defense. Cybersecurity is never finished. Make it core to company culture.


About Cybersecurity Awareness Month

The 15th annual National Cybersecurity Awareness Month (NCSAM) highlights user awareness among consumers, students/academia and business. NCSAM 2018 addresses specific challenges and identifies opportunities for behavioral change. It aims to remind everyone that protecting the internet is “Our Shared Responsibility.”

In addition, NCSAM 2018 will shine a spotlight on the critical need to build a strong, cyber secure workforce to help ensure families, communities, businesses and the country’s infrastructure are better protected through four key themes:

  • Oct. 1-5: Make Your Home a Haven for Online Safety
  • Oct. 8-12: Millions of Rewarding Jobs: Educating for a Career in Cybersecurity
  • Oct. 15-19: It’s Everyone’s Job to Ensure Online Safety at Work
  • Oct. 22-26: Safeguarding the Nation’s Critical Infrastructure

Learn more at StaySafeOnline.org.