Barracuda

Security, Access and Reliability for Cloud-Connected Networks and Applications

Barracuda

Cybersecurity emerges as weakest link in digital supply chain

by

As supply chains increasingly become digitized nation states are targeting the weakest cybersecurity links in these supply chains to steal massive amounts of invaluable intellectual property.

With that issue in mind, The Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the Department of Defense (DOD) have designated April of 2019 to be Supply Chain Integrity Month. The three agencies are partnering to promote awareness of supply chain security by, among other things, making available videos and other materials outlining best practices organizations that do business with the Federal government should be implementing to protect intellectual property.

[Read more…] about Cybersecurity emerges as weakest link in digital supply chain

Small businesses remain a rich target for ransomware criminals

by

Cybercrime continues to evolve and new threats appear on a regular basis, but the most effective attacks never go away.  While spear phishing and data breaches have been getting all the attention lately, the criminals are still using ransomware to make a few bucks.

The story on ransomware


“If you have a Barracuda Backup
in place, ransomware is absolutely
no threat to your environment, ever.”
~Steve Banas, The Port of Los Angeles

Ransomware is a type of malware that infects your system and encrypts your most important data, allowing attackers to ask for a ransom in exchange for a decryption key.  The ransomware is not designed to steal the data, just to block your access so that you have to meet the criminal's demands in order for you to use your data again.  These demands are usually a monetary “ransom” paid to an anonymous recipient via cryptocurrency.  Once this ransom is paid, the decryption key should unlock all of the data that was encrypted by the ransomware. 

Ransomware attacks can be devastating.  This Internet Crime Report reveals that the Internet Crime Complaint Center (IC3) received 1783 ransomware complaints in 2017, with losses of over $2.3 million.  These numbers may be understated since the IC3 complaints have to be identified as ransomware to be included in this statistic.  Furthermore, many businesses do not report ransomware attacks despite the pleas for transparency by law enforcement and security experts.  In fact, 2017 was the year that 70% of ransomware victims just decided it was easier to pay the ransom than restore the files without the decryption keys.  An earlier IBM study found that over half of the businesses they surveyed reported paying over $10,000 and about 20% paid over $40,000

Top Aerospace Firm Sends Ransomware Crooks Packing

Get the details on how HarcoSemco foiled a CryptoLocker attack with the push-button ease of Barracuda Backup

[Read more…] about Small businesses remain a rich target for ransomware criminals

MSP Day 2019 – The Sequel

by

As we approach Easter, it’s easy to see how the IT channel might be looking beyond this landmark in the calendar to the next big date for the diary: May 23rd, and the second annual MSP Day.

At the latest estimate, the global managed services market is expected to grow from $152.45B in 2017 to $257.84B by 2022. This phenomenal growth is driven by a number of factors, including budget constraints for installation and implementation of hardware and software, limited IT resource to manage and support managed services, and business need for greater scalability.

That’s a huge opportunity which has been made possible through increasing collaboration between the creators, distributors and providers of technology to businesses of all sizes in a wide range of industries.

Are you a provider of managed IT services within UK businesses?

Get involved with MSP Day

[Read more…] about MSP Day 2019 – The Sequel

Increased reliance on automation is the only viable path to achieving cybersecurity resiliency

by

Every cybersecurity professional knows there’s no such thing as perfect security. The best that can be achieved is to make the organization resilient enough to not only prevent the most commonly employed cybersecurity attacks, but also contain the damage inflicted by any attack that inevitably gets past whatever cybersecurity defenses in place. Unfortunately, a global survey of 3,600 security and IT professionals conducted by The Ponemon Institute on behalf of IBM finds suggests that when it comes to cybersecurity most organizations are not especially resilient.

New survey: 77 percent of cybersecurity and IT pros say they do not have an incident response plan consistently applied across the enterprise. Only 30 percent have enough staff to achieve best possible security. Click To Tweet

Published this week, the survey finds 77 percent of respondents indicating they do not have a cybersecurity incident response plan consistently applied across the enterprise and that only 30 percent said they have sufficient levels of staffing to achieve a high level of cyber resilience. In fact, the survey notes organizations have on average anywhere between ten to 20 open cybersecurity positions and 75 percent of respondents rate their difficulty in hiring and retaining skilled cybersecurity personnel as moderately high to high.

[Read more…] about Increased reliance on automation is the only viable path to achieving cybersecurity resiliency

IT leaders need to be wary of becoming addicted to gambling on cybersecurity

by

Winning a bet is one of life’s little pleasures. People make bets all the time. Many people even like to place wagers on the outcome of those bets. The trouble is gambling can become an addiction. What many organizations don’t realize is just how often CISOs and CIOs are now routinely gambling on cybersecurity.

A survey of 500 CISOs and CIOs published this week by Tanium, a provider of endpoint management tools finds 81 percent said they have refrained from making an important security update or patch, due to concerns about the impact it might have on business operations. Over half (52%) said they have done this on more than one occasion. A full 94 percent have made trade-offs among core elements of security hygiene and IT operations effectiveness.

It may shock you to see how many CISOs and CIOs are gambling on cybersecurity !Click To Tweet

[Read more…] about IT leaders need to be wary of becoming addicted to gambling on cybersecurity

Threat Spotlight: Document-Based Malware

by

Safeguard your business from evolving malware attacks.

Barracuda researchers have uncovered an alarming new rise in the use of document-based malware. A recent email analysis revealed that 48% of all malicious files detected in the last 12 months were some kind of document. More than 300,000 unique malicious documents were identified!

Since the beginning of 2019, however, these types of document-based attacks have been increasing in frequency – dramatically. In the first quarter of the year, 59% of all malicious files detected were documents, compared to 41% the prior year.

Here’s a closer look at document-based malware attacks and solutions to help detect and block them.

A recent email analysis revealed that 48% of all malicious files detected in the last 12 months were some kind of document. Click To Tweet

[Read more…] about Threat Spotlight: Document-Based Malware

Is 2019 the year credential stuffing dominates the threat landscape?

by

Headline writers love data breaches. As explained last month, they pit hackers versus security professionals in a good versus evil stand-off that makes for a great story. But there’s way more to the threat landscape than breaches. Increasingly we’re seeing a whole new category of follow-on attacks using the breached log-in records currently flooding the dark web in their millions.

Credential stuffing leads the pack, and IT leaders should be concerned. It’s estimated to cost US firms alone over $5bn annually and has already affected some big-name brands this year including Nest, Dunkin’ Donuts, Dailymotion and OkCupid.

Credential stuffing attacks rely on password-only authentication and the fact that people share logins across multiple sites and accounts. Click To Tweet

Brutal account takeovers

Credential stuffing is a kind of brute-force attack which uses automated tools to try large volumes of stolen log-in data simultaneously across multiple sites until one works. It relies upon the fact that many organisations still allow customers and employees to use password-only log-ins, and the fact that these users have so many to manage that they resort to sharing credentials across multiple sites and accounts. One company estimates that the average employee today has to manage over 190 passwords.

[Read more…] about Is 2019 the year credential stuffing dominates the threat landscape?

Encrypt Everything movement gains momentum

by

While encryption as a means of securing data can trace its roots back to the earliest days of employing cryptology to send secret messages. However, from an IT perspective encryption first began to be applied to data with the arrival of the public encryption standard and public-key cryptology way back in the 1970s. Almost 50 years later and the “Encrypt Everything” movement is finally gaining some momentum. At an AWS Summit event this week Amazon Web Services (AWS) CTO Werner Vogels encouraged attendees to make sure they encrypt everything now that encryption has been built into over 165 different AWS services.

The biggest challenge organizations face as far as encrypting data is enforcing their encryption policies. The simple fact of the matter is people simply forget to encrypt data. Click To Tweet

[Read more…] about Encrypt Everything movement gains momentum

Free in-depth Report: Closing Backup and Recovery Gaps

by

Data protection has never been more important for businesses and other organizations.  Beyond straightforward backup,  data protection now includes archiving, off-site replication, encryption, and more.  Data is the target of every modern criminal because it is the most important asset of every modern business.  Protecting company data from these criminals requires constant vigilance and evolving strategies.

Companies have to protect their data from more than just criminals.  Hardware failure, human error, and misunderstanding of Office 365 and other SaaS data protection also create significant risk.  Massive amounts of data are being generated on a daily basis, and that's sure to continue and increase as the digital transformation progresses.  How does an IT professional protect this critical data, ensure that it is always accessible, and anticipate future data protection needs?

Today our Barracuda data protection experts are releasing a new report, ‘Closing Backup and Recovery Gaps,' which offers an in-depth look at the new risks and trends surrounding data protection.

Download the report here

Download this report to get the latest information on: 

  • What kind of data and systems are being included in backup plans
  • How cloud backup is growing in popularity, and what may be holding it back
  • Why confusion about backing up Office 365 data is increasing organizational risk

Get your FREE copy of the special report right now!

 

How does an IT professional protect identify mission-critical data, ensure that data is always accessible, and anticipate future data protection needs? New Barracuda research provides an in-depth look at the data protection landscape.Click To Tweet

EMEA businesses ignoring the cloud when it comes to backup

by

Despite an explosion in digital transformation projects which means that businesses are generating and storing more data than ever before, businesses in EMEA are failing to exploit the benefits of cloud backup, and place too much trust in platform providers such as Microsoft to protect their data.

That’s according to the findings of a new study of 432 IT professionals, business executives and backup administrators released today by Barracuda Networks, the leader in cloud-enabled security and data protection solutions. The study was commissioned to celebrate World Backup Day, with the aim to examine the attitudes of EMEA organisations to backup and recovery.

NEW RESEARCH: Majority of businesses in EMEA say they are not using public cloud for data backup or backup replication. Click To Tweet

Download the report here

[Read more…] about EMEA businesses ignoring the cloud when it comes to backup