Barracuda

Security, Access and Reliability for Cloud-Connected Networks and Applications

Barracuda Network and Application Security

Security, Access, and Reliability for Cloud-Connected Networks and Applications

Traditional security strategies and firewalls were never intended for today’s cloud-integrated infrastructures and workloads. They can’t give branch offices direct access to your cloud applications. They often don’t support cloud-friendly consumption models, and they don’t have the scalability and flexibility that cloud-hosted applications demand.

Barracuda CloudGen Firewalls and Web Application Firewalls are the industry’s first solutions purpose-built for securing cloud-connected networks. They protect all your users, applications, and data – regardless of what your infrastructure looks like. They ensure secure and reliable connections among multiple sites on premises and the cloud with consumption-based pricing, saving you money on infrastructure costs.

Learn more and request a free trial.

Cybersecurity emerges as weakest link in digital supply chain

by

As supply chains increasingly become digitized nation states are targeting the weakest cybersecurity links in these supply chains to steal massive amounts of invaluable intellectual property.

With that issue in mind, The Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the Department of Defense (DOD) have designated April of 2019 to be Supply Chain Integrity Month. The three agencies are partnering to promote awareness of supply chain security by, among other things, making available videos and other materials outlining best practices organizations that do business with the Federal government should be implementing to protect intellectual property.

[Read more…] about Cybersecurity emerges as weakest link in digital supply chain

Small businesses remain a rich target for ransomware criminals

by

Cybercrime continues to evolve and new threats appear on a regular basis, but the most effective attacks never go away.  While spear phishing and data breaches have been getting all the attention lately, the criminals are still using ransomware to make a few bucks.

The story on ransomware


“If you have a Barracuda Backup
in place, ransomware is absolutely
no threat to your environment, ever.”
~Steve Banas, The Port of Los Angeles

Ransomware is a type of malware that infects your system and encrypts your most important data, allowing attackers to ask for a ransom in exchange for a decryption key.  The ransomware is not designed to steal the data, just to block your access so that you have to meet the criminal's demands in order for you to use your data again.  These demands are usually a monetary “ransom” paid to an anonymous recipient via cryptocurrency.  Once this ransom is paid, the decryption key should unlock all of the data that was encrypted by the ransomware. 

Ransomware attacks can be devastating.  This Internet Crime Report reveals that the Internet Crime Complaint Center (IC3) received 1783 ransomware complaints in 2017, with losses of over $2.3 million.  These numbers may be understated since the IC3 complaints have to be identified as ransomware to be included in this statistic.  Furthermore, many businesses do not report ransomware attacks despite the pleas for transparency by law enforcement and security experts.  In fact, 2017 was the year that 70% of ransomware victims just decided it was easier to pay the ransom than restore the files without the decryption keys.  An earlier IBM study found that over half of the businesses they surveyed reported paying over $10,000 and about 20% paid over $40,000

Top Aerospace Firm Sends Ransomware Crooks Packing

Get the details on how HarcoSemco foiled a CryptoLocker attack with the push-button ease of Barracuda Backup

[Read more…] about Small businesses remain a rich target for ransomware criminals

Medtronic vulnerabilities highlight dangers of biohacking

by

In March, the U.S. Department of Homeland Security issued an alert about vulnerabilities in 16 different models of Medtronic implantable defibrillators, including several that are still for sale around the world today. The vulnerabilities, which also affect bedside monitors that read data from the devices and programming computers used by doctors, include improper access control and cleartext transmission of sensitive information. Quite frankly, it's surprising it took so long for the issue of biohacking to start to be taken seriously.

Researchers discovered vulnerabilities in the Medtronic Maximo, one of the models listed in the alert, more than a decade ago in 2008. Then in 2012, the Showtime series Homeland depicted terrorists remotely tampering with a pacemaker, resulting in a character's demise. While the specifics in the show were somewhat far-fetched, the concept and vulnerability in such devices was not. Articles written about it at the time concluded that while the specifics may have been exaggerated a bit with the remoteness of the attack, the susceptibility of such devices was entirely plausible given the shift from requiring direct contact to reprogram devices to integration of wireless calibration for convenience. [Read more…] about Medtronic vulnerabilities highlight dangers of biohacking

MSP Day 2019 – The Sequel

by

As we approach Easter, it’s easy to see how the IT channel might be looking beyond this landmark in the calendar to the next big date for the diary: May 23rd, and the second annual MSP Day.

At the latest estimate, the global managed services market is expected to grow from $152.45B in 2017 to $257.84B by 2022. This phenomenal growth is driven by a number of factors, including budget constraints for installation and implementation of hardware and software, limited IT resource to manage and support managed services, and business need for greater scalability.

That’s a huge opportunity which has been made possible through increasing collaboration between the creators, distributors and providers of technology to businesses of all sizes in a wide range of industries.

Are you a provider of managed IT services within UK businesses?

Get involved with MSP Day

[Read more…] about MSP Day 2019 – The Sequel

Increased reliance on automation is the only viable path to achieving cybersecurity resiliency

by

Every cybersecurity professional knows there’s no such thing as perfect security. The best that can be achieved is to make the organization resilient enough to not only prevent the most commonly employed cybersecurity attacks, but also contain the damage inflicted by any attack that inevitably gets past whatever cybersecurity defenses in place. Unfortunately, a global survey of 3,600 security and IT professionals conducted by The Ponemon Institute on behalf of IBM finds suggests that when it comes to cybersecurity most organizations are not especially resilient.

New survey: 77 percent of cybersecurity and IT pros say they do not have an incident response plan consistently applied across the enterprise. Only 30 percent have enough staff to achieve best possible security. Click To Tweet

Published this week, the survey finds 77 percent of respondents indicating they do not have a cybersecurity incident response plan consistently applied across the enterprise and that only 30 percent said they have sufficient levels of staffing to achieve a high level of cyber resilience. In fact, the survey notes organizations have on average anywhere between ten to 20 open cybersecurity positions and 75 percent of respondents rate their difficulty in hiring and retaining skilled cybersecurity personnel as moderately high to high.

[Read more…] about Increased reliance on automation is the only viable path to achieving cybersecurity resiliency

IT leaders need to be wary of becoming addicted to gambling on cybersecurity

by

Winning a bet is one of life’s little pleasures. People make bets all the time. Many people even like to place wagers on the outcome of those bets. The trouble is gambling can become an addiction. What many organizations don’t realize is just how often CISOs and CIOs are now routinely gambling on cybersecurity.

A survey of 500 CISOs and CIOs published this week by Tanium, a provider of endpoint management tools finds 81 percent said they have refrained from making an important security update or patch, due to concerns about the impact it might have on business operations. Over half (52%) said they have done this on more than one occasion. A full 94 percent have made trade-offs among core elements of security hygiene and IT operations effectiveness.

It may shock you to see how many CISOs and CIOs are gambling on cybersecurity !Click To Tweet

[Read more…] about IT leaders need to be wary of becoming addicted to gambling on cybersecurity

Is 2019 the year credential stuffing dominates the threat landscape?

by

Headline writers love data breaches. As explained last month, they pit hackers versus security professionals in a good versus evil stand-off that makes for a great story. But there’s way more to the threat landscape than breaches. Increasingly we’re seeing a whole new category of follow-on attacks using the breached log-in records currently flooding the dark web in their millions.

Credential stuffing leads the pack, and IT leaders should be concerned. It’s estimated to cost US firms alone over $5bn annually and has already affected some big-name brands this year including Nest, Dunkin’ Donuts, Dailymotion and OkCupid.

Credential stuffing attacks rely on password-only authentication and the fact that people share logins across multiple sites and accounts. Click To Tweet

Brutal account takeovers

Credential stuffing is a kind of brute-force attack which uses automated tools to try large volumes of stolen log-in data simultaneously across multiple sites until one works. It relies upon the fact that many organisations still allow customers and employees to use password-only log-ins, and the fact that these users have so many to manage that they resort to sharing credentials across multiple sites and accounts. One company estimates that the average employee today has to manage over 190 passwords.

[Read more…] about Is 2019 the year credential stuffing dominates the threat landscape?

Encrypt Everything movement gains momentum

by

While encryption as a means of securing data can trace its roots back to the earliest days of employing cryptology to send secret messages. However, from an IT perspective encryption first began to be applied to data with the arrival of the public encryption standard and public-key cryptology way back in the 1970s. Almost 50 years later and the “Encrypt Everything” movement is finally gaining some momentum. At an AWS Summit event this week Amazon Web Services (AWS) CTO Werner Vogels encouraged attendees to make sure they encrypt everything now that encryption has been built into over 165 different AWS services.

The biggest challenge organizations face as far as encrypting data is enforcing their encryption policies. The simple fact of the matter is people simply forget to encrypt data. Click To Tweet

[Read more…] about Encrypt Everything movement gains momentum

The Evolution of Software Development: From Waterfall to Continuous Security

by

Early software development followed the waterfall model, a term coined in the 1970s.  In the waterfall model, the software development process was pre-planned, set in stone, with a separate phase for every step. Predictably, this made the process sluggish.

Every team involved in developing a software application was siloed and had its own priorities and processes to follow. For example, it was common for a development team to have their own timelines, only to find out that the quality assurance team was busy testing another application, and operations hadn’t been notified in time to build out the necessary infrastructure. On top of that, security often felt they weren’t taken seriously. [Read more…] about The Evolution of Software Development: From Waterfall to Continuous Security

How stolen data enables criminals to target call center by dialing for dollars

by

Every day another cybersecurity breach gets revealed. While those breaches are clearly a cause for concern one of the reasons the hue and cry surrounding them is not as loud as it should be is the general public doesn’t often see how that data gets employed by cybercriminals to launch attacks directly against corporations.

New report: Call centers walk a fine line between customer satisfaction and customer security. Click To Tweet

A report published this week by TRUSTID, Inc., a unit of Neustar company that provides IT services, sheds some light on just how big a problem all the lost data really is. The report details how cybercriminals are using the details they gather from all that stolen data to commit fraud. Specifically, the report describes how cybercriminals use personal information to fool call center representatives into thinking they are a legitimate customer. The client information stolen via data breaches is used to correctly answer identity-interrogation questions that call center representative routinely ask to confirm identity.

[Read more…] about How stolen data enables criminals to target call center by dialing for dollars