Barracuda

Security, Access and Reliability for Cloud-Connected Networks and Applications

Barracuda

Cybersecurity professionals should be resolved to prioritize efforts in 2019

by

One of the most frustrating things about cybersecurity is the inordinate amount of time and effort gets applied to protecting assets that in the grand scheme of things don’t have much value. The reason this occurs is that most organizations are trying to defend every file equally versus focusing their efforts on the data that has the highest value.

The challenge cybersecurity professionals have, of course, is identifying what data that has the highest value to the business and then crafting cybersecurity controls commensurate with the actual value of that data.

Recent survey: Business managers must do a better job at communicating the value of data to their cybersecurity teams. Many IT professionals overestimate the importance of low-value data.Click To Tweet

[Read more…] about Cybersecurity professionals should be resolved to prioritize efforts in 2019

Five Pillars to a well-architected Azure security framework

by

This post is the second in a series of eight on the five pillars to actionable cloud security.  For the rest of the series, visit the Five Pillars blog page here.

The cloud is transformational – but the cloud is different.  Companies migrating to the cloud quickly – and sometimes painfully – learn that translating their on-premises security framework to the cloud is more difficult than they presumed.  Not all on-premises solutions will work the same if at all in the cloud, cloud infrastructures themselves contain numerous security services that need to be incorporated, and the very mechanisms behind operating securely in the cloud are different than traditional on-premises solutions.

[Read more…] about Five Pillars to a well-architected Azure security framework

CFOs in the crosshairs: how hackers make your profits their own

by

In December 2015, a money transfer company Xoom was expecting to take a one-time charge of $30.8 million. So, when a CFO and finance staff received an email request with instructions to make the transfer, they promptly wired the money. Unfortunately, this request was part of an employee impersonation attack, with all of the funds transferred to a fraudulent account. As a result of this attack Xoom’s shares plummeted by 17% and their CFO took immediate resignation.

Free Barracuda webinar on understanding and preventing finance phishing fraud. Details in this Barracuda Blog post.Click To Tweet

CFOs and finance staff are one of the most targeted employees in the company when it comes to email fraud. Hackers choose Finance employees due to their access to company finances and other sensitive information. Most of CFO attacks begin with a targeted phishing attacks, where attackers impersonate other executives within the organization to request wire transfers.

[Read more…] about CFOs in the crosshairs: how hackers make your profits their own

Cybersecurity professionals lament losing of access to WHOIS database

by

One of the tools that cybersecurity professionals have historically relied on is access to a WHOIS database, a publicly shared list of records relating to domain names that includes the dates when these were registered, updated, or are due to expire as well as contact details such as the names of individuals or organizations, physical location, phone number, and email address of the domain owners and the IT staff tasked with maintaining them.

GDPR shuts down access to WHOIS, making it more difficult for #CyberSecurity teams to determine whether a domain is part of a criminal operation. Click To Tweet

But now much of that data is being removed to comply with the mandates of the General Data Protection Rule (GDPR) rule enacted by The European Union. Without access to that data it becomes a lot more challenging to white list domains of known trusted entities versus all the fake domains that cybercriminals rely on to launch malware that needs to communicate back to a command and control mechanism somewhere on the Web.

[Read more…] about Cybersecurity professionals lament losing of access to WHOIS database

New Year, New Threats? Some 2019 Cyber Security Predictions

by

The first week back to work after the Christmas break is usually a rude awakening from the previous few days feasting and fun. And when it comes to cybersecurity, the chances are you’ll be plunged straight back into it as the black hats look to exploit any weaknesses they can find. As we head into 2019 it will become increasingly clear that organisations must do better — with the people, as well as the process and technology — to manage cyber risk. If they fail, there are some regulators out there about to bare their teeth.

'As we head into 2019 it will become increasingly clear that organisations must do better — with the people, as well as the process and technology — to manage cyber risk. ' ~@PhilMuncasterClick To Tweet

As 5G lands, beware IoT risk

The Internet of Things (IoT) is already making a huge impact on society and business, embedded in everything from home devices to drug infusion pumps, manufacturing machinery and cars. As 5G drives an even greater proliferation of smart devices, there will be a two-fold threat to firms. First is the risk of Mirai-like IoT malware infecting unsecured consumer and SOHO-grade devices. The resulting botnets could drive an uptick in damaging DoS, crypto-mining, click fraud and much more. Nokia claimed in December that botnet activity represented 78% of malware detection events in communication service provider (CSP) networks in 2018, up from just 33% in 2016.

[Read more…] about New Year, New Threats? Some 2019 Cyber Security Predictions

Progress on Applying AI to Cybersecurity Remains Slow But Steady

by

While cybersecurity is often cited as one of the first use cases for artificial intelligence (AI) a new survey of 400 security analysts working in organizations with over 1,000 employees in the U.S. conducted by Osterman Research on behalf of ProtectWise, a provider of a cloud-based application for analyzing network packets, finds there is much work to be done before most cybersecurity AI comes anywhere close to living up to the initial hype.

The survey finds 73 percent of respondents reporting they have implemented security products that incorporate at least some aspect of AI. But over half the respondents (54%) says cybersecurity AI delivers inaccurate results. A full 61 percent of respondents also say they don’t believe AI has yet to stop zero-days and advanced threats. Conversely, the survey suggests approximately one-half of respondents either see some value in cybersecurity AI or have not yet formed an opinion. But either way, it’s clear there’s plenty of room for improvement surrounding what is still fairly described as bleeding edge technology.

73% of respondents in a recent survey have implemented #ArtificialIntelligence in their #CyberSecurity infrastructure, but 42% find them difficult to use, and 46% say deployment is too burdensome.Click To Tweet

In fact, a total of 42 percent of the survey respondents say they find cybersecurity AI products as difficult to use, while 46 percent say they find the rules creation and implementation process attached to cybersecurity AI technologies to be burdensome.

[Read more…] about Progress on Applying AI to Cybersecurity Remains Slow But Steady

Conflicts over Cybersecurity Have Moved to the Global Economic Fore

by

The global economy may now be teetering on verge of collapse largely because cyberespionage issues that were either ignored or quietly swept under the rug are now starting to have a major impact on a larger debate over fair trade.

Cyberespionage issues that were either ignored or quietly swept under the rug are now starting to have a major impact on a larger debate over fair trade.Click To Tweet

This week the United States formally indicted two hackers allegedly based in China for compromising the integrity of unidentified managed service providers (MSPs) that had offices in the New York City area. The alleged hack involved a successful phishing attack that resulted in MSPs providing the cybercriminals with access to thousands of downstream customer networks. Other reports suggest that the attack outlined in the indictment is actually part of a larger pattern of attacks aimed at MSPs.

[Read more…] about Conflicts over Cybersecurity Have Moved to the Global Economic Fore

The Critical Importance of Content Filtering

by

Gatekeeping is an unglamorous but necessary part of security, both in the real world and online. Just like the metal detectors at the airport keep weapons off planes, content filtering tools keep dangerous content off corporate networks. However, many companies don’t quite understand what content filtering really is and many MSPs only use basic filtering.

Content filtering is an important piece of the security puzzle, and it goes beyond simply restricting website access. For MSPs, blocking access to the continuously shifting mass of dangerous websites and preventing the entry of malware and ransomware into the corporate network is a critical way to guard against increasingly crafty phishing schemes. That requires advanced technology and an ongoing effort to keep the filtering system up to date.

Content filtering tools keep dangerous content off corporate networks, but many companies don't fully understand the risks and many MSP only use basic filtering. Click To Tweet

Content filtering blocks employees from deliberately accessing inappropriate sites — you don’t want employees wasting time during business hours, and you certainly don’t want embarrassing content to find its way onto your corporate network or computers. Content filtering prevents employees from downloading pornography, stealing copyrighted material, or bogging down the network with large media files. This not only boosts productivity, but also helps protect your clients from legal liability and regulatory violations.

[Read more…] about The Critical Importance of Content Filtering

6 Barracuda executives share security predictions for 2019

by

As 2018 winds down, we’re starting to look ahead to 2019 and the changes, developments, and trends the coming year will bring to the cyber security industry. To help you prepare for 2019, we recently sat down to talk to six Barracuda executives, each with their own perspective and predictions about what next year has in store and what businesses need to be aware of to stay secure. [Read more…] about 6 Barracuda executives share security predictions for 2019

Crisis management needs to become a regular cybersecurity routine

by

There’s a famous poem by Rudyard Kipling that starts out with some advice for his son on the importance of keeping keep your head when all about you are losing theirs and blaming it on you. Anyone that has ever been involved in crisis management knows how difficult it can be to hold down the panic and dread the inevitably attaches to a major cybersecurity breach. Unfortunately, a new survey of 248 business leaders conducted by Ethisphere and the law firm Morrison Foerster finds that not only do most organizations have little confidence in their ability to manage a crisis, but the primary root cause of the crisis is also likely to be a cybersecurity breach.

'If you can keep your head when all about you are losing theirs and blaming it on you ...' Rudyard Kipling accidentally touches on the struggles of cybersecurity experts everywhere! via @MVizard Click To Tweet

A full 67% of respondents said they have crisis management plans in place that specifically address a cybersecurity event. But two-thirds of the survey respondents admitted they were either somewhat confident (56%) or minimally confident (10%) in their crisis management plan. The survey also finds that those that are confident in their crisis management plan share two attributes. They have a formal crisis management team that has a documented process to follow and they conduct drills on key risk areas at least once a year.

[Read more…] about Crisis management needs to become a regular cybersecurity routine