Category Archives: Cybersecurity

Cybersecurity, News

Check Point Software’s Assessment Reveals How Remote Work has Created a Gap in Organizations’ Security Practices

New assessment shows that organizations have not implemented security solutions that ensure best-in-class connectivity and security for remote employees

Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, has released findings from a new assessment carried out amongst 1,200 IT security professionals globally, which examines how the shift to remote work changed organizations’ security practices around users, devices, and access. As the threat landscape evolves and cyber-attacks become increasingly more sophisticated, many organizations have surprisingly not implemented security solutions that ensure best-in-class connectivity and security for remote employees.

The COVID-19 pandemic has forever changed the way in which we work, most companies have transitioned their entire workforce from on-premise to remote working. While a majority of organizations have fully adopted remote work as a way of life, security wise there are still many gaps that need to be bridged. Organizations are challenged with finding a balance between remote users’ productivity and ensuring device, access and corporate assets security. According to Check Point Software’s best practices there are five critical security solutions needed to protect remote users against internet based attacks, which include URL filtering, URL reputation, content disarm & reconstruction (CDR), zero phishing and credentials protection. However, only 9% of organizations surveyed use all five protections and 11% do not utilize any of the listed methods to secure remote access to corporate applications.

Key findings include:

 

  • The remote-access security gap: 70% of organizations allow access to corporate applications from personal devices, such as unmanaged devices or bring your own device (BYOD). Only 5% of respondents reported they use all of the recommended remote access security methods.
  • The need for internet access security: 20% of respondents reported that they do not use any of the five methods mentioned to protect remote users while browsing the internet, and only 9% use all five methods to protect against internet-based attacks.
  • A lack of protection against ransomware: 26% of respondents do not have an endpoint solution that can automatically detect and stop ransomware attacks. Thirty-one percent do not use any of the mentioned methods to prevent sensitive business data from leaking outside the organization.
  • Email and Mobile Security: Only 12% of organizations that allow corporate access from mobile devices use a mobile threat defense solution. This highlights how exposed organizations are too fast moving, 5th generation cyber-attacks that target remote workers.

 

“While many companies have embraced the new hybrid and remote work models, they have not adopted all of the critical solutions needed to secure their remote workforce. This survey confirmed that organizations have a gap when it comes to users, devices, and access security,” said Itai Greenberg, Vice President of Product Management at Check Point Software Technologies. “To bridge this gap, organizations should progress to a Secure Access Service Edge (SASE) architecture. SASE security models provide quick and simple access to corporate applications, for any user and from any device, and protect remote employees from all internet-based threats.”

Overall in 2021, researchers have seen 50% more attacks per week on corporate networks. As cyber attacks become more sophisticated and exploit the remote work environment, enterprises need a consolidated cybersecurity solution that strengthens their defenses and improves their agility against attacks. Check Point Harmony is a unified security solution for users, devices, and access. The solution provides organizations with comprehensive and robust workforce security, by consolidating 5 security products to provide complete protection for remote users – all in a single solution that is easy to use, manage and buy.

For more information about Check Point Harmony, visit: https://www.checkpoint.com/harmony/

For more information on the survey findings, download the full 2022 Workforce Security Report.

Appointments, Business, Business News, Cybersecurity, Europe, European News, IT Services, London, London News, Networking, Networks, News, News from England, Security, South East, South East England News

Westcon-Comstor appoints Patrick Aronson as Chief Marketing Officer

Move signals renewed focus on Partner Success for the security, networking and hybrid cloud distributor

LONDON, UK – 1 February 2022 – Westcon-Comstor, the global technology provider and specialist distributor, today announced it has appointed Patrick Aronson as Chief Marketing Officer. In this position, Patrick will be responsible for driving growth, and building a modern marketing organisation that will ensure Westcon-Comstor’s continued leadership in a world increasingly driven by subscription and as-a-service business models. He takes on this new role, in addition to his current role as Executive Vice President in Asia Pacific, which sees him responsible for business performance across Southeast Asia, China, Japan, Korea, Australia and New Zealand.

Westcon-Comstor continues to see accelerated market demand across global markets – and continued customer growth from the channel community. This new appointment signals a renewed focus and investment into partner success and a commitment to delivering channel customers with solutions and technology that will help them adapt and prosper in an environment pivoting quickly to software and hybrid cloud.

Patrick will lead Westcon-Comstor’s global marketing strategy and drive the evolution of the company’s 130-person strong global marketing team with a focus on analytics, marketing automation and Partner Success.

In a move which heralds a truly international leadership team for Westcon-Comstor, Patrick joins fellow C-suite members – David Grant, CEO, in London, Rakesh Parbhoo, CTO, in Johannesburg and Callum McGregor, CFO, in New York.

“I’m thrilled to take on this new responsibility as CMO as we continue to build and grow the business,” said Patrick Aronson, Chief Marketing Officer, global and Executive Vice President, Asia Pacific, Westcon-Comstor. “I know first-hand from our partners that they’re looking to us to provide the right tools, process and structure at scale so they can adapt their business models to deliver recurring value to each one of their customers. Westcon-Comstor is already a trusted brand by the world’s leading technology vendors. As these vendors pivot to subscription and annuity models, they too are keen leverage our focus on Partner Success.

“As an inspirational leader who has been part of this business for the past seven years, Patrick is the ideal person to join the C-suite and to drive partner success”, said David Grant, CEO, Westcon-Comstor. “Patrick’s been instrumental in spearheading our success in the Asia Pacific region, having launched and led initiatives like our APAC Partner Success Centre and developing our cloud business with AWS and Microsoft. He’ll bring that experience, leverage the work and make it global. The future is bright – and I’m excited to work more closely with Patrick.”

Patrick has been responsible for growing and leading Westcon-Comstor’s business in Asia Pacific. Prior to joining, Patrick spent a decade leading Motorola’s mobile business in south-east Asia. He spent five years as Managing Director at Brightstar where he developed its engagement strategy and mobility business. He has a bachelor’s degree in Economics and Asian Studies from Hobart College, New York, and is fluent in Vietnamese and Thai.

Cybersecurity, News

Barracuda strengthens security for MSPs with SentinelOne’s AI-Powered XDR

Alliance enables MSPs to experience autonomous cybersecurity at machine speed

SentinelOne, an autonomous cybersecurity platform company, today announced that Barracuda Networks, Inc., a trusted partner and leading provider of cloud-first security solutions, selected the Singularity XDR platform to help MSPs prevent, detect, and autonomously respond to threats at machine speed with AI-powered XDR.

Barracuda protects more than 200,000 global customers to safeguard their data and employees from threats. Barracuda selected SentinelOne to strengthen its endpoint protection and response portfolio due to SentinelOne’s superior API capabilities, flexible workflow integrations, and platform efficacy. Through the integration, MSPs using SKOUT Managed XDR and SentinelOne will be able to benefit from streamlined analysis, detection, and incident reporting.

“Security teams are challenged with monitoring and protecting every edge of their network, yet are drowning in data and alerts,” said Neal Bradbury, SVP, Barracuda MSP. “There aren’t enough skilled people to operate cybersecurity products at scale. Our alliance with SentinelOne will empower MSPs to stay one step ahead of attackers and address intrusion attempts in real-time.”

Through SentinelOne’s capabilities, organisations experience XDR – more preventative actions, faster response times, and automated workflows across their dynamic, technology-bound perimeter. SentinelOne replaces traditional antivirus (AV), next-generation antivirus (NGAV), endpoint detection and response (EDR), and a variety of point products with the AI-powered Singularity XDR platform.

“Every place where data resides is vulnerable from device to server to the cloud,” said Brandon Andrews, VP Worldwide MSP, SentinelOne. “Combining SentinelOne’s AI-powered XDR and Barracuda’s SKOUT Managed XDR helps MSPs close security gaps and simplify their cybersecurity stack, eliminating the inefficiencies associated with legacy and crowd-powered solutions.”

 

Cybersecurity, News, Tech

Commvault Announces Fiscal 2022 Third Quarter Financial Results

Commvault has announced its financial results for the third quarter ended December 31, 2021.

“The team executed well across the board, delivering another record quarter,” said Sanjay Mirchandani, President and CEO. “Increasingly, customers are turning to us because we provide one platform for software and SaaS offerings to address a multitude of data management needs. This is fueling our growth and accelerating our journey to a cloud-first recurring revenue model.”

Total revenues for the third quarter of fiscal 2022 were $202.4 million, an increase of 8% year over year.  Total recurring revenue was $164.4 million, representing 81% of total revenue.

Annualized recurring revenue (ARR), which is the annualized value of all active Commvault recurring revenue streams at the end of the reporting period, was $561.2 million as of December 31, 2021, up 11% from December 31, 2020.

Software and products revenue was $98.6 million, an increase of 11% year over year.  The year over year increase in software and products revenue was driven by a 24% increase in larger deals (deals greater than $0.1 million in software and products revenue).

Larger deal revenue (deals with greater than $0.1 million and software and products revenue) represented 76% of our software and products revenue in the three months ended December 31, 2021.  The number of larger deal revenue transactions increased 20% year over year to 225 deals for the three months ended December 31, 2021. The average dollar amount of larger deal revenue transactions was approximately $332,000.

Services revenue in the quarter was $103.8 million, an increase of 4% year over year.  The increase in services revenue was driven primarily by the increase in Metallic software as a service revenue.

On a GAAP basis, income from operations (EBIT) was $12.4 million for the third quarter compared to $2.7 million in the prior year.  Non-GAAP EBIT was $43.1 million in the quarter compared to $37.3 million in the prior year.

Operating cash flow totaled $26.8 million for the third quarter of fiscal 2022 compared to $17.0 million in the prior year quarter.  Total cash and short-term investments were $233.7 million as of December 31, 2021 compared to $397.2 million as of March 31, 2021.

During the third quarter of fiscal 2022, Commvault repurchased approximately 1.3 million shares of its common stock totaling $85.3 million at an average price of approximately $65.72 per share.

A reconciliation of GAAP to non-GAAP results has been provided in Financial Statement Table IV included in this press release. (Download Financial Tables)

An explanation of these measures is also included below under the heading “Use of Non-GAAP Financial Measures.”

Use of Non-GAAP Financial Measures

Commvault has provided in this press release the following non-GAAP financial measures: non-GAAP income from operations, non-GAAP income from operations margin, non-GAAP net income, non-GAAP diluted earnings per share and annualized recurring revenue (ARR).  This financial information has not been prepared in accordance with GAAP.  Commvault uses these non-GAAP financial measures internally to understand, manage and evaluate its business and make operating decisions.  In addition, Commvault believes these non-GAAP operating measures are useful to investors, when used as a supplement to GAAP financial measures, in evaluating Commvault’s ongoing operational performance.  Commvault believes that the use of these non-GAAP financial measures provides an additional tool for investors to use in evaluating ongoing operating results and trends, and in comparing its financial results with other companies in Commvault’s industry, many of which present similar non-GAAP financial measures to the investment community.  Commvault has also provided software and products, services and total revenues on a constant currency basis. Commvault analyzes revenue growth on a constant currency basis in order to provide a comparable framework for assessing how the business performed excluding the effect of foreign currency fluctuations.

All of these non-GAAP financial measures should be considered as a supplement to, and not as a substitute for, financial information prepared in accordance with GAAP. Investors are encouraged to review the reconciliation of these non-GAAP measures to their most directly comparable GAAP financial measures, which are provided in Table IV included in this press release. (Download Financial Tables)

Non-GAAP income from operations and non-GAAP income from operations margin.  These non-GAAP financial measures exclude noncash stock-based compensation charges and additional Federal Insurance Contribution Act (FICA) and related payroll tax expense incurred by Commvault when employees exercise in the money stock options or vest in restricted stock awards as well as restructuring costs.  Commvault has also excluded certain costs related to key employees of Hedvig, the gain on the sale of its equity method investment in Laitek, Inc. and, for fiscal year 2021, the noncash amortization of intangible assets and the impairment of the intangible assets from its non-GAAP results. These expenses are further discussed in Table IV.  Commvault believes that these non-GAAP financial measures are useful metrics for management and investors because they compare Commvault’s core operating results over multiple periods.  When evaluating the performance of Commvault’s operating results and developing short- and long-term plans, Commvault does not consider such expenses.

Although noncash stock-based compensation and the additional FICA and related payroll tax expenses are necessary to attract and retain employees, Commvault places its primary emphasis on stockholder dilution as compared to the accounting charges related to such equity compensation plans.  Commvault believes that providing non-GAAP financial measures that exclude noncash stock-based compensation expense and the additional FICA and related payroll tax expenses incurred on stock option exercises and vesting of restricted stock awards allow investors to make meaningful comparisons between Commvault’s operating results and those of other companies.

There are a number of limitations related to the use of non-GAAP income from operations and non-GAAP income from operations margin.  The most significant limitation is that these non-GAAP financial measures exclude certain operating costs, primarily related to noncash stock-based compensation, which is of a recurring nature.  Noncash stock-based compensation has been, and will continue to be for the foreseeable future, a significant recurring expense in Commvault’s operating results.  In addition, noncash stock-based compensation is an important part of Commvault’s employees’ compensation and can have a significant impact on their performance.  Lastly, the components that Commvault excludes in its non-GAAP financial measures may differ from the components that its peer companies exclude when they report their non-GAAP financial measures.

Due to the limitations related to the use of non-GAAP measures, Commvault’s management assists investors by providing a reconciliation of each non-GAAP financial measure to the most directly comparable GAAP financial measure. Further, Commvault’s management uses non-GAAP financial measures only in addition to, and in conjunction with, results presented in accordance with GAAP.

Non-GAAP net income and non-GAAP diluted earnings per share (EPS). In addition to the adjustments discussed in non-GAAP income from operations, non-GAAP net income and non-GAAP diluted EPS incorporates a non-GAAP effective tax rate of 27%.

Commvault anticipates that in any given period its non-GAAP tax rate may be either higher or lower than the GAAP tax rate as evidenced by historical fluctuations. The GAAP tax rates in recent fiscal years were not meaningful percentages due to the dollar amount of GAAP pre-tax income.  For the same reason as the GAAP tax rates, the estimated cash tax rates in recent fiscal years are not meaningful percentages. Commvault defines its cash tax rate as the total amount of cash income taxes payable for the fiscal year divided by consolidated GAAP pre-tax income. Over time, Commvault believes its GAAP and cash tax rates will align.

Commvault considers non-GAAP net income and non-GAAP diluted EPS useful metrics for Commvault management and its investors for the same basic reasons that Commvault uses non-GAAP income from operations and non-GAAP income from operations margin. In addition, the same limitations as well as management actions to compensate for such limitations described above also apply to Commvault’s use of non-GAAP net income and non-GAAP EPS.

Cybersecurity, Networks, News

Ransomware, Phishing, Zero Trust, and the New Normal of Cyber Security

Written by Adrian Taylor, Vice President, A10 Networks

When the COVID-19 pandemic struck, cyber criminals saw their opportunity, and they took it. As everything from corporate offices, government agencies, educational institutions and even healthcare services transitioned to remote work models and online services, the rushed shift left inevitable cybersecurity gaps. Consumer broadband and personal devices undermined the corporate security stack as unsafe user practices and overlooked security patches opened ample vulnerabilities throughout the environment.

Meanwhile, an anxious and often confused public proved easy prey for phishing attacks. The impact was all too predictable: phishing attacks, DDoS attacks, and ransomware attacks all spiked. 80% of firms saw increased incidents in 2020, and the COVID-19 pandemic was blamed for a 238% rise in cyberattacks on banks. Phishing scams, alone, have seen a 22% rise in the first half of 2021, compared to the same time period in 2020.

 

Why Ransomware Attacks and Costs are Soaring

The pandemic-driven surge in ransomware was immediate and dramatic: attacks rose 148% in March 2020. Before long, the U.S. was reeling from a May 2021 ransomware strike that shut down a critical fuel pipeline. While the rise in ransomware strikes was likely the result of greater opportunities for hackers combined with the increased effectiveness of phishing attacks on news-obsessed users, a change in tactics may also have played a role. While earlier attacks generally focused on the traditional encryption-payment-decryption ransomware model, hackers are now seeking to increase their returns through stealing data and offering it for sale on the black market, known as data exfiltration.

Often, ransomware victims, particularly when they are healthcare systems and universities, find that the already-considerable damage of the attack is compounded by this data exfiltration tactic. The implications of violating customer or patient privacy, losing corporate data and facing massive regulatory fines can cost more in legal damages than the ransom itself. Add to this hidden costs such as system downtime, reduced efficiency, incidence response costs, and brand and reputation damage—and the total global costs amount to more than $1 trillion each year.

 

Taking Data Protection Inside the Perimeter with Zero Trust

In the era of public cloud, mobility, and work-from-home, the notion of perimeter security has quickly become outdated. It’s not just that the attack surface has changed; organisations have also gained a new understanding of who can constitute a cyber-threat, even trusted insiders who don’t even realise they are abetting a crime. It’s common to think of an internal threat actor as a disgruntled employee or spy undermining cyber security with ill intent, but it’s even more common for a well-meaning employee to inadvertently open the door to hackers through poor password hygiene, nonsecure practices, or the ever-popular phishing lure.

While awareness and education can reduce the risk of successful phishing and ransomware attacks, a single moment of negligence can be enough to devastate the business. In this environment, it is safer to assume that even your most trusted user can pose a security risk – and design your cyber defence strategy accordingly. Hence the rise of Zero Trust: the notion that we shouldn’t trust anything or anyone, inside or outside the network, with access to our computer systems. In practice, this means measures such as:

 

  • Moving beyond the idea of inside versus outside and redesigning cyber defence in terms of secure micro-parameters, with multiple points of network defence
  • Implementing the ability to control, inspect, and restrict network traffic traveling in any direction—north-south or east-west—within your organisation
  • Subjecting users to checks and balances, each time they cross into a different area of the network or try to access a new set of resources, to verify their needs and privileges
  • Preventing excess privileges from accumulating by periodically revoking and refreshing access and credentials
  • Continuously monitoring who’s accessing what and the level of risk these activities might present

 

Why SSl Inspection is Critical for Zero Trust

As organisations move to implement Zero Trust, they quickly run into the issue of visibility in a world of pervasive TLS/SSL encryption. To enable fast threat detection and response times, it is essential to be able to decrypt, inspect, and re-encrypt network traffic quickly and efficiently at scale, without impairing cost or adding complexity. A centralised, dedicated SSL decryption capability provides visibility into network traffic for each element of the cybersecurity stack without the inefficiencies and performance penalties of device-by-device decryption and re-encryption. Similarly, a centralised approach to management can help organisations ensure consistent and efficient policy enforcement across the security infrastructure.

As a strategy rather than a product category, Zero Trust implementation requires more than simply plugging in a new box. Rather, it represents a new way of thinking about cybersecurity, embodied in evolving approaches to management, automation, auditability, resiliency, and integration. By approaching Zero Trust in this way, organisations can mitigate the security risks endemic in our new normal, and better protect their business from threats of all kinds.

Cybersecurity, News

ThreatQuotient Achieves SOC 2 Type II Compliance for ThreatQ Platform

Successful compliance audit showcases ThreatQuotient’s continued dedication to exceeding customer expectations for security and data protection

ThreatQuotient™, a leading security operations platform innovator, today announced that it has successfully completed a Service Organisation Controls (SOC) 2 Type II compliance audit for its ThreatQ Platform. This certification validates that ThreatQuotient’s security and governance controls previously verified by Type I effectively maintain the security, confidentiality and availability of their hosted service. The independent firm Clearview Group, conducted the audit.

A key industry standard in data security, SOC 2 evaluates a technology service provider’s ability to securely manage customer data. To achieve a SOC 2 Type II designation, organisations undergo a rigorous audit that analyses the following trust services criteria: security, availability, processing integrity, confidentiality and privacy. ThreatQuotient’s continued adherence to its policies were tested and confirmed by the Type II audit process.

“It takes tremendous discipline and organisation to provide on-demand evidence throughout an audit that a company is exercising their policies and procedures. ThreatQuotient is proud of this achievement, and considers SOC 2 Type II compliance just one of the many ways we intend to continue meeting and exceeding industry security standards,” said Tom Ashoff, Senior Vice President of Engineering, ThreatQuotient. “Achieving a favourable examination of ThreatQ provides our customers the confidence that we have the proper controls in place to protect their data, and assurance of the availability and confidentiality of their hosted service.”

As customer needs continue to evolve, ThreatQuotient is committed to providing innovative threat detection and response solutions. ThreatQuotient recently announced v5 of the ThreatQ platform, launching capabilities needed today to support the security operations centre (SOC) of the future, where data is the foundation. ThreatQ connects the dots, bringing an organisation’s wealth of data together into a common work surface, providing data-driven security context that enables teams to be more thorough in their investigations, collaboration, response and reporting.

For more information about ThreatQuotient’s award winning security operations platform, please visit www.threatquotient.com.

 

About ThreatQuotient

ThreatQuotient improves security operations by fusing together disparate data sources, tools and teams to accelerate threat detection and response. ThreatQuotient’s data-driven security operations platform helps teams prioritise, automate and collaborate on security incidents; enables more focused decision making; and maximises limited resources by integrating existing processes and technologies into a unified workspace. The result is reduced noise, clear priority threats, and the ability to automate processes with high fidelity data. ThreatQuotient’s industry leading data management, orchestration and automation capabilities support multiple use cases including incident response, threat hunting, spear phishing, alert triage and vulnerability prioritisation, and can also serve as a threat intelligence platform. ThreatQuotient is headquartered in Northern Virginia with international operations based out of Europe and APAC. For more information, visit www.threatquotient.com.

 

Cybersecurity

How Cybersecurity Insurance Can Improve Business Resilience

Business resilience refers to your company’s adaptability to disruptions. One of these is cyberattacks, which significantly disrupt your business operations. These attacks can also damage your reputation and assets. 

However, if your business is resilient, you can continue your operations by protecting your overall brand, assets, and people. One way to do this is to have cybersecurity insurance. The following are some ways this insurance can boost your business resilience: 

  1. Covers Company Data Liability

Nowadays, businesses use the internet to operate efficiently. This means that you have online data stored for every business transaction you do on the internet. You’re responsible for these data no matter how you keep them. Even if your data are in a third-party company cloud or an offsite data warehouse, you’re still accountable for them. Thus, you’ll be responsible if any information about your clients gets exposed.

You can avoid such liability if you have an in-depth understanding of where all your confidential information and data are stored. You should also avoid keeping unnecessary data by having a document retention procedure. Most importantly, develop and test procedures and policies regarding data collection and storage. 

However, even if you have these preventive measures, a breach may still occur. In this case, having a cyber insurance startup can cover the expenses related to the breach. These include remediation and breach notification expenses. If you have to cooperate and respond to regulatory investigators, your policy may also cover the defence expenses. 

  1. Used For Other Expenses

Aside from the mentioned expenses, there are others that you’ll have to spend on. If you’re not financially ready, you might exhaust your funds. Or worse, you may have to use your capital to cover the expenses such as IT and accounting costs, legal fees, and ransom. 

This ransom can come from hackers who may have penetrated your system through ransomware. What happens here is the hackers block or threaten your data until you pay a ‘ransom’ that could cost much. 

Moreover, you may lose your daily profits due to business interruption. Because you can’t access your data, you’ll be left with the option of cancelling business operations. If this continues for days, then the profit loss becomes higher. 

Nevertheless, cybersecurity insurance can cover the financial damages that cyberattacks may cause. Here are some of the coverages that standard policy has:

  • For ransomware or extortion attacks, the insurance provider will reimburse the costs your business suffered.
  • There will be reimbursement for expenses incurred in credit monitoring, and clients will be notified accordingly regarding affected information. 
  • There will be a refund for business losses due to operational interruptions, network downtime, and data loss. 
  • Security breaches may require digital forensic investigations to gauge their extent and nature. 
  1. Protects Reputation

Your business may also experience online harassment such as cyberbullying and defamation. Even if the information is false, it can negatively impact your credibility. This may result in lost clients, which could affect your business earnings, too. 

One way to combat this and keep your business resilient is to have cybersecurity insurance. Although not all providers have such a policy, you can find some offering this coverage. When you find one, you can have some finances to cover costs related to fixing the online harassment you’ve experienced.

  1. Helps Analyse And Manage Risks

If you can’t afford a management risk team to analyse the online risks associated with your business, then having cybersecurity insurance can be an alternative. Find an insurer that can bridge the gap of not having a management risk team. 

The insurance company can team up with cybersecurity companies to ensure that your system and network have a firewall. They’ll also ensure that you have set procedures and policies to reduce possible cyberattacks. Doing these will relieve the insurer of potential claims when breaches occur. 

  1. Covers Errors And Omission Claims

Error and omission claims cover breach of contract or negligence allegations. These include indemnification and legal defence costs associated with the dispute. Generally, this happens when you can’t deliver services or contractual obligations to your clients due to technological errors.

For instance, engineers, architects, doctors, and other professional services should fulfil their obligations to their clients. If you’re in this industry and you’re offering it online or with the help of technological innovations, then a cyber event may sometimes prevent you from completing your obligations. Your clients are more likely to hold you liable, so having cybersecurity insurance can help you. 

Conclusion

With all of its coverages and benefits, you can ensure business resiliency with cybersecurity insurance. You no longer have to suffer significantly because of business interruptions or cyberattacks. You may keep operating your business as you know that your insurer will help you get by with the costs. 

Cybersecurity, Technology

The 3 Main Cybersecurity Threats Small Businesses Face

If you’re a small business and you’re not that worried about cybersecurity, you should be. It’s estimated that one small business is hacked successfully in the UK every 19 seconds and that around 65,000 attacks are orchestrated against SMBs every single day. Hackers love to target smaller businesses because they know that they often have huge security holes that can be exploited. This is why you need to be very conscious of the threats you’re up against so you can plug these holes. Here are some of the main cybersecurity threats small businesses face.

Phishing

Phishing attacks are the most common type of cybersecurity threat small businesses have to deal with. These attacks account for about 90% of all cybersecurity breaches and continue to grow year after year.

Phishing is when someone sends an email pretending to be someone they aren’t, and then asking the recipient to perform a specific action. They will sometimes be asked to download a file, click on a link, or give up sensitive information. The sender will often go as far as stealing someone else’s credentials to make emails seem like they’re coming from someone with authority.

These types of attacks are very difficult to stop, and the best way to do so is to give your employees security awareness training and have strict verification protocols for sensitive messages. You can also use email security gateways like Mimecast to stop phishing emails from getting to inboxes and post-delivery protection programs like IRONSCALES to report phishing attacks and delete the messages from any user’s inbox.

Malware and Ransomware Attacks

Malware attacks are also very common and can be devastating. Someone can launch a malware attack through phishing, but they’re often launched by malicious agents within an organisation.

Ransomware is a very common type of malware attack where the attacker asks for a sum of money, usually in a cryptocurrency, so that a company can regain access to their network or important files. In other cases, malware can work silently to collect login credentials.

One of the best solutions to this issue is to work with an IT support service like Totality Services. They’re recognised as one of the top IT support London teams and will make sure that your systems are constantly backed up so you can get up and running after an attack without having to pay a ransom. They’ll also be able to monitor your systems, see if an attack is underway, and sometimes stop it before it can cause damage.

Insider Threats

One of the weakest cybersecurity links in most organisations is the employees. Insider attacks are more common than many businesses imagine and can be very difficult to counter. If you want to protect yourself against them, you need to have a clear exit protocol and make sure that employees with access privileges lose access the minute they leave. You also need to monitor your network at all times and have an anonymous reporting system to warn you if there’s trouble brewing within the company.

These are all common threats most small businesses need to watch out for. Invest in proper training, consider working with a third party, and constantly learn about new threats and ways to avoid them.

Cybersecurity, News

Entrust Expands Cloud Security Services Footprint in Europe and Beyond With nShield as a Service

Entrust, a leading provider of trusted identities, payments, and data protection solutions has announced the geographic expansion of its nShield® as a Service hardware security module (HSM) offerings with new datacenters located in the European Union and plans for regional expansion in the Asia Pacific region. nShield cloud HSM integrates with the most widely used applications and cloud services to support a broad range of use cases including protecting certificates, PKI, database encryption, code signing, digital signing, blockchain and many more.

Entrust nShield as a Service was initially launched in 2019 with datacenters located in the UK and the US. Entrust is now expanding its service with the official opening of multiple datacenter locations in Germany, and plans to open datacenters in Australia in early 2022. This will enable customers in these regions to take advantage of nShield cloud HSM for their applications while geo-fencing their critical cryptographic keys within their own jurisdictions to respond to concerns regarding data sovereignty and facilitate compliance with regional data protection regulations. The use of multiple sites within the countries also helps customers to meet high-availability and disaster recovery requirements. Entrust nShield as a Service delivers the same functionality as on-premises nShield HSMs, in a subscription-based solution. As such, nShield as a Service enables the generation, access, and protection of cryptographic key material using dedicated FIPS 140-2 Level 3 and Common Criteria EAL4+ certified nShield HSMs, without the need to host and maintain the appliances.

“Today’s enterprises are moving more of their core business applications to the cloud. The expansion of nShield as a Service into new datacenters facilitates geo-fencing to help meet cloud data security, data sovereignty mandates and regulatory compliance,” said Cindy Provin, Senior Vice President and General Manager for Digital Identity and Data Security at Entrust.

Whether embarking on a complete or selective cloud migration, nShield as a Service makes it easy to implement a cloud-first, hybrid, and multi-cloud encryption strategy that enables consistent enforcement of security policies. Entrust nShield as a Service works in unison with the major cloud service providers (CSPs) including Microsoft Azure, Amazon Web Services (AWS) and Google Cloud, while giving customers flexibility, visibility, and control of their cryptographic keys throughout their lifecycle. With this level of control, customers can migrate to the cloud with the assurance that they can also keep an on-premises environment running for specific regulatory needs.

“Beyond compliance aspects, modern application teams are also increasingly tapping into cloud-based services as part of their development and deployment processes,” added Provin. “This business shift runs into tension when applications rely on HSMs, which have primarily been on-premises devices that require attention from high-skilled personnel. As organizations consider future security requirements, they increasingly look for tools that align with their specific hybrid and multi-cloud model. The expansion of nShield as a Service, which is part of an Entrust global outreach, addresses the security needs of cloud markets worldwide. The new datacenter locations will also enable Entrust to expand its other cloud-based service offerings, across the regions.”

Entrust nShield HSMs are among the highest-performing, most secure and easy-to-integrated HSM solutions available, facilitating regulatory compliance and delivering the highest levels of data and applications security for enterprise, financial and government organizations, by generating, safeguarding, and managing cryptographic keys on behalf of applications. The unique nShield Security World key management architecture enforces important separation of duties with dual controls that segregate security functions from administrative responsibilities. A secure execution environment also enables customers to run sensitive application code within the secure hardware boundary whether deploying on premises or as a service.

 

Cybersecurity, News

How To Make Your Data Safer Online

More than ever before, our online presence poses a threat to our data safety. As we spend more and more time online, we are giving  more and more opportunities to cybercriminals and hackers. 

In the last year alone, global cyber attacks increased by 29% and ransomware attacks surged by a staggering 93%, as hackers take advantage of the remote workforce (data from Checkpoint).

Luckily, there are best practices that can be taken to maximise your privacy and make your data safer online. Here we share the top 5 tips on how to browse more securely.

 

Change Passwords Regularly

There is a reason why you are told to regularly change your passwords. Not only that, but to maximise your data safety, you should be using different passwords for different websites – especially for websites that involve entering your card details online.

More often than not, hackers copy passwords from data they have stolen in another place. That means that if your password is the same across multiple sites, you are making it easy for hackers to access your data en masse.

When it comes to choosing a password, the more complex, the better. Make sure you are choosing something very secure, changing the password regularly, and opting for a different password for each website that you use. Using an app such as a password vault can help you manage these and save you from remembering multiple passwords.

 

Log Out of Websites

What a lot of people fail to realise is that if you stay logged into websites, this is a prime opportunity for hackers to break in and access your pages. This applies not just to leaving websites open, but leaving your computer running unattended.

In the last year, remote hacks have occurred more and more frequently. However, even in the workplace your desktop may be a target as hackers can gain physical access. To avoid this, always make sure to log out or lock your computer while you are not working.

 

Use a VPN

Browsing the internet with the use of a VPN can throw hackers off the scent as it obscures your online activity for anyone trying to track it.

A VPN (or virtual private network) is a service which protects your internet connection and keeps your activity private. It works by creating an encrypted tunnel for your data and hiding your IP address. This means that you can browse the internet safely and free from prying eyes, even in a public area.

 

Double Check the Sites You Use

As much as possible, try to only use secure sites. One clear red flag for this is if a site does not have an “https”. The “https” (hypertext transfer protocol with secure socket layer) found in the URL of a website signifies that a website is secure. Sites that do not have the “s” are not secure and are therefore risky.

If you are unsure about a site, you can google what other people are seeing about it and see if the site has been reviewed. With potentially insecure websites, it is always better to err on the side of caution.

 

Be Wary of Public Networks

We live in an age where we can access the internet from more or less anywhere in the world. However, we need to choose carefully the type of data we are accessing and from where. For example, when handling sensitive data, a public network is not the best choice as this is easy access for cybercriminals.

If you do need to use a public network, maximise your online safety by using a VPN, ensuring that you have a high-quality firewall installed, and spending as little time as possible online. As much as possible, avoid highly sensitive processes such as banking transactions.