CyVent

Recent Posts

Threat Detection and Response as a Service: A Comprehensive Primer for Cybersecurity Architects

Posted by CyVent on Jan 25, 2024

Threat detection and Response as a service Featured Image Cyvent

In cybersecurity, vigilance is key.

In the ever-evolving landscape of cybersecurity, the role of a Cybersecurity Architect is becoming increasingly critical. With the rise in cyber threats from various threat actors and the growing complexity of systems, proactive and robust threat detection and response (TDR) services are more important than ever. This blog post will delve into the world of TDR, exploring its concepts, importance, and various types of services to help you navigate this complex landscape.

Let's uncover the integral components of threat detection as a service and its impact on safeguarding our digital world.

What is Threat Detection and Response (TDR)?

threat detection and TI

TDR is a comprehensive approach to cybersecurity that involves three primary components: 

  1. Threat Detection (T.D.), 
  2. Threat Intelligence (T.I.), and 
  3. Incident Response (I.R.).

It can be conceptualized as:

TDR = (TD + TI + IR) × (Technological Solutions + Trained Teams + Awareness and Teamwork)

  • Threat Detection (T.D.): Identifying potential security threats and vulnerabilities in an organization's network, systems, and data. Enhanced with proactive threat hunting, T.D. involves continuous monitoring for suspicious activities and anomalies.
  • Threat Intelligence (T.I.): Gathering and analyzing information about existing or emerging threats. This intelligence is crucial for understanding potential attackers' tactics, techniques, and procedures.
  • Incident Response (I.R.): The set of procedures and tools used to respond to detected security incidents. This includes the ability to quickly contain, mitigate, and recover from a threat.
  • Technological Solutions: The hardware and software tools that detect and respond to threats. Examples include firewalls, endpoint protection, intrusion detection systems, and advanced cybersecurity software.
  • Trained Teams: Skilled cybersecurity professionals responsible for implementing proactive threat detection measures, analyzing threat intelligence, and executing incident response protocols.
  • Awareness and Teamwork: Continuous learning and training for cybersecurity teams to stay updated with the latest threats and response techniques.

Overall, TDR is a holistic approach to cybersecurity that combines threat detection, intelligence gathering, and incident response, powered by cutting-edge technology, highly skilled teams, and continuous education.

As Max Shier, CISO at Optiv, puts it, "The social engineers who craft phishing, smishing, and vishing attacks are banking on the fact people are busy and likely going to overlook red flags."

As we explore the nuances of TDR, it's helpful to keep in mind its various types and how they contribute to a robust cybersecurity framework. 

Different Types of Threat Detection

configuration detection

Threat detection in cybersecurity can be categorized into four primary types:

  1. Configuration Detection: This involves identifying misconfigurations in systems and networks that attackers could exploit.
  2. Modeling Detection: This type uses statistical models to identify activities that deviate from the norm, which might indicate a security threat.
  3. Indicator Detection: This type relies on known indicators of compromise (IoCs) to identify threats. IoCs can include specific malware signatures, IP addresses known as malicious, and unusual file hashes.
  4. Threat Behavior Detection: This approach focuses on identifying patterns of behavior typically associated with malicious activities rather than relying only on known indicators. It effectively identifies new or evolving threats that do not match known IoA/IoCs indicators.

Each type supports different cybersecurity requirements and approaches, enabling security teams to defend their environments more effectively. Cyber threats keep evolving and becoming more AI-aware. It's crucial to look beyond conventional threat detection methods. So, let's delve into the critical role of proactive Threat hunting in cybersecurity and how it redefines the traditional paradigms of threat detection.

The Critical Role of Proactive Threat Hunting in Threat Detection

We've all heard the saying, "Environment maketh the man." the same is true for threat detection and response; these security events shape our approach.

proactive threat hunting

According to IBM, the Mean Time to Identify (MTTI) an attack has slightly decreased to 204 days in 2023, down from 207 days in previous years. That's a slight improvement in organizations' ability to detect breaches, which we can attribute to advancements in Threat Detection Technology. 

However, the problem persists. As attacks get more sophisticated with A.I., the Mean Time to Contain (MTTC), an attack once identified, has increased to 73 days in 2023, up from 70 days. So, while organizations are getting slightly faster at detecting threats, it's taking longer to contain them.

In the realm of managing detection and response, controlling the environment is paramount. This includes configurations and integrations with partners. Most threat detection routines are trained with machine learning, using environmental detections and sets of models that measure deviations over time. But is this enough?

Next, we have the behaviors of threats - indicators of attack (IOAs) that help generate meaningful detection. This is where a proactive approach comes into play: controlling before the exploit happens, both in terms of environment and behavior. Not just relying on automated threat detection but actively hunting for threats. Why wait for the bad guys to strike when we can identify them during their reconnaissance phase of an attack?

But how exactly does proactive threat hunting transform the effectiveness of threat detection strategies? Let's look at the mechanics of this advanced approach and understand its impact on cybersecurity ROI.

The Mechanics of Proactive Threat Hunting

mechanics of proactive IOC IOA

Proactive Threat Hunting hinges on two critical concepts: Indicators of Compromise (IOCs) and Indicators of Attacks (IOAs). In essence, it's all about gathering and analyzing information to detect any malicious activity before it actually gets triggered by the attackers. Here are three typical IOCs:

  • Hashes: These are unique identifiers for specific pieces of malware.
  • Domains: A domain associated with known malicious activity can be an IOC.
  • IPs: Just like domains, certain IP addresses are known to be linked to malicious activities.

And here are three typical IOAs that are more behavior-based:

  • Unusual account behavior: This could include multiple failed login attempts or sudden changes in user behavior.
  • Network anomalies: Large data transfers at odd hours might indicate a data breach.
  • Changes in system configurations: Unauthorized changes could indicate that an attacker has gained access.

Today’s Proactive Threat Hunting leverages AI-powered intelligence, machine learning, deep learning, big data, vulnerability scans, and EDR reporting. The aim is to separate critical and false alerts and identify potential threats before they fully manifest, significantly reducing the Mean Time to Contain (MTTC) a breach.

In the arms race of cybersecurity, tools, and technologies are the weapons that define success. 

Tools and Technologies Used in Threat Detection, Investigation, and Response

Tools and Technologies Used in Threat Detection

Let's face it: the bad guys also have access to advanced AI LLM models. Our only option is to fight fire with fire, using ML and AI-integrated security tools that give us the upper hand. 

AI vs AI.

Here are some of the top tools and technologies:

  • IAM: Identity and Access Management, coupled with workload identifiers, helps ensure that only authorized individuals can access specific resources.
    SIEM: Security Information and Event Management gathers information, logs, flow data, and different sources for intelligence.
  • UBA: User Behavior Analysis helps identify potential threats based on abnormal user behavior.
  • SOAR: Cyber Security Orchestration, Automation, and Response automates threat detection and response processes.
  • NGFW: Unline traditional firewalls, Next-Generation Firewalls offer advanced features like intrusion prevention and application-level inspection.
  • NDR/Network Traffic Analysis: This provides visibility into network behavior, allowing for detecting anomalies that may indicate a persistent threat.
  • CASBs: Cloud Access Security Brokers help monitor and secure cloud-based applications.
  • EDR: Endpoint Detection and Response focuses on detecting, preventing, and responding to threats on endpoints.
  • XDR: Extended Detection and Response provides a holistic view of threat detection and response across various security layers.

All these tools, amped up with AI, can form a solid first line of defense against cyber threats. And let's not forget about Vulnerability Management, Security Analytics, and other Endpoint Protection Platforms. The key is to have a comprehensive approach covering all cybersecurity aspects.

Armed with these tools and technologies, defenders can effectively detect, investigate, and respond to cyber threats, keeping your organization's digital assets safe and secure.

Let's now examine how leading TDR solutions available as a service, can offer enhanced capabilities to Cybersecurity Architects in their ongoing battle against cyber threats.

Effective Threat Detection and Response Solutions as a Service

TDRaaS CyVent

 

You can check out some of our partnered solutions below, but if you have a unique situation and want to talk to an expert beforehand, you can book a free consultation call with him here.

How TDR as a Service Can Help

  • Detailed Reporting: Stay informed with comprehensive reports on your security posture.
  • Improved SOC Performance: Enhance the effectiveness of your SOC (security operation center).
  • Requirement Analysis: Select a partner who understands your business needs and tailors a solution accordingly.
  • Customization: Get a solution that fits your organization like a glove.
  • Regular Updates: Stay abreast of the latest developments in your service.
  • Leapfrog Security: With your service provider's expertise, jump ahead in your cybersecurity journey.
  • Robust Protection: Secure your digital assets with world-class solutions.

For more details, check out our blog post on managed detection and response solutions for enterprises here.

The synergy between SOC and Threat Hunting teams is vital for an effective TDR strategy. But how can these teams collaborate more effectively to achieve the ultimate goal of preemptive cybersecurity? Let's delve into this crucial aspect of cybersecurity team dynamics and uncover the strategies for seamless collaboration.

The Role of Security Services in TDR: To Plan, Protect, and Pre-empt

Role of Security Teams in TDR

In-house security teams are often the first line of defense. However, maintaining ROI becomes a challenge with the skill gap in the market and compliance requirements. Working with a trusted service provider can help you in multiple ways. 

  1. Establishing a Robust Framework: Look at your company's cyber security standards and essential tasks, and define the skills, team requirements, and headcount. Make sure you integrate best practices from your industry and tech partners.
  2. Adhering to Standards and Defining Tasks: Align with security standards (e.g., ISO 27000, NIST) and define key tasks.
  3. Threat Intelligence Gathering with Different Solutions: Consider what technologies you're using, possible attack channels, embedded systems, IoT, APIs, and integration partners.
  4. Continuous Monitoring and Surveillance: With the main framework in place, services can continuously monitor network and system activities to detect signs of malicious activity or breaches.

Bridging the Gap: SOC and Threat Hunting Teams Collaboration

Two teams often stand out – the SOC and the Threat Hunting teams. While they might operate independently, their success in protecting a corporation hinges on their ability to work together seamlessly. But how can we align the goals of both teams for a unified approach to threat detection and response?

Communication Protocols and Information Sharing

For SOCs and threat-hunting teams, real-time information sharing is crucial. Whether through integrated platforms, regular meetings, or automated alerts, ensuring that both teams are on the same page is vital.

Leveraging SOC Data for Proactive Threat Hunting

SOCs gather a wealth of data that can be invaluable for proactive threat hunting. From EDR reports to network logs, this data can provide insights into potential threats before they materialize. The key here is not just to collect data but to analyze and use it effectively.

Coordinated Response Strategies

Once a threat is detected, the response must be swift and decisive. By developing coordinated response strategies, SOCs and threat-hunting teams can mitigate damage and prevent further breaches. This requires clear protocols, defined roles, and effective communication.

Tool and Resource Optimization

Both teams have a plethora of tools at their disposal. The potential of these tools is realized when they are comprehensively understood and skillfully optimized, thereby amplifying the teams' prowess in threat detection and response.

Continuous Improvement through Feedback Loops

Cybersecurity is not a one-and-done deal. It requires continuous improvement, and feedback loops play a crucial role in this. Regular discussions, reviews, and adjustments can help refine processes and strategies for better threat detection and response.

The rising importance of Threat Detection and Response as a service cannot be understated. With a customized plan from us, you can keep your company safe from threats, increase cybersecurity ROI, and adhere to all standards.

 

Conclusion

We've explored the intricate world of Threat Detection and Response and its critical role in cybersecurity architectures. We've delved into the different types of threat detection, emphasizing the importance of proactive threat hunting and the sophisticated tools and technologies that make TDR more effective. 

Understanding the nuances of TDR – from configuration detection to threat behavior detection and the mechanics of proactive threat hunting – is essential in today's cybersecurity landscape. 

 

Get The Right Cybersecurity Solution For Your Business

As you move forward enhancing your cybersecurity posture, connect with CyVent to explore our range of solutions and services.

We have a team of experts who can help you understand your requirements and find you the best solution.

Our experts will eliminate any confusion and guide you to the right cybersecurity solution for your unique system.

Click here to book a call and speak with one of our experts.

CYV_banner_1_alt-1

 

Calculating ROI for Your Cybersecurity Project: How to Choose the Right Security Tools

Posted by CyVent on Sep 23, 2023

CyVent Cybersecurity ROI

CISOs and Board members face a balancing act as they look to build out strong security programs. What tools are truly worth the investment versus the costs of a damaging cyber attack? Though well-known, the potential repercussions of a data breach are still alarming. By some estimates, cybercrime damages will reach $10 trillion by 2025, up from $4 trillion in 2021.

 

For both CISOs and Board members, a thorough cybersecurity strategy is a critical way to address business risk and promote business health and longevity. The risks at stake, in addition to regulatory scrutiny as well as compliance concerns - think GDPR - are motivating Boards to take a closer look, and they're turning to CISOs for insight. The challenge for CISOs is selecting the best tools from a sea of offerings and then working with the Board and senior execs to deploy them within the organization.

By calculating cybersecurity ROI, CISOs can quantify the value of a new security project to Board members, demonstrate the financial impact of the security budget and how it aligns with the business's overall strategic goals, and foster faster decision-making.

 

Calculating ROI for Cybersecurity

Calculating ROI for Cybersecurity

At a basic level, one way of calculating a company's cybersecurity ROI involves taking the average cost of an incident and multiplying that number by how many incidents a business might experience in a given time frame. With an approximation of potential expenses, companies can then assess whether the price of the solution and the reduction in incidents it will bring is worth the investment.

Of course, many more factors come into play, which is why calculating cybersecurity ROI is notoriously challenging. The equation also has to represent issues at stake beyond dollars and cents, including potential loss of intellectual property, loss of reputation, and business disruption. There are numerous formulas for calculating cybersecurity ROI, and much research has been done on the subject. How to Measure Anything in Cybersecurity Risk by Douglas W. Hubbard and Richard Seiersen is a good example and a highly recommended resource for an in-depth exploration.

The bottom line is that breaches are expensive. Calculating cybersecurity ROI starts a conversation about whether investing money upfront to prevent a major disruption outweighs the small probability of a significant breach and its ensuing costs.

However, let me propose that many ROI calculators on the market may not be worth your executive time. Would you be intrigued or incredulous?

Identifying Cybersecurity Metrics

Identifying Cybersecurity Metrics

False Alerts

Let's reframe the perception of false alerts. Rather than dismissing them as mere nuisances, consider this: what if these false positives are draining your resources like slow, incremental financial leaks? According to the Ponemon Institute, false positives cost enterprises an average of over $1.3 million in lost revenue annually. If you are not tracking this, you are essentially ignoring a significant six-to-seven-figure problem.

Critical Alerts

Critical alerts for security breaches are often easy to prioritize but hard to cost-justify, often falling into the "priceless" category. However, are they truly priceless? According to IBM, identifying and containing a data breach takes an average of 277 days. What cost opportunities are being missed during this timeframe?

Cost Efficiencies: Moving from False to Critical Alerts

The cost-benefit analysis around alerts often remains rudimentary. Have you considered how much it costs to resolve false alerts, both in the money saved in terms of labor hours and opportunity cost? Conversely, how cost-effective are your incident response measures for critical alerts? Understanding this data is a fundamental aspect of any meaningful ROI conversation.

Where to Find ROI Calculator for Cybersecurity

Where to Find ROI Calculator for Cybersecurity

Evaluating Metrics to calculate Cybersecurity ROI is important, but so is the calculator that doesn't generate generic numbers or require a degree in divination to interpret in any actionable way. However, there are calculators specifically designed for the C-suite, considering the uniqueness of your industry, security posture, and amount of critical/false alerts.

Look for the CyVent Cybersecurity ROI Calculator developed by CyVent's leadership team that incorporates False and Critical Alerts. A properly calibrated ROI calculator can offer you data points that are quantitative and highly qualitative in value, providing actionable insights for enterprise board-level strategy discussions.

 

Benefits of Calculating Cybersecurity ROI

Benefits of Calculating Cybersecurity ROI

Implementing a cybersecurity protocol and calculating its ROI has been proven to have substantial benefits.

According to a recent study conducted by security leaders IBM, it is projected that the average cost of cyberattacks will soar to an astonishing $4.45 by 2023, reflecting a significant 15% increase over the past three years.

Moreover, an alarming 51% of organizations are actively planning to fortify their security investments in response to breaches. These investments will encompass a range of measures, including comprehensive incident response (IR) planning and testing, robust employee training, and the implementation of advanced threat detection and response tools.

These figures underscore the importance of investing in cybersecurity measures and, with ROI calculations, comes a risk assessment and management, helping businesses understand the comprehensive value these security measures bring in preventing colossal damages.

Remember, Calculating ROI benefits are not standalone – they intertwine and amplify each other, creating a comprehensive, robust cybersecurity framework.

Understanding the Value of Cyber Tools

Organizations often find themselves inundated with many cyber tools and solutions in today's complex cybersecurity landscape. With vendors constantly pitching new offerings to address emerging threats, it becomes crucial for CISOs to evaluate and justify the value of these investments. Calculating cybersecurity ROI provides a systematic approach to determining the worth of a particular tool or solution in the context of an organization's unique security environment.

Evaluating and Prioritizing Security Solutions for Risk Management

With numerous options available, CISOs face the challenge of deciding which security solutions to invest in. By calculating ROI, CISOs can objectively compare different options and have the proper security control. A comprehensive ROI analysis considers factors such as the total cost of implementation, anticipated risk reduction, and the impact on operational efficiency. This evaluation process enables CISOs and security teams to prioritize security solutions based on their expected return on investment.

Achieving Peace of Mind and Problem Resolution

One of the key goals of calculating cybersecurity ROI is to provide CISOs with peace of mind and problem resolution. By understanding the potential value of a security solution, CISOs can make informed decisions about which problems it will solve and the level of peace of mind it will provide. Effective cybersecurity investments mitigate the risk of cyber threats or data breaches and contribute to operational stability, data protection, and regulatory compliance.

Communicating Cyber Risk to the Board

For CISOs, effective communication with the Board is crucial. Security Executives hold increasing responsibility for cybersecurity decisions, considering the regulatory, reputational, and business risks involved. Calculating cybersecurity spending enables CISOs to articulate the reality of cyber risk and provide the Board with the necessary information to make informed decisions. By presenting ROI figures, CISOs and Security analyst can highlight the financial risk and strategic implications of various cybersecurity investments, strengthening their ability to advocate for effective security measures with an appropriate, in-house security team and budget.

Aligning Cybersecurity with Overall Business Strategy

To gain board support and secure adequate resources, CISOs must align cybersecurity with the overall business strategy. Calculating ROI allows CISOs to demonstrate how the cybersecurity budget contributes to the organization's increased efficiency in protecting data, preventing cyberattacks, and complying with the latest regulations. By quantifying the potential return on investment, CISOs can showcase the value that effective cybersecurity measures bring regarding brand reputation, customer trust, and operational resilience. This alignment enhances the Board's understanding of cybersecurity as integral to the organization's strategic objectives.

Embracing Security Tools with Proven ROI

The Importance of a Layered Security Approach

Layered Security Approach

Understanding the Attack Surface

You must be familiar with the concept of a layered security approach. However, it's crucial to consider that not all layers are equally effective. It's not just about having multiple layers; it's about having intelligent layers that actively learn from each other. Each layer must adapt and communicate in real-time to ensure effectiveness with the ever-expanding attack surface.

Recent Advancements in Cybersecurity Technology

As technology evolves, so do the threats. Enter AI-powered threat detection, behavioral analytics, and predictive modeling. These technologies are not mere buzzwords. They have demonstrated remarkable ROI by significantly reducing both breach instances and dwell time, the duration that threat actors have unauthorized access to your system.

The Power of Cybersecurity Artificial Intelligence

Power of Artificial Intelligence

AI for Incident Reduction

Have you ever considered that AI could be your cybersecurity cost-saver? Predictive analytics and machine learning can significantly improve risk management and decrease the number of security incidents, too. Remember, every incident you prevent translates to saved dollars and, potentially, a protected reputation.

AI vs. AI: Staying Ahead of Attackers

This is not a scenario from science fiction; it is the reality of cybersecurity today. We are moving towards a world where it's AI against AI. If threat actors leverage AI to create more intelligent attacks, your AI-driven solutions must be even smarter, faster, and continuously adaptable.

The Efficiency of Automation

Efficiency of Automation

Streamlining Incident Management

Automation is not about replacing human expertise; it's about enhancing it. Incident management becomes effortless when mundane tasks are automated, allowing your IT teams to focus on complex issues that require human intuition.

Boosting Productivity in IT Teams

Imagine what your skilled IT teams can achieve when freed from routine tasks. Automation brings impressive ROI through cost avoidance, significantly reducing the time spent on incident responses and enabling your team to concentrate on strategy and innovation.

Reach out to our team

The cybersecurity landscape is genuinely complex. At CyVent, for example, our mission is to support CISOs as they select and sort through the different offerings on the market. Calculating cybersecurity ROI helps prepare for the coming environment where the fight will be AI vs. AI, and companies that do not have the appropriate AI talent and tools may be at a disadvantage.

We're just an email or a phone call away, eager to provoke your thoughts and arm you with the tools to preempt more and remediate less.

Get in touch with our team.

Tempted to test new features before everyone else? DON’T BE!

Posted by CyVent on Sep 19, 2023

Mobile Security CyVent

Ever been tempted to download the beta version of your favorite app, ready to test out all the cool new features before everyone else?

STOP!!

The FBI has some news that might make you think twice.

Cybercriminals have come up with a brand new trick to lure us into their lair. They’re hiding malicious code in fake beta versions of popular apps, turning unsuspecting people’s mobiles into their personal piggy banks.

Now, don't get us wrong, we love innovation as much as the next team of tech enthusiasts. But whilst beta versions have a certain allure, they haven't gone through the rigorous security checks that apps in the official app stores must pass.

Criminals send fake emails pretending to be the developers of popular apps, offering early access to new beta versions.

But of course, they’re fake, too. Once installed, they can do all sorts of bad things, including accessing data from your finance apps and even taking over your mobile. 

If your staff downloads them onto company devices, could your business be compromised?

There’s a moral to our story. And it's a simple one: Patience is a virtue. 

Hold off on downloading beta versions of apps. Wait until they're stable and officially released in app stores. Good things come to those who wait, and that includes secure apps.

If you have downloaded beta versions in the past, keep an eye out for red flags like faster battery drain, poor performance, persistent pop-up ads, and apps asking for unnecessary permissions.

In this digital age, we must be as smart and savvy as the technology we use. So, before you hit download, take a moment to think: is this app worth the risk?

Train your staff to think the same way. And if you do give them business mobiles, consider a Mobile Device Management solution to control what they can do with them.

If you're concerned about the security of your mobile devices and need expert guidance, Book a strategy call with CyVent today.

We'll help you safeguard your business information and provide tailored cybersecurity solutions for your unique needs.

 

Microsoft and Samsung team up to boost work phone security

Posted by CyVent on Sep 12, 2023

Cyvent Microsoft and Samsung Phone Security

You’ve checked your pockets, your bag, under pillows … and then it hits you. You left your work phone on the table at the coffee shop. 

You panic.

It's not the device itself that’s got you worried, but all the sensitive business information stored on it. If that mobile ends up in the wrong hands, you’re facing a nightmare.

But that worry could be over. Microsoft and Samsung are joining forces to make your work mobiles  safer. This month, they’re launching a groundbreaking solution to help protect anyone who uses a Samsung Galaxy device in the workplace.

How? 

With something called on-device attestation. It lets companies see if mobile devices have been compromised, even at their deepest components. Think of it as a security guard for your cell phone. 

Samsung brings its software and hardware innovations to the table, whilst Microsoft provides its endpoint management expertize. 

And whilst other device attestation tools require a network connection and access to cloud services, this solution works reliably regardless of network connectivity or device ownership model. 

This solution will be released alongside Microsoft Intune (previously known as Windows Intune), a unified endpoint management service for both corporate devices and BYOD (Bring Your Own Device). And it will be available to select Samsung Galaxy smartphones and tablets, especially those "Secured by Knox".

So, whether you're working from the office, a busy coffee shop, or a remote cabin in the woods, you can rest assured your device is safe.

In business, your mobile is more than just a communication device. It's a vault of sensitive (and valuable) information. And with Microsoft and Samsung on the case, that vault just got a lot safer.

If you're concerned about the security of your mobile devices and need expert guidance, Book a strategy call with CyVent today.

We'll help you safeguard your business information and provide tailored cybersecurity solutions for your unique needs.

Is that Microsoft email actually a phishing attack?

Posted by CyVent on Sep 11, 2023

Microsoft Phishing Attack CyVent

You're no stranger to the endless threats lurking in your email inbox. But have you ever considered that an email that seems to be from Microsoft could end up being your worst nightmare?

Microsoft, the tech giant we all know and trust, has become the most imitated brand when it comes to phishing attacks. That's where cybercriminals send you an email that contains a malicious link or file. They're trying to steal your data. 

And while Microsoft isn't to blame for this, you and your employees need to be on high alert for anything that seems suspicious.

During the second quarter of 2023, Microsoft soared to the top spot of brands imitated by criminals, accounting for a whopping 29% of brand phishing attempts.

This places it well ahead of Google in second place (at 19.5%) and Apple in third place (at 5.2%). Together, these three tech titans account for more than half of the observed brand imitator attacks.

But what does this mean for your business?


Despite an apparent surge in fake emails targeting millions of Windows and Microsoft 365 customers worldwide, careful observation can help protect you from identity theft and fraud attacks. 

While the most imitated brands change from quarter to quarter, usually cyber criminals are less likely to change their tactics. 

They use legitimate-looking logos, colors, and fonts. Phishing scams frequently use domains or URLs that are similar to the real deal. But a careful scan of these and the content of any messages will often expose typos and errors – the tell-tale signs of a phishing attack.

One of the latest attacks claims there has been unusual Microsoft account sign-in activity on your account, directing you to a malicious link. These links are designed to steal everything from login credentials to payment details.

And while tech firms continue to be popular scam subjects, many cybercriminals have turned to financial services like online banking, gift cards, and online shopping orders. Wells Fargo and Amazon both rounded up the top five during Q2 2023, accounting for 4.2% and 4% of brand phishing attempts, respectively.

What can you do to protect your business?

The answer is more straightforward than you might think. The best course of action when it comes to phishing is to slow down, observe, and analyze. Check for discrepancies in URLs, domains, and message text.

Safeguarding your business against phishing threats is of paramount importance. To fortify your defenses and stay informed, we encourage you to explore our free recorded webinar on cyber insurance. This insightful resource provides valuable insights and strategies to protect your organization from cyber threats and meet insurance requirements.


Don't wait for the next phishing attempt - take proactive steps to enhance your cybersecurity posture.

Microsoft 365 Makes Multi-Factor Authentication Easier

Posted by CyVent on Apr 7, 2023

Microsoft is planning to enable Multi-Factor Authentication (MFA) directly in its Outlook app for many 365 business users.

MFA is a vital tool to help protect your online accounts from cyber criminals. It works by generating a second, single-use passcode every time you log into an account. It’s usually sent to an authenticator app on your phone that you have to download and set up first. 

Security codes can also be sent via SMS text message, by a phone call, or you might be given a special USB key to plug into your computer.

The process is often made quicker by using a biometric login like your fingerprint or face ID. It’s a minor chore, but the protection it offers far outweighs the couple of extra seconds it takes to access your account. 

Microsoft isn’t so sure about those extra seconds, though. If the tech giant can save you that time, it’s going to do it. That’s why it’s looking to streamline MFA for Microsoft 365 business accounts. 

It’s rolling out the improvement by building MFA directly into the Outlook app in a feature called Authenticator Lite. Until now, it’s relied on a separate authenticator app or sending login codes.

There’s no news yet for those of us who want faster authentication on our personal PCs. If Microsoft does announce plans to make this feature available to more hardware or operating systems, we’ll update you with any news.

If you don’t already use MFA for your apps and online accounts, we recommend that all businesses implement it as soon as possible. The additional security it offers protects against the vast majority of today’s cyber threats. 

For more help and advice about implementing MFA or getting the best from Microsoft 365, just get in touch


Published with permission from Your Tech Updates.

Bot Malware Is A Growing Security Threat

Posted by CyVent on Mar 22, 2023

Bot Malware Is A Growing Security Threat

If we talk about ‘bots’ you’d be forgiven for thinking of the amazing AI chatbots that have been all over the news lately. 

But this isn’t a good news story. Bots are just automated programs, and bot malware is a worrying new security risk you need to defend your business against.

Malware bots are particularly dangerous because they steal whole user profiles – that’s a complete snapshot of your ID and settings. This potentially allows cyber crooks to bypass strong security measures like Multi-Factor Authentication (MFA).

Usually, if a criminal steals your username and password, they still can’t access your account because they don’t have access to your MFA authentication method. But with your whole profile available to them, using your cookies and device configurations, they can trick security systems and effectively switch off MFA.  

Once profile information is stolen, it’s sold on the dark web for as little as $5. 

And it’s not even super-sophisticated cyber criminals deploying this technique. Just about anyone can obtain your details and use them for phishing emails, scams, and other criminal activity. 

Since 2018, 5 million people have had 26.6 million usernames and passwords stolen, giving access to accounts including Microsoft, Google, and Facebook. 

All this means there are things you need to do – right now – to keep your profiles and your business protected from bot malware.

  • Update your antivirus software and keep it on at all times. 
  • Use a password manager and Multi-Factor Authentication to keep your login credentials safer
  • And encrypt all your files so that, if anyone does access your profile, there’s very little to steal. 

These are the things we help our clients with every day. If we can help you, just get in touch

Untitled (1)

Published with permission from Your Tech Updates.

Don’t Forget Your Phone When You Think About Cyber Security

Posted by CyVent on Mar 13, 2023

Don’t forget your phone when you think about cyber security

 

Our phones are a goldmine of private information. Just think of all the financial details, personal messages, banking apps, photos and contact information that live behind that little glass screen.

And if your team use phones for work, they’ll often have access straight into company systems – email, contact lists, network access, file systems. So if they’re not kept as secure as any other device in your workplace, they can become a gaping hole in your cyber security.

Criminals know this, of course, which is why they target us through our phones just as much as they do through our networks and servers. 

But cyber crime isn’t the only concern. Just losing your phone, or having it stolen, can put your data at huge risk.

So, whether you issue company smartphones, or your employees use their own, you should make sure everyone implements some simple security steps to protect your data and avoid disaster.

  • Start with making sure your people set up a PIN and a biometric login (like a fingerprint or face scan) to open the device.
  • Only install apps from trusted sources to make sure you’re using genuine software.
  • And enable Multi-Factor Authentication on all apps that store even a small amount of sensitive data.
  • Be careful about where you connect to Wi-Fi. If you work remotely or often connect to public networks, consider using a VPN – a Virtual Private Network – to add another layer of security. You never know who’s monitoring traffic on a public network.
  • Finally, ALWAYS make sure your phone is running the latest version of its operating software, and keep all apps up to date. 

 

Smartphones have changed so much about the way we live – at home, and at work – but it’s too easy to take them for granted. And that could be a costly mistake.

If you need help to keep your smartphones safe, just get in touch.

Untitled (1)

Published with permission from Your Tech Updates.

Let’s Start Talking About AI

Posted by CyVent on Mar 6, 2023

US+wc+2023-03-06+-+Blog+article+++LinkedIn+newsletter+image

The whole world is suddenly talking about Artificial Intelligence. 

From Alexa in your kitchen, to Siri on your phone, AI is already all around us, but new names like ChatGPT, Dall-E, Jasper and more feel like they’ve blown up the internet. 

These new concepts take things WAY further, helping us to write articles, search the web with natural conversation, generate images, create code, and introduce new ways to make our daily lives even easier. 

But emerging technology nearly always launches in a blizzard of geek-speak before it settles into everyday life. Early PC users might remember the ‘DOS prompt’. And when did you ever have to ‘defrag’ your phone?

Experts believe that these new AI tools will become the building blocks of a whole new world of tech, redefining the way we interact with computers and machines.

 

So let’s help you decode some of the terms you’ll hear this year.

 

Chatbot
Starting with the basics, a chatbot is an app that mimics human-to-human contact. Just type or speak normally, and the chatbot will respond the same way. ChatGPT is a chatbot. If you haven’t tried it out yet, give it a go.

 

Deep learning
This is the technique that’s used to imitate the human brain, by learning from data. Current search tools and systems use pre-programmed algorithms to respond to requests. AI tools are trained on concepts and conversations in the real-world, and learn as they go to provide human-like responses. 

 

Machine intelligence The umbrella term for machine learning, deep learning, and conventional algorithms. “Will machine intelligence surpass human ingenuity?” 

 

Natural Language Understanding (NLU) helps machines understand the meaning of what we say, even if we make grammatical errors or speak with different regional accents.

 

Weak AI is the most common form of AI in use right now. Weak AI is non-sentient and typically focuses on a single or small range of activities – for instance writing, or repurposing video content. Strong AI, on the other hand has the goal of producing systems that are as intelligent and skilled as the human mind. Just not yet.

 

This is just the tip of the iceberg, but trust us – you’re going to be hearing a lot more about AI in the months and years to come. 

 

If you’d like more help to understand how AI might form part of your business, just get in touch.

 

Published with permission from Your Tech Updates.



Cyber Attacks Are Getting Bigger And Smarter. Are You Vulnerable?

Posted by CyVent on Feb 27, 2023

Cyber attacks are getting bigger and smarter. Are you vulnerable?

Have you ever tried to buy tickets for a huge event and found that the seller’s website has collapsed under the weight of thousands of people all trying to do the same thing at the same time?

The ticket site falls over – usually temporarily – because the server is overloaded with traffic it doesn’t have the capacity for. 

Criminal Distributed Denial of Service attacksDDoS, for short – exploit the same principle.

When a DDoS attack targets a business, it floods it with internet traffic in an attempt to overwhelm the system and force it to fail. 

This results in the business and its customers being unable to access services. That may trigger a temporary failure, or it could be more serious. Last year, the average DDoS attack lasted 50 minutes. 

That may not sound like a long time, but it’s enough to create angry customers, or to bring business to a grinding halt. And downtime can be costly. 

The really bad news is that DDoS attacks are not only lasting longer, but they’re becoming bigger, more sophisticated and more common. 

Recently, the biggest ever reported DDoS attack was reportedly blocked. At its peak, it sent 71 million requests per SECOND to its target’s servers. Prior to that, the biggest reported incident stood at 46 million requests per second.



Worse still, more businesses are reporting being targeted by DDoS attacks where criminals are demanding huge ransoms to stop the attack. 

What does this mean for you? 

It’s important you check all your security measures are up-to-date and working as they should be. Are your firewalls up to the task, with DDoS monitoring and prevention tools set up? And is your team fully aware of the importance of staying vigilant? 

We can help make sure your business stays protected. Just get in touch. 

Published with permission from Your Tech Updates