Remote Management Survey

Remote Management Survey

1 in 5 I.T. pros say remote workers are not secure, survey finds

 

Key takeaways from the 2022 Remote Management Survey by Hornetsecurity

  • 18% of I.T. professionals believe that remote employees are not working securely and that company data is at risk
  • 8 out of 10 I.T. professionals believe that remote working conclusively introduces cybersecurity risks that are otherwise not present.
  • According to 3 out of 4 I.T. professionals, employees are using personal devices to access sensitive company data
  • 1 in 3 organizations does not provide cybersecurity awareness training to remote employees
  • 1 in 6 organizations has suffered a cybersecurity incident directly related to remote working

About the 2022 Remote Management survey

As part of our effort to remain in touch with the current state of the IT industry and to keep our finger on the pulse of the frequent and drastic shifts that come with it, our team at Hornetsecurity conducts a survey every few months. Each survey concerns a specific topic that we think is essential to the industry, and to business entities of all kinds and in all parts of the world. No shift has impacted the way many organizations operate than remote work and the subsequent need for remote management. While the concept of remote work is not new to the industry, the 2020 pandemic has supercharged its adoption around the world and across industries. This has led to organizations changing, seemingly overnight, to remote working setups which have introduced a host of cybersecurity concerns that were not viable threats until now. Our 900+ survey respondents come from a multitude of industries, regions, differing years of experience, and from companies of varying sizes.

Remote Working in 2022

Initially brought to the mainstream workplace as a pandemic measure, remote working has become a staple of the modern working environment, in addition to remote monitoring and remote team management. With more companies opting for either a fully remote or hybrid approach to work, the shift towards remote work over the last few years is extremely well-documented, and all the evidence points to it being a permanent employment fixture for the foreseeable future. Remote work has therefore become one of the most fundamental aspects for the workplace, both from the perspective of employers and employees. While a recent survey by Buffer shows that 97% of remote workers would like to continue doing so for the rest of their career, employer opinion on remote work tends to vary, with 72% of employers in the United States preferring that their employees work within an office environment, and only 12% of leaders considering employees as productive working remotely as they are in the office, despite evidence to the contrary. Other employers cite security concerns as their primary motivation for bringing office workers back to the office, with a 37% increase in data breaches in the third quarter of 2022. That said, this is a significant decrease from the 125 million data breaches that occurred shortly after the beginning of widespread remote working, proving that companies that invested in good cybersecurity practices and remote team management tools had an immediate effect on risk within their organizations. Regardless of employer opinion, the overwhelming response to remote work from an employee perspective has been positive. Over 57% of employees cite that they would leave their job if remote work or hybrid working was not an option for them; 84% state that they would take a pay cut in order to retain their work from home privileges or to work for a company that allowed them to work remotely. The biggest benefit to working from home for employees is the flexibility that it allows them, with 67% claiming that the flexibility in their lives had led to a better work-life balance. While remote work does come with its own set of challenges for employees, such as struggling to create and then maintain that balance, it is overwhelmingly clear that remote and hybrid working is here to stay, and therefore organizations need to be prepared to face the challenges that remote management brings from a security perspective. The immediate increase in cybersecurity breaches at the onset of remote working, and its subsequent decrease as companies shifted their investments into better security training and cybersecurity measures, proves that remote working can be as safe as working from the office, provided the employees and employers both have the training to adhere to stricter measures. In 2021, this was primarily implemented with multiple authentication measures for endpoints and servers, as well as a boost in security training. These are measures that need to be built on, and improved upon, for a better secure workplace in general, but companies with remote or hybrid work policies need to give better cybersecurity measures a stricter priority for 2023.  

Close to 1 in 5 I.T. professionals (17.9%) say workers are not secure when working remotely

Close to 1 in 5 I.T. Professionals say Workers are not secure when working Remotely
According to our remote management survey, a significant number of I.T. professionals are aware of their remote security shortcomings and have a decent understanding of both security issues that have been introduced alongside the rise in remote work and that the solutions to these threats have not been fully implemented within their organization, despite the significant increase in remote working worldwide. This is likely due to a combination of the rapid and sudden expansion of remote work over the past few years, and businesses struggling to keep up with all the infrastructural and operational changes that this has brought with it. Unfortunately, I.T. security tends to be of a lower priority in comparison to essential tasks that must be upgraded and adjusted in order to ensure business continuity – at least, until they suffer a cybersecurity breach.

3 in 4 IT professionals (73.8%) say that employees can access sensitive work-related data through their personal devices

3 in 4 Remote Workers can access Sensitive Data
One of the most surprising insights collected from this survey is the extremely high use of personal devices among employees to access sensitive data. The vast majority of these cases are likely to be users accessing emails and documents on their personal mobile phones while using systems such as Microsoft 365, Google Workspace, or other cloud-based office applications – a situation that makes remote management a significantly more thorny issue. While not necessarily associated with the rise in remote work, this identifies that there is a significant amount of sensitive data that is at risk of being compromised through a variety of techniques targeting end-user personal devices. Endpoint configuration / management is fairly uncommon when it comes to worker’s personal devices due to the legal and ethical issues that come along with providing those services on non-company owned devices. It also highlights the importance of cloud-based security features rather than the use of on-device features.

14% of respondents said their organization suffered a cybersecurity incident related to remote working

14 percent of repondents said their organization suffered a cybersecurity incident related to remote working
As we discovered in previous surveys over the past few years, it’s clear that cybersecurity incidents are on the rise. While the situation is slightly less dire than it was in the immediate wake of the pandemic, the incidence rate is still high. Therefore this finding, while still relatively alarming, should come as no surprise. It means that 1 in every 6 companies has suffered a cybersecurity incident specifically related to remote working. While the exact cost of each of these incidents is unknown, industry data from IBM indicates that major data breaches in 2022 cost their victims an average of $4.35 million, a 2.6% rise from the 2021 average of $4.24 million. This takes into account the potential ransoms paid through ransomware, the cost of the significant down-time that a data breach can cause, and industry fines that can be levied against companies that fail to protect sensitive data.

What are the main sources of remote work related cybersecurity incidents?

Sources of Remote Work related Cybersecurity Incidents

28.1% of our remote management survey respondents reported that ‘compromised endpoints’ and ‘compromised credentials’ were the main reason for security incidents.

When it comes to compromised endpoints, the explanation is fairly obvious – as users travel and work in different locations, there is a higher possibility of losing devices that contain sensitive data. The risk of this is intensified when one considers the relatively high amount of personal devices that have access to sensitive data that do not have any endpoint configuration to help protect against unauthorized access.

Credentials becoming compromised through the threats of social engineering and email phishing attacks are also equally common. Remote working exacerbates this risk as users are more isolated and less likely to be able to identify threats alone. In comparison, those in the office may have more instant access to other colleagues who can help verify communication before communicating sensitive information. The solution to this particular issue is two-pronged. Firstly, a robust email security suite can eliminate a significant portion of inbound threats before they even reach end-users. For the threats that do reach their intended target, cybersecurity awareness training such as the programs offered by Hornetsecurity can hugely impact the potential of a data breach.

15.7% of respondents also cited uncontrolled file sharing as a source of cybersecurity incidents. Cloud storage platforms have become essential for remote work operation, but sharing access to files on these platforms with third parties introduces significant risks. User error that results in access being provided to sensitive company data to unauthorized individuals is a serious risk, and is relatively common. Stringent access and authorization processes need to be put in place in order to avoid such occurrences.

Just over 1 in 10 (11.6%) of respondents that reported a remote-work related cybersecurity incident said that unsecured or public networks were the root cause. While endpoint security might be in the control of most I.T. departments, the networks that users connect to add another layer of risk that is not always accounted for. While relatively uncommon, users could be victim to attacks such as Wi-Fi spoofing in public areas. For example, a cybercriminal may name a remote Wi-Fi hotspot the same name as a local coffee shop, tricking users into joining said network and compromising their endpoints.

The least common source of cybersecurity incidents per this survey was lack of physical security or privacy in public places. While this is an extremely low-tech form of cyber attack, it was still reported by nearly 1 in 10 of incident victims. This serves as a reminder that there are some security considerations that cannot be handled through any digital remote management tool, and rely solely on users’ awareness of their surroundings.

Which companies are most at risk of remote work cybersecurity incidents?

Remote Work Cybersecurity Incident Frequency by Company Size
The data gathered through this survey very clearly indicates that the larger the organization, the more likely it is to have suffered a remote cybersecurity incident. In fact, organizations with 500+ employees are 3 times as likely to have an incident than SMEs with less than 50 employees. This goes to show that while cybersecurity is practically infinitely scalable, size always increases risk. It also indicates that black hat hackers are significantly more interested in attacking large organizations – likely due to a higher potential return for their effort, and the thrill of successfully attacking a known organization.

Almost half (47.6%) of employees in the respondents’ organizations work remotely

Almost half of Employees in the Respondents' Organizations work Remotely
When asked what percentage of their organization’s workforce operates remotely in some capacity, the average of our respondents’ answers worked out to nearly half – 47.6%. While not entirely surprising, this is a very high percentage, especially when one considers this percentage is set to increase over the next few years.
44 Percent of Respondents say their Organization plans to Increase their percentage of employees that work Remotely
This further indicates the necessity for large organizations to take a slightly different approach to cybersecurity in order to cater for the nuances of remote work, and invest further in making sure remote employees are aware of the increase in risks. Cybersecurity has always required users to play their role in preventing incidents – the increase in remote work and remote team management has expanded this role, as security administrators now have slightly less overall control over the environment in which users are working.

4 in 5 IT professionals (79.5%) think that remote work introduces cybersecurity risks that are not present when working on-premise

4 in 5 I.T. Professionals think that Remote Work introduces Cybersecurity risks
Our cybersecurity experts at Hornetsecurity are adamant that remote cybersecurity introduces additional risks in comparison to on-premise security. While nearly 80% of our respondents agree with this, this survey reveals a cohort of 12% of I.T. professionals that don’t agree, and another cohort of 8.5% that are unsure. This is relatively surprising considering that some of the sources of cybersecurity incidents found in this survey are practically unique to remote workers. This may indicate a lack of awareness or understanding of these potential risks among I.T. professionals. That being said, the vast majority of respondents are aware of the risks.

1 in 3 organizations do not provide any cybersecurity awareness training to users who work remotely

1 in 3 Organizations do not provide any Cybersecurity Awareness Training to Remote Workers
While I.T. professionals are mostly aware of the additional risks associated with remote work, this survey reveals that organizations aren’t yet investing enough in user awareness. 1 in 3 organizations do not provide cybersecurity training to remote employees, and considering that the main sources of cybersecurity incidents reporting within this survey are user-dependent, this may be a significant oversight. Data from many of our previous surveys, especially ones surrounding cybersecurity incidents such as ransomware, consistently indicates that while the security tools and remote management services used by an organization are essential, the most vulnerable link in the security chain is consistently the users. Our latest ransomware survey showed that 1 in 4 organizations had been the subject of a ransomware attack, and 3 in 4 of these attacks were caused by user error (either through phishing/email attacks or compromised endpoints). The importance of user training cannot be overstated.

How confident are IT professionals in their remote security measures?

94 Percent of I.T. Professionals said they are Moderately Confident in their Remote Management Security Measures
Despite the very clear risks associated with remote working and remote team management, I.T. professionals reported a high overall confidence level when it comes to the security of their remote employees. On a scale from 1-5, the average confidence level among respondents ranked at 3.6. Considering the lack of cybersecurity awareness training offered to employees, and the fact that 20% of respondents don’t think that remote work poses additional security risks, this confidence is likely misplaced.
Confidence of Remote Management Security Measures

What are the most commonly used security features for remote management?

Most commonly used Security Features for Remote Management
When asked for the most common security features used, VPN came out on top. However, one should keep in mind that while VPN does indeed provide further security, its function is often essential for employees to access systems and storage that are only available through on-premise networks, and this would explain the very high usage rate. The most common security-specific feature was Multi-Factor Authentication – this comes as no surprise, seeing that platforms such as Microsoft 365 and Google Workspace provide this feature natively. While just over 4 in 5 respondents reported using this feature, it’s worth noting that a motivated black hat hacker can find a way around this relatively easily – in fact the top two sources of cybersecurity incidents reported in this survey – compromised endpoints and compromised passwords – should theoretically be halted by MFA, but clearly are not. That being said, not having MFA would be extremely unwise, as it protects from low-level attacks. Endpoint detection software was the third most popular security feature, with 55.5% of respondents reporting its use. This software is practically essential for users with direct access to network systems or storage, and is an indispensable tool for large organizations that must monitor a nearly endless number of devices. Endpoint activity monitors are a slightly thornier issue. While activity monitors provide useful data for I.T. security teams, they can also be seen as unnecessarily intrusive for remote workers. Employers often use security as an excuse to be able to monitor employee activity to ensure that they’re working. Based on the results of this survey, this  is most prevalent in North America where nearly half (47%) of organizations use remote monitoring and remote team management in comparison to 39.7% of European companies. This data point corroborates the existing sentiment of the stricter corporate culture and employee inflexibility in the US as opposed to their EU counterparts. 41% of respondents indicated that their I.T. team uses conditional access and password management software to mitigate risks for remote workers. The former blocks users from accessing certain systems or data based on whether their device/identity state fulfills specific criteria. This system is particularly for I.T. teams that are looking to more directly reduce the risk of users accessing data from unusual locations or un-approved devices that could lead to a potential compromise of data. That being said, more complex conditional access configurations often increase frustration among less tech-savvy employees that may not understand why they cannot access their data under certain conditions, increasing the time I.T. teams must spend configuring devices and tending to users. Password management software is another human-focused solution, and considering that this survey found that compromised passwords was a top source of cybersecurity incidents, it should likely be used more often. The least reported cybersecurity measures were endpoint data transfer limitations and application whitelisting with 27% and 22.3% of respondents reporting their use respectively. Both measures impose further restrictions on endpoints and therefore users in the name of security, and while they may be worth the inconvenience to users, there are many organizations (especially smaller ones) that require their users to be more flexible, and these features may not be practical. For larger organizations with more defined user roles and responsibilities however, these should be used more frequently.

How do organizations handle device management for their remote employees?

23 percent of Respondents said their Organization does NOT Procure, Configure and send Endpoints to Remote Employees
For practically all of the cybersecurity and remote management features mentioned in the previous section, endpoints must be configured by the I.T. department before being deployed to users. This survey, however, indicates that nearly 1 in 4 organizations do not handle endpoint configuration from start to finish before providing said device to their employee. 15.3% of all respondents said that their employees use their own devices with ‘some’ endpoint configuration for remote work. 6.4% of respondents said employees used their own devices with no configuration at all. While not procuring and configuring endpoints may be more cost-efficient in the short term, a cybersecurity incident is significantly more likely if no tools at all are used in order to protect sensitive data.

What is the most popular endpoint management tool used for remote employees?

Most popular Endpoint Management Tool used for Remote Employees

Group policy (60.7%) is the most popular endpoint management tool used by organizations, followed by RMM Tools (43.4%).

Endpoint management tools allow I.T. teams to be significantly more efficient when handling the security and monitoring of multiple endpoints. Group policy has been the go-to tool for many years, and this survey indicates that this is still the case among many organizations – especially those with internal I.T. teams as opposed to those that use MSP services. The survey shows that 70.1% of internal I.T. teams use group policy for endpoint management, as opposed to 51.7% of MSP professionals. While group policy is still a valid tool for many organizations, it lacks features that are present on more modern remote monitoring and management tools. In fact, while group policy is the more popular endpoint management tool for internal I.T. teams, remote monitoring and management (RMM) tools are more popular among respondents that work for MSPs (55.1% vs 51.7%).

 

Most pupular Endpoint Management Tool

Over 1 in 10 respondents (10.9%) say that they do not use any endpoint management system.

1 in 10 respondents do not use any Endpoint Management System
Endpoint management systems are an extremely useful and basic tool for organizations and their I.T. service providers, however nearly 1 in 10 of our respondents say that their organization does not use any of the available systems. This is most prevalent among SMEs, where 15% of organizations with between 1 and 50 employees reported not using an EMS.
Small Businesses are least likely to use Endpoint Management Systems

Employees are less confident in their company’s remote IT security than I.T. professionals.

Non I.T. Professionals are less Optimistic about Remote Security than surveyed I.T. Professionals
In a curious twist, it seems that non-IT professionals are less optimistic about remote security than our surveyed I.T. professionals. 25.5% of non-IT professionals feel that their organization’s data is not secure while they work remotely, as opposed to only 17.9% of I.T. professionals who feel the same way. There could be a few factors that explain this particular finding. We contacted behavioral & cyber profiling expert Mark T. Hofmann for his input, and this is what he had to say about the attitude of the various psychological profiles that can be found in the industry.

Psychological profiles of hackers and I.T. professionals

Hofmann quoted a 2020 study by Prof. Lawrence Sanders about the Psychological Profiling of Hacking Potential: “The results suggest that individuals that are White Hat, Grey Hat and Black Hat hackers score high on the Machiavellian and Psychopathy scales. We also found evidence that Grey Hatters oppose authority, Black Hatters score high on the thrill-seeking dimension and White Hatters, the good guys, tend to be Narcissists.” He goes on to say: I can confirm this from my personal and professional experience and interviews with hackers: Black Hats: Some “black hats” already have millions in their wallets but still commit crimes. If we conclude that cybercrime is mostly about money, this is only half the truth. There is always a motive behind the motive. If you are broke and need money, the motive is money. But if you already have a lot of money and keep going, the motive is not money but greed. It reminds me sometimes of gambling addiction. Thrill seeking is one of the most important psychological concepts to understand cybercrime. Grey Hats: These are people between worlds. They commit crimes, but often have ideological motives or other ideals in doing so. Sometimes they are called hacktivists. If Robin Hood had been a hacker, he would have been a grey hat. But I find this definition difficult, because good and evil are subjective categories. White Hats: Well, narcissism is not a black and white category, but a scale. In science, this is usually measured between 0-40. We are all somewhere on this scale and most of us reading this now are not “0”. So white hats are supposed to have somewhat above average scores as well… if two coders agree, one is not a coder. Mostly everyone thinks their own skills and approaches are right and everyone else is wrong. This might be true.

Full 2022 Remote Management survey results

If you’d like to take a look at the ransomware data, feel free to peruse the survey results here.

About the 2022 Remote Management survey respondents

Here’s a full breakdown of the survey respondents for full context of the ransomware data above.

How is IT handled in the surveyed organizations?

How is I.T. handled in the surveyed Organizations

What is the size of the organization the survey respondents work for by number of employees?

Size of surveyed Organization

How many years of IT experience do the respondents have?

Year of I.T. Experience of the Respondents

How many years of IT experience do the respondents have?

Location of Respondents

Conclusion

While we’re no longer in the immediate aftermath of the pandemic, it is clear through these survey results that organizations are still catching up with the changes that it brought with it from an I.T. infrastructure and security perspective. Many internal I.T. departments were completely unequipped to deal with the sudden shift towards hybrid and remote working when the pandemic hit, and while they tried their best to adapt from an operational perspective, security improvements to match the change are still lagging behind.
The future of Cyber security: What can we expect?

The future of Cyber security: What can we expect?

In the age of the internet, cyber security has become an increasingly important issue. With so much of our lives now taking place online, it’s more important than ever to make sure our business and personal information is safe from hackers. In this article, we will be discussing the future of cyber security to help you ensure that your company is well-prepared to combat cyber threats in 2023.

Cyber security professionals are constantly battling and trying to stay on top of the latest trends and threats in the industry.

What are the major future concerns in cybersecurity?

  • More sophisticated attacks: As technology becomes more advanced, so do the techniques of those who wish to do us harm. Attackers are always looking for new vulnerabilities to exploit.
  • Increase in the number of connected IoT Devices, increasing chances of cyber security threats
  • Ransomware continues to tarnish businesses
  • Phishing is still the most effective way for an attack to happen

1. More Sophisticated Attacks

Coding, Computer, Hacker

We can expect that cyber attacks will continue to become more sophisticated in the future of cyber security. Cyber criminals are always finding new ways to exploit vulnerabilities in systems, so cyber security experts must always stay one step ahead for the future of cyber security. As long as there are people who want to take advantage of businesses and others online, there will be a need for strong cybersecurity measures.

Since the technology landscape is getting more complex each and every day, it is impossible to have products and environments that are 100% secure. There is no such thing as a 100% secure environment or a business/individual that will not get attacked.

Think about the numerous online accounts you have – banking accounts, social media accounts, email accounts, services, gaming services, work accounts, etc. Chances are some of these services you use have appeared in the news for data breaches or cybersecurity incidents.

The reality is no organization is safe from an attack. Organizations must have a cyber security plan in place that provides data security – data redundancy and multiple layers of defense to mitigate the impact left of a attack.

The future of cyber security will continue to be complex. More use of the cloud, increasingly complex APIs, and deep dependence on these systems easily allows for areas of mistakes and misconfigured settings to be overlooked by security teams and security architects. Due to these unseen items, multiple opportunities for attackers to exploit these vulnerabilities are available.

Sometimes, the attackers know about vulnerabilities before the organizations that manufacture the products find out about the vulnerabilities themselves, these are called Zero Days – Vulnerabilities that have no patch currently available from the organization.

TThe most recent vulnerability like this was for an open-source software package called Log4J that is/was widely used throughout the industry. The Log4J utility was found to contain one such zero day vulnerability that caused havoc among the cyber security community and had security teams and security experts working constantly trying to resolve the issue.

Other notable Common Vulnerability Exposures (CVEs) are – Microsoft Exchange Server Elevation of Privilege Vulnerability[1] – October 2022 and Apple Memory Handling Issue – CVE-2022-32932[2]

As we create more complex technologies, cyber criminals will be on the lookout to understand these complexities and find ways to continue to exploit them for their advantage.

2. Increase in the number of connected IoT Devices

Connected IoT Devices

A second item we can look for in the future of cyber security, is the number of Internet of Things (IoT) devices that will be connected. IoT devices are hardware that connect wirelessly to a network.

These can range from smart thermostats, clocks, refrigerators, washing machines, etc. As IoT devices become more affordable and popular with smart home enthusiasts, and the general population implementing these in their home, the numbers are expected to increase.

This increasing number of devices also brings an increase in vulnerabilities. In 2022 there were over 10 billion devices[3] that were connected to the internet.

The issue with these devices is that they usually come with default usernames and passwords from the manufacturer. The average user is not familiar with how to change the default credentials to something stronger. This leads to attackers searching for devices using websites like shodan.io trying to force their way in with a standard username and password combination that is available on the web, directly from the manufacturer.

Additionally, some devices have vulnerabilities that attackers can exploit to control or steal personal information.

There have been instances of IoT devices that are used to be part of a bigger operation, such as botnets to create Denial of Service (DoS) attacks.

With these vulnerabilities present in IoT devices, the number will only be increasing. What we anticipate in the future of cyber security for IoT devices is that by 2030, the number of IoT devices is projected to rise to 29.4 billion connected devices[4].

3. Ransomware continues to tarnish businesses

Ransomware, Wannacry, Malware

Ransomware continues to be a top cyber threat to businesses and individuals alike. According to one of our recent surveys regarding ransomware[5] one out of every five companies falls victim to ransomware with the average downtime associated with the attack being 21 days. Despite the fact that ransomware attacks have been on the rise in recent years, many businesses are still not taking the necessary steps to protect themselves.

This is often because businesses underestimate the threat or believe that they will never be targeted. However, as we have seen time and time again, no business is safe from cyber-attacks, especially small to medium-sized businesses – around 50% of SMBs implement cybersecurity measures[6].

Ransomware has evolved so much that it is now a business model for threat actors. Appearing on the scene is Ransomware as a Service (Raas). This service allows potential buyers to attack their victims with much ease. Instead of having to code your own program and trying to infect a computer. You can purchase software that does this dirty work for you.

Supply Chain attacks are another method that ransomware uses to disrupt everyday business processes and flows. Businesses that use a certain service might notice the website or services of that third party have stopped working. At times this is due to a ransomware attack on a third party or supply chains. This disrupts the business flow of the affected party and any other clients or organizations the third party does business with.

Not surprisingly as ransomware attacks have increased, so have the payments. Ransomware payments continue to rise and are projected to cause around $30 billion in damage by 2023. [7]

The reason why payments have gone up depends on the criticality of the data, helping attackers set a valuable price on these assets. Additionally, when businesses pay the ransom, the attackers see this method of attack working effectively, leading to more software being developed and pushed to cripple users and businesses by making them pay for their valuable data.

Even if a victim decides to pay the ransom demands, there is no guarantee that they will be receiving the data. Some attackers have even made victims pay the ransom, then refuse to decrypt the files, only to demand payment a second time!

Notable companies that have suffered ransomware attacks are – NVIDIA, JBS, and Garmin.

So for the future of cyber security, we can expect this trend to continue.

4. Phishing is still the most effective way to launch a cybersecurity attack. For the future of cybersecurity, this will continue being a top attack vector.

Cards, Card, Stealing

With work from home on the rise, it’s hard to train users on practices related to good cyber hygiene. Particularly, when it comes to phishing emails and how to spot them. Phishing is still one of the most effective ways for an attacker to infiltrate an organization’s network and access sensitive data.

According to an analysis of 25 billion emails by Hornetsecurity[8] nearly 40% of attack methods via email were phishing related.

It’s become readily apparent, that end-users continue to be the weakest link in the defense chain. By providing regular end-user security awareness training, businesses can help to mitigate this very popular attack method.

The same report found that no organization is immune to these style of attacks. While it is true that there is a perception that SMBs fall victim more often (likely due to less budget for IT security), our study found that all industry verticals are at risk.

There are plenty of scams out there that try to trick users into providing their work information, and personal information, or duping them out of their money. Most notable are the urgent emails from the CEO asking for you to purchase gift cards or for users to download malicious files in the form of PDFs, Word, or Excel files.

As provided by a survey conducted by Hornetsecurity on the topic of email security [9], here are some statistics on Phishing attacks –

  • 62% of all breaches are caused by compromised passwords & phishing attacks
  • Companies between 201-1000 employees are the most vulnerable to email security breaches like phishing.
  • Phishing attacks lead to data loss, and malicious software being installed. Some frequently targeted industries are healthcare, manufacturing, and finance, but again our data shows that all industries are a potential target. Critical public infrastructure (such as power, food, and supply chains) have also been attacked through phishing attacks.

Attackers have gotten noticeably better with their phishing attacks. So much so that for the year 2022 and the future of cyber security, attackers are looking at ways to send emails that look like they have been sent from inside your organization. This is known as spoofing. Additional methods of phishing methods are Business email compromise (BEC), social engineering attacks, and finally human error.

Humans play a vital role in understanding and protecting their organization from cyber security incidents. You are either your first line of defense or your last – it doesn’t matter how you look at it. In 2021, 44% of security events were caused by employees being tricked by a phishing campaign. [10]

As phishing threats have evolved over the years and have done more damage than before, phishing has no sign of slowing down. A simple yet effective way for attackers to gain access to a system, steal personal data or breach an entire company are through sending carefully crafted emails that users will not think twice about clicking.

Wrapping up the future of cyber security

In conclusion, we can expect the future of cyber security to be more complex and challenging than ever before. New technologies, complex designs of security architecture, and mis-configurations of software can lead to an increase in cyber risks and cyber threats that violate the confidentiality, integrity, and availability of corporate resources.

Statistics show that old attack techniques are still relevant and increasing every year. The threats we face will continue to evolve, and we will need to adapt our defenses and cyber security strategies accordingly to combat new threats and old threats.

Our best hope is for cybersecurity professionals to stay ahead of the curve by investing in research and development, staying informed about the latest developments in the field, and being one step ahead of threat actors.

In the future of cyber security, you can expect the four trends above to make a significant impact.

Learn more about the future and current state of cyber security in our Cyber Security Report 2023.

The Importance of Machine Learning in Cyber Security

The Importance of Machine Learning in Cyber Security

The COVID-19 pandemic changed the way we work. As remote working is becoming the new normal, there has been an increase in the number of cyber attacks and load on IT teams. In this article, we will be discussing the importance of machine learning in cyber security and how it helps to detect threats and predict suspicious behavior in different security events. According to the Swiss National Cyber Security Center, during the pandemic, the number of cyber attacks increased by 300%. Furthermore, IT governance discovered 5 billion breached records in 2021. Today, at least 10 million records were compromised. At the moment, there are millions of cyber attacks happening worldwide. Cybersecurity is an infinite game between threat actors and security professionals. As we improve our detection against different cyber threats, a new attack vector emerges. With so many different types of cyber attacks, maintaining high-security analysis and precision is challenging for most businesses. Learn more about IT Security, what impact it has on your business, and how to protect your business against malicious events – What is IT Security? – Definition and measures! The amount of data that is being generated is large and complex. According to the Data Never Sleeps 4.0 report from 2016, over 18 TBs of data is being generated every minute. Today, that number is even higher. These data are generated by different IP-based devices and software. We refer to them as Big data. We, as human beings, cannot analyze this amount of data by ourselves. We are unable to easily predict potential security threats. Building models by hand is labor-intensive. That wouldn’t work. So, we need some help. That’s where machine learning (ML) comes into place. Before we start discussing the importance of machine learning algorithms, let’s start with the basics.

The Basics of Machine Learning Capabilities

  For those of you who are new to the topic, machine learning is not a new trend. The concept dates back to the 1940s, but it took time to develop. In the early 1950s, Arthur Samuel, an American scientist, developed the first program that used machine learning, which was a game for playing checkers. The game used machine learning to learn how to play better than the author of the program. That created a WOW effect.
The game diagram for Samuel's checker player
In 1968, Arthur C. Clarke, a British scientist, predicted our life today. He stated that we will eventually work with machines and software that could match human capabilities through artificial intelligence (AI). He was right. Today, machine learning (ML) is used in different industries to gain business intelligence. You can see it in self-driving cars, speech and image recognition, ads recommendation, virtual assistants, video surveillance, and many more. For example, Netflix uses artificial intelligence and machine learning to provide their users with an appropriate movie or series suggestions. We have all experienced this, haven’t we? Google uses it for Google translation, traffic alerts using Google Maps, etc. Facebook uses it for facial recognition systems and identifying humans. AWS provides a solution called Amazon SageMaker to build, train and deploy ML models for any business case. The list is huge.

What is Machine Learning?

  Machine learning (ML) is a type of artificial intelligence (AI). Furthermore, deep learning is a subset of machine learning and uses algorithms to analyze complex data. It draws conclusions based on the data similar to how a human would do it. It can’t work alone. It requires data. It can only analyze and predict behavior based on the data it analyzes. Applying that mechanism to cybersecurity systems would mean analyzing data from security incidents, learning from it, and then applying the solution to a new attack to prevent it.
How does machine learning work?
When it comes to using machine learning in cybersecurity, there is no specific security algorithm to do so. Machine learning is just a toolset that can be applied to almost any industry. The only different thing is the data that is being analyzed. The raw data needs to be converted to a vector space model and then used by machine learning to analyze it and prevent security incidents. Many security prevention solutions use machine learning. The goal is to fight against advanced threats that are occurring every minute. You can read more on how we can help you stay protected Malware protection with Hornetsecurity Advanced Threat Protection. For example, Google uses machine learning to analyze and prevent security threats against Android endpoints. Microsoft Defender Advanced Threat Protection (ATP) uses machine learning to analyze trillions of data every day and finds 5 billion new threats every month. You can read more here: Microsoft Defender uses ML.NET to stop malware. Some enterprise companies use AI and machine learning to protect their infrastructure from potential incidents that could happen from BYOD (Bring Your Own Device) and CYOD (Choose Your Own Device).

Types of Machine Learning

  Machine learning uses three types of learning; supervised, unsupervised and semi-supervised learning. Supervised learning uses data samples and labeling to predict potential malware behavior. For example, machine learning would analyze network traffic and mark it as malicious based on the learning from the existing datasets. That way, ML can learn how traffic went from normal to malicious. In other words, it would build a pattern to predict malicious network traffic.
How does supervised learning work?
With unsupervised learning, no labeling is being used. ML uses only data samples and tries to learn to form a behavior. For example, machine learning would analyze network traffic over some time, and it would learn which traffic is normal and which traffic is malicious.
How does unsupervised learning work?
There is also semi-supervised learning where only some of the data are labeled. We can say, semi-supervised learning is supervised and unsupervised learning.

Machine Learning Use Cases in Cybersecurity

  There are many use cases where machine learning helps in preventing cybersecurity incidents. As time goes on, the number of use cases is growing. One of the use cases is detecting and preventing DDoS attacks. ML algorithm can be trained to analyze a large amount of traffic between different endpoints and predict different DDoS attacks (applications, protocols, and volumetric attacks) and botnets. In 2021, there were more than 9 million DDoS attacks worldwide. DDoS has one goal, and that is to put the system to slow-response or no-response (read it downtime). ML can detect and stop it. The second use case is to fight against malware. This includes trojans, spyware, ransomware, backdoors, adware, and others. ML algorithm can be trained to help antiviruses in fighting unknown cyber threats. According to Statista research, in 2021, 5.4 billion malware attacks were detected. Phishing attacks are one of the most common attacks used to steal confidential data and get into corporate or government institutions. It is shared via scam emails. For example, Google (Gmail) uses machine learning to analyze data in real-time and identify and prevent malicious behavior of more than 100 million phishing emails. We published an article to help you understand and prevent phishing in detail. You can read it here: Phishing – The danger of malicious phishing emails. The third use case is about protecting against application attacks. Applications are used by end users and are prone to different layer 7 attacks. According to Cloudflare, they handle 32 million HTTP requests per second. Web Application Firewall (WAF), in combination with machine learning, can be trained to detect anomalies in HTTP/S, SQL, and XSS attacks. Microsoft, AWS, Google Cloud, FortiGate, and many other vendors offer WAF as part of their portfolio. The fundamental security principles teach us to implement multi-factor authentication. This includes something we know (e.g. password), something we have (e.g. USB token), and something we are (e.g. fingerprint, facial detection). AI and ML combined with deep learning play a vital role in biometric applications. ML helps to perform matching tasks to quickly find the relevant data. Security Operation Centers (SOC) take care of monitoring, detecting, and responding to different cyber security threats. One of the challenges the SOC Team had was dealing with a large amount of data. Thanks to machine learning, SOC Teams can more efficiently automate and analyze incidents and be more proactive. The list of use cases is bigger. And it wouldn’t work without having machine learning as part of cybersecurity.

Wrap up

  Cybersecurity is an infinitive game. As you read this article, millions of different security threats are occurring worldwide. At the same time, new critical threats are being developed without adequate protection. Millions of data are being generated every minute. We, as human beings, can’t do all the analysis, maintenance, and prevention. We need help. Thanks to machine learning and its toolset we can automate things. Machine learning can help us perform deep analysis, predict behavior and uncover threats. It does this by analyzing the dataset that is being generated by different devices and software. ML is learning from data. It can help us analyze and predict malicious activities such as malware, phishing, application attacks, authentication attacks, and much more. Many companies develop their system with machine learning in place. Our mission is to keep your system and data safe. We at Hornetsecurity want to ensure that your data is untouched and complies with security principles (confidentiality, integrity, availability). Throughout 2022, we analyzed over 25,000,000,000 emails and found that 40.5% of emails were unwanted. We created a report that gives you an in-depth analysis of the Microsoft 365 threat landscape. You can download it here Cyber Security Report.
Download Cyber Security Report 2023
And the last thing for today. If you’d like to take a deeper dive into the Microsoft 365 threat landscape and learn the key strategies to building cyber security resilience, watch our free on-demand webinar.
5 Cyber Security Trends to Look Out For in 2023

5 Cyber Security Trends to Look Out For in 2023

The world of cyber security continues to be a cat-and-mouse game with changing players, rules, and targets. If we, as IT security professionals, are not “keeping our eye on the ball” with this ever-changing ecosystem and enhancing our security measures, bad things tend to happen, data breaches occur, and critical data is lost. What is the next cyber threat? How will attack vectors change? How are targets changing? This is a good time of the year to look at these questions as we start prepping for 2023.
Cyber attacks, cyber threats, phishing attacks
Let’s take a look at some upcoming threats as well as proactive cyber security practices you can implement in your business operations to enhance your network security.

MFA Fatigue Attacks Will Become an Increasingly Worse Cyber Security Trend

Mobile device multi factor authentication
It’s proven true with nearly every cyber attack type. If any level of success is achieved with a given attack vector, we’re likely to continue seeing more of it. This will be true for multi-factor authentication fatigue (MFA) attacks or “Prompt Bombing” on mobile devices. This style of attack takes advantage of push notification MFA prompts where the end-users are prompted on their mobile devices for their second factor. While this is immensely convenient, it can open the end-user up for attack. A MFA Fatigue attack targets users using this style of MFA in that they bombard the user with prompts for the second factor over and over until the target taps accept by accident or simply to just make the madness stop. We’ve recently also seen cases where this style of attack is combined with social engineering to an even greater effect like we saw in the recent Uber breach. SecOps teams can help protect their organization against this style of attack by leveraging a style of MFA that does NOT rely on push notifications. While push notification MFA is better than no MFA at all, you’ll want to use the push method sparingly or not at all in the coming year.

Charity Fraud will Continue to Rise

When there is a lot of bad stuff going on in the world, we tend to see the better side of humanity in that people are trying to help each other, which is great. We also see the darker side of the spectrum in people who will use these same situations to try and make a quick buck. Charity Fraud scams have been around for a long time, but we’re likely to see them continue as a growing Cyber Security Trend in 2023. Think about everything we as a world have going on. War in Ukraine, worsening global warming, resource shortages in some regions, and disease outbreaks. Anytime something of this nature occurs, we see an uptick of Charity Fraud. Keep this in mind and train your workers to spot it. Finally, if you really want to pitch in and help with a donation, seek the charity out yourself, don’t let them come to you.

Microsoft Teams will be the Next Frontier of Cyber Attacks

Due to the pandemic, countless numbers of employees began working from home. During the COVID-19 years, Microsoft Teams saw insane growth and adoption. Again, threat actors are tuned into the current toolsets of world businesses, and they know that Teams is a ripe target. Pair this with the fact that Microsoft has made it easier (and enabled by default in some cases) to chat with external users and connect (federate) with other “trusted” businesses. Much like we see phishing and other threats appear in our inboxes, the day when we’ll see threat vectors via Teams is already here.
Remote worker risks
Be aware, start taking the necessary precautions and training your end-users with a trusted Security Awareness Training product to get ahead of the curve for 2023. Security awareness training not only helps with email communications, but many of the same methods and skills can also translate well to Teams communications as well!

More Dependence on APIs will Increase Risks

Most businesses today leverage an API in some way. There is hardly a computing product on the market today that doesn’t allow some sort of integration with another vendor. This is all not to mention cloud services! Cloud services alone have opened countless APIs and inter-app connections that provide a high level of value to businesses across the globe. The problem here is that increased API use adds complexity and is another potential vector of attack for threat actors to poke at. For example, there have been countless examples of Amazon S3 buckets being mistakenly exposed to threat actors since 2017! The issue has only gotten more prevalent and damaging. Sure, this is a more simple example, but the point stands. The more complex our deployments with multiple APIs and services, the more chance of something being forgotten or misconfigured. Being aware of this is step one. Start crafting the necessary security measures, strategies, and protocols for the coming year to help mitigate this risk in your entire business operations.

More Daring Deepfakes

We’ve been hearing about deepfakes for a couple of years now. Like encryption-breaking quantum computing, deepfakes are cyber threats that have simultaneously seemed imminent and far away at the same time. Well, the threat is here…. and getting worse. For example, the FBI has warned businesses of cases where stolen PII and deepfakes are used to apply for remote tech jobs. The idea here is to ultimately get access to data of the company that the “prospective employee” is applying to. Pair this warning with the insanity that is Deepfake Tom Cruise and you have a perfect storm for a new worry for your cyber security team. Again, be aware and start taking this into account as you plan your cyber security strategy for 2023.
Cloud Security

Wrap up

So, there you have it! 5 Cyber Security Trends for 2023 that are sure to keep you awake at night! In all seriousness though, if you need some reading material for those sleepless nights (or lunchtime for your day job!) be sure to check out the latest edition of the Annual Hornetsecurity Cyber Security Report. In this report you can read about a number of additional trends to watch in the coming year, you can also get expert insight and useful data regarding the cloud security landscape of today and what more you can do to prepare for coming cyber threats!

Cyber Security Report 2023

If you’d like to take a deeper dive into the Microsoft 365 threat landscape and learn the key strategies to building cyber security resilience, watch our free on-demand webinar. Our esteemed panel of experts discuss the major cyber security threats to look out for in 2023 and how they will impact the Microsoft 365 platform and its users.

Hornetsecurity Hybrid Cloud Adoption Survey

Hornetsecurity Hybrid Cloud Adoption Survey

Hybrid Cloud: 2 in 3 IT Pros state it’s their Future 

About the hybrid cloud adoption survey 

Migration to cloud technologies has always seemed like an inevitable, yet somewhat far off event. The events of the past two years, however, have accelerated the adoption rate of cloud technology, thanks to the increasing need for remote solutions for businesses and individuals. The road to the cloud has proven to be a bumpy one, with plenty of technical and human challenges that need to be addressed before any company can claim to be completely cloud-native, or even to adopt a hybrid cloud model.  Security, data storage, application compatibility, industry regulations, legacy software – there are a near endless amount of variables that can have an impact on any company’s journey to the cloud. We have lots of content already available in the DOJO on most of these subjects, but we wanted to find out exactly which of those challenges have been the most prevalent in hybrid cloud environments, along with what IT professionals think the future holds for infrastructure. After all, it can be difficult to know exactly when is the right time to transition to cloud technology.  For this reason, we ran a hybrid cloud adoption survey with over 900 IT professionals across the world, and now, we’re ready to share our findings with you. Throughout the rest of this article, you’ll find a detailed breakdown of our findings, but if you’d like more detailed data, you can also take a look at the hybrid cloud survey results.  With that out of the way, let’s get started. 

About the hybrid cloud survey respondents

Before we dive into the results themselves, here’s a breakdown of who our respondents are, for extra context.  Just over half (50.4%) of respondents form part of an internal IT department, while 23.6% are part of an MSP. The rest are split between other roles and business owners who handle their own IT. Most respondents have job duties primarily surrounding system administration or engineering (80.4%), while the rest are responsible for Team Management (19.6%).  We also asked our respondents about how many years of experience they have in the IT industry. Nearly half (45.8%) reported over 20 years of experience in the field. The rest are split between 16-20 years (17.9%), 10-15 years (18.1%), 6-10 years (11.1%) and 1-5 years (7.1%).  In terms of geography, the vast majority of respondents are based in North America (43.8%) and Europe (41.6%). The remaining 14% are split between Asian territories (4.7%), Africa (3.3%), Australia (2.9%), the Middle East (2.1%) and South America (1.7%).  The size of the businesses (by employee count) that our respondents form part of varied between 1-50 (41.7%), 51-200 (23.1%), 201-500 (12.1%), 501-1000 (6.7%), and 1,000+ (16.3%). 
Hybrid Cloud Adoption Survey

2 in 3 IT professionals see hybrid cloud solutions as a permanent destination for infrastructure 

One of the most interesting findings the hybrid cloud survey provided is that while industry sentiment is that cloud infrastructure is the future, 67% of our respondents believe that a hybrid cloud strategy is not a stepping stone to cloud-native infrastructure, but rather, a permanent destination. This is due to specific workloads that will remain on-premise for any number of reasons, which will be explored later.  28.6% of respondents reported that they’ll remain with a hybrid cloud model, only until full cloud adoption becomes available to their workloads. We expect this percentage to grow over the coming years as more commonly found issues related to cloud adoption are solved, such as application compatibility thanks to the advancements in containerisation tech.   The remaining 4.3% of survey respondents said they’ll be remaining 100% on-premise for the foreseeable future, rejecting even a hybrid cloud strategy. When asked for the reasons they’re keeping a fully on-premise infrastructure, these respondents cited the need for full control over their data, security issues, and cost considerations related to cloud services. 

1 in 3 companies cite trust issues with cloud as reason for some workloads remaining on-premise 

34.1% of all our respondents said that ‘Privacy/Trust issues with the public cloud’ are keeping certain workloads on-premise. This sentiment is prevalent across all our respondents, and there is no appreciable difference in trust in the public cloud between those respondents from different territories or company sizes – very clearly indicating that it is a widely-held distrust.   There is, however, a difference in the level of trust in the public cloud between those respondents with more experience and their less seasoned counterparts. Respondents with over 20 years of experience were more likely to express distrust in cloud platforms (33.6%) than those with 1-5 years of experience (24.2%). This indicates that with experience comes more cynicism when it comes to allowing cloud platforms access to company data and operation.  Security and monitoring is one of the chief concerns that many of our respondents had throughout the survey. In fact, when asked about which technical challenges they see in a hybrid cloud model, half (49.3%) of all respondents cited ‘monitoring and security’. This is not only a concern from a cloud platform perspective, but also from a user perspective. 73.1% of all respondents mentioned that they are either using, or planning to use, multi-factor authentication and conditional access as part of their suite of security tools.  There is a clear overall sentiment that as more workloads are shifted into the cloud, the more of a concern control, monitoring and security become, especially when compared with the apparent peace of mind that on-premise infrastructure is associated with. 

Only 5.7% of respondents report no technical difficulties with cloud or hybrid technologies 

Among the reasons that our respondents cited behind having to keep certain workloads on premise, there were two that were more frequently mentioned than trust issues with the cloud. These were ‘legacy systems or software’ and ‘application compatibility’, each being reported by 51.8% and 39.5% of respondents respectively.   This would indicate that even though Microsoft and other cloud platform providers have placed significant resources into providing avenues for IT professionals to modernise their applications and assist in the migration to hybrid cloud architecture, this effort hasn’t resulted in the elimination of related issues.  In fact, when asked what technical difficulties respondents have with cloud technologies, the most common answer provided (48.2%) was ‘technical knowhow or certified staff’. Meaning that even though the technology required to overcome issues related to legacy software and application compatibility are available, many businesses lack the required knowledge and skill to implement them.  There is further evidence of this lack of knowledge, as one third (33.3%) of respondents also cited connectivity as a technical difficulty they have with cloud technologies. Indeed, while connectivity is definitely one of the most challenging aspects of the application of cloud platforms, it can be handled with the correct knowledge and certification.  

Workloads holding full cloud adoption back 

When asked about which specific workloads respondents envisage remaining on-premise, the following data was gathered. 
With regards to ‘print & imaging services’ being the most frequently mentioned workload in the list, it’s likely that many internal IT teams adopt an ‘if it ain’t broke, don’t fix it’ approach to this particular issue, especially since remote access for print services is redundant in most cases. Print services are also a critical end-user service for many organisations, so IT departments likely exercise extra caution before attempting an upgrade so as not to interrupt operation.  Databases and File Storage are also high on the list, with a combination of privacy and performance issues being the main reasons such workloads would remain on-premise for many companies. Industry regulations such as GDPR, HIPAA, CMMC, and others may also be playing a part, as 28.7% of respondents cited these as an obstacle for cloud adoption.  

Companies using MSP services more likely to use cloud solutions vs on-premise 

MSPs will be glad to hear that they’re leading the way when it comes to cloud adoption across the industry. 54.4% of MSPs reported that they see their workloads as ‘mostly in the cloud’ within the next 5 years. They also seem to be pulling their clients into hybrid cloud tech with them, as 51.7% of companies that use MSP services will also be leveraging a hybrid cloud model in the near future. 46.9% of internal IT departments, on the other hand, report that they’ll be ‘mostly in the cloud’ in 5 years’ time.  Trust issues with the public cloud, however, remain relatively constant across all respondents, with 34.4% of internal IT teams reporting that trust issues are an obstacle to cloud adoption, versus 32.5% of professionals that engage an MSP.  In more good news for MSPs, our survey also revealed that 40.8% of respondents that do not form part of an MSP, nor use any MSP services, would consider engaging a Managed Services Provider to assist with the transition from on-premise to a hybrid cloud architecture.  

Most popular containerisation services 

Through the survey, we also wanted to find out which containerisation service holds the most popularity within our base of respondents, since this is one of the key technologies that make a hybrid cloud strategy possible for certain use cases.   We were relatively surprised to find that Docker remains popular among all containerisation tech, with 3 in 10 (30.7%) respondents citing that it’s the technology they either currently use or plan on using within the next 5 years. This stands against 22% of respondents that use Azure Kubernetes Service.  This is especially surprising since Kubernetes with ContainerD is proving to be a more powerful, albeit more complex, containerisation solution. We actually dove into the intricacies of AKS (Azure Kubernetes Service) with Ben Armstrong from Microsoft in an episode of the SysAdmin DOJO Podcast, which you should definitely check out if you’re looking to up your containerisation game. 

Full hybrid cloud adoption survey results 

If you’d like to take a look at the data for yourself, feel free to take a look at the hybrid cloud adoption survey results here. 

Next steps? 

The findings will directly influence the Altaro webinar on 23 March, How Azure Stack HCI is Forcing Changes in your Datacenter. Microsoft MVPs Andy Syrewicze and Carsten Rachfahl will break down Microsoft’s core hybrid cloud solution Azure Stack HCI, what it means for IT Pros and how it will fit into the tech stack long-term. Register for this hybrid cloud webinar > 

FAQs 

What is hybrid cloud and how does it work?

Hybrid cloud is a term used to describe an IT system architecture that utilises a combination of on-premise technology and cloud (public or private) services. A hybrid cloud model allows these systems to interact with each other and share data and resources to support the operation of an IT infrastructure.

What is an example of a hybrid cloud model?

Hybrid cloud models are used in a wide variety of situations. The most common of which is when a business wants to modernise their IT infrastructure, but has certain workloads that must remain in physical data centres due to legacy software or industry requirements.

How do I build a hybrid cloud architecture?

The first step is to become familiar with the providers of hybrid cloud platforms, such as Microsoft Azure, Amazon Web Services, Google Cloud, etc. Each of these providers has their strengths and weaknesses, so finding out what your IT infrastructure requires the most is essential in choosing the right platform. A benefit of cloud technologies is that it doesn’t require hardware installations for trial, so testing different providers to find out which fits your business best is definitely recommended.

What is hybrid cloud and how does it work?

Hybrid cloud is a term used to describe an IT system architecture that utilises a combination of on-premise technology and cloud (public or private) services. A hybrid cloud model allows these systems to interact with each other and share data and resources to support the operation of an IT infrastructure.

What are the benefits of Hybrid Cloud technology?

Benefits of hybrid cloud technology include: Flexibility and scalability. Since they don’t rely on fixed hardware resources, systems operating in hybrid cloud environments can increase and decrease resource allocation depending on the current workload. Cost management. With the amount of different available options and price points for both private and public cloud technology, businesses can pick and choose which applications will be run on which platform based on their needs and budgets. Security and monitoring. Native and third party security suites and monitoring software is widely available for most major cloud platforms that make them a preferable choice for businesses that need the accessibility of cloud services for sensitive data. Control and customisation. With the vast amount of integration options available for cloud platforms, IT can take the shape of whatever specific infrastructure is required by the business. Reliability and resiliency. Thanks to the decentralised nature of several cloud services, downtime is exceptionally rare, and data loss due to hardware failures is practically non-existent. Recovering any lost data is also a pain-free process in the majority of cases.

What is a hybrid cloud approach used for?

Frequently changing workloads for applications that require the scalability of cloud technology, and the security of on-premise or private cloud storage. High levels of data processing – processing large amounts of data usually occurs in waves. Hybrid cloud platforms allow external resources to be allocated at a lower cost than other solutions. Migrating to cloud technology – Thanks to its flexibility, many businesses are using a hybrid cloud approach until all their workloads can be completely shifted into the cloud due to financial or technological constraints. Future-proofing – no business knows exactly what it will require down the road, and a hybrid cloud approach allows businesses to be agile and reactive with their IT resources in ways that were previously impossible.
1 of every 4 companies suffered at least one email security breach, Hornetsecurity survey finds

1 of every 4 companies suffered at least one email security breach, Hornetsecurity survey finds

Email security is one of the main topics of concern for any IT department, and for good reason. Security breaches often lead to loss of sensitive data, operation downtime, and lost revenue. So we conducted an email security survey of 420+ businesses, and found that 23% of them, or 1 in 4, reported an email-related security breach. Of these security breaches, 36% were caused by phishing attacks targeting arguably the weakest point of any security system, end users.

The survey also examined how companies operating on the Microsoft 365 platform handle email security, and whether or not they use the baked-in Microsoft 365 security tools, or resort to third-party solutions. It is important to keep in mind that the results reveal the number of security breaches that respondents were aware of, and that often potential security breaches are reported months after they occur, missed completely, or not reported at all.
Reported Email Security Breach

What’s the main cause of email security breaches?

Of the security breaches respondents reported knowing about, 36% were caused by phishing attacks specifically targeting end users. More surprising is that 62% of all reported email security breaches occurred due to user-compromised passwords and successful phishing attacks.
User Compromised PW and Phishing Attacks
This fact reconfirms what many already think to be true – that your email security functions are only as useful as the training provided to end users to use said functions correctly and responsibly.

Use of Microsoft 365 Security Features

Keeping this data in mind, we then wanted to quantify and understand what companies are doing to bolster their email security. We asked a series of questions around most of the security features currently built into Microsoft 365. More specifically, we asked whether companies are using them, and if not, why. Here’s what we found:

● 1/3 of companies do not enable Multi-Factor Authentication for all users
● More than half (55%) of those who use MFA do not use Conditional Access
● 69% of respondents do not digitally sign messages
● 58% of respondents do not use encrypted email

Do not enable MFA for users
These issues are also compounded by the fact that 57% of our respondents also mention that they do not leverage Microsoft 365 Data Loss Prevention policies and 23% of these point to a lack of knowledge about the implementation of such policies as the reason.
Leverage DataLoss Prevention Policies

68% of companies expect Microsoft 365 to keep them safe from email threats, yet 50% use third-party solutions

There seems to be a disconnect between the expectations that businesses have of Microsoft 365’s email security, and the reality: While 2 out of every 3 expect Microsoft to keep them safe from email threats, half of all respondents resort to third-party solutions to supplement email security.
MS Keeping Safe from Email Threats
MS Email Security Features Licensing

Third-Party Solutions most effective, with 82% reporting no breaches

Those that use third-party solutions reported the lowest rate of email security breaches in comparison to organizations using security packages offered by Microsoft 365. An impressive 82% of all our respondents who use third-party email security solutions reported no breaches.
82 Percent report no Security Breaches
Additionally, of those who reported paying extra for Microsoft’s Enterprise Mobility & Security E3 or E5, 48% also use third-party solutions. So while expectations of Microsoft 365’s email security are high, the reality is most companies believe it’s not enough; and the numbers back up that claim.

Which companies are the most vulnerable to email security threats?

For context, here is some geographical data about our respondents: the overwhelming majority (63.8%) hail from North America, with Europe trailing at 26.5%. The rest are split between Asia (3.5%), Africa (2.9%), Australia (1.3%), Latin America (1.3%), and the Middle East (0.5%).
74% of all security breaches reported in this survey were by companies that fell within two company size brackets. Those with 201-500 employees and 501-1000 employees. This is likely due to a combination of factors such as budget and recruitment priorities that do not recognize digital security as a major concern at the outset.
Reported Breaches based on Company Size
Once the employee count exceeds 1,000, the incidence of an email breach decreases to 17% – probably due to reactions to previous security concerns and the ability to invest in more robust security protocols and more advanced IT infrastructure. Illustrating this point is the fact that companies with 1,001+ employees are 11% more likely to have MFA enabled for all users than those with 201-500 employees.
Here’s another interesting tidbit: North American respondents reported 5% more email security breaches than their counterparts in Europe. Yet both regions use Multi-Factor Authentication at the same rate: 68%. This could be due to the fact that US breaches tend to yield much higher payouts, so US organizations might be targeted more aggressively.

How do companies feel about storing sensitive data on Exchange Online & Microsoft 365?

MS365 and MS Exchange Security Concerns
The majority of respondents reported no concerns with storing sensitive data, but it results that nearly 4 of every 10 companies do not store sensitive data using the Microsoft 365 platform due to data security concerns. That percentage is not insignificant considering that platforms such as Microsoft 365 are critical to most company operations.

Cyber threats on the rise – additional security layers strongly recommended for Microsoft 365

Microsoft is considered the biggest driver of the cloud movement and Microsoft 365 has brought the world’s most-used office suite to the cloud. Both critical and sensitive files are uploaded and exchanged every day by millions of business customers in the Microsoft suite – and cybercriminals are aware of this. The risks of cyberattacks are increasing every day and more incidents are being reported by both private individuals and companies of all sizes. As the survey shows, it is not only large global operating companies that are affected but also small and medium-sized ones that are increasingly becoming the focus of hackers.

With 365 Total Protection, Hornetsecurity launched a comprehensive Security & Compliance Suite for Microsoft 365, specifically designed for the cloud service and integrates seamlessly. 365 TP is available in two versions: 365 Total Protection Business includes multiple features, such as email and data security, and thus proves to be a reliable additional protection against spam and malware attacks. Advanced features and advanced protection mechanisms are included in 365 Total Protection Enterprise. With AI-based forensic analysis mechanisms, URL malware control, and ATP sandboxing, even the latest targeted cyberattacks, such as ransomware or business email compromise, are blocked.

Furthermore, the service is characterized by its fast, 30-second onboarding process, intuitive operation, and low maintenance requirements.

Click here for more information: https://www.hornetsecurity.com/us/services/365-total-protection/