Hornetsecurity VM Backup Takes The Lead In Backup And Availability

Hornetsecurity VM Backup Takes The Lead In Backup And Availability

by | May 11, 2023 | Security information

VM Backup, Hornetsecurity’s award-winning virtual machine backup and replication solution, received recognition in a recent comparison study by SoftwareReviews.

SoftwareReviews named Hornetsecurity a market leader in Backup and Availability as we proved to be the top contender, setting the benchmark with a category-leading composite satisfaction score of 9.1/10.

Earning the top overall feature satisfaction score as well as being the leading provider in both virtual machine backup and deduplication implementation, is something we are proud to have achieved.

We at Hornetsecurity are committed to providing a reliable, no-fuss backup solution when needed. Therefore, our VM Backup service is designed specifically for small and mid-market businesses, and we have put a lot of thought and care into creating a product that meets the needs of our customers.

Hornetsecurity as Industry Leader in Backup and Availability

Outstanding Feedback: VM Backup Is The Top Value Driver

Adding to this, customers acknowledged us and our product as an important value driver for their businesses. They commended Hornetsecurity’s VM Backup and disclosed that the product was critical to their professional success.

Hornetsecurity received outstanding feedback

It gives us great pride to have attained such a high level of customer satisfaction. Customers said they were likely to recommend us to others and were super satisfied with the premium-level support we deliver. This rate of satisfaction is a true testament to the quality of our product and the level of service we provide.

Get the full report here

Get VM Backup V9 And Experience It For Yourself

Emotional Footprint - Strategy and Innovation
Emotional Footprint - Service Experience
Emotional Footprint - Conflict Resolution
If you require a backup solution for your business, Hornetsecurity’s VM Backup is an excellent choice. It is fast, affordable, and high-performance, making it an ideal option for small and mid-market companies. Customer satisfaction is unparalleled, as our premium-level support is second to none.
Get your 30 day – free of charge – trial here
Discover 9 Reasons Why You Should Choose VM Backup V9 as Your Backup Solution

Discover 9 Reasons Why You Should Choose VM Backup V9 as Your Backup Solution

by | Apr 20, 2023 | Security information

Discover 9 reasons why choosing VM Backup V9 as your backup solution for Microsoft Hyper-V and VMware virtual machines is the right thing to do and how this will benefit your business.

Ransomware attacks on the rise – companies are in need for high level data security & disaster recovery

As the number of cyber-attacks is increasing, more and more companies are becoming the prime targets for cybercriminals seeking to access sensitive data. According to our recent Cyber Security Report nearly 6 in 10 ransomware attacks originated from malicious email or phishing attacks.

What makes ransomware attacks especially lucrative for cybercriminals is the fact that 7% of victims end up paying the ransom. While cybercriminals benefit, the costs of downtime, data loss and paid ransoms, can easily reach $ 1 Million for targeted businesses.

Even more concerning is the fact that our 2022 Ransomware study brought to light that up to 15% of ransomware attacks specifically targeted backups. This highlights the need for resilient backup solutions for Microsoft Hyper-V and VMware virtual machines.

Here is why VM Backup is the perfect solution to back up and replicate your data

Although the number of ransomware attacks is increasing, backup and disaster recovery are often neglected. However, if you ask IT professionals, there are some key functionalities that are mentioned again and again when it comes to best practice backup solutions:

A backup and replication solution must provide flexibility and power to give you confidence in your backup strategy. The user interface must be user-friendly, the setup needs to work quickly – and ideally, everything can be managed via a central platform.

You need to be able to replicate data to an offsite location or a removable drive, to be able to restore individual files or emails, restore from different points in time, verify backup integrity, and minimize downtime.

After all, corporate data must be reliably protected against the latest cyber threats and, in the event of an emergency, must be able to be restored quickly and effortlessly at any time.

Here are 9 reasons why VM Backup V9 is the perfect backup solution:

 1. Easy to install

In less than 15 minutes the installation and your first backup are done.

2. Centralized management

Centralized management of backups and various accounts via one platform – the Control Panel.
9 reasons why choosing VM Backup V9 as your backup solution – Number 2: The Control Panel

3. Ransomware protection leveraging Immutable Cloud Storage

Backups are protected with Immutable Cloud Storage, which means that data cannot be deleted or modified by anyone for a set duration. Using immutable cloud storage space provides additional protection for existing backups.
9 reasons why choosing VM Backup V9 as your backup solution – Number 3 : Ransomware protection leveraging Immutable Cloud Storage

4. Massive storage savings – up to 65 percent – by using Augmented Inline Deduplication

Common data is only transferred to the backup or offsite location ONCE. Unlike most competitors, the service does not handle this post-process, so it immediately ensures that only changed data is sent to the customer’s backup repository (rather than removing the identical data after the transfer).

5. WAN-optimized replication

WAN-optimized replication enables users to be back up and running in minimal time should disaster strike. It enables administrators to replicate ongoing changes on their VMs to a remote site and to seamlessly continue working from the replicated VMs, should something go wrong with the live VMs.

6. Continuous Data Protection (CDP)

Continuous Data Protection (CDP) enables customer to set automatic scheduled backups of virtual VMs as frequently as every 5 minutes. CDP ensures that, should a data loss scenario occur, only a few minutes of data are lost. This quick disaster recovery ensures dramatic reduction in data loss, saving companies time and money while minimalizing hassle.

7. The 3-2-1-1 backup strategy

Enjoy added data protection and security by adopting a 3-2-1-1 backup strategy, which amplifies your ability to access an intact and fully recoverable copy of your data when disaster strikes. VM Backup simplifies this by supporting multiple backup media types, multiple offsite backups over LAN, WAN to offsite servers, and direct offsite copies to MS Azure, Amazon S3 and Wasabi cloud storage.

8. 24/7 outstanding support

We have a team of experts on standby; no chatbots, no gatekeepers, not even an answering machine for canned responses. Quite simply, our experts are here, ready and waiting to answer your tech support queries on backup, Hyper-V and VMware, 24 hours a day, 7 days a week.

9. Seamless cloud backup to Microsoft Azure, Amazon S3 and Wasabi

Users can simply enter their account details and store their offsite backup copies with their provider of choice. This way, customers can easily make a backup copy of their data direct to Azure, S3 or Wasabi, as well as to a local disk, network path or a Hornetsecurity Offsite Backup Server. Using cloud storage services should definitely be part of your backup and disaster recovery strategy (see also 7.).

We at Hornetsecurity work hard perpetually to give our customers confidence in their VM Backup strategies.

Ready to use the best solution to back up your Microsoft Hyper-V and VMware virtual machines (VMs) and physical Windows servers?

Download a full trial of VM Backup for 30 days and see how easily you can securely back up and replicate your virtual machines. 24/7 support included.

Download VM Backup now

FAQs

What is VM Backup V9?

A powerful and reliable backup solution for Microsoft Hyper-V and VMware virtual machines (VMs) and physical Windows servers. VM Backup is the perfect backup solution, combining key functionalities for data protection and disaster recovery while being user-friendly and easy to manage.

What are the features of VM Backup V9?

VM Backup V9 offers a wide set of functionalities that enable the user to create Hyper-V and VMware virtuale machine backups easily. Ransomware protection leveraging Immutable Cloud Storage, Augmented Inline Deduplication, a centralized management plattform, WAN-optimized replication and Continuous Data Protection being just a few. Find out more about each individual feature here.

Does Hornetsecurity offer a free trial of VM Backup V9?

Hornetsecurity offers a full featured trial – free of charge for 30 days. You can download your free trial here.

Can I use VM Backup to back up VMware virtual machines?

Yes, you can. With VM Backup you will get full control over your VMware virtual machine (VM) backup tasks across all hosts through an intuitive interface. Our backup solution also enables you to create your first VMware backup in less than 15 minutes. This makes VM Backup your logical choice for VMware backups.

Which editions of VM Backup V9 are currently offered?

There are 3 options available for VM Backup V9: the Unlimited Plus Edition, the Unlimited Edition and the Standard Edition.

Is it possible to buy VM Backup V9 with a monthly payment plan?

With VM Backup you have the option to either choose a monthly subscription or you can opt for a perpetual license. With this freedom of choice you will be able to choose exactly the license that you need while using the best backup solution for your company’s data.

Security Alert: Microsoft Outlook Vulnerability

Security Alert: Microsoft Outlook Vulnerability

by | Mar 16, 2023 | Security information, Security information

A severe security vulnerability has been discovered in Microsoft Outlook, which is currently being exploited by cybercriminals. The vulnerability, identified as CVE-2023-23397 with a CVSS score of 9.8, permits a remote, unauthorized attacker to compromise systems simply by transmitting a specifically crafted email. This malicious email enables the attacker to gain unauthorized access to the recipient’s credentials. Hornetsecurity detects emails that exploit the vulnerability and quarantines them to prevent emails from reaching the victim’s inbox.

The exploit is initiated by fetching and processing a malicious email by the Outlook client, potentially leading to exploitation even before the email is displayed in the preview pane. It triggers a connection from the victim to a location controlled by the attacker. This results in the leakage of the victim’s Net-NTLMv2 hash, a challenge-response protocol used for authentication in Windows environments. The attacker can then relay this information to another service and authenticate as the victim, further compromising the system.

Attack Sequence

The complexity of the attack is low and it has been seen in the wild according to Microsoft, with the exploit being used to target the European government, military, energy, and transportation organisations. It was initially reported to Microsoft by CERT-UA (the Computer Emergency Response Team for Ukraine).

Proof-of-Concept for CVE-2023-23397

A proof-of-concept created by the Hornetsecurity’s Security Lab team demonstrates that the exploit is hard-to-detect since all anti-malware and sandbox services incorporated into VirusTotal were unable to recognize it as malicious.

VirusTotal scan report of the CVE-2023-23397 proof-of-concept

Affected Versions

The critical Microsoft Outlook vulnerability impacts both 32-bit and 64-bit versions of Microsoft 365 Apps for Enterprise. Additionally, Office 2013, 2016, and 2019, as well as LTSC editions, are susceptible to the attack.

Recommendations

Hornetsecurity’s users are protected by the Spam and Malware Protection and Advanced Threat Protection services against inbound threats. To better protect your organization, we recommend the following steps in accordance with Microsoft’s advice:

  1. Administrators should block TCP 445/SMB outbound traffic to the internet from the network using perimeter firewalls, local firewalls, and VPN settings. This action prevents the transmission of NTLM authentication messages to remote file shares, helping to address CVE-2023-23397.
  2. Add users to the “Protected Users Security Group” in Active Directory to prevent NTLM as an authentication mechanism. This approach simplifies troubleshooting compared to other methods of disabling NTLM. It is particularly useful for high-value accounts, such as domain administrators.
  3. Microsoft has provided a script to identify and clean up or remove Exchange messages with UNC paths in message properties. The script can be found at https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-23397/. Administrators should apply the script to determine if they have been affected by the vulnerability and to remediate it.
YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

The likelihood of more widespread attacks targeting the CVE-2023-23397 vulnerability is expected to increase as public proof-of-concepts are already released. We therefore highly recommend that all users of Microsoft Outlook apply the security patches provided by Microsoft as soon as possible.

The Security Lab at Hornetsecurity continues to monitor the threat landscape to ensure that our customers are protected from the latest cyber threats.

Protect your e-mail traffic now!
Remote Management Survey

Remote Management Survey

by | Jan 12, 2023 | Security information

1 in 5 I.T. pros say remote workers are not secure, survey finds

 

Key takeaways from the 2022 Remote Management Survey by Hornetsecurity

  • 18% of I.T. professionals believe that remote employees are not working securely and that company data is at risk
  • 8 out of 10 I.T. professionals believe that remote working conclusively introduces cybersecurity risks that are otherwise not present.
  • According to 3 out of 4 I.T. professionals, employees are using personal devices to access sensitive company data
  • 1 in 3 organizations does not provide cybersecurity awareness training to remote employees
  • 1 in 6 organizations has suffered a cybersecurity incident directly related to remote working

About the 2022 Remote Management survey

As part of our effort to remain in touch with the current state of the IT industry and to keep our finger on the pulse of the frequent and drastic shifts that come with it, our team at Hornetsecurity conducts a survey every few months. Each survey concerns a specific topic that we think is essential to the industry, and to business entities of all kinds and in all parts of the world. No shift has impacted the way many organizations operate than remote work and the subsequent need for remote management. While the concept of remote work is not new to the industry, the 2020 pandemic has supercharged its adoption around the world and across industries. This has led to organizations changing, seemingly overnight, to remote working setups which have introduced a host of cybersecurity concerns that were not viable threats until now. Our 900+ survey respondents come from a multitude of industries, regions, differing years of experience, and from companies of varying sizes.

Remote Working in 2022

Initially brought to the mainstream workplace as a pandemic measure, remote working has become a staple of the modern working environment, in addition to remote monitoring and remote team management. With more companies opting for either a fully remote or hybrid approach to work, the shift towards remote work over the last few years is extremely well-documented, and all the evidence points to it being a permanent employment fixture for the foreseeable future. Remote work has therefore become one of the most fundamental aspects for the workplace, both from the perspective of employers and employees. While a recent survey by Buffer shows that 97% of remote workers would like to continue doing so for the rest of their career, employer opinion on remote work tends to vary, with 72% of employers in the United States preferring that their employees work within an office environment, and only 12% of leaders considering employees as productive working remotely as they are in the office, despite evidence to the contrary. Other employers cite security concerns as their primary motivation for bringing office workers back to the office, with a 37% increase in data breaches in the third quarter of 2022. That said, this is a significant decrease from the 125 million data breaches that occurred shortly after the beginning of widespread remote working, proving that companies that invested in good cybersecurity practices and remote team management tools had an immediate effect on risk within their organizations. Regardless of employer opinion, the overwhelming response to remote work from an employee perspective has been positive. Over 57% of employees cite that they would leave their job if remote work or hybrid working was not an option for them; 84% state that they would take a pay cut in order to retain their work from home privileges or to work for a company that allowed them to work remotely. The biggest benefit to working from home for employees is the flexibility that it allows them, with 67% claiming that the flexibility in their lives had led to a better work-life balance. While remote work does come with its own set of challenges for employees, such as struggling to create and then maintain that balance, it is overwhelmingly clear that remote and hybrid working is here to stay, and therefore organizations need to be prepared to face the challenges that remote management brings from a security perspective. The immediate increase in cybersecurity breaches at the onset of remote working, and its subsequent decrease as companies shifted their investments into better security training and cybersecurity measures, proves that remote working can be as safe as working from the office, provided the employees and employers both have the training to adhere to stricter measures. In 2021, this was primarily implemented with multiple authentication measures for endpoints and servers, as well as a boost in security training. These are measures that need to be built on, and improved upon, for a better secure workplace in general, but companies with remote or hybrid work policies need to give better cybersecurity measures a stricter priority for 2023.  

Close to 1 in 5 I.T. professionals (17.9%) say workers are not secure when working remotely

Close to 1 in 5 I.T. Professionals say Workers are not secure when working Remotely
According to our remote management survey, a significant number of I.T. professionals are aware of their remote security shortcomings and have a decent understanding of both security issues that have been introduced alongside the rise in remote work and that the solutions to these threats have not been fully implemented within their organization, despite the significant increase in remote working worldwide. This is likely due to a combination of the rapid and sudden expansion of remote work over the past few years, and businesses struggling to keep up with all the infrastructural and operational changes that this has brought with it. Unfortunately, I.T. security tends to be of a lower priority in comparison to essential tasks that must be upgraded and adjusted in order to ensure business continuity – at least, until they suffer a cybersecurity breach.

3 in 4 IT professionals (73.8%) say that employees can access sensitive work-related data through their personal devices

3 in 4 Remote Workers can access Sensitive Data
One of the most surprising insights collected from this survey is the extremely high use of personal devices among employees to access sensitive data. The vast majority of these cases are likely to be users accessing emails and documents on their personal mobile phones while using systems such as Microsoft 365, Google Workspace, or other cloud-based office applications – a situation that makes remote management a significantly more thorny issue. While not necessarily associated with the rise in remote work, this identifies that there is a significant amount of sensitive data that is at risk of being compromised through a variety of techniques targeting end-user personal devices. Endpoint configuration / management is fairly uncommon when it comes to worker’s personal devices due to the legal and ethical issues that come along with providing those services on non-company owned devices. It also highlights the importance of cloud-based security features rather than the use of on-device features.

14% of respondents said their organization suffered a cybersecurity incident related to remote working

14 percent of repondents said their organization suffered a cybersecurity incident related to remote working
As we discovered in previous surveys over the past few years, it’s clear that cybersecurity incidents are on the rise. While the situation is slightly less dire than it was in the immediate wake of the pandemic, the incidence rate is still high. Therefore this finding, while still relatively alarming, should come as no surprise. It means that 1 in every 6 companies has suffered a cybersecurity incident specifically related to remote working. While the exact cost of each of these incidents is unknown, industry data from IBM indicates that major data breaches in 2022 cost their victims an average of $4.35 million, a 2.6% rise from the 2021 average of $4.24 million. This takes into account the potential ransoms paid through ransomware, the cost of the significant down-time that a data breach can cause, and industry fines that can be levied against companies that fail to protect sensitive data.

What are the main sources of remote work related cybersecurity incidents?

Sources of Remote Work related Cybersecurity Incidents

28.1% of our remote management survey respondents reported that ‘compromised endpoints’ and ‘compromised credentials’ were the main reason for security incidents.

When it comes to compromised endpoints, the explanation is fairly obvious – as users travel and work in different locations, there is a higher possibility of losing devices that contain sensitive data. The risk of this is intensified when one considers the relatively high amount of personal devices that have access to sensitive data that do not have any endpoint configuration to help protect against unauthorized access.

Credentials becoming compromised through the threats of social engineering and email phishing attacks are also equally common. Remote working exacerbates this risk as users are more isolated and less likely to be able to identify threats alone. In comparison, those in the office may have more instant access to other colleagues who can help verify communication before communicating sensitive information. The solution to this particular issue is two-pronged. Firstly, a robust email security suite can eliminate a significant portion of inbound threats before they even reach end-users. For the threats that do reach their intended target, cybersecurity awareness training such as the programs offered by Hornetsecurity can hugely impact the potential of a data breach.

15.7% of respondents also cited uncontrolled file sharing as a source of cybersecurity incidents. Cloud storage platforms have become essential for remote work operation, but sharing access to files on these platforms with third parties introduces significant risks. User error that results in access being provided to sensitive company data to unauthorized individuals is a serious risk, and is relatively common. Stringent access and authorization processes need to be put in place in order to avoid such occurrences.

Just over 1 in 10 (11.6%) of respondents that reported a remote-work related cybersecurity incident said that unsecured or public networks were the root cause. While endpoint security might be in the control of most I.T. departments, the networks that users connect to add another layer of risk that is not always accounted for. While relatively uncommon, users could be victim to attacks such as Wi-Fi spoofing in public areas. For example, a cybercriminal may name a remote Wi-Fi hotspot the same name as a local coffee shop, tricking users into joining said network and compromising their endpoints.

The least common source of cybersecurity incidents per this survey was lack of physical security or privacy in public places. While this is an extremely low-tech form of cyber attack, it was still reported by nearly 1 in 10 of incident victims. This serves as a reminder that there are some security considerations that cannot be handled through any digital remote management tool, and rely solely on users’ awareness of their surroundings.

Which companies are most at risk of remote work cybersecurity incidents?

Remote Work Cybersecurity Incident Frequency by Company Size
The data gathered through this survey very clearly indicates that the larger the organization, the more likely it is to have suffered a remote cybersecurity incident. In fact, organizations with 500+ employees are 3 times as likely to have an incident than SMEs with less than 50 employees. This goes to show that while cybersecurity is practically infinitely scalable, size always increases risk. It also indicates that black hat hackers are significantly more interested in attacking large organizations – likely due to a higher potential return for their effort, and the thrill of successfully attacking a known organization.

Almost half (47.6%) of employees in the respondents’ organizations work remotely

Almost half of Employees in the Respondents' Organizations work Remotely
When asked what percentage of their organization’s workforce operates remotely in some capacity, the average of our respondents’ answers worked out to nearly half – 47.6%. While not entirely surprising, this is a very high percentage, especially when one considers this percentage is set to increase over the next few years.
44 Percent of Respondents say their Organization plans to Increase their percentage of employees that work Remotely
This further indicates the necessity for large organizations to take a slightly different approach to cybersecurity in order to cater for the nuances of remote work, and invest further in making sure remote employees are aware of the increase in risks. Cybersecurity has always required users to play their role in preventing incidents – the increase in remote work and remote team management has expanded this role, as security administrators now have slightly less overall control over the environment in which users are working.

4 in 5 IT professionals (79.5%) think that remote work introduces cybersecurity risks that are not present when working on-premise

4 in 5 I.T. Professionals think that Remote Work introduces Cybersecurity risks
Our cybersecurity experts at Hornetsecurity are adamant that remote cybersecurity introduces additional risks in comparison to on-premise security. While nearly 80% of our respondents agree with this, this survey reveals a cohort of 12% of I.T. professionals that don’t agree, and another cohort of 8.5% that are unsure. This is relatively surprising considering that some of the sources of cybersecurity incidents found in this survey are practically unique to remote workers. This may indicate a lack of awareness or understanding of these potential risks among I.T. professionals. That being said, the vast majority of respondents are aware of the risks.

1 in 3 organizations do not provide any cybersecurity awareness training to users who work remotely

1 in 3 Organizations do not provide any Cybersecurity Awareness Training to Remote Workers
While I.T. professionals are mostly aware of the additional risks associated with remote work, this survey reveals that organizations aren’t yet investing enough in user awareness. 1 in 3 organizations do not provide cybersecurity training to remote employees, and considering that the main sources of cybersecurity incidents reporting within this survey are user-dependent, this may be a significant oversight. Data from many of our previous surveys, especially ones surrounding cybersecurity incidents such as ransomware, consistently indicates that while the security tools and remote management services used by an organization are essential, the most vulnerable link in the security chain is consistently the users. Our latest ransomware survey showed that 1 in 4 organizations had been the subject of a ransomware attack, and 3 in 4 of these attacks were caused by user error (either through phishing/email attacks or compromised endpoints). The importance of user training cannot be overstated.

How confident are IT professionals in their remote security measures?

94 Percent of I.T. Professionals said they are Moderately Confident in their Remote Management Security Measures
Despite the very clear risks associated with remote working and remote team management, I.T. professionals reported a high overall confidence level when it comes to the security of their remote employees. On a scale from 1-5, the average confidence level among respondents ranked at 3.6. Considering the lack of cybersecurity awareness training offered to employees, and the fact that 20% of respondents don’t think that remote work poses additional security risks, this confidence is likely misplaced.
Confidence of Remote Management Security Measures

What are the most commonly used security features for remote management?

Most commonly used Security Features for Remote Management
When asked for the most common security features used, VPN came out on top. However, one should keep in mind that while VPN does indeed provide further security, its function is often essential for employees to access systems and storage that are only available through on-premise networks, and this would explain the very high usage rate. The most common security-specific feature was Multi-Factor Authentication – this comes as no surprise, seeing that platforms such as Microsoft 365 and Google Workspace provide this feature natively. While just over 4 in 5 respondents reported using this feature, it’s worth noting that a motivated black hat hacker can find a way around this relatively easily – in fact the top two sources of cybersecurity incidents reported in this survey – compromised endpoints and compromised passwords – should theoretically be halted by MFA, but clearly are not. That being said, not having MFA would be extremely unwise, as it protects from low-level attacks. Endpoint detection software was the third most popular security feature, with 55.5% of respondents reporting its use. This software is practically essential for users with direct access to network systems or storage, and is an indispensable tool for large organizations that must monitor a nearly endless number of devices. Endpoint activity monitors are a slightly thornier issue. While activity monitors provide useful data for I.T. security teams, they can also be seen as unnecessarily intrusive for remote workers. Employers often use security as an excuse to be able to monitor employee activity to ensure that they’re working. Based on the results of this survey, this  is most prevalent in North America where nearly half (47%) of organizations use remote monitoring and remote team management in comparison to 39.7% of European companies. This data point corroborates the existing sentiment of the stricter corporate culture and employee inflexibility in the US as opposed to their EU counterparts. 41% of respondents indicated that their I.T. team uses conditional access and password management software to mitigate risks for remote workers. The former blocks users from accessing certain systems or data based on whether their device/identity state fulfills specific criteria. This system is particularly for I.T. teams that are looking to more directly reduce the risk of users accessing data from unusual locations or un-approved devices that could lead to a potential compromise of data. That being said, more complex conditional access configurations often increase frustration among less tech-savvy employees that may not understand why they cannot access their data under certain conditions, increasing the time I.T. teams must spend configuring devices and tending to users. Password management software is another human-focused solution, and considering that this survey found that compromised passwords was a top source of cybersecurity incidents, it should likely be used more often. The least reported cybersecurity measures were endpoint data transfer limitations and application whitelisting with 27% and 22.3% of respondents reporting their use respectively. Both measures impose further restrictions on endpoints and therefore users in the name of security, and while they may be worth the inconvenience to users, there are many organizations (especially smaller ones) that require their users to be more flexible, and these features may not be practical. For larger organizations with more defined user roles and responsibilities however, these should be used more frequently.

How do organizations handle device management for their remote employees?

23 percent of Respondents said their Organization does NOT Procure, Configure and send Endpoints to Remote Employees
For practically all of the cybersecurity and remote management features mentioned in the previous section, endpoints must be configured by the I.T. department before being deployed to users. This survey, however, indicates that nearly 1 in 4 organizations do not handle endpoint configuration from start to finish before providing said device to their employee. 15.3% of all respondents said that their employees use their own devices with ‘some’ endpoint configuration for remote work. 6.4% of respondents said employees used their own devices with no configuration at all. While not procuring and configuring endpoints may be more cost-efficient in the short term, a cybersecurity incident is significantly more likely if no tools at all are used in order to protect sensitive data.

What is the most popular endpoint management tool used for remote employees?

Most popular Endpoint Management Tool used for Remote Employees

Group policy (60.7%) is the most popular endpoint management tool used by organizations, followed by RMM Tools (43.4%).

Endpoint management tools allow I.T. teams to be significantly more efficient when handling the security and monitoring of multiple endpoints. Group policy has been the go-to tool for many years, and this survey indicates that this is still the case among many organizations – especially those with internal I.T. teams as opposed to those that use MSP services. The survey shows that 70.1% of internal I.T. teams use group policy for endpoint management, as opposed to 51.7% of MSP professionals. While group policy is still a valid tool for many organizations, it lacks features that are present on more modern remote monitoring and management tools. In fact, while group policy is the more popular endpoint management tool for internal I.T. teams, remote monitoring and management (RMM) tools are more popular among respondents that work for MSPs (55.1% vs 51.7%).

 

Most pupular Endpoint Management Tool

Over 1 in 10 respondents (10.9%) say that they do not use any endpoint management system.

1 in 10 respondents do not use any Endpoint Management System
Endpoint management systems are an extremely useful and basic tool for organizations and their I.T. service providers, however nearly 1 in 10 of our respondents say that their organization does not use any of the available systems. This is most prevalent among SMEs, where 15% of organizations with between 1 and 50 employees reported not using an EMS.
Small Businesses are least likely to use Endpoint Management Systems

Employees are less confident in their company’s remote IT security than I.T. professionals.

Non I.T. Professionals are less Optimistic about Remote Security than surveyed I.T. Professionals
In a curious twist, it seems that non-IT professionals are less optimistic about remote security than our surveyed I.T. professionals. 25.5% of non-IT professionals feel that their organization’s data is not secure while they work remotely, as opposed to only 17.9% of I.T. professionals who feel the same way. There could be a few factors that explain this particular finding. We contacted behavioral & cyber profiling expert Mark T. Hofmann for his input, and this is what he had to say about the attitude of the various psychological profiles that can be found in the industry.

Psychological profiles of hackers and I.T. professionals

Hofmann quoted a 2020 study by Prof. Lawrence Sanders about the Psychological Profiling of Hacking Potential: “The results suggest that individuals that are White Hat, Grey Hat and Black Hat hackers score high on the Machiavellian and Psychopathy scales. We also found evidence that Grey Hatters oppose authority, Black Hatters score high on the thrill-seeking dimension and White Hatters, the good guys, tend to be Narcissists.” He goes on to say: I can confirm this from my personal and professional experience and interviews with hackers: Black Hats: Some “black hats” already have millions in their wallets but still commit crimes. If we conclude that cybercrime is mostly about money, this is only half the truth. There is always a motive behind the motive. If you are broke and need money, the motive is money. But if you already have a lot of money and keep going, the motive is not money but greed. It reminds me sometimes of gambling addiction. Thrill seeking is one of the most important psychological concepts to understand cybercrime. Grey Hats: These are people between worlds. They commit crimes, but often have ideological motives or other ideals in doing so. Sometimes they are called hacktivists. If Robin Hood had been a hacker, he would have been a grey hat. But I find this definition difficult, because good and evil are subjective categories. White Hats: Well, narcissism is not a black and white category, but a scale. In science, this is usually measured between 0-40. We are all somewhere on this scale and most of us reading this now are not “0”. So white hats are supposed to have somewhat above average scores as well… if two coders agree, one is not a coder. Mostly everyone thinks their own skills and approaches are right and everyone else is wrong. This might be true.

Full 2022 Remote Management survey results

If you’d like to take a look at the ransomware data, feel free to peruse the survey results here.

About the 2022 Remote Management survey respondents

Here’s a full breakdown of the survey respondents for full context of the ransomware data above.

How is IT handled in the surveyed organizations?

How is I.T. handled in the surveyed Organizations

What is the size of the organization the survey respondents work for by number of employees?

Size of surveyed Organization

How many years of IT experience do the respondents have?

Year of I.T. Experience of the Respondents

How many years of IT experience do the respondents have?

Location of Respondents

Conclusion

While we’re no longer in the immediate aftermath of the pandemic, it is clear through these survey results that organizations are still catching up with the changes that it brought with it from an I.T. infrastructure and security perspective. Many internal I.T. departments were completely unequipped to deal with the sudden shift towards hybrid and remote working when the pandemic hit, and while they tried their best to adapt from an operational perspective, security improvements to match the change are still lagging behind.
The future of Cyber security: What can we expect?

The future of Cyber security: What can we expect?

by | Jan 11, 2023 | Security information

In the age of the internet, cyber security has become an increasingly important issue. With so much of our lives now taking place online, it’s more important than ever to make sure our business and personal information is safe from hackers. In this article, we will be discussing the future of cyber security to help you ensure that your company is well-prepared to combat cyber threats in 2023.

Cyber security professionals are constantly battling and trying to stay on top of the latest trends and threats in the industry.

What are the major future concerns in cybersecurity?

  • More sophisticated attacks: As technology becomes more advanced, so do the techniques of those who wish to do us harm. Attackers are always looking for new vulnerabilities to exploit.
  • Increase in the number of connected IoT Devices, increasing chances of cyber security threats
  • Ransomware continues to tarnish businesses
  • Phishing is still the most effective way for an attack to happen

1. More Sophisticated Attacks

Coding, Computer, Hacker

We can expect that cyber attacks will continue to become more sophisticated in the future of cyber security. Cyber criminals are always finding new ways to exploit vulnerabilities in systems, so cyber security experts must always stay one step ahead for the future of cyber security. As long as there are people who want to take advantage of businesses and others online, there will be a need for strong cybersecurity measures.

Since the technology landscape is getting more complex each and every day, it is impossible to have products and environments that are 100% secure. There is no such thing as a 100% secure environment or a business/individual that will not get attacked.

Think about the numerous online accounts you have – banking accounts, social media accounts, email accounts, services, gaming services, work accounts, etc. Chances are some of these services you use have appeared in the news for data breaches or cybersecurity incidents.

The reality is no organization is safe from an attack. Organizations must have a cyber security plan in place that provides data security – data redundancy and multiple layers of defense to mitigate the impact left of a attack.

The future of cyber security will continue to be complex. More use of the cloud, increasingly complex APIs, and deep dependence on these systems easily allows for areas of mistakes and misconfigured settings to be overlooked by security teams and security architects. Due to these unseen items, multiple opportunities for attackers to exploit these vulnerabilities are available.

Sometimes, the attackers know about vulnerabilities before the organizations that manufacture the products find out about the vulnerabilities themselves, these are called Zero Days – Vulnerabilities that have no patch currently available from the organization.

TThe most recent vulnerability like this was for an open-source software package called Log4J that is/was widely used throughout the industry. The Log4J utility was found to contain one such zero day vulnerability that caused havoc among the cyber security community and had security teams and security experts working constantly trying to resolve the issue.

Other notable Common Vulnerability Exposures (CVEs) are – Microsoft Exchange Server Elevation of Privilege Vulnerability[1] – October 2022 and Apple Memory Handling Issue – CVE-2022-32932[2]

As we create more complex technologies, cyber criminals will be on the lookout to understand these complexities and find ways to continue to exploit them for their advantage.

2. Increase in the number of connected IoT Devices

Connected IoT Devices

A second item we can look for in the future of cyber security, is the number of Internet of Things (IoT) devices that will be connected. IoT devices are hardware that connect wirelessly to a network.

These can range from smart thermostats, clocks, refrigerators, washing machines, etc. As IoT devices become more affordable and popular with smart home enthusiasts, and the general population implementing these in their home, the numbers are expected to increase.

This increasing number of devices also brings an increase in vulnerabilities. In 2022 there were over 10 billion devices[3] that were connected to the internet.

The issue with these devices is that they usually come with default usernames and passwords from the manufacturer. The average user is not familiar with how to change the default credentials to something stronger. This leads to attackers searching for devices using websites like shodan.io trying to force their way in with a standard username and password combination that is available on the web, directly from the manufacturer.

Additionally, some devices have vulnerabilities that attackers can exploit to control or steal personal information.

There have been instances of IoT devices that are used to be part of a bigger operation, such as botnets to create Denial of Service (DoS) attacks.

With these vulnerabilities present in IoT devices, the number will only be increasing. What we anticipate in the future of cyber security for IoT devices is that by 2030, the number of IoT devices is projected to rise to 29.4 billion connected devices[4].

3. Ransomware continues to tarnish businesses

Ransomware, Wannacry, Malware

Ransomware continues to be a top cyber threat to businesses and individuals alike. According to one of our recent surveys regarding ransomware[5] one out of every five companies falls victim to ransomware with the average downtime associated with the attack being 21 days. Despite the fact that ransomware attacks have been on the rise in recent years, many businesses are still not taking the necessary steps to protect themselves.

This is often because businesses underestimate the threat or believe that they will never be targeted. However, as we have seen time and time again, no business is safe from cyber-attacks, especially small to medium-sized businesses – around 50% of SMBs implement cybersecurity measures[6].

Ransomware has evolved so much that it is now a business model for threat actors. Appearing on the scene is Ransomware as a Service (Raas). This service allows potential buyers to attack their victims with much ease. Instead of having to code your own program and trying to infect a computer. You can purchase software that does this dirty work for you.

Supply Chain attacks are another method that ransomware uses to disrupt everyday business processes and flows. Businesses that use a certain service might notice the website or services of that third party have stopped working. At times this is due to a ransomware attack on a third party or supply chains. This disrupts the business flow of the affected party and any other clients or organizations the third party does business with.

Not surprisingly as ransomware attacks have increased, so have the payments. Ransomware payments continue to rise and are projected to cause around $30 billion in damage by 2023. [7]

The reason why payments have gone up depends on the criticality of the data, helping attackers set a valuable price on these assets. Additionally, when businesses pay the ransom, the attackers see this method of attack working effectively, leading to more software being developed and pushed to cripple users and businesses by making them pay for their valuable data.

Even if a victim decides to pay the ransom demands, there is no guarantee that they will be receiving the data. Some attackers have even made victims pay the ransom, then refuse to decrypt the files, only to demand payment a second time!

Notable companies that have suffered ransomware attacks are – NVIDIA, JBS, and Garmin.

So for the future of cyber security, we can expect this trend to continue.

4. Phishing is still the most effective way to launch a cybersecurity attack. For the future of cybersecurity, this will continue being a top attack vector.

Cards, Card, Stealing

With work from home on the rise, it’s hard to train users on practices related to good cyber hygiene. Particularly, when it comes to phishing emails and how to spot them. Phishing is still one of the most effective ways for an attacker to infiltrate an organization’s network and access sensitive data.

According to an analysis of 25 billion emails by Hornetsecurity[8] nearly 40% of attack methods via email were phishing related.

It’s become readily apparent, that end-users continue to be the weakest link in the defense chain. By providing regular end-user security awareness training, businesses can help to mitigate this very popular attack method.

The same report found that no organization is immune to these style of attacks. While it is true that there is a perception that SMBs fall victim more often (likely due to less budget for IT security), our study found that all industry verticals are at risk.

There are plenty of scams out there that try to trick users into providing their work information, and personal information, or duping them out of their money. Most notable are the urgent emails from the CEO asking for you to purchase gift cards or for users to download malicious files in the form of PDFs, Word, or Excel files.

As provided by a survey conducted by Hornetsecurity on the topic of email security [9], here are some statistics on Phishing attacks –

  • 62% of all breaches are caused by compromised passwords & phishing attacks
  • Companies between 201-1000 employees are the most vulnerable to email security breaches like phishing.
  • Phishing attacks lead to data loss, and malicious software being installed. Some frequently targeted industries are healthcare, manufacturing, and finance, but again our data shows that all industries are a potential target. Critical public infrastructure (such as power, food, and supply chains) have also been attacked through phishing attacks.

Attackers have gotten noticeably better with their phishing attacks. So much so that for the year 2022 and the future of cyber security, attackers are looking at ways to send emails that look like they have been sent from inside your organization. This is known as spoofing. Additional methods of phishing methods are Business email compromise (BEC), social engineering attacks, and finally human error.

Humans play a vital role in understanding and protecting their organization from cyber security incidents. You are either your first line of defense or your last – it doesn’t matter how you look at it. In 2021, 44% of security events were caused by employees being tricked by a phishing campaign. [10]

As phishing threats have evolved over the years and have done more damage than before, phishing has no sign of slowing down. A simple yet effective way for attackers to gain access to a system, steal personal data or breach an entire company are through sending carefully crafted emails that users will not think twice about clicking.

Wrapping up the future of cyber security

In conclusion, we can expect the future of cyber security to be more complex and challenging than ever before. New technologies, complex designs of security architecture, and mis-configurations of software can lead to an increase in cyber risks and cyber threats that violate the confidentiality, integrity, and availability of corporate resources.

Statistics show that old attack techniques are still relevant and increasing every year. The threats we face will continue to evolve, and we will need to adapt our defenses and cyber security strategies accordingly to combat new threats and old threats.

Our best hope is for cybersecurity professionals to stay ahead of the curve by investing in research and development, staying informed about the latest developments in the field, and being one step ahead of threat actors.

In the future of cyber security, you can expect the four trends above to make a significant impact.

Learn more about the future and current state of cyber security in our Cyber Security Report 2023.

The Importance of Machine Learning in Cyber Security

The Importance of Machine Learning in Cyber Security

by | Dec 15, 2022 | Security information

The COVID-19 pandemic changed the way we work. As remote working is becoming the new normal, there has been an increase in the number of cyber attacks and load on IT teams. In this article, we will be discussing the importance of machine learning in cyber security and how it helps to detect threats and predict suspicious behavior in different security events. According to the Swiss National Cyber Security Center, during the pandemic, the number of cyber attacks increased by 300%. Furthermore, IT governance discovered 5 billion breached records in 2021. Today, at least 10 million records were compromised. At the moment, there are millions of cyber attacks happening worldwide. Cybersecurity is an infinite game between threat actors and security professionals. As we improve our detection against different cyber threats, a new attack vector emerges. With so many different types of cyber attacks, maintaining high-security analysis and precision is challenging for most businesses. Learn more about IT Security, what impact it has on your business, and how to protect your business against malicious events – What is IT Security? – Definition and measures! The amount of data that is being generated is large and complex. According to the Data Never Sleeps 4.0 report from 2016, over 18 TBs of data is being generated every minute. Today, that number is even higher. These data are generated by different IP-based devices and software. We refer to them as Big data. We, as human beings, cannot analyze this amount of data by ourselves. We are unable to easily predict potential security threats. Building models by hand is labor-intensive. That wouldn’t work. So, we need some help. That’s where machine learning (ML) comes into place. Before we start discussing the importance of machine learning algorithms, let’s start with the basics.

The Basics of Machine Learning Capabilities

  For those of you who are new to the topic, machine learning is not a new trend. The concept dates back to the 1940s, but it took time to develop. In the early 1950s, Arthur Samuel, an American scientist, developed the first program that used machine learning, which was a game for playing checkers. The game used machine learning to learn how to play better than the author of the program. That created a WOW effect.
The game diagram for Samuel's checker player
In 1968, Arthur C. Clarke, a British scientist, predicted our life today. He stated that we will eventually work with machines and software that could match human capabilities through artificial intelligence (AI). He was right. Today, machine learning (ML) is used in different industries to gain business intelligence. You can see it in self-driving cars, speech and image recognition, ads recommendation, virtual assistants, video surveillance, and many more. For example, Netflix uses artificial intelligence and machine learning to provide their users with an appropriate movie or series suggestions. We have all experienced this, haven’t we? Google uses it for Google translation, traffic alerts using Google Maps, etc. Facebook uses it for facial recognition systems and identifying humans. AWS provides a solution called Amazon SageMaker to build, train and deploy ML models for any business case. The list is huge.

What is Machine Learning?

  Machine learning (ML) is a type of artificial intelligence (AI). Furthermore, deep learning is a subset of machine learning and uses algorithms to analyze complex data. It draws conclusions based on the data similar to how a human would do it. It can’t work alone. It requires data. It can only analyze and predict behavior based on the data it analyzes. Applying that mechanism to cybersecurity systems would mean analyzing data from security incidents, learning from it, and then applying the solution to a new attack to prevent it.
How does machine learning work?
When it comes to using machine learning in cybersecurity, there is no specific security algorithm to do so. Machine learning is just a toolset that can be applied to almost any industry. The only different thing is the data that is being analyzed. The raw data needs to be converted to a vector space model and then used by machine learning to analyze it and prevent security incidents. Many security prevention solutions use machine learning. The goal is to fight against advanced threats that are occurring every minute. You can read more on how we can help you stay protected Malware protection with Hornetsecurity Advanced Threat Protection. For example, Google uses machine learning to analyze and prevent security threats against Android endpoints. Microsoft Defender Advanced Threat Protection (ATP) uses machine learning to analyze trillions of data every day and finds 5 billion new threats every month. You can read more here: Microsoft Defender uses ML.NET to stop malware. Some enterprise companies use AI and machine learning to protect their infrastructure from potential incidents that could happen from BYOD (Bring Your Own Device) and CYOD (Choose Your Own Device).

Types of Machine Learning

  Machine learning uses three types of learning; supervised, unsupervised and semi-supervised learning. Supervised learning uses data samples and labeling to predict potential malware behavior. For example, machine learning would analyze network traffic and mark it as malicious based on the learning from the existing datasets. That way, ML can learn how traffic went from normal to malicious. In other words, it would build a pattern to predict malicious network traffic.
How does supervised learning work?
With unsupervised learning, no labeling is being used. ML uses only data samples and tries to learn to form a behavior. For example, machine learning would analyze network traffic over some time, and it would learn which traffic is normal and which traffic is malicious.
How does unsupervised learning work?
There is also semi-supervised learning where only some of the data are labeled. We can say, semi-supervised learning is supervised and unsupervised learning.

Machine Learning Use Cases in Cybersecurity

  There are many use cases where machine learning helps in preventing cybersecurity incidents. As time goes on, the number of use cases is growing. One of the use cases is detecting and preventing DDoS attacks. ML algorithm can be trained to analyze a large amount of traffic between different endpoints and predict different DDoS attacks (applications, protocols, and volumetric attacks) and botnets. In 2021, there were more than 9 million DDoS attacks worldwide. DDoS has one goal, and that is to put the system to slow-response or no-response (read it downtime). ML can detect and stop it. The second use case is to fight against malware. This includes trojans, spyware, ransomware, backdoors, adware, and others. ML algorithm can be trained to help antiviruses in fighting unknown cyber threats. According to Statista research, in 2021, 5.4 billion malware attacks were detected. Phishing attacks are one of the most common attacks used to steal confidential data and get into corporate or government institutions. It is shared via scam emails. For example, Google (Gmail) uses machine learning to analyze data in real-time and identify and prevent malicious behavior of more than 100 million phishing emails. We published an article to help you understand and prevent phishing in detail. You can read it here: Phishing – The danger of malicious phishing emails. The third use case is about protecting against application attacks. Applications are used by end users and are prone to different layer 7 attacks. According to Cloudflare, they handle 32 million HTTP requests per second. Web Application Firewall (WAF), in combination with machine learning, can be trained to detect anomalies in HTTP/S, SQL, and XSS attacks. Microsoft, AWS, Google Cloud, FortiGate, and many other vendors offer WAF as part of their portfolio. The fundamental security principles teach us to implement multi-factor authentication. This includes something we know (e.g. password), something we have (e.g. USB token), and something we are (e.g. fingerprint, facial detection). AI and ML combined with deep learning play a vital role in biometric applications. ML helps to perform matching tasks to quickly find the relevant data. Security Operation Centers (SOC) take care of monitoring, detecting, and responding to different cyber security threats. One of the challenges the SOC Team had was dealing with a large amount of data. Thanks to machine learning, SOC Teams can more efficiently automate and analyze incidents and be more proactive. The list of use cases is bigger. And it wouldn’t work without having machine learning as part of cybersecurity.

Wrap up

  Cybersecurity is an infinitive game. As you read this article, millions of different security threats are occurring worldwide. At the same time, new critical threats are being developed without adequate protection. Millions of data are being generated every minute. We, as human beings, can’t do all the analysis, maintenance, and prevention. We need help. Thanks to machine learning and its toolset we can automate things. Machine learning can help us perform deep analysis, predict behavior and uncover threats. It does this by analyzing the dataset that is being generated by different devices and software. ML is learning from data. It can help us analyze and predict malicious activities such as malware, phishing, application attacks, authentication attacks, and much more. Many companies develop their system with machine learning in place. Our mission is to keep your system and data safe. We at Hornetsecurity want to ensure that your data is untouched and complies with security principles (confidentiality, integrity, availability). Throughout 2022, we analyzed over 25,000,000,000 emails and found that 40.5% of emails were unwanted. We created a report that gives you an in-depth analysis of the Microsoft 365 threat landscape. You can download it here Cyber Security Report.
Download Cyber Security Report 2023
And the last thing for today. If you’d like to take a deeper dive into the Microsoft 365 threat landscape and learn the key strategies to building cyber security resilience, watch our free on-demand webinar.