Jenn Fulmer, Author at eSecurity Planet https://www.esecurityplanet.com/author/jenn-fulmer/ Industry-leading guidance and analysis for how to keep your business secure. Wed, 05 Jun 2024 14:34:13 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.1 https://assets.esecurityplanet.com/uploads/2024/08/cropped-4x-PNG_-Shield-eSP_MainLogo_2024_color-32x32.png Jenn Fulmer, Author at eSecurity Planet https://www.esecurityplanet.com/author/jenn-fulmer/ 32 32 8 Best Business Continuity Software Solutions https://www.esecurityplanet.com/products/business-continuity-software/ Tue, 10 May 2022 15:12:48 +0000 https://www.esecurityplanet.com/?p=21896 Even a single hour of downtime can cost businesses over $1 million, and costs can quickly add up, considering the average downtime for ransomware attacks is 22 days. Unfortunately, many organizations don’t have business continuity solutions in place to help them avoid major spurts of downtime. Business continuity software can point out vulnerabilities in a […]

The post 8 Best Business Continuity Software Solutions appeared first on eSecurity Planet.

]]>
Even a single hour of downtime can cost businesses over $1 million, and costs can quickly add up, considering the average downtime for ransomware attacks is 22 days. Unfortunately, many organizations don’t have business continuity solutions in place to help them avoid major spurts of downtime. Business continuity software can point out vulnerabilities in a company’s network, build plans, and keep the business running during a crisis.

Jump to:

What Is Business Continuity Software?

Business continuity software, also called business continuity management, is a type of digital platform that helps businesses continue operating as normal in the event of a natural disaster, power outage, or cyberattack. Think of it like a generator: if the power goes out at your house, the generator turns on to power any necessary systems, like the refrigerator. Similarly, business continuity software keeps critical business systems running during an outage, but it also helps organizations create a plan for a crisis, so they know what to do when one inevitably happens.

Read more: How to Create an Incident Response Plan

Best Business Continuity Software

Companies looking for business continuity software should consider the following tools, chosen for their high user reviews and the features they offer.

Oracle Risk Management Cloud

Oracle Risk Management Cloud dashboard.

Oracle Risk Management Cloud is focused more on the fraud and cyberattack prevention aspects of business continuity, rather than disaster recovery. It makes organizations more resilient by integrating with Oracle ERP and tracking user activity with artificial intelligence (AI) to block any suspicious behaviors. Pre-built security rules make it easy to assign user permissions while keeping all sensitive information in a single location. It’s sold as part of the Oracle ERP, and pricing is not available on the website.

Key Features

Pros

  • Automates role-based access as people leave or change positions
  • Great for monitoring transactions and preventing fraud
  • Provides faster solutions to potential risk

Cons

  • Customer support needs improvement in responsiveness
  • Limited customizations available

Castellan

Castellan dashboard.

Castellan helps organizations minimize the impact of a variety of business interruptions, including natural disasters and cyberattacks. The complete solution includes operational resilience, disaster recovery, business continuity, crisis management, and compliance tools to keep everyone aware of their role in the process. In addition to the software, Castellan also provides hands-on guidance to improve business continuity plans. Pricing information is not available on the website.

Key Features

Pros

  • User-friendly interface
  • Helpful and responsive customer support
  • Robust reporting options

Cons

  • Not as customizable as similar products
  • Some users had issues with SSO on mobile

Archer Business Resiliency

Archer Business Resiliency dashboard.

Archer Business Resiliency makes it easy for organizations to identify their critical business processes and create disaster recovery plans that account for them. Businesses also get insight into their risks, helping them determine which processes will cause the most issues during an outage. Automation is available to improve response times and initiate testing and plan execution immediately during an emergency. Interested organizations will have to contact Archer for pricing information. 

Key Features

Pros

  • Offers a high level of detail in reports
  • Flexible platform with a lot of features
  • Easy to generate standard and custom reports

Cons

  • Major customizations can be expensive and time-consuming
  • Expensive compared to similar solutions

iGrafx

iGrafx dashboard.

iGrafx is focused on helping organizations meet the compliance and resiliency requirements of their industry with full visibility into critical business processes. Visual process maps make it easy to build and document business continuity plans and assess them for accuracy and consistency. Users can also share new processes with the process knowledge management features, designed to eliminate bottlenecks and potential risks. For pricing information, interested organizations will need to contact the iGrafx sales team.

Key Features

  • Visual process builder
  • Compliance tools
  • Metadata repository
  • Customizable approval process
  • Workflow automation
  • Resiliency assessment

Pros

  • Easy to use and adapt to business needs
  • Helpful and knowledgeable customer support
  • Drag-and-drop workflow builder is intuitive

Cons

  • Although helpful, customer support can be slow to respond
  • Can sometimes lag with large process maps

Fusion Framework System

Fusion Framework System dashboard.

Fusion Framework System allows organizations to map critical processes and gain valuable risk insights to improve business continuity management. Businesses can also practice disaster scenarios, including task assignment, communication, and reporting to see how their plan would handle a real disaster. With options for both business continuity management and disaster recovery, users can handle outages no matter where they come from. Pricing information is not available on the website.

Key Features

  • What-if scenarios
  • Plan evaluations
  • Risk and impact assessments
  • Visual process maps
  • Customizable risk tolerances
  • Third-party risk management

Pros

  • Robust and flexible reporting capabilities
  • Intuitive and easy to use
  • Active and helpful user community

Cons

  • Offers a limited number of user licenses
  • Records can only have one owner with change access

LogicManager

LogicManager dashboard.

LogicManager is enterprise risk management (ERM) software that helps organizations track critical business processes and prepare for potential outages. Business impact analyses give companies “what-if” scenarios that detail how their organization would fare during an incident. Then, they can undertake disaster simulations to practice and improve plans before an outage actually occurs. LogicManager helps businesses identify gaps and dependencies in their continuity plans for better incident response. Pricing information is not available on the website.

Key Features

  • Disaster simulations
  • Impact analysis
  • Centralized review framework
  • Automated testing
  • Taxonomy for risk linking
  • Pre-built analysis templates

Pros

  • Workflows are customizable to meet business needs
  • Easy to deploy company-wide
  • Good for reporting and tracking business risk

Cons

  • Can have a steep learning curve
  • Some users want more standard templates for out-of-the-box usability

SAI360

SAI360 dashboard.

SAI360 ensures operational resiliency during a disaster with a mass notification system to keep everyone aware of the problem and progress. Administrators get a real-time view of the situation, allowing them to assign tasks and follow the business continuity plan step by step. Business continuity maps are also tied to the organization’s risk management framework to highlight any potential risks they need to address. SAI360 also includes multilingual content, perfect for global enterprises. Pricing information is not available on the website.

Key Features

  • Customizable forms and fields
  • Automated workflows
  • Multilingual content
  • Process and risk mapping
  • Mass notification system
  • Business impact assessment

Pros

  • Users can customize forms, fields, workflows, and notifications
  • Easy to understand and get started
  • Accurate and insightful dashboards and reports

Cons

  • Support can sometimes be slow to respond and resolve issues
  • There may be inaccuracies in the multilingual content

BC in the Cloud

BC in the Cloud dashboard.

BC in the Cloud provides both business continuity software as well as professional services to help organizations build and manage their disaster recovery and business continuity plans. The software is cloud-based, meaning it’s accessible across multiple locations and BC in the Cloud handles all maintenance and updates. This is also important because it means an organization’s business continuity plan is still accessible, even if its data center is down. The software works well out of the box but is also customizable to meet the business’s needs. There are two pricing tiers available.

Key Features

  • Pre-defined templates and plans
  • Customizable dashboards and reports
  • Vendor tracking
  • Automated workflows
  • Drag-and-drop process builder
  • Mass communications

Pros

  • The system is very customizable in both design and configuration
  • User interface is intuitive and easy to use
  • Responsive and helpful customer support

Cons

  • It can be difficult to migrate code from test to production
  • Advanced reporting capabilities are limited

What Issues Need To Be Covered By a Business Continuity Plan?

The first thing you should do when creating a business continuity plan is to take stock of all of your critical business processes, so you know what to prioritize during a crisis. Find out where your biggest risks lie and start planning out steps you need to take to mitigate them. 

During the planning process, you also need to assign areas of responsibility to everyone on the disaster recovery team and establish a chain of command, so employees won’t waste time wondering what they should do or repeating work during a crisis. The plan should also include contact information for everyone included in the chain of command as well as external personnel, like firefighters and utility companies. Make sure you update this contact information regularly.

A business continuity plan also needs to include information on remote sites and workspaces in case of a disaster. What should employees do if the office gets flooded? Are they able to work from home or should they report to another office location? Companies with a lot of software-as-a-service applications will be able to adjust quickly because their data is stored in the cloud. 

However, those with on-premises data should have backups stored offsite, preferably far enough away that a natural disaster wouldn’t be able to hit both the main office and the backup site in one fell swoop. Also, consider ransomware-proof backup services for added security.

Business Continuity Best Practices

Business continuity can’t be an afterthought in your organization. With downtime costing businesses millions of dollars, your employees need to know exactly what steps to take when disaster strikes. If you don’t start planning until a crisis happens, you’ll waste valuable time getting organized. 

Additionally, don’t forget vendors and partners when making your business continuity plans. While a tsunami in Japan might not affect your business directly, it might cause a temporary shutdown of one of your suppliers, forcing you to source product from elsewhere. You need to be able to adapt quickly, meaning you should already have backups in place.

You should also choose business continuity software that is cloud-based. If your business continuity plan is stored in the cloud, you’ll still be able to access it, even during a power outage or if your data center crashes. Cloud-based business continuity software also ensures your entire team is working from the same plan, even if employees are working from different locations. Consider other types of cloud-based software as well, allowing employees to work from home if the office is destroyed.

Read next: A Few Clicks from Data Disaster: The State of Enterprise Security

Get the Free Cybersecurity Newsletter

Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

The post 8 Best Business Continuity Software Solutions appeared first on eSecurity Planet.

]]>
Complete Guide to Phishing Attacks: What Are the Different Types and Defenses? https://www.esecurityplanet.com/threats/phishing-attacks/ Thu, 31 Mar 2022 19:14:11 +0000 https://www.esecurityplanet.com/?p=21456 As web security improves, email security has become a bigger problem than ever. The overwhelming majority of malware attacks now come from email — as high as 89 percent, according to HP Wolf Security research. And with many employees getting multiple emails per day, it’s easy for spam emails to slip their notice and potentially […]

The post Complete Guide to Phishing Attacks: What Are the Different Types and Defenses? appeared first on eSecurity Planet.

]]>
As web security improves, email security has become a bigger problem than ever. The overwhelming majority of malware attacks now come from email — as high as 89 percent, according to HP Wolf Security research. And with many employees getting multiple emails per day, it’s easy for spam emails to slip their notice and potentially compromise the network.

Approximately 83 percent of organizations said they faced a successful phishing attempt in 2021, up from 57 percent in 2020. As phishing attacks become more prevalent and more successful, often serving as a gateway for further attacks like ransomware and advanced persistent threats (APTs), businesses need to prioritize protections against them. But in order to do so effectively, companies need to know more about the threat they’re facing. This guide breaks down the different types of phishing attacks and provides examples to help organizations better prepare their staff to deal with them.

Jump to:

What is Phishing?

Back to top

Phishing is a type of social engineering attack in which bad actors pose as a trustworthy entity via phone, email, or text message in order to steal personal information from the recipient. Attackers may try to get their victims to reveal their date of birth, social security number, credit card information, or account passwords. They may also try to trick the recipient into clicking on a malicious link that would download malware onto their computer, giving them access to sensitive information.

Types of Phishing Attacks & Their Defenses

Back to top

There are several types of phishing attacks that businesses should be prepared for: spear phishing, whaling, clone phishing, vishing, and smishing.

Also read: What are Common Types of Social Engineering Attacks?

Spear Phishing

Spear phishing attempts are targeted toward specific individuals or groups of individuals. They may include the recipient’s name, position, company, or other information that would set the potential victim at ease. The attacker may even claim they’re the recipient’s boss with an urgent request.

Screenshot of a spear phishing attack.

Messages like this tell the attacker whether an email address is active and if the recipient is likely to accept this initial email as legitimate. Notice the email address ends in @mail.ru instead of @eku.edu like a real university email address would. The attacker has taken all of the elements of the real Laurence’s email and spoofed it for their own purposes. If the attacker gets a response, they can execute the second part of their plan, whether it be to get additional information or deliver a malicious link.

Spear Phishing Defenses

Email security software can block many of these emails, but some will still slip through even if you have the proper prevention methods in place. Double-check the email address these emails come from as well as the reply address. If you’re on your computer, hover your mouse over any links to see where they’ll take you before clicking on them. With some mobile phones, you can hold down your finger on a link to see where it goes, although this is riskier than checking it from a computer. Never open any attachments without making sure the message is legitimate.

In addition to verifying the email address, check for grammatical errors or awkward wording that may indicate an attacker is looking for easy targets. While everyone makes mistakes in their emails occasionally, phishing attempts may have a higher number of errors than usual if the attacker isn’t a native speaker of the language. However, AI tools have enabled cyber criminals to create much more sophisticated phishing emails over time.

If you can’t tell whether the message is real or not, contact the alleged sender through a different channel. Don’t reply to the email if it’s fraudulent or you’re unsure.

Also read: Zero-Click Attacks a Growing Threat

Whaling

Whaling is similar to spear phishing, except that it targets high-level employees, like executives or directors. They typically have access to the most valuable information in a company, making them appealing targets for attackers. Bad actors can either sell the information they’re able to gather or hold it for ransom. Additionally, they may be able to manipulate these high-level employees into wiring large amounts of money into the attacker’s account.

Whaling Defenses

Whaling protections are similar to those of spear phishing. Email protection software can help, but you’ll still need to know what to look for in the few that slip through. Slight changes in the email address, a different reply-to address, or a large number of grammatical errors or awkward wording can all indicate phishing.

Also read:

Clone Phishing

Clone phishing, like spear phishing, is typically targeted at a small group of people because the attacker duplicates an email that the recipients have already received. For example, if the organization sends out an invitation to a company-wide event, the attacker might follow that up with an email that includes a “registration link” which really includes malware. Because the initial email was genuine, employees are more likely to lower their guard when they get the second email.

Clone Phishing Defenses

Clone phishing emails will attempt to spoof the email address of the initial sender, but there will either be slight differences or a different reply-to address. Before clicking on links in an email that you’re not completely certain is legitimate, hold your mouse over them to see the web address and double-check the sender name and email address and compare it against what you have in your contact list. If you’re still not sure, you can always contact the person via a channel other than email, like Slack or phone, to ask them about it. Do not reply to the email if it’s fraudulent.

Smishing

Smishing is the text message version of phishing attacks. They may be targeted, like spear phishing, but they may also be more general, appearing to come from their bank or Amazon, for example. The SMS text message will prompt users to call a fraudulent number and provide sensitive information or click on a link that will download malware onto their device.

Example of a smishing attempt.

Words like “urgent” prompt recipients into fast action, so they’re more likely to make a mistake. But note the link here. Actual requests from the USPS would likely include usps.com in the link, but this one is just a string of letters and numbers, marking it as fraudulent.

As people become more familiar with phishing and smishing attempts, attackers get better about disguising their links. Nowadays, instead of the random string of letters and numbers pictured above, you’re more likely to get smishing attempts that include links to ama.zon.com or vvalmart.com (note the double v in place of a w).

Smishing Defenses

The best way to guard against phishing attacks is to examine the message carefully before taking action. And if you’re not sure whether it’s legitimate, call the company using the number from their actual website or on the back of your credit or debit card in the case of bank-related smishing attempts. If you determine the text message is illegitimate, just delete it and block the number. Don’t reply to it, as you’ll confirm the number is active and will likely get more like it.

Vishing

Vishing is phishing that is executed via telephone, often coming from spoofed phone numbers. The attacker typically pretends to be someone from a legitimate business, like a bank or retailer, in an attempt to get personally identifiable information from the recipient. 

Vishing Defenses

Many wireless phone providers have introduced spam protections to keep their customers from falling victim to vishing scams. While some will not even allow the phone to ring, lowering the chances that the recipient will actually answer the call, others will simply mark the call as potential spam, leaving the choice in the hands of the recipient. 

You can also register your number on the federal Do Not Call list, but it doesn’t seem to have any actual effect on the number of scam calls received. Overall, unless you’re expecting a call from someone whose number you don’t have saved, it’s best to ignore calls from numbers you don’t know, trusting that callers with important information will leave a voicemail. If the caller does turn out to be spam, block the number, so they can’t use it to contact you again.

Common Examples of Phishing Attacks

Back to top

Here are a few real-life examples of phishing attacks that you might run into.

Amazon Phishing Email

Amazon phishing email.

Millions of people use Amazon regularly, so it’s no surprise that attackers use their name and logo for phishing attempts. In the above example, the attacker uses the Amazon logo to legitimize the request.

However, notice how the sender uses a comma instead of a period at the end of the first sentence and includes an extra space between “in” and “your.” These grammatical errors serve to identify the easiest targets because if the email recipient doesn’t question those, they’re less likely to question any other mistakes the attacker makes. And if you were able to hover over either of the links, chances are you wouldn’t see an actual Amazon address. Other large vendors, like Walmart and Target, may have their email addresses spoofed as well.

Also read: Salesforce Email Service Used for Phishing Campaign

Chase Phishing Text Message

Chase phishing text message.

Many attackers use phishing attempts that appear to be from the recipient’s bank because they’re more likely to respond quickly when money is involved. The above example tells the customer their account has been locked, so they’ll call the number to fix the problem. If that happens, they can then get the recipient to provide the information they want.

Some indicators that this is fake is the lack of spaces between “Chase” and “bank” and after the period. Additionally, there is a zero in the word “LOCKED” instead of a capital O. Chase users aren’t the only targets of this type of attack. Most banks and even Paypal face similar spoofing occurrences.

Car Warranty Phishing Phone Call

Today, you’d be hard-pressed to find someone who hasn’t gotten a spam call from a recorded voice telling them their car warranty is expired or about to expire. This is a common phishing attack that attempts to manipulate people into giving over sensitive information like their credit card number, name, address, and social security number. Additionally, if the recipient answers the call, the attacker knows it’s active and they can sell it to other attackers.

Similar examples of this scam are calls about student loan debt, saying that the IRS has put a warrant out for your arrest, or that there has been fraud on your credit card account. The tells are different for each of these, but typically, they won’t provide any specific information that would verify that the call is actually for you.

What Can Help to Protect You from Phishing?

Back to top

Attention to detail will help you the most when protecting yourself and your business against phishing attempts, but there are other things you can do to lessen the number of attacks you’re subjected to.

Email Security Software

Email security software can block known malicious domains that other users have marked as spam in the past. Some also use AI and ML to identify patterns that suggest spam or phishing attempts. With these tools in place, you’re less likely to get general phishing emails, meaning you can pay more attention to spear phishing attempts. Some of the top email protection tools include:

  • Mimecast Secure Email Gateway
  • Barracuda Spam Firewall
  • Proofpoint Enterprise Protection
  • ClearSwift Secure Email Gateway

Get the full list of our recommendations for the Top Secure Email Gateway Solutions.

Cybersecurity Awareness Training

Employees have to know what to look for before they can spot a phishing attempt, so providing cybersecurity awareness training is the best way to protect your business from a data breach. But it can’t just be a one-time thing. New threats are always emerging, so you need to hold regular training sessions to keep your employees up to date and the training fresh in their minds. Some of the best cybersecurity awareness programs come from:

Get the full list of the Best Cybersecurity Awareness Training for Employees to find the program that’s right for your business.

Phishing Simulators

If your training program doesn’t include phishing simulators, you should consider it as an add-on. Phishing simulators give employees a safe space to test their knowledge of phishing attacks without risking personal or company information. They also send test emails to employees to see how well they can spot the signs of phishing. It also provides companies with an idea of their risk profile, showing them how many of their employees engaged in risky behaviors with the fake phishing attempt.

Some companies that offer phishing simulators include: 

  • Infosec IQ
  • Gophish
  • Lucy
  • Simple Phishing Toolkit

Phishing Protection Doubles as Malware and Ransomware Protection

Phishing attempts are big problems on their own, but they can also serve as a gateway for attackers to introduce malware and ransomware, costing businesses thousands of dollars in remediation. If businesses can effectively block phishing attempts, they also protect themselves against further attacks, especially because it means your employees know what to look out for. Investing time and money in phishing protection can help organizations save both in the long run.

Read next: QR Codes: A Growing Security Problem

Get the Free Cybersecurity Newsletter

Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

The post Complete Guide to Phishing Attacks: What Are the Different Types and Defenses? appeared first on eSecurity Planet.

]]>
How to Protect Company Data & Assets When Employees Leave https://www.esecurityplanet.com/trends/protect-assets-when-employees-leave/ Wed, 23 Feb 2022 18:22:02 +0000 https://www.esecurityplanet.com/?p=21085 The Great Resignation has left many companies reeling, experiencing a higher turnover rate than ever before. And while this is causing major problems for HR, it could also lead to underlying security issues. Employees carry with them a lot of knowledge about how to access company systems, and that knowledge doesn’t just go away when […]

The post How to Protect Company Data & Assets When Employees Leave appeared first on eSecurity Planet.

]]>
The Great Resignation has left many companies reeling, experiencing a higher turnover rate than ever before. And while this is causing major problems for HR, it could also lead to underlying security issues.

Employees carry with them a lot of knowledge about how to access company systems, and that knowledge doesn’t just go away when they leave. Around 58 percent of IT and security professionals are concerned about the knowledge former employees have about accessing company infrastructure. So how can businesses protect themselves?

Create an Offboarding Checklist

Unlike onboarding, offboarding typically isn’t a planned experience, and it can be difficult to remember all of the steps you need to take while also trying to replace the person who is leaving. Unfortunately, this means security can fall through the cracks. Make an offboarding checklist of everything you need to do when an employee leaves: access you need to revoke, devices you need to reclaim and wipe, stakeholders you need to notify, etc.

Depending on the level of the employee leaving (individual contributor, manager, or executive), you’ll have different steps you need to follow. It can help to separate the list into sections covering steps you do for everyone, steps you only need to take if the former employee was management, and what to do if they were an executive. Plus, some employees may fall between categories. Having all of the steps in front of you will remind you what you need to check on.

Here are some of the tasks that should be a part of your offboarding checklist.

Revoke Access to Company Assets

One of the first things you need to do when employees leave is to revoke their access to company systems, even if they left on good terms. Change shared passwords, close their employee accounts, and take their email address off of any correspondence lists.

Brendan O’Connor, CEO and co-founder of AppOmni, a SaaS security management vendor, says, “This may sound obvious, but it’s shocking how often terminated employees retain access to systems and data long after they’ve left the company. And the issue has become more prevalent since SaaS applications like Microsoft 365 and GSuite are now more commonly used than software downloaded onto a device.”

Where before, employees could only access company data through company devices, bring your own device (BYOD) policies and remote work mean that’s no longer the case. Now, employees can access data and applications from their personal devices. If employers don’t revoke their access after they leave, they can take the information with them to their next role, which could have devastating effects, especially if they go to a competitor.

Also Read: IoT Devices a Huge Risk to Enterprises

Remove Third-Party Accounts

Internal accounts may seem obvious, but employees also have access to tons of third-party applications that contain company data, including apps like Salesforce, Hubspot, and monday.com. “AppOmni’s data shows that, on average, enterprises have more than 42 distinct third-party applications connecting into their business-critical SaaS environments,” says O’Connor, noting also that those applications “can serve as a backdoor to confidential information in SaaS systems.”

Third-party applications host a wealth of valuable company information that businesses might often forget about. O’Connor says, “These apps are a key part of any enterprise cloud ecosystem and might include software for online document signing, email management, marketing automation, competitive information, and a wide variety of other use cases.” He explains that the solution is automated security tools that can monitor the usage and permissions of these third-party applications, preventing former employees from gaining access.

Also Read: Zoom Security Issues Are a Wakeup Call for Enterprises

Factory Reset Devices

If your company provides cellphones or laptops, upload any necessary files to the cloud once you get the device back and then restore it to factory settings. Malware can hide in devices for months or even years before executing its attack, and there’s no way to know what your former employee may have downloaded onto the device. Typically, a factory reset can remove any viruses or malware, unless they infected the data rather than the machine.

It’s a good idea to quarantine the files you take from these devices before mixing them with other company documents, giving your security team time to analyze them for threats.

Retain Institutional Knowledge

The Great Resignation is also having a major impact on cybersecurity teams, which are already overburdened thanks to the shift to SaaS and remote work and are now also losing staff. O’Connor says, “When security practitioners leave, they often take institutional knowledge with them, forcing teams to re-learn or re-establish critical processes. Or even worse, teams can be left performing legacy security processes without knowing the “how” or “why” they are being done.”

Leaders need to work on retaining that institutional knowledge through detailed process documentation, cross-training, and workforce assessments. They need to have an understanding of what each employee is responsible for and who could take over for them if they were to leave suddenly. Otherwise, they’ll be scrambling when it inevitably happens, leaving their business vulnerable to security threats. In addition to better training and documentation, data loss prevention (DLP) software can also help companies retain institutional knowledge.

Also Read: A New Approach to Finding Cybersecurity Talent: A Conversation with Alan Paller

Your Security Isn’t the Top Concern of Former Employees

Even when employees leave on good terms and especially when they don’t, the security of your business isn’t going to be their top concern. They may not do anything to intentionally cause harm, but breaches happen all the time, including when companies are actively trying to prevent them. Until you revoke their access to all your internal systems and get their company-owned devices back, former employees will remain a liability for your company.

To learn more about protecting your company from cyberthreats, check out our article on the Top Cybersecurity Companies.

Get the Free Cybersecurity Newsletter

Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

The post How to Protect Company Data & Assets When Employees Leave appeared first on eSecurity Planet.

]]>
Best Internet Security Software & Suites https://www.esecurityplanet.com/products/internet-security-software/ Fri, 04 Feb 2022 14:37:06 +0000 https://www.esecurityplanet.com/?p=20767 Malware is one of the biggest threats businesses face, and with nearly a third of all malware coming through the internet and email, businesses and consumers alike need ways to protect themselves. The best internet security software comes in several different forms, giving businesses all of the protection they need to identify and stop malware […]

The post Best Internet Security Software & Suites appeared first on eSecurity Planet.

]]>
Malware is one of the biggest threats businesses face, and with nearly a third of all malware coming through the internet and email, businesses and consumers alike need ways to protect themselves. The best internet security software comes in several different forms, giving businesses all of the protection they need to identify and stop malware before it causes bigger problems. This guide covers the major categories of internet security suites and includes a few of the top options for each.

What are Types of Internet Security Software?

Antivirus Software

Back to top

Avast antivirus software.

Antivirus software, also called virus protection software, is likely one of the best-known types of cybersecurity software, with 77 percent of adults using it on their computer and 24 percent on their mobile devices. Originally developed to detect and remove malware or computer viruses, modern antivirus software can now protect against ransomware, browser attacks, keyloggers, malicious websites, and even sometimes phishing attempts. Most antivirus software uses signature-based detection to identify malware, making it great for protecting against known threats, but more and more the top vendors are adding machine learning-based detection even to consumer products, which can identify threats through unexpected behavior and other indicators.

One thing to note is that free antivirus software can sometimes be outdated or not serviced as frequently, so if you often work with sensitive data, you’ll likely need to pay for antivirus protection.

Also Read: 5 Best Antivirus Software of 2023

Key Features of Antivirus Software

When choosing antivirus software, look for tools that include at least the following features:

  • Real-time scanning
  • Automatic updates
  • Automatic deletion of malicious code
  • Vulnerability detection
  • Scheduled scans
  • Encryption
  • Identity theft protection

Also Read: Mobile Malware: Threats and Solutions

Best Antivirus Protection for Consumers

Consumers looking for solid antivirus protection for their devices should consider the following tools:

Best Antivirus Protection for Businesses

Businesses will likely have to pay for antivirus protection, since most vendors don’t license their free software for commercial use. Here are some of the best antivirus software solutions for organizations:

Also Read: Bitdefender vs. McAfee: Consumer & Enterprise Endpoint Security Software Compared

WiFi 6 Routers

Back to top

WiFi 6 is the newest generation of WiFi, created to speed connections, connect to more devices at once, and reduce latency for multi-device households and businesses. Where WiFi 5 routers could get overwhelmed when too many devices attempted to connect which could compromise network security, WiFi 6 routers should alleviate that problem, providing a better internet security suite by preventing attackers from just spamming a router with connect requests.

To get WiFi 6, you’ll need a WiFi 6-compatible router, and if you haven’t upgraded your devices (laptops, smartphones, tablets, etc.) in the last few years, you might start looking at new ones. The good news is, new devices should come compatible with WiFi 6 by default, so you won’t have to do anything special to get it. And WiFi routers are coming with some strong security features too, some free and some costing extra, but the combination of well-protected devices and a well-protected network is compelling.

Key Features of a WiFi 6 Router

A WiFi 6 router should include the following features:

  • Multi-user, multiple input, multiple output (MU-MIMO)
  • Orthogonal frequency division multiple access (OFDMA)
  • Target wake time
  • WPA3 security protocol
  • Extended range
  • More spatial streams

Best WiFi 6 Routers

Here are the best WiFi 6 routers for both homes and businesses:

Also Read: The Best Wi-Fi 6 Routers Secure and Fast Enough for Business

Virtual Private Networks (VPNs)

Back to top

A virtual private network (VPN) takes a public internet connection (i.e. what you’d get in a Starbucks) and masks your IP address to give you privacy while browsing. It even provides more privacy than secured WiFi connections because it encrypts the connection to protect private information and prevent session hijacking. Sometimes, people also use VPNs to make it seem like they’re browsing from another place, whether that’s to browse Netflix shows available in another country or securely access files from your company’s main office. Less-promoted uses for VPNs include accessing restricted sites in authoritarian countries and masking illegal activities. VPNs can hide browsing history, your location, your IP address, the type of device you’re using, and web activity.

Key Features of a VPN

When choosing a VPN, these are the features you should look for:

  • DNS leak protection
  • Kill switch
  • No log policy

Best VPNs for Consumers

Consumers just looking to add more privacy to their browsing experience or discover content from other locations should consider these VPNs:

Also Read: NordVPN vs ExpressVPN: Which VPN Should You Choose?

Best VPNs for Business

Businesses exploring VPN options for maximum security and privacy should look at the following VPN options:

Also Read: Best Enterprise VPN Solutions

Password Managers

Back to top

1Password password manager.

A password manager improves internet security by helping users create diverse, secure passwords for each account they own. Users can store, generate, and edit passwords for both online websites and local applications. Password managers store files in an encrypted database, preventing anyone but authorized users from accessing the credentials. Users can access the database with a single “master” password, only requiring them to remember a single password instead of tens or hundreds. Most password managers allow users to fill in their credentials with the click of a button

Also Read: 8 Best Password Managers & Tools

Key Features of a Password Manager

Password managers should include the following features:

  • Password save and autofill
  • Credit card storage
  • Sharing options

Best Password Managers for Consumers

These are some of the best password managers on the market for personal use:

Best Password Managers for Business

Businesses that want to keep their data safe should provide one of these password managers to their employees:

  • Keeper
  • 1Password
  • Dashlane
  • Hitachi ID
  • ManageEngine Password Manager Pro

Also Read: Best LastPass Alternatives for 2022: Compare Password Managers

Email Security Software

Back to top

Phishing is a major problem for both consumers and businesses, and many phishing attempts come through email. Attackers can also send malware in an email designed to look like it’s from someone safe. In fact, about 81 percent of malicious files came through email. While some email accounts include protections, others may require additional layers of security, including spam filtering, ransomware protection, spyware protection, and encryption. Email security solutions help stop known phishing and malware attempts from ever landing in your inbox, while also monitoring email traffic for anomalies that may signify emerging threats. Businesses may also need secure email gateways, which monitor the emails an employee sends and receives and blocks spam traffic.

Key Features of Email Security Software

Any email security software you choose should include all or most of the following features:

  • Spam filters
  • Antivirus protection
  • Encryption
  • Content filtering
  • Account takeover prevention
  • Attachment sanitation
  • Sandboxing

Best Business Email Protection

These are the best email security tools based on user reviews.

Web Application Firewall (WAF)

Back to top

A web application firewall (WAF) is an extra layer of protection between browser-based applications and the user. While most firewalls are network security solutions, a WAF works at the application layer. It scans traffic to identify malware and prevents attackers from injecting code into the application. WAFs operate based on a set of custom rules or policies that the organization sets about what traffic they do and don’t want to allow. The firewall allows any traffic that falls within that ruleset, while blocking any that doesn’t. WAFs have to be able to quickly filter the traffic and make decisions on whether to allow each packet, especially when it comes to attackers attempting a DDoS attack.

Key Features of Web App Firewalls

A web application firewall should include at least the following features:

  • OWASP Top 10 protection
  • PCI DSS compliance
  • Centralized management dashboard
  • Customizable rulesets
  • Whitelisting/blacklisting (also called allowlisting and denylisting)
  • Application vulnerability prevention
  • Real-time monitoring

Best WAFs

Businesses looking for a solid WAF should consider the following options:

  • Prophaze Web Application Firewall
  • AppTrana Managed Web Application Firewall
  • Akamai Kona Site Defender
  • Cloudflare WAF
  • Barracuda WAF

Also Read: Top Web Application Firewall (WAF) Solutions

Bot Management Software

Back to top

DataDome bot management software.

One of the newest problems organizations face in regards to their internet security suite is bad bots. Bad bots can perpetrate brute force attacks much faster than humans can react to them, but a bot management tool can help block them in the first place. Bot management software uses behavioral analysis to distinguish between bot and human traffic and then examines the bot’s source to determine whether it’s malicious or benign. For example, it would allow a Google crawler bot to examine the website but block bots that appear to be from a brand new IP because it means they’re likely malicious.

Also Read: Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems

Key Features of Bot Management

In order to effectively block bad bots, bot management software should include these key features:

  • Artificial intelligence and machine learning
  • Behavioral analysis
  • HTTP analysis
  • Real-time detection

Best Bot Management Tools

These are some of the best bot management tools currently available:

  • DataDome
  • Kasada
  • PerimeterX Bot Defender
  • Arkose Labs
  • Check Point Anti-Bot

How do Businesses and Consumers Use Internet Security Software?

Both businesses and consumers have to take control of their online security in order to protect their personal and sensitive data from malware, theft and ransomware. Consumers should definitely add antivirus protection to their devices and use password managers to keep passwords secure and easy for them to access. They should also think about adding a VPN and WiFi 6 router, if they don’t already have one. Businesses also need all of this protection, but they should also add email security software, a WAF, and bot management tools to protect their website. Businesses have a responsibility to protect their customers as well as their own data, and the best internet security software can help them do that.

Read Next: Best Cybersecurity Awareness Training for Employees in 2022

Get the Free Cybersecurity Newsletter

Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

The post Best Internet Security Software & Suites appeared first on eSecurity Planet.

]]>
WireGuard vs. OpenVPN: Comparing Top VPN Protocols https://www.esecurityplanet.com/networks/wireguard-vs-openvpn/ Wed, 26 Jan 2022 14:30:17 +0000 https://www.esecurityplanet.com/?p=20599 Virtual Private Networks (VPNs) provide secure access to business files for remote workers, making them a crucial part of an enterprise’s technology stack. But they need the right protocols to run properly. A VPN protocol creates the tunnels that your traffic travels through when you use a VPN to keep your communications private. WireGuard and […]

The post WireGuard vs. OpenVPN: Comparing Top VPN Protocols appeared first on eSecurity Planet.

]]>
Virtual Private Networks (VPNs) provide secure access to business files for remote workers, making them a crucial part of an enterprise’s technology stack. But they need the right protocols to run properly. A VPN protocol creates the tunnels that your traffic travels through when you use a VPN to keep your communications private. WireGuard and OpenVPN are two popular open-source VPN protocols that businesses and users can choose from when they sign up for a VPN service. So, what’s the difference?

When comparing WireGuard vs, OpenVPN, you should consider:

Security

Back to top

WireGuard uses fewer lines of code than many other popular VPN protocols, including OpenVPN, leaving less room for errors and vulnerabilities. This also makes it easier to audit. It also uses modern cryptography and is likely one of the safest VPNs currently on the market. However, the platform is very new (released in 2019), so it’s possible that vulnerabilities exist but haven’t been found yet.

OpenVPN supports more encryption types than WireGuard, which only offers ChaCha20 and Poly1035. Because of this, if OpenVPN discovers a vulnerability in one of the algorithms, it can inform users and they can quickly switch the service over to a different option. Neither OpenVPN nor WireGuard have any known vulnerabilities in their platform.

Also Read: VPN Security Risks: Best Practices for 2022

Speed

Back to top

WireGuard is typically the faster of the two options because of its clean codebase and the fact that it runs using the User Datagram Protocol (UDP), but how much faster depends on the protocols used. WireGuard is only about 15 percent faster than OpenVPN using UDP, but it’s about 56 percent faster when OpenVPN uses the Transmission Control Protocol (TCP). However, WireGuard only runs on UDP, so it won’t work with networks that block UDP traffic.

However, there are a few VPN servers, like Private Internet Access (PIA), that haven’t been optimized for WireGuard yet because it is so new. For these instances, OpenVPN would be the faster choice. Mullvad was another that hadn’t optimized for WireGuard, but it rolled out an update in April 2021, and now WireGuard is the faster choice. Users can expect similar findings once PIA updates their servers.

WireGuard’s time to connect is also much faster, only taking around 100 milliseconds. OpenVPN can take as long as 8 seconds to connect.

Mobile Usability

Back to top

Because mobile users often have to switch wireless networks, especially if they’re browsing while on the go, WireGuard is typically better for mobile usability. It has no problems when users switch networks, but OpenVPN typically struggles. The connection speed comes into play here, too. If it takes OpenVPN 8 seconds to connect every time there’s a change in network, users may get frustrated quickly.

Resource Usage

Back to top

Using a VPN increases the amount of data you use, which may matter to mobile users with data caps. WireGuard adds one of the smallest amounts of data to browsing, while OpenVPN adds one of the largest. Additionally, WireGuard has fewer lines of code, making it more efficient to run and less taxing on your devices’ batteries. OpenVPN, on the other hand, is more likely to drain your batteries faster.

Privacy

Back to top

Privacy is the main purpose of using a VPN (it’s in the name, after all), so the VPN shouldn’t store any personally identifiable information (PII). OpenVPN follows this, keeping PII off its servers and ensuring your browsing sessions do ultimately remain private. WireGuard, however, stores your IP address on its servers until the system is rebooted. A server breach could then render the service useless because someone could connect your IP address to your browsing history.

The good news is, most partner VPNs that support WireGuard have measures in place to mitigate this vulnerability, including assigning dynamic IP addresses instead of stagnant ones or deleting IP addresses from servers after short periods of inactivity.

Also Read: NordVPN vs ExpressVPN: Which VPN Should You Choose?

Customer Support

Back to top

While both WireGuard and OpenVPN are open-source, OpenVPN seems to have actual support available, while WireGuard mostly has community support. OpenVPN offers support tickets, as well as a helpful knowledge base where users can self-serve. WireGuard offers an IRC channel where users can submit questions and get answers from developers and other members of the community. It also has its own knowledge base.

Pricing

Back to top

Because WireGuard and OpenVPN are both open-source, they do not cost anything for users to implement. The only cost users will incur is that of the associated VPN. WireGuard does accept donations to keep the project going, but those are completely optional.

Also Read: Best Enterprise VPN Solutions

Implementation

Back to top

Both OpenVPN and WireGuard will require some knowledge of coding to implement if you’re planning to go the DIY route, which will require a VPN server. However, WireGuard only has about 4,000 lines of code compared to OpenVPN’s 70,000+. This makes WireGuard much easier for users to implement without help. However, OpenVPN is natively supported by more commercial VPN solutions, which means most users don’t have to install it on their own, instead relying on their VPN service.

Also Read: NSA, CISA Release Guidance for Choosing and Hardening VPNs

WireGuard vs. OpenVPN: Which is Better for Your Business?

WireGuard is currently ahead in many of the feature categories we listed, but it is still relatively new in the tech world. Neither service has any known security vulnerabilities, so both are good options for keeping your business data secure. Businesses that prioritize privacy and longevity or use a VPN or network that doesn’t support WireGuard should opt for OpenVPN. Companies that want more speed and lower resource usage should go with WireGuard.

Read Next: Secure Access for Remote Workers: RDP, VPN & VDI

Get the Free Cybersecurity Newsletter

Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

The post WireGuard vs. OpenVPN: Comparing Top VPN Protocols appeared first on eSecurity Planet.

]]>
Cybersecurity Employment: Solving the Skills Gap https://www.esecurityplanet.com/trends/solving-cybersecurity-skills-gap/ Tue, 11 Jan 2022 21:52:46 +0000 https://www.esecurityplanet.com/?p=20507 As we enter 2022, the shortage of cybersecurity pros hasn’t gotten better. In fact, it’s gotten worse. There are currently about 435,000 cybersecurity job openings available in the United States, up from approximately 314,000 in 2019. The move to remote work in response to the COVID-19 pandemic increased the workloads for skilled IT professionals, and […]

The post Cybersecurity Employment: Solving the Skills Gap appeared first on eSecurity Planet.

]]>
As we enter 2022, the shortage of cybersecurity pros hasn’t gotten better. In fact, it’s gotten worse. There are currently about 435,000 cybersecurity job openings available in the United States, up from approximately 314,000 in 2019. The move to remote work in response to the COVID-19 pandemic increased the workloads for skilled IT professionals, and combined with the rising rate of ransomware attacks, many security pros are suffering from burnout. With all that going on, the need for experienced cybersecurity staff hasn’t dwindled, causing recruiters and government officials alike to search for solutions to the skills shortage.

The Cybersecurity Hiring Gap

Obstacles to Cybersecurity Hiring

Compounding the cybersecurity skills shortage is a host of other challenges companies face, from inadequate wages to employee burnout. It’s not always possible to solve every problem, but you can address some to help improve the situation.

Burnout

According to a Forrester survey, “2021 data shows that 51% of cybersecurity professionals experienced extreme stress or burnout, with 65% saying they had considered leaving their job because of job stress.” This level of burnout means that not only are cybersecurity professionals leaving their jobs, but some are also leaving the field altogether. So much of this burnout stems directly from the COVID-19 pandemic, where cybersecurity pros are being asked to take on heavier workloads as companies undergo digital transformations, not to mention the mental health difficulties that accompany a multi-year pandemic.

Non-competitive Wages

Despite the increase in work that companies are putting on their IT departments, they aren’t increasing wages to compensate for it. And because these jobs are so in demand, many workers can jump ship and easily make a substantially higher salary. Then, once those workers are gone, the business has a nearly impossible time replacing them because the salary doesn’t match the expected level of work.

Benefits Don’t Outweigh Job Stress

While a competitive salary is important, the right set of benefits is the actual driver behind fighting burnout and keeping employees. If the benefits package a company is offering doesn’t outweigh the stress of a job, employees will leave and they’ll be difficult to replace. Paid time off and flexible work options are a big part of this and are low-cost ways companies can improve benefits packages for their employees. Hot startups and big-name competitors who can now hire from anywhere are also making it harder for companies to compete for talent because they have the budget or flexibility to offer attractive benefits.

Government Initiatives

Even the United States government is struggling to fill its cybersecurity roles, leading to government initiatives to solve the problem.

DHS’s Cybersecurity Talent Management System

The Department of Homeland Security created a Cybersecurity Talent Management System that allows it to streamline the hiring process, create better compensation packages, and build new career development programs. The portal includes assessments for a variety of cybersecurity skills, as well as customized applications for each role, so applicants aren’t wasting time filling out unnecessary information.

Cybersecurity Workforce “Sprint”

In March of 2021, DSH Secretary Mayorkas outlined six 60-day cybersecurity sprints covering several different cybersecurity priorities. The sprints covered:

  • Ransomware (April & May 2021)
  • Cybersecurity Workforce (May & June 2021)
  • Industrial Control Systems (July & August 2021)
  • Cybersecurity and Transportation (September & October 2021)
  • Election Security (November & December 2021)
  • International Cybersecurity (January & February 2022)

While the DHS knows work in each of these areas will take more than 60 days, they are using these sprints to ensure existing work is addressing these challenges, target and remove roadblocks, and create an opportunity to form new partnerships as necessary.

Business Recruiting Efforts

Businesses are also having to get creative with their recruiting efforts to find and cultivate top cybersecurity talent. Some are partnering with technology organizations (like the SANS Institute or Cyber Talent Institute) to find potential employees early. Others are looking to current employees for referrals or examining their competitors to see how they can improve their benefits package.

Remote and flexible work options are another way businesses are enticing new employees. Allowing workers to work when and where they want is a great option for many cybersecurity roles because they typically don’t need to be in the office to do their job well.

How to Find and Cultivate Cybersecurity Talent

Even though it’s tough right now, there are steps businesses can take to find and cultivate cybersecurity talent to fill their open roles.

Create Internship Programs

Internship programs are a great way to find talented workers early and teach them the skills they need to be successful in your business. To create a successful internship program, you need to give your interns actual work experience, rather than just having them handle the grunt work none of your full-time employees want to do.

You also need to partner with local colleges and possibly even high schools to generate interest in the field and find future employees. Many community colleges have strong IT programs, and they can also be a good source for a diverse candidate pool. And you need to pay your interns. It’s the best way to keep them engaged in your business, reduce their stress so they can perform better, and increase the likelihood of getting good referrals.

Also Read: Microsoft, Google Among Tech Giants Pledging Big Money to Cybersecurity

Gather Referrals from Current Employees

If you’re a recruiter, you likely already know how helpful referrals can be for finding the right candidate. On average, referred candidates are faster to hire, stay at the company about twice as long as non-referred candidates, and have a higher ROI than other employee sourcing methods. To get referrals from your current employees, they first need to know what you’re looking for.

They should already be familiar with your core values, but take time every so often to let them know which positions are open and which are most critical to your success. Chances are, they aren’t checking out your company’s career page unless they already know someone looking for a job, so you need to tell them what’s available. Additionally, consider offering a referral bonus to incentivize employees to refer people in their network to your open roles.

Subsidize Education for Employees Who Want to Move to Cybersecurity

You may have talented individuals already in your employ that are interested in cybersecurity but don’t yet have the skills to make the transition. Employees with knowledge of human behavior, compliance and government policies, or risk management can all bring that knowledge into a cybersecurity role. Consider funding or subsidizing a training course or tuition for these employees. For example, TechnologyAdvice has partnered with The Nashville Software School to pay for current employees who don’t have technical skills to get the training they need to move into an IT position.

Not only does this provide employees with growth opportunities and make them feel valued by their company, but it also provides the business with more skilled IT workers that are more engaged. Typically, this benefit often comes with a stipulation that the employee must stay with the company for x number of years after they’ve completed their training or coursework or they have to repay the company for the cost of their tuition.

Also Read: How to Get Started in a Cybersecurity Career

DE&I Improves Cybersecurity Recruiting

Diversity, equity, and inclusion (DE&I) is a must for cybersecurity recruiting. Although the industry has been historically dominated by white and Asian men, women and people of color have a lot of value to add, in both new ideas and a stronger workforce.

Diversity jolts us into cognitive action in ways that homogeneity simply does not.

Katherine Phillips, Professor, Columbia Business School

Removing Barriers to Entry

Focusing on DE&I can often remove barriers to entry because recruiters may realize that some of the requirements they currently have on the job listing aren’t actually relevant for a successful employee, and they may be harming your ability to find good candidates. For example, some roles may not require a four-year degree, especially if the candidate has relevant experience or proper certifications, but many workplaces require such degrees, quickly eliminating a large portion of the population.

Requiring workers to be in the office is another barrier to entry. With remote work, you can significantly increase your talent pool, accommodate disabled individuals, and provide extra benefits to your employees. This also reduces commuting expenses for your employees and offers options for candidates without personal transportation. With technology as it stands now, there are very few jobs that can’t be done at home at least most of the time, especially in IT.

New Ideas for How to Protect the Organization

A diverse workforce brings new perspectives to the work, allowing organizations to develop new ways to protect themselves from cyberattacks. “Diversity jolts us into cognitive action in ways that homogeneity simply does not,” wrote Columbia Business School Professor Katherine Phillips in an article for Scientific American.

When workers come from diverse backgrounds, they have to work harder to communicate their ideas and understand their coworkers because not everyone sees the world the same way they do. Not only does this breed new ideas, but it also helps improve overall organizational communication.

How Your Business Can Help Close the Skills Gap

The gap between available cybersecurity workers and open roles is a big one, but your business can close it by creating new opportunities for existing employees outside of IT and increasing interest in cybersecurity in students. And in the short term, work with your existing employees to improve your benefits package to attract new employees and retain your current ones, while also increasing the likelihood of referrals. And make sure you’re increasing pay to keep up with the rising demands of cybersecurity and IT work in general. Otherwise, you may lose more employees than you gain.

Read Next: A New Approach to Finding Cybersecurity Talent: A Conversation with Alan Paller

Get the Free Cybersecurity Newsletter

Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

The post Cybersecurity Employment: Solving the Skills Gap appeared first on eSecurity Planet.

]]>
How to Comply with GDPR, PIPL and CCPA https://www.esecurityplanet.com/compliance/compliance-gdpr-pipl-ccpa/ Wed, 22 Dec 2021 16:13:38 +0000 https://www.esecurityplanet.com/?p=20390 Compliance issues can be tricky, especially when there are so many data privacy laws. Find out how to comply with GDPR, PIPL, and CCPA.

The post How to Comply with GDPR, PIPL and CCPA appeared first on eSecurity Planet.

]]>
When it comes to managing cybersecurity risk, approximately 35 percent of organizations say they only take an active interest if something bad happens. But in order for businesses to maintain compliance with major privacy laws, they have to have security measures in place before an attack. The regulations from GDPR, PIPL, and CCPA are especially prevalent to MSPs and software vendors because they get access to data from so many organizations, but all businesses need to comply with them.

Compliance Overview

PIPL Compliance

Back to top

China’s new data privacy law just went into effect in November 2021. Here’s what you need to know.

What is PIPL?

China’s Personal Information Protection Law (PIPL) is legislation that aims to outline and protect appropriate uses of personal data. PIPL provides a protection framework for the data of Chinese citizens. It defines sensitive personal information as “personal information that, once leaked, or illegally used, may easily infringe the dignity of a natural person or cause harm to personal safety and property security, such as biometric identification information, religious beliefs, specially-designated status, medical health information, financial accounts, information on individuals’ whereabouts, as well as personal information of minors under the age of 14” (Article 28).

Also Read: China’s Data Privacy Law Poses Challenge for International Companies

Who Does PIPL Affect?

PIPL affects businesses located in China, that do business in China, or store the personally identifiable information (PII) of Chinese citizens. If the organization is planning to transfer data across borders, it must let the affected individual know, ensure that the receiving entity can provide the required privacy protection, and perform an impact assessment on possible consequences of the transfer.

Also Read: Top 9 Data Loss Prevention (DLP) Solutions

PIPL Compliance Checklist

If your business is affected by China’s PIPL, here is what you need to stay compliant:

  • A dedicated representative in China. If your organization isn’t located in China but holds data on Chinese citizens, you must establish either an office or designated representative in China and register that information with the appropriate government officials.
  • A lawful basis for the information you gather and use. PIPL includes several lawful reasons—necessary for a contract, legally necessary, related to an emergency, related to public interest, or previously disclosed data—that businesses can gather and use data without the consent of the individual. If none of those are applicable to you, then you need to get consent from each person you’re keeping data on.
  • An incident response plan. Data breaches are an unfortunate reality of doing business in today’s technology-based world. You need to have an incident response plan in place to quickly identify and resolve the breach and then notify the affected parties.
  • Detailed privacy notices. Before storing or processing PII, you must offer individuals detailed privacy disclosures that explain why you need the data and what you will use it for. It should also include how you plan to process the data and the contact information for the data controller in case the individual has questions or concerns.
  • The chance for each individual to remove their consent. If you’re currently storing data on individuals that haven’t given their consent and it doesn’t fall into one of the appropriate use categories, you need to give those people the option of withdrawing their consent. Additionally, individuals who have given their consent should be able to reverse that decision at any time.

Also Read: Top GRC Tools & Software

CCPA Compliance

Back to top

California’s data privacy act has been in effect since the start of 2020.

What is CCPA?

The California Consumer Privacy Act (CCPA) is a law that offers individuals more control over their PII and how businesses can use it. It gives consumers the right to know what information businesses are storing on them and how those businesses are using and sharing the data, to delete their PII from a company’s database, and to bar a business from selling their personal data. CCPA defines personal information similarly to PIPL and includes name, social security number, biometric information, and internet browsing history.

Who Does CCPA Affect?

CCPA affects any for-profit organization that conducts business or serves consumers in California and meets one or more of the following criteria:

  • Has a gross annual revenue of more than $25 million
  • Handle at least 50,000 records of California residents, households, or devices
  • Receives 50 percent or more of their annual revenue from selling the personal information of California residents.

However, the rights outlined in the CCPA only apply to residents of California, even if they’re not in California at the time of the request. Nick Halsey, CEO of Okera, explains, “This combination of various state-based regulations and variables can imply a more refined data access policy, placing a new layer of requirements on governance systems. The policy, no longer static, must react to certain variables in real-time. In 2022, we will see increasing pressure on enterprises and vendors to put the tools in place that enable real-time, state-based policy enforcement.”

Also Read: CCPA Compliance Checklist & Requirements

CCPA Compliance Checklist

If your business meets any of the above criteria, these are the things you need to remain compliant:

  • Full visibility into the data your organization has and collects: Businesses collect a ton of data in both structured and unstructured formats, and while they can easily search their structured data to find out what they have, unstructured data isn’t that easy to parse. Organizations need to understand all of the data they store and collect as well as where they’re storing it.
  • Categories for all of your organization’s data: Not every piece of information will be relevant to CCPA and require the same level of security. Categorizing your data ensures that you’re keeping necessary information for the appropriate length of time and providing the required security.
  • Remediation plans for different scenarios: Obviously, you don’t need to launch a full incident response if someone asks you to delete their data, but you do need to have a standardized remediation plan in place. You’ll need to create plans for each of your data categories to abide by relevant compliance requirements.
  • Clear policies on data governance: Tell your consumers why you need their sensitive information, what you plan to do with it, and how you’ll store it. You also need to train your employees extensively on these policies, so they know what they can and can’t do with the data you collect.
  • Easily accessible Subject Rights Requests: The CCPA allows California residents to request information about how their data is being used, and your company has to make these requests simple for consumers. The law also dictates that organizations have to acknowledge each request within 10 days of receipt and fulfill it within 45 days, so you need an efficient system in place to receive and act on these forms.

Also Read: Best Incident Response Tools and Software

GDPR Compliance

Back to top

Europe’s privacy protection law went into effect in 2018.

What is GDPR?

The General Data Protection Regulation (GDPR) is legislation that protects the data of citizens in the European Union (EU). It’s likely the strictest data privacy law in effect today, and, for the most part, if you’re compliant with GDPR, you’re likely compliant with other data protection acts. The GDPR website defines personal information as “any information that relates to an individual who can be directly or indirectly identified. Names and email addresses are obviously personal data. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be personal data. Pseudonymous data can also fall under the definition if it’s relatively easy to ID someone from it.”

If you’re compliant with GDPR, you’re likely compliant with other data protection ACts.

Who Does GDPR Affect?

GDPR affects all organizations that conduct business in the EU, serve citizens of the EU, or track and record data of people in the EU. However, organizations with fewer than 250 employees are exempt from some of the rules of GDPR. The documentation states that the data protections outlined in the first two paragraphs, “shall not apply to an enterprise or an organisation employing fewer than 250 persons unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data as referred to in Article 9(1) or personal data relating to criminal convictions and offences referred to in Article 10” (Article 30.5).

GDPR Compliance Checklist

Here’s what you need to comply with GDPR if you have more than 250 employees or meet the criteria listed above:

  • Clear categories for the data you store: You need to separate the data you collect into categories and outline specific reasons for collecting each type. The records of these categories should include the name and contact details of each processor and data controller and information on and data transfers.
  • A detailed list of what you use data for: This list should include records like the name and contact details of the data controller and data protection officer, the reason for processing the data, a description of how you categorize your data, who has access to the data both internally and externally, and a description of the security measures you have in place to protect the data. This list should be in writing (or electronic form) and available if requested by a compliance officer.
  • A legal justification for processing the data: Article 6 of GDPR outlines the lawful justifications for processing data, including but not limited to consent from the individual the data belongs to, processing due to a contractual basis, and for matters of public interest. If consent is your justification, you’ll need to make it easy for your data subjects to revoke their consent at any time.
  • A comprehensive privacy policy: You need to tell your consumers that you’re collecting their data, what you’re using it for, who can access it, and how you’re protecting it. Users should have access to this privacy policy every time you collect their data, and it should be easy to read and understand.
  • Internal security policies and remediation plans: Under GDPR, you must be cognizant of data security any time you handle someone else’s data. PII should be encrypted or anonymized whenever possible, and you need to train your employees extensively on data security, especially if they have access to personal data. Perform impact assessments when making changes that affect your data, and have a plan in place for notifying relevant authorities or individuals when you have a breach.
  • A designated GDPR compliance officer: This should be an internal employee well-versed in the requirements of GDPR, and they should be encouraged and able to evaluate data processing policies and make changes where necessary. Depending on your business category, you may also need a data protection officer. And if your business is located outside of the EU, you will also need to appoint a representative located in the EU.
  • Signed data processing agreements with third parties: If you work with other organizations that are going to get access to your stored personal data, you’ll need to sign an agreement that outlines each party’s responsibilities regarding GDPR compliance.
  • Easy access for your customers to their data: If you’re collecting personal information, you must make it easy for consumers to find out what information you’re storing on them, update inaccurate or outdated information, request that their PII be deleted, request that you stop processing their data, request a copy of their personal data, or object to you processing their data. Also, if you use automated processes to make decisions about people, your customers should be able to request human oversight or challenge the decision.

How to Stay Up to Date with Changing Compliance Regulations

New data privacy compliance regulations come out from time to time, especially as the way companies process data changes, so compliance can be difficult for many organizations. However, because GDPR is so strict, most companies can get away with following those procedures and be covered under many other regulations, including CCPA and PIPL. It’s important to have a compliance officer within your organization that can help you stay up to date with changing regulations and adjust policies as needed.

Read Next: Top GDPR Compliance Security Companies & Solutions 2022

Get the Free Cybersecurity Newsletter

Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

The post How to Comply with GDPR, PIPL and CCPA appeared first on eSecurity Planet.

]]>
Twitch Breach Shows the Difficulty of Cloud Security https://www.esecurityplanet.com/cloud/twitch-breach-shows-difficulty-cloud-security/ Tue, 02 Nov 2021 12:46:04 +0000 https://www.esecurityplanet.com/?p=19784 Cloud security is a delicate balancing act of keeping the freedoms that make migration worthwhile while also keeping a company’s data secure. A recent breach of Twitch, an Amazon-owned company, showed businesses just how difficult cloud security really is. And it’s critically important, with the average cost of a data breach in hybrid cloud environments […]

The post Twitch Breach Shows the Difficulty of Cloud Security appeared first on eSecurity Planet.

]]>
Cloud security is a delicate balancing act of keeping the freedoms that make migration worthwhile while also keeping a company’s data secure. A recent breach of Twitch, an Amazon-owned company, showed businesses just how difficult cloud security really is. And it’s critically important, with the average cost of a data breach in hybrid cloud environments sitting at $3.61 million. Let’s look at the Twitch breach and what it teaches us about protecting your organization’s data.

The Difficulties of Cloud Security

Server Misconfiguration Caused The Twitch Breach

Even Amazon, the biggest cloud vendor on the planet, can struggle to keep its cloud environments safe, showing just how difficult cloud security really is. According to interactive live-streaming service Twitch, “the incident resulted from a server configuration change that allowed improper access by an unauthorized third party.” When the company was configuring its server, it accidentally exposed some of the data to the internet, and the attacker got to it that way. The bad actor then leaked part of the information they stole and hinted that there might be more to come.

Why Cloud Security is so Difficult

Many of the same features that make the cloud so desirable for businesses also make it difficult to secure. Users can access the cloud from anywhere, and cloud applications are generally easier to deploy than on-premises apps. But attackers are also evolving and bringing with them a host of new threats.

Also read: Top 12 Cloud Security Best Practices for 2021

Too Many Users Have Access

One of the things that makes cloud security so difficult is that most companies give too many users access to sensitive data. Most IT departments are understaffed, and rather than fully investigate each request for access, it’s easier to just give it to employees that ask. The problem is, the more people there are that have credentials to a dataset, the more likely it is for some of those credentials to become compromised.

Instead of giving employees access to everything in their cloud environment, companies should use the principles of least-privileged access or implement zero trust to only give credentials to the data and applications employees need for their job functions. Privileged access management (PAM) software can simplify this process and limit the number of people who can examine and manipulate sensitive information.

Deployment Speed Leads to Misconfigurations

Organizations are often concerned with how quickly they can get their cloud environments up and running. The problem with prioritizing speed over everything else is that businesses overlook security. Cloud architects and security professionals should work together to deploy cloud environments quickly while ensuring that they configure their servers in a secure way.

Like we saw in the Twitch breach, server misconfiguration can accidentally expose information that you needed to keep private. And this isn’t a problem with the cloud environment, but with the user. Gartner says that through 2025, 99 percent of data breaches in the cloud will be the customers’ fault.

Emerging Threats

As software evolves to become more secure, malicious actors are also adapting to create new threats and circumvent existing security measures. Phishing tactics keep changing, and new zero-day threats emerge constantly. Research from WatchGuard shows that 74 percent of the malware detected in the first quarter of 2021 was from zero-day threats.

The work landscape also changes how attackers perpetrate threats. With more people working remotely than ever before, bad actors also have more entry points into an organization’s network. Companies are also using more SaaS applications to connect their employees, which could lead to more third-party vulnerabilities.

Also read: Best Third-Party Risk Management (TPRM) Tools of 2021

What You Need to Protect Your Cloud Environment

To keep your cloud environment safe from all these threats, you need cybersecurity tools that offer visibility and control, automation, and configurable policies.

Visibility & Control

Your cybersecurity tools should give you full visibility into your cloud environments and allow you to manage them from a single console. You should know who has access to each environment and application on your network, and which devices have connected to it. Higher visibility from software like security information and event management (SIEM) allows your IT team to react more quickly to threats, preventing a breach from affecting a large portion of the network.

You should also have some measure of control over your cloud infrastructure, so you can segment your clouds and keep breaches from being catastrophic. By using microsegmentation, attackers that successfully breach your network only have access to a small part of it before they hit a wall. This gives your IT team time to respond and remove the threat and prevents you from losing large amounts of data.

Automated Security Processes

Most IT teams are overburdened, meaning they can’t respond immediately to every single alert security software sends them. Your cybersecurity software should include automation that prioritizes alerts as they come in, helping your IT team identify the most pressing threats. Additionally, consider security tools that offer automated rollback and remediation, so your company can continue operating even while facing a breach.

Consistency in Policies

In order to protect your company from outside threats, your employees need to know what the cybersecurity policies are. These policies should be consistent across all departments, and they shouldn’t change much from year to year. And just having the policies isn’t enough; you also need to enforce them for effective security. Enforcing policies keeps employees from using shadow IT practices to go around security procedures and improve the overall security of your network.

Limiting Access is Critical for Protecting Your Data

The best way to protect your data is to limit the number of people and applications that can access it. With fewer people holding credentials to sensitive information, attackers have a more difficult time getting their hands on them. Use access management solutions like PAM in conjunction with consistent IT policies to keep your network safe from outsiders. Additionally, make sure your cybersecurity tools offer visibility, control, and automation to make life easier for your IT team.

Read next: CNAP Platforms: The Next Evolution of Cloud Security

Get the Free Cybersecurity Newsletter

Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

The post Twitch Breach Shows the Difficulty of Cloud Security appeared first on eSecurity Planet.

]]>
Application Security is Key to Stopping Ransomware, Vendor Says https://www.esecurityplanet.com/threats/application-security-key-ransomware/ Wed, 20 Oct 2021 12:24:40 +0000 https://www.esecurityplanet.com/?p=19660 Recent news headlines have shown how vulnerable even large companies with many resources at their disposal are to ransomware. While these attacks may feel inevitable, there are measures that businesses can take to protect themselves. One vendor says application security may be the key to stopping ransomware. Preventing Ransomware with Application Security How ransomware accesses […]

The post Application Security is Key to Stopping Ransomware, Vendor Says appeared first on eSecurity Planet.

]]>
Recent news headlines have shown how vulnerable even large companies with many resources at their disposal are to ransomware. While these attacks may feel inevitable, there are measures that businesses can take to protect themselves. One vendor says application security may be the key to stopping ransomware.

Preventing Ransomware with Application Security

How Ransomware Accesses a Network

Generally, ransomware gets into a network courtesy of phishing emails. An attacker sends a legitimate-looking email to their victim in an attempt to get them to click on a link or open an attachment. Once they do, the computer automatically downloads the malware. From there, the malware has to make its way onto the actual network, which can be difficult depending on the protections the company has in place.

It often hides in legitimate applications or files that it has altered to look harmless. Ransomware may also use known vulnerabilities in software or plugins to access a network.

Also read: Best Ransomware Removal and Recovery Services

How Application Security Prevents Ransomware

Application security (AppSec) focuses on patching bugs and vulnerabilities in software that bad actors often use to inject ransomware or malicious code into a network. AppSec teams work with cloud, desktop, mobile, and web applications. By removing these vulnerabilities from the equation, attackers don’t have an easy way into the network, meaning they’ll likely move on to easier targets.

In addition to patching vulnerabilities from third-party software, AppSec teams might also work with their DevOps teams to add multifactor authentication (MFA) or similar identity authentication features into applications they build in-house. By adding layers to app logins, attackers can’t steal or hack passwords to gain the access they need.

Also read: Hackers Leak 87,000 Fortinet VPN Passwords

Application Protection vs. Endpoint or Network Security

Furthermore, application protection determines whether the software is loading legitimate processes to identify malware before it can execute harmful scripts. This makes the application the detection standard, according to Mark Pelkoski, Vice President of Sales Engineering for Virsec, removing some of the variables from the detection process because a healthy application should start the same way every time.

Endpoint and network protection platforms don’t have the same luxury. These platforms typically catch ransomware later than application security tools, especially when it comes to endpoint security, and much of the matching is based on signatures and known threats, which could exclude zero-day threats.

Pelkoski explains, “Network security has the fundamental problem of having to deal with decrypting and parsing the network traffic to apply signatures or rules to guess what is happening to the victim, then executing some mitigation action to counteract the action. To complicate the problem, this must happen in real-time as the traffic is held long enough to decide what to do before it impacts application performance.”

Because it can catch the first sign of an attack, application security can immediately stop the scripts and prevent the ransomware from activating. 

Using Deterministic Protection Platforms for Application Security

Deterministic protection platforms (DPPs) are a great option for application security because they provide fewer false positives than other security tools and can quickly catch changes in expected behavior. They work by examining the intention of an application’s code, allowing them to identify malicious intent and force the program to stop running.

If a DPP identifies a change in intent while the application is running, it immediately shuts down the software and provides detailed information to help the security track the attacker and patch any vulnerabilities it uncovered. It can even give the line number of the code where the vulnerability originated. Because the DPP provides information on the code of the software, false positives are limited.

Features to Look For

DPPs should offer prioritization to allow security teams to deal with the most pressing threats first. They should also provide full visibility into the attacks, including where they originated within the software. “Ideally, the platform should monitor the operating system, file system, memory, and application inputs. Monitoring and enforcing command-line execution parameters is also highly desirable,” Pelkoski says.

He adds, “However, monitoring at these levels is not enough. The solution must also monitor at runtime, not rely on a cloud service for a decision, and, more importantly, react in real-time to the threat. It is only then can the attacker be denied any kind of dwell time, instantly killing any attempt to establish persistence or a command-and-control channel process.”

Top DPPs

When looking for deterministic protection platforms to manage your application security, consider these systems:

  • Virsec
  • K2 Cyber Security
  • Acunetix
  • Micro Focus Fortify

For a full list, check out our Top Application Security Vendors.

Improve Compliance by Protecting Your Applications

Application security offers more than just preventing ransomware; it also helps organizations in highly regulated industries improve their compliance. Many application security tools don’t require access to the internet in order to identify breaches, preventing an additional vulnerability that endpoint or network security tools may add.

Because application security can automatically respond at the first sign of an attack, organizations can keep bad actors out of their networks and prevent ransomware. This level of protection is critical for government entities, healthcare organizations, and financial institutions, among others.

Get the Free Cybersecurity Newsletter

Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

The post Application Security is Key to Stopping Ransomware, Vendor Says appeared first on eSecurity Planet.

]]>
Windows 11 Security Features & Requirements https://www.esecurityplanet.com/endpoint/windows-11-security/ Mon, 18 Oct 2021 12:18:19 +0000 https://www.esecurityplanet.com/?p=19633 Windows 11 started rolling out on October 5 for personal devices, but most businesses are unlikely to get access to the upgrade until the middle of 2022. Regardless of when you get Windows 11, you’ll need to know what security features are included and available, so you can effectively implement it across your organization. The […]

The post Windows 11 Security Features & Requirements appeared first on eSecurity Planet.

]]>
Windows 11 started rolling out on October 5 for personal devices, but most businesses are unlikely to get access to the upgrade until the middle of 2022.

Regardless of when you get Windows 11, you’ll need to know what security features are included and available, so you can effectively implement it across your organization. The early data shows potential: So far, the new Windows 11 features have reduced malware on tested devices by 60 percent.

Let’s take a look at the Windows 11 security features businesses can expect and the requirements they’ll need to meet.

While Windows 11 offers more security features than previous versions of the operating system, it still requires updates and secure devices to maximize that security. Kolide — this article’s sponsor — works with Okta to ensure that only secure devices can access company resources, checking the status of each device and requiring fixes before allowing access. Through its self-service model, Kolide allows for quick fixes and reduced demand on IT staff.

What to Expect from Windows 11

Features On by Default

While Windows 10 included the options for security features, like virtualization-based security (VBS), businesses had to manually turn them on. In Windows 11, however, these features will be turned on by default—one of the reasons for the increased CPU requirements. This is part of a much-needed trend by Microsoft to make security less optional.

Here are some of the features that will be on by default in Windows 11:

Zero Trust Ready

With these security features already in place, Microsoft is touting Windows 11 as zero trust ready. This should limit the number of incidents cybersecurity professionals have to chase down, improving their response time. Windows 11 also provides the ability to determine whether or not a device has the security features enabled, similar to how someone today might use their vaccination card. A device has to prove that it is secure before getting access to the data, just like you might have to show your vaccination card to get access to a concert venue.

Combining this with the OS supporting Microsoft Azure Attestation (MAA) out-of-the-box, Windows 11 offers both software and hardware-based zero trust protection. MAA has the ability to remotely confirm the integrity of hardware or software trying to access sensitive cloud resources. Extending protection to both cloud and on-premises environments is critical for enterprise scalability.

Virtualization

One of the features Windows 11 promised was Android application support, which requires app virtualization. Because development would be extremely difficult on mobile devices, developers need a way to run the application from their computers. Virtualization allows them to test app features from their computer before rolling them out to the public.

VBS uses hardware virtualization to add an extra layer of protection to security features and prevent malware from infecting them, even if it breaches the rest of the device.

Looking forward, Microsoft expects to run virtualization through individual Krypton containers. While Microsoft has announced this feature for Windows 10X, it isn’t yet part of Windows 11.

Sandboxing

Windows Sandbox allows users to run applications in a safe environment that’s separate from the rest of their PC. Once the user closes the application, everything within the sandbox gets deleted. For applications that might be hosting malware, this prevents it from accessing other files and applications on the device.

While Microsoft didn’t anticipate that personal users would be interested in sandboxing, they’ve actually seen a lot of engagement with it. Sandboxing obviously changes the experience of running an application, so Microsoft is still working on balancing both security and usability.

Passwordless Access

Windows Hello offers passwordless access for your devices, relying instead on a PIN, fingerprint, or facial recognition. For consumers, passwordless access will be on by default, but businesses will be able to deploy simple passwordless models. IT administrators will also retain granular control over authentication methods to ensure users comply with company policy.

In addition to increased security, passwordless access can also reduce operating costs for IT teams because they’ll spend less time helping users reset their passwords. And since 81 percent of breaches use passwords that attackers have stolen or hacked, that’s fewer resources IT will have to put towards chasing down intruders.

Also read: Microsoft Expands Passwordless Sign-on to All Accounts

Upgraded Hardware Requirements

Microsoft requires that devices running Windows 11 have at least an eighth generation Intel CPU in order to enable the default security features it wants to include. Not only do the eighth generation and above processors support these features, but they can also optimize performance so users don’t have to sacrifice usability for security. Eventually, this will include Microsoft’s Pluton processor.

Additionally, devices that are certified for Windows 11 will come with a TPM 2.0 chip, which protects credentials and encryption keys behind hardware. This protection is difficult for attackers to breach and provides root-of-trust out of the box.

While the new hardware requirements may be frustrating for some, 80 percent of security decision makers believe security software has to be supplemented with modern hardware to fend off attacks. Dave Weston, director of OS security at Microsoft, said prevention is at the heart of this shift in his interview with Tech Republic. “What I’m hearing is just given the voracity of attackers out there and the threat landscape, detection is working great; but maybe few companies can really staff the folks that would be necessary to investigate and remediate every one of those issues. So what we’re starting to see is a pattern back to good old prevention; the more we can reduce the funnel, the better we can action and remediate [those threats].”

Should You Upgrade to Windows 11?

Businesses that have the budget to upgrade their hardware should consider upgrading to Windows 11. It reduces the attack surface of your devices and lowers the burden on your IT team by limiting the incidents they need to chase down. Considering how hard good IT security specialists are to find in the current market, reducing their workload can help you keep them.

However, new software releases are bound to include bugs, so it may be worth waiting a few months after the initial release to give your organization time to prepare for any issues that other users have brought up. This way, Microsoft can hopefully address those concerns before your company even has to worry about them.

Even so, Microsoft has been taking security seriously for some time now and scoring well in MITRE tests in the endpoint detection and response (EDR) space. Because of this, any bugs in the new operating system will likely be minor and probably won’t have a huge impact on security. They’d probably be more likely to affect user experience.

Read next: Microsoft, Google Among Tech Giants Pledging Big Money to Cybersecurity

Get the Free Cybersecurity Newsletter

Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

The post Windows 11 Security Features & Requirements appeared first on eSecurity Planet.

]]>