Tag: PROTECTION. | Page 5

After computer shutdown, a Maryland county buys cyber protection. Is that enough?

July 17, 2023/in Computer Security

A holiday cyber attack threw one Western Maryland county for a loop, altering some police operations, slowing down the office of the state’s attorney, and preventing online payments. Other jurisdictions in the state could learn lessons from the holiday hack of Washington County.

“You don’t want to be in a situation where you don’t know what you’re going to do if an incident happens,” said Markus Rauschecker, cybersecurity program director at the University of Maryland’s Center for Health and Homeland Security, an academic nonprofit consulting firm that advises local governments dealing with cyber incidents.

Rauschecker, also a member of the Maryland Cybersecurity Council, a group led by the state’s Attorney General and established by law to improve cybersecurity in Maryland, said each jurisdiction should have a plan, which “outlines the exact roles and responsibilities that every entity has with respect to cyber incident response.”

Months after the Thanksgiving Day incident, Washington County officials have tried to move forward, with the commissioners purchasing a pricey cyber protection system earlier this year, but the question remains: Is the county better prepared today than it was then?

Washington County Board of Commissioners President John Barr did not consent to questions during a break in the July 11 county commissioners meeting. Questions were referred to the county’s public relations department, which responded by email to several questions, including one asking what the county is doing going forward to protect citizens’ information.

“Information privacy and security are among the County’s highest priorities,” said Danielle Weaver, a county spokeswoman, in an email. “We have strict security measures in place to protect information in our care.

“Upon discovery (of) this incident, we quickly took steps to investigate and respond, including reviewing and enhancing our existing policies and procedures to reduce the likelihood of a similar future event,” Weaver said. “Washington County continues to review and enhance our cybersecurity posture by implementing additional safeguards.”

Those safeguards were not indicated in the email response…

Source…

The winning strategy for SMB ransomware protection

July 17, 2023/in Internet Security

It’s no secret that the threat of ransomware is showing no sign of slowing down, especially as organizations around the world come to terms with hybrid and remote working. The impact of an attack can be severe to say the least – according to the UK Government’s 2022 ‘Cyber Security Breaches Survey’ 39% of UK businesses identified a cyber-attack in the last 12 months. 83% of these businesses reported phishing attempts, and 26% identified a more sophisticated attack type such as a denial of service, malware, or a ransomware attack.

Unfortunately, businesses overestimate the role of technology in preventing attacks. Just as a manager of a sports team wouldn’t bank on their star forward to win every game, organizations should think about diversifying their approach to security.

Businesses cannot solely rely on technology

Given the growing volume and severity of these threats, smaller businesses are investing heavily in technology to protect against the risk of a devastating attack. Enter Endpoint Detection and Response (EDR) solutions, an increasingly popular automated technology that can be deployed to detect and help remediate possible threats before they become dangerous.

The trouble is, the majority of EDR detections are never investigated, throwing a spanner in the works for the notion that tech should support and augment human expertise. Alerts to threats are one thing, but finding a way to action them and prevent further intrusions is a whole other ball game.

This lack of response to alerts might not be as surprising as it sounds. In the same way that an onslaught of e-mails or phone calls at work can throw you off your stride, receiving too many EDR notifications can cause even the most experienced IT administrator to experience a kind of ‘decision paralysis’, ultimately leading to a failure to adequately address the problems the technology has identified. Pressure can ramp up to the point where turning off an EDR solution seems like the only play – a concerning trend whereby fatigued IT staff have simply reached their limit of cyberthreat tolerance.

Marcin Kleczynski

Founder and CEO, Malwarebytes.

Cultivate a ‘defense in depth’…

Source…

Is Cyberinsurance a Vital Protection Against Ransomware?

June 24, 2023/in Internet Security

In recent years, the frequency and sophistication of ransomware attacks have continued to escalate. In many cases, those attacks have piled up significant costs for their victims, and not just from the ransom payment. Extended downtime after an attack, expensive recovery efforts and reputational damage all hurt an organization’s profits after a breach.

“The actual cost of a ransomware attack extends far beyond the ransom payment — it can add up to be 7 times the ransom demand,” notes NetApp in a blog post.

“As far as overall costs go, experts estimate that the ransom payment adds up to only about 15 percent of the total cost of the ransomware attack,” the post continues. “And the real stinger in all of it is that only 1 in 7 organizations who pay a ransom actually get their data back.”

Some Vendors Offer Warranties Along with Cyber Insurance Policies

Cyber insurance is a growing trend and, in many cases, an operational requirement. However, some organizations don’t have the resources to self-insure. For smaller organizations, there are still ways to reduce the cost of cyber insurance premiums. Roberts notes that some third-party security providers, such as Rubrik, offer warranties that insurance companies recognize as extra assurance of an organization’s data protection strategy.

In April, Rubrik made two groundbreaking announcements about its ransomware warranties. In a press release published during this year’s RSA Conference in San Francisco, Rubrik said “With the rapid growth of cyberattacks, organizations share the same concern: ‘If we get hit by ransomware, can we recover?’” The company’s response was to increase the value of warranty it offers as part of its cyber insurance policies.

“Rubrik is confident in our data security solution and committed to a shared responsibility between customers and software vendors,” the release notes. “As such, we are putting more skin in the game by doubling our warranty to $10 million.”

In addition, Rubrik issued a separate press release to announce its partnership with Zscaler to offer a double extortion ransomware solution. “Rubrik’s…

Source…

Malwarebytes Awarded Highest Rated Endpoint Protection for Seven Quarters in a Row

June 22, 2023/in Internet Security

Rigorous tests by third-party research lab MRG Effitas demonstrate superior ability to detect and block real-world threats

SANTA CLARA, Calif., June 22, 2023 /PRNewswire/ — Malwarebytes, a global leader in real-time cyber protection, today announced that MRG Effitas, a world leader in independent IT research, gave Malwarebytes Endpoint Protection (EP) the highest possible score (100%) in its endpoint security efficacy assessment. As of the latest Q1 2023 test results, Malwarebytes is the only vendor to win every MRG Effitas certification and award for the seventh consecutive quarter, outperforming other solutions in its ability to spot and stop zero-day threats, ransomware, banking malware, fileless attacks and exploits. Centered around nine rounds of rigorous testing, MRG Effitas’ assessment criteria are the best way to evaluate endpoint security vendors today.

“Malwarebytes’ consistent high performance underscores our ability to spot and stop known threats as well as zero-day and polymorphic malware,” said Joe Hartmann, Senior Director of Threat Labs, Malwarebytes. “For under-resourced organizations that need endpoint security that just works, these results are a powerful tool to help them select the right protection for their business. Malwarebytes’ focus on leveraging machine learning and AI to automatically create detections means our solutions benefit from the speed and vast data consumption possible with these technologies. MRG Effitas’ quarterly testing alongside its new real-time testing solution Tempus, helps Malwarebytes’ protection stay ahead of the curve.”

MRG Effitas is an independent research and testing lab that evaluates endpoint protection solutions. The 360° Assessment & Certification by MRG Effitas isn’t like other tests that just evaluate traditional file-based attacks: they unleash real-world fileless cases and exploitation techniques, live botnets and credit card-skimming attacks on vendor products as well. In its latest report, MRG Effitas recognized Malwarebytes EP for its advanced security capabilities, particularly in detecting and preventing complex malware attacks. Malwarebytes EP is the engine that powers its endpoint detection and…

Source…

Tag Archive for: PROTECTION.

Businesses cannot solely rely on technology

Some Vendors Offer Warranties Along with Cyber Insurance Policies