What MSPs can do to help customers avoid the new Gmail phishing scam

Posted by Michelle Burke on Jan 19, 2017 2:45:12 PM

Even the most security-conscious email account holders have been falling for the new Gmail phishing scam. This advanced hack involves phishing for user email authentication information by tricking recipients into clicking on an attachment and re-entering their Google login credentials.

It works like this: Once someone has fallen for the attack, hackers scan the victim’s account and find the best attachment to email to others from that address. For example, the attachment could be an update on a document you were collaborating on earlier that week with a co-worker. This type of advanced attack works so well because the attachment seems legitimate.

Read More

Topics: IT Security

Time to resolve to review IT security processes

Posted by Mike Vizard on Dec 15, 2016 12:00:20 PM

There’s no doubt that most IT security professionals were left shaking their heads this week when it was revealed that the Federal Bureau of Investigation tried to inform the Hillary Clinton presidential campaign as far back as September of 2015 that their IT systems had been hacked. Alas, for a variety of issues relating mainly to a lack of IT security skills and flawed communications processes, it would take several more months for senior-level Clinton campaign officials to become aware of the true extent of the security breach.

Unfortunately, what occurred in the Clinton campaign is not an exception. A new study published this week by the McAfee Labs unit of Intel Security find that 93 percent of the 391 IT professionals surveyed acknowledged being unable to triage all potential cyber threats. The study finds that on average organizations are unable to sufficiently investigate 25 percent of security alerts.

But the most troubling aspect of the McAfee report is that 64 percent of the organizations surveyed said they rely on managed service providers to one degree or another for security operations assistance.

Read More

Topics: IT Security

IT Incident response planning creates new opportunity for MSPs

Posted by Mike Vizard on Dec 6, 2016 9:50:58 AM

Thanks to hard-won experience, most managed service providers (MSPs) have an IT incident response plan in place to cope with any disruption to their business. In contrast, however, it turns out most internal IT organizations don’t.

At a time when distributed denial of service (DDoS) and ransomware attacks are making it apparent just how weak many of the cyber defenses that organizations have put in place really are, large numbers of IT organizations are struggling to cobble together an incident response plan. MSPs that already have IT incident response planning expertise in place based on established best practices should not overlook that opportunity.

Read More

Topics: IT Security

Dyn DDoS attack false fodder for anti-cloud crowd

Posted by Ron Miller on Oct 27, 2016 3:51:55 PM

There's no doubt that you heard about, and were probably affected by the Distributed Denial of Service (DDoS) attack on domain registrar Dyn last week. It was a devastating attack that took down services like Spotify and Netflix along with business cloud services like Box and Zendesk for a time on Friday.

Read More

Topics: IT Security, Cloud Trends

The MSP’s Bookshelf: Social Engineering – The Art of Human Hacking

Posted by Lauren Beliveau on Oct 19, 2016 10:02:00 AM

Headlines about new data breaches, ransomware variants, and costly phishing scams seem to be popping up on a daily—sometimes hourly—basis. The media tends to focus on large Fortune 500 companies that are attacked, which leads many small business owners to assume that these threats are unlikely to affect them. Unfortunately, this is not the case—anyone can fall for a social engineering attack, and small businesses are targeted often.

What’s the first thing that comes to mind when you think of social engineering? A scammer trying to trick someone into giving away their banking info or social security number? That’s one common way it’s used, but social engineering is more than that. Social engineering is an all-encompassing term, and it’s all around us—whether it’s someone trying to get a raise or get a friend to share a secret. What it boils down to is the art of convincing people to change their frame of mind—and often divulge confidential information.

Read More

Topics: IT Security

Webinar: Get to know the security side of Intronis MSP Solutions

Posted by Adam LaRock on Oct 13, 2016 11:21:00 AM

A recent U.S. government report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016. That’s a 300-percent increase from the average of 1,000 daily attacks in 2015. This growing epidemic means businesses can no longer consider email security and next-generation firewalls an extra precaution; IT security is now a critical necessity.

Data protection and security go hand-in-hand, and as a part of Barracuda we are committed to helping our MSP partners not only recover data when loss occurs, but to help prevent that loss from happening in the first place. That’s why we’re hosting a webinar on Wednesday, Oct. 19 to introduce you to our growing portfolio of security products. Learn how you can take data protection one step further and offer your SMB customers total protection. Register for the webinar

Read More

Topics: IT Security, Events and Webinars

Navigating the IT endpoint security paradox

Posted by Mike Vizard on Oct 11, 2016 11:37:51 AM

One of the biggest challenges in modern IT security concerns what to do about endpoints. One school of thought suggests that anti-virus software as most organizations know it isn’t all that effective anymore. As such, this camp argues that more of the IT security budget should be shifting back to either defending the perimeter or encrypting data.

At the same time, thanks to the rise of more sophisticated social engineering attacks there’s more malware on endpoints than ever. A very strong case can also be made for proactively remediating vulnerabilities on endpoints as quickly as possible in order to prevent that malware from spreading laterally throughout the organization.

Regardless of where an organization lands on that endpoint security spectrum, one thing that is certain is not enough is being done to proactively manage endpoints.

Read More

Topics: IT Security

Time to get real with corporate boards about IT security

Posted by Mike Vizard on Sep 29, 2016 12:18:29 PM

As the number of regulations related to IT security continues to increase, the board of directors of most organizations has taken note of the fact that there’s significantly more financial liability pertaining to IT security.

In fact, a new survey 126 such boards conducted by Osterman Research on behalf of Bay Dynamics, a provider of cyber risk analytics tools, finds that 60 percent of the respondents say that cybersecurity mandates have become somewhat or very difficult to satisfy.

Read More

Topics: IT Security

Navigating the IT security divide

Posted by Mike Vizard on Sep 22, 2016 10:10:16 AM

One of the great paradoxes of IT security is that the people being protected by IT security technologies have more faith in them than the IT professionals that deploy and manage those technologies.

A recent survey of 1,110 senior executives conducted by The Economist Intelligence Unit on behalf of VMware finds that 40 percent of IT executives expect a major attack on their organization to be successful within the next three years. In contrast, only 25 percent of the C-level executives felt the same way.

Read More

Topics: IT Security

FTC lays down the ransomware law

Posted by Mike Vizard on Sep 15, 2016 11:50:04 AM

The chair of the Federal Trade Commission (FTC) is advising businesses that the FTC might hold them accountable for not fixing vulnerabilities commonly exploited by cybercriminals launching ransomware attacks.

FTC Chairwoman Edith Ramirez says the actual ransom demand is usually $500 to $1,000 but can be as high as $30,000. Based on data from the FBI, the U.S. government estimates there are now 4,000 ransomware attacks being launched per day, representing a 300 percent increase over the 1,000 ransomware attacks per day in 2015.

Even more concerning for the average organization, Ramirez also revealed that thus far the FTC has pursued more than 60 enforcement actions against companies that have been hit by ransomware. That may seem like a government effort to punish the victim of a crime, but the FTC is starting to make it clear that the careless handling of data is indeed a potential crime punishable by fines that far exceed the ransom being demanded by hackers.

Read More

Topics: IT Security

MSP Marketing Assessment
MSP Phishing Quiz
MSP State of the Industry Survey
Intronis Local Lunches