Security Roundup: Incident Response Plans, Data Breach Costs, Kudelski, Asigra

… counter growing malware threats. It prevents ransomware “attack loops,” which infect backup data and force ransom payments.

The platform uses bidirectional malware detection, zero-day exploit protection, variable repository naming and two-factor authentication (2FA) for a full defensive suite against advanced ransomware and other cyberattacks on backup data.

Asigra’s Eran Farajun

Eran Farajun, Asigra’s executive vice president, tells us his company is a 100 percent channel-focused organization, allowing partners to both resell the software and establish a cloud-based data protection service using Cloud Backup v14.

“With ransomware actively targeting backup data using attack loops, businesses, MSPs and VARs require defensive technology to stop these threats,” he said. “An attack loop occurs when hackers insert executable code within the organization’s backup data. When an attack occurs, both primary and secondary data are impacted, preventing the possibility of a clean recovery. To hide the code in the backup set, hackers insert the malware into data objects and other techniques which are backed up and stored in the company’s secondary storage repository. After a time-delayed detonation, the company restores a pre-attack generation of data only to realize that the recovery data reinserts the ransomware in to the network, recreating the ransomware for a perpetual loop of attacks.”

The security and compliance updates in the new platform provide several advantages for highly regulated industries such as health care, financial services and government entities, Farajun said.

“For MSPs, VARs, CSPs and other IT service providers supporting the data-protection requirements of their customers, Asigra’s technology offers the only cloud-based backup solution to address this challenge and ensure a viable recovery,” he said.

Clutch Survey: Personal Devices for Work Pose Cybersecurity Challenge

A new survey by B2B research firm Clutch shows a high number of employees are using personal devices to access company email and shared documents, often without any oversight. The survey included 1,000 full-time employees.

• Employees encounter password-update reminders (67 percent) more often than any other element of their companies’ cybersecurity policies.
• Password protection (76 percent) is also the most commonly practiced IT security behavior among employees.
• Although most employees (64 percent) use a company-approved device for work purposes, only 40 percent are subject to regulations regarding the use of personal devices.
• Virtually all check email and more than two-thirds access shared documents using their devices.

“Normal” or accepted employee behavior often presents the “most dangerous security threats,” said Randy Battat, CEO of PreVeil, a company that provides end-to-end encryption for email and file sharing.

“Employees believe that information that needs to be protected is special, sensitive stuff that’s explicitly marked and that most of the everyday communications they receive and send aren’t a risk for their organizations,” Battat said. “The reality is that the majority of communications and an organization’s intellectual capital can be found in the ordinary email.”

The study suggests that to ensure employees recognize and comply with security policy, companies should implement consistent cybersecurity policy training.