Netwrix: Working from Home Prompts Latest Cybersecurity Trends

Insider cyber threats will become more pressing in the months ahead.

Edward Gately, Senior News Editor

June 11, 2020

8 Min Read
Cybersecurity Roundup, security roundup

Netwrix says organizations need to keep an eye on five cybersecurity trends in the second half of 2020 and beyond due in part to working from home.

The massive shift to working from home in response to COVID-19 has led to an increase in cyberattacks. However, Netwrix experts don’t envision dramatic shifts in the cybersecurity threat landscape. Instead, they identify the following cybersecurity trends that have accelerated and will have the biggest impact on organizations:

  • The insider threat will become even more pressing. Many organizations already plan to keep more of their staff working from home. IT teams will have to adapt to a larger remote workforce. That means a lack of control over a greater number of endpoints and network devices.

  • Security by design and by default will become the norm. Use of online services has exploded while working from home. Unfortunately, many users have little knowledge about cybersecurity threats, which makes them easy targets for online scams.

  • Deepfakes will take spoofing to the next level. Emails impersonating C-level management and voice spoofing will continue. But the extensive use of video conferencing will lead to a rise in video spoofing.

  • Attacks will go undetected in a flood of false alarms. The abrupt change to working from home has caused many security monitoring solutions to generate far more false positives since they require time to adapt to the new normal. A similar spike in false alarms will occur when employees return to the office. Hackers will continue to use these turbulent times to launch attacks, knowing that organizations will be blind to their malicious behavior.

  • Organizations will move beyond passwords. As people flock to online services, re-use of passwords between services will increase. Users can’t remember dozens of unique passwords and are reluctant to adopt password management tools. Therefore, organizations will adopt non-password authentication methods, such as biometric data, like fingerprints or eye scans.


Netwrix’s Ilia Sotnikov

Ilia Sotnikov is Netwrix’s vice president of product management. He said MSSPs and other cybersecurity providers can develop specific services to address the burning needs of their customers. They can offer packages that will help organizations improve control over user activity, and provide more visibility into network devices.

“Also, security providers need to ensure they are able to offer solutions and services to manage cyber risk,” he said. “They should keep their eyes open for easy and simple solutions as those would be likely to be accepted by the market. Organizations will have to reassess their risks and adapt their plans, having new lower budgets in mind. Simpler solutions that don’t require costly consulting services are likely to be in demand.”

Organizations have to reprioritize budgets and many have to focus on availability of their applications and data, Sotnikov said. IT departments often lack budget and expertise to do much beyond keeping the lights on. MSSPs have the opportunity to fill this lack of expertise gap and guide clients to a comprehensive security strategy.

“Organizations will definitely have to support remote infrastructure for awhile,” he said. “Employees will be coming back in phases, and the last ones may be working remote until the end of the yearor perhaps forever. This means that targeted attacks on employees and insider threats will still be an issue. Also we might expect a new wave of phishing attacks, as we have seen with COVID-19 related emails. Security providers and their customers should consider renewing employee knowledge on security best practices.”

In many cases, the urgent move to working from home demonstrated to executives that their teams can stay productive while working remotely, Sotnikov said. This means some will leverage the opportunity and give employees more flexibility, he said.

“You can also expect a higher number of new businesses to start with a ‘virtual office’ to attract the best talent globally and cut the costs during the rapid growth stage,” he said. “MSSPs that have predefined service packages for remote or mixed office/remote environments can definitely leverage this trend.”

Sophos Unleashes Advanced EDR

Sophos has unveiled an updated version of its Endpoint Detection and…

…Response (EDR), designed for both security analysts and IT administrators.

It’s available now in Sophos Intercept X Advanced and Intercept X Advanced for Server with EDR. Advancements and new capabilities make it faster and easier for security analysts to identify and neutralize evasive threats. And IT administrators can proactively maintain secure IT operations to reduce risk.


Sophos’ Dan Schiappa

“Cybercriminals are raising the stakes, stopping at nothing to capitalize on expanded attack surfaces as organizations increasingly move to the cloud and enable remote workforces,” said Dan Schiappa, Sophos’ chief product officer. “Servers and other endpoints are all too insufficiently protected, creating vulnerable entry points that are ripe for attackers to exploit. Sophos EDR helps identify these attacks, preventing breaches and shining light on otherwise dark areas. Live querying capabilities only available with Sophos EDR in Intercept X enable organizations to search for past indicators of compromise and determine the current system state. This level of intelligence is critical in understanding changing attacker behaviors and reducing attacker dwell time.”

Also this week, Sophos published new research on the Kingminer botnet. Cybercriminals are now attempting to gain brute-force access to servers and using the EternalBlue exploit to spread malware.


SophosLabs’ Gabor Szappanos

Gabor Szappanos is threat research director at SophosLabs. He said there’s a lot organizations can do to protect themselves from Kingminer. That includes locking down internet-facing services (SQL) and patching vulnerabilities in Windows servers (EternalBlue). Also, avoid using easy-to-crack passwords for the server accounts.

MSSPs and cloud hosts should, whenever possible, lock down SQL servers that are facing the public internet, if they don’t need to be accessible to the entire world,” he said. “Firewall rules that block public ingress to default SQL server ports should be implemented where possible. Owners of these servers, if they need to remain available to the public internet, should be using unique, complex passwords for the database accounts, and should conduct regular audits to look for newly-created or recently modified accounts in the database.”

WatchGuard Unveils Tabletop Firewall Appliances

WatchGuard Technologies this week released new Firebox T Series tabletop firewall appliances for small, home and midsize office environments.

The tabletop security appliances are built to provide advanced throughput and improved HTTPS traffic processing, along with a comprehensive set of security services. They allow small and midmarket organizations, and the MSPs that support them to deploy gateway antivirus, content and URL filtering, antispam, intrusion prevention, application control, cloud sandboxing, endpoint protections and more.


WatchGuard’s Mark Romano

Mark Romano is WatchGuard’s senior director of worldwide channel and field marketing. He said this is an “exciting time” for partners who want to expand their portfolio and reach their customers with new offerings. Those include multifactor authentication, user-centric DNS filtering and secure Wi-Fi.

And with the closing of WatchGuard’s acquisition of Panda Security, partners can offer endpoint protection, he said.

“Partners selling WatchGuard have a significant advantage in the marketplace with the simplicity and power provided by our appliances,” Romano said. “These Fireboxes offer enterprise-grade protection and throughput with a full suite of security services turned on, which means they don’t need to sacrifice performance for protection. Additionally, the WatchGuard Firebox T Series appliances offer easy deployment and management because they are designed with automation to the core, allowing your IT team to do more with less. Deploy from the cloud, update signatures, detect and kill malware, all without lifting a finger.”

Cybersecurity Startup Axio Gets Cash Infusion

Axio, a cyber risk management SaaS company, has closed an investment by Fin Venture Capital, IA Capital Group and NFP Ventures.

The investment will be used to accelerate platform innovation. It also will fuel expansion into new industries including the financial sector.

Axio didn’t disclose the funding amount.

The Axio360 platform was launched in May 2018. It is the cyber risk management operating system for nearly 1,000 organizations.

Axio’s integrated software enables ongoing visibility and insights across the organization. That includes cyber risk quantification, cybersecurity assessment, financial stress testing and prioritization.

This holistic view gives enterprises an understanding of what is at risk and how to protect against risk.

Scott Kannry is Axio’s…


Axio’s Scott Kannry

…founder and CEO. He said the funding will support Axio’s overall growth strategy of partnership program expansion. And it will allow partners to remotely manage and quantify cyber risk in one platform easily.

“In the last few months, we’ve seen an increase in how cybersecurity consultants are evolving their offering to focus on remote capabilities, and our platform was built for remote managing, client consulting, reporting and peer benchmarking,” he said.

Axios developed its methodology to be useable by anyone, whether an individual company or partner, Kannry said.

“Our software is simply the means to empower the methodology to be used by anyone – security and risk leaders, consultants, partners, allowing them all to frame both cyber risk and cybersecurity controls in a business context,” he said. “Because we’ve evolved Axio to be software company with only a limited services team, mainly for R&D purposes, our partners will play an increasingly meaningful role in our growth strategy and they accelerate our vision to give CISOs, MSSPs, insurance brokers, etc., the ability to make informed decisions and properly manage their cyber risk.”

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like