Webroot: Nastiest Malware Threats Offer All Tricks, No Treats

…to limit the amount of uncertainty that can lead to phishing-related breaches. Educate employees on common threats using consistent security awareness training and phishing simulations. Additionally, lock down RDP with data encryption and multifactor authentication. And pair cybersecurity software with backup to strengthen cyber resilience at multiple different layers of vulnerability.

CF: What can MSSPs and other cybersecurity providers do to help organizations guard themselves against these malware threats?

TM: Educate clients about the many different attack vectors that exist within the threat landscape, and thus the multiple layers of security and tools that need to work cohesively to prevent and protect against them. Make sure the IT professionals are educated regularly on the threat landscape, and aware of new trends and tactics. Security should be a primary budget consideration because the preventions you put in place today will help protect the business in the future. It’s not a matter of if a threat or a breach will happen, it’s when.

CF: What are we likely to see in terms of malware threats in the months ahead? Are we likely to see new tactics emerge?

TM: The landscape is an endless cat-and-mouse game. And criminals are always innovating new ways to sneak malware into systems. Change is the only constant. So expect the unexpected and prepare for the worst with cybersecurity and data backup solutions that prevent and protect against threats at every layer of vulnerability.

Micro Focus: Security Personnel Shortage High Amid COVID-19

More than 90% of organizations are dealing with a shortage of IT security personnel, according to a new Micro Focus report.

Security architects and analysts are the most in-demand positions. Additionally, the findings discovered that every educational institution surveyed had a security shortage.

Moreover, some of the most regulated industries in the survey have the lowest percentages of organizations with shortages. Those include finance, health care and government.

Micro Focus’ Michael Mychalczuk

Michael Mychalczuk is director of security operations at Micro Focus. He said the reason analysts are in such demand is data has increased, but the ability to process it has not.

“The silver bullet promise of ML has been disappointing for many, because they fundamentally misunderstand the correct pairing of the human and machine,” he said. “The human creates the question, the machine answers the question. When humans rely on machines for creating the questions, the feedback loop fails. So organizations are trying hard to staff for the onslaught of additional data and the new threats, but have not learned how to use the tools as effectively as possible.”

Security architects are needed as security now has to be built into services from inception, Mychalczuk said.

Just because organizations have a security personnel shortage doesn’t necessarily mean they’re more vulnerable to cyberattacks, he said.

“A small organization with a good grasp of how strong governance cost effectively manages risk and compliance needs can be far more effective than a large organization simply throwing bodies at the problem,” Mychalczuk said. “There are core processes that significantly reduce the attack surface, and thereby enable an organization to be tiny but mighty. Sadly, they are not often utilized because they are not hip and cool, and because they often conflict with an organization’s culture. And culture will always eat strategy. The secret is to pick tactics that advance the strategy that adapt to the changing situation. It’s been the winning combination in warfare for thousands of years, and yet remains elusive for many.”

Guardicore/Ponemon: Organizations Increasingly Shun Legacy Firewalls

More than 60% of organizations say legacy firewalls are ineffective in preventing damaging cyberattacks against applications, data centers and data in the cloud.

That’s according to a new report conducted by Ponemon on behalf of Guardicore. More than 600 U.S. security professionals were polled.

Fifty-three percent of respondents are actively looking to replace legacy firewalls with modern security solutions. They want solutions that are more cost effective and provide greater flexibility. Furthermore, they want them to match the speed and agility required by digital transformation.

According to the survey, legacy firewalls:

• Are failing to enable zero trust;
  Aren’t stopping attacks, therefore leaving organizations vulnerable; and
• Hinder Agility and cost too much to maintain.

Guardicore’s Dave Burton

Dave Burton is Guardicore‘s vice president of marketing.

“Organizations are increasingly operating in the cloud, and rapidly introducing new applications to drive innovation and support remote workforces,” he said. “The biggest complaints we’re hearing from organizations on legacy firewalls is that they kill speed and flexibility and are not providing the required needs around securing complex cloud and hybrid infrastructures.”

Fifty-seven percent of respondents said it can take three weeks to a month to change firewall rules to accommodate an updated or new app, Burton said. Furthermore, 62% said access control…