Skip to content

Keepit Secures Debt from Silicon Valley Bank in Partnership with Vækstfonden to Fuel Growth


Funding to support fast growth into new markets and hiring talent
London – 9 June 2022 – Silicon Valley Bank, the financial partner of the innovation economy, has provided a $22.5 million debt financing package to Keepit in partnership with Vaekstfonden. The fresh capital will help fuel further international expansion, hiring, and product development as it continues to scale and build out its market-leading platform for SaaS data protection.

Keepit will use the capital for strategic growth purposes, extend its cash runway ahead of future rounds, and minimize dilution during this strategic growth phase. Keepit will use the debt facilities to support the creation of new services and capabilities as well as new roles within the organization as it grows internationally and adds further market-leading functionality to its product offering.

Founded in 2007 in Copenhagen, Denmark, Keepit is a leader in cloud backup and recovery and the world’s only independent, vendor-neutral cloud dedicated to SaaS data protection with a blockchain-verified solution being sold worldwide. The financing from Silicon Valley Bank follows Keepit’s $30 million Series A funding round in 2020.

Frederik Schouboe, CEO and co-founder of Keepit, commented:

“The support from Silicon Valley Bank and Vaekstfonden is a testament to the strength of our business. The strides we have made in the sector have placed Keepit as a market leader. This additional funding now enables us to accelerate our key strategic plans to help fuel the next phase of growth for Keepit.”

Sebastian Penn, Managing Director of Silicon Valley Bank, Denmark, commented:

“Silicon Valley Bank is delighted to extend its partnership with the outstanding team at Keepit. It is great to see further funding within the Danish innovation economy and Keepit is innovating to support the growth of the broader SaaS ecosystem. We look forward to watching the team continue to grow, build, and scale globally.”

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.


About Silicon Valley Bank
Silicon Valley Bank, the bank of the world’s most innovative companies and investors, provides commercial banking services, expertise and insights to the technology, life science and healthcare, private equity and venture capital firms.

Silicon Valley Bank operates in centers of innovation around the world and is one of SVB’s core businesses. With global commercial banking services, Silicon Valley Bank helps address the unique needs of its dynamic, fast-growing, innovative clients.
Visit Silicon Valley Bank’s website to learn more.

Silicon Valley Bank is registered in England and Wales at Alphabeta, 14-18 Finsbury Square, London EC2A 1BR, UK under No. FC029579. Silicon Valley Bank is authorized and regulated by the California Department of Financial Protection and Innovation (DFPI) and the United States Federal Reserve Bank; authorized by the Prudential Regulation Authority with number 577295; and subject to regulation by the Financial Conduct Authority and limited regulation by the Prudential Regulation Authority. Details about the extent of our regulation by the Prudential Regulation Authority are available from us on request. © 2022 SVB Financial Group. All rights reserved. SVB, SVB FINANCIAL GROUP, SILICON VALLEY BANK, MAKE NEXT HAPPEN NOW and the chevron device are trademarks of SVB Financial Group, used under license.

What’s Key to Contract Language for a Cloud Exit Strategy

Put in the simplest terms, a cloud exit strategy, also known as a reverse migration, is the process of creating a plan to ensure a company can effectively transition out or—or between—various cloud services. 

Naturally, this should be a focus area for all companies moving to the cloud or engaged with outsourcing in general, either between cloud vendors in connection with retendering, or back to on-premises insourcing.

Regulations driving the need

Certain regulated industries have, in comparison to other industries, a more mature risk-based approach to exit strategies as the regulatory bodies overseeing them have more broadly developed requirements. In the financial industry, for instance, it is mandatory that financial institutions develop and implement comprehensive exit plans that are not only well documented but also, where appropriate, sufficiently tested. 

Companies in other industries could adopt the same approach. The reason for the financial regulators to focus on these issues and to require financial institutions to do this is in order to protect the overall stability of the financial systems due to the important role they play in our society. 

Financial institutions will, among other things, ask the cloud vendor to provide certain clauses in the cloud agreement that support the financial institution’s exit strategy. To cater to this, Keepit has developed amendments to our standard offering to customers that will provide additional services in connection with an exit.

Top 3 considerations for cloud exit strategy amendments:

  • Clearly set out the obligations of the existing service provider in the case of a transfer of the outsourced function to another service provider or back to the customer, including the treatment of data
  • Set an appropriate transition period during which the service provider, after the termination of the outsourcing arrangement, would continue to provide the outsourced function to reduce the risk of disruptions 
  • Include an obligation of the service provider to support the customer in the orderly transfer of the function in the event of the termination of the outsourcing agreement 

Managing data and costs

Depending on how simple and transparent the cloud vendors’ price models are, the customer could also focus on the costs in connection with such a transition, for instance, in the form of egress charges.  Keepit has a super simple price model with no egress or ingress charges, but that is far from the standard in the market. Generally speaking, services based on public clouds charge for egress and ingress.  

The actual migration of data in connection with an exit is more difficult to define in advance, but the vendor should be willing to assist and support the migration against payment for the services rendered. It is important to keep in mind that “data” in this context is not just the files themselves – the word document or the XLS. “Data” is also all the metadata surrounding the files – the business and technical context of the data processing. Keeping and transferring metadata can be a challenge. 

However, by having a backup and recovery solution built on blockchain-verified, immutable technology, Keepit enables organizations to document cloud data processing of data transitions from one primary vendor’s service to the next – provided, of course, that you keep an independent backup of the datasets. 

Takeaways on data regulations and data portability

On a general note, and separate from the above, exit rights in the form of data portability rights have been, at least partly, regulated in the European General Data Protection Regulation (GDPR), where data portability requirements allow individuals to obtain and reuse their personal data for their own purposes—across different services. The right allows the data subjects to move, copy, or transfer personal data easily from one vendor to another, safely and securely, without affecting its usability. 

Although the right is intended for data subjects (the individuals), it has, to some extent, transgressed to companies focusing on the availability to move data from one vendor to the next, which has created a demand for tooling to support such data portability needs. Keepit allows the customer to move the data and to provide certain tooling to do that at no additional charge. 

Finally, having a third-party backup of your data does counter the risk of lock-in with the specific vendor as you have your data available through the backup vendor. Although not the primary reason to ensure a backup, we do see this as an additional benefit to having third-party backup. 

Read more about Keepit and hear what some of the companies that rely on Keepit have to say at www.keepit.com/customers/ 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

OSINT Tools – Pt.3

Intro

Now that we’ve laid some theoretical foundation as to what OSINT consists of, let’s check out some tools and see how they can benefit us, as well as what are some of the most common uses. Before going any further, we would just like to quickly go over what types of information gathering there are, as well as some distinctions when it comes to these tools.

Active vs. Passive Recon

Within the context of an investigation, be it a penetration test or due diligence, we will use OSINT to gather some information.

The main distinction to be made here is active versus passive reconnaissance. Active reconnaissance means we are making some sort of a contact with a system we’re investigating. We interact with said systems. Some can be almost harmless, like ping, but some are much more intrusive, and can even mean brute forcing, and other such probing – which might be seen as hacking regardless of the fact that the resources are indeed in the open.

In general, in such a way we also might leave traces in the form of logs – which can further show the length of the connection, our IP address, etc.

When we are doing passive reconnaissance, we are not interacting with the systems. We might look up our target on Shodan, which would be considered passive, since we’re just using data that’s already out there, and are in no way interacting with any of the systems of interest.

There are merits to both sides, however, it’s crucial that we are aware of the distinction, so as to not hinder our investigation – we need to know what to use, and when.

Types of OSINT Tools

Based on what the tool does, we can say there are three main categories:

  • Aggregation Tools
  • Discovery Tools
  • Scraping Tools

Discovery Tools – tools that enable us to query and search the data that is already out there. The best example is Google search engine. Seemingly simple, but Google has a lot of websites indexed and crawled, which in turn gives us enormous potential when it comes to discovering new information. Another example would be Shodan.

Aggregation Tools – these tools help us connect the dots, so to speak, once we have gathered all of our relevant data and are in need of further relating it, and compiling it into a functional, easily digestible, format.

Scraping Tools – when we have successfully discovered the information we need, we would like to extract it in an easy and safe way. With these tools, we can avoid extracting anything that is of no use to us, as well as saving our precious resources e.g. time and bandwidth.

With all of that being said, there are a plethora of tools out there, but we have decided to give a brief overview of a few that we felt are the most essential ones. It’s up to you to establish your own methodology, and do research accordingly, as there is no exact path one would follow when conducting OSINT investigations.

Google Search Engine – Google Dorking

Beside your everyday uses of Google’s search engine, there’s a lot of options for you to refine your queries.

A simplest example is adding quotation marks to your search. By doing so, Google will interpret whatever we’ve put inside the quotation marks as an exact phrase, and will give us only the results where that exact phrase comes up.

Another common example is adding the term site to our search. If we wanted to search for let’s say imdb new movies we would get something like this… notice the number of results.

On the other hand, if we were to add site: to our search, we would get a result similar to this…

As we can see, there’s a drastic difference in the number of results obtained, just by leveraging one of the many Google dorks.

We can even look for specific filetypes, with the filetype keyword.

If we want to look for publicly available .pdf’s for example, we can add the keyword like this:

We can also say intitle – and Google will return results if the exact phrase appears in the title of the page; there’s cache too – which will give us Google’s cached version of the URL that we’ve specified.

There are many more dorks available, and this is a big topic which we will look to cover in an article dedicated just to Google dorking.

But for now, we’d like to mention that this is completely legal as we are querying against legal, publicly available information. Of course, be mindful that what you do with the information might not be legal.




Shodan.io


With Internet connected devices number being higher than ever, a search engine dedicated to IoT – Internet of Things – Shodan is an irreplaceable tool to have in your arsenal.

If, for example, publicly accessible CCTV cameras are something that you might be looking into, Shodan’s got you covered.

Heck, if you want to check if your smart fridge is publicly accessible, Shodan can help you!

To use Shodan fully, you’ll need a paid subscription, however you might start with the free tier – but you’ll only get a limited amount of searches.

Best free(mium) alternative to Shodan is Censys which also tries to discover, analyze, and monitor Internet accessible devices.


OSINT Framework

The OSINT Framework is one of the most popular OSINT tools out there, and rightly so. Structured like a web directory of tools, it has almost everything you might need for your investigation, which makes it an extremely attractive option for information gathering.

Also, most of the tools in this web directory are directly usable and accessible through a browser, which is a great thing to have, since almost all of the best OSINT tools are created for Linux. Thus, the OSINT Framework provides us with a very useful and accessible bundle of tools, regardless of the platform – which is extremely valuable.

It is worth noting that most of the tools found within are free, with only a minority being premium, subscription based tools.





Maltego

Maltego is a wonderful aggregator of interfaces to various OSINT databases – from the official Maltego website – https://www.maltego.com/.

With Maltego, we can investigate and find information on organizations, individuals, as well as investigate cryptocurrencies, and much, much, more.

Once registered (which can be done for free – as a part of community license) you are brought to a GUI from which you can start your investigation. Results of your queries (Maltego calls them transforms) are displayed in a beautiful bubble graph, which maps the relations between your nodes.

 

Maltego starting screen

In our example search, where we’ve chosen Domain as Maltego entity, for youtube.com, we’ve obtained the following:

As we can see from the image, on the bottom are the transforms that were run, and on our graph we see color-coded results of our query. We’ve got 148 entities, and some of those include MX and NS records, email addresses, people, phone numbers, emails, etc.

We just ran the all transforms search, of course, in reality we would maybe use only transforms that we need, or we would install specific modules (from Maltego starting page), so that we can query for information that’s relevant for our investigation. Some of the modules that we can install are paid, but there are also some good free ones.

Maltego definitely warrants an article of its own, but we wanted to briefly show what this awesome tool is all about. Oh, and one more thing – Maltego runs on Linux, Windows, and MacOS.

Recon-ng

Another great tool is Recon-ng. This is a completely free, open source, CLI tool made for web-based open source reconnaissance.

It is completely modular, it has its own default modules that are also open source, while also having a marketplace from which we can further enrich it with whatever we might need.

The information we collect with it is stored in a database, which means we can use it to generate custom reports, if that’s something we need.

Being an open source tool, it grows through its developer community, which is quite engaged.

It might be a bit daunting at first, due to it being a CLI-based tool, but it is actually extremely fun to navigate around, and once you’ve gotten the hang of it you will surely love it!

Conclusion

These are some our favorite tools, and we’ve given you a brief introduction on them; in the future, we hope to expand on them (ideally all the tools mentioned here, and more!) – if that doesn’t prove to be possible for us, we hope that we’ve at least managed to provide a ‘teaser’ of sorts, and that we’ve managed to pique your interest.

Lastly, honorable mentions go to TinEye – a reverse image search tool, and Phoneinfoga – Python-based phone number scanning tool.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About vRx
vRx is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

Security Deepfakes Are on the Rise: What This Means for Corporate IT Security

In early 2020, a Hong Kong bank manager received a call from a company director asking him to authorize transfers to the tune of $35 million. Recognizing the director’s voice and being convinced of the reason for the transfer (an upcoming acquisition), he began moving the money. However, this request was entirely fraudulent – the bank manager had never spoken to the director. Instead, he was duped by a worrying new technology dubbed “deep voice“, a subset of deepfake technology.

Cybercriminals are increasingly leveraging security deepfakes to facilitate business email compromise (BEC) fraud and bypass multi-factor authentication (MFA) protocols, and know your customer (KYC) ID verification. And as deepfake technology becomes increasingly more sophisticated and accessible, this trend will only continue. For example, only last year, the FBI warned that malicious actors would undoubtedly leverage “synthetic content,” like deepfakes, for cyber operations over the next 18 months.

But just how do bad actors leverage deepfakes? And what does this mean for corporate IT security? Let’s get into it. 

Security Deepfakes, Explained

Deepfakes use artificial intelligence and machine learning to create compelling images, videos, and audio hoaxes. They are a type of synthetic (computer-generated) media and can be so convincing at mimicking a real person that they can fool both people and algorithms. 

Here, the specific technologies at play are deep learning and general adversarial networks (GANs). In simple words, this means that two neural networks (computing systems inspired by how the human brain works) compete against each other to create increasingly convincing media. The goal of neural network A is to generate an image that neural network B cannot distinguish from its training data. And the goal of neural network B is not to be fooled in this way. The result? Scarily convincing generated images. 

The introduction of GANs has significantly advanced deepfakes, but other prominent technologies are also contributing to deepfakes’ rise – 5G and cloud computing. These technologies allow video streams to be manipulated in real-time, opening the doors for live-streaming and video conferencing fraud. 

How Security Deepfakes Bypass Cybersecurity Controls

Defending corporate networks in a world where high-profile data breaches are a daily occurrence is no easy task. Organizations today rely on robust IT security protocols and tools, including AI-driven network security, stringent network access controls, zero trust principles, and more. However, while companies work hard to strengthen their IT security, cybercriminals work hard to find a way around it. It’s a game of constant cat and mouse. 

Deepfakes are particularly concerning because they can dramatically increase the effectiveness of phishing and BEC attacks – something that organizations are already struggling to combat. For example, according to CISCO’s 2021 Cybersecurity Threat Trends report, around 90% of data breaches occur due to phishing

Deepfake Phishing Attacks

Much of the security threat around deepfake phishing revolves around their use in business email compromise attacks. Why? Because BEC attacks are the highest-grossing form of all phishing attacks for cybercriminals

In a business email compromise attack, cybercriminals send convincing-looking emails attempting to trick a targeted employee into releasing funds or revealing sensitive information. And unlike in traditional phishing attacks, these emails aren’t sent out indiscriminately – they are specifically crafted to appeal to specific individuals. 

These types of attacks rely on trust and urgency. For example, when you get a request from your boss asking you to transfer funds, you trust that it’s a legitimate request, and you feel compelled to act quickly to avoid disappointing them. Cybercriminals love when people act quickly because it leaves less room for doubt and critical thinking, and they use several tactics to try and ramp up the urgency in their messages. 

But security deepfakes work by targeting the other component – trust. A voicemail or video message from a senior ranking employee is even more convincing than a carefully crafted email. And deepfakes still seem in the realm of science fiction for many people. Most employees won’t stop to think that a cybercriminal has trained an algorithm on audio recordings of their boss freely available online.

The rise of hybrid and distributed workforces are also contributing to the success of this type of attack. It’s no longer unusual for employees to receive high-impact requests without speaking to someone face to face. 

Remote Identification Verification

Security deepfakes are becoming increasingly successful at bypassing remote identification verification checks. For example, recent academic research found that deepfakes are around five times better at spooring verification solutions than traditional methods like 3D masks and printed photos.  

Know-Your-Customer (KYC) verification checks, where companies often use video or images to check customers are who they claim to be, are also highly vulnerable to deepfakes. Unlike with a sophisticated BEC attack, cybercriminals only need minimal source material to conduct a face swap that can fool biometric identification systems. 

Combating Security Deepfakes

Unfortunately, deepfake technology is advancing faster than the systems we use to detect them. We currently use various factors to detect security deepfakes, mainly using algorithms to look for abnormalities in skin, eyes, hair, background discrepancies, and unusual pixel compositions. However, cybercriminals are also becoming increasingly adept at getting around these detections.

So what does this mean going forward? First, we could see AI utilized to combat deepfake threats. For example, sufficiently advanced AI systems could crunch existing video and audio files and compare them to new material to see if a video was created by splicing together existing clips. Additionally, blockchains could be used to verify whether content has been manipulated from its original version.

However, this technology isn’t likely to be available to the average organization any time soon. With this in mind, companies should focus their efforts on educating employees on the existence of deepfakes, so they are more likely to second-guess the authenticity of an unexpected video or voicemail request. At the same time, companies should encourage employees not to act quickly to unusual requests and instead take the time to verify the request’s legitimacy.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Thanks to you, our LTS Release finally has a name!

A few days ago we gave you the opportunity in social media and through email to choose, by means of a simple survey, the upcoming names of our LTS Release (Long Term Support).

Participation has been a success! More than two hundred participants! Making it clear that you love both our releases and Star Trek of course.

* Let’s not forget that our repertoire of possible names, from which we gave you a choice and vote, was an extensive list of Star Trek spaceships.

Well…

We finally have a winning name for our LTS Release!

Are you ready?

And the winner is… AKIRA.

Our new LTS Release (Long Term Support) will be called Pandora FMS NG LTS Akira.

We already know that with “Akira” you can think of the famous and award-winning manga by Katsuhiro Otomo or his animated film with the same name. At Pandora FMS we love him too!

*Hence our little homage in the above illustration. Give it up for Tetsuo!

But it actually refers to the spaceship Class Akira. A Starfleet heavy cruiser in Star Trek that was specially designed for combat.

3,055,000 tons and a cruising speed of Warp 9.2

As much a boss and as much a geek as we are.

El-autentico-Pandora-FMS-NG-LTS-Akira

And that’s not all!

Our next LTS Releases will be named after the most voted ships that have followed Akira.

  • Hope
  • Renaissance
  • Andromeda
  • Defiant
  • Excelsior
  • Tachyon
  • Stellaris
  • Antares
  • Apollo
  • Chimera

It only remains to say that THANK YOU VERY MUCH for your participation and long life and prosperity to all of you!

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Password Reset As An Essential Process for Privileged Access Management

With the emergence of cloud-based technologies, there is a growing demand and the consequent increase in services offered in this format. In this scenario, in which there were only two or three credentials to perform online tasks, today, the user is forced to deal with so many that they can barely remember them. 

In addition to having to remember complex passwords, users also need to keep in mind that many systems have a reduced number of access attempts. Thus, if one enters the wrong password, they will eventually have little chance of entering the right one before the access is blocked. So, the best thing to do is to use words that are easily typed and memorized.

Recent research by the UK’s National Cyber Security Centre (NCSC) reported that for the fifth consecutive year, “123456” is the most commonly used number sequence by users for passwords. The word “password” is another recurring top choice in this list of commonly used passwords, also because it is easier to memorize and type, even if it does not guarantee security.

The question is: Considering these passwords as insecure and easy to guess, why do people continue to use them? 

Users are expected to memorize their passwords and enter them correctly on the first try. However, the complexity required in password policies used by services and companies makes creating a strong and usable password difficult for both ordinary and advanced users.

We invite you to keep reading today’s article and discover how the password reset process is essential for Privileged Access Management and consequently for a better cybersecurity posture.

The Problem of Managing and Maintaining Strong Passwords

The combination of user and password has been used as a basic defense mechanism for computer systems since the beginning of their implementation, preventing unauthorized access to data stored on systems and devices. Despite the creation of authentication mechanisms without a password, such as biometrics or one-time passwords (OTP), the combination of user and password is still widely used to access systems and devices. 

This is because such a combination is easy and inexpensive to implement. In a digital transformation scenario, the multiplication of systems, devices, and their respective credentials is a perfect scenario for malicious attackers to collect passwords and, thus, access data improperly. 

After all, remembering a password is much easier than the dozens (or even hundreds) of services that require some kind of authentication. It is estimated that the number of passwords per user is between 70 and 100. 

Email accounts (personal and professional), banking services, corporate systems, devices, and applications are some examples that require authentication through passwords. And with the increase in the number of data leaks, it is easy to find compromised credentials on forums on the dark web being sold for pennies. 

And yes, we know that it is not easy to manage so many passwords. Even the most tech-savvy can struggle to manage and protect credentials in so many different environments. 

In times of personal data protection legislation, such as LGPD and GDPR, ensuring the protection of such data has become more than a security requirement – it is a business must. 

Despite all the risks associated with their use, many users and companies use passwords that are easy to guess, such as numbers or sequential letters (123456 or abcdef). SolarWinds itself, the victim of a serious attack on its supply chain, was using the password solarwinds123 in its infrastructure.

The Main Attacks Involving Access Passwords

It is essential to understand the types of attacks that passwords can suffer in order to be able to create a robust password policy. Some of these attacks and vulnerabilities involve: 

  • Dictionary Attacks. A list (dictionary) made up of words and combinations is used to compare captured hashes with the list items and thus try to find the password. It is still possible to use the list to access accounts through brute force attacks. 
  • Credential Stuffing: Leaked credentials used when attempting to access other accounts, succeeding when the user reuses the same credentials (username and password) on more than one account. 
  • Replacement: Authentication by the attacker is successfully performed by replacing a password or username already known by the attacker through some leak. 
  • Password Recovery: When the password recovery process has flaws, the attacker can impersonate the victim and gain access to the password or even change the current password to one of their own. This can happen, for example, when the user uses the easily guessable question-and-answer feature in the password recovery process. 
  • Social Engineering: The use of social techniques to mislead the user and illegally obtain access to credentials or use the same techniques to install password-stealing software.
  • Keylogging: A malware that, when installed on the system, can copy all information that is being entered by the user, including their passwords. 
  • Bad Hashes: Attacks that can be used to recover passwords, especially if the hashing algorithm has known flaws, such as MD5.

The password policies can be combined with software and tools to further protect systems and devices. Some of these tools include Password Managers; or for organizations that want to protect their assets, Privileged Access Management (PAM) solutions. 

Password Managers and PAM Solutions

Password managers and PAM solutions are tools and software that can generate secure passwords and automatically authenticate the system, eliminating the users’ task of remembering and entering passwords for different accounts.

It is worth remembering, however, the importance of protecting and never losing access to these tools: once the access credential is compromised, all accounts connected to the user may be lost. And it is also worth keeping these passwords up to date because if a vulnerability is exploited, all stored passwords will be exposed. 

If there is a suspicion that the password policy or passwords themselves are compromised, the recommendation is for the company to move quickly to mitigate the problem causing the compromise and require all users to change the password.

Finally, there must be a consensus to protect users from creating bad passwords and generating difficult password creation patterns. Raise awareness and allow people to recognize that their passwords are insecure so that they can choose strong and secure passwords for both work and personal access.

The senhasegura Solution

 Passwords are one of the oldest security mechanisms in the computing world and are also one of the main attack vectors by cybercriminals. In this way, we can avoid cyberattacks that can cause considerable damage not only to people but also to companies.

A more secure approach to the use of passwords is one where they can only be used once. Single-use passwords protect users from theft of credentials. Unlike static ones, which are not changed, using passwords only once makes systems resilient to attacks.

Once inserted in senhasegura, the passwords are managed by the solution. This means that, at any time, the solution can make a change in the password. These changes can occur in the following ways:

  • Determined by the company’s password policies (automatic). Based on the company’s password policies, registered in the system, the solution automatically and periodically changes the keys, facilitating the work of its information security team.
  • Determined by password exposure (automatic). When a user is allowed to see a password held by the solution, they can use it for a specified period in the system. When this time is over, the system will immediately change the password, so that the credential custody returns to storage.
  • Requested by an admin user. A user with administrator rights in the system may at any time schedule a password change for some or all devices registered in the solution.

Request a demo now and discover the benefits of senhasegura for your business.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Senhasegura
Senhasegura strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

What are ransomware attacks, and why are they on the rise?

The number of cyberattacks increases every day. Most notably, ransomware attacks are continuously on the rise: not a day goes by or a new ransomware attack and data breach are mentioned in the press. But what is ransomware exactly, and which types are there? How do these ransomware attacks happen, and what can you do to prevent them? In this blog post, we’ll formulate an answer to all of these questions.

A ransomware payment request – that’s one message you don’t want to see.

What are ransomware attacks?

Ransomware is a type of malicious software (malware), that is used by cybercriminals to encrypt a (portion of a) device’s data, rendering it no longer accessible. To regain access, criminals will demand a big ransom payment before they will give the decryption key or deactivate the lock screen. But, of course, it’s better to mitigate your chances of getting attacked to begin with – rather than paying the ransom. To put more pressure on the victims regarding the ransom demand, the hackers can use specific ransomware software to not only encrypt files but also search for sensitive data and send this information back to the hacker. During this type of malware attack, ransomware groups often spend much time unnoticed in the operating system, while searching for the most valuable data to exploit. If organizations then do not want to pay the ransom, the malware attacker often threatens to publish the stolen data online, which has disastrous consequences.

Who are ransomware attack targets?

In general, anyone can become the target of ransomware attacks. However, looking at the most recent data breaches in 2022 alone, it’s clear that hackers will focus on organizations that work with a lot of personal files and sensitive data, big user groups, and possibly smaller IT teams (such as in education or healthcare). Furthermore, they also tend to target industrial players as disruptions in their IT processes pose prominent problems for the company’s supply chain.

Which types of ransomware attacks are there?

A wide range of ransomware variants are being used, but let’s take a look at the most common ones:

  • Crypto ransomware or ‘encryptors’: This type of malware is perhaps the most famous one. A cybercriminal will encrypt files and to keep the decryption key, for which you will have to pay ransom. Notable examples are CryptoLocker, GoldenEye, WannaCry, …
  • Locker ransomware: This ransomware variant will block your basic computer functions. You won’t have access to your device and you’ll only see one lock screen or popup with the message that your files and applications are inaccessible and that you need to pay a certain amount of money before gaining access again.
  • Scareware: A type of malware designed to scare or manipulate people into visiting website pages or downloading malware-infested software. This is done by using social engineering tactics and popup ads. The goal is to make users believe they need to buy or download software (which is actually malicious). Some examples of scareware are: PC Protector, SpySheriff, Antivirus360, …
  • Doxware: With this term, we refer specifically to ransomware that is used to get personal data. They compromise the privacy of the employees by getting access to photos and sensitive files, after which they will threaten to release the data. Often attackers will deliberately target specific victims for this type of attack.
  • Ransomware as a service (RaaS): This is a business model for cybercriminals. Anyone, even without knowing how to code, can buy tools on the black market and use them for carrying out ransomware attacks. The tools are hosted and maintained by hacker collectives. Well-know RaaS providers are REvil, DarkSide, Maze, …
Ransomware’s goal is to lock up your data, and get you to pay for the key.

How do ransomware attacks happen?

Ransomware operators try to gain access to the company’s network or system via different techniques. Very often, they will try to do this via individuals in the organization, but they can also attempt to infect systems directly. The following list highlights some of the most common ways ransomware attacks happen.

  • Phishing: Criminals send employees of your organization an email that contains a malicious link or malicious attachments. It could be that the link goes to a website hosting a hostile file or code, or that the attachment has a download functionality built in. If one of the people at the company clicks on or opens the content of the phishing emails, malicious software could be installed and the ransomware infects the systems.
  • Insufficiently protected network: If you’re acting proactively in securing your network, cybercriminals can attempt to exploit multiple vulnerabilities and attack vectors to get in and let their malicious software do its thing.
  • Open RDP: Using RDP without any security measurements is something cybercriminals like to see, as they can exploit its weaknesses. That way they get access to the company’s system. Researchers found 25 vulnerabilities (!) in some of the most popular RDP clients (FreeRDP, Microsoft’s built-in RDP client, …) used by businesses in 2020.
  • Insecure VPN connections: VPN tunnels directly from your employees’ devices to your network. Together with RDP, the UK National Cyber Security Centre identified VPN as one of the largest risk factors for a ransomware attack, because malicious software from the client device can enter your corporate network remotely.

Examples of major ransomware attacks in 2022

Every day, another major organization is the victim of a ransomware attack. Some recent victims were:

  • Government systems in Costa Rica (May 2022): Cyberattack targeting systems from tax collection to importation and exportation processes through the customs agency. Furthermore, they also got access to the social security agency’s human resources system and the Labor Ministry. The Conti cartel has been demanding a lot of money for the attack. In the meantime, they have been starting to publish stolen information as they were tired of waiting for the ransom.
  • Florida International University (April 2022): Data breach that impacted the sensitive information of students and faculty. BlackCat was behind the attack.
  • The Scottish Association for Mental Health (March 2022): The health organization was targeted by a ransomware gang that impacted the IT systems. More than 12GB of personal and sensitive data was leaked online. Behind the attack was RansomEXX ransomware gang.
  • KP Snacks (February 2022): The hackers of the Conti gang were able to steal many sensitive documents like samples of credit card statements, spreadsheets including employee personal data, and confidential agreements, … They published even more of these data online after not receiving the ransom in time.
  • Moncler (January 2022): At the beginning of the year, the luxury Italian fashion giant became the victim of a data breach following an attack by ransomware gang BlackCat. Afterward, the company explained that various data had been impacted. The data was not only related to customers, but also to current and previous employees, as well as to suppliers, and business partners.

These are only a handful of thousands of (publicly known) examples. Ransomware attacks are not limited to certain verticals or countries. Without the right security measures in place, everyone can become a ransomware victim.

The notorious hacker collective Conti Group is behind many of the past year’s ransomware attacks.

Why are ransomware attacks rising?

Shift to hybrid and remote working

Ransomware attacks are on the rise as ransomware groups are continuing to adapt their techniques in this changing digital world. With the acceleration of remote working and shift to hybrid working, malicious actors are not only focusing on organizations in general but are also targeting individuals to gain access to the operating systems, files, and applications of companies.

More and more people are working outside the office networks. A lot of companies have set up a remote working solution in a quick way as they were surprised by the worldwide pandemic. However, in multiple cases businesses chose insecure solutions to do this (e.g. via opening RDP endpoints or facilitating ‘naked’ VPNs). The result was that they created gaps in their cybersecurity defense, which makes them an easy target for malware.

Financial benefits for ransomware group

Another reason for the rise is that more criminal groups see the benefit of ransomware attacks as companies tend to (in most times) pay the ransom. It can be a quick money win for them. Stealing and threatening to leak the data has been working well for these ransomware gangs, so we see a clear shift from denial of data to data extraction. Let’s take a look at how you can prevent making them rich.

Best practices to prevent ransomware attacks and spreading

Nobody wants to pay the ransom or wants to have encrypted files and encrypted data, right? So how can organizations prevent such ransomware attacks? How can you defend yourself? We’ve listed some best practices of ransomware protection for you:

  • Inform and train your employees:
    • IT admins shouldn’t click on unknown links or open malicious mail attachments, and should always use strong passwords with MFA enabled.
    • Facilitate security awareness training for your employees. The above is more difficult to enforce on your employees, so it is fundamental that you make them aware and train them in cybersecurity hygiene.
    • Phishing emails and social engineering attacks are still very popular techniques with cybercriminals to target individuals to make them the gateway into the organization’s computer system. Make sure your employees are aware of these practices so that they can recognize and counter them when they face an attempt.
  • Data backup:
    • Backup files and applications regularly.
    • Make sure to secure your offline data backups as well, and check that they are not connected permanently to the computers and networks that they are backing up.
  • Network segmentation:
    • If you have an infected system, make sure that malware cannot spread to another computer system by segmenting production and general-purpose networks.
    • That way, if somebody is using an infected computer and infects one of the smaller networks, you can try to isolate the ransomware before it spreads further.
    • This also gives the IT team more time to remove ransomware without it spreading throughout the entire organisation.
  • Review port settings:
    • Open RDP ports are one of the most common ways ransomware attacks are initiated. Using ‘naked’ RDP port 3389 to give employees remote access is opening the door for hackers and saying: “Welcome, this way please!”
    • Another port that is often targeted is Server Message Blocked port 445.
  • Limit user access privileges:
    • To block ransomware from entering, define the permissions of users thoroughly.
    • Set limitations to which applications, desktops, and files they have access.
    • Add security layers in line with the Zero Trust model as you can not trust anyone, even if it’s an authorized employee. Make sure you have control over what each user or user group can access or do.

What to do if you’re a victim of a ransomware attack

What can you do if you are the victim of a ransomware attack? Let’s check out the most common ways to recover from a ransomware infection.

  • Do not make a ransom payment: Firstly, stay calm and don’t rush into paying the ransom. It will only encourage criminals to keep on doing this. (And how can you be sure that the ransomware attackers will give your data back after you paid?)
  • Identify the source of the ransomware: Try to find out what the point of entry of the ransomware was. Talk with your users to find out who experienced the first signs of the attack.
  • Isolate the infected machines: You don’t always know how fast the ransomware could be spreading, but disconnect all devices from the network as soon as possible. This may help reduce the impact of a company-wide ransomware infection.
  • Report the attack to the authorities: This is a crime, and you should report it to the police. They could also be able to help you as they have access to more powerful resources for this type of crime.
  • Restore your data: If you have been taking regular backups of your data, you can use those off-site or cloud backup files to restore your data. This is why you should have a backup data strategy so you can move forward quickly without losing too much time. However, be careful as some ransomware may have been for months in your systems and therefore in your backups as well. You should always run an anti-malware solution on your backups first to check.

How can Awingu help with ransomware prevention?

Awingu on devices

Awingu is a unified workspace that makes it possible for a company to enable secure remote access to file servers, applications, and desktops for its employees. Our customer use it as an extra protection layer to secure ‘naked’ RDP, as well as to provide a secure alternative to VPNs. Users can access the workspace via the browser and nothing needs to be installed on the device. So even if they are using an infected device, there is no direct connection to the company’s network, so you don’t have to fear a ransomware infection. Awingu comes with various built-in security capabilities that will help you secure the access:

  • Browser-based workspace
  • Built-in MFA
  • Anomaly detection and monitoring in the dashboard
  • SSL encryption
  • No local data on the end-user device
  • Granular usage control
  • Context-awareness


If you want to learn more about how Awingu can help you protect your organization against ransomware attacks, click here!

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Parallels
Parallels® is a global leader in cross-platform solutions, enabling businesses and individuals to access and use the applications and files they need on any device or operating system. Parallels helps customers leverage the best technology available, whether it’s Windows, Linux, macOS, iOS, Android or the cloud.

ESET Threat Report details targeted attacks connected to the Russian invasion of Ukraine and how the war changed the threat landscape

  • The number of RDP attacks dropped for the first time since the beginning of 2020 (-43%), with attack attempts against SQL (-64%) and SMB (-26%) following.
  • Prior to the invasion of Ukraine, Russia and some countries of the Commonwealth of Independent States (CIS) were typically excluded from ransomware target lists, possibly due to the criminals residing in those countries or fearing retribution; in T1 2022, Russia faced the largest share of detections (12%) in the Ransomware category.
  • The war brought on an influx of phishing and scam campaigns taking advantage of people trying to support Ukraine; these were detected almost immediately after the start of the invasion.
  • In March and April 2022, Emotet operators shifted into a higher gear, launching massive spam campaigns using weaponized Microsoft Word documents, leading to the 113-fold increase of Emotet detections in T1 2022.
  • Emotet’s campaigns were reflected in the Email threats category, which grew by 37% in T1 2022.

BRATISLAVA — June 2, 2022 — ESET released today its T1 2022 Threat Report, summarizing key statistics from ESET detection systems and highlighting notable examples of ESET’s cybersecurity research. The latest issue of the ESET Threat Report recounts the various cyberattacks connected to the ongoing war in Ukraine that ESET researchers analyzed or helped to mitigate. This includes the resurrection of the infamous Industroyer malware, attempting to target high-voltage electrical substations.

ESET telemetry also recorded other changes in the cyberthreat realm that might have a connection to the situation in Ukraine. Roman Kováč, Chief Research Officer at ESET, clarifies why this report is so focused on cyberthreats related to this war: “Several conflicts are raging in different parts of the world, but for us, this one is different. Right across Slovakia’s eastern borders, where ESET has its HQ and several offices, Ukrainians are fighting for their lives and sovereignty.”

Shortly before the Russian invasion, ESET telemetry recorded a sharp drop in Remote Desktop Protocol (RDP) attacks. The decline in these attacks comes after two years of constant growth – and as explained in the Exploits section of the latest ESET Threat Report, this turn of events might be related to the war in Ukraine. But even with this fall, almost 60% of incoming RDP attacks seen in T1 2022 originated in Russia.

Another side effect of the war: While in the past, ransomware threats tended to avoid targets located in Russia, during this period, according to ESET telemetry, Russia was the most targeted country. ESET researchers even detected lock-screen variants using the Ukrainian national salute “Slava Ukraini!” (Glory to Ukraine!). Since the Russian invasion of Ukraine, there has been an increase in the number of amateurish ransomware and wipers. Their authors often pledge support for one of the fighting sides and position the attacks as personal vendettas.

Unsurprisingly, the war has also been noticeably exploited by spam and phishing threats. Immediately after the invasion on February 24, scammers started to take advantage of people trying to support Ukraine, using fictitious charities and fundraisers as lures. On that day, ESET telemetry detected a large spike in spam detections.

ESET telemetry has also seen many other threats unrelated to the Russia/Ukraine war. “We can confirm that Emotet – the infamous malware, spread primarily through spam email – is back after last year’s takedown attempts, and has shot back up in our telemetry,” explains Kováč. Emotet operators spewed spam campaign after spam campaign in T1, with Emotet detections growing by more than a hundredfold. However, as the Threat Report notes, the campaigns relying on malicious macros might well have been the last, given Microsoft’s recent move to disable macros from the internet by default in Office programs. Following the change, Emotet operators started testing other compromise vectors on much smaller samples of victims.

The ESET T1 2022 Threat Report also reviews the most important research findings, with ESET Research uncovering: the abuse of kernel driver vulnerabilities; high‑impact UEFI vulnerabilities; cryptocurrency malware targeting Android and iOS devices; a yet-unattributed campaign deploying the DazzleSpy macOS malware; and the campaigns of Mustang Panda, Donot Team, Winnti Group, and the TA410 APT group.

The report also contains an overview of the numerous talks given by ESET researchers in T1 2022, and introduces talks planned for the RSA and REcon conferences in June 2022, showcasing ESET Research’s discovery of Wslink and ESPecter. These appearances will be followed by a talk at the Virus Bulletin Conference in September 2022.

For more information, check out ESET T1 2022 Threat Report on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Cyber Insurance – Why your company should consider it

Hiring insurance is nothing more than a risk management strategy. In this case, the organization transfers the responsibility in the event of an unexpected event to a third party (in this case, the insurance company). And with the increase in security incidents and data breaches, insurance companies have developed a new product to help organizations reduce the risk of cyberattacks: cyber insurance.

In this case, by hiring cyber-attack insurance, the organization transfers the obligations related to the costs they would have to pay in the event of a security incident to the insurance company. Typically, these costs are associated with recovering stolen data, paying ransomware ransoms, property damage, and even image recovery. But what factors influence the growing demand of companies for cyber insurance?

The first of these is the increase in connected devices. With the development of technologies such as 5G, the Internet of Things, and Industry 4.0, the number of devices connected to the infrastructure has skyrocketed. According to Zurich Insurance, the number of connected devices in 2020 has surpassed 50 billion, an increase of 19% compared to 2019. And this number is expected to grow even more in the next few years.

Moreover, the amount of data generated by these devices has increased exponentially. According to Ace Group, the volume of online data doubles every two years. And in times when data is the new oil, protecting an organization’s data (in addition to the personal data of employees, partners, and suppliers) is not about just complying with security policies and personal data protection laws such as LGPD, GDPR, CCPA, and the Texas Privacy Act, it is about ensuring business continuity.

Another factor that influences the increase of cyber risks and contributes to an increase in the demand for cyber insurance is the migration to remote work, driven by the Covid-19 pandemic. Bring Your Own Device, shadow IT, and the use of insecure networks considerably increase the attack surface that can be exploited by malicious actors.

With this larger attack surface, the number of security incidents has also increased. A Checkpoint study has shown that the year 2021 broke records in terms of the number of cyberattacks. According to the study, there was a 50% increase in cyberattacks globally per week compared to 2020.

The costs of these cyber-attacks were also higher for organizations: according to the IBM Data Breach Investigation Report 2021, the cost of a data breach for organizations was $ 4.24 million, a 10% increase compared to 2019. In addition, the costs associated with cybercrime are estimated to have reached $ 6 trillion in 2021.

By hiring cyber insurance, organizations can ensure the costs of a cyberattack are covered by the insurance company, including operational losses and incident recovery costs. Moreover, insurance companies also offer full legal and security incident investigation support. In this way, the company can ensure that it is prepared if it falls victim to cyber attackers and that all efforts are made to recover its infrastructure affected by the security incident.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Senhasegura
Senhasegura strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

How Organizations Can Properly Secure Network Access for Remote Workforces

IT security policies have traditionally been perimeter-based, primarily concerned with the network activity within their own office and corporate network. While remote work certainly existed before, it has now become a standard – even an expectation among employees – no matter the industry or job function.

This rapid expansion of remote workforces has created significant operational and cultural changes for companies worldwide – particularly when it comes to IT and securing corporate digital eco-systems. Many organizations were not fully prepared for such an immense transition of expanding corporate edges and countless new endpoints.

With so many workers now scattered beyond the walls of their physical offices, this has created a considerable challenge for IT departments that find themselves struggling to monitor and gauge the real security posture of their networks, and the endpoints in use across them. The weakest link is no longer in the cubicle next to you – it can be halfway around the world in the home office of an employee using a VPN on a compromised laptop.

Secure Network Access for Remote Workers: Challenges Today

There are numerous potential risks for companies when it comes to enabling secure network access for remote workforces:

  • Limited Network & Endpoint Visibility: Remote work environments can make it considerably more difficult for an organization to maintain visibility and control over the data security of its employees. A lack of visibility inhibits IT and security teams from achieving operational and security objectives, while putting the business at increased risk.
  • Increased BYOD Use: An increasing number of employees these days use personal devices to access company networks. This is especially true as employees find themselves working from home with greater regularity. In many cases, these devices are often not fully compliant with their employer’s security policies. Unsecured personal devices can provide potential attack vectors for cybercriminals to target a corporate network.
  • Social Engineering Attacks: As organizations have bolstered their cybersecurity measures over time, tit has become more difficult for cybercriminals to exploit security posture vulnerabilities. In turn, many have favored more cost-effective tactics to breach networks like phishing emails that capitalize on human error and trust. Social engineering tactics need only an unwitting or distracted employee to succeed, and therefore typically require less technical knowledge to pull off.

What’s Needed to Secure Network Access for Remote Workers

Here are some critical considerations when it comes to enabling secure network access for remote workers:

  • Firewall: Serving as somewhat of an electric fence to your network, firewalls remain a basic but essential extra layer of protection for remote workers. One pitfall is that many employees may disable their firewall if they believe it to be slowing down their device, keeping it from blocking malicious traffic.
  • Antivirus: A just as essential, yet often forgone staple in your security stack is antivirus software. In addition to providing protection from all sorts of malware, the Next-Generation Antivirus (NGAV) of today utilizes predictive analytics driven by AI and machine learning for advanced threat detection. This includes determining root causes from endpoint data and responding to previously undetected emerging threats.
  • Managing Endpoint Visibility: Unmonitored remote devices can bring an abundance of potential threats to a network if they are not up-to-date and properly configured. Visibility is a key issue here. By implementing solutions like NAC, companies gain insight into every user and device on their network, allowing them to pinpoint any weaknesses within it. With this visibility they can then control, adjust, or deny access for any device as needed.
  • VPN: While it’s common for many companies to offer secured VPN connections for remote employees, VPN can’t serve as a comprehensive security solution. A VPN alone can leave you in the dark about the security posture and compliance level of the device connecting to it. You could unknowingly be giving safe passage for a compromised device directly to your network.
  • Device Risk Monitoring & Mitigation: With the help of an agent or MDM, NAC solutions like Portnox CLEAR can work alongside a VPN, offering two factor authentication based on user identity and endpoint risk score. Continuous monitoring is key here for keeping countless users and devices in compliance, no matter their location. By knowing the security posture of remote devices, IT teams can adjust their security policy and mitigate potential threats.
  • Employee Training & Awareness: Employees are more likely to be lax with their security habits outside the office, and cybercriminals are no stranger to this reality. Maintaining employee awareness of these potential threats is key for risk mitigation. Whether regarding proper password management, compliance policies, or how to spot phishing attempts, it’s highly beneficial to offer employee education and training in security best practices.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。