Skip to content

Protecting Sensitive Data in Medical Institutions: How the Regional Center for Blood Donation & Hemotherapy in Warsaw Utilizes Safetica

The Regional Center for Blood Donation and Hemotherapy (Regionalne Centrum Krwiodawstwa i Krwiolecznictwa or RCKiK) in Warsaw is comprised of 10 territorial branches and 5 ambulances that facilitate mobile blood collection, and supply more than 150 liters of blood and blood components to more than 100 hospitals every day. Other customers include clinics and institutes that perform thousands of complex operations, transplants, transfusions and other procedures for which blood or its components are required.

As a medical institution, the RCKiK in Warsaw processes a huge amount of sensitive data containing information about the health of its donors. Until recently, most of the data was processed through paper records, but with technological developments, the digitization of data has become the norm. This switch has introduced a new threat of cyber-attacks and sensitive data leaks through accidental or intentional sharing. This has posed new challenges for the RCKiK.

The security of donor and patient data is a priority for us. That’s why we decided to introduce another technological solution that will ensure comprehensive protection, compliance with regulations and further increase the effectiveness of IT systems securing our facility,

says Karol Pszkit,
Head of the IT Section at the Regional Center for Blood Donation and Hemotherapy in Warsaw.

Medical identity theft occurs when someone uses identifying information related to another person’s health without that person’s knowledge. This can include his or her personal information, home address, registration number and medical records. Unauthorized individuals can use this information to purchase drugs, access reimbursed medical services or file false insurance claims, among other things. Additionally, stolen donor data can be used for other identity fraud.

With more than 300 employees, it’s difficult for us to monitor whether each of them is following procedures correctly. Safetica does this for us, so we know how our center’s processing is going. An additional advantage of the software is that it also performs an educational function in the organization, informing employees whether certain actions on files are appropriate – this is an additional element of protection against accidental data leakage,

explains Karol Pszkit of the RCKiK in Warsaw.

Safetica’s well-configured rules enable the software to detect when sensitive data is about to be mistakenly transmitted, and promptly notifies the employee with a warning message about the potential risk of their action. If the user has the authorization to perform such operations, he or she is allowed to complete the task after giving the necessary explanation to network administrators. Thanks to the fact that Safetica DLP allows continuous monitoring of activities on data, the resources of the Regional Center for Blood Donation and Hemotherapy in Warsaw are even better protected, and employees are aware that the correct way of doing things contributes in a practical way to maintaining the required level of data security for employers, patients

Before implementing the Safetica solution, we received a test version along with training on how to use the management console. The implementation itself went quickly and smoothly. An additional advantage is the exemplary technical support from certified engineers. If we have any questions, we seamlessly receive comprehensive and express assistance,

concludes Karol Pszkit.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

Single Sign-On: What it is and how it works

Nowadays, single sign-on (SSO) authentication is required more than ever. Many websites offer users the option to sign up with Google, Apple, or any other service. Chances are you have logged in to something via single sign-on today or at least this week. But do you know what it is, how it works, and why it’s used? Take a deep dive into the world of single sign-on and all things related to it.

What is SSO?

Single sign-on is a session and user authentication service that allows the user to use a single set of login credentials – namely, a username and password – to access multiple websites or applications. Put plainly, SSO allows users to sign up and access a variety of online accounts with a single username and password, thus making things a lot easier for the everyday user. SSO’s primary use is as an identification system that permits websites and apps to use the data of other trusted sites to verify a user upon login or sign-up.

Essentially, SSO puts an end to the days of remembering and entering multiple passwords. An added bonus is that SSO gets users out of the vicious password reset loops.

Additionally, SSO can be great for business, as it improves productivity, security control, and management. With a single security token (a username and password), IT professionals can enable or disable a user’s access to multiple systems, which in some cases mitigates cybersecurity risks.

So, how does the magical service work?

How does SSO work?

Single sign-on is a component of a centralized electronic identity known as federated identity management (FIM). FIM, or Identity Federation, is a system that enables users to use the same verification method to access multiple applications and other resources on the web. FIM is responsible for a few essential processes:

  • Authentication

  • Authorization

  • User attributes exchange

  • User management

When we talk about SSO, it is important to understand that it is primarily related to the authentication part of the FIM system. It’s concerned with establishing the user’s identity and then sharing that information with each platform that requires that data.

Fancy jargon aside, here are the basic operational processes of single sign-on:

  • You enter a website.

  • You click “Sign In with Apple” or any other service.

  • The site opens Apple’s account login page.

  • If you’re already logged in, then it gives the site your data.

  • You are logged in to your Apple account.

  • Apple’s site verifies that you are authorized to access the site.

  • If you’re authorized, the site creates a session for you and logs you in.

In technical terms, when the user first signs in via an SSO service, the service creates an authentication cookie that remembers that the user is verified. An authentication cookie is a piece of code stored in the user’s browser or the SSO service’s servers. Next time the user logs in to that same app or website using SSO, the service then transfers the user’s authentication cookie to that platform, and the user is allowed to access it. It’s important to highlight that an SSO service doesn’t identify the exact user since it does not store user identities.

What is an SSO Token?

An SSO token is a digital unit that contains data about a particular user such as their email address. The token is used to transfer user information from one system to another during the single sign-on process. For the recipient to verify that the token comes from a trusted source, it has to be signed digitally.

The SSO service creates a token whenever a user signs in to it. The token works like a temporary ID card which helps identify an already verified user. This means that when the user tries to access a given app, the SSO service will need to pass the user’s authentication token to that app so they can be allowed in.

Password security for your business

Store, manage and share passwords.

Get NordPass Business

30-day money-back guarantee

Single-Sign-On Costs

Because many of the SSO solutions currently available on the market are cloud-based, most of them are offered in a monthly subscription model. The price of a cloud-driven SSO solution designed for small and mid-sized businesses can range from $1 to $10 per user per month.

However, those that want to get an SSO solution designed for a big enterprise will need to either pay more each month or make an entry fee. Enterprise-grade solutions are usually more wide-ranging and require vendors to customize them to each of their client’s needs and requirements. Hence, the price difference.

Is single sign-on secure?

Yes. An SSO protocol is secure when implemented and managed properly and used alongside other cybersecurity tools.

The main benefit introduced by single-sign on with regard to cybersecurity is that, because it allows using a single set of credentials for multiple services, there are fewer login details to be lost or stolen. As long as the server is secure and an organization’s access control policies are established, a malicious user or an attacker will have little to no chance to do any damage.

However, this benefit could also pose a certain kind of risk. Since SSO provides instant access to multiple accounts via a single endpoint, if a hacker gains access to an authenticated SSO account, they will also gain access to all the linked applications, websites, platforms, and other online environments.

This issue can be easily mitigated by implementing an additional layer of security known as Multi-Factor Authentication. Combining SSO with MFA allows service providers to verify users’ identity while giving them easy access to applications or online platforms.

The benefits of SSO

Reduced password fatigue

With SSO in place, users only have to remember one password, making life a lot easier. Password fatigue is real and dangerous. SSO encourages users to come up with a single strong password rather than using a simple one for each account separately. It also helps users escape the vicious cycle of password reset loops.

Increased employee and IT productivity

When deployed in a business setting, SSO can be a real time saver. According to a recent report, people waste 16.3 billion hours a year trying to remember, type, or reset passwords. In a business environment, every minute counts. Thanks to SSO, users don’t need to hop between multiple login URLs or reset passwords and can focus on the tasks at hand.

Enhanced user experience

One of the most valuable benefits of SSO is an improved user experience. Because repeated logins are not required, users can enjoy a digital experience with less hassle. This means that users will be less hesitant to use the service. For any commercial web-based service, SSO is an essential part of their user experience.

Centralized control of user access

SSO offers organizations centralized control over who has access to their systems. In a business setting, you can use SSO to grant new employees specific levels of access to different systems. You can also provide employees with a single set of credentials (username and passwords) to access all company systems.

Top single sign-on solutions

Microsoft Azure AD

Microsoft Azure AD includes Active Directory Federation Services (AD FS) as an option to support SSO. Azure AD also offers reporting, security analytics, and multi-factor authentication services. It’s perfectly suited for any company that uses the Microsoft Azure cloud platform, no matter its size.

Okta Identity Cloud

Okta is well-established in the world of SSO solutions. They are open-source SSO leaders because of their flexibility and ease of use. Okta offers customizable open identity management in real time according to business needs, as well as two-factor authentication and a password reset functionality. Okta can serve the needs of multiple industries, from education and nonprofits to financial services and the government.

OneLogin Unified Access Management Platform

OneLogin is an open-source SSO provider that is often used for employee access to the company’s cloud-based applications. OneLogin is suited for a variety of IT administrator needs since it is designed to enforce IT policy in real time. It can also be updated according to specific needs if any changes occur, such as an employee leaving.

Idaptive Application Services

Idaptive is primarily suited for small to medium-sized businesses. Idaptive is capable of providing support to many users at once, thanks to their new cloud architecture. The company also offers adaptive MFA, enterprise mobility management (EMM), and user behavior analytics (UBA) all in a single solution.

Ping Intelligent Identity Platform

Ping offers services to large enterprises. The solution can serve anywhere between a few hundred to a few million users. Ping provides both on-premises and cloud options for deploying their solution. Additionally, the service comes with multi-factor authentication.

Does NordPass provide SSO?

Yes, NordPass does provide a single sign-on authentication! It can be set up via NordPass Admin Panel for users who want to log in to the NordPass app with their Microsoft Azure, Google Workspace, or Okta credentials.

This means that if you turn on Microsoft Azure Active Directory (AD), Google Single Sign-On, or Okta Single Sign-On, and invite new members who use one of these SSOs, they will be allowed to login in using their Azure AD, Google, or Okta SSO credentials — it’s as simple as that.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Storage Beyond Passwords: Securely Save Files in NordPass

Ever been in that awful situation where you’re going through old emails or disorganized folders trying to find that one crucial document? The insurance form, an e-copy of your ID, or even a video detailing how to get into your new office? Wouldn’t it be a game-changer if you had all your important files right next to your passwords, credit card information, or secure notes?

Good news! Today, we are excited to introduce File Attachments — a new and improved way to manage important files with NordPass.

Best for large file attachments

Here’s a quick rundown of how it works. As a NordPass Premium user, you now have the ability to attach files to your saved items in NordPass. It’s not just about enhancing organization. This feature also provides an unmatched level of security. Forget the hassle of disorganized unsafe file storage. Any attached files or documents will be as secure as your passwords thanks to our encrypted storage.

But we didn’t stop at mere functionality. NordPass Premium now provides a whopping 3GB of encrypted storage per account, a giant leap forward. That’s not just more — it’s three times more than any other password manager out there! We’re offering you unrivaled storage and advanced security — and that’s certainly what we call more bang for your buck!

NordPass — The best password manager for large file attachments.

– Attila Tomaschek

CNET

No strings attached (except your files)

With NordPass Premium’s File Attachments, you have the freedom to store documents of any type to one of your existing items. Whether it’s a simple JPEG, PDF, MP4, or DOC file — NordPass supports them all.

Supported file types

The new feature allows for files up to 50MB in size and up to 50 attachments per single item. The only limit is your 3GB storage per user — and that’s a whole lot of space for your files.

While we aim at maximizing convenience, your security is always our top priority. To ensure maximum protection, we currently do not support attaching files to shared items or sharing items with files attached.

You can learn more about how to attach files to your NordPass items in our handy help center article.

Streamline your digital life with NordPass

In the digital age, we often juggle tons of files, documents, and data, and that can lead to a disorganized and chaotic personal digital space. With our new File Attachments feature, we look to help you take back control and streamline your digital life by allowing you to save documents in a quick and efficient way

With NordPass Premium, you can now attach important files to all your saved items. Store any file in one secure place with 3GB encrypted storage.

Instant access

When you’re in a hurry, having quick access to your important documents can make all the difference. That’s where File Attachments shine. Need to view a copy of your ID or an important receipt? No problem! With File Attachments, all your vital images or documents are just a few clicks away.

Effortless downloads

It’s not just about attaching and storing your files along with your passwords. It’s also about being able to retrieve them whenever necessary. Suppose you’ve stored financial documents that you need to share with your spouse. With File Attachments, you can quickly and effortlessly download these files directly from NordPass.

Unprecedented control

The File Attachments feature isn’t just about adding another functionality to NordPass. It’s about giving you greater control over your digital life. You get to decide what files to attach, what items those files are attached to, and when to download or delete them. You can also organize your vault in a way that best suits your personal or professional needs.

A single secure place for files and passwords

Take your password manager experience to the next level with NordPass Premium. Don’t just manage your passwords, manage your life. No more scrambling for documents, no more disorganized files, and certainly no more compromised security.

Your life. Your files. One secure place. Start your NordPass Premium journey today and make the most of our File Attachments feature.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

23.3.9 ‘Voyager’ released

Changes compared to 23.3.8

Bug Fixes

  • Fix an issue with macOS devices failing to log in with an ERR_UNKNOWN_DEVICE error
  • Fix an issue with the Recent Activity and Policies pages not loading correctly when hard-refreshed or loaded directly via URL
  • Fix an issue with Comet default branding not presenting correctly following a server upgrade

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Comet
We are a team of dedicated professionals committed to developing reliable and secure backup solutions for MSP’s, Businesses and IT professionals. With over 10 years of experience in the industry, we understand the importance of having a reliable backup solution in place to protect your valuable data. That’s why we’ve developed a comprehensive suite of backup solutions that are easy to use, scalable and highly secure.

CyberLink FaceMe® facial recognition integrates with MediaTek’s Genio 700 IoT Platform to deliver a 6.5X performance boost

CyberLink (5203.TW), a leading manufacturer of AI facial recognition technologies, has strengthened its presence in the smart IoT market. The company has announced that its FaceMe® facial recognition engine has been integrated with MediaTek’s Genio 700 next-gen smart IoT platform, dramatically increasing AI performance.

While it continues to integrate with numerous other IoT platforms, CyberLink FaceMe® has significantly improved performance on MediaTek’s latest Genio 700 processors. Running on a Genio 700, the FaceMe® engine is accelerated by MediaTek’s AI Processing Unit (APU). Performance tests show that, in comparison to running exclusively via CPU processing, the APU hardware / software integration increases performance by 6.5X, with a 24% reduction in CPU usage.

The new MediaTek processor provides faster, more efficient and reliable AI facial recognition processing, meeting the complex, high-speed edge computing needs of smart retail and smart security and access control operations. “The strong alliance between CyberLink and MediaTek, with its Genio IoT products, will provide FaceMe® users with faster, more convenient, and powerful facial recognition edge computing products,” said Jau Huang, Chairman and CEO of CyberLink, “enhancing the security and dependability of deployed facial recognition services.”

MediaTek’s Genio 700 is a high-performance AI computing IoT platform. This system-on-chip (SoC) provides powerful CPU, GPU and AI modules, designed for smart home, smart retail and industrial IoT devices. By integrating the latest AI cores and accelerators, the Genio 700 greatly enhances the smart computing power of edge devices, and significantly increases the number of image frames that can be processed per second. MediaTek’s platform can also support real-time AI facial recognition from multiple simultaneous video streams, improving the identification efficiency for implementation scenarios such as smart retail, and access control.

CyberLink FaceMe® not only recognizes faces but can also identify gender, age, and emotions. These features enable the turnkey FaceMe® Smart Retail customer analytics solution to obtain insight into guest demographics, behaviours, and trends. FaceMe® Security strengthens on-site security, with a more complete intelligent security control system.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About CyberLink
Founded in 1996, CyberLink Corp. (5203.TW) is the world leader in multimedia software and AI facial recognition technology. CyberLink addresses the demands of consumer, commercial and education markets through a wide range of solutions, covering digital content creation, multimedia playback, video conferencing, live casting, mobile applications and AI facial recognition.  CyberLink has shipped several hundred million copies of its multimedia software and apps, including the award-winning PowerDirector, PhotoDirector, and PowerDVD.  With years of research in the fields of artificial intelligence and facial recognition, CyberLink has developed the FaceMe® Facial Recognition Engine. Powered by deep learning algorithms, FaceMe® delivers the reliable, high-precision, and real-time facial recognition that is critical to AIoT applications such as smart retail, smart security, and surveillance, smart city and smart home. For more information about CyberLink, please visit the official website at www.cyberlink.com

Webinar recap: Meet our latest partner ESET — protecting against malware and zero-day threats

For this exciting webinar, we were joined by ESET North America’s Director, MSP Channels Cameron Tousley, and Roy Banon, Atera’s App Center Product Manager. The webinar centered around ESET’s innovative approach to cybersecurity and its partnership with Atera.

Didn’t get a chance to attend? No worries, you can watch it right here or continue reading for the highlights and summary of this talk!

Preventing viruses from showing up on your doorstep since the ’80s

With the dawn of new technologies comes the rise of threats, which couldn’t be more true for computers. The PC, or personal computer, began gaining popularity with the public around the 1970s and was susceptible to threats early on. This is why the four founders created ESET in 1987 and took on the role of the defender of the PC. Fast forward to 2023: ESET has 110M+ users relying on their innovative technology for threat detection and response and is used by MSPs for protecting their customers’ assets.

“Being preventative is the most important thing,” said Tousley. “We’re pouring our money into our R&D to ensure that we’re ahead of threats and preventing them before they even show up on the doorstep.” Since 2016, ESET has doubled its R&D investment to ensure they provide MSPs and IT technicians with the best protection.

Tousley turned our attention to the pillars of ESET’s solutions, which include:

Layered defense

  • It’s important to have multiple solutions working together to protect against all types of cyber attacks.

Integrated architecture

  • You must ensure that the solutions are built to work together, which is why ESET’s layered defense tools are built in-house.

Low-performance impact

  • ESET has a light footprint on the endpoints and a light resource load. This means it is running strong and doing the work while staying quiet on the endpoints for users.

Ease of use

  • ESET is extremely easy to deploy and configure, especially with its partnership with Atera. Their troubleshooting documentation is also well maintained, making it easy to read through and understand.

How ESET prevents threats and responds to detected risks

Over 400,000 businesses use ESET’s server-free, cloud-based solution to protect themselves from malware and zero-day threats. Here’s what’s included in their Protect Complete package:

  • Endpoint protection (includes ESET Endpoint Security)
  • File server security (includes ESET Server Security)
  • Full disk encryption (includes ESET Full Disk Encryption)
  • Cloud sandbox (includes ESET LiveGuard Advanced)
  • Mail security (includes ESET Mail Security)
  • Cloud app protection (includes ESET Cloud Office Security)

Atera’s ESET integration: better together

The ESET partnership with the Atera app center means easier onboarding, fortified technical support by both ESET and Atera, and a number of additional benefits, including:

  • Full billing visibility and usage from inside Atera
  • Experience the value first-hand with a 30-day free trial
  • Diverse cyber security options to enhance your toolbox
  • Competitive TCOs to boost profit margins

No time like the present

Toward the end of the webinar, you’ll see Atera’s App Center Product Manager Roy Banon give a demo on how to get started deploying ESET onto customer devices via Atera.

As aforementioned, if you try ESET through Atera, you’ll get a free 30-day trial to experience the incredible value and confidence ESET gives you and your customers.

ESET is one of many integrations Atera offers through the app center and marketplace. Discover more integrations here.

Try Atera for free

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Atera
Small and medium IT operators are the heroes behind the scenes supporting companies around the world. They care a lot for their clients (external or internal) and often work virtually 24/7. However, small and medium IT service providers have always been underserved.
Atera was built for exactly that. With the vision to simplify and streamline the work of Managed Service Providers and IT professionals. To create something that saves them time, energy, and money. To free them from needing to constantly put out fires.
That vision created the remote-first IT management software – enabling IT professionals to shift from reactive task takers to proactive problem solvers.
Now operating from our beautiful offices on Rothchild in Tel Aviv, Atera is currently used by thousands and thousands of IT professionals all over the world (105+ countries).
As we rapidly grow, our goal remains the same: to transform the IT industry with revolutionary technology, while creating one of the happiest and healthiest work environments in the world.

ESET is a notable vendor in the endpoint security market, according to a report by an independent research firm

BRATISLAVA — May 26, 2023 —  ESET, a global leader in digital security, was included in Forrester’s The Endpoint Security Landscape, Q2 2023 report. The report provides an overview of 33 worldwide endpoint security vendors, amongst which ESET is recognized as a notable endpoint security provider based on product revenue. Landscape reports help Forrester clients become more educated about a market by defining current-state market maturity, detailing the top market dynamics and use cases, and providing a list of vendors or providers, which they might prioritize based on size, focus and geography.

As stated in the report, endpoint security solutions are the first and last line of defense for business users, protecting their devices from malware, detecting and responding to dangerous or malicious actions, and resolving incidents quickly and efficiently. Therefore, the critical importance of endpoint security is covered by this report, and by being included in it, ESET is acknowledged as a notable player in this mature market. Vendors in the report vary by size, geography, and use case, including five extended use cases of browser security, enhanced security measures, flexible reporting, mobile threat defense and unmanaged device protection. These are use cases that buyers look to address in addition to the core use cases (endpoint protection, incident resolution, device control). ESET is among those representative vendors with browser security, flexible reporting and mobile threat defense as extended use cases.

“At ESET, we closely monitor the security landscape we and our customers operate in. Based on our telemetry, we keep expanding our endpoint protection offering by adding new features. Our solutions are created with our customers in mind as we introduce options to compensate for our customers’ understaffed security teams, allowing the companies to focus on their operations and what really matters to them,” said Jakub Debski, Chief Product Officer at ESET. “We are very proud to be included in Forrester’s report because, as a privately owned, tech-focused company, we have always taken a science-based, security-first approach to developing our solutions.”

The full report can be accessed via a subscription here.
For more information about ESET’s awards and recognition, click here

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET Research reveals new analysis of AceCryptor: used by crimeware, it hits computers 10,000 times every month

  • ESET researchers publish details about a prevalent cryptor malware, AceCryptor, which operates as a cryptor-as-a-service used by tens of malware families.
  • AceCryptor samples are very prevalent worldwide because multiple threat actors are actively using the cryptor malware to spread packed malware in their campaigns.
  • During 2021 and 2022, ESET protected more than 80,000 customers affected by malware packed by AceCryptor.
  • Altogether, there have been 240,000 detections, including the same sample detected at multiple computers, and one computer being protected multiple times by ESET software. This amounts to over 10,000 hits every month.
  • Among the malware families found that used AceCryptor, one of the most prevalent was RedLine Stealer – malware used to steal credit card credentials and sensitive data, upload and download files, and even steal cryptocurrency.
  • AceCryptor is heavily obfuscated and has multiple variants, and throughout the years, has incorporated many techniques to avoid detection.

BRATISLAVA — May 25, 2023 — ESET researchers revealed today details about a prevalent cryptor malware, AceCryptor, which operates as a cryptor-as-a-service used by tens of malware families. This threat has been around since 2016, and has been distributed worldwide, with multiple threat actors actively using it to spread packed malware in their campaigns. During 2021 and 2022, ESET telemetry detected over 240,000 detection hits of this malware, which amounts to over 10,000 hits every month. It is likely sold on dark web or underground forums, and tens of different malware families have used the services of this malware. Many rely on this cryptor as their main protection against static detections.

“For malware authors, protecting their creations against detection is challenging. Cryptors are the first layer of defense for malware that gets distributed. Even though threat actors can create and maintain their own custom cryptors, for crimeware threat actors, it often may be time-consuming or technically difficult to maintain their cryptor in a fully undetectable state. Demand for such protection has created multiple cryptor-as-a-service options that pack malware,” says ESET researcher Jakub Kaloč, who analyzed AceCryptor.

Among the malware families found that used AceCryptor, one of the most prevalent was RedLine Stealer – malware available for purchase on underground forums and used to steal credit card credentials and other sensitive data, upload and download files, and even steal cryptocurrency. RedLine Stealer was first seen in Q1 2022; distributors have used AceCryptor since then, and continue to do so. “Thus, being able to reliably detect AceCryptor not only helps us with visibility into new emerging threats, but also with monitoring the activities of threat actors,” explains Kaloč.

During 2021 and 2022, ESET protected more than 80,000 customers affected by malware packed by AceCryptor. Altogether, there have been 240,000 detections, including the same sample detected at multiple computers, and one computer being protected multiple times by ESET software. AceCryptor is heavily obfuscated and has incorporated many techniques to avoid detection throughout the years. “Even though we don’t know the exact pricing of this service, with this number of detections, we assume that the gains to the AceCryptor authors aren’t negligible,” theorizes Kaloč.

Because AceCryptor is used by multiple threat actors, malware packed by it is distributed in multiple ways. According to ESET telemetry, devices were exposed to AceCryptor-packed malware mainly via trojanized installers of pirated software, or spam emails containing malicious attachments. Another way someone may be exposed is via other malware that downloaded new malware protected by AceCryptor. An example is the Amadey botnet, which we have observed downloading an AceCryptor-packed RedLine Stealer.

Since many threat actors use the malware, anyone can be affected. Because of the diversity of packed malware, it is difficult to estimate how severe the consequences are for a compromised victim. AceCryptor may have been dropped by other malware, already running on a victim’s machine, or, if the victim got directly afflicted by, for example, opening a malicious email attachment, any malware inside might have downloaded additional malware; thus, many malware families may be present simultaneously. AceCryptor has multiple variants and currently uses a multistage, three-layer architecture.

Even though attribution of AceCryptor to a particular threat actor is not possible for now, ESET Research expects that AceCryptor will continue to be widely used. Closer monitoring will help prevent and discover new campaigns of malware families packed with this cryptor.

For more technical information about AceCryptor, check out the blogpost “Shedding light on AceCryptor and its operation” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

Heatmap of countries affected by AceCryptor according to ESET telemetry

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

The ultimate step-by-step guide for removing a troublesome patch

Are you feeling frustrated by crashes, errors, or other issues caused by a so-called bug fix? Trust us, you’re not alone. While patches are aimed at correcting malfunctioning code in software, or making an application more secure, these fixes can sometimes go wrong, leading to unpleasant experiences when using the technologies we know and typically love.  

If you’re trying to remove a troublesome patch, then the good news is that you’re in the right place. In this post, we will provide a step-by-step guide that you can follow in order to identify the problematic patch, check for alternative solutions, uninstall said patch, and prevent it from being reinstalled. In short, you can rest assured that your technology will be back to normal in no time.

What is patch management?

Patch management is the process of acquiring, testing, deploying, and managing software patches and updates on computer systems, applications, and other various software components. It is a critical aspect of maintaining the security, stability, and performance of any IT environment.

 

Why a patch may become troublesome

In the world of IT, a “patch” refers to a modification made to a program in order to improve its performance, security, or other feature that’s due for an update or change. You also might have heard of patches being referred to as “bug fixes” – that’s because patches are created with the purpose of smoothing over code imperfections which may be discovered by an app’s users or developers.

In order to make edits, developers harness the power of debugging software, or automated patch management—with the goal of creating patches that can be either permanent or temporary. So where can this process go wrong?

Well, it turns out that creating and executing patches is not always foolproof. Some patches can end up causing unforeseen negative effects on performance, or cause a ripple effect that ends up interrupting other features, even if the patch managed to successfully solve the original issue.

Removing a troublesome patch with Atera

The Patch Management Software that will ease your IT life!

 

The step-by-step guide for removing a troublesome patch

 

Step 1: Identify the Problematic Patch

Sometimes, IT departments or software managers roll out multiple patches at once. So how do you know which one is causing the problem? It’s important to stay up-to-date on patches that aren’t highly rated across all devices so that you can avoid installing them in the first place – or find an automated solution that can do so for you.

But if you’ve already installed the patch (or a series of patches), the first step will be identifying which patch you need to remove to ensure you’re not creating additional problems by accidently uninstalling the wrong one.

 

Step 2: Check for Alternative Solutions

Although initiating patch rollback is one effective way to handle a flawed patch, there are often more practical, time-efficient ways to solve the problem. For example, you could use a workaround, which is when a developer essentially creates a new patch to fix the problems created by the existing patch.

Another solution could be uninstalling the software completely. If you have software that’s creating too many difficult issues while patching, you might want to consider a new, less problematic software solution instead. Alternately, you can accept whatever risk or issues an essential patch creates – this is essentially a process of weighing out benefits versus consequences.

 

Step 3: Uninstall the Patch

If you need to uninstall the patch, you will have to perform a patch rollback. That process essentially reverts software to the last version installed on a device, undoing any changes caused during the patching process.

The exact process of uninstalling a patch will depend on the tools you have on hand and the nature of the patch itself. You can use a script or powershell to manually uninstall a patch, but generally speaking, using a patch management tool will make the process much easier.

 

Step 4: Prevent the Patch From Being Reinstalled

In order to make sure the pesky patch you just got rid of doesn’t get reinstalled, you’ll need to disable, block, or hide that patch after the fact. The exact language here will depend on what software you’re updating.

 

When you invest in an all-encompassing patch management solution, these tasks will often be much easier to do—and less time-consuming.

 

Patching Tips You Need to Know

There are some best practices that you can use to ensure your patching routine goes as planned. First, it’s important to run patches on a schedule. You’ll want to ensure that you are applying patches at times when your network has few or no users present, to minimize any interruptions to their workflow. It’s also important to apply patches quickly for the sake of cybersecurity.

You should also be certain that you have a complete and robust understanding of all of the devices and inventory on your network. You can’t patch effectively if you don’t know what you’re working with. Generally, automating your patch management is the best path toward saving time and money, minimizing stress—and ensuring your network stays safe and up-to-date.

 

Conclusion

If you’ve struggled with troublesome patching before, you’re not the only one. Individual tech users and IT departments can often have issues in this area. Sometimes patches cause more issues than they’re worth. In which case you will need to remove a patch, or brainstorm an alternate solution.

We hope this article provided useful information about how to deal with a troublesome patch. Be sure to save it for the future so that you can refer back anytime you need a reminder about what you should do, should you find yourself in a patchy situation.

 

FAQs

 

What should I do if I accidentally remove a necessary patch?

If you accidentally remove a necessary patch, you should be able to reinstall it. Patches that you roll back are not removed from the system forever; they’re just temporarily uninstalled. If you realize a patch needs to be reinstalled, you can implement a workaround to fix whatever issue it may have caused.

 

Can I prevent patches from being installed automatically?

You can go into your program’s settings and disable automatic updates to prevent patches from being automatically deployed. You can also prevent patches from being installed after you roll them back by disabling, hiding, or blocking them.

 

Why do patches sometimes cause problems?

Patches are not perfect solutions, meaning that they sometimes cause problems even as they’re fixing others. That’s because patching isn’t a perfect science. They’re meant to quickly solve problems, which means that they’re not always compatible with every device interface.

Removing a troublesome patch with Atera

The Patch Management Software that will ease your IT life!

Try Atera for free

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Atera
Small and medium IT operators are the heroes behind the scenes supporting companies around the world. They care a lot for their clients (external or internal) and often work virtually 24/7. However, small and medium IT service providers have always been underserved.
Atera was built for exactly that. With the vision to simplify and streamline the work of Managed Service Providers and IT professionals. To create something that saves them time, energy, and money. To free them from needing to constantly put out fires.
That vision created the remote-first IT management software – enabling IT professionals to shift from reactive task takers to proactive problem solvers.
Now operating from our beautiful offices on Rothchild in Tel Aviv, Atera is currently used by thousands and thousands of IT professionals all over the world (105+ countries).
As we rapidly grow, our goal remains the same: to transform the IT industry with revolutionary technology, while creating one of the happiest and healthiest work environments in the world.

Cost-benefit analysis of cybersecurity spending

As new data breaches are making the headlines, cybersecurity is becoming one of the most critical elements of a long-term business strategy. To protect their sensitive data and mitigate potential risks, businesses are actively looking for ways to move into the 21st century in terms of their infrastructure. However, as many soon discover, cybersecurity integration within an existing business is rarely a one-click solution.

Even putting all the technical questions aside, cybersecurity raises many questions regarding return on investment. This article will provide a broad overview of how to approach cybersecurity spending. We’ll briefly cover what makes up cybersecurity costs, what factors could affect them, the financial impacts of cyberattacks, potential benefits, and some guidelines on approaching cybersecurity estimates in your company.

Costs of cybersecurity

Cybersecurity spending can mean several things. The exact route will depend on the actual business case and the risks that the company is trying to mitigate. Still, no matter which options your company is considering, this is something where budget constraints will have to become a consideration.

Let’s look at the costs from different cybersecurity ecosystem components: solutions, services, personnel, and training.

Solutions

One of the go-to routes for organizations looking to shield themselves against cyberattacks is purchasing cybersecurity hardware or software solutions. This allows companies to flexibly integrate them into the infrastructure, strengthening the areas needing attention.

As such, businesses have numerous options available. Cybersecurity hardware and software provide easy access to firewalls, antivirus, access control mechanisms, intrusion detection and prevention systems. When used collectively, these technologies work together to halt cyberattacks or mitigate their impact if they do occur.

While it’s also true that their costs depend on various factors (which we will address later on), let’s look at the average industry costs associated with various cybersecurity solutions. Please note that the distinction between solutions and services isn’t as set in stone as it used to be due to modern service delivery models (like SaaS) and the popularity of cloud computing.

Firewalls

If an organization relies on a network, a firewall is a must as it monitors and controls network traffic. Acting as a barrier between the internet and/or other untrusted networks and your private network, it’s the first defense against malicious connections based on predefined rules.

The tricky part for the comparison is that they can be implemented at different levels of the network stack, i.e., from the network layer (filtering packets) to the application layer (proxy servers). Finally, they can be hardware or software-based, or a combination of both, affecting the final price tag.

Therefore, an average firewall configuration can range between $450 and $2,500 (as a one-off investment not factoring in its maintenance which costs extra). That doesn’t take into account setup or maintenance costs, so the final cost can be higher.

Antivirus software

Antiviruses are still staples to protect computer systems from malware, viruses, and other security threats. As an essential component of comprehensive cybersecurity strategy, they can be used as the last line of defense. Usually, in business settings, they’re deployed across an organization’s network to protect all connected devices.

It’s often the case that antiviruses also include additional features like firewalls, intrusion prevention systems, and email filtering to provide further protection against cyber threats. This also makes our comparison more difficult.

Still, if we’re looking for rough estimates, which is what we’re doing here: basic antivirus usually costs between $3 and $5 per user and $5 to $8 per server monthly. While the final price tag will entirely depend on your organization’s size, the estimate could be at least $30 a month if you have around five users.

Spam filters

Business communication primarily still takes place over emails. This is something that hackers are exploiting in phishing attacks. For this reason, having spam filters is essential to identify and block harmful emails before they end up in employees’ inboxes. Spam filters rely on various technologies to analyze the content and metadata of incoming messages to determine whether they are legitimate.

Some email providers offer spam filters already integrated into their suite. Meanwhile, for other cases, it’s required to set up a spam filter on top of it. It’s estimated that the price for this ranges between $3 – $6 per user per month.

Services

What makes cybersecurity services different from cybersecurity solutions is that they’re typically provided by a third-party provider, who may offer the service on a subscription basis. While a cybersecurity service may include various cybersecurity solutions, the two concepts are not interchangeable. Cybersecurity service by definition encompasses ongoing protection against cybersecurity threats.

Frequently this also means that cybersecurity services can help against threats of greater sophistication. This makes them a good pick for organizations looking into securing their digital assets and preventing unauthorized access, theft, and exploitation of sensitive information.

VPN

With plenty of employees working remotely, businesses need a secure way for their employees to access company resources. VPN encryption seals the sensitive data in a secure tunnel, enabling secure exchanges to the company’s network. This additional protection layer also helps mitigate cyber threats by masking the user’s IP address.

Yet, as with most cybersecurity components, there are multiple routes to consider here. A VPN could be set up as a hardware stack with ongoing third-party maintenance fees or a software-only solution. This is something that can skew the price.

While the software-only is cheaper and can be up to $10 per user, the hardware setup can range up to $3,500 per device. That’s a significant gap between them, while both options provide similar functionality. The particular business case will be a deciding factor.

Consulting and testing

Cybersecurity consulting and testing service providers have a high level of expertise in identifying and mitigating security risks. This is something that few companies can manage to achieve out of their own resources. Specialized cybersecurity professionals perform various checks to properly evaluate the used cybersecurity measures’ effectiveness and outline the most critical areas.

Due to the nature of their services, this can be a pretty expensive endeavor. A vulnerability assessment for a network with up to three servers would cost $1,500 to $6,000. It goes without saying that if the scope of investigations needs to be broader, this will only add up to the final price tag.

Endpoint detection and response

Businesses turn to endpoint detection and response (EDR) services because they provide high protection against cyber threats by monitoring and detecting potential security breaches. This allows businesses to detect and respond to cyber threats quickly and before they cause significant damage to the organization’s assets, reputation, and financial standing. EDR solutions typically operate through a combination of software agents and cloud-based systems.

Endpoint detection and response solutions cost around $5 to $10 per month per device. Yet, as with most subscription-based services, there are discounts: with more devices, EDR usually becomes cheaper per single device. Still, EDR solutions come in different depths and feature sets, so the final cost can be higher.

Personnel

Personnel is one of the most important cybersecurity assets at any company’s disposal. These specialists will protect your data from various forms of cyberattacks and ensure the risks are minimal. Whatever cybersecurity solutions or services you’ve purchased, the IT personnel will set up and maintain those tools.

Cybersecurity doesn’t become an integral part of an organization’s DNA just by purchasing some subscriptions. It needs to be cultivated. One way to ensure this is sustainable is to develop security policies and protocols — exactly what cybersecurity personnel will do.

Network administrators

Network administrators are responsible for setting up and maintaining the organization’s network infrastructure. They must ensure the network is secure from unauthorized access and that all transmitted data is protected from interception and other potential threats. The administrators will be configuring and managing firewalls, blocking specific ports, managing user permissions, monitoring the network, and patching system components.

As for their cost, you can look at conflicting data sources: depending on the region, experience, market saturation, and other factors. Still, if we’re looking for a broad view based on data from Payscale, this should be within $63,244 per year.

Compliance officers

Compliance officers are specialists who ensure an organization’s cybersecurity by implementing policies and procedures to align compliance with regulations and industry standards. They identify risks, monitor security measures, and ensure employees follow security protocols. These key people outline how an organization should handle sensitive data, access controls, and incident response.

A compliance officer’s salary is $73,255 a year based on publicly available data. Mind you, compliance is one of the trickiest landscapes to navigate, so these specialists must periodically refresh their knowledge to stay updated with the latest policy changes.

Security analysts

Security analysts identify potential threats to an organization’s network, systems, and data. They’re using various tools and techniques to detect and prevent cyberattacks before they can cause damage. Security analysts identify vulnerabilities in an organization’s systems and infrastructure by conducting risk assessments.

Security analysts are crucial in protecting an organization’s assets and cyber threats. Based on Glassdoor data, their salaries, on average, are around $90,283 a year. Due to the increased frequency and complexity, professional cyber security analysts are in high demand, which can further increase their salaries.

Trainings

The cybersecurity landscape is constantly changing. Therefore employees’ skills and knowledge need to be periodically refreshed. This is where cybersecurity training and certifications ensure that employees know the best practices for protecting this information and can identify potential threats. These trainings can be expensive, and organizations must ensure they are effective.

Courses

Cybersecurity courses can be an invaluable resource in helping to understand the importance of protecting company data from cyberattacks. By teaching employees how to identify potential security threats and how to take preventative measures, companies can reduce the risk of data breaches and protect their sensitive information. Nowadays, there are plenty of resources, ranging from in-person training to online lectures.

For this reason, cybersecurity training costs vary significantly and can range from freely available online resources to $5,000 or more. Mind you that the price is affected by factors like depth and competencies. Courses intended for niche specializations will always cost more than a basic introduction.

Certifications

Cybersecurity certifications provide credibility to professionals working in the field, demonstrating that they have met rigorous standards and have the necessary knowledge and skills to protect against cyber threats. Using certification as a standardized measure allows aligning the team and ensuring that best practices are applied when making organization-level cybersecurity improvements.

There are several popular cybersecurity certifications widely recognized in the industry. For example, the Certified Information Systems Security Professional (CISSP) exam costs around $699. Certified Ethical Hacker (CEH), another important pick for cybersecurity professionals, costs around $1199. Along with GIAC Security Essentials (GSEC) certification and exam, it’s priced around $1699, which makes it one of the more expensive courses.

Factors that affect cybersecurity costs

It’s important to note that the cybersecurity costs provided in the previous section are only rough estimates. The final price will depend on numerous factors, which will be the key differentials from business to business when calculating cybersecurity costs. Let’s look at some of them to see how they factor into the final price tag.

Size

The size of an organization is one of the most important factors which can drastically alter cybersecurity costs. As larger companies have more complex IT infrastructures, more employees to train, and a higher risk of cyber attacks due to their visibility and financial resources — their security naturally costs more. When compared to smaller organizations, the difference might be night and day.

Keep in mind that, in some cases, some cybersecurity tools will need to be adjusted. They cannot operate that well when used in corporate settings, which are within a completely different pricing category. However, numerous reports confirm that small businesses are three times more likely to be targeted by cybercriminals than larger companies. So while the risks remain high, not all companies are as well equipped to tackle the potential risks.

Industry

The industry in which an organization operates and any regulatory requirements it must comply with can impact its cybersecurity costs. Organizations working in highly regulated industries like healthcare and finance will have higher cybersecurity costs because more regulations apply to the data they’re holding.

As a side note, the industry determines an organization’s risk tolerance. Different industries can have very different thresholds for acceptable risk levels. This means that security’s scope will have to be aligned, which will also, in turn, affect cybersecurity costs. In addition, businesses in certain industries seem to fall victim to more cyberattacks than others, which is also a factor.

Financial impact of cyber attacks

While up until this point, you got the impression that cybersecurity is expensive, let’s move on to an overview of the financial impact of cyber attacks. Depending on what business operations are targeted, the attack scope, and the kinds of data leaking to the public, all constitute significant financial losses. Let’s look at revenue losses, legal fees, and reputational damage.

Revenue

Cyberattacks can disrupt normal organizations’ day-to-day operations and compromise sensitive data. This can easily make an organization’s systems and networks inaccessible or unusable. The downtime when the IT team is trying to patch together a solution and get the operations back up and running costs time, which also translates into lost revenue.

2 financial impact of cyberattacks

The recovery costs can also be factored in as damaged equipment needs to be replaced, and systems need to be restored from the backups. It’s not a coincidence that a quarter of companies that have experienced a cyber attack have lost between $50,000 and $99,999 in revenue. These are steep numbers, and they don’t factor in the costs of getting the operations back up and running.

Legal fees

After data breach remediation and operations restoration, the trouble isn’t over. Especially in cases of a large data breach, companies need to hire legal counsel, forensic experts, and other professionals to help manage the aftermath. So there’s the precedent of estimation and cleaning up.

3 post-breach legal fees breakdown

Additionally, depending on the data breach’s severity, the company may also be held responsible for the damage suffered by affected customers or clients. If there are lawsuits, this can quickly mount legal fees, including settlement costs. For smaller companies, that’s an instant endgame as they often just aren’t equipped to handle such expenses. For instance, it’s estimated that legal costs range from $50,000-$148 million, with a median of $1.6 million and a mean of $13 million.

Reputational damage

A data breach leaves a permanent black mark on a company’s reputation. Companies will need to spend a lot of resources to repair their image and reassure the customers that they have learned from their mistakes and won’t happen again. This long process involves public statements and social media management and should be an aspect of long-term customer trust remediation.

4 cybersecurity reputational costs

According to various reports, the proportion of the total costs that can be attributed to reputational costs like abnormal customer turnover and loss of goodwill was around $1.57 million. Mind you that this is something that affects companies for a long time, provided that a company even makes a recovery from a data breach.

Benefits of cybersecurity spending

Cybersecurity spending can minimize various risks associated with revenue, reputation, or legal fees. While this is a solid argument advocating for cybersecurity solutions, this is far from the only benefit. Having a functioning infrastructure with a cybersecurity-focused mindset also generates a positive outcome for organizations. Let’s look at some of the indirect benefits of cybersecurity spending.

Better compliance alignment

Many compliance regulations, like General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA), require organizations to implement specific security measures to protect sensitive data. Therefore, investments in cybersecurity help to achieve two goals simultaneously:

  • The risk profile is contained, and the organization is more resistant to cyberattacks.

  • The organization ensures that it has all the necessary technologies and policies in place to meet compliance requirements.

Reports confirm that achieving substantial compliance goals require holistic and integrated security solutions, ensuring that every aspect of an organization is covered. For this alone, cybersecurity investments should be at the top of the business manager’s list.

Increased productivity

Cybersecurity matters can often be a catalyst for workplace modernization. While this may not always be a seamless transition, the change often allows the work to be performed more efficiently and securely. A good example of this is the remote and hybrid work trend, which became very popular after the global pandemic.

In fact, securing identities and endpoint devices enables users to do their work quickly and securely from anywhere. Nowadays, there are many ways of working, and cybersecurity can be a good contributor to breaking the cycle of outdated tech and enabling all ways of working.

How to apply cost-benefit analysis for your organization

Our rough estimates demonstrate that data breach costs outweigh cybersecurity expenses. While this is a valid statement, this doesn’t provide clear guidelines on what actionable steps should be taken when considering cybersecurity spending. Businesses have finite resources, and cybersecurity is just one area that needs to be addressed. Thankfully, there are some models that we can use as a basis to evaluate cybersecurity costs and benefits.

Let’s start by looking at one of the most widely used schemes: the National Institute of Standards and Technology (NIST) Cybersecurity Framework. This is a helpful document consisting of standards, guidelines, and best practices to manage cybersecurity risks. It’s especially useful because it’s applicable to companies from all industries.

The problem with it is that while it recognizes that management of cybersecurity risks is always organization-specific, which will also shape how the final cost-benefit evaluation will look, it doesn’t outline how the cost-benefit analysis should be provided. For this reason, some researchers suggest integrating mathematical models Lawrence A. Gordon and Martin P. Loeb developed into the NIST Cybersecurity Framework. The model calculates an optimal investment in cybersecurity based on the cost of an attack, the expected probability, and the effectiveness of the security measures put in place.

The basic premise of the Gordon-Loeb model is that there is a tradeoff between the cost of an attack and the cost of investing in cybersecurity. Organizations want to minimize the total cost, including the cost of an attack and the security investment. The model assumes that the cost of an attack is proportional to the value of the information assets that could be compromised.

The model also considers the probability of an attack occurring, which is a function of the number of potential attackers, the likelihood that they will attempt an attack, and the effectiveness of the security measures. The effectiveness of security measures is assumed to be proportional to the level of investment in cybersecurity.

To calculate the optimal investment in cybersecurity, a balance needs to be found between the level of investment and the expected total cost. This relies on the relation between the expected cost of an attack and the cost of the security investment. This leaves us with a four-step approach:

  1. The value of protected information should be estimated as it represents the potential loss (L)

  2. The probability of the information being breached should be estimated (v)

  3. These first two values should be combined to derive the expected loss (vL)

  4. Cybersecurity investments should be allocated to the information based on the productivity and cost of the investments, so an optimal investment level (z)

Putting this data in the graph gives us some perspective on the diminishing returns. If the values of v and L are small, for instance, when v equals 0.1, and L equals $1M, extensive investments in cybersecurity aren’t optimal, as the expenses are higher than the benefits.

However, as the values of v and L increase, the optimal investment amount (z) and the expected loss resulting from a cybersecurity breach (vL) increase in this scenario.

5 graph showing optimal cybersecurity spending

In other words, the more valuable data an organization has, the more it has to lose. Once that threshold is met, not investing in cybersecurity is sitting on a powder keg. It’s a simple exercise to go through to better evaluate your organization’s standing in terms of cybersecurity. As a rule of thumb, the authors of the study suggest that organizations should generally invest less than 37% of the expected loss from a cybersecurity breach. The actual number will then need to be individually calculated based on your organization’s specifics.

How to improve your cybersecurity with NordLayer?

Cybersecurity is unavoidable in the current business environment because cyber threats aren’t going anywhere. This also has associated costs: solutions, services, personnel, and trainings. Organizations aren’t left alone without help, so for those willing to team up with cybersecurity providers — the market offers numerous opportunities that could make your company more resistant to cyber threats.

When it comes to the price, though, there are numerous factors that can also affect cybersecurity costs, like industry and size. As most cyberattacks are financially motivated, the companies with the most sensitive data are the prime targets. Although, it’s always fair to assume that no matter the industry or size, no one is immune to them.

That is why organizations need modern cybersecurity solutions that adapt to changing complexities of today’s working environments. All organizations have information that needs protecting, so all communication channels are interesting to hackers.

With NordLayer’s solutions, organizations can secure access to sensitive information and prevent reputational, legal, and financial damage. No matter what industry, NordLayer can be a reliable ally to help you stay secure. Contact us, and let’s discuss your cybersecurity journey together.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.