Archive for March 12, 2020

Dell Study Finds Data Is At Risk Despite Investments In Data Protection

Posted in Commentary with tags on March 12, 2020 by itnerd

The Dell Technologies Global Data Protection Index 2020 Snapshot reveals that organizations on average are managing almost 40% more data than they were a year ago. With this surge in data comes inherent challenges. The vast majority (81%) of respondents reported their current data protection solutions will not meet all of their future business needs. The Snapshot, a follow-on to the biennial Global Data Protection Index, surveyed 1,000 IT decision makers across 15 countries at public and private organizations with 250+ employees about the impact these challenges and advanced technologies have on data protection readiness. The findings also show positive progress as an increasing number of organizations – 80% in 2019, up from 74% in 2018 – see their data as valuable and are currently extracting value or plan to in the future.

Costly disruptions rise at alarming rates

According to the study, organizations are now managing 13.53 petabytes (PB) of data, nearly a 40% increase since the average 9.70PB in 2018, and an 831% increase since organizations were managing 1.45PB in 2016. The largest threat to all this data seems to be the growing number of disruptive events, from cyber-attacks to data loss to systems downtime. The majority of organizations (82% in 2019 compared to 76% in 2018) suffered a disruptive event in the last 12 months. And, an additional 68% fear their organization will experience a disruptive event in the next 12 months.

Even more concerning is the finding that organizations using more than one data protection vendor are approximately two times more vulnerable to a cyber incident that prevents access to their data (39% of those using two or more vendors versus 20% of those using only one vendor). But, the use of multiple data protection vendors is on the rise with 80% of organizations choosing to deploy data protection solutions from two or more providers, up 20 percentage points since 2016.

The cost of disruption is also increasing at an alarming rate. The average cost of downtime surged by 54% from 2018 to 2019, resulting in an estimated total cost of $810,018 in 2019, up from $526,845 in 2018. The estimated cost of data loss also increased from $995,613 in 2018 to $1,013,075 in 2019. These costs are significantly higher for those organizations using more than one data protection vendor – nearly two times higher downtime-related costs and almost five times higher data loss costs, on average.

Emerging technologies challenge data protection solutions

As emerging technologies continue to advance and shape the digital landscape, organizations are learning how to use these technologies for better business outcomes. The study reports that almost all organizations are making some level of investment in newer or emerging technologies, with the top five being: cloud-native applications (58%); artificial intelligence (AI) and machine learning (ML) (53%); software-as-a-service (SaaS) applications (51%); 5G and cloud edge infrastructure (49%); and Internet of Things/end point (36%).

Yet, nearly three-quarters (71%) of respondents believe these emerging technologies create more data protection complexity while 61% state that emerging technologies pose a risk to data protection. More than half of those using newer or emerging technologies are struggling to find adequate data protection solutions for these technologies, including:

  • 5G and cloud edge infrastructure (67%)
  • AI and ML platforms (64%)
  • Cloud-native applications (60%)
  • IoT and end point (59%)
  • Robotic process automation (56%)

The study also found that 81% of respondents believe their organizations’ existing data protection solutions will not be able to meet all future business challenges. Respondents shared a lack of confidence in the following areas:

  • Recovering data from cyber-attacks (69%)
  • Recovering data from a data loss incident (64%)
  • Meeting compliance with regional data governance regulations (62%)
  • Meeting backup and recovery service level objectives (62%)

Data protection joins forces with cloud

Businesses are taking a combination of cloud approaches when deploying new business applications and protecting workloads such as containers and cloud-native and SaaS applications. The findings show that organizations prefer public cloud/SaaS (43%), hybrid cloud (42%) and private cloud (39%) as deployment environments for newer applications such as these. Also, 85% of organizations surveyed say it is mandatory or extremely important for data protection providers to protect cloud-native applications.

As more data moves to, through and around edge environments, many respondents say cloud-based backups are preferred, with 62% citing private cloud and 49% citing public cloud as their approach for managing and protecting data created in edge locations.

Additional resources

  • Visit the Global Data Protection Index 2020 Snapshot for an infographic and links to the previous year’s findings.
  • Read the blog from Dell Technologies Data Protection President Beth Phalen for her perspective on the findings.

About the Dell Technologies Global Data Protection Index 2020 Snapshot

Dell Technologies commissioned Vanson Bourne for the Global Data Protection Index 2020 Snapshot, a follow-on to the biennial Global Data Protection Index conducted in 2014, 2016 and 2018. The Snapshot surveyed 1,000 IT decision makers across 15 countries and 14 industries with 250+ employees to understand the impact of cloud and the complexities of advanced technologies on data protection readiness. Vanson Bourne conducted the survey between November and December 2019. The countries surveyed include US, UK, France, Germany and China with 100 respondents each, and Mexico, Brazil, South Africa, UAE, Italy, Australia, Japan, South Korea, India and Singapore with 50 respondents each.

 

Lego & Nintendo Team Up To Bring Super Mario To The Physical World

Posted in Commentary with tags on March 12, 2020 by itnerd

The LEGO Group announced a partnership with Nintendo that will change the way people interact with Super Mario in the physical world and engage in LEGO® experiences.

Both companies share a passion for innovation and play and their collaboration has led to a reimagination of the LEGO building experience, enabling an entirely new way to play inspired by the beloved video game icon, Super Mario.

Neither a video game nor a traditional LEGO brick-based set, LEGO® Super Mario™ is a new product line that features an interactive LEGO Mario figure who collects coins in real-life game levels created with LEGO bricks. The new line will let kids experience the playful world of Super Mario like never before. Super Mario will be brought to life in the physical LEGO world and new levels of challenge and styles of play will be part of the iconic LEGO experience enjoyed by generations.

LEGO® Super Mario™ will launch later this year, and more information will be made available in the future. 

Bookmark this website for more info: www.LEGO.com/supermario

 

Trend Micro Blocked 13 Million High-Risk Email Threats in 2019

Posted in Commentary with tags on March 12, 2020 by itnerd

Trend Micro Incorporated has released its 2019 Cloud App Security Roundup report. The report highlights changes in messaging-specific threats detected last year, the use of more sophisticated malware, and the potential abuse of emerging technologies in artificial intelligence to inform future business protection strategies.

In 2019, Trend Micro blocked 12.7 million high-risk email threats for customers leveraging cloud-based email services from Microsoft and Google. This second layer of defense caught threats beyond those detected by the cloud email services’ built-in security.

More than 11 million of the high-risk emails blocked in 2019 were phishing related, making up 89% of all blocked emails. Of these, Trend Micro detected 35% more credential phishing attempts than in 2018. Additionally, the number of unknown phishing links in such attacks jumped from just 9% of the total to more than 44% in 2019. This may demonstrate that scammers are registering new sites to avoid detection.

The report also shows that criminals are getting better at tricking the first layer of defense against Business Email Compromise (BEC) attacks, which typically look at attacker behaviors and intention analysis of the email content. The percentage of BEC attacks caught by AI-powered authorship analysis increased from 7% in 2018 to 21% in 2019.

Emerging phishing techniques outlined in the report include the increasing use of HTTPS and targeting Office 365 administrator accounts. This enables malicious hackers to hijack all connected accounts on the targeted domain and use them to send malware, launch convincing BEC attacks and more. To this end, Trend Micro blocked nearly 400,000 attempted BEC attacks, which is 271% more than in 2018.

In the face of such threats, Trend Micro recommends the organizations take the following mitigation steps:

  • Move away from a single gateway to a multi-layered cloud app security solution
  • Consider sandbox malware analysis, document exploit detection, and file, email, and web reputation technologies to detect malware hidden in Office 365 and PDF documents
  • Enforce consistent data loss prevention (DLP) policies across cloud email and collaboration apps
  • Choose a security partner that can offer seamless integration into their cloud platforms, preserving user and admin functions
  • Develop comprehensive end user awareness and training programs

The report’s findings were based on data generated by Trend Micro Cloud App Security™, an API-based solution that protects a range of cloud-based applications and services, including Microsoft® Office 365™ Exchange™ Online, OneDrive® for Business, SharePoint® Online, Gmail, and Google Drive.

To find out more, please read the complete report here:https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/trend-micro-cloud-app-security-report-2019

 

SIM Swap Scams – How To Protect Yourself

Posted in Commentary with tags , on March 12, 2020 by itnerd

Right now the newest way for scammers to separate you from your money is the SIM swap scam. Here’s how the scam works.

  • A fraudster gathers personal details about the victim, either by use of phishing emails, by buying them from organised criminals, or by directly socially engineering the victim.
  • Once the fraudster has obtained these details, they then contact the victim’s mobile telephone provider. The fraudster uses social engineering techniques to convince the telephone company to port the victim’s phone number to the fraudster’s SIM. This is done, for example, by impersonating the victim using personal details to appear authentic and claiming that they have lost their phone.
  • Once this happens the victim’s phone will lose connection to the network and the fraudster will receive all the SMS and voice calls intended for the victim. This allows the fraudster to intercept any one-time passwords sent via text or telephone calls sent to the victim, and thus to circumvent any security features of accounts that are associated with the phone. Be they bank accounts, social media accounts, etc.

There have been a growing number of cases of this scam happening in Canada, US and other places. I have heard of bank accounts being drained and the take over of social media accounts. The most famous of these is the take over of Twitter CEO Jack Dorsey’s Twitter account a few months ago.

Clearly this is a scam that you need to keep an eye on due to the impact that it can have on your life. The question is, how do you protect yourself from being a victim? To help with that, I reached out to TELUS as they have programs to help Canadians protect themselves online. Most notably TELUS Wise. They were kind enough to point me to a number of tools on their website that can help guide consumers on how to protect themselves from scams in general. But they also provided a few tips specific to SIM swap scams:

  • Limit the amount of personal information about you online. Be careful to not click on phishing emails (and texts) that ask you to provide and/or validate private information.
  • Don’t add your phone number to any online accounts where it is not necessary.
  • Use strong and unique passwords for each of your accounts.
  • Set up authentication methods that aren’t text based only.
  • If you think something is awry and/or if you can’t make or receive phone calls on your device, contact your wireless provider immediately.
  • Report the fraud to your local police and the Canadian Anti-Fraud Centre at 1-888-495-8501. Notify your bank and credit card companies. Contact the two national credit bureaus to request a copy of your credit reports and place a fraud warning on your file (Equifax Canada Toll free:1-800-465-7166 and TransUnion Canada Toll free: 1-877-525-3823).

Besides the above, one other thing that I do recommend is that you set up a PIN or a security code with your wireless provider. That way if someone tries to access your account to try and pull off a SIM swap, they’ll run into a brick wall as they won’t have the PIN. TELUS offers this security feature (In fact, when I signed up with TELUS, I had to come up with a PIN on the spot), and I have to assume that other wireless providers do as well. Thus you should contact them to see how you can set this up on your account.

SIM swap scams are on the rise. But the good news is that by taking the above steps, you can reduce the risk that you will be a victim.