Business Info - issue 146

INTERVIEW 01732 759725 magazine 07 Webroot’s 2021 Webroot BrightCloud Threat Report highlights the continuing risk that malicious actors pose to computer and smartphone users. Based on telemetry from 285 million endpoints/sensors collected byWebroot’s machine learning security platform, which powers all Webroot protection and BrightCloud services, the report identifies the evolving tactics of cyber-criminals, as well as the security weaknesses they exploit to launch phishing attacks and spread malware. Business Info spoke to Grayson Milbourne, Security Intelligence Director at Webroot, to find out more about some of these risks and, more specifically, what businesses and end users should be doing (or doing better) to protect themselves. One of the first points he makes is that these findings, notably a 34.4% year-on-year increase in phishing activity, reinforce the need for security awareness training as part of a multi- layered approach to cyber resilience. “Three plus years ago,Webroot launched a security awareness training platform with the idea that you can educate your users and greatly reduce the risk they introduce to your business, because we all know it is someone’s mistake that leads to most cyber incidents. Our security awareness training includes a couple of things: there are compliance courses and there’s training that allows you very easily to send a simulated phishing attack or an email to your employees. There are lots of different templates that we keep very fresh; we are constantly taking from the wild and implementing a mirror version, so we really use what’s out there,” he explains. “What we typically see are click rates of around 15%, which, after just one round of training, drop by 30% or so. If you do training on a regular basis, you can get people’s click rates down to 4% or 5% and that helps greatly. “Then, when we look at customers Training, training, training who combine our different technologies – not everyone uses security awareness training – we see that those who do undertake training have less malware in their environments. There’s almost 12% less malware for customers that use both solutions, rather than just the endpoint protection. “Our story has long been that cyber resilience is the best form of cyber security. It is very difficult to protect every avenue 100% of the time, but if you have a layer that is 75% effective at reducing something and then if you train your employees so there is 75% less chance they click something bad, when you start stacking these layers together, you might find yourself in a spot where even if seven layers fall and you end up going back to your backup, you have that backup, you are not paying the ransom.” Keep up to date Webroot’s report also highlights the importance of using up-to-date, fully supported operating systems. “The report really highlights how Windows 7, despite having been end-of- life in terms of support by Microsoft for over a year, is still prevalent in around 10% of business environments. It is a much riskier operating system.We see around twice as many infections for Windows 7 as Windows 10, which is more secure, with many more security- enabled features,” says Milbourne. “WithWindows 10, Microsoft instrumented what they call ‘AV always on’, whereby, if there is no AV, they enable Defender regardless of what the user thinks. This is a good thing. Microsoft understands that their brand is really under attack and they desperately want to be like Apple and support one operating system. Today they support a few, but largely Windows 10 andWindows Server versions, so they are getting to a more closed eco-system.Windows 10 also introduced several additional security features that make it more difficult to exploit systems.” Milbourne points out that up-to-date operating systems are also important when it comes to the security of mobile devices, with outdated operating systems responsible for nearly 90% of Android infections. “When we look at all the real-world infections that we saw from our Asian customer base over the last year, something like 3% of our customers are still using Android version 6, but they accounted for 25% of all infections. I call these half-day infections – they are not zero-day infections because they are known. You are just on a device that is vulnerable. It is fixed on Android 8, but you are on 7; it is fixed on Android 10, but you are on 9.” Key trends So, what does Milbourne think are some of the key trends in this year’s report and what lessons are we to draw from them? 1 Ransomware Milbourne points out that not only has ransomware continued to sky-rocket for SMEs, with the average payment rising to around $150,000-$200,000 in 2020, but it has also evolved into more of an extortion model, where cyber criminals threaten to steal and expose the victim’s data if they don’t pay. Moreover, because ransomware is often the last stage of an attack, after the victim’s network has been penetrated, cyber-criminals will NewWebroot BrightCloud threat report highlights the need for end user security training as part of a multi- layered approach to cyber resilience Continued... Grayson Milbourne