» 

Blog

Posts Tagged with "CYBERSECURITY"

Top Takeaways from the 2017 Cybersecurity Trend Report


Do you ever wish you knew how other businesses are dealing with today’s security threats? The 2017 Cybersecurity Trends Report, recently released by Crowd Research Partners, provides insight into the cybersecurity concerns and priorities of organizations across a wide range of industries.

The report is a comprehensive study revealing current cybersecurity trends in threat management, data protection, cloud security, application security, mobile security, security training and certification, managed security, and more. The 2017 report is based on a survey of more than 1,900 cybersecurity professionals across businesses of all sizes, from those with fewer than 10 employees (7 percent of respondents) to those with over 10,000 (26 percent of respondents). Download the full report here or read on for a few top takeaways.

#1 - Everyone is Worried about Cybersecurity

Security threats are a very real and urgent concern for most companies. Over half (54 percent) of cybersecurity professionals anticipate successful cyberattacks on their organization in the next 12 months. And they aren’t taking that threat lightly. 52 percent are boosting their security budget by an average of 21 percent.

Most professionals are not convinced that they are ready for an attack. 62 percent of respondents were moderately confident to not at all confident in their organization’s overall security posture.

#2 - Lack of Budget is Greatest Barrier to Security

While the majority of organizations are increasing their security budget, finances remain one of the top obstacles to stronger security, with 45 percent of respondents citing lack of budget as a barrier that inhibits the organization from defending against cyber threats.

For this reason, it’s essential that companies spend their money on solutions that give them a solid return on investment. Using free tools and apps where an enterprise-class product is needed can cause a company to fall victim to a cyberattack, while purchasing the most expensive tools on the market can leave you with empty pockets and a long list of features you don’t need.

ROI of MFT calculatorNeed to secure and streamline your file transfers? Maximize your investment with the MFT ROI Calculator.

 

#3 - Internal Threats & Untrained Employees are Biggest Threats

33 percent of cybersecurity professionals are worried about threats coming from within the company. While a malicious employee may hack into sensitive data intentionally, in most cases the more pressing concern is careless or uninformed staff members. A lack of skilled employees tops the list of barriers to both stronger security (45 percent) and to threat management (33 percent).

Whether your insider threats are malicious or careless, solutions with role-based security and auditing are recommended to help mitigate risk of a breach. Role-based security enables organizations to restrict permissions of individual users to only the information and functionality required to do their job, while auditing capabilities provide detailed audit logs of actions taken by each user.

Another top concern is the security of cloud applications, services, and infrastructure. Respondents cited fears including the need to protect against data loss, threats to data privacy, and breaches of confidentiality. To protect sensitive data transferred using a cloud-based solution, experts recommend  verifying that the solution provides end-to-end encryption for protecting files at rest and in transit.

#4 - Encryption is Greatest File Transfer Challenge

The number one concern when it comes to transferring files is security, with 59 percent of survey respondents citing encryption of files as a challenge they face. This is a serious shortcoming given that 67 percent of respondents ranked data encryption as the most effective means for protecting against cybersecurity attacks. It’s critical that any organization transferring files implements a secure managed file transfer solution that streamlines the process of providing various types of encryption like SSL, SSH, AES, and OpenPGP.

Unfortunately, the majority of organizations surveyed are still using inadequate solutions. For example, email is still the most common file transfer method for smaller files, even though unsecured email is both vulnerable to cyberattack and difficult to track for auditing.

Over half of professionals surveyed said that they lack the tools to prove compliance related to transfer of sensitive files. The right enterprise file transfer software simplifies compliance by providing the security features required by major industry regulations, the reports an auditor needs to see, and even tools to help you check if your data transfers are meeting standards.

Learn more about what the 2017 Cybersecurity Trends Report means for your file transfers, or read the full report now.

Download the Cybersecurity Trends Report

cybersecurity trends report


The State of File Transfer Security

file transfer security
The 2017 Cybersecurity Trends Report was recently released by Crowd Research Partners. The report covers many aspects of cybersecurity, such as general security trends, cloud and mobile security, and managed security services. It also looks at how organizations are securing their file transfers, including some common file security pitfalls.

Here’s what the CyberSecurity Trends Report has to say about file transfers.

file transfer concern graphSecurity is the Top File Transfer Concern

When it comes to the challenges businesses face when transferring files, security is at the top of the list, with 59 percent of respondents citing it as a concern. Furthermore, over half of the IT security professionals surveyed said that if their file sharing practices were audited for regulatory compliance, they do not have the tools they need to streamline the process.

Managed file transfer (MFT) is the clear answer for both security and compliance challenges. A good MFT solution will provide a variety of encryption methods and secure protocols to combat modern data security threats. MFT software also includes detailed audit logging capabilities to ensure you can prove your file transfers are compliant in case of an audit.

Securing Customer Data is Critical

Protecting sensitive data is a significant concern for most organizations. Above all, companies are worried about the security of customer data—72 percent of survey respondents cited it as a type of sensitive data they are most concerned about protecting.

types of sensitive data transferred graph

There’s good reason to be careful about customer data. According to Verizon’s latest PCI DSS Compliance Report, 69 percent of consumers would be less inclined to do business with an organization that had suffered a data breach. Customer data security is also essential for maintaining compliance with PCI DSS and other industry standards.

Other types of data that respondents are concerned about protecting include employee data (66 percent), email (54 percent), corporate financial data (46 percent), and health information (33 percent)—important if you need to comply with HIPAA.

A managed file transfer solution can provide end-to-end encryption to protect files at rest and in transit. 67 percent of survey respondents ranked encryption as the most effective means for protecting data.

Too Many Organizations are Using Inadequate File Transfer Methods

Email is still the most common file transfer method for smaller files, used by 63 percent of respondents. This is a serious risk as unsecured email is both vulnerable to cyberattack and difficult to track for auditing purposes. Another 18 percent rely on writing custom scripts, a method that is both time-consuming and prone to error.

file exchange mediums graphFortunately, 49 percent of respondents have implemented managed file transfer software. Managed file transfer streamlines the secure exchange of data and provides organizations with a single point of control for all file transfers. Implementing an MFT solution that provides enterprise-level security features, role-based security, and full audit trails, is the best way to make sure your data transfers stay ahead of constantly evolving security threats.

To learn more, download the full Cybersecurity Trends Report.

cybersecurity trends report

 


Linoma Software Earns a Spot on the Cybersecurity 500

cybersecurity company

We are proud to announce that Linoma Software, a HelpSystems company, has been named to the Cybersecurity 500, a global list from Cybersecurity Ventures of the hottest and most innovative companies in the cybersecurity industry.

Cybersecurity Ventures chooses the Cybersecurity 500 by soliciting feedback from CISOs, IT security practitioners, and service providers, and researching hundreds of cybersecurity events and news sources. Joseph Steinberg, a cybersecurity expert and Inc. columnist, says that for years “business publications have shared lists of companies of which they recommend readers take note. The Cybersecurity 500 gives the same convenience and wisdom to people interested in the cybersecurity industry.”

Linoma made the list in the category of file security and data encryption. Linoma’s GoAnywhere Managed File Transfer software is an enterprise-level solution for automating and securing file transfers through a single interface. With extensive security controls and detailed audit trails, GoAnywhere MFT helps businesses achieve regulatory compliance, increase security, and streamline processes.


How to Create a Cybersecurity Policy for Your Organization

The cyberattacks and data breaches that make the news are usually the ones that happen at big corporations like TJX or Home Depot. But every organization, large or small, needs to be concerned about cybersecurity.

According to Symantec’s 2016 Internet Security Threat Report, 43 percent of cyberattacks in 2015 targeted small businesses—up from just 18 percent in 2011. Hackers might be starting to understand that even though small and mid-sized businesses may not have as much valuable information available to steal, they are also less likely than their large counterparts to have strong security measures in place.

An attack is usually devastating to a small company. The U.S. National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyberattack. If you don’t want your organization to be put out of business by a hacker, it’s time to improve your security posture. The first thing to do is develop something that most of the big companies already have: a cybersecurity policy. Here’s how:

Step One: Secure Senior Management Buy-in

If you’re in IT, you could probably tell most of your fellow employees a thing or two about security best practices. But in order to have the resources to design the policy and the authority to enforce it, you need management on your side.

It may help to point out that if you don’t have a cybersecurity policy, it could open you up to legal liability. For example, if you don’t want your employees connecting to your network with their own devices but you haven’t told them not to, what happens when an employee’s device with corporate data stored on it is lost? Your first reaction may be to remotely wipe the device—but can you legally do that without a written and user-acknowledged policy?

Step Two: Determine Your Security Guidelines

A key reason you need a policy in the first place is that modern cybersecurity has gotten very complex. There are a lot of details to keep track of, even for a small organization, and the landscape is constantly changing as both cybersecurity technology and cyber criminals become more advanced. Only you know your organization’s unique needs, but some things you might want to keep in mind include:

  • Which industry regulations do you need to comply with?
  • What data do you need to protect and how should it be stored and transferred?
  • What business software needs to be maintained and updated to stay secure?
  • What do you expect of all employees in terms of choosing passwords, appropriate internet use, remote network access, email guidelines, etc.?
  • Who will manage and maintain the cybersecurity policy?
  • How will you enforce the guidelines (what is the penalty for willful non-compliance)?

Once you have these questions answered, you should be able to draft your company’s policy. Depending on your current situation, understanding your security needs could be easy or could require extensive auditing of your current assets and tools.

We’ve compiled a few resources that provide templates and examples of cybersecurity policies below.

Step Three: Educate Your Employees

Did you know that internal actors are responsible for 43 percent of data loss? Half of this is intentional—disgruntled or opportunistic employees, contractors, or suppliers performing deliberate acts of data theft. But half of it is simply negligence. Employees don’t want to change their password every month if they can stick with “password123” forever. Some of them probably don’t see the problem downloading the attachment from that suspicious “urgent” email.

Communicate your new cybersecurity policy to employees, and make sure they understand the relevant details: what they are expected to do, how to do it, and what could happen if they don’t. Remember that things that seem obvious to you—like how to change that password—might not be known to everyone in the company.

Some organizations regularly test their employees on their cybersecurity knowledge. Make it fun and rewarding—there should be some kind of incentive for mastering security best practices.

Step Four: Monitor and Update Your Policy

Now your cybersecurity policy is up and running! But that doesn’t mean the work is over. A cybersecurity policy is a living document that needs to be updated regularly to include changes in your business, in technology, and in compliance regulations. Set a timeline for when you will re-evaluate the policy.

You’ll also need to determine how you will self-audit along the way. How will you know if the latest updates to your security software have been installed or that no one changed the server settings a month ago? Ideally, maintaining compliance with your policy will not be a fully manual process.

Bonus Step: Choose Solutions that Complement Your Cybersecurity Policy

Maintaining security and compliance across your entire business and all your employees can be daunting. Fortunately, dealing with all those moving parts doesn’t have to be so complicated. Implementing the right software solutions can mean that your security policy practically enforces itself.

For example, you may be checking systems manually that could be monitored automatically. And if you expect employees to update their passwords regularly, what’s easier—checking if they have done it on their own or using software that requires it? Software with role-based security and audit logging will ensure that you always know who accessed or changed what, and when they did it.

Ideally, any solution you choose to implement should come from a vendor that you trust to keep the software updated to match current security threats. Needing to replace your security tools or update custom scripts makes it much more difficult to keep compliant with your own policy.

Sometimes despite your best efforts, your data is breached. Check out these resources to help you create a data breach response plan.


GoAnywhere MFT wins 2016 Cybersecurity Excellence Award

Linoma Software, a leader in providing enterprise-class security and managed file transfer solutions, has been awarded the 2016 Cybersecurity Excellence Award. Linoma's GoAnywhere Managed File Transfer software was chosen as the winner in the Secure File Transfer product category.

Cybersecurity Excellence Award Winner 2016Feature-rich and affordable, GoAnywhere MFT garnered high praise from voter participants. "Our company leverages dozens of software solutions. None has a better value proposition than GoAnywhere. We've automated manual processes, saving time," said Shaun S. "We've secured existing file transfers with minimal effort and no disruption. And we've migrated acquisitions off products that cost ten times more at no additional cost to our existing structure!"

The Cybersecurity Excellence Awards honor individuals and companies that demonstrate excellence, innovation and leadership in the information security industry. Nominees were carefully considered by the Information Security Community on LinkedIn which is comprised of over 300,000 cybersecurity professionals. Weighing in with their votes and comments, the group determined the final winning products for each category.

"Congratulations to Linoma for being recognized as the winner in the Secure File Transfer product category of the 2016 Cybersecurity Excellence Awards," said Holger Schulze, founder of the 300,000-member Information Security Community on LinkedIn. "With over 430 entries, the awards are highly competitive and our winners reflect the very best in product innovation and excellence in the cybersecurity space."


About the Cybersecurity Excellence Awards

The Cybersecurity Excellence Awards are produced in cooperation with the Information Security Community on LinkedIn, tapping into the experience of over 300,000+ cybersecurity professionals to recognize the world's best cybersecurity products, individuals and organizations. For more info: Cybersecurity-Excellence-Awards.com


Federal Government Prioritizes Data Security

During the last State of the Union address, President Barack Obama included improving data security on his list of national priorities.

President Obama said, "America must also face the rapidly growing threat from cyberattacks½ We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy."

Including data security 0n the President's agenda is significant because it first implies that our government is not yet accomplishing this goal, and second it compels us to put the pieces in place "to protect our national security, our jobs, and our privacy."

Cyberattacks Not Always Sophisticated

Government Data Security Identified as Top PriorityWhile the list of companies who have suffered some form of data breach grows, the sad reality is that many cyberattacks (malicious or otherwise) are not "sophisticated" and could be prevented with off-the-shelf solutions. These first level attacks focus on corporate secrets, personal identity fraud, credit information, and private email.

The second level of attacks are those that attempt to disrupt our national security, financial institutions, and the backbone of our infrastructure. Internet providers, utility and transportation companies use communications to run switching stations, trucks, and trains, all of which would affect our livelihood if disrupted.

The President mentioned signing an Executive Order to work on this initiative (Executive Order 13636--Improving Critical Infrastructure Cybersecurity). The Executive Order calls for standards, processes and procedures to be proposed within 120 days of its signing (February 19, 2013).

Don't Wait to Take Action

When trying to comply with all of the various data security regulations (like  PCI DSS or HIPAA), it is critical to have the right procedures and products in place.

A variety of government agencies have already implemented solutions such as the GoAnywhere managed file transfer solution.  GoAnywhere takes a standards-based approach to data security using proven FIPS 140-2 validated encryption, SSL, TLS and SSH protocols, along with role-based administration and detailed audit trails.  This comprehensive approach allows federal agencies to protect and automate their batch transmissions, perform ad-hoc transfers safely and provide a compliant alternative to email attachments.

Linoma Software will be demonstrating the GoAnywhere solution, which is now listed in the GSA Advantage Directory, at the upcoming FOSE Government Technology and IT Expo held in Washington DC, May 14-16.

In the State of the Union Address, the President encouraged Congress to pass laws to "give our government a greater capacity to secure our networks and deter attacks."

Take a look at GoAnywhere today and learn how you can meet your security requirements and save costs through file transfer automation.