Businesses that suffer ransomware attacks don’t always learn from the experience, and are often vulnerable to repeat exploits. This is a central finding by global network and endpoint security leader Sophos, from a survey called The State of Endpoint Security Today.
The survey polled more than 2,700 IT decision makers from mid-sized businesses in 10 countries worldwide, including the US, Canada, Mexico, France, Germany, UK, Australia, Japan, India, and South Africa. The survey concluded that, despite the high profile headlines of 2017, businesses are still not prepared to face today’s fast-evolving threats.
Ransomware continues to be a major issue across the globe with 54 percent of organizations surveyed hit in the last year and a further 31 percent expecting to be victims of an attack in the future. On average, respondents impacted by ransomware were struck twice.
“Ransomware is not a lightning strike – it can happen again and again to the same organization. We’re aware of cybercriminals unleashing four different ransomware families in half-hour increments to ensure at least one evades security and completes the attack,” said Dan Schiappa, senior vice president and general manager of products at Sophos. “If IT managers are unable to thoroughly clean ransomware and other threats from their systems after attacks, they could be vulnerable to reinfection. No one can afford to be complacent. Cybercriminals are deploying multiple attack methods to succeed, whether using a mix of ransomware in a single campaign, taking advantage of a remote access opportunity, infecting a server, or disabling security software.”
This relentless attack methodology combined with the growth in Ransomware-as-a-Service, the anticipation of more complex threats, and the resurgence of worms like WannaCry and NotPetya puts businesses in serious need of a security makeover, according to Sophos. In fact, more than 77 percent of those impacted by ransomware were running up to date endpoint protection, confirming that traditional endpoint security is no longer enough to protect against today’s ransomware attacks.
“Organizations of all sizes are starting 2018 with inadequate protection against ransomware, despite last year’s international headlines,” said Schiappa. “Given the ingenuity, frequency, and financial impact of attacks, all businesses should reevaluate their security to include predictive security technology that has the capabilities needed to combat ransomware and other costly cyber threats.”
According to those impacted by ransomware last year, the median total cost of a ransomware attack was $133,000. This extends beyond any ransom demanded and includes downtime, manpower, device cost, network cost, and lost opportunities. Five percent of those surveyed reported a $1.3 million to $6.6 million as total cost.
Two-Thirds of IT Admins Surveyed Don’t Understand Anti-Exploit Technology
IT professionals also need to be aware of how exploits are used to gain access to a company’s system for data breaches, distributed-denial-of-service attacks, and cryptomining. Unfortunately, Sophos’ survey revealed considerable misunderstanding around technologies to stop exploits with 69 percent unable to correctly identify the definition of anti-exploit software. With this confusion, it’s not surprising that 54 percent do not have anti-exploit technology in place at all. This also suggests that a significant proportion of organizations have a misplaced belief that they are protected from this common attack technique yet are actually at significant risk.
“The lack of awareness and lack of protection against exploits is alarming. We’ve seen a resurgence in cybercriminals looking for vulnerabilities to actively use in countless attack campaigns. Five or six years ago we saw one per year, and last year as many as five new Office exploits have been used for cybercriminal activity, according to SophosLabs,” said Schiappa. “When cybercriminals are deliberately seeking out both known and zero-day vulnerabilities and an organization has a deficit in defenses, it adds up to a bad security situation.”
Intrusions from exploits have been happening for years but are still a prominent threat and often go undetected for months, if not years. Once inside a system, cybercriminals use complex malware that can hide in memory or camouflage itself. In many cases, businesses do not know they’ve been breached until someone finds a large cache of stolen data on the Dark Web.
“It’s time to disrupt these intrusions,” said Schiappa. “Since traditional endpoint technologies are often unable to keep up with advanced exploit attacks used to compromise a system, Sophos has added predictive, deep learning capabilities to the newest version of its next-generation endpoint protection product, Sophos Intercept X.”
Although 60 percent of respondents admitted their endpoint defenses are not enough to block the attacks seen last year, only 25 percent have predictive threat technologies, such as machine or deep learning, leaving 75 percent vulnerable to repeated ransomware attacks, exploits, and evolving advanced threats. Sixty percent plan to implement predictive threat technology within a year, yet confusion about it persists. Of those surveyed, 56 percent admitted that they do not have a full understanding of the differences between machine learning and deep learning.
“Given the speed at which cyber threats have evolved it is not surprising that many IT managers are unable to stay ahead of the next-generation technology required for security. Yet this knowledge gap could be placing operations at risk. Organizations need effective anti-ransomware, anti-exploit, and deep learning technology to stay secure in 2018 and beyond,” said Schiappa.
The State of Endpoint Security Today survey was conducted by Vanson Bourne, an independent specialist in market research. This survey interviewed 2,700 IT decision makers in 10 countries and across five continents, including the US, Canada, Mexico, France, Germany, UK, Australia, Japan, India and South Africa. All respondents were from organizations of between 100 and 5,000 users.
Low-cost wireless sport earphones get a kickstart
Wireless earphone brands are common, but not crowdfunded brands. BRYAN TURNER takes the K Sport Wireless for a run.
As wireless technology becomes better, Bluetooth earphones have become popular in the consumer market. KuaiFit aspires to make them even more accessible to more people through a cheaper, quality product, by selling the K Sport Wireless Earphones directly from its Kickstarter page
KuaiFit has an app by the same name which offers voice-guided personal training services in almost every type of exercise, from cardio to weight-lifting. A vast range of connectivity to third-party sensors is available, like heart rate sensors and GPS devices, which work well with guided coaching.
The app starts off with selecting a fitness level: beginner, intermediate and advanced. Thereafter, one has the ability to connect with real personal trainers via a subscription to its paid service. The subscription comes free for 6 months with the earphones, and R30 per month thereafter.
The box includes a manual, a USB to two USB Type B connectors, different sized soft plastic eartips and the two earphone units. Each earphone is wireless and connects to the other independently of wires. This puts the K Sport Wireless in the realm of the Apple Earpods in terms of connection style.
The earphones are just over 2cm wide and 2cm high. The set is black with a light blue KuaiFit logo on the earphone’s button.
The button functions as an on/off switch when long-pressed and a play/pause button when quick-pressed. The dual-button set-up is convenient in everyday use, allowing for playback control depending on which hand is free. Two connectivity modes are available, single earphone mode or dual earphone mode. The dual earphone mode intelligently connects the second earphone and syncs stereo audio a few seconds after powering on.
In terms of connectivity, the earphones are Bluetooth 4.1 with a massive 10-meter range, provided there are no obstacles between the device and the earphones. While it’s not Bluetooth 5, it still falls into the Bluetooth Low Energy connection category, meaning that the smartphone’s battery won’t be drastically affected by a consistent connection to the earphones. The batteries within the earphones aren’t specifically listed but last anywhere between 3 and 6 hours, depending on the mode.
Audio quality is surprisingly good for earphones at this price point. The headset style is restricted to in-ear due to its small design and probable usage in movement-intensive activities. As a result, one has to be very careful how one puts these earphones, in because bass has the potential of getting reduced from an incorrect in-ear placement. In-ear earphones are usually notorious for ear discomfort and suction pain after extended usage. These earphones are one of the very few in this price range that are comfortable and don’t cause discomfort. The good quality of the soft plastic ear tip is definitely a factor in the high level of comfort of the in-ear earphone experience.
Overall, the K Sport Wireless earphones are great considering the sound quality and the low price: US$30 on Kickstarter.
Find them on Kickstarter here.
Taxify enters Google Maps
A recent update to Taxify now uses Google Maps which allows users to identify their drivers, find public transport and search for billing options.
People planning their travel routes using Google Maps will now see a Taxify icon in the app, in addition to the familiar car, public transport, walking and billing options.
Taxify started operating in South Africa in 2016 and as of October 2018 operates in seven South African cities – Johannesburg, Ekurhuleni, Tshwane, Cape Town, Durban, Port Elizabeth and Polokwane.
Once riders have searched for their destination and asked the app for directions, Google Maps shares the proximity of cars on the Taxify platform, as well as an estimated fare for the trip.
If users see that taking the Taxify option is their best bet, they can simply tap on the ‘Open app’ icon, to complete the process of booking the ride. Customers without the app on their device will be prompted to install Taxify first.
This integration makes it possible for users to evaluate which of the private, public or e-hailing modes of transport are most time-efficient and cost-effective.
“This integration with Google Maps makes it so much easier for users to choose the best way to move around their city,” says Gareth Taylor, Taxify’s country manager for South Africa. “They’ll have quick comparisons between estimated arrival times for the different modes of transport, as well as fares they can expect to pay, which will help save both time and money,” he added.
Taxify rides in Google Maps are rolling out globally today and will be available in more than 15 countries, with South Africa being one of the first countries to benefit from this convenient service.