A Whopping 255 Million Phishing Attacks Reported So Far in 2022 – A 61% Increase From 2021

Security Magazine wrote this week about the recent eye-opening SlashNext State of Phishing report. SlashNext analyzed billions of link-based URLs, attachments, and natural language messages in email, mobile and browser channels over six months in 2022 and found more than 255 million attacks —a 61% increase in the rate of phishing attacks compared to 2021. 

The SlashNext State of Phishing Report for 2022 findings highlights that previous security strategies, including secure email gateways, firewalls, and proxy servers, are no longer stopping threats, especially as bad actors increasingly launch these attacks from trusted servers and business and personal messaging apps.

Key findings of the report include:

  • Cybercriminals are moving their attacks to mobile and personal communication channels to reach employees. SlashNext recorded a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads.
  • In 2022, they detected an 80% increase in threats from trusted services such as Microsoft, Amazon Web Services or Google, with nearly one-third (32%) of all threats now being hosted on trusted services.
  • 54% of all threats detected in 2022 were zero-hour threats, showing how hackers are shifting tactics in real-time to improve success
  • 76% of threats were targeted spear phishing credential harvesting attacks
  • The top 3 attack sectors are Healthcare, Professional and Scientific Services, and Information Technology.

People are the most vulnerable part of an organization when it comes to phishing, scams, and fraud. They are also the most unprotected across all communication channels. For hackers, phishing is the most effective and far-ranging tool to perpetrate cybersecurity breaches, including lucrative ransomware and data theft.

Security Awareness Training showcases best practices for a company’s first line of defense – its employees – and teaches them the dangers of online threats. Learn more now.

 Information in this article was provided by our partners at KnowBe4.

Because of the cost of unified communications (UC) and the opportunity for financial savings, using UC is a smart decision for most organizations. The reality is that switching to a cloud communications system and adopting UC costs less than using a traditional telephone system.

But before investing, you should research and perform a cost-benefit analysis for your business. That’s the only way you can assess the value that it can bring to your organization. You also want to know what strategies you can use to minimize costs and maximize benefits.

4 Ways to Save Money with Unified Communications

With a cloud-based unified communications solution, you can minimize your IT and operating costs, simplify your technology stack, and save on your phone bill. Here are the ways you can reduce costs when you invest in unified communications and clever ways to optimize those savings.

1. Lower Upfront Costs

With unified communications, you can use a cloud phone system, which means voice data transmits over the internet rather than phone lines. Instead of paying for all the hardware and maintenance costs of a traditional PBX phone system, you can get started with a mobile app downloaded onto your devices and a subscription licensing fee.

2. Fewer Communications Apps

Because you have voice, video conferencing, chat messaging, and file sharing all rolled up into one platform, you aren’t paying multiple vendors. This can lead to significant cost savings. One study found that using a single vendor results in a 56 percent lower total cost of ownership versus using a multi-vendor approach.

3. Smaller Phone Bill

You’ll also see lower costs with unified communications through a better rate per line and reduced long-distance calling costs. Businesses that use cloud phone systems save money each month on their phone bill.

4. Increased Productivity

When you empower your teams with user-friendly, full-featured software, they have the tools they need to work more efficiently. Additionally, with UCaaS, your staff can be productive from anywhere.

Your employees will be more productive and more satisfied with their job when they have technology that makes work more flexible and seamless. Your company will probably spend less on recruitment and training over time.

Optimize Your Unified Communications Costs by Choosing the Right Provider

Cloud communications is a popular business tool because businesses save money when they switch from their legacy phone systems. But you can optimize those savings if you choose the right cloud provider.

Learn more about YeoVoice powered by Elevate is a smart choice for businesses looking to adopt unified communications. Contact us today.

Information used in this article was provided by our partners at Intermedia.

Ransomware is scary. It’s where cybercriminals lock your data and charge you a ransom fee to get it back. If it happened to you, would you pay the fee?

Despite what the criminals promise, they don’t always unlock data when the ransom fee is paid. Or they ask for a second fee. Or they unlock it and then sell it on the dark web anyway.

According to Cybereason’s Ransomware: The True Cost to Business report, 73% of all organizations have experienced a ransomware attack in the last 12 months. And of those that were attacked, the question of whether the ransom was paid always comes up:

  • 41% paid to “expedite recovery.”
  • 28% paid to “avoid downtime.”
  • 49% paid to “avoid a loss in revenue.”

But even after paying the ransom, 80% experienced a second attack, and 68% were asked for a higher ransom!

Many large companies are now refusing to pay, finding other ways to get their data back. And ransomware groups are looking for different opportunities. Small, financially stable businesses are the new targets. And the size of payments demanded has increased.

This means you and your team need to be vigilant about cybersecurity. Continue to take the necessary precautions, such as using a password manager, checking emails are legitimate, and making sure your network is being monitored and protected.

It’s also vital that you have a working backup of all data. Check it regularly.

Even without paying the ransom demand, your business stands to lose a lot of money if hit by ransomware. It takes ages and can cost a ton to get back on your feet.

If you want us to audit your business and check its ransomware resilience, get in touch.

Information used in this article was provided by our partners at MSP Marketing Edge.

A ton of information is available on how to stay cyber-safe. All the advice means well, but simply put, it all sounds the same after a while. Hover over links, verify who sent you the email, and don’t send $2k worth of gift cards to a recently departed relative you didn’t know existed. 

While all of this is good advice, these are the more unconventional principles we believe can help anyone become more security savvy and perhaps a more successful individual overall. 

Be Unpredictable

How many times have you seen a movie or video game where you have to sneak past a security patrol and managed it without breaking a sweat because the guards’ movements are entirely predictable? 

Criminals need their targets to be predictable. Knowing how the victim will respond gives criminals the upper hand. 

The best way to combat this is to be completely random. Reply to emails at odd hours. Sometimes answer your phone within three rings, and other times just let it go to voicemail to make a point. 

Be Rude

One of the biggest traits criminals seek to leverage is our natural tendency to be polite and helpful. 

If you see someone struggling to open the door because they are holding several cups of coffee, we will hold the door for them. If someone looks like they belong in the office, we will leave them be, even if they aren’t wearing a badge. 

The best defense in these situations is to be rude. If someone you don’t recognize walks up to the door with two coffee cups, say you need to see ID before you can let them in. Who cares if they get annoyed?

Design Your Secure World

One reason we all fall into insecure habits is that security is often seen as a hurdle.

Think about what stops you or your colleagues from practicing good security, and design your world around it. You’ll be surprised how far a little peer pressure will take you. 

If everyone starts locking their machine when walking away from it, all of a sudden, the new person will also start doing it – regardless of whether they fully understand why. After a while, that becomes part of your company culture. 

Become an Informant

If you receive a strange email, forward it to your cybersecurity team. An unexpected SMS, pass that on to them. Found a USB on your desk, give it to security. They are the ones whose job it is to determine if something is truly bad or not.

What’s the worst that can happen? The security team will return your email or USB and say it wasn’t malicious but will thank you for your continued vigilance… and who doesn’t like to be thanked? 

Looking for my cybersecurity tips? Check out Yeo & Yeo Technology’s blog.  

Information used in this article was provided by our partners at KnowBe4.

2FA (two-factor authentication) should be a cybersecurity priority for every business. It’s no longer a nice-to-have — it could significantly reduce the risk of a security incident. When part of a robust and rigid set of cybersecurity protocols, it helps mitigate one of the biggest threats — unauthorized access via compromised passwords.

While 2FA isn’t new, the leaders in technology and applications, such as Microsoft and Google, now require it. The NIST (National Institute of Standards and Technology) password guidelines recommend it. Let’s dive into the world of 2FA to discern why it’s such an effective cybersecurity measure.

Compromised Passwords Are the Leading Reason for Hacking-Related Breaches

According to the 2022 Verizon Data Breach Investigations Report, 82 percent of breaches involved a human element, and 42 percent of those were credential-related. Unfortunately, users are the weakest link. You can deploy the most sophisticated layers of data security, encryption, enterprise-grade firewalls, and more. Still, they won’t stop hackers from gaining access to credentials.

By establishing a 2FA protocol, users need more than passwords to access applications. And you’ll need more than password guidelines that require “strong” ones to fortify your network against credential breaches.

NIST Digital Identity Guidelines Regarding 2FA

NIST password guidelines are for federal agencies. Private businesses can look to them as well as the gold standard. NIST recently revised its Digital Identity Guidelines to include the requirement of multi-factor authentication regarding securing any personal information available online.

To meet these guidelines, a user must demonstrate at least two of the following:

  • Something you know (i.e., password)
  • Something you have (i.e., device)
  • Something you are (i.e., fingerprint)

How Secure Are Your Logins?

In looking at the landscape of 2FA, the more factors you employ for authentication, the better. NIST states that two factors currently meet the highest security requirements. However, that doesn’t mean you shouldn’t look to include more as you mature your security posture.

Yeo & Yeo Technology can support your cybersecurity efforts and keep you in the loop about emerging threats regarding passwords and access control threats. Contact us today to learn more about our managed cybersecurity solutions.

Information used in this article was provided by our partners at Intermedia.

If you’ve been in business for any amount of time, you probably don’t need anyone to tell you about the importance of cybersecurity. However, unlike the lock to a physical door, which generally lasts a good long time, measures you take to protect your company from hackers and malware need to be updated and reinforced much more regularly.

Two common categories

Most of today’s business cyberattacks fall into two main categories: ransomware and social engineering.

In a ransomware attack, hackers infiltrate a company’s computer network, encrypt or freeze critical data, and hold that data hostage until their ransom demands are met. It’s become a highly common form of cybercrime. Just one example, which occurred in October 2022, involved a major health care system that had recently executed a major M&A deal.

On the other hand, social engineering attacks use manipulation and pressure to trick employees into granting cybercriminals access to internal systems or bank accounts. The two most common forms of social engineering are phishing and business email compromise (BEC).

In a typical phishing scam, cyberthieves send fake, but often real-looking, emails to employees to entice them into downloading attachments that contain malware. Or they try to get employees to click on links that automatically download the malware.

In either case, once installed on an employee’s computer, the malware can give hackers remote access to a company’s computer network — including customer data and bank accounts. (Also beware of “smishing,” which is when fraudsters use text messages for the same purpose.)

BEC attacks are similar. Here, cyberthieves send fake emails mainly to accounting employees saying the company’s bank accounts have been frozen because of fraud. The emails instruct employees to reply with account usernames and passwords to supposedly resolve the problem. With this information, thieves can wreak financial havoc — including initiating unauthorized wire transfers — which can be difficult, if not impossible, to reverse.

Preventative measures

Here are a few things you can do to guard against cyberattacks:

Continually train employees. Conduct mandatory training sessions at regular intervals to ensure your employees are familiar with your cybersecurity policies and can recognize the many possible forms of a cyberattack.

Maintain IT infrastructure. Instruct and remind employees to download software updates when they’re available. Enforce a strict policy of regular password changes. If two-factor authentication is feasible, set it up. This is particularly important with remote employees.

Encrypt and back up data. All company data should be encrypted and regularly backed up on a separate off-site server. In the event of a ransomware attack, you’ll still be able to access that data without paying the ransom.

Restrict access to your Wi-Fi network. First and foremost, it should be password-protected. Also, move your router to a secure location and install multiple firewalls. If you offer free Wi-Fi to customers, use a separate network for that purpose.

Consider insurance coverage. Insurers now sell policies that will help pay costs associated with data breaches while also covering some legal fees associated with cyberattacks. However, you’ll need to shop carefully, set a reasonable budget and read the fine print.

Defend your data

None of the measures mentioned above are one-time activities. On a regular basis, businesses need to determine what new training employees need and whether there are better ways to secure IT infrastructure and sensitive data. Let us help you assess, measure and track the costs associated with preserving your company’s cybersecurity.

© 2022

Should I let my team have work apps on their personal phones?

It’s personal preference. But if you do, ensure your employees’ phones are protected by the same security measures they’d have on work devices.

I’ve received an email that looks genuine but hasn’t addressed me by name. Should I click the link?

If you ever have cause for doubt, don’t click links or download files. Phone the sender to check if they sent the email. It may take a few minutes, but it’s worth it.

Should I be monitoring my remote staff?

Software exists to do this, but what message does it send to your team? It can be highly counterproductive in many cases. Take the time for regular catchups over Teams instead, or try a productivity tracker if you have concerns.

Information used in this article was provided by our partners at MSP Marketing Edge.

Hackers work day and night to breach your data and take what’s yours. Crypotlocker ransomware, zero-day and nation-grade attacks — it’s kind of scary if you think about it. Or you could not think about it at all.

Yeo & Yeo Technology is now offering SentinelOne, an autonomous cybersecurity solution for endpoints, IoT and the cloud. SentinelOne goes one step further than traditional EDR software by evolving alongside the ever-changing threat landscape using static and behavioral AI.

What makes SentinelOne different?

  • Realtime Protection: Multiple AI algorithms prevent known and unknown threats in real-time.
  • Autonomous Active EDR and XDR: Devices self-defend and heal themselves by stopping processes, quarantining, remediating and even rolling back events to keep endpoints in a perpetually clean state.
  • Cloud-Delivered: Manage your security from anywhere, across all of your devices.
  • Industry Trusted: The world’s leading and largest enterprises – including the #1 big data platform, #1 software storage company and #1 healthcare logistics company – trust SentinelOne to protect their data.

Yeo & Yeo Technology President Jeff McCulloch said SentinelOne offers clients a next-level cybersecurity solution.

“SentinelOne eliminates dependency on connectivity and human intervention,” McCulloch said. “Rather than constantly thinking ‘is my data safe,’ clients who choose SentinelOne can have peace of mind knowing that they are protected by a powerful, autonomous solution.”

Looking to boost your data protection? Contact Yeo & Yeo Technology to learn about our cybersecurity solutions.

Information used in this article was provided by our partners at SentinelOne.

I just closed an Office file without saving it. Can I get it back?

You should be able to recover your file with a bit of luck. If you saved the document once, autosave might have done its job. Otherwise, try using AutoRecover or check your temporary files.

I can’t open an email attachment.

You may not have the software the file was created with. Right-click the document and select ‘Open With’ to see if there’s another option.

I’ve had an email telling me an account needs updating. Is it genuine?

Don’t click any links in the email. If you’re unsure, the safest thing is to visit the website by typing the URL into your web browser. Do not copy and paste.  

In the battle for talent, a key differentiator for organizations is providing an exceptional and secure digital experience. A recent report by Ivanti revealed that 49% of employees are frustrated by the tech and tools their organization offers, and 64% believe that the way they interact with technology directly impacts morale.

In fact:

  • 26% of employees are considering quitting their jobs because they lack suitable tech,
  • 42% have spent their own money on better tech to work more productively,
  • and 65% believe they would be more productive if they had better technology at their disposal.

“The Everywhere Workplace has forever changed employee expectations regarding where they work, how they work, and what device they work on,” said Jeff Abbott, Ivanti CEO. “How employees interact with technology, and their satisfaction with that experience directly relates to the success and value they deliver to the organization.”

With the availability of innovative new technologies that both enable and support hybrid workforces, IT now has the opportunity to make a positive impact on broader organizational strategy. By taking ownership of the digital employee experience and working closely with the C-suite to accomplish common goals, IT can drive better business outcomes – from employee productivity to workforce retention. After all, the Everywhere Workplace is undeniably the future of work, and digital experience is its number-one enabler.

Is your existing technology meeting the needs of your employees and customers? Yeo & Yeo Technology can review and reconfigure your existing IT infrastructure to meet your business goals. Contact us today.

Source: Press Release: New Ivanti Research Finds that 49% of Employees are Frustrated by Work Provided Tech

Technology is everywhere in society these days, from our communication and shopping to commerce capabilities. Whether email, online purchases, or using the blockchain, it amounts to large amounts of data collected about people. All this data, while easy to store, is also harder to manage and protect. Users exhibit various behaviors when interacting with this data, and technology tracks those behaviors to effectively identify a specific person based on geography, time, and frequency.

Along the way, people are prone to make errors. Microlearning can help teach users how to reduce or eliminate such errors. When they do something non-optimum, the user receives a small learning mission to complete to help understand the mistake without feeling inadequate or reprimanded.

Over the past ten years, organizations have slowly adjusted their focus toward securing their users at both the human and technological levels. An example of this is utilizing security awareness and training programs.

In the past few years, there has been a shift to evolving the awareness programs to a robust security culture supported by the concept of microlearning. The notion of microlearning goes back to the late 1800s with German philosopher Hermann Ebbinghaus. Ebbinghaus studied memory and, through research, developed the Forgetting Curve model, which examines the exponential concept of forgetting information that one has learned.

Reviewing smaller chunks of information over a period of days makes people less inclined to forget something. Information becomes reinforced when users are educated on several security awareness concepts over several days and weeks, then reintroduced to smaller chunks of that learning over time. 

Microlearning supports the delivery of smaller chunks of information that can be delivered frequently to the user, improving one’s ability to retain knowledge more easily. Such training can be presented in various ways or forms to complement the initial delivery, such as videos, posters, emails, newsletters, and lunch n’ learns. These added forms or methods can increase the ability to retain knowledge and help users become a stronger last line of defense for your organization.

Information used in this article was provided by our partners at KnowBe4.

Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative effort between government and industry to raise cybersecurity awareness nationally and internationally. 

See Yourself in Cyber

This year’s theme – “See Yourself in Cyber” – emphasizes that while cybersecurity may seem like a complex subject, ultimately, it’s all about people. This October will focus on the “people” part of cybersecurity, providing information and resources to help educate CISA partners and the public and ensure all individuals and organizations make smart decisions whether on the job, at home, or at school – now and in the future.

4 Things You Can Do

Throughout October, CISA and NCA will highlight key action steps that everyone should take:

  • Enable Multi-Factor Authentication
  • Use Strong Passwords
  • Recognize and Report Phishing
  • Update Your Software

YYTECH has a catalog of cybersecurity articles that can also be shared, and remember that YYTECH can help ensure your data is protected.

Cybercrime is real, and it’s increasing …

According to the Verizon Business 2022 Data Breach Investigations Report (2022 DBIR), 25% of total breaches in the 2022 report resulted from social engineering attacks. When you add human errors and misuse of privilege, the human element accounts for 82% of analyzed breaches over the past year. 

The latest data from Dark Reading’s annual Strategic Security Survey shows that phishing is an organization’s biggest problem, with 53% of organizations citing phishing as the cause of a security breach.

According to the IBM 2022 Cost of a Data Breach report, the average cost of a data breach in 2022 is $4.35 million.

YYTECH can help protect your organization with these preventive services:

YeoSecure 

YeoSecure is 24/7/365 security monitoring of networks and is designed to prevent and accelerate the detection of cybersecurity threats.

Security Awareness Training 

Security Awareness Training showcases best practices for a company’s first line of defense – its employees – and teaches them the dangers of online threats.

As always, remember to be aware and think before you click!

Source: https://www.cisa.gov/cybersecurity-awareness-month

Download YYTECH’s Cybersecurity eBook

As our reliance on technology grows, the risk of individual and commercial cyberattacks increases as well. Hackers now have more opportunities to steal sensitive data than ever before. We’ve created this Cybersecurity eBook to share insights and tips so you can better understand modern cyber risks and the potential impact they could have on your organization. In the eBook, we discuss:

Read Now

  • What types of cyberattacks to watch for, how they work, and emerging trends you need to be aware of.
  • How to assess your cybersecurity risks, from taking inventory of the devices on your network to evaluating the impact an attack would have.
  • What to do if a breach occurs, from contacting your cybersecurity insurance provider to conducting a thorough analysis of public sites to ensure no private information was posted accidentally.
  • How to protect your organization from cyberattacks and the protections you can implement today to decrease your risk.

This 20-page eBook is a comprehensive guide to cybersecurity. We hope you find it useful as you analyze how to keep your organization safe in the digital world.

Cybersecurity eBook Tips

How can I avoid being phished?

The best thing is to treat every email with caution. If you’re unsure, check the address it has been sent from, look for grammatical errors, and see if the layout looks like a regular email from that person or company. If you’re unsure, don’t click any link.

What’s an insider threat?

It’s the name for when someone within your business gives cybercriminals access to your devices or network. Usually, it’s not malicious. But it’s why regularly training your team in cybersecurity is a must.

How do I choose the right backup for my data?

Security and reliability should be your primary considerations. Get in touch, and we’ll tell you what we recommend.

Information used in this article was provided by our partners at MSP Marketing Edge.

New insight into what happens during and after a ransomware attack paints a rather dismal picture of what to expect. According to Cybereason’s Ransomware: The True Cost to Business report, the reality of mid-and post-ransomware attack circumstances is anything but resilient.

According to the report, 73% of all organizations have experienced a ransomware attack in the last 12 months. And of those that were attacked, the question of whether the ransom was paid always comes up:

  • 41% paid to “expedite recovery.”
  • 28% paid to “avoid downtime.”
  • 49% paid to “avoid a loss in revenue.”

But even after paying the ransom, 80% experienced a second attack, and 68% were asked for a higher ransom!

Then there is the aftermath to the organization:

  • 54% still had corrupted systems or data
  • 37% had to lay off employees
  • 35% had a C-level resignation
  • 33% had to suspend business temporarily

What’s interesting is that 75% of organizations believe they have the right contingency plans to manage a ransomware attack – a number that hasn’t changed in the last year, according to Cybereason.

While your organization “has a plan” to address ransomware, the only truly effective plan is to attempt to stop it all. This strategy needs to include empowering your users with Security Awareness Training so they can distinguish between legitimate email and web content from malicious content intent on kicking off a ransomware attack.

Information in this article was provided by our partners at KnowBe4.

Cybersecurity culture is a hot topic among many organizations and security professionals. But what are organizations doing to build a strong security culture?

To help shed some light on the topic, KnowBe4 asked attendees at Infosecurity Europe 2022 for their views. Of the 179 participants, 41.3% were from large enterprises, and 64% stated they were in a security or IT position, including CISOs and Heads of Security.

Where are efforts focused?

Participants were asked where they were focusing efforts to build a security culture, with most directing efforts into security awareness training (84.5%) and communicating values and expectations from employees regarding security (84.5%).

More than one-quarter (27.2%) do not put much effort into measuring employees’ understanding of security. This begs the question: Are most organizations still caught up in the compliance mindset of delivering training and not being interested in measuring whether employees fully understand the implications of their actions? 

Factors driving security culture

According to the survey results, the threat of cyberwarfare (30.2%) and experiencing a data breach or cyberattack (30.2%) are the most significant influences for wanting to improve security culture. Cyberwarfare has undoubtedly been influenced in recent months by the ongoing war in Ukraine and the associated cyberattacks that have taken place. 

Witnessing other organizations in the same industry suffer a cyberattack was also a significant driver (29.1%).

While getting a push to improve security culture from external events or sources is always positive, all the goodwill in the world will not impact the culture unless it is through effective communication channels. 

How to improve your organization’s cybersecurity culture

Having security awareness advocates is the most effective way of communicating security awareness messages (27.9%), with gamification ranking second (24.6%). 

These are not surprising. As the adage goes, people buy from people they trust. This is why security advocates are considered so effective and essential to any organization’s strategy to improve its security culture. 

Gamification tends to be popular because of the level of engagement it brings. Furthermore, it reinforces the message that information needs to be delivered in an engaging and consistent manner to ensure the lessons are taken on board.  

Is a strong culture worth it?

It appears as if many organizations are keen to build a strong security culture. But is this a case of keeping up with the Joneses, or is there a real benefit to building a strong culture? 

The vast majority (92.9%) said that it is very or somewhat likely that having a solid security culture can reduce the risk of security incidents. 

Ultimately, reducing the risk of security incidents is the objective of cybersecurity, whether through technical controls, procedures, or educating colleagues. 

While the focus for many years has been on the technology side of security, we cannot neglect the human factor. By working on building a strong security culture, organizations can ensure they are doing the best they can to minimize the risk of security incidents to their organization. 

Information in this article was provided by our partners at KnowBe4.

As threat actors look for ways to evade detection by security solutions, the use of cloud applications has seen a material jump in the last 12 months, according to new data.

While we see plenty of cyberattacks that utilize dark infrastructure to accomplish malicious activities, threat actors are using the legitimacy of web-based application platforms to ensure phishing email delivery to the inbox.

In the latest report from Palo Alto Network’s Unit42, Legitimate SaaS Platforms Being Used to Host Phishing Attacks, we find that the increases are far more significant than expected. According to the report, the following types of SaaS platforms were included in their analysis of phishing URLs:

They found a staggering and continually increasing trend of misuse of these platforms to host phishing URLs. In the 12 months between June 2021 and June 2022, the number of malicious phishing URLs increased by 1,100%.

According to the report, these sites were used for many purposes, including:

  • Design / Prototyping
  • Website Building
  • Form Building

The result is that malicious websites that look like legitimate brands are being used for attacks focusing on both credential theft and fraud.

And, given the “hockey stick” chart above, organizations should expect this to continue, making it more challenging to spot phishing emails via security solutions. This makes it necessary to employ users to play a role in identifying and stopping phishing emails – something they’ll need to be educated on via Security Awareness Training to do it effectively.

Information used in this article was provided by our partners at KnowBe4.

It’s only natural to want to know what’s happening around you. And it’s the same with supply chains in your business. Knowing that things are running smoothly, and seeing what’s happening, puts your mind at ease.

But a recent report from the Economist Intelligence Unit (EIU) says that more than half of companies lack end-to-end visibility in their supply chains, making them vulnerable to unexpected risks.

It’s not just about seeing what’s going on around your business. Having a clearer picture of your supply chain and where your products come from also dramatically impacts your bottom line. As well as your reputation within your industry.

  • Research has shown that customers are willing to spend up to 10% more on products when they know where they’ve come from. As well as what materials and ingredients were used and where they were sourced.
  • More and more companies are being asked to be open and share information about their supply chains. Not having that information on hand can seriously impact your reputation and play into the hands of your competitors who do.
  • With hybrid and remote working on the increase, your teams need to access supply chain data from various locations on various devices. Not being able to offer them this option can mean them missing out on additional sales.
  • CFOs are under constant pressure to manage costs and productivity. But it’s harder to make smart business decisions when you don’t have the data or insights into what’s happening.

The right business management tool gives you complete visibility across your entire supply chain. Everyone—from suppliers to customers—can easily see everything they need to know and more, whether it’s customer information, stock levels, past purchases or quotes.

Sage consolidates your work systems into one solution, allowing for better collaboration for in-office and remote teams. It also reduces repetitive tasks through automation, saving your staff time and improving efficiency. Want to learn more? Contact Yeo & Yeo Technology today.

Information used in this article was provided by our partners at Sage.

Blacklisting is where you block something you don’t trust. It keeps networks and devices safe from harmful software and cybercriminals. But there’s another, safer way of doing that – and that’s called whitelisting.

Rather than trying to spot and block threats, you assume everyone and everything is a threat unless they’ve been whitelisted.

But what is the right approach to keeping your business data safe? This debate rages on, with many IT professionals holding different views.

Here are the main differences…

  • Blacklisting blocks access to suspicious or malicious entities. Whitelisting allows access only to approved entities.
  • Blacklisting’s default is to allow access. Whitelisting’s default is to block access.
  • Blacklisting is threat-centric. Whitelisting is trust-centric.

There are pros and cons to each approach. While blacklisting is a simple, low-maintenance approach, it will never be comprehensive as new threats emerge daily. It’s easy to miss a threat, as cybercriminals design software to evade blacklist tools.

Whitelisting takes a stricter approach and therefore comes with a lower access risk. But it’s more complex to implement and needs more input. It’s also more restrictive for people using the network and devices.

Controlling access is at the center of network security. Blacklisting and whitelisting are both legitimate approaches to managing access to your networks and keeping your data secure. The right one for you depends on your organization’s needs and goals. If you’d like to discuss which approach is best for your business, get in touch.

Information used in this article was provided by our partners at MSP Marketing Edge.

Cyberattacks via SMS messaging are on the rise and are having such an impact the Federal Communications Commission has released an advisory on Robotext phishing attacks (or smishing).

According to Verizon’s 2022 Mobile Threat Index, 45% of organizations have suffered a mobile compromise in 2022 – that’s double the percentage of organizations in 2021. If you’re wondering if it’s purely a shift in tactics on the cybercriminal’s part, think again. According to Verizon:

  • 58% of organizations have more users using mobile devices than in the prior 12 months
  • Mobile users in 59% of organizations are doing more today with their mobile devices than in the last 12 months
  • Users using mobile devices in 53% of organizations have access to more sensitive data than a year ago

And keep in mind that while there are plenty of security solutions designed to secure mobile endpoints, we’re talking about personal devices that are used as a mix of corporate and personal life. This makes for a very unprotected target by cybercriminals.

So, it shouldn’t be surprising that the FCC has issued an advisory warning about the increased use of robotexting-based phishing scams targeting mobile users, commonly called ‘smishing.’

Some of their warning signs include:

  • Unknown numbers
  • Misleading information
  • Misspellings to avoid blocking/filtering tools
  • 10-digit or longer phone numbers
  • Mysterious links
  • Sales pitches
  • Incomplete information

We’ve seen smishing scams impersonating T-Mobilemajor airlines, and even the U.K. Government. So consumers and corporate users alike need to be aware of the dangers of text-based phishing attacks – something reinforced through continual Security Awareness Training.

Information used in this article was provided by our partners at KnowBe4.