Technology companies come and go, but Bit by Bit backs its service with 30 years of experience helping businesses achieve their goals with reliable IT solutions and support.
We were established in 1987 as a database application development and networking company, and since then we’ve evolved into a full-service IT firm and leader in delivering powerful and cost-effective technology solutions. visit our site at www.bitxbit.com
Ransomware Risk is a Rising Tide That Can Swamp Your Business
Cybercriminals are refining their approach to ransomware, and risk has risen worldwide. Targeted ransomware is today’s rising trend. Researchers determined that targeted ransomware has grown by an eye-popping 767%, easily dwarfing all other types. Recent numbers logged by UK researchers show a record-breaking 11% year-on-year increase in attacks against UK targets in Q1 2021.
Every business is at risk of falling victim to ransomware – after all, more than 60% of organizations worldwide experienced a damaging ransomware incident in 2020. Ransomware has especially battered healthcare targets, but that’s not the only industry that’s experiencing increased risk. No matter the size, your business is at an increased risk of experiencing a ransomware incident in today’s volatile threat landscape, and that danger is growing.
How can you guard against becoming a victim of targeted ransomware? By taking sensible precautions that keep your systems and data safe, like phishing resistance training using BullPhish ID. Your employees can learn to spot and stop real risks that are prevalent in your industry in customized phishing simulations. If you’re not already using multifactor authentication with Passly, this is a great time to add it. It stops 99% of password-based cybercrime, including cybercriminals with a password that they just phished off an unwary employee.
In a 2021 survey, 70% of survey respondents said that they believe that their business will be harmed by email-based attacks like targeted ransomware attacks in the next year, up from 59% in 2020. But you don’t have to join that number- put strong protections in place now and you can have peace of mind that you’ve chosen a powerful defense for your essential systems and data.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas
877.860.5831
Even if you’re making all the right cybersecurity moves, can you be certain that every organization that your business has a relationship with is doing the same thing?98%of organizations have had a threat arrive at their doorstep because of a data breach or security incident a third party or supply chain source in the last 12 months – and that’s a vector for incoming cyberattacks that you may not even know about.
Third-party and supply chain risk can come from any vendor or service provider that you do business with. Are you outsourcing file transfers or information storage? That’s how more than a dozen universities were hacked using information gained in a breach at transference and collaboration specialistAccellion. Using specialized software for fundraising? Hundreds of leading charitable organizations and trusts were too – and many of them were hacked because of a data breach at software providerBlackBaud.
No business can exist without others. Any organization that has information about your business could be putting your systems and data at risk. As the world becomes more interconnected and cloud-based, that risk is growing every year. New cyberattacks fueled by dark web data are adding to that risk too. At the start of 2020, an estimated65%of the information already on the dark web could harm businesses, and22 millionmore new records were added by the end of that year.
Reduce your company’s chance of damage from a third party or supply chain based attack by taking a few simple precautions. Add multifactor authentication to every account –Microsoft saysthat it stops 99% of password-based attacks. Increase phishing resistance training too. Much of the data that bad actors gain is used for spear phishing. Dark web monitoring helps reduce risk too by alerting you if any of your company’s protected credentials are exposed.
How about some good news? By following these tips, you’re not just increasing your company’s protection against third party and supply chain risk. You’re also boosting your organization’s overall cybersecurity posture against many other damaging risk like ransomware and account takeover as well as increasing your cyber resilience – and that delivers you some much-needed peace of mind.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas
877.860.5831
Secure Your Clients Against Third Party/Supply Chain Risk Fast
CISA has declared AprilNational Supply Chain Integrity Month. But you don’t have to be a US-based business to benefit from this helpful reminder! No business is an island and third-party/supply chain risk is snowballing for every organization. As a flood of records stolen in data breaches continues to fuel cybercrime from the dark web, your clients are at an increased risk for BEC, ransomware, spear phishing, impersonation scams and so much more. this problem isn’t going away anytime soon. In fact, expect it to continue getting worse. You’ll want to review your clients’ security posture againstthird-party and supply chain risk today(TPR/SCR) – and we’re here to help you address vulnerabilities fast!
Almost Every Business Experienced a TPR/SCR Risk in 2020
In an increasingly interconnected world, companies are more intertwined than ever before. MasterCard’s Risk Recon unit reported on the proliferation of risk factors that businesses face today inThe State of Third-Party Risk. Their survey respondents said that when it came to the necessity of checking vendors for cybersecurity risks, one-third assessed fewer than 25 vendors annually, another third checked between 25 and 100 and the last third dealt with more than 100 vendors. About 5% of respondents were in charge of assessing more than 750 third per year! Even a highly reputable major vendor likeMicrosoftcould saddle businesses with an unexpected vulnerability.
Just because they’ve reached out to assess cybersecurity procedures and policies at a potential third party or supply chain connection, that doesn’t mean that the connection is safe. While 81% of respondents claimed that 3/4 of their vendors pass their security questionnaires, only 14% of those surveyed trust those responses. 31% of respondents stated that they have vendors they considered to be a material risk in the event of a data breach. That tracks with other industry data indicating that an astonishing98% of monitored organizationsclocked a threat from a supplier domain in 2020.
Don’t miss these bad password lists & good password tips.DOWNLOAD IT>>
More Dark Web Data = More TPR/SCR
Why are organizations facing more relationship risk than ever before? An enormous amount of data hit the dark web last year, including an estimated22 million new records. Experts already estimated that65% of the information on the dark webat the start of 2020 could harm businesses. Those new records and other scraped or stolen information provide abundant fresh fuel for cybercrime,increasing everyone’s risk. Threats from suppliers’ jacked domains are also a huge problem. Cybercriminals piggybacking on legitimate business domains has increased risk in every sector. About 74% of those threats are phishing attempts or impostor schemes, and almost 30% were malware-related.
Newly ascendant supply chain and third-party risks have had a profound impact on business security. When looking at the fallout,another surveyreported that 80% of respondents had suffered at least one breach via the supply chain, a majority had suffered at least two breaches and one in ten had suffered more than six. The manufacturing sector was especially beleaguered, with 57% of survey respondents saying they have suffered breaches related to supply chain exposure in the past 12 months. Visibility is a major concern – 29% of the executives said they had no way of knowing if a risk was spawned at a vendor until it became a cyberattack on their business.
Mitigating This Risk Isn’t Impossible
TPR/SCR may be growing, but there’s no reason why your clients can’t gain some peace of mind against it when you guide them into taking a few practical, affordable steps to minimize their exposure and keep their data safe. The best part is that not only will these moves protect them from TPR/SCR, they’ll also gain additional protection against other cyberattacks that they might be faced with, increasing their overall cyber resilience.
Password Compromise
This huge pitfall is one of the top ways that companies gain risk exposure through the supply chain because password reuse is endemic and at least 65% of people reuse passwords across the board, including for business or enterprise accounts. But two solutions are strong defenders in the fight against password compromise risk from these sources.
Multifactor authentication stops99% of password-based cybercrime including an employee’s often-recycled password, and it’s just one of the many tools that boost security throughPassly.
Dark web monitoring withDark Web IDgives IT teams crucial time to respond if a company’s passwords hit dark web markets or dumps no matter where they’re snatched from enabling companies to react before the bad guys do.
Spear Phishing & Ransomware
Exponential growth in phishing riskhas put every business solidly in cybercriminal sights. Bad actors are using the data gleaned from breaches at service providers, manufacturers, wholesale suppliers, transportation companies, business services firms and more to mount phishing-based cyberattacks on companies in every industry.
Reduce the chance of a phishing attack from harming a businessby up to 70%with security awareness and phishing resistance training through BullPhish ID
Repeat that training at least quarterly using preloaded phishing simulation kits or customize the content to reflect industry-specific dangers including attachments and URLs
Securing your clients against the escalating risk that comes from third parties or the supply chain immediately is crucial – 72% of compliance leaders expect the number of TPR/SCR risk that companies face to increase in 2021. By acting now to take sensible precautions, you and your clients can feel confident that you’re insulated against this growing threat vector.Contact the experts at Bit by Bitto find the perfect combination of solutions to defeat this risk.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas
877.860.5831
A down economy is forcing many companies to make spending cuts. But when you’re going through your budget looking at things that you can pare down or put off, don’t add cybersecurity to that list. Instead, look at the ways that your security solutions can be maximized to ensure that you’re getting the real value out of them that you’re already paying for – you’re almost certainly going to find a few unexpected features.
For example, if you’re already using Dark Web ID for dark web monitoring, you’re making a strong move to protect your business from credential compromise danger, even if that risk comes from your employees reusing their work passwords elsewhere (which 65% of people do). But are you monitoring your executives’ private email accounts too? You don’t need to buy anything extra to do it – you can do that with Dark Web ID, an often overlooked bonus!
Password protection isn’t really protection anymore. That’s why multifactor authentication (MFA) is a modern essential that authorities like Microsoft recommend to stop 99% of password-based cybercrime. But experts also recommend single sign-on, and secure password vaults. Instead of buying multiple solutions to accomplish those goals, you can find one solution that does everything, like Passly, making your IT budget stretch even farther. Plus, Passly also provides automated password resets, a huge time (and money) saver.
While it may be tempting to slash your security budget and put off making security adjustments, it’s a dangerous proposition. Overall cybercrime increased approximately 85% in 2020 and things aren’t slowing down. Make the smart decision to play the long game and still profit in the short term by making careful investments in cybersecurity upgrades – and avoid having your business get knocked for a loop in the wake of today’s cyber crimewave.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas
877.860.5831
Are you tired of filing a trouble ticket and waiting for a technician for every little IT issue? When you ake advantage of the automation capabilities that many of today’s smrt solutions feature, you don’t have to. Affordable automation means that you can make just few small adjustments to your security plan that bring big results, reducing your trouble tickets while increasing your security posture.
By far the most common trouble ticket that helpdesks receive is a password reset. On average, 20% to 50% of all IT help desk tickets each year are for password resets. one password reset can set you back around $100.This calculator using averaged data can help you determine the cost of a password reset for your business.
But if you’re using a secure identity and access management solution like Passly, you never have to pay or wait for a password reset – it’s automated, eliminating wait time (and expense) for you and stress on IT personnel. On average, every one of a company’s employees is going to call the helpdesk 11 times per year., so that savings really adds up.
Consider using that money to automate a few other security tools. If you add Graphus to your security planyou’ll be upgrading your security and reducing trouble tickets at an unbeatable value . You get automated antiphishing security that uses AI and more than 50 data points to spot and stop phishing email. It catches 40% more than traditional solutions.
Also consider automating security awareness training with BullPhish ID. Choose from an array of plug-and-play phishing kits and set your phishing simulation to deliver the training that your staff needs, then report on theirprogress – automatically. Automated deployment and no-fuss integration with Dark Web ID also makes it a snap to keep an eye open for dark web credential compromise too
Don’t stress out yourself or your security team with a sea of trouble tickets for mundane issues. No one wants to spend the day waiting for IT to reset a password. Affordable automation lowers everyone’s stress. Automate as many routine processes as you can and free up your staff to do something more important with their time.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas
877.860.5831
Stamp Out Alert Fatigue: Security Automation is a Win for Everyone
Automation technology has becom ehelpful in so many facets of life. Automated vacuums keep our floors clean. Automated pet feeders keep our cats happy. Automated plugs turn our lights on and off. Adding an automated assistant to daily life has been a huge boon when driving or looking up a recipe. So why not take the power of automation technology and put it to work fighting back against the next wave ofrecord-shattering cybercrimeby adding affordable, reliable security automation that reduces alert volumes, increases helpdesk efficiency, completes trivial tasks without human guidance and finds threats faster than traditional sources?
It’s not something that’s coming in the far-flung future. Security automation has already started making an impact. As more solutions incorporate automation, IT managers are finding out that it’s not just a great way to generate reports or monitor performance. Automated features in an array of security tools enable them to do more with valuable resources like human capital while increasing awareness and efficiency. Ina recent study of security leaders, 85% noted that they believe that companies are adding technologies too quickly with 71% admitting that even most existing tools are underutilized. Experts estimate that companies use an average of 19 different security tools, with only 22% of them really important to maintaining security.
As businesses add solutions to address new needs and threats, the volume of alerts that IT teams deal with every day is staggering leading topotentially disastrous consequences. That cacophony of beeps, buzzes and bells, spurs staffers into turning off or ignoring alerts, and that can be a dangerous practice because an actual emergency may be missed. In thissurvey about IT team burnout, more than 45% of respondents said that they regularly turn off high volume alerting features because they’re overwhelming. Almost half of the participants said that they personally investigate 10 – 20 alerts each day, a 12% increase from 2019. Another 25% of respondents said they investigate 21 to 40 alerts each day, up from 14% the year prior, and 66% of survey takers reported seeing a significant increase in alerts since March of 2020 asdata breach risksproliferated in the wake of the global pandemic and implementation delays created a cascade effect ofincomplete maintenancepitfalls.
Time is Money
Another side effect of the alert flood is a huge time-suck: false positives. In that same survey, security teams said that 25 to 75% of the alerts they investigate on a daily basis are false positives. An in-depth study showed that a security analyst can spend as much as 25% of their time is spent chasing false positives. That’s 15 minutes per payroll hour, per analyst. IT teams can waste about 300 hours per week just wading through on false positives.
That’s a serious problem when there aren’t enough hands to do the work in the first place. Over 70% of IT managers in a staffing survey said that they couldn’t find the personnel they needed last year, leaving 82% of security teams chronically understaffed. Money isn’t the factor that’s stopping them either – 45% of organizations reported having enough budget available. But only 39% of companies feel they have adequate IT expertise on staff to handle increased ticket volumes, distinctly problematic when IT teams are faced with challenges like pivoting fromremote workforce securityinto securing the now hybrid workforce.
Security Automation is a Game-Changer
Automation is the answer to many IT team problems, and IT managers are beginning to realize it. – 68% of IT leaders were bullish on AI and automation technology. More than 60% of executives in that study also said that automated tools and AI technology helped them optimize the value of their existing tools and personnel.IBM notesthat automated security reduces trouble tickets by 80% and increases caseload capacity by 300% or more. It also saves money all over your security operation, including in some unexpected ways likesaving energy.
So how can you start benefitting from security automation? Make use of the automation capabilities available now in each of our digital risk protection solutions.
Dark Web ID– Enjoy automated deployment in minutes, with no additional hardware or software to install. Painless integrations with multiple PSA systems including Kaseya’s own BMS ensures automated data sharing for a fast, frictionless alerting and mitigation process, so you never miss a security event. Plus, Dark Web ID seamlessly integrates with other tools across Kaseya’s portfolio, making it easy for MSP technicians to manage them together.
BullPhish ID– Automate training to make it even easier to manage. Deploy campaigns fast with plug-and-play kits and have content delivered automatically through brandable portals on a pre-determined schedule. Then have all of the reports that you need to demonstrate the value of training to your clients automatically generated.
Passly– This is the process automation that will make every security team happy. Wave goodbye to trouble tickets for password resets because they’ll be automated. An average MSP that serves 1300 userswastes around $9350 each yearjust managing password reset tickets and you have better things to do with that money.
Don’t Wait – Automate
You don’t need to wait until you get fresh budget to start automating security. These features are already built into our solutions, there’s nothing extra to add or set up. Just start enjoying the extra time in your day from using smart security automation to take care of mundane tasks like password resets and report generation. Your staff will be grateful too. Maybe that will even free up a few minutes to see how much your business would benefit fromGraphus, an automated phishing defender that’s 40% more effective than traditional security.Contact us todayto learn more about our security automation and how it’ll benefit your business.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas
877.860.5831
One Ransomware Attack Can Cost You Twice as Much as Before
A tight global economy has everyone looking for new revenue streams – including cybercriminals who are doubling down on ransomware threats by doubling the price tag to get your data and systems back.
In a double extortion ransomware attack, cybercriminals make money two ways by asking victims to pay twice: once for a decryption code to unlock their impacted systems or data, and a separate fee to not have the encrypted data copied by the gang Practitioners of this tactic were responsible for more than 50% of all ransomware attacks in 2020.
This week’s record-setting ransomware incident at Acer proves that the cost of a ransomware incident is only going up – cybercriminals presented Acer with a $50,000,00 ransom demand to hand over the key to decrypt their data. The risk is going up too. Researchers noted a 50% increase in the daily average of ransomware attacks between Q1 2020 and Q4 2020
Protecting your business from ransomware starts with protecting it from phishing. Regular security awareness training that emphasizes phishing prevention is a key part of any defensive strategy against ransomware. An estimated 65% of ransomware attacks are delivered via phishing.
Phishing resistance training solution BullPhish ID has just been updated to include more customizable training campaigns and user-friendly features that make training painless for everyone. Launch a new campaign this week to start building your company’s ransomware protection.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas
877.860.5831
Double Extortion Ransomware is the Gift That Keeps On Giving – to Cybercriminals
Double extortion ransomware having another moment in the sun as cybercriminals double down on their attacks to double their profits. In this devastating style of attack, cybercriminals aim to get paid twice – once for the usual decryption code to unlock systems and data and a separate fee to not have the encrypted data copied by the gang.
This tactic was in vogue before when it first emerged in late 2019 and spread across the cybercrime landscape. It’s reemerged as a favorite of major gangs including REvil, DoppelPaymer and Clop. Even cybercriminals are working a little harder in this economy, leading to this style of attack trending upward again as cybercriminals look for new ways to expand their revenue streams. Practitioners of double extortion ransomware were responsible for more than 50% of all ransomware attacks in 2020.
Ransomware Continues to Rule the Roost
Ransomware risks show no signs of slowing down, and they’re costing companies a fortune. The average ransomware payment rose 33% in 2020 over 2019, to $111,605. The worldwide cumulative cost of ransomware doubled last year as well, from an estimated $11.5 billion in 2019 to $20 billion in 2020. Insurers felt the pinch too – cyber insurance claims for ransomware attacks increased 41% in the first half of 2020 alone.
All of this translates into huge financial danger for companies in every sector. Healthcare led the pack – An estimated 560 US healthcare targets alone were impacted by ransomware in 2020. More than 45% of cyberattacks against healthcare targets in 2020 were ransomware, but no industry was spared. Manufacturers experienced one-quarter of all ransomware attacks, professional services companies clocked in at 17% and government entities were hit with 13%.
Protection from Ransomware is Priceless
Phishing is the primary delivery source for ransomware, making phishing resistance and defense the cornerstone of a strategy to protect businesses from disasters. There is plenty of room for growth in the area as well – 62% of businesses do not do enough cybersecurity awareness and phishing resistance training.
The new BullPhish ID has been freshly updated and upgraded to provide a smooth, efficient and effective training experience for everyone involved. You’ll love:
Customizable, intuitive training portals that make the whole process of taking and conducting training a breeze!
Customizable training emails including attachments enabling you to create better simulations of real threats in your industry
Simple, clear reporting to gauge the effectiveness of training and find out who needs more help
Over 80 plug-and=play phishing simulation kits are ready to go, enabling you to start training immediately
4 new kits added every month to reflect new lures and keep staffers on their toes including COVID-19 threats
Video lessons, online testing, and training in 8 languages
We’re here to help you find the perfect combination of solutions to protect your clients and your business from ransomware through the ID Agent Digital Risk Protection Platform and IT Complete. Book a meeting with one of our solutions experts now and let’s explore the possibilities.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas
877.860.5831
This is definitely not going to be the year when phishing threats decrease. Cybercrime growth will continue to be explosive as the pandemic’s impact continues to squeeze the world economy. In Q4 2020, phishing threats were up 220% over Q42019, and similar growth is expected when Q1 2021 numbers come in. Don’t put off getting your customers in a strong position to overcome the challenges brought by this tidal wave of phishing. By taking the initiative to get ahead of the risk, they’ll be in a better place to ride out phishing trends throughout the year.
Book a demo of the ID Agent digital risk protection platform now!
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas
877.860.5831
Impersonation Schemes Can Snag Even Savvy Employees
As phishing threats continue to rise, a disturbing trend that has grown throughout the pandemic continues to impact businesses around the world. Smart cybercriminals are pulling off audacious impersonation schemes, and protecting your business from them needs to be a priority.
Cybercriminals have been using the circumstances of the global pandemic to their advantage. Workers received 72% more emails in 2020 than the year before, and that means many more opportunities for phishing – over 35% of all phishing emails sent in 2020 had a COVID-19 twist.
Bad actors used emails purporting to be from organizations like the World Health Organization, the New York Department of Labor, Oxford University and myriad other seemingly “trustworthy” authorities to socially engineer pandemic-rattled workers into downloading spurious attachments and clicking poisoned links.
Those are the kinds of phishing messages that can snag anyone, even employees who are normally wary about such things. That’s why it’s essential that phishing resistance training is a central feature of your cybersecurity plan. Studies show that security awareness training like that can reduce your risk of a cybersecurity incident by up to 70% as long as it’s regularly refreshed (typically quarterly).
BullPhish ID is an ideal training solution for businesses of any size. Our content is updated regularly, providing fresh exercises reflecting the latest threats for workers every month. Training materials can also be quickly customized to better reflect industry-specific dangers. Access it all through a user-friendly training portal that makes the whole experience painless..
Don’t wait until someone’s been fooled by a phishing email. Strengthen your company’s defense against clever, socially-engineered phishing attacks with regular phishing resistance and security awareness training. You’ll gain dividends today and tomorrow.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas
877.860.5831
Escalating Phishing Threats Are Still Capitalizing on Pandemic Pressure and Remote Workers
Many things in the world have slowed down or are still stopped as we navigate the back end of the global COVID-19 pandemic. But one thing is having a major growth spurt with no end in sight: phishing. Across the board, phishing threats are the top cybersecurity menace that businesses face today and that threat meter is only going up.
Phishing increased 42% overall in 2020, while some categories and attack types like ransomware experienced triple-digit growth. That constantly growing menace rose 148% in March 2020 alone. Phishing threats took their biggest jump in Q2 2020, escalating an eye-popping 660% according to Google. Even in Q4 2020, the increase was lower but still epic: phishing was up more than 220%. Experts agree that phishing will continue to dominate the threat lanscape in 2021.
Cybercriminals are still milking the public’s thirst for information about COVID-19. In the early months of lockdowns and public health emergencies, bad actors grew adept at using pandemic lures and other crafty, socially-engineered tricks to take advantage of stress and anxiety, especially when it comes to targeting remote workers. More than 30% of the email sent overall in 2020 was a pandemic-themed phishing attempt, and a whopping 72% of all phishing email was COVID-19 themed.
One reason that phishing is up is because email volume is up. Workers handled 72% more emails in 2020 than the year before, and email is the primary communication tool of the majority of businesses these days, although messaging is catching up. That gives cybercriminals many more chances to snag a tired, stressed, or distracted remote worker.
Impersonation and business email compromise scams are also reaching new heights. Business email compromise (BEC) attacks doubled, and impersonation scams, especially phishing that aped a major corporation or “trusted” source took off – more than half of all phishing “websites” in 2020 imitated one of those organizations. In 2020, BEC costs increased rapidly, from $54,000 in Q1 2020 to $80,183 in Q2.
Smart cybercriminals know that they’ll have a far easier time duping an unsuspecting worker into clicking a link than downloading an attachment, and they planned their attacks accordingly. While an estimated 71% of spear-phishing attacks included malicious URLs, only 30% of BEC attacks included a link. Drilling down, 20% of phishing URLs were WordPress sites, 72% of phishing websites used genuine HTTPS certificates, and 100% of drop zones employed TLS encryption.
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas
877.860.5831
