“IT and cybersecurity budgeting are two different segments of financing. IT covers overall technology investments, including hardware, software, personnel, and cybersecurity. Because cybersecurity is just a fraction of the grand scheme, it explains why budgets can be tight and sometimes even non-existent,” says Carlos Salas, a cybersecurity expert at NordLayer. 

Additionally, the same research shows that the most prominent cyber attacks in Canada from the last year were phishing (42%), malware (33%), and data breaches (27%). As a result, financial damages vary from losses of up to 5,000 CAD for 45% of companies to over 10,000 CAD for 12% of surveyed Canadian companies. Numbers could be even higher because as much as 15% of companies could not disclose how much they lost due to cyber incidents.

What Cybersecurity Solutions Are Currently In Use Among Canadian Companies?

Research reveals that Canadian companies combine different measures to achieve security. More than 7 out of 10 companies utilize antivirus software (72%). Secure passwords (66%) and file encryption (65%) are the second-highest priority when creating security policies within organizations at the moment. 

Business virtual private networks (VPNs) maintain their popularity in securing organization network connections, with over half (65%) of companies using them. Cyber insurance (43%) is a relatively new solution making its way to business cybersecurity, although its focus is on covering the consequences of an incident rather than preventing it.

A Quarter of Canadian Companies Plan to Allocate up to 24% of Their Organizational Budget for IT Needs in 2023

Spending on cybersecurity solutions, services, and applications will remain a priority (55%) in the 2023 budget. Besides cybersecurity training for employees (51%), Canadian companies will devote slightly less budget to hiring dedicated staff for cybersecurity questions (43%) and external cybersecurity audits (38%).

The research shows that 39% of surveyed companies plan to allocate up to 24% of their organizational budget for IT needs in 2023, and another 37% of respondents plan to invest up to 49% of their budget. Only 4% of companies said they don’t plan to invest in cybersecurity in 2023, out of which the majority are small companies.  

“Business budgeting tendencies show that cybersecurity investments receive only a small part of the allocated IT budget. Cybersecurity funds must be distributed wisely to ensure valuable outcomes, prove the chosen security direction effective, and minimize resources’ waste,“ says Salas.

What Cyberattacks Are Experienced in Small, Medium, and Large Companies?

NordLayer surveyed organizations of various sizes, revealing some similarities and differences between cyberattacks and company size. Speaking of similarities among all sizes, phishing (39%) is the overall most prominent, followed by malware (34%).

Small businesses are more likely to experience identity theft (12%) or data breaches (11%) than insider threats (2%) or social engineering attacks (5%). Also, small businesses experience the lowest number of cyberattacks — 42% of respondents did not face them.

Medium enterprises tend to suffer from malware (43%), social engineering (30%), and insider threats (29%). Compared with the other two categories, medium-sized businesses were exposed most to data breaches (34%) and DDos/DoS attacks (27%).

Large companies experienced the most cyberattacks — as much as 92%. Organizations of such size experience malware (43%) slightly more often than phishing (42%). They experience the same amount of data breaches and identity theft (27%) attacks, while ransomware is the least expected (19%).  

Companies Should Allocate a Budget for Cybersecurity 

The mantra “cybersecurity keeps evolving — so do cyber threats” remains relevant today, emphasizing the need for strengthening business protection measures. Choosing comprehensive cybersecurity tools and solutions helps to achieve the flexibility needed to adapt to dynamic technological and risk change. A sufficient budget is key. 

Salas also shares his tips on securing organizations: “No business is too small to experience a cyberattack. My recommendation for organizations of all sizes is to have a strong cybersecurity strategy. It should have the mindset that every employee is responsible for cybersecurity, not only the IT department. Speaking of concrete tools within the strategy, the company should have cyber mitigation and remediation solutions as well as backup plans for threat scenarios. Also, invest in employee training and dedicated staff for cybersecurity matters.”

Methodology: NordLayer surveyed 500 companies in three countries: the United States, the United Kingdom, and Canada. The external agency SAGO conducted the surveys between March 15 and 25, 2023. Respondents were asked a set of questions about cyber incident costs and allocated budgeting for IT and security in the period of 2022-2023. The samples were taken from non-governmental organizations operating in the services industry, and the target respondents were decision-makers (sole or partial) for IT-related acquisitions. Companies were divided into three main groups regarding size: 1 – 10 employees (small), 11-200 employees (medium), 201+ employees (large). 

The post Purchase of Cybersecurity Solutions Is the Most Popular IT Investment Among Canadian Companies this Year appeared first on SiteProNews.

The extension, operating within browser limits, is a lightweight option for organizations to use for work and browsing the internet at blazing speeds whilst maintaining the security standard that they are used to when using NordLayer desktop and mobile apps. Moreover, when using Browser Extension, users can access the organization’s different private gateways simultaneously.

“The NordLayer Browser Extension defines a simple, intuitive, and effective security approach developed by NordLayer. This add-on is an alternative solution for enriching existing ways to secure online activities,” says Artūras Bubokas, a product manager at NordLayer.

Easy to set up and log in, the browser extension provides quick access to web-based company resources. Also, the extension solves potential NordLayer application and customer OS compatibility issues while allowing them to use it on their browser alone. By being a lightweight solution and encrypting data only at the browser level, this solution offers reduced internet usage, faster speeds, and improved performance compared to the desktop application.

Compatible with Different Ways of Working

NordLayer’s browser extension is compatible with Google Chrome, Mozilla Firefox, and Microsoft Edge browsers, allowing connection to virtual private gateways created by the organization owner, with all network security policies applied.

“It’s a perfect solution for those who have devices without the usual operating systems, like ChromeOS. It brings more flexibility when several different gateways need to be used simultaneously on one device by encrypting data only at the browser level, reducing internet usage, giving faster speeds, and improving performance for locally installed apps. The extension comes as a very handy and quick solution to provide secure internet access in a few clicks,” adds Bubokas

The post NordLayer Launches a New and One-of-the-kind Browser Extension appeared first on SiteProNews.

Carlos Salas, an engineering manager at NordLayer, shares 10 social engineering techniques that hackers may use to target both individuals and organizations. According to Salas, “Social engineering is one of the easiest ways to get access to sensitive data, especially when employees haven’t been trained on how to recognize and combat it. Because every member of the organization is a potential target, with interactive and informative training, such attacks can be stopped.” Below, he shares his expertise on how to avoid any potential loss and examples of such attacks.

1. Baiting

Baiting attacks use a false promise to rouse a victim’s greed or curiosity. Social engineers use bait to lure users into a trap that steals their personal information or infects their systems with malware. For example, infected USB memory sticks are left in parking lots or offices, tempting people to see what’s on them. Don’t ever try to check what is inside the unattended USB devices, and make sure to report it to the security team if you see them lying around.

2. Pretexting

An attacker uses a made-up scenario (a pretext) to provoke an employee to disclose sensitive information, for example, login details to IT systems or personal information about other employees. It often requires researching the target prior to the attack to make the scenario plausible and to gain the trust of the victim. If that happens, the most important thing is to verify the identity, avoid sharing personal details and report the incident to the IT team.

3. Watering Hole

In a watering-hole attack, the attacker infects an existing website or creates a fake website that mimics an existing website often used by a certain group of people, for example, employees of a company. The goal is to infect a targeted user’s computer and gain access, for instance, to the network at the target’s workplace. To protect yourself, only access websites that have HTTPS in the URL code, update your software, and use malware-detection tools.

4. Quid Pro Quo

Quid pro quo attacks rely on people’s sense of reciprocity. Attackers offer services, assistance, or other benefits in exchange for information. For example, someone pretending to be an IT expert might ask for your device’s login credentials in order to make that device run faster. In order to prevent information loss, verify the identity of IT technician, question methods and tools, and use anti-malware software.

5. Scareware

Scareware is a form of malicious software, usually a pop-up that warns that your security software is out of date or that malicious software has been detected on your machine. It fools victims into visiting malicious websites or buying worthless antivirus software. Use an ad-blocker and reputable antivirus and avoid clicking on pop-ups.

6. Tailgating and Piggybacking

Tailgating and piggybacking involve an attacker accessing a secure or restricted area. For instance, a person might tailgate an employee into the office, claiming to have lost their access card, pretending to be a repair technician, or holding coffee cups in both of their hands and asking for your help with the door.

7. Vishing

Vishing, also known as “voice phishing,” is a practice of eliciting information or attempting to influence someone via the telephone. In 2021 alone, TrueCaller reports that Americans lost $29,800,000 to phone scams. Avoid responding to emails or social media messages that ask for your phone number. Remember that your colleagues will never call you at home asking you to transfer funds or any other sensitive information.

8. Shoulder Surfing

Shoulder surfing is the bad actor watching their unsuspecting victim while they’re entering passwords and other sensitive information. But this technique doesn’t have to be used at close range, literally looking over their shoulder. It could be employed by the hacker from a distance if they use binoculars or hidden cameras, for example. In order to eliminate the risk of being snooped on this way, make sure to use strong, single sign-on passwords, biometrics, and 2-factor authentication.

9. Dumpster Diving

Dumpster diving is when attackers go through your company’s trash looking for documents containing sensitive or confidential information. Always use a file shredder to prevent information leakage.

10. Deep Fakes

Deepfakes (“deep learning” + “fake”) are synthetic media in which a person in an existing image, audio, or video is replaced with someone else’s likeness. It is possible to detect deep fakes. Make sure to check for shadows appearing on the face, notice if eyes are blinking and try to detect wrinkles. Beware of poor-quality phone call recordings and pay attention to how letters like f, s, v, and z are pronounced — software has trouble differentiating them from noise.

The post 10 Intricate Social Engineering Techniques that Can Harm Anyone and Ways to Prevent Them from Happening appeared first on SiteProNews.