Untangle is now part of Arista Networks

“The shift to work from home, shop from home, school at home has dramatically extended the global cyber-attack surface. The days of being able to provide access controls have been replaced with edge-less, multi-cloud, multi-device collaboration across multiple platforms being accessed by billions of global devices.

The global pandemic did not alter the dynamics of what was to come but did accelerate the global transition to edge computing. Bolt-on security measures are simply too tactical and too expensive to deploy and manage. The paradigm shift to perimeter-free computing has highlighted the need for both small and large businesses to embed security into their network infrastructure as a proactive approach to manage global threats.

Over the past 10+ years, Untangle has demonstrated success providing Edge Threat Management (ETM) solutions for the mid-market. We have seen the business evolve from a Next Generation Firewall purposely designed to provide enterprise quality of services for the mid-market. In 2017 we added Command Center, a cloud-based Security Management solution to expand our market to provide Managed Service Providers the ability to centrally deploy and manage their highly distributed customer base. In 2020 we moved further to the edge with the launch of Micro Edge, providing advanced connectivity and security capabilities to enable any business to have a secure network edge at a fraction of the cost of traditional commercial solutions.

I am pleased that Untangle has joined forces with Arista Networks, an industry leader in data-driven, client to cloud networking. Untangle will become a subsidiary of Arista, providing all the security assets for its Cognitive Unified Edge (CUE) offering. As a component of Arista’s CUE portfolio, Untangle will enter the next frontier of secure wired/wireless networks to the commercial and distributed enterprise.

We are excited about the opportunity to work with Arista and continue to provide additional technology to our vast partner network.”

– Scott Devens, CEO of Untangle

With such a strong focus on making networking and security products easy to deploy, easy to manage and easy to maintain for the channel, Untangle joins Arista at exactly the right time as our strategy and vision for our products converge.
Arista is looking forward to strengthening its focus on the channel and the mid-market with the addition of Untangle’s Edge Threat Management suite of products. The Untangle Command Center, NG Firewall and Micro Edge fit together with our own complementary offerings. With a larger portfolio of products to pull from, we will be able to help our mutual channel communities grow their businesses with us. We warmly welcome all of the Untangle team, and the Untangle Customer and Partner community, into the Arista family.

– Mark Foss, SVP of Global Field Operations & Marketing, Arista

Channel Partners Evolve to Enable Hybrid Work and Combat Rising Cyberattacks

As the industry looks toward 2022, it must also acknowledge the recent turbulent past. Through two unprecedented years of a pandemic and record breaking cyberattacks, Channel Partners across the globe have provided network security solutions to small and midsize businesses (SMBs) in a variety of industries. And throughout 2021, they continued to face challenges in the cybersecurity market – in office vs remote work, rising cyberattacks, customers who don’t want to change what’s working, etc.

In Untangle’s annual 2021 Voice of the Channel and 2022 Predictions Report, over 1500 Channel Partners were surveyed about challenges they faced over the last year, customer threats, current service portfolios, and the trends that will shape strategic business decisions for their organizations moving forward. What was learned is, despite the turbulence, Channel Partners have evolved and risen to the challenges and are preparing for the future.

Challenge – the Changing Work Landscape

In 2020 at the start of the pandemic, companies were quick to react and sent employees home to work. Fast forward to 2022 and businesses are going back to the office, many have already returned, and many have set March and Spring 2022 to bring back an in-office policy. Throughout all of these changes, channel partners have adapted to accommodate not only in-office clients, but also remote working as well as hybrid scenarios that have employees rotating in and out of the office.

How Channel Partners Have Adapted

To deal with the workplace transformation, Channel Partners have adapted to both remote working and hybrid scenarios. Moving into 2022, 49% of our partners said that 50% or more of their clients would continue to work remotely. To accommodate the dispersed workforce, partners found the most requested security feature from clients in 2021 was endpoint security (49% of MSPs), and then VPN Connectivity (25.8% of MSPs). These features being at the top of the list supports the trend that clients are looking to both enable and secure remote and hybrid work and stay ahead of cyber threats. Channel Partners have taken on the challenge with 85% offering endpoint security and 89% offering general network security including VPN technology.

Challenge – Increasing Cyberattacks

Headlining the news in 2021 was a string of high-profile cyberattacks, including the infrastructure attacks on the Colonial Pipeline and JBS Foods. What didn’t make the news cycle were record breaking cyberattacks on SMBs with Verizon’s 2020 Data Breach Investigations Report, (DBIR), indicating that 43% of cyberattacks target small businesses. According to the Voice of the Channel report, in 2021, the most common types of attacks that partners saw in 2021 were:

• Phishing (68% of partners)
• Malware / Virus (51% of partners)
• Ransomware (33% of partners)

How Channel Partners Have Adapted

With this rise in cyberattacks, 70% of channel partners saw increased requests following a major cyberattack with almost 50% saying they received requests for all of these services: network security, endpoint security, employee cybersecurity education and VPN. Following the jump in requests, for 2022, 83% Channel Partners expect that the cybersecurity side of their business will increase.

Trends for 2022

The growing number of cyberattacks and security risks also have Partners investigating newer security approaches. As Partners look to overcome the challenges presented by the rise in cyberattacks and in supporting globally dispersed networks and end users, they are looking at adding new solutions into their portfolios to meet these needs. For 2022, the new offerings that partners are making a priority to add are Zero Trust (33%) and web application firewall (31%). Notably, Zero Trust didn’t even make the list of features to consider in 2021, showing how fast the cybersecurity landscape is changing.

While the past two years may have been challenging, Channel Partners have risen to the occasion by adapting to the evolving needs of their clients in the wake of cyberattacks and a shifting workforce to better help protect their clients’ business, critical data and remote workers.

To view a full copy of the report, please visit:

https://get.edge.arista.com/2021_Voice_of_the_Channel

The IoT Makes Life and Work Easier; What That Means for Cybersecurity

The Internet of Things (IoT) is playing an increasingly important role in our business and personal lives. It has evolved to include devices we never dreamed of just a few years ago. Smart refrigerators, TVs, surveillance cameras, cars, watches: the list of connected devices continues to grow exponentially. According to Statista, the number of IoT connected devices worldwide is estimated to reach 30.9 billion units by 2025. While connected devices can make our lives easier at home and in the workplace, they can also expand the attack surface for cybercriminals.

What is IoT?

The Internet, as we’ve come to know it, connects hundreds of millions of computers, smartphones, and tablets around the world, for the benefit of its many users. The next iteration of the Internet, the Internet of Things, is different. Instead of a global network that can connect every person in the world together, the IoT connects every person and everything ‘thing’ in the world together.

Instead of a global network for the benefit of people, the IoT is a network for the benefit of things.

Defining the Internet of Things

The IoT doesn’t just connect computers and smartphones and tablets but also a variety of purpose-built autonomous devices. That includes sensors, controllers, switches, lightbulbs, doorbells, and the like. It’s connecting devices together so that those devices can communicate with one another and with various software applications and controllers.

These connected devices are designed to operate autonomously. IoT devices typically require little or no human interaction, via the use of artificial intelligence (AI) and other advanced technologies. This enables more, more automatic, and more intelligent services, without the need for human intervention.

How the IoT Works

Most IoT devices contain sensors that monitor their surroundings and collect data. They typically connect to each other and to other networks via Wi-Fi, Bluetooth, or other wireless protocols. Many of these wireless devices are small and battery-powered.

The data collected by IoT devices are fed to specific software or services that then process, analyze, and act on that data. This software can reside on another device, on a separate controller, in a corporate data center, or in the cloud. These applications typically work in an automated or semi-automated fashion, although they can be controlled by real-live human beings.

IoT: Valuable in Daily and Work Life

At its most basic, the IoT automates many previously manual activities. It relieves human beings of the tedium of repetitive tasks and offloads simple decision making. It’s designed to make life easier for consumers and businesses alike.

Common IoT devices for business.

The IoT offers numerous benefits to consumers through its many practical uses, many of which are realized today. Practically every “smart home” device is enabled by the IoT, as are many smart devices and applications.

The IoT also benefits businesses with improved efficiency in offices, factories, and retail stores. It’s all about automating repetitive and predictable processes to improve efficiency and collecting more and more detailed data to make faster and more accurate business decisions.

The Internet of Things promises improved efficiency in offices, factories, and retail stores.

Some of the chief business uses of the Internet of Things include:

• Smart lighting and HVAC systems
• Smart building security
• Smart inventory and supply chain management
• Smart manufacturing via RFID tagging and robotic processes
• Smart delivery routing and tracking

These uses can result in numerous benefits for savvy businesses, including improving the customer experience, speeding up existing processes, and enhancing employee productivity. IoT technology can also help management better manage day-to-day operations and make better long-term decisions.

How the IoT Impacts Cybersecurity

While the IoT brings many benefits to both consumers and businesses, it also presents new and complex cybersecurity threats. IoT devices present an appealing target to cybercriminals. There are lots of them, they’re everywhere, and they’re often connected to large networks and systems. Many IoT devices are also poorly secured compared to computers and other traditional devices, which makes them easier to hack into.

The problem is made worse when you consider that the firmware in many IoT devices cannot be easily updated. This makes it difficult, if not impossible, to patch security flaws putting those devices at continuing risk.

IoT devices present an appealing target to cybercriminals.

The sheer number of these devices currently in use increases the odds of IoT-related security breaches. IOT Analytics says there are at least 12.3 billion IoT devices currently in use. That’s a lot of potential access points for malicious intrusions – which explains the startling increase in IoT-based cyberattacks. Kaspersky Labs reports more than 1.5 billion breaches of IoT devices during the first half of 2021 alone, more than double the number of attacks during the same period the previous year.

Hackers can break into an IoT device and do one of several things:

• Steal the data stored on or collected by the device
• Use the device to remote attack other devices and systems
• Redirect control of the device to make it perform contrary to its intended function (imagine public utilities hijacked via IoT-connected devices)
• Use the device’s connection to a larger system to hack into that system and breach the data stored there

How Cybercriminals Exploit IoT

Cybercriminals can easily exploit home IoT devices such as smart speakers, smart doorbells, smart switches, and the like. Security flaws in these and other smart devices make it easy for hackers to breach and take control of these devices, either affecting operation or stealing collected data.

IoT devices represent an even greater security threat to businesses. Every single IoT device connected to the company’s network represents a potential attack surface. Hackers can gain control of smart printers, smart routers, and the like to break into corporate networks and systems and access sensitive data or plant ransomware or other malware. Unless IoT devices are properly isolated and secured – and the data they transmit encrypted – the risk of an IoT-related breach is high.

Every single IoT device connected to the company’s network represents a potential attack surface.

The risk increases as more companies move to larger remote workforces. Not only does a business have to protect IoT devices directly connected to its network, it also has to guard against remote employees’ personal smart devices being used to breach the larger network.

How to Protect Your Network from Being Compromised Through IoT

How can individuals and businesses best protect against IoT-related cyberattacks? There are several things that can be done.

Protecting Your Home from IoT Risks

Guarding against IoT-related attacks and breaches in the home is challenging, as consumers don’t always have a lot of control over how their devices are secured. The best approach is to limit the amount of potential damage by engaging in the following activities:

• Employing strong wireless security on all Wi-Fi routers and gateways
• Employing strong passwords on all devices that require passwords – and changing those passwords on a regular basis
• Entering as little personal information into these devices as possible
• Regularly updating to newer versions of devices that, theoretically, have stronger built-in security

Protecting Your Business from IoT Risks

Protecting a business from IoT-related breaches and attacks involves increasing edge security. You need to reduce the number of potential attack surfaces, encrypt as much data as possible, and minimize the damage an attacker could inflict.

Here are some of the most important things a business can do to protect against possible IoT-related incidents:

• Inventory and secure all IoT devices. You need to know which devices are connecting to your network, no matter how small or seemingly insignificant. Establish a baseline for acceptable behavior – and disconnect all devices that don’t need Internet access.
• Stay up to date. Regularly update the firmware and apply any available patches to all eligible devices. If necessary, replace older devices with newer, more secure versions.
• Educate your users. The people in your organization represent your largest security risk. Educate and train your employees to recognize phishing emails and to not open attachments from unknown users.
• Create a separate network for IoT devices. Separate all IoT devices—whether company owned or employee owned—ensure the sensitive information on your corporate network is secure in the event of a compromised IoT device.
• Enable strong network security. Make sure that your network can’t be accessed without appropriate authorization. Enact strong username/password security and encrypt all data and communications.
• Use NG Firewall to protect against intrusion. One of the best defenses against IoT device threats is to gain visibility into the network traffic to identify normal and unusual behavior. NG Firewall can not only block spam, viruses, and phishing attempts, it can also block requests made by malware.

The Bottom Line

The Internet of Things is here and provides real benefits to both consumers and businesses. It also represents an increased cybersecurity risk that can be mitigated by taking proper precautions, such as regularly updating IoT devices, employing strong network security, and using the NG Firewall to monitor network behavior.

The State of Cybersecurity in Education

While recent attacks on infrastructure have taken center stage, what is less publicized is the rise in cyberattacks on schools. In 2020, K-12 schools alone saw a rise of 18% to 408 breaches.¹ Indeed, schools faced a barrage of attacks such data breaches, leaks, ransomware and phishing attacks, as well as an alarming new threat in the form of invasions of online classrooms.

In 2020 and 2021 ransomware attacks on schools and universities included:

• Broward County Public Schools, Florida, the 6th-largest school district in the US, was hacked and threatened with leaking student and teacher information online if a $40 million ransom wasn’t paid. They did not pay the ransom.
• Buffalo Public Schools, New York, was the victim of a cyberattack that forced the district to cancel classes for a few days until key systems, equipment and applications targeted were restored.
• Rockwood School District in Missouri, was the victim of a malware attack that shut down the entire network in the district with more than 21,000 students and 4,000 staff.
• The University of Utah experienced a ransomware attack on its computer servers and paid more than $450,000 to an unknown hacker.
• Hackers attacked the computer servers at the University of California, San Francisco (UCSF) School of Medicine. To regain access to their data, the school paid $1.14 million in Bitcoin.

The consequences of any cyberattack can be devastating and extremely costly, but an attack on an educational institution can also impact students’ personal information, research data, financial information, etc. All of this can be held for leverage or ransom, affect school operations and actually cause the school to shut down for a period during containment and recovery.

Why are schools targeted?

In 2021, the transition back to schools and universities from online learning often brought unauthorized technology used during online learning as well as new personal devices onto the school network. Additionally, tech savvy students may have the latest devices, yet they often don’t follow good cyber hygiene practices such as password management, using MFA and installing software updates right away. These circumstances posed a challenge to IT departments, and an opportunity for cyber criminals, as these devices could unknowingly contain malware and bring it back to the school’s network or provide an entry point to hackers.

Other factors that make schools a target to malicious actors include many organizations run on legacy systems that can’t protect them from evolving threats because they don’t have the necessary financial or staff resources that many large corporations have, to keep systems up to date and all staff trained on cyber threats. In addition, apps and devices used by other school departments such as facility management, transportation, administration, etc., provide additional points of entry for cyber criminals. These factors leave the network vulnerable to cybercriminals.

Barriers to cybersecurity in education

The main barriers education institutions face stem from the aforementioned lack of resources. According to surveys from the Consortium for School Networking (CoSN), only one in every five school districts has a full-time staff person dedicated to cybersecurity.² Education leaders are left with the challenge of how to balance technology, personnel and risks when determining their cybersecurity investments.

Schools are also often breached by hackers who take advantage of the lack of cyber training for staff and students and aim their attacks at careless employees or students who trustingly reply, click on unknown links, or download files or unauthorized applications. The most common schemes are phishing and social engineering emails asking for credentials, payments or account details.

Top cyber threats to schools

What are the top cyber threats to schools and universities? Below are the most common threats schools need to monitor for and protect against.

1. Phishing and social engineering

   Cyber criminals use tactics such as phishing and social engineering to entice people to unsuspectingly download malicious software and give them a path to enter the network. Phishing emails appear to be similar to other emails reaching one’s inbox and may look like it is from a trusted source, however, there are tell-tale signs it is a hacker:

   • Incorrect domain name in email address
   • Urgent or threatening language
   • Suspicious attachments or incorrect links
   • Misspelled words or grammatical errors
   • Mismatched URLs

2. Third-party vendor issues

   To breach a district or university, malicious actors may hack a smaller vendor to infiltrate the school’s network. Like businesses, schools are digitally connected with many vendors having access to their systems to conduct business such as transactions, share information, etc. Hackers see these connections as a way to exploit vulnerabilities and access the school’s network.

3. Unpatched and outdated software

   Updating and installing all software patches and updates expediently is paramount to avoid a breach. Once attackers are aware of a new vulnerability, they work to exploit and gain access to the victim’s system and run their own malicious code on it.

4. Internet of things (IoT)

   With different departments and audiences using a variety of tools in education, it can be hard to tell how many IoT devices are connected to the network at once. What is important is that they are all secure. If not, attackers can take advantage and find access points to gain an entry point to the school’s network, putting academic and personal information at risk.

It’s time to protect schools

When it comes to network security educational institutions already have unique challenges, starting with small IT teams and strict budgets. However, cyberattacks will continue to evolve and target educational institutions. To protect students, staff and valuable data, these challenges and barriers must be addressed and changed. Recently, the Biden Administration has enacted the K-12 Cybersecurity Act into law to enhance the cybersecurity of our Nation’s K-12 educational institutions. This law put into motion efforts by CISA to examine the cybersecurity risks associated with K-12 educational institutions as well as provide tools and guidance.

To help schools stay ahead of evolving threats and hackers, we’ve compiled our resources to protect schools’ networks and students and information safe from cyber threats.

Whitepaper – Addressing the Record Breaking Cyberattacks in Schools

Whitepaper – Finding the Balance Cipa Web Filtering for K-12

Whitepaper – Managing the IoT in Higher Education

Keeping Schools Safe: K-12 Network Security Checklist

NETWORK MAINTENANCE AND SECURITY – Guide for Schools and Districts

Incident Response Planning Checklist for K-12 Schools

SOURCES

1. K-12 Security Information Exchange

2. https://www.governing.com/security/cyber-attacks-on-schools-in-2020-were-record-breaking-report.html

2021 Cybersecurity Wrap-up and Trends for 2022

As 2021 wraps up, we’re taking stock of the year from our cybersecurity point of view. After a tumultuous 2020, this year continued to be a roller coaster of new workplace conditions, disruptive cyberattacks and optimism in government action.

Below we list our top 3 trends and hacks that stood out for 2021, followed by what we see are the trends to watch for in 2022.

2021 TRENDS

Hybrid Work

If 2020 was the year of WFH (work from home), 2021 was the year of hybrid work. In many respects, it’s fascinating how much the workplace has changed in two years. Before 2020, while some businesses embraced a “work from anywhere” culture, only 20% of the workforce actually worked from home. Even with the capabilities to allow teams to collaborate, managers were still skeptical of the effectiveness of remote work and many companies, 80%, shunned remote work programs prior to Covid-19.

Fast forward to 2021 and businesses slowly began having employees return to the office, but now using a hybrid model where employees work part of the time in the office and WFH the rest of the time. However, for network security teams this is more than just having staff come back to the office, there are several complex network security considerations that must be addressed.

As employees rotate in and out of the office, companies will need to create plans and new safety protocols to keep their networks and employees safe. Most notably, employees could bring malware that is hiding in their laptops, waiting to move onto the corporate network. Employees may have also added unknown software and applications to help them while working from home. While helpful at home, they could prove dubious once on the network.

Shocking Infrastructure Hacks

Still reeling from the Sunburst cyberattack of December 2020, the summer of 2021 saw not only a rise in ransomware attacks, but malicious actors targeting critical infrastructure.

Attackers, such as the cybercriminal group DarkSide, have become more emboldened because of some of the incredible amounts of ransom paid for ransomware attacks recently. For example, attacks on the city of Florence, FL and Yazoo County School District, MS, cost each $300,000, while the University of San Francisco (UCSF) paid $1.14M in ransom. Once a capable hacker sees the potential to gain millions of dollars, many are willing to take the risk to try and infiltrate critical businesses in the hopes that one or more will pay up.

Critical services and infrastructure are also being targeted at increasing rates because bad actors found that by targeting infrastructure, they could not only disrupt business operations but society in general and hit consumers in the pocket. In addition, businesses don’t want to lose money by being offline, as every day not producing is very costly in lost revenue. Hackers found they can leverage causing societal disruption to demand larger ransoms delivered faster to get services up and running as soon as possible.

Significant infrastructure attacks of 2021:

Oldsmar Water Treatment Plant

On February 8, 2021, hackers accessed the water treatment plant of a small Florida city and changed the city’s water supply levels of sodium hydroxide from 100 parts per million to 11,100 parts per million. The changes were quickly discovered, and the sodium hydroxide levels were restored to their original levels with no harm to the water supply.

Pulse Secure

In March 2021, CISA assisted multiple government agencies, critical infrastructure entities, and other private sector organizations that had been using Pulse Secure’s VPN appliances targeted by hackers exploiting a zero-day vulnerability. This hack was significant because it targeted and compromised government agencies and companies in the U.S. and Europe.

Colonial Pipeline

On Friday, May 7, the news broke that Colonial Pipeline had been hacked and shut down its operations until the problem was resolved. The ransomware attack took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast. The attack was the result of a compromised password as hackers gained entry into the networks through a virtual private network account.

JBS Foods

On June 1, 2021, less than a month after the Colonial Pipeline ransomware attack, JBS announced that they had experienced a cyberattack. A major, global meat producer headquartered in Brazil, JBS has more than 150 plants in 15 countries. The company was the target of an organized ransomware attack that affected servers supporting its North American and Australian IT systems.

Global and Government Coordination on Cybersecurity

International collaboration and government action on cybersecurity finally took center stage in 2021. In October, President Biden held a 30-country virtual meeting aimed at combating the growing threats of ransomware to economic and national security. The goal of the alliance is “to accelerate our cooperation in combating cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, and engaging on these issues diplomatically.”

In addition, the US and EU recently announced plans to join the Paris Call for Trust and Security in cyberspace, a multi-stakeholder group of supporters that includes states as well as private sector and civil society actors. The Call is built around a shared commitment to safeguard the benefits the Internet provides all people, protect individuals and infrastructure and promote the widespread acceptance and implementation of international norms of responsible behavior.

Lastly, efforts to protect schools from cyberattacks have increased with the K-12 Cybersecurity Act recently signed by President Biden that instructs the Cybersecurity and Infrastructure Security Agency (CISA) to look at the cybersecurity risks schools face, and to develop recommendations and guidelines to help schools implement protections against these risks.

TRENDS TO LOOK FOR IN 2022

Zero Trust

The growing number of hacks and security risks has agencies and companies investigating or moving to zero-trust strategies, with the Biden Administration even mandating zero trust for federal agencies. Zero Trust is one of the latest cyber security trends to protect digital environments. However, it isn’t a platform or device, rather it’s an initiative to protect digital environments based on the key principle that instead of first making services available and then locking down access to those services, no access is granted at all unless it is specifically and deliberately given. This principle is applied to users and devices.

It’s a simple and clear concept, but the ‘how’ can vary depending on the way each vendor implementing the concept chooses to do so. At its core, it uses micro-segmentation to break up security perimeters into small zones to create separate access points for separate parts of the network. While access may be granted to one zone, access to other zones will require separate authorization. Policies are set to give users the least amount of access needed to complete a task.

For additional layers of security, Zero Trust employs other security measures such as two factor authentication, identity and access management (IAM), and other verification methods, or by using an Identity Provider so that all authentication and authorization is centrally managed.

For a company looking to set up a zero-trust solution, one of the potential misconceptions is that zero-trust requires a completely new type of infrastructure with a costly brand-new solution.

However, it’s feasible to build on the investments that companies have already made. Zero Trust is not one type of technology vs another. It’s not about whether VPN is used underneath or something else. Zero-trust isn’t a platform, or a device. It’s an initiative for digital environments based on the key principle that no access is granted unless it is specifically given. This can be done using solutions that provide zero-trust with VPN technology underneath, or it can be done with other technologies that grant or deny access.

Evolving Cyber Threats

After the success of high-profile ransomware attacks in 2021, look for these types of attacks to evolve and become more sophisticated. Malicious actors will use more AI and machine learning to be more convincing at compelling action that leads to a breach.

In 2022, cyber threats will include more deepfake content to trick victims. The audio or video used in deepfakes is developed using AI or machine learning to alter or create content that misrepresents someone. Deepfakes have been especially successful in phishing attempts and identity theft and financial fraud. For example, a phishing scheme may use audio or a video of a CEO asking an employee to send money. Thinking the request is real, the employee complies, and the funds sent are lost.

To combat deepfakes, steps to spotting and reporting them must be included in all employee cybersecurity training. For example, facial features are hard to recreate, and close examination may reveal a fake. In addition, if possible, confirm with the supposed sender to see if the message is real.

Skills Gap

In Untangle’s 2021 SMB IT Security Report, “lack of manpower” was named one of the top three barriers to network security for small and medium businesses. The ongoing skills gap will continue to be a threat for 2022. Currently in cybersecurity, there is a shortage of workers in just about every position, from entry-level to executive, and across industries. At the core of the issue is there just aren’t enough skilled workers for the positions available. While computer science is a growing major in colleges, only a small portion of graduates are going into cybersecurity. To fill these positions, the industry and companies, will need to take action and:

• Learn how to recruit Generation Z
• Upskill current employees
• Invest in education

SOURCES

How the Coronavirus Outbreak Has – and Hasn’t – Changed the Way Americans Work

New Study: Nearly one-third of workers expect to work remotely full-time after the pandemic

COVID-19 News: FBI Reports 300% Increase in Reported Cybercrimes

Hack exposes vulnerability of cash-strapped US water plants

Deepfakes in cyberattacks aren’t coming. They’re already here.

How to Protect Against Deepfake Attacks and Extortion