Month: November 2022

TitanHQ Included in Deloitte 2022 Technology Fast Awards for the Second Successive Year

For the past 23 years, Deloitte has been recognizing growth and innovation at public and private companies in the technology sector in Ireland. Deloitte assesses companies based on the previous four years of growth, with the top 50 technology companies recognized in the Deloitte 2022 Technology Fast Awards. According to Deloitte, the awards program was created “to recognize the passion and dedication it takes to be an industry disrupter across the technology, media, telecommunications, life sciences, fintech, and energy tech sectors.”

The awards celebrate innovation, entrepreneurship, and the commitment and drive of companies in Ireland’s indigenous technology sector. Inclusion in the list is a great honor. This year, TitanHQ is proud to announce that the company has been recognized at the Deloitte 2022 Technology Fast Awards for the second year in a row, ranking in 45th place in 2022.

Announcing the awards, David Shanahan, Partner, Deloitte said, “Congratulations to all of the companies that ranked this year. As the business environment becomes more complex, the Irish technology sector has shown great resilience and tenacity. He went on to say, “This year’s ranking shows growth across a broad range of sectors with companies coming up with innovative solutions to address changing consumer and business demands while faced with adversity.”

This year, the top 50 fastest-growing companies have generated around €500 million in total annual revenues, with an average of €10 million per company. The average growth rate for each company was 594%. These companies employ over 5,500 people and have made a huge contribution to the economy and have given local people a tremendous opportunity to pursue successful careers in the technology sector. Encouragingly, this year has seen an increase in the number of female CEOs, with 7 of the companies in the top 50 now being led by women. This year has also seen 17 companies break into the top 50 for the first time, and 7 of those companies have gone straight into the top 10.

It has certainly been a great year for TitanHQ, which has continued to enjoy strong organic year-over-year growth, at home and internationally. The company’s cybersecurity products have been in high demand as companies around the world have been looking to improve their cybersecurity defenses against increasingly sophisticated cyber threats. TitanHQ has risen to the challenge and has broadened its product portfolio to help SMBs, enterprises, and managed service providers (MSPs) improve their defenses through product innovation and strategic acquisitions. The company has brought two new cybersecurity products to market – SpamTitan Plus and SafeTitan. The former delivers industry-leading protection against phishing, and the latter is a security awareness training and phishing simulation platform that helps businesses improve their human defenses.

For TitanHQ, the impressive growth has been helped by investment from a private equity firm which has allowed the company to make strategic acquisitions, launch new products, improve the existing portfolio of cybersecurity solutions, make strategic hires and improve investment in people.  ‘Organic year-on-year growth and recent significant investment have turbocharged TitanHQ’s growth. This has allowed TitanHQ to accelerate ambitious growth plans through increased investment in product development – and in people,” said TitanHQ CEO, Ronan Kavanagh.

5 Reasons Why Security Awareness Training is Important

In this article, we provide 5 reasons why security awareness training is important. If you run a business and do not provide security awareness training to your workforce, you are taking a big risk.

Data breaches are being reported with increasing frequency and with people leading more and more digital lives, there is a lot more data to steal. The Have I Been Pwned service includes a database of usernames and passwords that have been exposed in data breaches. The database now includes 12 million credentials showing just how common data breaches have become. Data breaches are also becoming costlier to resolve. The IBM Security 2022 Cost of a Data Breach report indicates the average cost of a data breach is now $4.35 million, a 2.6% increase from the previous year.

So how can security awareness training help a business and why is it so important?

1.   Helps to Prevent Data Breaches

Businesses store sensitive data, whether that is customer data, financial information, contact lists, or proprietary company information. That information is valuable to cybercriminals as business and customer data can be easily monetized and sold on the dark web. Cybercriminals actively target businesses for the data they hold and misuse or sell that information, or encrypt it to prevent the business from operating, requiring a ransom payment to get the information back.  You can implement technical defenses to repel these attacks, but technical defenses are not 100% effective, and attacks often target humans – malicious emails, websites, phone calls, and text messages. Security awareness training is a vital component of any security strategy. All members of the workforce need to be trained on how to recognize and avoid threats. Security awareness training reduces susceptibility to cyber threats and helps to prevent data breaches.

2.   Avoid Regulatory Fines and Litigation

Companies of all sizes are required to comply with regulations at the local, state/regional, and Federal level that have data retention and privacy and security requirements. For instance, there is the General Data Protection Regulation in the EU that requires data protection by design and default, and industry regulations such as FISMA (financial services) and HIPAA (healthcare) that have security awareness training requirements. The failure to provide security awareness training can result in significant financial penalties, and if tax records are lost in a ransomware attack, companies can still be fined for not producing those records. By preventing cyberattacks and data breaches through end user training, companies will also reduce the risk of litigation. Lawsuits are now commonly filed after data breaches.

3.   Improve Productivity and Save Money

Security awareness training comes at a cost. You will need to devise your own training course, pay for a third-party trainer, or most commonly, invest in a third-party security awareness training platform. For every hour of training provided to an employee, that is an hour of lost productivity. These costs should be seen as an investment that will give you a return. The money spent on training and the time devoted to it will be recouped in terms of productivity gains by preventing ransomware attacks and data breaches. The cost of remediating cyberattacks and data breaches is far higher than the cost of security awareness training to prevent them.

4.   Improve Employee Well-being and Job Satisfaction

Security awareness training is concerned with improving cybersecurity defenses, but it is an investment in people. Businesses that provide security awareness training are teaching their employees to be more security aware at work, but this is a transferrable skill and one that is not just valuable for employees for future work positions but also in their personal lives.  Train employees to be more security aware and they can apply those lessons at home and avoid personal data breaches and financial losses, which helps to reduce stress and improve mental, emotional, and physical health.

5.   Helps to Protect Your Company’s Reputation

One of the most damaging effects of a cyberattack or data breach is the impact on your company’s reputation. Surveys suggest that following a cyberattack that exposes sensitive customer information, two-thirds of customers would take their business elsewhere and would never return. The amount of time, money, and effort that goes into building a business can be lost overnight. Many businesses will be able to weather a cyberattack and take the financial hit, but the reputational damage can take many years to recover. The reputational damage is one of the main reasons why 60% of small businesses cease trading within 6 months of a data breach.

SafeTitan from TitanHQ

TitanHQ offers businesses a comprehensive security awareness training solution for businesses called SafeTitan. The platform includes an extensive library of training content, divided into short (max 10-minute) computer-based training modules that are easy to fit into busy workflows. The training content is fun, gamified, and engaging, and helps to build a security culture and eradicate risky practices. The platform also includes a phishing simulator for testing whether employees can recognize phishing attempts – the most common way that cybercriminals attack businesses. Phishing simulation data shows susceptibility to phishing attacks can be reduced by up to 80% with SafeTitan.

If you have yet to provide security awareness training to your workforce, you will be missing out on all the above benefits. So why not make a start today, starting with a free trial of SafeTitan?

7 Tips for Improving the Effectiveness of Security Awareness Training

Businesses can significantly improve their security posture by investing in people and providing security awareness training. Many cyberattacks target employees, as they can be tricked into disclosing sensitive information or installing malware. Through training, you can eliminate risky security practices that open the door to hackers and can show employees how to recognize cyber threats and how they should respond when such a threat is identified.

Providing a once-a-year training session covering all aspects of security will help to improve security awareness, but this is not the most effective approach, and it is unlikely to allow an organization to achieve the ultimate goal of security awareness training – to develop a security culture throughout the organization. To help you get the best possible return on your investment in security awareness training, consider these 7 approaches.

1.   Ensure Your Communicate That Everyone Has a Responsibility When it Comes to Cybersecurity

It is a commonly held view that cybersecurity is the sole responsibility of the IT department. The IT department should implement safeguards and technology to block and identify threats, but everyone has a role to play in the cybersecurity of the organization, including the CEO, CISO, managers, and workers. Cybersecurity is a collective responsibility, and this should be clearly communicated.

2.   Security Awareness Training is an Ongoing Process

If you provide a once-a-year training session that covers all aspects of security, this is likely to improve awareness of the basic lessons of security – Don’t click on links or open attachments in unsolicited emails, log off when you leave your computer, don’t plug in a USB drive you find in the street, make sure you set a strong, unique password for all accounts, and so forth. However, you cannot expect employees to be aware of the latest threats and tactics that are being used by malicious actors with this approach. Security awareness training needs to be an ongoing process. A once-a-year training session is great as a refresher on security best practices, but you should be continuously providing training on the latest threats in short training sessions each month. A couple of 10-minute training modules every month will help to keep security fresh in the mind and keep employees abreast of the latest tactics that are likely to be used by malicious actors against them and the organization.

3.   Conduct Phishing Simulations

Phishing simulations are a great way to reinforce training and give employees practice at identifying phishing threats in a safe environment. Conduct phishing simulations of varying difficulty on the entire workforce, and if individuals fail, this can be turned into a training opportunity. They can be told where they went wrong, and how they could have identified the threat so that the next time such a threat is encountered, they will be more likely to recognize it as such and avoid it. Phishing simulations allow businesses to take proactive, targeted action to improve security awareness where it is needed and strengthen the weak links before they are found and exploited by malicious actors.

4.   Reward Don’t Punish

You are likely to achieve much greater success if your security awareness training program recognizes and rewards individuals who do well, rather than punishes those that get things wrong. If you punish employees for getting things wrong, that is likely to result in a culture of fear, which can lead to a bad working environment where mistakes are actually more likely to be made. Focus on rewarding or recognizing the individuals that get things right and always look for opportunities to celebrate success. If employees fail phishing simulations or make mistakes, make sure you communicate that this simply means there is a need for further training.

5.   Make Security Awareness Training Fun and Engaging

Many people will find cybersecurity training dull and boring. Rather than provide lengthy training sessions and give out long boring printouts, use a computer-based training course that has fun, engaging, and gamified content. Use a variety of training tools including videos, demonstrations, quizzes, and other interactive methods to engage employees. Make training fun and enjoyable, and the message is more likely to be taken on board.

6.   Tailor the Training Course for Individuals

Everyone learns in their own way and at different speeds, so a one-size-fits-all approach is unlikely to give you the best return on your investment. The training course should be tailored for individuals. If the course is too basic for people with a high degree of knowledge, they will get bored. If it is too technical for individuals who have a poor understanding of cybersecurity, they will get confused. Tailor the training course to get the best ROI. For that, you will need a modular training course that supports this flexibility.

7.   Constantly Update Your Training Course

The threat landscape is constantly changing, and tactics, techniques, and procedures of cybercriminals evolve, so your training course should too. Keep abreast of the changing threat landscape and ensure your training course is updated accordingly, and that you include the latest phishing tactics in your phishing simulations. Choose a vendor that constantly updates its training content and this will be simple.

SafeTitan from TitanHQ

TitanHQ provides a comprehensive security awareness training platform for SMBs, enterprises, and managed service providers called SafeTitan. The platform includes an extensive library of training content on all aspects of security, with the courses divided into short computer-based training modules of no more than 10 minutes, which makes them easy to fit into busy workflows.

The training content is fun, gamified, and engaging, and is proven to help eradicate risky security practices and reduce susceptibility to phishing attempts. The platform is flexible, allowing customized training content to be provided that is tailored to individuals’ roles and the threats they are likely to encounter, and the platform and training courses can be easily customized to meet the needs of businesses of all sizes.

The platform includes a phishing simulator for testing whether employees can recognize phishing attempts – the most common way that cybercriminals attack businesses. Phishing simulation data shows susceptibility to phishing attacks can be reduced by up to 80% with SafeTitan.

If you have yet to provide security awareness training to your workforce and are not conducting phishing simulations, the ideal time to start is now. Contact TitanHQ today for more information or sign up for a free trial of the solution and put it to the test before deciding on a purchase.

Malware Campaign Hides Malicious Code within PNG Image Files

Malicious emails typically contain links to websites where a malware payload is hosted. This method of malware distribution allows threat actors to reach employees directly, and since no malicious file is attached to the email, there is a greater chance that the message will not be detected as malicious by a company’s email security solution, especially if the URL or domain has not previously been used before. Advanced email security solutions – such as SpamTitan Plus – rewrite links, follow the URLs, and assess the content, and can block these threats.

Malicious files are often directly attached to emails. These files can be the malware itself or a malware downloader, but these executable files are often blocked by spam filters. Office documents and spreadsheets are often used that contain macros. If they are allowed to run, they will download the malicious payload. More companies are now providing security awareness training to their workforces and are warning about the risks of macros, and Microsoft is now disabling macros by default in Office files that are downloaded from untrusted sources via the Internet, so this method of malware delivery is becoming less effective.

In response, threat actors have had to come up with different ways of distributing their malware and one method that is growing in popularity is steganography – a technique used to hide secret data within an ordinary, non-secret file, such as an image file. When that file arrives at its destination, the secret data is extracted. To make this method of hiding content harder to identify, the hidden data is often encrypted and is decrypted at its destination. Steganography is not a new technique, as its roots can be traced back to ancient Greece, and it is also not a new method of distributing malicious code; however, using this technique for distributing malware has not proved popular with threat actors are there are much easier ways of distributing malware.

Recently a campaign has been identified that hides malicious code within .png files. Researchers At Check Point Research recently identified a malicious package called apicolor on the Python-based repository PyPl, which hides malicious code within a .png file, which downloads malicious packages onto the user’s device. This campaign uses a steganography technique called least-significant bit (LSB) encoding, where malicious code is hidden in each pixel’s least important bits. One pixel includes one bit of data for each alpha, red, green, and blue channel, allowing two pixels to contain one byte of secret code.

This attack uses DLL sideloading to execute CLRoader malware, which loads the PNGLoader DLL, which is able to read obfuscated code hidden within .png files. The code is a custom .NET C# infostealer that abuses Dropbox file hosting for communication and data exfiltration. The analysis of the malware revealed it can launch executable files, download and upload data to and from Dropbox, delete data on endpoints, set up new directories for additional backdoor payloads, and extract system information.

This method of malware delivery has been adopted by a threat actor called Worok, which is mostly concerned with targeting high-profile individuals in the Middle East, Southeast Asia, and South Africa and has been used by Worok since at least September 2022. Worok is believed to be part of a cyberespionage group; however, other threat actors could use this technique for a variety of nefarious purposes.