IDC Reports: Endpoint Management Challenges Posed by Today’s Cyberthreats

The cyber-security landscape is ever evolving, and IT professionals must remain up-to-date with the current state of IT infrastructure to proactively protect themselves from threats.

To learn more about the current state of IT infrastructure, we reached out to an IDC Analyst, Phil Hochmuth, and asked him to evaluate 5 key questions related to effectively managing one’s IT infrastructure in today’s security landscape.

Download this report to learn: 

  • What are the key trends around endpoint management and the latest cyberattack methods? 
  • How are IT teams set up to handle sophisticated attacks?   
  • What are the biggest mistakes internal IT organizations can make in terms of endpoint management? 
  • What is the cost of making mistakes around endpoint management?    
  • What are the mission-critical capabilities that organizations should look for when evaluating an endpoint management solution?  

Download the report here.

 

 

         

Evaluating Endpoint Management Solutions? This Buyer’s Guide Can Help

We know IT teams wear a lot of hats and that there are numerous solutions available to enhance endpoint infrastructure security and increase productivity. Researching and selecting the right endpoint management solution can be overwhelming, so we’ve put together a practical guide for the time and resource-constrained IT professional to facilitate the search.

Download this guide to uncover:

  • The critical need for comprehensive endpoint management
  • 10 key questions to shape your search
  • Must-have features and capabilities
  • The value your solution should deliver
  • How LogMeIn Central can help

Download Here

         

Uncovering the Harsh Realities of Endpoint Management

The workplace is evolving, and cybersecurity concerns and the risk of security breaches are higher than ever. According to the Ponemon Institute, 54% of companies experienced one or more successful attacks that compromised data and/or IT infrastructure in 2018, proving that the majority of today’s organizations are struggling to secure their endpoints. For many, endpoint security risk has become unmanageable, and companies are paying a prohibitive cost for each successful attack – $5 million for a large organization or an average of $301 per employee.

From the biggest ransomware attack in history (WannaCry) to two security vulnerabilities that put nearly all operating systems and computers at risk (Spectre and Meltdown), IT professionals are on high alert to improve their security measures, but many are struggling to determine how to implement proactive measures to manage and protect all endpoints from cyber-attacks.

In our latest research study, we surveyed 1,000 IT professionals across North America and Europe about the security landscape and uncovered market trends and business threats driving the need to make endpoint management a top priority. We revealed current tactics and proactive measures IT professionals can take to better protect their organizations from breaches.

To learn more, check out the infographic below, and download the full report here:

 

         

The Surprising State of IT Security: 4 Key Trends Revealed

Whether it’s malware or hackers or viruses, they pose significant threats to businesses and companies around the world, and rightfully so. These continue to evolve – and get smarter – making risk management a consuming task for IT teams and MSPs. According to the AV Test Institute, there were over 700 million known malware instances in 2017 and that number continues to rise year over year. What’s even scarier is how commonplace breaches and attacks are – almost 60% of IT teams have experienced a breach or attack at some point.

But rather than becoming more skilled at handling these threats, IT teams are more challenged by them now than ever before. And there are plenty of reasons for that. With the proliferation of devices such as laptops, smartphones, tablets, and the rise of account-based information that lives in the cloud, employees and companies are more at risk than ever, and IT teams are scrambling to keep up with rapidly-changing tech behaviors.

In our research study, we heard from 500 IT professionals on everything related to anti-virus and security management – their current processes, challenges, and overall take on the overwhelming task of protecting their computers and customers from threats. Check out the infographic below to learn the 4 trends we uncovered in the current state of IT security.

LogMeIn_State_of_IT_Final_standard_res

         

Don’t Leave Your Endpoint
Protection to Chance

News coverage of recent cybersecurity attacks shines a glaring spotlight on the vulnerability of our endpoint infrastructure in this increasingly technology-dependent world.

Exploits in the News

When the WannaCry ransomware infected more than 300,000 computers in over 74 countries in May 2017, it forced the UK National Health Service to turn patients away, resulted in a two-day shut down of LG self-service kiosks in South Korea, affected more than 40,000 businesses in China and threatened thousands of individual systems.

According to a New York Times article, the hackers behind the attack leveraged a hacking tool they stole from the National Security Association (N.S.A.) called “Eternal Blue.” Eternal Blue enabled the rapid spread of WannaCry by exploiting a vulnerability in Microsoft Windows servers. Even though Microsoft had addressed the vulnerability via a patch in a March software update, large volumes of computers weren’t up-to-date to defend against this attack.

The incident was quickly followed up by other global ransomware attacks including Petya ransomware initiated in June, and the series of Equifax data breaches which started in May and were discovered in July before being reported to the public 6 weeks later. The Equifax breaches, like the WannaCry attack, were enacted by exploiting a software vulnerability that the firm attempted to patch months prior to the attack.

Costs of Exploits

Incidents like these are more common than you might think. According to a study conducted by Ponemon Institute and sponsored by IBM security, the probability of experiencing a data breach is 1 in 4 and costs around $141 per record on average. If your company or the clients you serve have as few as 20k records, that’s equivalent to $2.8 million dollars at risk.

Proactive Prevention

Protecting systems from costly exploits, like just the few we mentioned, falls on IT. It’s imperative to have a centralized approach to maintaining machines and keeping them up-to-date with the latest software patches that are vital to protecting your overall network. Automating updates and patch deployment will ensure that your systems aren’t left unprotected and can save hours of time over updating each endpoint manually.

If you’re not managing or automating this critical function yet, try LogMeIn’s Central Premier for free for 14 days or request a demo from one of our Central pros. Make security your #1 priority and protect your endpoints today!

         

New LogMeIn Pro Status Page Now Live

 

Busy professionals rely on LogMeIn Pro to securely remote into their computers and get their work done from anywhere. Because reliable connectivity is a crucial aspect of remote access, we’ve built LogMeIn Pro with security being the most important design objective. Today, as a further commitment to our customers, we announce the launch of a new status page to keep you fully informed of our service status and historical up-time.

Visit http://status.logmeinaccess.com/ to view our status page that shows the current state of the LogMeIn Pro service. Powered by Atlassian’s monitoring  service https://www.statuspage.io/ our administrators and users have access to the #1 status and incident communication tool.

We’re committed to keeping your connections completely secure and reliable, and we’ll always keep you fully informed regarding any product incidents and updates. For real-time updates, be sure to subscribe to receive notifications via email, text or phone.

         

PHISHING ALERT: PoS Malware Mimics LogMeIn Software Updates

As part of our ongoing commitment to security, we want to make our users and the public aware of a new report of malicious software impersonating LogMeIn updates to Point of Sales (PoS) systems.

On Friday, January 19, 2018, a security researcher from Forcepoint (https://www.forcepoint.com/) reached out to LogMeIn’s Security Team and provided details on a suspected PoS-based malware. According to our investigation, the malware is intended to deceive an unsuspecting user into executing a malicious email, link or file, possibly containing the LogMeIn name.

This link, file or executable is not provided by LogMeIn and updates for LogMeIn products, including patches, updates, etc., will always be delivered securely in-product. You will never be contacted by us with a request to update your software that also includes either an attachment or a link to a new version or update.

This potential malware is being delivered through channels independent of our solutions and we have no evidence at this time to believe that the LogMeIn environment or our products have been compromised as a result thereof.

As always, we encourage users follow standard best practices to safeguard their accounts against phishing and social engineering which include:

  • Only accept updates directly from within your LogMeIn product. We will never deploy a software update via email.
  • Beware of phishing attacks. Do not click on links from people you don’t know or that seem out of character from your trusted contacts and companies.
  • Turn on 2FA for email, and other services like your bank, Twitter, Facebook, etc. Two-factor authentication remains one of the most effective ways to protect your account from targeted attacks.
  • Set a strong, random password for email and for every online account.

As with all suspicious emails, please read carefully and review the website links in these messages. Please be sure to delete these messages if you receive them.

         

What We Know About The Latest CPU Bugs Meltdown and Spectre and Steps You Can Take to Protect Your Organization

On Wednesday, January 3rd, two CPU bugs were discovered that could impact billions of devices worldwide. These two security flaws, known as Meltdown and Spectre, target most computer processing systems making it possible for attackers to steal sensitive data – including passwords, banking information, and encrypted communications.

Meltdown and Spectre: What Are These New Security Flaws?

Let’s start with Meltdown. Affecting Intel processors, Meltdown enables attackers to bypass the hardware barrier between applications that are being run and the computer’s memory – allowing for them to read a computer’s memory and steal passwords.

Spectre, on the other hand, breaks the isolation between different applications allowing attackers to essentially trick those applications into giving up valuable information. Spectre’s impact is larger given it affects Intel, AMD, and ARM processors. This expands its reach to include a multitude of devices, essentially anything with a chip in it.

Combined, these two bugs affect virtually every modern computer, including laptops, smartphones, tablets, and PCs from all vendors, running almost any operating system.

What steps can be taken to reduce the risk of being exposed to these two bugs?

Three steps your organization can take to reduce the risk of being impacted by these two security flaws are to patch your systems with the latest update, monitor CPU usage, and continue to keep an eye on this evolving threat.

  • Patch Your Systems

Patch Management is an essential part of securing your IT infrastructure. Meltdown and Spectre can impact devices running just about any operating system – including Windows, Mac, and Linux – or application leaving just about every organization at risk. Intel and ARM have issued patches that they deem will make your systems immune to these two bugs – but this requires users to download a patch and update their operating system to fix. If you have not already applied the necessary patches, make sure to do so as soon as possible.

  • Monitor CPU Usage

Because these two bugs target CPUs, be sure to continuously monitor CPU usage on all machines in your ecosystem. If you notice any unusual activity, be sure to raise a red flag to your IT leadership and explore the situation further.

  • Keep An Eye On This Evolving Threat

It has only been a few days since these security flaws were identified. More information is sure to surface over the coming days and weeks – including critical information from the security researchers who identified these flaws as well as the impacted providers Intel, AMD, and ARM.

         

PHISHING ALERT: FAKE LOGMEIN EMAILS PLAY OFF WANNACRY SCARE

On the heels of the publicity around the WannaCry ransomware scare, we’ve received reports about suspicious emails that are designed to look like they are coming from LogMeIn. These e-mails have all the hallmarks of a phishing attempt.  The reported emails have the same headline and text. In each case, these communications are meant to look like an alert of a computer infected with the now notorious “WannaCry” ransomware with an email subject line similar to the following: “Your computer is infected with WannaCry Ransomware.”  We want to make it clear that these communications did NOT come from LogMeIn and we urge recipients not to click on any such links if you receive a similar email.

As part of our commitment to security, we want to make sure our users and the public are aware of this specific email, as well as provide an easy way for people to identify the telltale signs of phishing attacks.

For more details, please see the full blog post at our corporate blog here. 

 

         

LogMeIn and WannaCry

LogMeIn has been monitoring the evolving WannaCry situation and taking proactive measures to mitigate the risk associated with this global event. To that end we have:

1) Made a concerted effort to patch all of our machines with the latest available security fixes;
2) Configured our internal computer security, security information, and event management (SIEM) tools to monitor for recognizable or known signatures of any WannaCry activity;
3) Alerted our end users within the organization to be ever vigilant; and
4) Been in communication with the vendors of our perimeter and end point protection security systems.

In addition, the LogMeIn corporate network is segregated from the production systems network, providing a further layer of protection and defense. As a result, at this time, we believe that our exposure to the WannaCry ransomeware is minimal and controlled.