With cybercrime predicted to cost the world $9.5 trillion in 2024, SentryBay has developed a range of solutions to help enterprises, their customers, and partners arm themselves against cybersecurity threats.
The main aim of our solutions is to create a fortified environment that allows users to securely connect to their network, whether on-premise or in the cloud, particularly if they are working remotely. This has multiple benefits for organizations – protecting them from attacks, securing their sensitive data, and ensuring they comply with industry regulations, international laws, and local guidance. In addition, our solutions enforce protection mechanisms, meaning that users must implement them to gain access to data and applications, but our one-click simple download and automated, centralized configuration provides instant protection. The time to act is now because according to research published by Cybercrime Magazine, global cybercrime damage costs are expected “to grow by 15 percent per year over the next two years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015.”
Zero-Trust Approach
Endpoint devices accessing the corporate network represent the greatest threat to organizations. They can be managed or unmanaged, known, or unknown, but if they are unsecured, they can potentially give hackers a way in. A zero-trust approach is one in which all users and all devices must be verified before they are given access to corporate data, applications, platforms, and networks. The motto ‘never trust, always verify’ is important to remember and a good rule for companies to live by.
“Implementing zero trust is not straightforward. It needs to be regarded as a holistic exercise that envelops every part of the business,” comments Tim Royston-Webb, CEO, SentryBay. “It’s not a single solution or a platform, it’s an approach to the cybersecurity threat that must be built into a company’s broad IT security strategy and preferably layered so that it can deliver the greatest protection.”
Impact of Global Events on Cybersecurity
Since the pandemic there has been a seismic impact on how cybersecurity is now viewed. Not only have attacks risen exponentially, but most office-based employees became remote and since lockdown ended the world adjusted to a more hybrid approach. The exposure of companies to risk has never been so high, so attention is being paid to how best they can protect their applications, data, and people from attacks. To begin with, many organizations scrambled to keep staff productive, even if that meant using their own devices. From a security perspective, this was dangerous. More recently, and as people started to go back into physical offices, many have adopted a BYOD policy alongside the tried and tested method of Internet security, antivirus software, and securing the wireless network with a VPN. Attacks have continued to happen, and a realization has set in that this triumvirate will no longer fend off the latest malware.
Keeping Data Secure in The Hybrid Work Era
The strategy for cybersecurity needs to reflect the changing corporate environment. Many organizations are adopting a hybrid IT approach which means that their applications, platforms, and workloads are distributed across private and public clouds, co-location, or private data centers and this requires better control of security. Companies must recognize the vulnerability of the endpoints that their employees are using and start from that perspective.
“Organizations can benefit from solutions that create a secure container providing them with multi-platform protection from a single pane of glass,” states SentryBay’s Chief Operating Officer Marcus Whittington. “Data entered at the endpoint is automatically ‘wrapped’ to prevent it from being stolen or infiltrated before it reaches the cloud server or the network without the need to identify the threat or its origins. This provides an unprecedented level of protection to users and organizations that is easily integrated, including across hybrid cloud or IT environments.”
Taking Measures
There are some golden rules that should be drummed into everyone. Never respond to emails or texts asking for suspicious information like updated payment details. First, make sure it all makes sense and check authentic websites for any fraud alerts.
Ensure you operate antivirus with all security functions turned on and ensure it is set to auto-update daily – and if there is a warning from the browser take it seriously. Always ensure you only enter websites with certificates (typically showing a padlock next to the URL) and access them using a recognized browser with all security settings on. Always use closed and secure wi-fi when doing anything that involves entering personal or financial information. And finally, use data protection software that protects every keystroke.
Endpoint Security When a Device Is Compromised
Any malware can take advantage of an endpoint that is unsecured but perhaps the most insidious are kernel-level keyloggers. They enter through an unprotected endpoint or even one protected by a standard antivirus solution, and they sit, undetected, at a low-level, harvesting keys tapped on the keyboard the second they enter the operating system and are infamously difficult to eradicate.
Other forms of cyberattack target the vulnerable data entered into an application after login or sensitive data displayed on the screen through the application. Such attacks include screen capture or screen grabbing, DLL injection, and Man-in-the-Browser attacks. Screen grabbing captures the screen when certain events occur, putting at risk all information held within applications and entered at the keyboard. A DLL Injection attack is a method of inserting malicious code into an application to access sensitive data, and a MiTB attack will typically use JavaScript code running in the browser to gain access. All these take advantage of unprotected endpoint devices and once they get access, they have the potential to steal sensitive corporate data and create havoc.
Organizations often fail to see the full scope of their attack surface and there are a variety of reasons. Sometimes they don’t have a full picture of every asset in their environment, so an unprotected laptop or even a smart printer, for example, is missing from their inventory. It could be that the complexity of their infrastructure makes it hard to understand where vulnerabilities lie. It can also be that they believe they do see the full scope but have not adopted zero trust, and therefore access is granted when it shouldn’t have been. There are multitudes of reasons.
Why SentryBay?
“SentryBay are constantly improving our products as cyber threats evolve and expanding the number of threats protected. In addition, the company strives to make it easier for customers to use our products without interfering with their day-to-day computer work. SentryBay’s Armored Client takes a layered approach to protecting endpoint devices being used remotely to access business applications and data. Whether employees or contractors are using unmanaged BYOD or managed endpoint devices, all corporate apps are targeted on the endpoint and run in a secure session.” concludes Tim Royston-Webb, CEO, SentryBay. “We spend a large proportion of our revenues on research and development to ensure the company stays at the leading edge of the security industry. This is illustrated by our blue-chip customer base which includes some of the largest, most security-conscious organizations and governments in the world.”