Security Awareness

Expert Insights Gives TitanHQ 5 Best-Of Awards

Cyberattacks are occurring in record numbers and attacks are becoming more sophisticated, so it has never been more important for businesses to ensure they are well protected and have the right cybersecurity solutions in place. However, finding the right solutions at the right price can be a challenge for businesses, which is why many rely on independent B2B software review sites.

Expert Insights is a leading online platform that provides invaluable advice on business cybersecurity software solutions. The site has more than one million users a year, and each month more than 85,000 businesses rely on the reviews, advice, and buyers’ guides produced by the site’s researchers to help them find the best cybersecurity solutions to meet their needs so they can purchase with confidence.

Expert Insights regularly recognizes the leading companies and their products in its “Best-Of” awards. For the Fall 2022 Best-Of Awards, the huge range of cybersecurity solutions on the market was whittled down to 150 products in 41 different software categories, with the top 10 vendors in each category given a prestigious Best-Of award. The editorial team selected each product using several criteria, including the features of the products, how easy they are to use, customer satisfaction scores, and the company’s market presence, with each category also having its own specific criteria. Like the advice provided by Expert Insights, the selection of products in each category is not influenced by external factors, and each of the products included in the list is subjected to internal testing and analysis by Expert Insights’ in-house team.

TitanHQ is happy to announce that the company’s innovative cybersecurity solutions have been recognized in the Expert Insights Fall 2022 Best-Of Awards, with four TitanHQ products recognized in five of the cybersecurity categories.

The SafeTitan Security Awareness Training platform collected two Best-Of Awards in the Security Awareness Training and Phishing Simulation Categories, SpamTitan received an award in the Email Security category, WebTitan was recognized in the Web Security category, and ArcTitan received an award in the Email Archiving category. SpamTitan and ArcTitan were also rated top in their respective categories.

All TitanHQ solutions are provided through the best-in-class SaaS Cybersecurity Platform, which allows businesses to implement advanced, layered defenses to protect against a broad range of cyber threats including phishing, spear phishing, BEC, botnets, malware, and ransomware. The platform is also used by thousands of managed service providers to help their SMBs clients improve their security posture. All TitanHQ solutions are cloud-based, easy to implement, easy to use, and provide industry-leading protection at an affordable price.

“We are honored that TitanHQ was named as a Fall 2022 winner of Expert Insights Best-Of award for phishing simulation, email security, security awareness training, web security and email archiving” said TitanHQ CEO, Ronan Kavanagh.  “Our cloud-based platform allows partners and MSPs to take advantage of TitanHQ’s proven technology so they can sell, implement and deliver our advanced network security solutions directly to their client base”.

Relatively Simple Smishing Attack Compromised 130 Organizations

Phishing can take many forms and while email phishing is by far the most common way that threat actors phish for sensitive information and distribute malware, other forms of phishing are increasingly being used in attacks on businesses. Cybercriminals are taking advantage of the relatively poor defenses against SMS phishing – smishing. These attacks may be relatively low-tech, but they can be extremely successful.

Smishing involves making contact with targeted individuals via SMS messages. These attacks trick the recipient into clicking a link that directs them to a malicious website. That website may host a phishing kit that collects sensitive data such as login credentials. The website to which the user is directed spoofs a trusted company or may appear to be a website used by the targeted individual’s employer.

An alternate approach is to direct a user to a website hosting a malicious file, which provides the attacker with remote access to their device. If that device is a corporate-issued mobile phone, and single sign-on credentials are stolen, access can be gained to the corporate network. These attacks may be relatively simplistic and be sent in large campaigns to whatever phone numbers the attacker has procured, but some attacks are highly sophisticated and can defeat multi-factor authentication.

One of the most notable examples occurred this month and involved an attack on Twilio. Twilio is a provider of programmable communication tools for making and receiving phone calls and sending and receiving text messages, through its web service APIs. The smishing attack targeted Twilio employees and tricked them into disclosing their credentials, which allowed the attackers to access their accounts and also access the information of a limited number of its customers. The SMS messages themselves appeared to have been sent by the Twilio IT department and suggested the employees’ passwords had expired.

A link was included that employees could click to change their passwords, with the landing page created to mimic the one used by Twilio. Those URLs hosted the 0ktapus phishing kit, with the URLs including familiar words, such as Okta, Twilio, and SSO. The single sign-on credentials obtained in the attack allowed the attackers to gain access to multiple internal systems. They were then able to conduct attacks on 25 companies that used Twilio’s phone verification services and other Twilio services.

An investigation by researchers at Group IB revealed the attackers had successfully compromised more than 130 organizations and from those attacks, stole almost 10,000 sets of credentials, including 2-factor authentication credentials. Supply chain attacks were then conducted on downstream customers, including DoorDash, Digital Ocean, Mailchimp, and Klaviyo.

These attacks have been made much easier due to the reliance on mobile devices, especially with many companies having a hybrid workforce with many employees spending at least some of the working week at home. It is essential for security teams to implement security solutions that cover the mobile attack surface and to ensure that smishing and other types of phishing attacks are covered in employee security awareness training.

The Key to Effective Security Awareness Training is Providing Training in Real Time

Want to improve the security awareness of your workforce? You will have the greatest success if you provide training in real-time in response to risks taken by employees.

You can implement a new email security solution to block more email threats, use a web filter for blocking web-based threats, and endpoint security solutions for detecting malware and compromised devices. Add in multifactor authentication to stop stolen credentials from being used to access accounts and you will be well protected. However, none of those security measures will block voice phishing for instance, and even with all those security measures, threats will still reach employees, albeit at a much-reduced level. It only takes one employee to respond to a single phishing email to give an attacker a foothold in the network, so security awareness training for the workforce should not be neglected.

Businesses can develop their security awareness training programs from scratch or purchase a training platform from a vendor such as TitanHQ. Training should teach the workforce security best practices, get employees to always stop and think before taking actions that have the potential to compromise security, and employees need to know the signs of phishing. However, to get the greatest benefit from your investment of money and resources, you need to deliver training at a time when it is likely to have the maximum effect.

Many businesses provide classroom-based training sessions as part of the onboarding of new employees, they may even follow up with annual refresher training sessions. Employees may take this training on board and pass end-of-course quizzes, but it doesn’t necessarily mean they will apply what they have learned on a day-to-day basis.

Providing training once a year may be effective at changing behavior in the month after the training session, but what about 11 months later? Bad practices are likely to creep in over time. You can provide annual or biannual training, but also be sure to provide more timely reminders about security. These can include monthly cybersecurity newsletters, and it is also useful to add a banner to external emails warning the user that the email has come from an external and less trustworthy source. A mail client add-on is also recommended to allow one-click reporting of suspicious emails to the security team – You need to make it as quick and easy as possible for employees to report potential threats.

It is also strongly recommended to use a training platform that delivers training in real-time in response to mistakes by employees. If you want to build a security culture, you should be running phishing simulations, and any failure should trigger immediate and relevant training. That training could be a 5-minute video related to the mistake that was made. This timely training is likely to be much more effective than waiting a few months to provide a general training session.

SafeTitan allows timely training to be provided, not just in response to clicks in phishing simulations, but also in response to other security errors. Real-time intervention training can be triggered in response to a risk taken by an employee. This is important as the employee may not even be aware they have engaged in risky behavior and will likely continue to take risks in the future if there is no intervention. With SafeTitan, administrators can configure the solution to automatically send training content, policy reminders, data regulations, and compliance standards to staff when they engage in risky cyber behaviors.

All SafeTitan training content is gamified, highly interactive, and enjoyable for employees, and can be accessed via a browser from anywhere. Since no module is longer than 10 minutes, training is easy to fit into even the busiest workflows. If you want to improve your security posture, ensure you train the workforce, but be sure to also provide real-time training to get the best return on your investment.

For more information about creating a human firewall using SafeTitan, give the TitanHQ a call. Product demonstrations can be arranged on request.

ArcTitan Awarded Best In Class Award by Expert Insights

TitanHQ has been awarded a best in class award by Expert insights for ArcTitan Email Archiving, in a haul of 5 awards at the Expert Insights’ Spring 2022 Best-Of awards.

Email archiving is important for compliance with state, federal, and industry regulations for data retention, allowing vast numbers of emails to be searched in seconds and recovered on demand. The solution works seamlessly with Office 365, offering several key benefits over the native Office 365 email archiving feature, including enhanced search and storage, simplified archiving, and a greatly reduced management overhead.

ArcTitan users have reviewed the product on the Expert Insights website and praised the solution for its speed, scalability, ease of use, and the lack of storage limits, with one of the most common plus points from userd being the price of the solution. The solution was ranked top in a group of 10 email archiving solutions at the Expert Insights Spring 2022 Best-Of Awards.

It was not just ArcTitan that was recognized as best in class. TitanHQ’s email security solution,n SpamTitan, ranked 1st in the Best Email Security category, with WebTitan DNS Filter ranking second in the Web Security category. It didn’t end there, as the latest addition to the TitanHQ product portfolio, SafeTitan Security Awareness Training, collected two Best-Of awards in the Security Awareness Training and Phishing Simulation categories.

Expert Insights is an important resource for IT professionals and business owners which helps them make the right purchasing decisions. The site provides valuable insights into the best B2B solutions on the market, provides technical reviews and analysis, editorial buyers’ guides, industry analyses, and other valuable content. The site is visited by 80,000 individuals each month.

These awards recognize the continued excellence of the providers in these categories,” said Joel Witts, Expert Insights’ Content Director. “Each of the services recognized in our awards are providing in many cases an essential service to their users, driving business growth, securing users in a challenging cybersecurity marketplace, and massively improving business efficiency.” 

The awards come after a quarter that has seen TitanHQ beat several growth records, especially in the United States. A new U.S. office has been set up to handle the increase in enterprise, SMB, and MSP customers, and this year has seen an additional 12 strategic hires in North America which is helping to continue to drive the impressive growth.

“The recent pandemic and the growth of remote working initiatives have further highlighted the need for multiple layers of cybersecurity and our award-winning solutions form key pillars in this security strategy. We will continue to innovate and provide solutions that MSPs can use to deliver a consistent, secure and reliable experience to their customers,” said TitanHQ CEO Ronan Kavanagh.

Benefits of a Security Aware Workforce

Technical defenses are essential for preventing cyberattacks, but many attacks target employees and will bypass those defenses. Having a security-aware workforce can be the difference between just another normal business day and the permanent closure of your business. 60% of small businesses permanently close within 6 months of suffering a cyberattack and data breach.

Ensure your technical defenses are up to scratch…

2021 was another record-breaking year for cyberattacks. A 2022 Check Point Research report shows there was a 50% increase in cyberattacks in 2021 compared to 2020 and more than 60% of businesses have now suffered at least one type of cyberattack. Last year, cyberattacks on businesses were occurring at a rate of one every 39 seconds!

Cyber threat actors use a variety of techniques to gain access to business networks, including brute force attacks to guess weak and default credentials, and unpatched vulnerabilities in software and operating systems are exploited, but phishing remains the number one security threat. It is vital for security to implement technical measures to protect against email attacks. The best defense is an advanced email security solution with machine learning technology that is able to predict new attacks and block phishing emails from IP addresses that have not previously been used for malicious purposes. The email security solution should also provide protection against all known malware threats, but also include protection against zero-day malware attacks through sandboxing. SpamTitan from TitanHQ has these features and blocks the vast majority of malicious emails.

…but don’t neglect security awareness training for the workforce

As good as SpamTitan is at detecting and blocking threats, some malicious emails will inevitably be delivered. No email security solution will block all threats without also blocking an unacceptable number of genuine emails. The aim of email security software is to reduce the volume of threats that reach inboxes. Technical defenses will not eliminate threats entirely.

Your technical defenses need to be complemented with human defenses. If your employees are not trained on how to recognize threats, they are likely to be fooled if a threat lands in their inbox. That is especially true for targeted attacks such as spear phishing, where messages are sent to a select group of employees and the emails are carefully crafted to maximize the chance of a response. The emails masquerade as typical business emails, and they often include the logos and color schemes of trusted brands and can be difficult to identify if you don’t know what to look for, If an employee responds to a phishing email and opens an attachment, malware would likely be installed. Employees could be tricked into clicking a hyperlink and visiting a malicious website where their credentials are harvested, which would give the attacker access to the email environment and sensitive data and provide a springboard for a more extensive attack on the organization.

Many businesses invest in email security defenses and other cybersecurity solutions, only to neglect the human element. Some provide cybersecurity training during the onboarding process but then never again, or provide annual refresher training sessions, but such infrequent security training is no longer sufficient given the current threat level.

To create a formidable human firewall, training must be provided and regularly be reinforced. You also need to check whether the training has been effective. Some employees may require multiple training sessions to learn the skills to be able to recognize email threats. The best way to do this is through phishing email simulations. Through regular training and simulations, the risk of a successful cyberattack can be greatly reduced.

To help address this common gap in security, TitanHQ has launched the SafeTitan security awareness training platform. SafeTitan is the only behavior-driven security awareness platform that delivers training in real-time and helps businesses significantly improve their defenses against social engineering and advanced phishing attacks. If you have not provided training to your workforce, or if you are not conducting phishing simulations, take a look at SafeTitan and start working on your human firewall today.

Security Awareness Training Added to TitanHQ Portfolio with Cyber Risk Aware Acquisition

TitanHQ, the leading cybersecurity SaaS business, has announced its acquisition of Cyber Risk Aware. Established in 2016, Cyber Risk Aware is a global leader in security awareness and mitigation of human cyber risk, assisting companies to help their staff protect the company network.

Cyber Risk Aware delivers real-time cyber security awareness training to staff in response to actual staff network behavior. This intuitive and real-time security awareness training reduces the likelihood users will be impacted by the latest threats such as ransomware, BEC attacks, and data breaches, whilst also enabling organizations to meet compliance obligations.  Leading global businesses that trust Cyber Risk Aware include Standard Charter, Glen Dimplex, and Invesco.

The acquisition will further bolster TitanHQ’s already extensive security offering. The combination of intelligent security awareness training with phishing simulation and TitanHQ’s advanced email protection, DNS security, email encryption, and email archiving solutions create a powerful, multi-layered cybersecurity platform that secures end users from compromise. This is the go-to cybersecurity platform for IT Managed Service Providers and internal IT teams.

“This is a fantastic addition to the TitanHQ team and solution portfolio. It allows us to add a human protection layer to our MSP Security platform, with a fantastic feature-rich solution as demonstrated by the high-caliber customers using it. Stephen and his team have built a great company over the years, and we are delighted to have them join the exciting TitanHQ journey.” said TitanHQ CEO Ronan Kavanagh.

Stephen Burke, CEO of Cyber Risk Aware, commented: “I am incredibly proud that Cyber Risk Aware has been acquired by TitanHQ, cybersecurity business that I have greatly admired for a long time. Today’s announcement is fantastic news for both our clients and partners. We will jointly bring together a platform of innovative security solutions that address the #1 threat vector used by bad actors that cause 99% of security breaches, “End User Compromise”. When I first started Cyber Risk Aware, my aim was to be the global security awareness leader in delivering the right message, to the right user at the right time. Now as part of TitanHQ, I am more excited than ever about the unique value proposition we bring to market”.

The solution is available to both new and existing customers and MSP partners at TitanHQ.com and is now branded as SafeTitan, Security Awareness Training. Cyber Risk Aware existing clients are unaffected and will benefit from improvements in the platform in terms of phishing sims content and an exciting, innovative product roadmap.

For more information on TitanHQ’s new Security Awareness Solution, visit https://www.arctitan.com/safetitan/