Categories
Articles Cybersecurity

Top 11 Cyber Protection Solutions for Businesses – a comparison

If you spend more on coffee than on IT security, you’ll be hacked. What’s more, you deserve to be hacked.” – Richard A. Clarke, American Advisor.

Cybersecurity is a key enterprise-wide concern for organizations. Whether you’re a small organization with 2-100 employees or a corporate giant with more than 10,000 employees, if you’re dealing with data, you’re always at the risk of a cyber-attack.

Look at some of the astounding cyber-security statistics1:

        • Data breaches exposed 4.1 billion records in the first half of the year 2019.
        • Security breaches have increased by 11% since 2018.
        • The average time to identify a breach was 206 days in 2019.
        • The average cost of a data breach is $3.92 million as of 2019.

Coupled with digital transformation and increasing cloud migration, the cyber-risk of companies has increased. As businesses and individuals expose themselves to digital ecosystems, they need to equally pay attention to control their risk of falling prey to a cyber-attack.

And, amidst the coronavirus pandemic, these cyber crimes have increased by 600%. There has also been an increase in phishing emails and coronavirus scams.

As cyber-criminals become more sophisticated and organized, it is important to up the IT security measures of your organization too. A range of vulnerabilities like malware, viruses, ransomware, social engineering attacks, etc. requires businesses to look for holistic cyber protection solutions that can protect data not only from the known vulnerabilities but even from the unknown.

Whether you’re an MSP looking to protect your end customers from cyberattacks or an IT security officer looking forward to finding the best cyber protection solutions for your company, the following blog is for you.

We have prepared a list of top cyber protection solutions for businesses and compared them to help you pick the right solution.

Download spreadsheet to see all features in detail.

Top Cyber Protection solutions for enterprises

Note: For the purpose of doing a balanced comparison, we have chosen enterprise plans for medium to large-sized businesses of all these vendors.

1. Acronis

Product: Acronis Cyber Protect

Acronis Cyber Protect is a complete cybersecurity and endpoint security management solution that integrates backup, next-gen anti-malware, disaster recovery, and cyber protection solutions tools into one single package. The solution primarily helps MSPs (Managed Service Providers) make security an inherent part of their product portfolio. This can help them proactively prevent cyberattacks, ensure fast recoveries, reduce downtime, and automate the configuration of end customers’ data protection to counter increasing cyber threats. It offers a single agent and a single console. While the former helps in increasing performance and avoiding agent conflicts, the latter enables seamless employee onboarding and maintenance.

Source: Acronis

Features and capabilities:

  • Antimalware and antivirus: The antimalware and antivirus capabilities ensure endpoint security of user devices. On-demand scanning, behavioural analysis, AI-based pre-execution analysis, dynamic detection rules, and other embedded features provide all-around security to the end-customers.
  • Fail-safe patching: The fail-safe patching feature allows the safe installation of security patches. Before any security patch is downloaded and installed, the solution takes an image backup of the existing system. Thus, in case of a bad patch, users can roll-back to a previous working state.
  • Smart Alerts: The global network of Acronis Cyber Protection Operation Centers (CPOC) helps users get real-time alerts on malware, natural disasters, vulnerabilities, and other global-scale events that are a security threat.
  • Backup and Recovery: The forensic backup and safe recovery can help manage compliances and accelerate internal investigations through capabilities like memory dumps, disk-level backups, etc.
  • CyberFit protection status: With CyberFit analysis, users can quickly assess the security and protection status of their devices. Other productivity boosters of IT professionals include data protection mapping to discover important files that are not yet protected, and the ability to connect to a remote computer, directly from a management console.
  • VPN capability: Amidst the coronavirus pandemic, the security of the remote workers’ devices is a top concern for the IT security teams. The Acronis Cyber Protect can also take care of the security of remote work devices using tools like VPN and data wiping from remote devices.

2. Avast

Product: Advanced all-in-one cybersecurity solution

Avast for business is an all-in-one cybersecurity solution for modern workplaces. The cyber protection solution designed for small to large businesses offers maximum protection against cyberattacks. All-in-one cybersecurity represents a combination of next-gen endpoint protection and a cloud-based network security solution that provides all-round security to today’s digital systems running on the cloud. It includes multiple layers of security to block cyberthreats from all possible endpoints. Get 10 % off Avast Business Endpoint Protection products. 

Source: Avast

Features & capabilities:

  • Endpoint Protection: Avast Business Next-Gen AV uses a multi-layered detection of threats approach with the help of artificial intelligence. It helps the system to quickly identify new and emerging cyberthreats.
  • Cloud Backup: The cloud backup layer in the all-in-one security solution uses cloud-based backup and recovery to ensure that organization’s data is safe for improved business continuity and data security.
  • Integration: All the point products and cyber protection solutions are tactfully consolidated into one platform to allow easy management and protection of devices, data, and more.
  • Application Protection: The inclusion of Avast Business Patch Management allows companies to manage, maintain, and update Windows and other third-party applications from a single platform. It simplifies patching across multiple applications.
  • Web Protection: The cloud-delivered network security solutions helps fight against the threats coming from web and SSL vulnerabilities.

3. Bitdefender

Product: GravityZone Elite

Bitdefender GravityZone Elite is designed to protect businesses from a huge spectrum of sophisticated cyber threats. It is an integrated endpoint protection and risk management software. It adds multiple layers of defence in an organization’s network with more than 30 machine-learning driven security technologies. It acts as a single agent and single-console platform for protecting physical, virtual, mobile, and even cloud-based endpoints as well as email.

Source: Bitdefender

Features and capabilities

  • Attack forensics and visualization: Attack forensics and visualization feature gives administrators more visibility into their organizations’ threat landscape. This in turn helps in identifying a broader context of attacks on endpoints.
  • Endpoint hardening and risk management: The endpoint hardening feature helps businesses strengthen their security posture with the help of the integrated device, application controlling, encryption, patching, and other technologies.
  • HyperDetect machine learning models: The HyperDetect is built on machine learning models and contains stealth attack detection technology. It acts as an additional layer of security by detecting advanced attacks.
  • Network attack defence: This relatively new feature is designed to detect and prevent attacks which make use of network vulnerabilities. It helps in the detection of a wide array of cyberattacks.
  • Sandbox analyzer: The sandbox analyser provides pre-execution and detection of advanced attacks. It automatically sends files that are suspicious to cloud sandbox and takes remedial action based on the verdict.

4. F-Secure

Product: F-Secure Protection Service For Business (PSB)

F-Secure Protection Service For Business is a cloud-native endpoint protection solution that is designed to protect businesses from cyber threats like ransomware and data breaches. It provides a central management system for simplified management of computers and mobile devices from a single console. The F-Secure PSB portal helps users to monitor their connected devices and track the security status. It can protect computers (Windows, Mac), mobile devices (Android), and servers (Windows, Linux).

Source: F-Secure

Users can create and apply custom settings to all or selected devices to match the company’s overall security policies.

Features and capabilities:

  • All-around security: The F-Secure PSB offers all-around cyber protection solutions to a company’s endpoints – from the computer and mobile devices to email and server endpoints.
  • Password Manager: The smart business security solution from F-Secure can also take care of users’ passwords. It offers a password manager feature for Windows and Mac computers as well as Android devices.
  • DeepGuard: This feature is based on heuristic, behaviour, and reputation analysis using sophisticated technology and can provide a significant layer of security to the user devices.
  • Software Updater: Keeping the operating system updated to its latest security patch is crucial to avoid vulnerabilities and risks. The software updater feature reduces the exposure to vulnerabilities by keeping the OS and third-party applications up to date.
  • Device Control: This feature is available for computer protection only. It can prevent threats from accessing user systems via hardware devices such as CD-ROM drives, USB sticks, and web cameras. It also helps in preventing data leakage by allowing read-only access.

5. Kaspersky

Product: Kaspersky Integrated Endpoint Security

Kaspersky’s Integrated Endpoint Security solution is an industry-acclaimed cybersecurity solution with EDR (Endpoint Detection and Response). It is designed for enterprise customers, empowering them to defend their networks and information effectively.

The endpoint security solution is an integration of three components – Endpoint Protection Platform (EPP), a Sandbox, and the EDR. Together, these components can help reduce the risk of falling prey to targeted attacks, maximize the number of incidents processed, harden systems and prevent employees from exposing themselves to an attack – making it one of the strongest cyber protection solutions. System hardening and automating routine tasks such as patch and vulnerability management can reduce the risk of human errors.

Source: Kaspersky

Features and capabilities:

  • Kaspersky EDR Optimum: The component allows full visibility and the ability to apply root-cause analysis to gain a complete understanding of the status of corporate defences against cyber-attacks.
  • Kaspersky Sandbox: The new Kaspersky Sandbox component is designed to automatically protect devices against advanced-level threats. It is based on the threat of emulation technology.
  • Endpoint Security for Business: This helps in providing flexible security for mixed environments to deliver automated defences against threats and system hardening.
  • Kaspersky Health Check Service: One of the key features is Kaspersky’s Health Check Service. Once the user installs the solution, the feature can verify correct deployment and optimal configuration for the system.
  • Security Awareness: Employees need to be made aware of the security risks of the organization and how they can save themselves from falling prey to such attacks. Kaspersky Security Awareness uses the latest learning techniques in a series of computer-based training sessions to reduce the risk of human error.

6. McAfee

Product: McAfee Endpoint Security

McAfee Endpoint Security is a complete cyber protection solution for businesses that is purpose-built for proactive threat management with proven security tools and features. From preventing attacks to hunting malicious activities, McAfee Endpoint Security solution easily fits into the cybersecurity needs of the digital enterprises. It is equipped with McAfee MVISION Insights capabilities that can ensure system security backed with automation, reporting, and easy management.

Source: McAfee

Features and capabilities:

  • MVISION Insights: With MVISION Insights capabilities, businesses are given alerts and notifications on potential threats. It also helps in security assessment and defining the security posture of a company.
  • Advanced Threat Defences: The solution is built on advanced threat defences like Dynamic Application Containment (DAC), Real Protect, and more.
  • Intelligent Endpoint Protection: With multiple connected endpoint defence technologies, McAfee Endpoint Security can share observations in real-time. This helps in better coordination of defences and intelligent protection against targeted attacks.
  • Adaptive Scanning: The solution bypasses the scanning of known and trusted processes and prioritizes suspicious applications. The adaptive behavioral scanning can monitor, target, and escalate any suspicious activity.
  • Story Graph: With Story Graph feature, administrators can have a bird’s view of infections – where they are and length of the exposure.

7. Microsoft 

Product: Microsoft Defender Antivirus

Microsoft Defender (previously, Windows Defender) for Endpoint offers a complete endpoint security solution to help organizations secure their remote workforce. It delivers proactive protection, post-breach detection, automated investigation, and response against cyberthreats targeting the endpoints – where data lives. With Microsoft Defender ATP, businesses can cover additional devices without requiring any additional license, followed by preventive and reactive support to security teams. It is one of the most popular cyber protection solutions out there.

Source: Microsoft

The holistic solution includes risk-based vulnerability management as well as assessment, behavioural based next-generation protection, attack surface reduction, automatic investigation and remediation, endpoint detection and response (EDR), managed hunting services, etc. along with rich APIs and unified security management.

Features and capabilities:

  • Real-time threat and vulnerability management: It helps in discovering vulnerabilities and misconfigurations in real-time for quick remediation. This bridges the gap between security and IT teams and improves the overall security posture.
  • Automation: The solution can seamlessly go from alert to remediation with the help of automation. It can automatically investigate alerts and remediate them within minutes.
  • Behavioural monitoring: With behavioural monitoring, enterprise IT security teams can detect and respond to advanced threats, as well as prevent spot attacks and zero-day exploits.
  • Reduce attack surface: It helps reduce attack surface by minimizing the points where an organization can be vulnerable to cyberthreats.
  • Block sophisticated malware and threats: The in-built next-generation protection defends against various polymorphic and metamorphic malware and file and file-based threats.

Suggested Reading: NoSQL Database Comparison – Alibaba Cloud, AWS, Google Cloud, IBM and Microsoft

8. Sophos

Product: Intercept X Endpoint

Sophos Intercept X Endpoint is the most comprehensive endpoint protection that is available for devices running Windows 7 and above, 32 or 64-bit and Mac OS. It can provide complete protection against the widest range of cyber threats including malware, exploits, ransomware, and viruses. The Intercept Advanced combines the features of Intercept X and Central Endpoint, while Intercept X Advanced with EDR also includes the intelligent endpoint detection and response (EDR). All these solutions can be managed by one unified console i.e. Sophos Central.

Source: Sophos

Features and capabilities:

  • Anti-ransomware: Sophos Intercept X Endpoint provides advanced protection that can monitor and secure the whole attack chain using deep learning techniques and CryptoGuard which can rollback any unauthorized encryption of files within seconds.
  • Endpoint Detection and Response: Sophos Intercept X Advanced with EDR combines the capabilities of powerful endpoint protection with EDR for securing IT security as well as identifying new and emerging cyber threats. It can detect and investigate any suspicious activity via AI-driven analysis.
  • Deep Learning Technology: The integration of deep learning into the Intercept X Endpoint provides a predictive approach to protection against several known and novel vulnerabilities.
  • Exploit Prevention: This feature protects against exploit-based, fileless, and malware-less attacks. The security solution can stop zero-day attacks by taking away the vulnerable endpoints and hackers’ favourite attack points.
  • Active Adversary Mitigations: The Intercept X makes use of a range of techniques including code cave utilization detection, credential theft prevention, and APC protection.
  • Managed Threat Response: Sophos Managed Threat Response (MTR) is integrated into Intercept X Advanced with EDR and MTR to provide 24/7 threat detection, hunting, and response capabilities as a fully managed service.

9. Symantec

Product: Symantec Endpoint Security

Symantec Endpoint Security is a comprehensive and integrated endpoint security platform. It works as a single agent to protect an organization’s traditional and mobile endpoints. It uses artificial intelligence to optimize the security framework and provide maximum protection against threats emerging at device, application, and network level. The unified cloud-based management system further simplifies protection, detection, and response mechanisms against advanced threats. It comes in two major versions – Endpoint Security Complete and Endpoint Security Enterprise.

Source: Symantec

Features and capabilities:

  • Proactive endpoint defence: This feature is built on pre-attack surface reduction capabilities that continuously scans for vulnerabilities and misconfigurations across various endpoints and applications.
  • Attack prevention: It provides a multilayer attack prevention capability that can immediately and effectively protect against fileless and file-based attacks. It further helps in malware prevention, exploits’ prevention, intensive protection, and network connection security.
  • Breach prevention: With breach prevention, the solution aims to contain attackers as early as possible, probably at the endpoint only, before they can breach the network. This is possible through various AI-driven deception and intrusion prevention technologies.
  • Post-breach response and remediation: With the combined capabilities of EDR (endpoint detection and response) and SOC (security operations centre), it helps to quickly close out endpoints and minimize attack impacts. Advanced threat hunting, behaviour forensics, and integrated response help in post-breach response and remediation.

10. Trend Micro

Product: Apex OneTM

Trend Micro Apex OneTM endpoint security solution offers advanced automated threat detection and response against a variety of cyber threats, including ransomware and fileless attacks. It is a blend of advanced threat detection tools and techniques that are delivered through a single-agent architecture. Automated threat detection and response helps in closing any security gaps across different endpoints and user activities. Its integration into endpoint detection and response (EDR) gives centralized visibility and control to the users. Its protection points include physical endpoints, Microsoft Windows PCs and servers, Mac Computers, and Point of Sale (POS) and ATM endpoints.

Source: Trend Micro

Features and capabilities:

  • Automated detection and response: It provides automated threat detection and response for faster recovery. Services like Trend Micro Endpoint Sensor and Managed detection and response (MDR) are available as add-ons to provide investigation capabilities across endpoint, email, and server.
  • Malware and ransomware protection: With its advanced cybersecurity techniques, it can protect the endpoints against malicious scripts, malware, and ransomware.
  • Connected threat defence: The Trend Micro Apex One cybersecurity solution can easily integrate with other security products with the help of Trend Micro’s global cloud threat intelligence.
  • Both SaaS and on-premise delivery: It gives users the flexibility to choose between on-premise or SaaS (Software-as-a-Service) deployment modes.
  • Virtual patching: This feature is built on Trend Micro’s Vulnerability Protection technique. It can virtually patch vulnerabilities to protect the device even before the patch is available or deployable.

11. Webroot

Solution: Business Endpoint Protection

The Webroot business endpoint protection is designed to stop sophisticated cyberattacks, including contextual threat intelligence, industry-leading efficacy and next-generation protection.

The cloud-based console streamlines management and helps in faster-deployment and scans, PSA, RMM, and BI integrations.

With lower TCO and flexible billing, organizations can save time and increase efficiency.

Source: Webroot

Features and capabilities:

  • Secure and distributed cloud architecture: The solution is built on multiple secure global data centers to support the end-users globally with full-service redundancy and resilience.
  • Multi-shield protection: It uses protection shields like real-time, core system, behaviour, Identity, Web Threat, Phishing, and offline shields to safeguard against zero-day attacks.
  • Offline protection: It not only supports the user devices and systems when they are online but also stops attacks when the device is offline by using separate file execution policies for USB, local disk, DVD, and CD drives.
  • Malware detection, prevention, and protection: It provides complete protection against viruses, trojans, malware, phishing, spyware, ransomware, cryptojacking, browser-based attacks, credential-stealing attacks, and other types of endpoint threats.

To help you compare the features of cyber protection solutions discussed in this article, we have also prepared a quick comparison table.

Top Cyber Protection solutions – A quick comparison table

Features Acronis Avast Bitdefender F-secure Kaspersky McAfee Microsoft Sophos Symantec Trend Micro Webroot
Product Acronis Cyber Protect Avast for Business Bitdefender GravityZone F-Secure Protection Service for Business Integrated Endpoint Security McAfee Endpoint Security Microsoft Defender for Endpoint (including ATP) Intercept X Endpoint Symantec Endpoint Security Apex One Webroot Business Endpoint Protection
Deployment Options
SaaS Yes Yes X Yes Yes Yes Yes Yes Yes Yes Yes
On-Premises Yes Yes Yes X Yes Yes X Yes Yes Yes X
Operating Systems and Languages Supported
Windows Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Mac Yes Yes Yes Yes Yes Yes Limited Yes Yes Yes Yes
Linux Yes Yes Yes Yes Yes Yes Limited X Yes X Yes
Supported Languages 25 n/a n/a 27 1 20 1 12 1 12 14
Threat and Malware Protection Features
AI-based threat detection Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Behavioral Analysis Yes Yes Yes Yes Yes Yes Yes Available with Advanced and Advanced with EDR versions Yes Yes Yes
ML based protection Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
URL filtering Yes X n/a Yes Yes Yes Yes Available with Advanced and Advanced with EDR versions X X X
Automatic Backup of data before patching Yes Yes n/a Yes X X X X X X X
Zero-day attacks Yes X Yes Yes Yes Yes Yes Yes Yes Yes Yes
Self-Protection Yes X Yes Yes Yes Yes Yes Yes Yes Yes Yes
Firewall X X n/a Yes Yes Yes X Yes Yes Yes Yes
Web Security X Yes Yes Yes Yes Yes Yes Yes Yes Yes X
Email Security X Yes Yes Yes X X Yes X Yes Yes Yes
Two-factor Authentication Yes Yes Yes Yes Yes Yes Yes X Yes Yes Yes
Malware Scan Yes Yes Yes Yes Yes Yes Yes Available with Advanced and Advanced with EDR Yes Yes Yes
Secure network gateways X Yes Yes Yes X Yes X X Yes Yes Yes
Multi-shield Protection X X Yes Yes X Yes X X X X Yes
Heuristics X X X Yes X X Yes X X X Yes
Protection Against Fileless Threats & ransomware Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes X
Other Data Protection and Backup Features
Vulnerability Assessments Yes X Yes Yes Yes X Yes X Add-on Yes X
Patch Management Yes Yes Yes Yes Yes X X Available with Advanced and Advanced with EDR Add-on Yes (Virtual Patching) X
Drive/local or hard disk health Yes X n/a Yes X X X X X Yes (Local disk and hard drive encryption) X
Integrated Disaster Recovery Yes Yes n/a X X X X X X X X
Forensic Backups Yes X X X X X X X X X X
Real-time threat defences Yes Yes X Yes X Yes X Yes Yes Yes Yes
Remote Agent Installation & endpoint management Yes X Yes Yes X X X X X X Yes (Remote Endpoint Management)
Auto-discovery of new devices Yes X X X X X X X X X n/a
Continuous Data Protection Yes X X X Yes X X X Yes X X
Offline Protection X X X X X X X X X X Yes
White and blacklisting X X X Yes X X X X Limited Yes Yes
Data Protection Map Yes X X n/a X X X X X X X
Auto-remediation Yes X Yes n/a X Yes Yes X X X Yes
Service Provider features for easy management
Single Console Yes Yes Yes Yes Yes Yes (McAfee ePolicy Orchestrator) X Yes (Sophos Central) X Yes(Trend Micro Apex Central) Yes
*Free Trial X X Yes Yes Yes Yes X Yes (Basic) X Yes (SaaS model) Yes
Unified Protection policies management Yes X X n/a X X X X X X X
Dashboards and reports Yes Yes X Yes Yes MVISION Insights dashboard X Yes X Yes Yes
Maintaining Licenses Yes X X X X X X X X X Yes
White labelling Yes X X X X X X X X X X
Pay-as-you go pricing or flexible billing Yes n/a n/a n/a n/a Yes X Yes Yes Yes Yes (Flexible Billing)
*RMM, PSA, BI Integrations Autotask, Connect Wise Automate, Connect Wise Manage, Connect Wise Control, Kaseya, Atera X X X X X X X Kaseya, Connect Wise Automate, SolarWinds N- central X Yes
Endpoint Detection Response Integration (EDR) X X X Yes Yes Yes X Available with Advanced with EDR Yes (With SES Complete version) Yes X
Managed Detection and Response X X X X Yes X X Yes n/a Yes (Available as add-ons) X
Custom Integration APIs X X X X X X Yes n/a n/a n/a Yes
Automatic Software Agent Updates X X X Yes n/a X X X X n/a Yes
Automatic Alerts X X Yes Yes Yes Yes (with MVISION Insights capabilities) Yes X X Yes Yes
*Support X X n/a Yes Yes (On higher plans) Yes n/a X X n/a Free Telephone Support
  • *Features marked asterisk can vary according to the available versions/plans of the service.
  • n/a represents lack of accurate/direct information.
  • The services compared in this cyber protection solutions blog are stated in alphabetical order.
Download spreadsheet to see all features in detail.

Got something to add? Help us make this blog better by sharing your feedback in the comments section.

Source:
1 https://www.varonis.com/blog/cybersecurity-statistics/

Disclaimer: This article aims to provide information about the specific Cyber protection solutions of different vendors for general informational purpose only. Vendors may change their product or service pricing and features from time to time. It’s therefore advised in the interest of the website visitor that before taking a decision or making a purchase, updated information should be verified from the respective vendor’s site. This information has been sourced from the vendor websites and relevant resources available in the public domain as on October 2020. Though we make best endeavours to ensure that the information is accurate and up to date, we do not guarantee its 100% accuracy or timeliness.

Categories
News

Increasing cyber-attacks – are we heading towards cyber doom?

The recent Petya ransomware tragedy that struck the computer systems worldwide, is the second largest cyber-attack after the WannaCry Ransomware that had hit the world last month.

The recent attack hit many countries, locking up the PCs and crippling enterprise-services. Ukraine and Russia were identified among the worst affected countries.

Based on the findings of security firm Kaspersky, the ransomware could possibly be a variant of Petya.D, Petya.A, or PetrWrap. Though it widely affected the systems just like WannaCry, but it is not its variant.

The Petya ransomware locks a computer’s files with a message and demands a ransom in lieu.

The attack reportedly started through an update that was used on a third-party Ukraine software, known as MeDoc. The software was used by many organizations in the country and is identified as the primary reason behind Ukraine being largely affected.

In Ukraine, government offices, banks, energy companies, cash machines, gas stations, railways, Chernobyl power and supermarkets, all were impacted.

Many multinationals like law firm DLA Piper, Mendelez International, Merck and shipping giant AP Moller-Maersk were also impacted.

Per Kaspersky, 60 percent of the attack hit in the Ukraine region while 30 percent was in Russia.

The ransomware reportedly used the EternalBlue Exploit – a software vulnerability in Microsoft’s Windows, just as in WannaCry attack. The tech giant had issued a security update for the same on March 14th – that is before the ransomware attack, and hence those who updated their systems were saved while others had to pay the cost.

The lack of proper security measures and failure to keep the systems updated are supposedly the major reasons behind the attacks.

Though the security agencies and cyber-police have not been able to find out the solution for decrypting the file, but have asked the users to be more aware of the ransomware and its effect.

The recent updates on the attack revealed that the attackers were hardly able to collect any ransom from the act. Some reports suggest that rather being a ransomware, it was a wiper whose primary aim was to cause destruction.

With global cyber-attacks that are crippling the backbone of many countries, one is left in doubt whether these are deliberate attacks of the cyber criminals to extort money or if there is some sinister ulterior motive behind all these attacks.

Categories
News Social Media Technology Web Security

CISPA CyberSecurity Bill Passes the House 288 to 127; Now to head to Senate

The House of Representatives have passed Cyber Intelligence Sharing and Protection Act on Thursday by a heavy margin of 288 to 127 after two days of intensive debate on whether the threat of “cyberattacks” was grave enough to justify the over-lingering privacy concerns. The bill which was moved to the House after a closed-door 18 to 2 vote, received support from 92 Democrats and will now move to the Senate and then to the president Obama, whose advisers recently threatened a veto of the bill as it overrides the digital privacy of American Citizens.

“In the case of Boston they were real bombs, in this case they’re digital bombs. And these digital bombs are on their way.”- said Rep. Mike McCaul (R-TX), a vehement CISPA supporter to hard-press the need of passing it.

“We have a constitutional obligation to defend this nation.This is the answer to empower cyber information sharing to protect this nation, to allow those companies to protect themselves and move on to economic prosperity. If you want to take a shot across China’s bow, this is the answer. ” said Mr. Mike Rogers on the House floor. Rogers, the Chairman of Intelligence committee and a Republican from Michigan is co-author of CISPA.

FINAL VOTE RESULTS FOR ROLL CALL 117

On the other hand, Nancy Pelosi, the House Minority leader, said “I’m disappointed that we did not address some of the concerns mentioned by the White House about personal information. Unfortunately, it offers no policies and did not allow any amendments or real solution that upholds Americans’ right to privacy.”

“It would have been so easy to fix this bill and require sites to strip out personal information before passing them to the government,” said Mr. Holmes Wilson, co-founder, Fight For the Future, promising that he will continue to lobby against the bill.

“Right now if the government wants users’ information, the company can say no because it opens them up to being sued. If CISPA passes, there will be no legal restraint,” added Mr. Wilson, commenting on tech-giants like IBM who have voiced their support for CISPA.

What Now?
The bill now moves to Democratic-controlled Senate who thrashed it last year. In case they do the same now and choose to make any changes to current state the bill; it will return back to the house after which both the chambers must then agree on a final version in a conference. And if they do agree, the bill moves to President Obama’s Desk, whose administration recently threatened to veto it. It remains to be seen whether the amendments made after the said threat satisfy the administration’s concerns of privacy.

For those who wish to know their representatives’ votes, here is a complete list:

—- YEAS 288 —

Aderholt
Alexander
Amodei
Bachus
Barber
Barletta
Barr
Barrow (GA)
Barton
Beatty
Benishek
Bera (CA)
Bilirakis
Bishop (GA)
Bishop (NY)
Black
Bonner
Boustany
Brady (TX)
Brooks (AL)
Brooks (IN)
Brown (FL)
Brownley (CA)
Buchanan
Bucshon
Burgess
Bustos
Butterfield
Calvert
Camp
Campbell
Cantor
Capito
Cárdenas
Carney
Carter
Cassidy
Castor (FL)
Chabot
Chaffetz
Clarke
Clay
Cleaver
Clyburn
Coble
Coffman
Cole
Collins (GA)
Collins (NY)
Conaway
Connolly
Cook
Cooper
Costa
Cotton
Cramer
Crawford
Crenshaw
Cuellar
Culberson
Daines
Denham
Dent
DesJarlais
Deutch
Diaz-Balart
Dingell
Duckworth
Duffy
Duncan (TN)
Ellmers
Enyart
Farenthold
Fincher
Fitzpatrick
Fleischmann
Flores
Forbes
Fortenberry
Foster
Foxx
Frankel (FL)
Franks (AZ)
Frelinghuysen
Fudge
Gallego
Garamendi
Garcia
Gardner
Gerlach
Gibbs
Gingrey (GA)
Goodlatte
Gowdy
Granger
Graves (GA)
Graves (MO)
Green, Al
Green, Gene
Griffin (AR)
Griffith (VA)
Grimm
Guthrie
Gutierrez
Hanabusa
Hanna
Harper
Harris
Hartzler
Hastings (FL)
Hastings (WA)
Heck (NV)
Heck (WA)
Hensarling
Higgins
Himes
Horsford
Hoyer
Hudson
Huizenga (MI)
Hultgren
Hunter
Hurt
Israel
Issa
Jeffries
Jenkins
Johnson (OH)
Johnson, E. B.
Johnson, Sam
Jordan
Joyce
Kaptur
Kelly (IL)
Kelly (PA)
Kilmer
Kind
King (IA)
King (NY)
Kinzinger (IL)
Kirkpatrick
Kline
Kuster
LaMalfa
Lamborn
Lance
Langevin
Lankford
Larsen (WA)
Latham
Latta
Lipinski
LoBiondo
Long
Lucas
Luetkemeyer
Lujan Grisham (NM)
Luján, Ben Ray (NM)
Lummis
Maffei
Maloney, Sean
Marino
Matheson
McCarthy (CA)
McCarthy (NY)
McCaul
McHenry
McIntyre
McKeon
McKinley
McMorris Rodgers
Meehan
Meeks
Meng
Messer
Mica
Miller (FL)
Miller (MI)
Moran
Mullin
Mulvaney
Murphy (FL)
Murphy (PA)
Neugebauer
Noem
Nunes
Nunnelee
Olson
Owens
Palazzo
Pastor (AZ)
Paulsen
Payne
Pearce
Perlmutter
Perry
Peters (CA)
Peterson
Petri
Pittenger
Pitts
Poe (TX)
Pompeo
Price (GA)
Quigley
Radel
Rahall
Rangel
Reed
Reichert
Renacci
Ribble
Rice (SC)
Richmond
Roby
Roe (TN)
Rogers (AL)
Rogers (KY)
Rogers (MI)
Rokita
Rooney
Ros-Lehtinen
Roskam
Ross
Rothfus
Royce
Ruiz
Runyan
Ruppersberger
Ryan (WI)
Salmon
Sanchez, Loretta
Scalise
Schneider
Schock
Schrader
Schwartz
Schweikert
Scott, Austin
Scott, David
Sessions
Sewell (AL)
Shuster
Simpson
Sinema
Sires
Smith (NE)
Smith (NJ)
Smith (TX)
Smith (WA)
Southerland
Stewart
Stivers
Stutzman
Swalwell (CA)
Terry
Thompson (CA)
Thompson (MS)
Thompson (PA)
Thornberry
Tiberi
Tipton
Titus
Turner
Upton
Valadao
Vargas
Veasey
Vela
Wagner
Walberg
Walden
Walorski
Weber (TX)
Webster (FL)
Wenstrup
Westmoreland
Whitfield
Williams
Wilson (SC)
Wittman
Wolf
Womack
Woodall
Yoder
Young (AK)
Young (FL)
Young (IN)

—- NAYS 127 —
 

Amash
Andrews
Bass
Becerra
Bentivolio
Bishop (UT)
Blumenauer
Bonamici
Brady (PA)
Braley (IA)
Bridenstine
Broun (GA)
Capps
Carson (IN)
Cartwright
Castro (TX)
Chu
Cicilline
Cohen
Conyers
Courtney
Crowley
Cummings
Davis (CA)
Davis, Danny
Davis, Rodney
DeFazio
DeGette
Delaney
DeLauro
DelBene
DeSantis
Doggett
Doyle
Duncan (SC)
Edwards
Ellison
Engel
Eshoo
Esty
Farr
Fattah
Fleming
Gabbard
Garrett
Gibson
Gohmert
Gosar
Grayson
Grijalva
Hahn
Hall
Herrera Beutler
Hinojosa
Holt
Honda
Huelskamp
Huffman
Jackson Lee
Johnson (GA)
Jones
Kildee
Kingston
Labrador
Larson (CT)
Lee (CA)
Levin
Lewis
Loebsack
Lofgren
Lowenthal
Lowey
Maloney, Carolyn
Marchant
Massie
Matsui
McClintock
McCollum
McDermott
McNerney
Meadows
Michaud
Miller, George
Moore
Nadler
Napolitano
Negrete McLeod
Nolan
O’Rourke
Pallone
Pascrell
Pelosi
Peters (MI)
Pingree (ME)
Pocan
Polis
Posey
Price (NC)
Rigell
Rohrabacher
Roybal-Allard
Rush
Ryan (OH)
Sánchez, Linda T.
Sarbanes
Schakowsky
Schiff
Scott (VA)
Sensenbrenner
Serrano
Sherman
Slaughter
Speier
Stockman
Takano
Tonko
Van Hollen
Visclosky
Walz
Wasserman Schultz
Waters
Watt
Waxman
Welch
Wilson (FL)
Yarmuth
Yoho

—- NOT VOTING 17 —
 

Bachmann
Blackburn
Capuano
Holding
Keating
Kennedy
Lynch
Markey
McGovern
Miller, Gary
Neal
Nugent
Shea-Porter
Shimkus
Tierney
Tsongas
Velázquez
Categories
Articles Legal News Web Security Web Security

How New Privacy Laws will Affect Digital Commerce: Legislation of Privacy- (Part 2)

In my last post, I discussed how many of the newer and upcoming laws regarding privacy in the United States can heavily effect your life, from how you buy insurance to which bits of personal information are gathered while you shop online, go to the bank, or talk on the phone. While the first post of this four part series dealt with the effect of these laws on your digital life; this post, in particular, will focus on the effects of the same on Digital commerce.

Much like your social activities, your consumer habits and activities are also subject to privacy violations, especially when they occur online or through a mobile device. The following are laws that seek to address a number of major issues related to consumer privacy rights.

Cyber Intelligence Sharing and Protection Act (CISPA)Proposed by Rep. Michael Rogers and co-sponsored by 111 other House members, CISPA is designed to help the government better investigate cyber threats and ensure that large networks are secure against the threat of cyberattack. To do that, the act would allow for the sharing of Internet traffic information between the U.S. government and certain technology and manufacturing companies. While noble in its intention, the act has been widely criticized for endangering privacy and civil liberties, though some large technology companies (Microsoft and Facebook) favor it as a simple and effective way of sharing important cyber threat information with authorities. Read about CISPA in detail here.

  • How It Will Affect You: If CISPA becomes law, it would make it harder for cyber criminals to execute major attacks on networks. However, it may also mean that the government could also easily, and without warrant, track any individual’s browsing history. As the bill is presently worded, there are few limits on when or how the government can monitor an individual, and it may even make certain kinds of spyware legal if it is being used in good faith for a cybersecurity purpose.
  • Timeline: CISPA was introduced in late 2011 and was passed by the House of Representatives in mid-2012. While gaining early support, Obama’s advisors have argued that the bill could be a major risk to confidentiality and civil liberties and it is likely he would veto it if it passes.

CISPA-PDF (Maximize for better readability

Commercial Privacy Bill of Rights On April 12, 2011, Senators Kerry and McCain introduced the Commercial Privacy Bill of Rights to establish a baseline code of conduct for how personal information can be used, stored, and distributed. The bill of rights has since been picked up by the Obama administration and adapted in a report titled “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.” In both instances, the bill of rights lays out principles that would work to protect personal data and to improve consumer security. It is not a piece of legislation in itself, but a guideline for building and enacting future regulations and laws that will impact tech companies and online retailers.

  • How It Will Affect You: While nothing has been passed yet, this outline could help protect your personal data from abuse by retailers and ensure that it’s not sold to a third party or in any other way compromised.
  • Timeline: First proposed in early 2011, it could be quite some time before this bill of rights is translated into any real kind of legislation, especially if there is major pushback from Congress or tech companies themselves. If companies begin to better self-regulate privacy issues, no additional legislation may be needed.

Commercial Privacy Bill of Rights PDF (Maximize for better readability)

Application Privacy, Protection, and Security Act of 2013 Congressman Hank Johnson proposed the APPS Act early this year. The act is designed to address concerns with the data collection being done through applications on mobile devices and would require that app developers provide greater transparency about their data collection practices, ensure reasonable levels of data security, and allow users to opt out of data collection or have the option to delete data that has been collected on them.

  • How It Will Affect You: The APPS Act would ensure that apps on your phone aren’t gathering, storing, or sharing information about you without your knowledge or consent. It doesn’t mean that data can’t or won’t be collected, just that consumers will have greater knowledge and potentially the ability to opt out of certain aspects of this process.
  • Timeline: The draft of the bill was released in January 2013 and is currently just a discussion draft, meaning that it hasn’t been formally introduced for passage just yet. It’s likely that discussions with app developers and consumer advocates will help to shape the final draft and it could be a couple of years before any final decisions are made on the legislation.

Application Privacy, Protection, and Security Act of 2013 PDF (Maximize for better readability)

Location Privacy Protection Act of 2011 Worried about the potential risks for stalking posed by cell phones loaded with GPS and apps that gather information about a user’s location, Senator Al Franken, along with several co-sponsors, proposed this bill to fill in loopholes in federal law that allow companies to obtain location-based information on consumers and to share that information with third parties. While some app developers have complained that this hinders location-based advertising, others agree that privacy needs to be protected and that location-based tracking should only be allowed within apps that consumers have given consent to do so.

  • How It Will Affect You: The Location Privacy Protection Act, if passed, with protect you from having mobile data on your whereabouts tracked, stored, or shared without your knowledge or consent. It would not eliminate the ability of mobile technologies to track your location but would only ensure transparency and greater security, though it may be cumbersome with some existing systems of location-based advertising.
  • Timeline: The bill has been under development since 2011 and is still being refined and tailored take into consideration the needs of all involved parties. Franken is expected to push the measure later this year and if passed the bill could see enforcement as early as 2014.

Location Privacy Protection Act of 2011 PDF (Maximize for better readability)
This is part 2 of a 4 part series. The part 1 illustrated in detail Privacy Laws related to Digital life and their effect on the same. Links to part 3 and 4, which will elaborate on effects of privacy laws on Work & Employment and Personal information will be updated soon.
Update: The part 3, which illustrates in detail Privacy Laws related to Work and Employment and their effect on the same has now been updated.