Please tell us what changes have occurred since OpenText acquired Carbonite and Webroot in 2019?
The acquisition of Carbonite and Webroot was significant in that it enabled OpenText to build a solid footprint in the growing small and medium-sized business (SMB), prosumer, and consumer markets. Following the successful integration of Carbonite and Webroot, the company expanded its SMB portfolio even further with the 2021 acquisition of Zix, a leader in SaaS-based email encryption, threat protection, and compliance cloud solutions for SMBs. Today OpenText Security Solutions provides a powerhouse SMB platform that helps customers achieve cyber resilience by addressing end-to-end customer priorities: threat prevention, detection and response, recovery, and compliance.
How does OpenText Security Solutions differentiate itself from other cybersecurity companies?
OpenText Security Solutions offers the most comprehensive set of security and data management solutions to support customers in their cyber resilience journey. A key differentiator is our multi-layered approach to protecting data and information from evolving attack surfaces and threat vectors.
Our Webroot security solutions deliver high efficacy, policy-based multi-vector protection against zero-day attacks and polymorphic malware through endpoints. We also prevent and protect against advanced phishing attacks, spam and email attacks. Our security solutions are simple to implement and transparent to users. With our real-time, 24x7x365 proactive managed threat detection and response offering, we quickly identify internal and external threats and stop lateral movement.
Our Carbonite data management portfolio helps customers minimize downtime and risk by enabling them to restore their data quickly in response to events such as ransomware, natural disasters, and malicious insiders. We offer many flexible and effective options including recovery time spanning from hours to minutes. The OpenText Security Solutions portfolio of products protects data across endpoints, servers, workloads, business applications, and the cloud. Our email and information archiving solutions help customers comply with information security, regulatory, and industry standards.
Another key differentiator is BrightCloud®, our proprietary sixth-generation machine learning-based threat intelligence platform which is leveraged by over 140 leading security vendors worldwide. BrightCloud is a key foundational element across our security portfolio which provides actionable insights with astute accuracy in identifying known and emerging threats.
What are the more relevant cybersecurity issues that we should be concerned about?
There are several cybersecurity trends we have observed. First and foremost is the evolution of the user (you and I) as a prominent and preferred attack surface. With remote work and now hybrid work becoming the norm, bad actors have shifted their focus to users in an attempt to gain access to environments and move laterally. Email remains the most popular and easiest attack vector. Phishing attacks pose a substantial risk to organizations of every size. In fact, in the first quarter of 2022 we saw a 1122% increase in phishing compared to the same time the previous year. And while defenses have evolved, so too have threat actors which creates an urgent need for ongoing security awareness training for users.
Ransomware is another issue that shows no signs of slowing, especially for SMBs. Unfortunately, many SMBs are not prepared to recover from a ransomware attack. Having a backup solution is a good start, but alone it is not enough. A strong incident response plan and regular testing are essential elements to recover from ransomware—or any type of disaster—with minimal downtime.
SMBs that rely on Cloud-based business applications to manage their businesses, operating under the assumption the provider is backing up customer data (e.g., Microsoft 365, Google Workspace, Salesforce, Box, Dropbox etc.) are also putting themselves at risk. SaaS vendors have a shared responsibility model; they are responsible for the infrastructure and the customer is responsible for the data itself. Too many customers learn this the hard way, after data is lost and business operations—and revenue—are impacted.
What can businesses do to protect themselves?
It is imperative that businesses ensure their most valuable assets, their employees, act as the first layer of defense against attacks. With the ever-changing threat landscape, ongoing education and awareness of new attack vectors and defense against common channels such as email are critical for businesses. Monthly phishing simulations are a great way to keep users current.
And while email security and awareness training are essential, businesses must adopt a multi-layered approach. Otherwise, it’s like locking the front door but leaving the windows open when we leave a house. Similarly, businesses must protect various attack surfaces (e.g., devices, networks, applications, infrastructure, and users) to reduce risk and exposure from attacks.
Finally, it’s crucial that businesses have a documented plan to detect, contain and respond to attacks. Planning and practice can greatly minimize the time required for the recovery of critical data so businesses can maintain operations.