tracylamv2，作者 Version 2

5 privacy pitfalls that could damage your organization

In our previous blog posts, we covered a lot about security aspects, exploring various technical measures to safeguard organizations from cybersecurity threats. As we wrap up Privacy Awareness Month at Nord Security, we shift gears to the equally important topic of privacy protection. Join Eglė Bakštytė, Nord Security’s Lead Privacy & Marketing Legal Counsel, as she debunks some common privacy myths and offers expert tips for enhancing privacy practices within the organization.

Eglė Bakštytė, Nord Security’s Lead Privacy & Marketing Legal Counsel

#1 Privacy is not the same as security

While related, data privacy and information security are different. Data privacy concerns the proper handling and protection of personal data to ensure it’s processed in accordance with privacy laws and individuals’ rights. Information security, on the other hand, focuses on measures and technologies to protect personal data from unauthorized access, cyber threats, and data leaks.

“There’s a common misconception that advanced encryption, firewalls, and intrusion detection systems guarantee the safety of customers’ or employees’ data. Unfortunately, that’s not the case. Due to privacy unawareness, malicious intent, and human error, personal data can still be compromised, even with robust security measures in place,” notes Eglė Bakštytė, Nord Security’s Lead Privacy & Marketing Legal Counsel.

One of the most common human errors is misdirected emails, often due to spelling mistakes, mistaken identity, autocomplete errors, using “To/Cc” instead of “Bcc,” or accidentally hitting “Reply All.”

In a notable incident in 2023, millions of US military emails were mistakenly sent to Mali, a Russian ally, because of a minor typing error. These emails contained sensitive information, including medical records, identity documents, military base staff lists, photos, naval inspection reports, crew lists, tax records, etc. US adversaries could exploit this data leak.

“Taking privacy protection for granted, even with strong security measures, doesn’t shield companies from the consequences of privacy unawareness or human errors. These can lead to severe fines from the authorities, claims from the affected individuals, operational disruptions, a tarnished reputation, and, as in the example mentioned above, even physical threats. It’s crucial to constantly remind employees about privacy best practices and the most common pitfalls to maintain vigilance in their duties,” explains Eglė.

#2 A privacy policy ensures compliance – but that’s not enough

It’s sometimes misunderstood that simply having a privacy policy and updating it from time to time fully ensures compliance with the privacy laws. A privacy policy, also known as a privacy notice, outlines how your company collects, processes, and uses personal data and how individuals can exercise their rights (e.g., access their personal data). However, this document alone doesn’t cover all legal obligations.

Eglė Bakštytė points out that updating the privacy policy is crucial, but before launching a new product or feature, there’s much more groundwork to do:

Identify the personal data you’ll process and its purpose: Know what personal data you’ll be collecting and why. Is it legal, and how will it be used?
Assess access: Define who will access the data and what vendors you’ll engage. Are these third parties trustworthy? Are all necessary agreements in place?
Empower users: Ensure your customers can easily exercise their control over their personal data.
Define the data lifecycle: Determine how long you will keep the personal data and how it will be erased.
Secure the data: Implement robust security measures to protect personal data.

Merely updating the privacy policy but failing to adhere to data processing principles and other legal requirements can lead to significant legal consequences and reputational damage. So, companies must ensure that their privacy practices are not just compliant on paper but also rigorously enforced throughout every aspect of their operations.

#3 Data doesn’t need to include a name to be personal data

Some still mistakenly believe that personal data must include a name or contact details, which are the most straightforward elements for identifying someone. However, privacy laws generally define personal data much more broadly. This consists of any information that can identify an individual either directly or indirectly, such as location data, credit card number, IP address, or cookie ID.

Because of this unawareness, individuals or organizations might unintentionally share data that could help identify a person, putting them at risk. A notable example involves the Strava Fitness app. Its heatmap feature could expose athletes’ home addresses if they start or end their workouts on less popular routes.

Eglė Bakštytė highlights the potential dangers such seemingly innocent features could pose: “Location data can provide threat actors with insights into a person’s routines, offering details that could be exploited. Similarly, marketers might use this information to craft personalized advertising strategies, often without the individual’s knowledge or permission.”

#4 Collected personal data can’t be stored indefinitely

It would be a mistake to think that once personal data is collected, it can be stored indefinitely. In reality, businesses are required to establish and adhere to data retention policies that specify how long different types of personal data should be kept. And once it expires, it must be deleted or anonymized.

Holding onto data longer than necessary can pose numerous risks for businesses, such as heightened vulnerability to data breaches, loss of customer trust due to privacy concerns, and legal liabilities for non-compliance with privacy regulations. For instance, in 2019, the real estate company Deutsche Wohnen received one of the highest GDPR fines in Germany, amounting to €14.5 million, for retaining tenants’ personal data beyond its purpose. Similarly, Uber faced nearly $11 million in fines from the Dutch Privacy Watchdog for failing to disclose how long it retains drivers’ data in Europe.

Eglė Bakštytė stresses the importance of a minimalist approach when collecting personal data. Only gather the essential data needed to fulfill your purpose. Then, implement a clear data retention and deletion policy that outlines the duration for keeping the data and the procedures for both you and the third parties processing it on your behalf to delete it. Following this practice will give your company a competitive advantage, shielding your organization from legal, financial, and reputational damage.

#5 Data protection is a shared responsibility between employees and the organization

While employees play a crucial role in safeguarding personal data, the organization’s primary responsibility remains. If personal data is leaked, intentionally or unintentionally, the company and the involved employees may be held accountable.

A recent case involving Tesla highlights this point. The company, founded by Elon Musk, faced a lawsuit from a group of current and former employees whose personal information was exposed in a data breach in 2023. The lawsuit alleges that Tesla failed to adequately safeguard this information, which was leaked by two former employees. The exposed data included names, phone numbers, email addresses, birth dates, and Social Security numbers. The affected employees seek compensation for damages such as privacy invasion, risks of identity theft, and other related costs incurred due to the breach. In response, Tesla has taken legal action against the two former employees responsible for the data leak.

Eglė concludes, “Organizations must take a proactive approach by regularly training employees on the importance of privacy and data protection and by reinforcing their legal and ethical obligations. This dual focus on policy and education is one of the effective ways to prevent data breaches and other non-compliances. It ensures that both employees and the organization are aligned in their commitment to safeguarding personal data.”

How to protect against these privacy pitfalls?

Neglecting privacy considerations or believing in some common myths related to personal data can end badly. To avoid them, Eglė Bakštytė shares key tips for keeping your business in line with privacy laws:

Promote a culture of privacy awareness.
- Foster a workplace culture that values privacy as highly as security.
- Establish a dedicated Privacy Team to handle privacy issues, educate employees, and serve as a central point for data protection concerns within the organization.
- Regularly train employees on privacy rules and principles and how to handle personal data responsibly. The General Data Protection Regulation (GDPR) came into force in May, so you can mark it as Privacy Awareness Month/Week in May. It’s a great opportunity to highlight key privacy topics and the fundamentals of privacy laws.
Implement “Privacy by Design”.
- Integrate privacy considerations into every stage of your business operations from the ground up, making privacy an integral part of the organizational process.
- Educate employees about the broad scope of personal data (any information that helps directly or indirectly identify an individual),
- Adopt principles of purpose limitation and data minimization, ensuring personal data is only collected for specific, necessary purposes and deleted after its retention period expires.
Update privacy policies and controls.
- Ensure your privacy policies and other privacy notices are current with laws and reflect your company’s practices.
- Develop internal controls for adherence to the policies and outline organizational and individual responsibilities.
Develop a data breach management procedure and a clear action plan for responding to data breaches.
It should detail immediate actions to contain the breach, investigate and assess its impact, and communicate with the authorities and affected parties. Ensure your employees know of such an action plan and train them to act accordingly.
Deploy technical safeguards.
- Utilize tools to prevent common errors like misdirected emails or unintended sharing permissions.
- Employ data encryption and anonymization techniques to minimize identifiable information, ensuring privacy protection even when detailed datasets are used.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
Nord Security is a cybersecurity company known for its flagship product, NordVPN. The company is dedicated to providing online security and privacy solutions to individuals and businesses globally.

Nord Security 2024

Ransomware as a service: A growing cyberthreat for data protection

And 7 ways to mitigate the impact of RaaS

Ransomware has evolved from being a nuisance to a full-blown industry, with sophisticated networks of cybercriminals operating on a global scale. Among the various iterations of ransomware, one of the most concerning developments is the rise of ransomware as a service (RaaS). RaaS has emerged as a lucrative cybercrime business model, facilitating the proliferation of ransomware attacks across the globe through a much more extensive network of cybercriminals than ever before.

Let’s get into the intricacies of RaaS, exploring its workings, implications, cybersecurity challenges, and preventive measures.

First off, what is ransomware as a service?

Ransomware as a service, as the name suggests, is a model where cybercriminals develop and offer ransomware kits and services to other individuals or groups, allowing them to execute ransomware attacks with minimal technical expertise. Essentially, it’s a turnkey solution for anyone looking to extort money through malicious means. With this cybercrime business model, one party creates ransomware software and then a second party pays to use said ransomware software to launch attacks.

According to IBM’s X-Force Threat Intelligence Index, ransomware ranked as the second most common type of cyberattack in 2022, with RaaS playing a significant role in its prevalence. Many experts believe the rise of RaaS has contributed to making ransomware so prevalent. The “2022 ThreatLabz State of Ransomware” report from Zscaler found that 73% of the most active ransomware variants were RaaS variants.

What makes RaaS different is that, unlike ransomware of the past, attackers don’t need to have the traditional high-level IT technical skills because they can rely on the technical skills of the RaaS developers. And because of this, criminals that were previously limited by their lack of specialized skills can now carry out sophisticated and successful ransomware attacks. Essentially, RaaS has democratized ransomware.

How ransomware as a service works

RaaS operates similarly to legitimate SaaS business models. Ransomware developers, known as RaaS operators, develop and maintain ransomware tools and infrastructure, packaging them into RaaS kits sold to other hackers, referred to as RaaS affiliates. These affiliates purchase the kits through various revenue models, including monthly subscriptions, affiliate programs, one-time license fees, and pure profit sharing and then use them to extort money from their victims.

Read a case about Conti leaks cybercrime commercialization, with a real example of a ransom note: Center for Internet Security.

The availability of RaaS platforms has led to a surge in ransomware attacks globally. As more cybercriminals gain access to these tools, the frequency and scale of attacks are expected to increase further.

An increasing number of new players were attracted by the potential for high profits and lower barriers to entry.

Reuters

Impact of ransomware as a service on industries and organizations

Ransomware attacks have a widespread impact on basically all industries and organizations, causing disruption to critical services, loss of sensitive data, and financial damage. The healthcare sector has been heavily targeted, with ransom attacks on hospitals and medical facilities posing a threat to patient safety. Read about why healthcare organizations need Microsoft 365 backup for regulatory compliance and business continuity.

Legal implications of ransomware as a service

Businesses that fall victim to ransomware attacks may face legal consequences for failing to maintain adequate business continuity and data protection measures. Non-compliance with regulations such as NIS2 (Network and Information Systems Directive) and GDPR (General Data Protection Regulation) can result in significant fines, loss of reputation, and other penalties. These regulations require organizations to implement robust cybersecurity measures, including regular data backups, disaster recovery, and incident response plans, to protect sensitive information and ensure business continuity. Learn why air gapping is your best defense.

The economics of RaaS cyberattacks

Ransomware attacks can have severe economic repercussions, particularly for small businesses and organizations. The costs associated with ransom payments, data recovery, and downtime can be crippling, leading to financial losses and reputational damage.

In 2023, a new record was set for ransomware attack payments: A staggering $1.1 billion USD in payments for ransomware attacks was sent, according to Reuters. nearly doubling the total from 2022.

RaaS operators engage in competitive marketing strategies, often creating websites that mimic legitimate businesses. The global damages (total impact) from ransomware attacks were approximately $20 billion USD in 2020, and predictions are that ransomware will cost $265 billion USD annually by 2031 (Cybersecurity Ventures), highlighting the significant financial impact of RaaS. This forecast takes into consideration the impact of the increased market of cyberattacks due to accessibility and ease of use of RaaS, enabling threat actors to execute cyberattacks with minimal technical skills.

Extortion methods in ransomware attacks

Ransomware threat actors employ various techniques to extort money from victims. These include double extortion, multiple extortion, and pure extortion.

Double extortion involves encrypting stolen data and then also threatening to release stolen data should the ransom not be paid, putting more pressure on the victim to pay.
Multiple extortion combines data encryption with DDoS attacks against victim infrastructure.
Pure extortion entails threatening to publish stolen data without encryption. (Read more about ransomware from the Cybersecurity & Infrastructure Security Agency’s #StopRansomware Guide.)

Main threat actors and notable ransomware as a service variants

Several well-known cybercriminal groups developing RaaS include Hive, DarkSide, PINCHY SPIDER, ALPHV BlackCat, and LockBit. These operators continually evolve their ransomware to maximize impact and profit. Notable incidents involving RaaS operators include Hive’s targeting of Microsoft’s Exchange Server customers and DarkSide’s involvement in the Colonial Pipeline incident.

Hive garnered attention in April 2022 when they targeted Microsoft’s Exchange Server customers. The US Department of Justice seized two servers belonging to Hive, disrupting their operations.

DarkSide primarily targeted Windows machines but has expanded to Linux systems. They gained notoriety in the Colonial Pipeline incident, where the organization paid nearly $5 million to a DarkSide affiliate. TechTarget explains the Colonial Pipeline incident in depth. REvil is known for receiving one of the largest ransoms on record: $11 million USD.

7 ways to mitigate the impact of RaaS attacks

Mitigating the impact of ransomware as a service (RaaS) attacks is crucial. While it may be challenging (or even impossible) to entirely prevent ransomware incidents, organizations can take proactive steps to minimize the effects and impact of RaaS, thereby ensuring business continuity and data compliance. The following seven steps outline strategies to mitigate the impact of RaaS attacks:

Maintain rigorous patch management: Vigilantly applying security patches and updates is essential to mitigate known and unknown vulnerabilities. By promptly addressing vulnerabilities, organizations can reduce the likelihood of exploitation by threat actors seeking to deploy ransomware.
Deploy robust endpoint protection: Implementing reliable and modern endpoint protection solutions is key to detecting and mitigating threats. These solutions should leverage advanced algorithms to provide continuous threat detection and mitigation, reducing the risk of ransomware infiltration.
Frequent and air-gapped backups: Conducting regular and frequent backups of critical data is crucial for minimizing the impact of ransomware attacks. Storing multiple backups on separate devices in different physical locations ensures data availability and resilience in the event of an attack. Look for backup services that store backup data independent from production data.
Test backups regularly: Regularly testing backups is vital to ensure their reliability and effectiveness in restoring data. By verifying the integrity of backups, organizations can minimize downtime and data loss in the event of a ransomware attack.
Implement advanced anti-phishing measures: Deploying robust email security solutions with advanced threat detection capabilities helps mitigate the risk of ransomware attacks initiated through phishing emails. By blocking malicious emails before they reach end-users, organizations can reduce the likelihood of ransomware infiltration.
Immutability by default: Deploying a solution with immutability baked into the design greatly enhances resilience against ransomware attacks. Immutable data storage ensures that once data is written, it cannot be altered or deleted, effectively preventing unauthorized modifications by ransomware. Immutable data storage allows organizations to safeguard critical data from encryption or tampering attempts by threat actors.
Invest in user training and security culture: Educating users about the risks associated with ransomware attacks and fostering a culture of security awareness is critical. By training employees to recognize and report suspicious activities, organizations can strengthen their overall security posture and mitigate the impact of ransomware incidents.

By implementing these proactive measures, organizations can significantly mitigate the effects and impact of RaaS attacks, enhancing their resilience in the face of evolving cyberthreats.

Conclusion

Ransomware as a service poses a significant (and growing) threat to cybersecurity globally, contributing to the proliferation of ransomware attacks across various industries. Understanding the workings of RaaS, its implications, and the associated cybersecurity challenges is essential for organizations to effectively combat this evolving threat.

By implementing proactive measures, such as maintaining cybersecurity hygiene, deploying robust defense mechanisms like backup management, and fostering a culture of security awareness, organizations can significantly mitigate the impact of RaaS attacks. Additionally, investing in an immutable, air-gapped backup and recovery solution is paramount to ensure data resilience and continuity of operations in the event of a ransomware incident.

About Version 2 Digital

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

Keepit 2024

How to unlock your Mac’s Steam gaming potential

For digital eons, people have found MacOS simpler, snappier, and more intuitive than Windows.

It’s little wonder that MacOS nearly tripled its desktop market share in the ten years between June 2013 and June 2023.

However, this revolution came with a steep price for gamers.

Where Windows had developed into a sprawling ecosystem of cutting-edge experiences — with Steam playing a pivotal role—Apple’s processor of choice made development costly.

In turn, Mac releases became infrequent.

All that began to change with Apple’s switch to Intel-produced processors, enabling a fresh generation of great — albeit infrequent — Mac ports.

Apple then switched to more powerful, internally developed chips, which integrate well with ARM-based Windows 10 and 11.

Because of the chips’ greater power—and newfound commonalities in architecture—today’s average MacBook is also a potential legit gaming laptop, with a little help from Parallels Desktop.

Once you hook your Mac up with Parallels Desktop, a whole new world of gaming awaits you. Don’t let us stop you – sign up for a free trial of Parallels Desktop.

Recommended specs for playing Steam games on a Mac

Virtual machines require a lot of memory and processor power—which not all Macs have. As such, not all Apple systems are compatible.

Mac owners with Apple’s recent and hyper-powerful processors—M1, M2, and M3—will get the best performance out of this version.

Compatible Versions of the macOS

macOS Sonoma 14.0 or newer
macOS Ventura 13.2 or newer

macOS Monterey 12.6 or newer
macOS Big Sur 11.7 or newer
macOS Catalina 10.15.7 or newer
macOS Mojave 10.14.6 or newer

Processor type

Apple M3, M3 Pro, & M3 Max
M2, M2 Pro, M2 Max, M2 Ultra
M1 Pro, M1 Max, and M1 Ultra chips
Intel Core i5, Core i7, Core i9 or Xeon processor

Recommended memory capacity

16 GB of RAM or more

Storage space

600 MB (for installing Parallels)
16 GB (for Windows 11)

Graphics chips

Graphic processors inside all M1, M2, and M3 (including Pro, Max, and Ultra chips)
AMD Radeon Pro graphics cards

Are there Steam games that are already Mac-compatible?

Yes. Plenty of Steam games are Mac-compatible—though the majority aren’t.

Despite the Mac’s longstanding gaming drought, developers increasingly publish their games on macOS.

Check Steam’s dedicated MacOS page to find out for yourself. Use a custom search to include only MacOS-compatible games.

How to play Steam games on a Mac with Parallels Desktop

Adding a new operating system sounds like it would take forever. While it once did—please believe me—installing Parallels Desktop is pretty painless.

1. Download Parallels Desktop and play Steam games on a Mac

First, grab a copy of Parallels Desktop for Mac (There’s a free 14-day trial for uncertain gamers).

Once you fill in your email, you’ll arrive at a download page.

Click the Download Parallels Desktop button, then the link will be sent to your email address.

2. Install Parallels Desktop to play Steam games on a Mac

Double-click your newly downloaded .dmg executable. A window with the Parallels Desktop icon will pop up.

Double-click (or hit “Open” if you’re presented with a MacOS confirmation window).

Next, click through the user agreement. You’ll be asked to share usage data with Parallels Desktop to improve the service.

Click enable or disable, depending on your preference.

After that, Parallels Desktop gets automatically downloaded and installed.

3. Download and install Windows 11 to configure a Parallels Desktop VM for Windows-based Steam games

Now that Parallels Desktop is in place, you’ll need to install our operating system: Windows 11.

After selecting Windows, the installer will automatically download and initialize it.

Once done, you’ll see a window containing the complete virtualized operating system.

Now, you can control Windows from a window on your Mac. Mind-blowing, right?

4. Download and install Steam on the Windows VM you created

You’ll need the Steam client to load Steam games on your Mac.

Visit Steam’s storefront and download a Windows-compatible version.

Once completed, click the installer. Give it a moment to download and initialize Steam.

After, create a Steam account if you don’t already have one.

The wide world of PC gaming is now at your fingertips.

5. Download Steam games on your Mac

If you’re a Steam newbie, you’ll spot an avalanche of games set to an infinite scroll.

It’s best to use the search bar to find the games you’re looking for — if only to avoid eyestrain.

Once you find your game’s store page, click Add to Cart.

Hit “Continue to Payment” and choose your payment method. Then complete checkout. Your game should begin downloading immediately.

Once completed, click the Library tab on your Steam app and select your chosen game.

Lastly, hit that big green button to play.

Pat yourself on the back, friend. Your PC gaming career has begun. Clear your schedule; inform your friends, family, and job that they’re on the backburner now.

Optimize your Mac’s performance for Steam games

Tweaking game settings for better performance is a skill in and of itself.

That said, there are a handful of simple methods for improving stability and frame rates.

Monitor CPU usage and close unnecessary tasks

Pay close attention to the computer chip icon on your Parallel’s top window tray. This icon indicates your current CPU capacity (if usage rises above 70 percent, the chip turns red).

Clicking the icon lets you view the exact percentage and gives you access to the Task Manager.

Click it to open a window that displays the processes currently taxing your CPU.

Be sure to close out any processes or software that aren’t necessary for gaming.

Free up your Mac’s disk space

While hard drives don’t determine gaming performance, computers often slow down when they’re more than 90% full.

If yours is overstuffed, delete a handful of unneeded programs or large files—or throw them on the cloud for later.

Change the resolution on your Steam games

Resolution plays a massive role in performance. The more pixels your processor processes, the more stress your hardware experiences.

Because the built-in displays on many Macs are higher than full HD, your computer may be working harder for pixels you won’t see.

Pause your game and open the display or graphics settings.

Reducing it a few notches may provide the performance boost you need.

Steam gaming on Mac FAQs

Do I need to buy a new Windows 11 license to use with Parallels Desktop for Mac?

It depends.

You’ll have a month to use Windows 11 unrestricted. After that, you’ll have to deal with some inconvenient limitations.

You’ll still be able to game after this point, but the disadvantages of not activating your Windows 11 include an omnipresent watermark in the bottom-left corner of your screen.

Unless you can tolerate those limitations, you’ll need a license.

Get one from Microsoft’s official page, or opt for more affordable licenses from third-party retailers.

Does DirectX work with Parallels Desktop for Mac?

Parallels Desktop currently supports DirectX graphics up to Version 11 and OpenGL up to version 4.1, which expands the possibilities for playing Steam games and other PC games on Mac. It does not currently support DirectX 12.

What are some great Steam games I can play on my Mac with Parallels Desktop?

PC gaming is an embarrassment of riches.

Whether you’re looking for simpler grab-and-go indie titles or full-fledged open-world adventures`—and anything in between—you can find it on Steam.

Are you looking for games PC natives are losing their minds over? Here are a few worth checking out:

En Garde!: Tight, acrobatic swashbuckling
Sifu: Seamless Kung-fu combat
Friends vs Friends: Cute card-based shooter
Metal Gear Solid V: The Phantom Pain: Surreal open world stealth action
Scorn: Stunning Lovecraftian simulation
Persona 5 Royal: Give hope to the masses (in impeccable style)
Have a blast with literally any Yakuza Game

How do I find good Steam games to play on my Mac?

Steam’s community reviews system is one of its best features.

Using it, any Steam user who’s purchased a game can leave feedback.

Steam qualifies each game with ratings that range from Overwhelmingly Positive to Overwhelmingly Negative, based on the proportion of positive to negative reviews.

Each game gets two scores.

All Reviews is the score averaged across every single user review.

Recent Reviews pulls newly published reviews, effectively showing you the degree to which a game has either been improved through subsequent updates or underwent a change in public perception.

The day you install Parallels Desktop is the first day of your Mac’s new (gaming) life

While it’s not literally true that your fun with Steam PC games will never end, there are enough great games to last you for actual years.

Again, you should tell your loved ones if you plan on dropping off the face of the earth, but they’ll understand when you tell them how you helped achieve nuclear disarmament in our lifetime.

Let Parallels Desktop open a new world of gaming for you. Sign up for a free trial of Parallels Desktop.

About Version 2 Digital

About Parallels
Parallels® is a global leader in cross-platform solutions, enabling businesses and individuals to access and use the applications and files they need on any device or operating system. Parallels helps customers leverage the best technology available, whether it’s Windows, Linux, macOS, iOS, Android or the cloud.

Parallels 2024

ESET WORLD 2024: CANALYS’ Alastair Edwards: Even in a cloud-based world, relationships still matter

We are in the middle of a major transformation of how companies go to market, but relationships remain key.

Given market uncertainties, changes in partnering, and the surge in subscription models, most companies are now considering partnership ecosystems as the key ingredient to survival and success, according to Alastair Edwards, chief analyst at Canalys, who spoke on the State of the Channel at the ESET WORLD 2024 conference.

ESET World is an annual cybersecurity conference, where experts meet, talk, and discuss. This year, ESET World was attended by nearly 2,000 people worldwide. To watch the presentations on demand, click here.

“Increasingly, vendors co-selling, co-marketing, co-developing, and co-delivering with partners are becoming more important to delivering joint value to the customer,” Mr. Edwards told ESET after the conference.

In the interview with ESET, Mr. Edwards described the current situation with emerging hyperscale cloud marketplaces, the challenges that cybersecurity partnerships face, and the role of AI in the evolving world of cybersecurity.

What role do partners play in the world of emerging hyperscaler cloud marketplaces where vendors can approach customers directly?

While the initial assumption was that hyperscaler marketplaces would cut out channel partners, in fact the opposite is true. Partners will have an increasingly important role in this sales motion, as customers procure a greater proportion of software and cybersecurity through the cloud marketplaces of AWS, Microsoft, and Google Cloud in particular. Customers are able to use their committed cloud spend with the hyperscalers to buy third-party products through the marketplaces, which can be very attractive when core IT budgets are under pressure. They can take advantage of consolidated monthly or annual billing for all their purchases, which simplifies the billing process.

But beyond the transactions, customers will rely more than ever on partners, particularly as they purchase more complex solutions through these marketplaces. A marketplace is ultimately just a catalog of products and solutions. But end-customers need advice on the right technologies to buy, support for those technologies, integration, and management, which only trusted partners can provide. At the same time, vendors selling through these marketplaces continue to need partners to provide customer support, technical expertise, and complex services.

What do these marketplaces mean for vendor-partner-customer relationships?

These models create new dynamics for vendors, partners, and customers. But relationships remain key. Hyperscalers and vendors have recognized the importance of enabling partners to continue supporting customers directly, for example, through offering customized listings to customers through the marketplaces. The hyperscalers are investing in co-selling with both partners and vendors to drive momentum. There is a risk to the channel of course — those channel partners that don’t embrace this model will find themselves being overtaken by those that do. Even those that embrace this will need to continue showing value — and that value will change in future. But Canalys expects the share of hyperscaler marketplace business via channel partners to increase significantly over the next few years.

When preparing the latest Canalys Global Cybersecurity Leadership Matrix, Canalys worked with Channel Partner feedback collected over 12 months. What are the key lessons to take from it?

ESET’s Partners are generally very positive about their relationship with ESET and the support they receive. They are particularly positive about ESET’s ongoing commitment to partners (and channel-led strategy), ease of doing business, the quality of account management and technical support, and ESET’s ability to plan centrally and execute locally. This is why ESET achieved Champion status in this year’s global Cybersecurity Leadership Matrix report.

Based on this feedback, channel partners seek to prioritize relationships with vendors that align with the transformation in their business models and vendors offering products that partners can wrap their own services and solutions around. What does it mean for security vendors? What should they prioritize to create and maintain long-term relationships with partners?

In some ways, the same things apply to building long-term partner relationships: minimizing sales conflict, investing in partner profitability through effective partner programs, building trusted relationships between vendors and partners, and equipping partners with the skills to sell and support the vendor’s technologies.

But in addition to this, vendors must build greater flexibility into their programs and engagement strategies to support an increasingly diverse partner base and partners operating multiple business models, whether those are resell, managed services, consulting, development, etc. Increasingly, vendors co-selling, co-marketing, co-developing, and co-delivering with partners are becoming more important to delivering joint value to the customer. And recognizing customers will work with multiple partners throughout their technology life cycles — and that most partners lack the resources to specialize in every area — vendors must support effective collaboration between partners.

How important is it for cybersecurity vendors to bring innovations such as AI-powered services?

Of course, this is incredibly important. AI is moving to the center of a new cyber arms race between bad actors — cybercriminals that are weaponizing AI to launch more effective attacks — and the cybersecurity industry that is using AI to enhance cyberdefenses, augment existing capabilities, and improve predictions and remediation times. Vendors must be at the forefront of this race or risk falling behind. Canalys expects AI to usher in a whole new suite of advanced cybersecurity technologies. Channel partners and customers will choose to work with vendors that are staying ahead of a rapidly evolving landscape. At the same time, there is a danger that AI becomes overused in terms of vendor product launches and marketing, which will damage credibility and add to customer confusion when most are unclear about the value of AI. Avoiding this risk is critical to long-term success.

On the other hand, there are still some people who see cybersecurity as one single product, such as antivirus, and are surprised when they get a question about how many endpoints they have and what their network looks like. How to earn the trust of such potential partners and show them that cybersecurity is a much more complex topic?

Many customers still don’t place enough strategic importance on cybersecurity, and these customers are most likely to only think of one product, like antivirus. But they are also the most vulnerable. Cyber resilience needs to become a business hygiene factor, not a nice-to-have. Government regulations will play a bigger role in forcing that. The reality is that building effective cyber resilience as a customer means addressing a plethora of new threats and an expanded surface area that needs to be protected. For companies that understand this, the biggest challenge they face is managing an exponential increase in cybersecurity complexity. One way to do this is to work with a single managed services partner who takes on the management of this complexity on behalf of the customer. MSPs are seeing the fastest growth in the market as a result.

What are the benefits of having a long-term relationship with a leading cybersecurity vendor such as ESET?

Maintaining a long-term vendor relationship is important to ensuring consistency but also efficiency, in terms of the cost and complexity of managing that relationship … partners and customers don’t have to constantly retrain on different vendors’ products and processes, for example. But while there is a growing trend toward ‘platformization’ in the cybersecurity industry (concentrated around a few big cybersecurity vendors), the reality is that no vendor can do everything effectively in security. So, integration with other (specialist) vendors also becomes key to success.

According to Canalys, many partners rank visibility and community involvement highest of their criteria for vendor partnership — even higher than product or pricing. Why is that so?

We are in an ecosystem-led world, in which partners differentiate through specialist skills, customer focus, and business model. Vendors who empower partners within a broader ecosystem, who promote their partners’ skills, and drive collaboration between partners will provide more value to partners than those that just focus on product or pricing.

In the current world when almost everything is cloud-based or XaaS, is it still important for vendors to maintain local offices providing support to their partners?

Yes, local support will remain key. Even in a cloud-based world, relationships still matter. Cloud and AI can be used to augment those relationships and improve efficiency and productivity. But this is a highly competitive world, and those vendors who see the cloud as a way to step away from their partner relationships will suffer from a loss of relevance and share.

Currently companies and their IT admins are battling alert and portal fatigue. How important is it for cybersecurity vendors to help their partners with simplifying alert management and what are the current trends?

Extremely important. Customers are struggling to stay on top of the scale of cyber threats and the speed with which they emerge. Finding and retaining the skilled staff to do this is a constant struggle. One of the biggest trends in the market is the role of MSPs in managing that on behalf of customers. Vendors who empower their MSPs with tools like simplified alert management or use AI to automate certain low-level support functions will benefit (through enhanced chatbots, etc.) and ultimately this should enable them to deliver a higher level of support for their customers.

Is the pricing/billing system an important consideration in a partnership? What are the current trends? Do customers favor flexible daily billing or flat rates with long-term commitment?

With the shift to subscriptions, the biggest demands from customers in terms of billing and pricing are simplicity and predictability, when the complexity of managing multiple vendor subscriptions is increasing, with different start and end points, contract lengths, and billing models. This can make it extremely difficult to manage budgets, spending, and planning. Customers as much as possible want partners to help them eliminate that complexity. At the same time, they want flexibility to consume and pay in the way that aligns with their business models. The most successful cybersecurity vendors will help to simplify these models for customers and provide this flexibility to meet the needs of different customers.

About Version 2 Digital

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET 2024

How WeTransfer upgraded existing VPN to a cloud-native solution for enhanced security application and experience

In the bustling canals of Amsterdam, a vibrant Dutch company, WeTransfer, emerged in 2009, becoming a haven for creatives worldwide. Known for its ingenious solutions to share large files easily and collaborate with teams, the WeTransfer platform not only caters to creative minds seeking a hassle-free way to distribute their work but also integrates an advertising model that transforms time spent on the site into a visual feast.

WeTransfer takes a unique approach in having a viral product complemented by a full-screen advertising space used by hundreds of major brands around the world. The platform supports creative professionals, as well as creative communities facing the world’s most pressing issues.

As a platform serving tens of millions of people around the world, cybersecurity and operational efficiency are top priorities.

In this interview, Director Enterprise IT Adam O’Toole shares why and how WeTransfer embarked on using NordLayer.

The challenge

Legacy VPN and the need for reliability

VPN is used at WeTransfer not only for the engineering team to connect to several development APIs. It’s also necessary to validate global ad displays in over 130 countries. Ensuring continuity demanded a more flexible and robust solution.

“Moving to a new HQ, we were faced with a fresh challenge: our VPN was physically hosted on-site so our engineering teams could connect to systems that were inside our network. We needed a cloud alternative for changing places”

Click to tweet

The impending office move only accelerated the search for a cloud-based VPN that could offer uninterrupted service and global reach.

The solution

Strategic transition to a hassle-free tool

At WeTransfer, the team used two VPNs in total. One was dedicated to product development in the engineering department. The other was established due to a hybrid work model for remote employees to connect to the network and ad team for localization.

NordLayer stood out for several reasons. First, it’s a fully cloud-native solution. Also, it provides an extensive network of global gateways and static IP addresses, which is excellent for a global company like WeTransfer, present in different countries.

“Our ISO certification demands rigorous checks and balances, a standard that NordLayer meets with its comprehensive access policies, ensuring every connection is secure and aligned with our high standards.”

Click to tweet

What is more, it seamlessly integrates with the company’s security framework. And finally, it ensures compliance, a requirement for WeTransfer to follow ISO 27001 standards.

“We are a small team supporting a company of 340+. We need our tools to work for us, not against us. With automation, we’ve been able to spend less time on manual tasks and more on what matters, proving that a lean team can go a long way.”

Click to tweet

The transition marked a pivotal shift towards a cloud-based model, offering a seamless, maintenance-free experience that contrasted with the upkeep of the previous system.

Why choose NordLayer

The journey to NordLayer began with a collaborative effort to understand the specific needs across departments.

We gathered a list of different departments to see how they use a VPN.
The survey format helped us understand the needs and the demand for a VPN tool.
We crystalized the use cases and how many gateways we needed.
Some of the criteria were simple integration into the infrastructure, hassle-free usage, and static IP setup.
Simplicity in using and maintaining the tool was equally important to security.

The integration with the existing security framework simplified access control, ensuring a smooth onboarding and offboarding process that resonated with the company’s lean IT team ethos.

“Okta integration was a big push from a security perspective for us to have better access control and automation when people come and leave.”

Click to tweet

With the Okta integration supported by NordLayer, the company can leverage stronger authentication mechanisms. Biometric authentication via Okta FastPass provides an additional level of security, allowing it to better protect against common attacks.

The intuitive dashboard and the provision for fixed IP addresses further streamlined operations, making NordLayer an obvious choice.

Rethinking the VPN strategy when transitioning to a cloud-based tool from a physical VPN

NordLayer’s appeal lies in its ability to meet the company’s unique demands. Its vast network of gateways enabled the advertising team to accurately preview campaigns across different regions, a critical feature for a global player in the advertising space.

The outcome

Seamless operations and enhanced productivity

The switch to NordLayer translated into tangible benefits. The IT team was liberated from the monthly maintenance rituals that had previously hindered productivity and could focus on strategic initiatives.

“With NordLayer, it’s simple: if you’re in, you get access; if you’re out, you lose it. The dashboard is clear, making setup quick and getting results easy.”

Click to tweet

Thanks to NordLayer’s dedicated gateways, WeTransfer improved developer experience for engineers located outside of the Netherlands, with quicker feedback loops during development cycles.

Pro cybersecurity tips

Cybersecurity hygiene is very personal yet important to follow, just as taking care of yourself. It can be achieved differently but for the same result—secure digital environments. This interview was no exception to asking how IT professionals prioritize cybersecurity in their daily lives. Thus, Adam O’Toole, Director Enterprise IT at WeTransfer, shares his favorite and most important tips on what matters first.

WeTransfer adoption of NordLayer showcases how cybersecurity posture was improved by underscoring the importance of adaptability, collaboration, and strategic tool selection in the digital age.

The journey from a physical VPN system to a streamlined, cloud-based solution not only enhanced operational efficiency but also fortified the company’s cybersecurity defenses. As a result, the company can continue its mission of supporting the global creative community with trust and confidence.

About Version 2 Digital

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

2024 Nord Security NordLayer