Blogs

In my predictions for 2020, I highlighted that tape is not going away any time soon. It's actually experiencing a renewal as it has become quite obvious to a whole new generation of IT professionals that it is a great medium for high-capacity and low-cost storage. 

Introducing ESG’s Modern Email Security Video Series

As part of my ongoing research around modern email security, I am shooting a series of video interviews with leaders from several email security solution providers, talking about the current email threat landscape and strategies to defend against them. My goal is to make these educational, explaining what’s happening on both the attacker side and the defender side.

As part of the ESG annual IT spending intentions research for 2020, respondents were asked to identify the area where their organizations have a problematic shortage of skills. Cybersecurity topped the list of problematic skills shortage areas, just as it has for the past 9 years.

ESG research shows that cybersecurity training can help reduce cyber-attacks. Our research also shows that awareness training is not considered as effective as many other security services.

Join Jon Oltsik and Christina Richmond for a discussion on why we must continue training our non-technical employees how to spot phishing and business email compromise (BEC) attacks and how we must strive to engage the entire company culture in the belief that cybersecurity is all of our responsibility. 

2020 started with a bang in the data protection space with the announcement of the acquisition of Veeam by Private Equity firm Insight Partners. Insight Partners is no stranger to the space, having invested in Acronis, as well. In this short blog, I am going to net out my views on this acquisition.  

It's great news for the market! Let's be clear, the backup and recovery space is hot and growing, but it is yesterday's market. It is evolving into something else, which I have coined the data intelligence market, an evolution of backup and recovery that places data and data reuse at the heart of the enterprise. Whether enabling digital transformation or leveraging "dark" or dormant data, the idea is to leverage data assets. This acquisition is about the next stage of the market.

Accenture announced today that it has agreed to acquire Symantec's Cyber Security Services (CSS) business from Broadcom. This is big news for both Accenture and Symantec. 

Today’s announcement of Mimecast acquiring Segasec should help companies close another important gap in the race against the rampant phishing and credential theft attacks.

As Mimecast builds out their Email 3.0 strategy, the acquisition of Segasec will put the heat on bad actors who are busy stealing credentials by impersonating many of the world's biggest companies. With so many phishing attacks attempting to lead users to fake or impersonated web sites where they unknowingly give up login credentials and other sensitive information, many of the largest online companies become the biggest targets.

Mimecast continues to extend their email security platform to protect against the growing email-led threat vector. While many email security companies have implemented filtering techniques to detect and slow down url and domain spoofing, impersonation sites have been left unattended. Segasec’s subscription service proactively hunts down impersonation sites and shuts them down. This is kind of like going after the drug dealer’s home instead of the drug user. To accomplish this, Segasec continuously monitors domain name registrations, certificates, social networks, and more, looking for indications of impersonation. And when they find them, they have several methods of blocking access or taking down the impersonated sites.

As of January 1^st, the California Consumer Privacy Act is now in effect. The CCPA lets anyone in California request all the information a company has on them as a consumer, including what data has been sold to /accessed by other companies. And when it comes to penalties, if a company is notified of being out of compliance (i.e., unable to provide all the data of their consumers), they have 30 days to comply or they will get fined per record. And that “per record” component is important because it highlights how quickly a fine could balloon into billions of dollars in fines. The interesting component of this is that if a company doesn’t comply, it opens companies to face class action lawsuits from consumers.