My first interaction with a firewall was with a TIS Gauntlet that I compiled on a Sun workstation in 1994. Since then, I have worked with firewalls from Checkpoint (back when configuration files were clear text flat files and they only had support out of their headquarters in Israel), Raptor, Pix (when they booted from a 3 ¼” floppy), and finally the Cisco ASAs, FortiGates, and Palo Alto firewalls of today.

Modern organizations are built on data. It enables collaboration and helps us engage with customers. But that same helpful data is also sprawled across countless apps, making it difficult to secure. Ransomware attacks are on the rise — 57% of security leaders expect ransomware to compromise their organization within the next year — which makes data protection more essential than ever.

Many of today’s security tools are built to secure cloud services. But we need to keep in mind that many organizations still require configurations that don’t have direct connection to the cloud. Organizations that have numerous branch locations — like convenience stores, school districts and banks — often use a software-defined wide area network, or SD-WAN.

The education systems, including K-12 school institutions, are in the crosshairs of increasingly frequent and sophisticated cyberattacks. In just one month of 2021, educational organizations suffered more than 5.8 million malware incidents. Teachers, administrators and students are also targets as they use various devices such as laptops and smartphones to browse social media or send messages with friends and family.

It seems like every week another household brand announces that they’ve been the victim of a data breach. Recently, cloud communications company Twilio announced that its internal systems were breached after attackers obtained employee credentials using an SMS phishing attack. Around the same time, Cloudflare, a content delivery network and DDoS mitigation company, reported that its employees were also targeted but their systems were not compromised.

Even before working from anywhere became the norm, organizations of every size were already becoming more reliant on mobile devices and productivity apps. But this reliance has also opened users, devices and data up to more risk. This is why we are thrilled to see our friends at Vodafone offering a new bundle for small businesses that brings together Lookout for Small Business mobile security and Google Workspace, a suite of collaboration and productivity apps by Google.

One of the best ways to stay up to date on how mobile devices affect your organization's security is by reading the Mobile Security Index (MSI) by Verizon. Lookout is a long-time contributor to the report, including the 2022 edition that was just published. This year’s MSI is especially interesting, as it dives deeper into the interconnectivity that now exists between endpoint devices and cloud applications.

Higher education institutions have long been subjected to ransomware and other cyber attacks, which has had a huge impact on their operations. In 2020 alone, ransomware attacks affected nearly 1,700 U.S. schools, colleges and universities – which is an increase of 100% over the previous year. The average cost of these attacks were $2.73 million in downtime, repairs and lost opportunities.

Cyberattacks targeting university and government healthcare facilities are on the rise. In the first four months of 2021, the U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center tracked a total of 82 ransomware incidents targeting the healthcare sector, with nearly 60% of them affecting the U.S. market. The impact has been devastating.

On the latest episode of the Security Soapbox podcast, I spoke with Ramy Houssaini, Chief Cyber and Technology Risk Officer at BNP Paribas, about the challenges Chief Information Security Officers (CISOs) face in an increasingly complex digital landscape. Change happens quickly in the cloud, and many organizations are faced with the issue of evolving their security strategy at the same pace. This ends up leaving sensitive apps and data vulnerable to cyberattacks.