Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Visibility and response across your entire Microsoft security ecosystem.
XDR with Machine Learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert threat hunting, original research, and proactive threat intelligence.
TRU is foundational to our MDR service. No add-ons or additional costs required.
Flexible MDR packages that enhance your cyber resilience and security operations.
Stop ransomware attacks before they disrupt your business.
Detect and respond to zero-day exploits.
Protect against third-party and supply chain risk.
Adopt a risk-based approach to cybersecurity.
Protect your most sensitive data.
Meet cybersecurity regulatory compliance mandates.
Eliminate misconfigurations and policy violations.
Prevent business disruption by outsourcing MDR.
Meet insurability requirements with MDR.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and mediating threats to prevent lateral spread.
Enhance investigation and threat detection across multi-cloud or hybrid environments.
Remediate critical misconfigurations, security vulnerabilities and policy violations across cloud and containerized environments.
Detect malicious insider and identity-based behavior leveraging machine learning models.
THE THREAT eSentire is aware of widespread exploitation attempts targeting the recently disclosed ownCloud vulnerability CVE-2023-49103. CVE-2023-49103 (CVSS: 10) is tracked as a disclosure of… READ NOW
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company's mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Waterloo, ON and GITEX GLOBAL 2023, Dubai, UAE – October 18, 2023 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), today announced that Inspira Enterprise Inc, (Inspira), a… READ NOW
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
We believe a multi-signal approach is paramount to protecting your complete attack surface. See why eSentire MDR means multi-signal telemetry and complete response.
See how our 24/7 SOC Cyber Analysts and Elite Threat Hunters stop even the most advanced cyberattacks before they disrupt your business.
Choose the right mix of Managed Detection and Response, Exposure Management, and Incident Response services to strengthen your cyber resilience.
Try our interactive tools including the MITRE ATT&CK Tool, the SOC Pricing Calculator, the Cybersecurity Maturity Assessment, and our MDR ROI Calculator.
Read the latest security advisories, blogs, reports, industry publications and webinars published by eSentire's Threat Response Unit (TRU).
See why 2000+ organizations count on eSentire to build resilience and prevent business disruption.
How many times have you received an email from someone telling you that you’ve recently “come into some money”? All you have to do is respond with your bank account information and they’ll transfer the funds immediately. Or someone impersonating your IT department asking you to open an attached file to upgrade your email account. Or what about the email from a “close friend” who is out of cash in a foreign country and needs money to get home safely.
These are just a few common examples of cybercriminals trying to gain access to your company data or finances through malware.
In a recent interview with Carol Leaman, President and CEO of Axonify, the creator of the world’s first Employee Knowledge Platform; Eldon Sprickerhoff, Founder and Chief Security Strategist of eSentire, the creator of an award-winning cybersecurity platform for mid-sized organizations; and Leon Punambolam, Technology Industry Leader at Cowan Insurance Group, a preeminent insurance brokerage and consulting operation, and one of Canada’s Best Managed Companies; we discussed how cyber risk affects companies today and what we can do to protect ourselves, our employees and our businesses from these potentially severe crimes.
Cyber risk comes in a variety of forms from phishing attacks to social engineering to ransomware and beyond. Cyber risk is real. Cyber risk is serious. Cyber risk affects every business, big or small. It’s not a matter of if it’ll happen to your business; it’s a matter of when.
According to Eldon Sprickerhoff, “any threat that affects the confidentiality, the integrity or the availability of electronic information, is a cyber risk to your business.”
Arguably, the most devastating form of cyber risk to a business is ransomware. This involves a cybercriminal gaining access to your company files through malware and often requires your company to pay thousands, if not hundreds of thousands or millions of dollars to get those files back. This can be incredibly detrimental to those industries housing personal, financial or other uniquely valuable electronic information.
A recent survey sponsored by Malwarebytes and conducted by Osterman Research found that Canadian companies are more likely to pay ransom demands than those in Germany, the U.S. and the U.K.—the other regions included in the survey. More than 82% of the Canadian companies surveyed, affected by ransomware, lost company files if they didn’t pay the ransom; 43% lost revenue; 25% experienced an interruption in business.1
Fortunately, there are varieties of prevention strategies your business can exercise to protect itself and its employees from the damaging effects of a cyber breach.
So, what is the true threat to your business’s cybersecurity? It’s technology, right? Wrong. It’s your people.
People are the gateway to your business’s data. They have passwords and access to your business’s backend information, they’re receiving the infected emails, and they’re clicking the links to open the door to the cybercriminals.
If you’ve grown your business beyond the 10-employee mark, you’ve likely outgrown your security processes and need to reevaluate where your threats lie. The family atmosphere and personal trust often found in small, close-knit businesses can remain, however, that doesn’t mean everyone needs access to your backend information if their job description doesn’t warrant it.
What about the less obvious cyber risks? The ones you’d never think could happen to your business: insider threats. Employees experiencing hardships—financial, health related or otherwise—can be susceptible to taking part in these insider cybercrimes. If they’re the ones who have access to your data, you may want to consider how you’re protecting your business from this risk too.
Just as you would train your employees on the dangers of chemicals and their appropriate use, the same considerations apply to cyber use.
Since employees are your greatest risk when it comes to a cyber breach, employee education on the subject should be included in your new employee training and education programs and, as ongoing training initiatives for existing employees. If your employees are aware of the dangers of cyber threats, how they can be targeted, what to look for, and how to respond (or not respond), your business is one-step closer to cybersecurity.
It’s likely your new employee training is a one- or two-day training session where loads of information is piled on new employees and they’re expected to remember it all six months down the road. Your employees won’t absorb this information and recall it days, weeks or months from now when they encounter one of those malicious emails they’re guaranteed to receive.
“A typical human being will remember 5-10% of what they learned 30 days earlier,” says Carol Leaman. “All the effort put into those one-day employee training sessions goes to waste because the brain is incapable of moving all information from short-term memory to long-term memory effectively.”
It takes ongoing training to ingrain that information in your employees’ memories. Using learning techniques like delivering small chunks of training several times per week, querying employees on their knowledge repeatedly over time, and allowing them to play games while they learn, will engage your employees and help them retain that information long term. Then, when they receive one of those malicious emails, they’ll know not to open it, click on any links or respond to the sender with confidential information.
It’s important to remember that employee education will reduce the risk of a cyber breach; however, it doesn’t stop the criminals from trying. Providing ongoing education and training to employees, revamping the information, altering how you deliver it, and staying up to date on prevention strategies are effective ways to protect your employees in the fight against cybercriminals.
Now that you know the risk to your business when it comes to cybercrime, along with the systematic and human resource mitigation tactics, how are you going to further protect your business assets?
You insure your house from a fire, your car from an accident and your life from illness—your business needs protection from its threats too. Since cyber risk has only recently become a common theme at the Executive table, not everyone is aware of the risk protection and liability coverage available. And those who are aware often think they don’t need the insurance because a cybercrime will never happen to their business.
“Surprisingly, many company executives and business owners in Canada aren’t seriously considering the impending threat from cybercriminals,” says Leon Punambolam. “In reality, it’s much easier than you think for the ‘bad guys’ to target your business and damage what you’ve worked so hard to achieve—including your positive corporate reputation.” What would happen to that reputation and the trust that your clients place in your business if it were to experience a cyber breach? The longer you wait to protect your assets, the more time and opportunity you’re giving these criminals to hone their skills and hit your business.
A medium-sized organization can receive upwards of 10,000 emails to their spam filters per day. If a failure in technology or process were to occur and one of those emails were to cause a cyber breach, the impact on the business could result in: significant financial costs, damaged reputation, decreased public trust, fines or sanctions for regulatory non-compliance, loss of business or competitive edge, and loss of productivity.
In addition to understanding the impact on your business and insuring your assets from the ground-up, it’s important to consider your risk tolerance. Risk management is about identifying risks, mitigating risks and transferring risks—which is where insurance comes into play. Knowing what assets are most at risk in your business (when it comes to cyber) and how much risk your business is willing to take, will help you identify your insurance needs.
Working with a broker who is well versed in cyber risk will help your organization understand its overall threat of cyber, address insufficiencies to mitigate the risks, and leverage insurance coverage for the balance of the risk to your business. Additionally, your broker can identify and help you create a plan to implement proactive process controls to further minimize the impact of a breach.
At the end of the day, it’s about protecting your business from the inevitable. Cybercrime is a risk to all businesses. The armour you use to protect your business, from cybersecurity to employee education to business insurance, will make it harder for cyber risk to damage your business and your bottom line.
Eldon Sprickerhoff is the original pioneer and inventor of what is now referred to as Managed Detection and Response (MDR). In founding eSentire, he responded to the incipient yet rapidly growing demand for a more proactive approach to preventing and investigating information security breaches. Now with over 20 years of tactical experience, Eldon is acknowledged as a subject matter expert in information security analysis. Eldon holds a Bachelor of Mathematics, Computer Science degree from the University of Waterloo.