Featured Article : Usage Based Pricing And Now Hybrid Pricing
Although Openview’s recent second report shows that most SaaS companies used usage-based pricing last year, many are now moving to hybrid models.
What Is Usage Based Pricing?
Usage-based pricing (UBP) is a pricing model where customers are charged based on how much they use a particular product or service. In the context of SaaS (Software as a Service), usage-based pricing means that the amount a customer pays for the service is, therefore, directly tied to how much they use it. For example, a SaaS company that offers an email marketing service may charge customers based on the number of emails they send each month, or a SaaS company that provides a project management tool may charge customers based on the number of active projects they have at any given time.
Types
There are many popular types of UBP, including pay-per-use, tiered pricing, subscription-based pricing, and freemium pricing, but the pricing model commonly used in industries such as software and SaaS, where businesses charge based on the number of employees or users accessing the product, is known as per-seat pricing.
61 Per Cent Used UBP Last Year
Openview’s second ‘The State of Usage Based Pricing’ report (published this month and based on a survey conducted among a diverse range of private SaaS companies in July-August 2022) shows that 61 per cent of SaaS companies used some form of UBP in 2022. The report also shows that another 21 per cent plan on testing UBP in the future.
Who?
Some examples of well-known tech companies shifting to UBP in recent times include Apigee, Google Cloud’s API management platform, and vertical software giant Autodesk. UBP is, however, used by many other big names including Slack, Mailchimp, Spotify, and many more.
What Are The Main Benefits Of UBP?
Some of the main benefits of UBP that explain why it’s been gaining in popularity in recent years include:
– It seems fair. UBP can be more fair than flat-rate pricing, as customers only pay for what they use. This ensures that customers who use less of a product or service pay less than those who use more.
– Cost-effectiveness. UBP can be cost-effective for both customers and businesses. Customers can save money by paying only for what they use, while businesses can reduce the amount of waste or excess inventory they have on hand.
– UBP is more flexible and allows customers to adjust their consumption based on their needs and budget. This can be particularly useful for customers who have fluctuating demand, such as those in seasonal businesses.
– Transparency. UBP is often more transparent than flat-rate pricing, as customers can easily see how their usage translates into costs. This can help build trust and loyalty between businesses and customers.
– It’s relatively simple to understand.
– It allows SaaS companies to share in their customers’ success, making it what could be called a Product-led growth (PLG) model, i.e. where product usage drives customer acquisition, retention, and expansion.
– It incentivises efficiency. UBP incentivises customers to be more efficient in their usage, as they will be directly rewarded for reducing their consumption. This can be particularly effective in industries where energy or resource conservation is a priority.
Why Charge On Usage Instead Of Users?
Some reasons why UBP has been preferred over pricing based on user numbers in recent years include:
– Seat pricing doesn’t scale with the value of automation. Software increasingly automates manual processes so the more successful a product is, the fewer user seats the customer needs.
– With the rise of AI gradually eliminating the need for whole teams of people for ongoing tasks, it’s become more difficult to achieve Monetisation that’s tied to human users of a product.
– For many fast-growing software companies, the value is in the API, i.e. software talking directly to software, so there doesn’t need to be a user to see value.
– Value-based pricing. UBP aligns with the value that the software provides to the customer. If a customer is using the software frequently, then they will pay more, while a customer who uses it less will pay less. This model can create a stronger connection between the value the software provides and what the customer is paying for it.
– Customer acquisition. By using UBP, SaaS companies can attract and retain customers who might be hesitant to commit to a fixed per-user fee. This pricing model can be more attractive to customers who are new to a particular software solution or are just testing the waters. UBP can also help companies to acquire and retain customers who have variable usage patterns.
– Competitive advantage. Offering UBP can give SaaS companies a competitive advantage over their competitors. By providing flexible and cost-effective pricing, SaaS companies can differentiate themselves from their competitors and attract more customers.
– Improved customer retention. UBP can lead to higher customer retention rates since customers are only paying for what they use. If customers feel they are getting value from the software and the pricing is fair, they are more likely to stay with the company over the long term.
Changing – A Move Towards Hybrid Pricing
In addition to showing how popular UBP still is, the report also highlights the fact that today’s SaaS companies are now turning to more complex, hybrid pricing models, and that usage-based models exist somewhere in the middle of a pricing method spectrum.
Figures show that it’s not simply a case of usage-based pricing or subscriptions and that the share of companies with a largely usage-based or pay-as-you-go model has declined year-over-year (22 per cent to 15 per cent).
The report makes the point that hybrid pricing models appear to be more effective in today’s uncertain market conditions, e.g. mass tech layoffs and the rise and fall of company valuations and can help companies win deals and meet customers where they are.
The future of SaaS pricing, therefore, appears likely to continue being more blurred, with companies using blended models, e.g. Zapier, offering subscription tiers that include consumption as one of its main variables.
Stacking
One of the other SaaS pricing features noted by the report was that new stacks of products are being introduced by SaaS companies to help them offer more complex pricing and as a way of experimenting with (and changing) their pricing.
What Does This Mean For Your Business?
Broadly speaking, although UBP for SaaS companies is still on the way up, recent uncertain market conditions have seen many SaaS companies moving to hybrid models. Combining elements of different pricing models and creating new stacks of products have helped SaaS companies to take advantage of more complex pricing and have made them better able to weather the current economic challenges. It appears, therefore, that although UBP has many advantages and is still popular, the future is more blurred, hybrid pricing and UBP will exist in the centre of a spectrum of pricing model mixes rather than replacing other pricing models.
Tech News : 2FA Storm At Twitter
Twitter-owner Elon Musk’s latest decision to turn off SMS 2FA after 20 March unless you pay for Blue Tick has caused another storm of criticism.
What And Why?
On 15 February, Twitter announced that: “starting today, we will no longer allow accounts to enroll in the text message/SMS method of 2-Factor Authentication unless they are Twitter Blue subscribers.” Twitter Blue is Twitter’s own paid-for authentication service which was ramped-up recently as a way of giving Twitter another revenue stream to get away from its near total reliance upon ad revenue.
Twitter justified the change by saying that: “unfortunately we have seen phone-number based 2FA be used – and abused – by bad actors”.
SMS 2FA Known To Be Insecure
It’s true to say that SMS as a form of 2FA has been known (for several years) to be much less secure for authentication than some other methods. For example, cyber criminals operate SIM jacking and SIM swap hacks and obtain leaked credentials like a username, cracked password, and phone number, enabling them to get past 2FA, e.g. using a password reset and fooling the device.
That said, at least having SMS 2FA is much better and more secure than having no second authentication factor enabled.
Non-Twitter Blue Users Have 30 Days
Twitter also announced that for non-Twitter Blue subscribers (i.e. the vast majority of Twitter users) who are currently using SMS as their 2FA method on the platform, it’s a case of being given 30 days to disable SMS and find another third-party 2FA solution, after which time, SMS 2FA will be switched off. Twitter says that “After 20 March 2023, we will no longer permit non-Twitter Blue subscribers to use text messages as a 2FA method. At that time, accounts with text message 2FA still enabled will have it disabled”.
What Are The Options?
Twitter recommends using an authentication app or security key method instead. Examples of popular authentication apps include Google Authenticator, Microsoft Authenticator, Authy, and LastPass Authenticator. A security key can use a USB based method, or some people connect wirelessly or through Apple’s lightning port. Examples of popular security keys include Yubico Yubikey, Kensington VeriMark USB-C, and Nitrokey FIDO2.
What If You Haven’t Found An Alternative In That Time?
One of the main criticisms within the online storm following the announcement is that if non-Blue Tick users don’t get an alternative in place before 20 March they’ll simply be left with no protection and, presumably, open to security threats.
Others have questioned the fact that if Twitter’s move was motivated by security, wouldn’t they want their paid accounts to have a more secure method of 2FA than SMS too?
What Does This Mean For Your Business?
Although it’s accepted that SMS for 2FA is one of the less secure methods, it seems likely that this change is more about money. For example, the Blue Tick service is a way to create a revenue stream beyond advertising and although it appears a little heavy handed, this announcement may get more Twitter users to sign up. Also, sending SMS messages costs money and Twitter presumably needs to save more money right now wherever possible. It’s not surprising that many users may feel a little concerned about being given a time limit and being essentially told to go and sort their own security arrangement out but given the troubles at Twitter lately, they may not be too surprised. That said, one positive aspect may be that it may increase awareness about the different types and brands of authenticators and security key options available and their pros and cons, and it may actually mean that non-Blue Tick accounts will be more secure and less at risk as a result.
Tech Insight : What Are SPF, DKIM, And DMARC Records?
In this insight, we look at the popular email authentication protocols SPF, DKIM, and DMARC, how they work, why they’re important, and what happens if they’re not set up properly.
What Is SPF?
SPF, or Sender Policy Framework, is an email authentication protocol used to verify the sender of an email message. It is used to detect and prevent email spoofing, a common tactic used by spammers and cybercriminals to send email messages that appear to come from a legitimate source.
How Does SPF Work?
SPF works by allowing the domain owner to publish a list of authorised email servers in the DNS record of their domain. When an email message is sent, the receiving mail server checks the SPF record of the sender’s domain to verify that the email was sent from an authorised server. If the sending server is not on the list of authorised servers, the receiving mail server may mark the email as spam or reject it outright.
Why Is SPF Now So Important?
SPF is one of several email authentication protocols that can be used to combat spam and other forms of email fraud.
What Is DKIM?
DKIM, or DomainKeys Identified Mail, is an email authentication protocol that is designed to verify the authenticity of an email message and detect email spoofing. Like SPF, DKIM is used to combat spam and other forms of email fraud.
How Does DKIM Work?
DKIM works by adding a digital signature to the header of an email message. The signature is generated using a private key that is known only to the sender’s domain. When the email message is received by the recipient’s mail server, the server can verify the signature using a public key that is published in the sender’s domain’s DNS records. If the signature is valid, the email is considered to be authentic, and the receiving server can then deliver the email to the recipient’s inbox.
DKIM can also help protect the reputation of the sender’s domain. By signing their email messages with a DKIM signature, legitimate senders can provide a mechanism for email receivers to determine that the message is legitimate, which can reduce the likelihood that the message will be marked as spam or rejected outright.
Why Is DKIM So Important?
In combination with other email authentication protocols like SPF and DMARC, DKIM can provide a strong defence against email spoofing and other forms of email fraud.
What Is DMARC?
DMARC, which stands for Domain-based Message Authentication, Reporting, and Conformance, is an email authentication protocol that is used to combat email fraud and phishing attacks. DMARC is designed to give email domain owners greater control over how their emails are processed by receivers and provides them with visibility into how their domain is being used to send email.
How Does DMARC Work?
DMARC works by allowing the domain owner to publish a DMARC policy in their DNS records that instructs receiving mail servers how to handle email messages that fail authentication checks. The DMARC policy can be set up to instruct receivers to either quarantine, reject or allow email messages that fail authentication checks (such as SPF and DKIM).
DMARC also provides feedback to the domain owner about how their emails are being processed by receivers. This feedback can include information about how many emails are passing or failing authentication checks, which email services are processing emails on behalf of the domain owner, and more.
Why Is DMARC So Important?
By using DMARC, email domain owners can better protect their brand reputation, improve their email deliverability and reduce the likelihood that their domain will be used for fraudulent or malicious purposes. DMARC is often used in combination with other email authentication protocols such as SPF and DKIM to provide a more comprehensive email security solution.
What can happen if SPF, DKIM, and DMARC are not set up properly?
If SPF, DKIM, and DMARC are not set up properly, it can leave a domain vulnerable to email-based attacks such as phishing, spamming, and spoofing. For example:
– If SPF is not set up properly, it can allow unauthorised senders to use a domain name to send email messages, which can lead to email spoofing. This can result in the recipient receiving a message that appears to be from a legitimate sender when, in fact, it is not.
– If DKIM is not set up properly, it can also allow unauthorised senders to use a domain name to send email messages. In addition, it can result in messages being marked as spam or rejected by email receivers, even if they are legitimate.
– If DMARC is not set up properly, it can result in a lack of visibility into how a domain is being used to send email, which can make it difficult to identify and respond to email-based attacks. It can also lead to email messages being marked as spam or rejected by email receivers, even if they are legitimate.
-Without proper setup of SPF, DKIM, and DMARC, legitimate email messages may not be delivered to the intended recipient’s inbox, while malicious or spam messages may pass through to the inbox, potentially leading to security threats or the compromise of sensitive information.
What Does This Mean For Your Business?
Email is one of the most common attack vectors used by cybercriminals, with a considerable proportion of security threats arriving in emails. According to various studies and reports, the majority of cyberattacks and security threats are initiated through email. For example, the 2021 Verizon Data Breach Investigations Report found that 85 per cent of all data breaches involved a human element, with phishing and credential theft being the top methods used by attackers. Additionally, the report found that 36 per cent of all breaches involved the use of stolen or compromised credentials, many of which were obtained through phishing attacks.
Also, the 2021 Microsoft Digital Defence Report found that phishing attacks were the most common type of threat observed, with attackers using a range of social engineering tactics to trick users into providing sensitive information or downloading malware.
Similarly, other studies have shown that a significant proportion of malware is delivered via email. For example, a 2020 report by cybersecurity company Symantec found that email was the most common vector for malware attacks, with over 70 per cent of all malware being delivered via email.
Overall, therefore, email should be a critical area of focus for businesses cybersecurity professionals, and it is essential that businesses and organisations take steps to protect themselves against email-based attacks. This can be done through the use of email authentication protocols like SPF, DKIM, and DMARC, as well as through user education and training on how to identify and respond to phishing and other email-based threats. Therefore, it’s important for email domain owners to properly set up and maintain these email authentication protocols to ensure the security and integrity of their email communications.
Sustainability-in-Tech : Search Engine Sustainability Shock
With the integration large language models (LLMs) into search engines, some are predicting that the massive increase in computing power needed could mean huge carbon emissions.
What Are Large Language Models?
Large language Models (LLMs) are types of artificial intelligence (AI) models that are trained on vast amounts of text data to understand natural language. These models are typically based on deep learning architectures such as neural networks, and are capable of generating human-like language and carrying out a variety of natural language processing tasks. OpenAI’s ChatGPT and Google’s Bard chatbots are examples of LLMs.
Integrating LLMs Into Search Engines
Following the massive success of OpenAI’s ChatGPT (OpenAI has close working links with Microsoft), both Google, Microsoft, and now Chinese search company Baidu have all announced plans to upgrade their search engines by integrating generative AI tools which use LLMs to enable their search engines to understand and respond to complex questions. This is intended to give search engine users a better search engine experience and enable the search engines to compete with eachother in this new area.
For example:
– Microsoft has announced that it is to introduce a “new, AI-powered Bing search engine and Edge browser” (in preview Bing.com), using OpenAI’s LLM, to “deliver better search, more complete answers, a new chat experience and the ability to generate content.”
– Google has announced that it is testing and will soon be introducing its own conversational AI chatbot, powered by LaMDA, Google’s own AI, and that it will be integrated into the Google search engine.
Environmental Implications
In addition to worries about inaccuracies in the answers given by chatbots e.g., Bard’s recent costly wrong answer given in an advert for the chatbot, one major concern that many have overlooked is how much carbon emissions could be increased through the wider use of LLMs.
How And Why?
As highlighted in quotes from University of Surrey Professor Alan Woodword (in Wired), “There are already huge resources involved in indexing and searching internet content, but the incorporation of AI requires a different kind of firepower.” Professor Woodword is referring to his view that the wider use of LLMs could be a step change in online processing that could massively increase the power and cooling resources needed by large processing centres which could, of course, have a much bigger environmental impact i.e., more carbon generation. There may also be increased challenges in how data centres will deal with the extra heat produced.
How Much?
An idea of how big environmental problem this could be may come from a third-party study published on a Cornell University arXiv archive which states that “larger models translate to greater computing demands and, by extension, greater energy demands.” The research paper highlights how training GPT-3, autoregressive language model that ChatGPT is partly based on, consumed 1,287 MWh and that this led to emissions of more than 550 tons of carbon dioxide equivalent. To put the figure in perspective, this is the same amount of CO2 that would be produced by a single person taking 550 roundtrips between New York and San Francisco. Adding to this the fact that more LLMs are being introduced, and integrating chatbots into search engines such as Bing and Google which have tens of millions of users per day has some tech commentators, such as Martin Bouchard of Canadian data centre company QScale to estimate that this will mean “at least four or five times more computing per search.” In order to process this demand, more hardware and more data centres will be needed, which is an unwelcome prospect considering that data centres already account for one per cent (IEA) of the world’s greenhouse gas emissions. This may also make it very challenging for big tech companies to meet their green targets e.g., Microsoft aiming to be carbon negative by 2050.
AI Can Also Help Reduce The Impact Of Itself
That said, there are several ways that AI could be used to help offset the extra energy and carbon impacts that the increased use of Large Language Models (LLMs) produce. For example:
– Helping to develop more energy-efficient training methods. AI researchers can use machine learning algorithms to optimize the training process and reduce the number of computations required to train a model, which can significantly reduce the energy consumption.
– Cloud providers can use AI to optimise their data centres and reduce their energy consumption. For example, machine learning algorithms can be used to predict the demand for cloud resources and allocate them more efficiently, reducing the number of idle servers and minimising energy waste.
– Researchers are also exploring the use of green computing technologies to reduce the energy consumption of LLMs. AI algorithms can be used to optimise the scheduling of computing tasks and reduce the number of idle processors, which can significantly reduce the energy consumption.
– Sustainable computing practices can be adopted to ensure that LLMs are developed and used in an environmentally responsible way. This includes using renewable energy sources, reducing waste, and recycling materials whenever possible.
What Does This Mean For Your Organisation?
So much has been reported about the amazing capabilities of LLMs and the new generation of chatbots led by the arrival of ChatGPT, and of how search engines could be seriously upgraded by incorporating them, that the possible environmental impacts appear to have been overlooked and under-reported until now. Data centres are already struggling to cope with demand and the need to reduce energy consumption and carbon emissions, and incorporating chatbots (which already have large energy requirements) into search engines which process hundreds of millions of searches per day looks likely to have a huge negative environmental impact i.e., higher energy requirements, greater carbon emissions, and the need for even more data centres. Now may be the time for tech and computer giants to get together and focus on finding new and innovative ways to minimise the environmental impact of these new technologies e.g., perhaps using more environmentally friendly AI-based solutions. Also sourcing more green and sustainable energy and being transparent and ethical in the use of data could help, but in the short term, it looks as though the rise of these new super-powerful chatbots is likely to create more environmental challenges than solutions.
Tech Tip – Useful YouTube Shortcuts
If you’d like a fast and easy way to navigate within YouTube, here are some top keyboard shortcuts.
– While watching a YouTube video, use the following letters on their own on the keyboard (no need for shift) for the following functions: F (full screen), K (play/pause), J (rewind 10 secs), and L (fast-forward 10 secs).
– Shift+P plays the previous video.
– Shift+N plays the next video.
Featured Article : Do Hackers Get Pensions & Sick Pay?
Kaspersky research has shown that hackers are now being recruited with dark web job ads offering huge salaries and benefits!
What?!
According to Kaspersky’s analysis of more than 200,000 employment ads posted on the dark web between January 2020 and June 2022, ‘employers’ have been seeking applications from the best hackers by offering favourable terms of employment including remote work (obviously), full-time employment, flexitime, paid time off, paid sick leave, and even the promise of working with ‘a friendly team’ !
Massive Salaries
If the research by Kaspersky’s Digital Footprint Intelligence team is accurate, it seems that online crime does pay. For example, the median levels of pay offered to IT professionals in the ads varied between $1,300 and $4,000 per month.
Other ways that Kaspersky’s team observed ‘employers’ seeking to tempt applications from hackers in dark web job ads included offering:
– Prospects of promotion and incentive plans/bonuses (or fines, depending).
– Levels of compensation (paid in cryptocurrency for privacy) depending on how much effort hackers invest, their contribution, and how successful the ‘business’ is on the whole.
Reverse Engineering
The highest median salary of $4,000 could be found in ads for reverse engineers. Although not all reverse engineers are hackers, reverse engineering refers to taking apart a software or hardware system and analysing its components to understand how it works. In some cases, reverse engineering can be used for malicious purposes, such as hacking into a system or creating malware. In these situations, the reverse engineer uses the information gained from the reverse engineering process to exploit vulnerabilities or gain unauthorised access to a system.
Other Suspect Job Ads – ‘Developers’ and Malware Coders
Kaspersky’s research noted that although the innocent-sounding “Developers” (accounting for 61 per cent of the job ads) were the most in-demand specialists on the dark web, within this speciality, 60 per cent of the developer ads sought people who create internet products like phishing pages. Another popular skill sought in the ads was malware coding where job descriptions were found to include the development of Trojans, ransomware, stealers, backdoors, botnets, and other malware types, along with the creation and modification of attack tools. Other specialists sought included:
– Attackers. These conduct attacks on networks, web applications and mobile devices, and accounted for 16 per cent of the total ads, making them the second most popular jobs among cybercriminal employers. Kaspersky noted that: “Most of the attackers’ jobs on the dark web were associated with actions that would compromise corporate infrastructure. The goals of these actions are ransomware infection, data theft, or stealing cash directly from accounts.” Groups hiring attackers focused on selling access to compromised systems to other cybercriminals or hacking web and mobile applications.
– Designers who can create a phishing page or letter that would be hard to distinguish from a real one. These were found to be the third most in-demand professionals with 10 per cent of the observed ads.
Boost In Demand Following The Pandemic
The Kaspersky research also noted that the fact that the greatest number of ads were posted in March 2020, was most likely related to the outbreak of the COVID-19 pandemic and the ensuing changes in the structure of the job market.
What Is The Dark Web Job Market Like?
The dark web job market is characterised by a mix of both legal and illegal job offers. Some employers offer semi-legal or potentially legal jobs, such as creating IT learning courses, while others offer more dubious or illegal employment arrangements. These may include selling illegal drugs, engaging in fraudulent schemes, or hacking activities, or working with hacker groups.
Some people are attracted to dark web jobs because of the potential for easy money and high financial gain. However, not all salaries offered on the dark web are significantly higher than those earned legally and depend on experience, talent, and effort. Other individuals may turn to the dark web job market due to dissatisfaction with their current employment, changes in the job market, or a lack of certain candidate requirements.
Dark web jobs may also appeal to freelancers and remote workers because of the flexibility and freedom they offer, such as the ability to take time off and choose a schedule. Unlike the legitimate job market, however, getting dubious jobs on the dark web comes with the real risk of being arrested and prosecuted, and there is no guarantee of being paid.
How Are Criminals Able To Simply Advertise For Hackers Online Like This?
Criminals are confident enough to post job ads on the dark web because it has a level of security and privacy through its use of encryption and anonymising technologies. The most popular tool for accessing the dark web is the Tor (The Onion Router) network, which routes internet traffic through a series of servers around the world, making it difficult to trace the origin of the traffic. This makes it more difficult for policeand even for hackers and other malicious actors themselves, to monitor or interfere with the traffic on the dark web.
However, the dark web is not completely secure and anonymous. While the technology provides a degree of privacy and security, law enforcement agencies have the resources and expertise to penetrate and monitor dark web activity. For example, they have been able to dismantle some dark web marketplaces and arrest individuals who were found to have been engaging in illegal activities on the dark web.
Also, the dark web has its own set of security risks, such as the possibility of being scammed or hacked, or being infected with malware. It’s also important to remember that many illegal activities, such as buying or selling illegal drugs or stolen goods, or posting job ads for illegal purposes, are still against the law on the dark web and can result in severe legal consequences if caught.
Do People Actually Post Their CV On The Dark Web?
Yes. According to Kaspersky, the research analysed 867 ads that contained specified keywords, 638 of the ads were vacancy postings and 229 were CVs. The statistics suggest, therefore, that jobseekers respond to ads by prospective employers more frequently than they post CVs but, nonetheless, some post CVs on dark web forums that target diverse areas of expertise and job descriptions, such as moderating Telegram channels to compromising corporate infrastructure.
Monitoring The Dark Web Is A Form Of Defence
Following the shocking research results, as noted by Polina Bochkareva, Security Services Analyst at Kaspersky: “IT headhunting is one of the numerous topics which is constantly discussed on the Darknet. Nowadays, tracking cybercriminal’s interest and continuous analysis of their activities is vital for companies that want to proactively respond to cyberattacks and keep their information security at the highest level. The more you know about your adversary – the better you are prepared”.
Protection
Some ways that businesses can protect themselves from common cyber-attacks include:
– To protect against phishing attacks, businesses can implement anti-phishing software, provide regular security awareness training to employees, and encourage them to be cautious when receiving emails from unknown sources.
– Businesses should regularly backup their data, keep their software and operating systems up to date, and train employees to identify suspicious emails and attachments to avoid falling victim to ransomware and other types of malware.
– To protect against Distributed Denial of Service (DDoS) attacks, businesses can implement DDoS protection services, monitor network activity for signs of an attack, and have a plan in place for responding to a DDoS attack.
– SQL injection attacks involve injecting malicious code into a website’s database in order to steal data or compromise the website. To protect against these attacks, businesses can use parameterised queries to protect against SQL injection, keep their database software up to date, and regularly monitor their websites for signs of an attack.
– Seeking the help of their IT Support Company or other security professionals.
– Using the multiple sources of Threat Intelligence information to stay aware of actual TTPs used by threat actors.
What Does This Mean For Your Business?
The Kaspersky research highlights how the dark web has long been a haven for cyber criminals and that there appears to be a flourishing job market there where ‘employers’ now blatantly use the same enticements that are used in legitimate jobs to attract the most specialised criminals. It looks unlikely that law enforcement or regulation will be able to make much of an impact in shutting down the worst aspects of the dark web in the near future, and even if they do, criminals are likely to move to other secure platforms and channels. It seems, therefore, that the best thing businesses can do is to take the measures mentioned above and remain focused on making their own cyber security as robust as possible and to keep on top of new security measures they need to take going forward.