C-Forward, Inc. Ranked Among World’s Most Elite 501 Managed Service Providers

July 18, 2019: C-Forward, Inc. has been named as one of the world’s premier managed service providers on the prestigious 12th-annual Channel Futures MSP 501 rankings. 

Every year, MSPs worldwide complete an extensive survey and application to report their product offerings, growth rates, annual total and recurring revenues, pricing structures, revenue mix and more. MSPs were ranked according to a unique methodology that weights revenue figures according to how well the applicant’s business strategy anticipates trends in the fast-evolving channel ecosystem.

Channel Futures is pleased to name C-Forward, Inc. to the 2019 MSP 501.

“We are absolutely thrilled to be recognized as one of the world’s premier managed service providers,” said Brian Ruschman, President, C-Forward, Inc. “For 20 years, we’ve prided ourselves on providing superior and innovative Information Technology Services to our clients. This recognition is a true testament to our commitment of providing quality, cost-effective and innovative Information Technology Services that help our employees, customers and community succeed.”

In the 12 years since its inception, the MSP 501 has evolved from a competitive ranking list into a vibrant group of service providers, vendors, distributors, consultants and industry analysts working together to define the growing managed service opportunity.

“The 2019 MSP 501 winners are the most elite, innovative and strategic IT service providers on the planet, and they stand as a model of excellence in the industry,” says Kris Blackmon, Content Director of Channel Partners and Channel Futures and lead of the MSP 501 program. “As the MSP 501 Community grows, leagues of managed service providers learn from the successes of these winning companies, gaining insight into the best practices, strategies and technologies that elevate an MSP to the level of the 501 winners. Our heartfelt congratulations to the 2019 winners and gratitude to the thousands of MSPs that have contributed to the continuing growth and success of both the 501 and the thriving managed services sector.”

Ten special award winners will be recognized at the MSP 501 Awards Gala at Channel Partners Evolution, held this year September 9-12 in Washington, D.C. Nominations for these special awards, including Digital Innovator of the Year, Executive of the Year and the Newcomer Award, were included in the MSP 501 application, and all candidates were encouraged to submit for them.

In addition to deciding the rankings, the survey drives the creation of an annual in-depth study of business and technology trends in the IT channel, released each year at the Channel Partners Evolution conference. The full MSP 501 Report leverages applicant responses, interviews with industry experts and historical data to give a well-rounded picture of the managed services opportunity.

The complete 2019 MSP 501 list is available at Channel Futures. 


The 2019 MSP 501 list is based on data collected by Channel Futures and its sister site, Channel Partners. Data was collected online from March 1 through May 31, 2019. The MSP 501 list recognizes top managed service providers based on metrics including recurring revenue, growth and other factors.

About C-Forward, Inc.

Since 1999, C-Forward, Inc. has provided Information Technology consulting services to businesses in Greater Cincinnati & Northern Kentucky. Through a personal, proactive and reliable approach that is constantly and measurably improving, C-Forward, Inc. strives for long-term customer and employee retention. We strive to understand our client and employee needs by providing a healthy, friendly and fun atmosphere. Through quality procedures, testing and monitoring we are able to implement quality solutions utilizing strategic partnerships and leading edge technologies. We are there when our customers and employees need us. For more information, visit www.cforward.com.

Mobile Fraud Attacks Spiked 300% In Q1

Fraud attacks from mobile apps spiked by 300% in the first quarter of 2019, according to new researcher from RSA.

Published today, the Fraud Attack Trends: Q1 2019 report found that the total fraud attacks from rogue mobile applications on January 1 was 10,390 but had jumped to 41,313 by March 31.

Rogue mobile apps are those designed to duplicate legitimate apps of trusted brands, which are a fast-growing phenomenon among cyber-criminals and a huge digital risk for consumers and businesses, according to the report.

In addition, the report found that fraud attacks introducing financial malware increased 56%, from 6,603 in Q4 2018 to 10,331 in Q1 2019. Of all the fraud attacks RSA observed in the first quarter, phishing accounted for 29%, though the overall phishing volume grew less than 1% quarter over quarter. Additionally, phishing decreased rather significantly in terms of overall fraud attacks, which the report said was due to the exponential growth of attacks from rogue mobile apps.

An increasing threat for e-commerce business is fraud attacks on card-not-present (CNP) transactions, which grew by 17% in the first quarter of 2019. Of those attacks, 56% originated from mobile.

The old username/password combination is simply no longer sufficient as a form of consumer authentication. The use of multi-factor, adaptive authentication and transaction risk analysis to watch for signs of fraud based on device, user behavior and other indicators is another critical layer to prevent the onslaught of account takeover in the event of a successful login attempt.

source:  Info Security

New Cortana and Google Assistant Updates Have Greater Workplace Potential

Microsoft and Google laid out their respective visions for the next generation of virtual assistants this week, with enhancements to Cortana and Assistant, respectively, designed to support workplace productivity.

Though voice assistants have yet to arrive in force in the workplace, analysts see plenty of potential. By 2021, 25% of digital workers are expected to use a virtual assistant on a daily basis, according to analyst firm Garner, up from 2% who do so now.

On Monday at its Build developer conference, Microsoft offered a glimpse of where Cortana is headed, with plans for the virtual assistant to support more fluid, back-and-forth conversations.    

A demo video during Microsoft CEO Satya Nadella’s keynote presentation showed an office worker managing a calendar via Cortana on a mobile device. In the demo, Cortana answers numerous questions and carries out multiple actions during a long, continuous interaction with the user that lasted more than 30 “turns.” That included viewing upcoming plans, scheduling and rescheduling meetings, checking availability and booking rooms. The user is also able to to pull in relevant information such as local weather and traffic information, and send directions to an in-car virtual assistant. The ability to engage in more complex and dynamic interactions improves on current iterations of AI assistants by keeping track of context.

Appealing to business users

Once the technology is integrated into Microsoft products, users will be able to retrieve information from a variety of applications, with Cortana acting as the interface.

“We want it to be less cognitive load, less feeling like, ‘I have to go to PowerPoint for this or Word for that, or Outlook for this and Teams for that,’ and more about personal preferences and intents,” Andrew Shuman, Microsoft’s corporate vice president for Cortana, said.

Microsoft is confident of Cortana’s future in the office. Although it’s available on 800 million Windows 10 devices, it has largely failed to capture consumer mindshare as much as rivals. There are now plans to connect Cortana with other AI assistants rather than compete head-on; Microsoft struck a partnership with Amazon to integrate Cortana with Alexa in 2017.

Google unveils smarter, faster Assistant

Microsoft is not the only tech firm hoping to popularize virtual assistants in the workplace.

Amazon has Alexa for Business as its beachhead into the enterprise, offering management tools to support deployments of thousands of Echo devices into offices and meeting rooms.

Apple, whose strategy relies on sales of HomePod devices, has not shown a strong intention to target Siri at the workplace – yet. It did, however, announce a partnership with Salesforce last year that will see the CRM vendor integrate Siri deeper into its mobile apps, which are often used by sales and marketing professionals. And Apple’s reputation for stringent protection of customer data could help allay privacy worries about deploying voice-activated assistants in the office.

Meanwhile, Google Assistant, typically seen as the strongest competitor to Alexa in the consumer arena, has indicated plans to tailor its virtual assistant for business use. That lines up with plans, announced at Google Cloud Next last month, to link Assistant with calendars in G Suite, Google’s business productivity app suite.

At this week’s Google I/O developer conference, the company talked up the “next generation” of Google Assistant, which is faster and more personal.

Voice interactions are very natural to humans and as we start using more VPA speakers in our homes, we would find the desire to use voice as a way of interaction with devices in the workplace, too.

source:  Computer World

Phishing Exploit in Chrome Exposed

There are many telltale signs of a fake site, but it’s hard to keep up with all of them — which is why most users rely on their browser’s address bar to determine if a site is legitimate or not.

A developer has now demonstrated an exploit that can dupe people into believing they’re on a legitimate site by showing a fake version of Chrome for Android’s full address bar.

Chrome For Android Address Bar Phishing Trick Exposed

When scrolling down on any page in Chrome for Android, the topmost user interface, which includes the address bar and the tabs button, slide up from view so as not to obstruct the page. But as developer Jim Fisher wrote on his blog and first reported by 9to5Google, a website can easily replace this UI element via a handful of web design tricks.

Fisher found that the entire address bar can “jail” the scrolling of the page, which allows the user to scroll back up the page without the address bar UI appearing again. So, when the user scrolls back up, the page can display an image of a fake address bar at the top of the screen where the legitimate address bar UI would normally appear, complete with the “lock” icon that indicates whether a site is safe.

Perhaps the most concerning implication of this exploit is that a user can’t easily leave the page without access to Chrome for Android’s address bar. Yes, it should be easy as hitting the back button on their device, but plenty of websites have shown that this is easy to override. Google is currently developing a fix for this, though.

How To Check If You’ve Been Tricked

The best way to check whether Chrome for Android is showing a legitimate address bar is to lock the phone and unlock it again. It should force the app to show its real address bar supposing it’s been tampered with a fake one. It will show both the legitimate address bar and the exploited one. It’s not an ideal solution, but it’ll do for now.

Fortunately, this trick is focused on Chrome and is only a proof of concept for now, but when leveraged by ill agents and malicious sites, it could theoretically display fake address bars not just on Chrome but on a variety of other browsers, as well. A phishing campaign could generate not just a convincing page, but an address bar, too.


source:  Tech Times

Cloud Security Spending Set to Top $12bn by 2023

Global spending on cloud security is set to grow nearly 18% to reach $12.7bn by 2023, with protection for public cloud deployments prioritized over the coming years, according to a new report from Forrester.

Organizations spent $178bn on public cloud services last year, a figure that will grow to $236bn by 2020 — making security increasingly important to protect mission critical systems and sensitive data.

Infrastructure decision makers are particularly concerned about cyber risk, with over half (54%) implementing cloud solutions, the analyst claimed in its report, Forrester Analytics: Cloud Security Solutions Forecast, 2018 To 2023 (Global).

The sheer complexity of cloud deployments, often covering multiple providers and hybrid deployments, also requires enhanced security to monitor data, detect anomalies, and intercept threats.

Public cloud remains the biggest focus for security investment. Some $4bn was spent on public cloud native platform security in 2018, accounting for over 70% of total cloud security spend and this will be the fastest-growth area to 2023, when it will reach $9.7bn, Forrester claimed

The good news is that these efforts appear to be working: just 12% of breaches targeted public cloud environments, while 37% of global infrastructure decision makers cited improved security as an important reason to move to the public cloud, according to Forrester.

The analyst was also keen to point out that there’s no single solution which can meet all an organization’s cloud security needs.

As mentioned, public cloud native solutions are growing fastest. These cover areas like: data classification, categorization and segmentation; server access control; user IAM; encryption; and logging, auditing, and anomaly detection.

Then there are cloud workload solutions designed to centralize and automate cloud security across multiple platforms and environments. This market is set to grow at 17.3% CAGR to reach $1.9bn by 2023.

Finally, cloud security gateways succeed where traditional security tools fail by encrypting data before it’s sent to SaaS applications; detecting shadow IT; data loss prevention (DLP); malware detection; and cloud access anomaly detection.

Source:  Info Security

US Government Issues Another Warning About North Korean Malware

Officials at the US Department of Homeland Security (DHS) have issued another warning about North Korean malware, this time a new variant dubbed “Hoplight.”

The backdoor trojan malware is linked to the notorious Hidden Cobra group, also known as the Lazarus Group.

“This artifact is a malicious PE32 executable. When executed the malware will collect system information about the victim machine including OS version, volume information, and system time, as well as enumerate the system drives and partitions,” the alert warned.

“The malware is capable of the following functions: Read, Write, and Move Files; Enumerate System Drives; Create and Terminate Processes; Inject into Running Processes; Create, Start and Stop Services; Modify Registry Settings; Connect to a Remote Host; Upload and Download Files.”

The malware uses a public SSL certificate for secure communications from South Korean web giant Naver, and employs proxies to obfuscate its activity.

“The proxies have the ability to generate fake TLS handshake sessions using valid public SSL certificates, disguising network connections with remote malicious actors,” the report claimed.

This is the latest in a long line of alerts warning of new North Korean malware, now in the double-digits.

This is the 16th report compiled by the DHS and FBI over the past two years on malicious activity associated with Hidden Cobra. Hoplight primarily consists of proxy applications used by Hidden Cobra to disguise its efforts to ‘phone home,’ which is the traffic sent by the malware back to its command and control (C&C) server.

source:  Info Security

Best Antivirus Software: Tested On Protection, Performance, and Usability.

The AV-TEST Institute recently tested the most popular Windows 10 client antivirus products on three primary criteria: protection, performance, and usability. Only four of the 16 products tested earned a perfect rating of 6 for each of those criteria: PSB Computer Protection 18 and 19, Kaspersky Lab Endpoint Security 11, Symantec Endpoint Protection 14.2 and Symantec Endpoint Protection Cloud 22.16. The top nine antivirus offerings shown here in alphabetical order scored at least 17.5 points out of a possible 18. You can drill down on the full results at The AV-TEST Institute’s website.

How to use these antivirus test results

Keep in mind that these tests were done in a lab environment. Different enterprise systems with different threat models will see different results for each of the products listed below. In other words, don’t expect that a 100 percent detection rate in the lab means that a product will detect all antivirus threats on your network. One reason is that it can take days for a newly submitted malware sample to make it into any given antivirus product’s database.

What the AV-TEST results show is which Windows antivirus products are consistently the best at the fundamentals of malware detection and have minimal impact on system performance. That makes a good starting point as you evaluate which products work best for your environment.

Best Windows 10 antivirus tools

1. Avast Business Antivirus Pro Plus 18.8

Avast Business Antivirus Pro Plus could have had a perfect score with just a slight improvement on performance. It stopped 100 perscent of all zero-day malware attacks, but the biggest issue was with slow-downs when launching popular websites. It was 7 percentage points slower on a standard PC than industry average. Otherwise, it had a perfect score for usability with no false warnings, detections or blockages.

2. Bitdefender Endpoint Security 6.6

Bitdefender Endpoint Security stopped all zero-day malware web and email attacks tested, and all malware discovered in the last four weeks. Performance degradation when using applications and websites was mostly minimal in and in some cases better than industry average. However, it was 8 percentage points slower than industry average for launching standard applications. For the latest round of tests, the product gave no false warnings.

3. F-Secure PSB Computer Protection 18 and 19

PSB Computer Protection had perfect scores in all categories, improving in performance over the last round. It detected 99.4 percent of zero-day attacks and 100 percent of more common malware. The software did block an action while installing or using legitimate software.

4. Kaspersky Endpoint Security 11.0

With its perfect scores across the board, Kaspersky Endpoint Security continues its run in the top tier of anti-malware products. It stopped 100 percent of all zero-day and known attacks tested. On the performance side, the product had minimal impact on the launching or installation of websites or applications. It flagged one legitimate software sample as malware out of a sample database of more than 1.6 million.

5. Kaspersky Small Office Security 6

Kaspersky Small Office Security scored similarly to the company’s endpoint protection product. It had a slightly higher impact on website launches.

6. McAfee Endpoint Security 10.6

For protection and usability, McAfee Endpoint Security ranks with the best of its competitors. However, it falls a little short on performance, particularly during launch or installation of software. The McAfee product slowed launching standard applications by 16 percent, well above the industry average of 12 percent. It was worse during installation of frequently used applications—48 percent slower. The industry average there is 33 percent.

7. Sophos Endpoint Security and Control 10.8

You can count on Sophos Endpoint Security and Control to stop attacks as well as any other product in this group. AV-TEST penalized the product a half point for performance, but test results show it was on par with the industry average in all categoroies.

8. Symantec Endpoint Protection 14.2

In addition to a perfect protection score, Symantec Endpoint Protection is one of the better-performing anti-malware tools tested. It scored above industry average in every category. It blocked no actions while installing and using legitimate software and gave no false warnings.

9. Symantec Endpoint Protection Cloud 22.16

Symantec Endpoint Protection Cloud scored similarly to its non-cloud counterpart.

source:  IT News

Cybersecurity Tips for Companies

Small and medium businesses are the most vulnerable to cyber threats. Various surveys show that about 60% of them would close within six months of a major cyber attack. Despite that, few SMBs have an active and up-to-date cybersecurity strategy.

Cultivating a secure mindset should be the entire team’s responsibility. Yet many businesses have not taken even the basic steps to protect their customers’ data, resources, or their employees. If an attack or data leak occurs, even huge corporations face serious problems, and for smaller ones, it could be the end of the road.

A vast majority of businesses focus on detecting a cyber attack rather than avoiding it in the first place. However, industry analysis shows, that usually cyber attacks remain undetected for 5-6 months. During this time the damage is already done.

Tips on how to ensure online safety at work

Understand which assets are the most important

Cybersecurity is not just about the computer or smartphones. Almost any connected device can be hacked, so you need an accurate list of all work-related inventory and accounts. Each employee must have their own credentials with an assigned role for each account used. Admin privileges are not for all, especially for accounts that have access to the most important documents.

Learn how to protect your business assets

Make sure that all of your computers, tablets, smartphones and, other devices are updated regularly. Do the same for software. New updates often make you more secure by fixing vulnerabilities and system bugs. Of course, don’t reuse passwords for different accounts or devices and make sure the passwords are strong. Finally, encrypting your data makes it very difficult to hijack and exploit.

Learn how to understand if something has gone wrong

Keep employees informed about the dangers of clicking on links or attachments from unknown sources. Educate them about phishing attacks or social engineering. Create a cybersecurity test or use one provided online to understand how much your employees know about security online.

Have an action plan and react quickly to minimize the impact

Nowadays, even small businesses need to have strict, company-wide policies and steps to tackle cyber crimes effectively. If having such strategy sounds complicated, start with using examples provided online.

Understand what resources are needed to recover after a breach

First of all, regularly back up your data – offsite and offline. If you lose access to important documents or client CRM, you will be able to restore them quickly.


source:  BCW

Top IT Trends Shaping Enterprises

Consumer demands are transforming what it means to be a successful business. In today’s digital world, we expect every aspect of our lives to be seamlessly connected. For businesses, this means digital is just the threshold for competition; to come out on top, IT and business leaders must tackle a new set of challenges.

Here are the top three IT trends shaping global enterprises today.

IT’s role is evolving into a catalyst for change

Digital transformation, which started as an IT initiative, has become a business-wide charge to enhance customer experiences. This has led to a shift in IT’s role, from traditionally operations-focused to a key driver of business strategy.

As a result, IT and business leaders report being more aligned than ever before. This year, 72% of IT leaders report they are aligned with the business versus 57% in 2018. The alignment between the two functions goes as deep as shared KPIs – their top goals for digital transformation initiatives are increasing efficiency in IT and the wider business and improving the customer experience.

Connecting business is increasingly important

In the race to meet growing customer expectations and enable richer interactions, business units across companies need quick and easy access to data. As the key enabler of integration within the organization, IT now faces demands for integration that span beyond the IT department for 92% of organizations to a variety of functions across the business. From business analytics and data science to HR and marketing, each job function is using numerous, often disconnected, systems — placing even more demand on IT to deliver.

Top IT teams tap into lego-style API strategies

As businesses invest in new and disconnected technologies, IT teams are being stretched to deliver more projects than ever before. Despite the fact that IT project demands will increase by 32% this year, the majority of IT respondents will see a budget increase of less than 10%.

In order to do more with less, many businesses have tapped into APIs as the building blocks for a more evolutionary architecture. This approach allows anyone, from developers to major enterprises, to assemble and reuse those API “legos” based on changing business needs. And while APIs indeed have technical benefits, they also provide significant business value. Organizations that own APIs report an array of business results, including increased productivity and innovation and greater agility across teams to self-serve IT.

source:  Mule Soft

Dangerous New Attack Techniques & How to Counter Them

RSA Conference 2019 addressed the most dangerous attack techniques facing organizations and individuals today. There are two specific attack vectors that are increasing. First is the manipulation of the DNS infrastructure associated with specific enterprises. Hackers are using credentials that they have compromised in the normal course of business. Bad guys are logging into DNS and name registrars and manipulating the DNS records there. Emails destined for your organizations are actually being redirected to them.

The second attack vector is domain fronting, a technique that obscures where the attacker is located. However, that’s just the start, he said, as many of these attackers are disappearing into the cloud and acting as a trusted cloud provider.

Heather Mahalik, revealed how easily anyone can be targeted in individualized attacks. If someone wants to get your information, it can be easily tracked in the cloud. “The lazier we get as humans, the better the glimpse into our lives for everyone else.” Information that is in one cloud is being shared in other clouds, making it available to bad guys who want it.

Johannes Ullrich, returned to the DNS problem; it is an issue of privacy versus security. If a bad guy intercepts your traffic, they know a lot about you, so you want to go to something more private. HTTPS seems like the optimum solution, but HTTPS makes it more difficult for security staff to monitor logs that would otherwise find anomalies in the traffic.

There has been a rise in CPU flaws. Hackers are taking advantage of the flaws in these features to attack your system.

The solution? There needs to be an increase in the use of MFA to make it more difficult for outsiders to gain access to your networks, your clouds, your servers or your private information.


source:  InfoSecurity