DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
BlueVoyant | November 14, 2022
BlueVoyant, an industry-leading cyber defense company that combines internal and external cybersecurity, today released the findings of its third annual global survey into supply chain cyber risk management. The study reveals that 98% of firms surveyed have been negatively impacted by a cybersecurity breach that occurred in their supply chain. This is up slightly from 97% of respondents last year. Digital supply chains are made of the external vendors and suppliers who have network access that could be compromised.
"The survey shows that supply chain cybersecurity risk has not decreased and, in fact, more enterprises than ever have reported being negatively impacted by a cybersecurity disturbance in their supply chain," said Adam Bixler, BlueVoyant's global head of supply chain defense. "The good news is that across industries and regions, organizations are making supply chain defense a priority, but these organizations need to better monitor suppliers and work with them to remediate issues to reduce their supply chain risk."
Other key survey findings include:
40% of respondents rely on the third-party vendor or supplier to ensure adequate security.
In 2021, 53% of companies said they audited or reported on supplier security more than twice per year; that number has improved to 67% in 2022. These numbers include enterprises monitoring in real time.
Budgets from supply chain defense are increasing, with 84% of respondents saying their budget has increased in the past 12 months.
The top pain points reported are internal understanding across the enterprise that suppliers are part of their cybersecurity posture, meeting regulatory requirements, and working with suppliers to improve their security.
"While supply chain defense is a challenge, there are solutions for enterprises to better defend against this risk," said James Rosenthal, BlueVoyant's CEO and co-founder. "Enterprises should continuously monitor their supply chain to be able to quickly remediate threats. As companies are being negatively impacted by supply chain disturbances, they must prioritize this risk with the appropriate budget."
The study was conducted by independent research organization, Opinion Matters, and recorded the views and experiences of 2,100 chief technology officers (CTOs), chief security officers (CSOs), chief operating officers (COOs), chief information officers (CIOs), chief info security officers (CISOs), and chief procurement officers (CPOs) responsible for supply chain and cyber risk management in organizations with more than 1,000 employees across a range of industries. These include: business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defense. It covered 11 countries: U.S., Canada, Germany, Austria, Switzerland, France, the Netherlands, the United Kingdom, Australia, the Philippines, and Singapore.
The 2021 research was also conducted by Opinion Matters and recorded the views and experiences of 1,200 CTOs/CSOs/COOs/CIOs/CISOs/CPOs in similar enterprises and the same industries. It covered six countries: U.S., Canada, Germany, the Netherlands, the U.K., and Singapore.
Analysis of the responses from different commercial sectors revealed considerable variations in their experiences of supply chain risk:
While healthcare and pharmaceutical was the third-highest vertical in terms of experiencing greater board scrutiny for supply chain risk at 42%, the sector also indicates the lowest likelihood to increase budget for external resources to bolster supply chain cybersecurity, by a margin of 7% below the next closest vertical. This sector is also the least likely of any vertical (34%) to have no way of knowing if an issue arises with a third party's environment.
The energy sector was most likely to report negative impact from at least one supply chain breach in the last year (99%) but 49% are monitoring supply chain cyber risk regularly or in real time, and 44% are updating senior leadership monthly or more frequently. In addition, energy companies say they are increasing their budget for supply chain cyber risk by an average of 60%.
In manufacturing, 64% of respondents say that supply chain cyber risk is on their radar and 44% say they have established an integrated enterprise risk management program.
BlueVoyant combines internal and external cyber defense capabilities into an outcomes-based platform called BlueVoyant Elements™. Elements is cloud-native and continuously monitors your network, endpoints, attack surface, and supply chain plus the clear, deep, and dark web for vulnerabilities, risks, and threats; and takes action to protect your business, leveraging both machine learning-driven automation and human-led expertise. Elements can be deployed as independent solutions or together as a full-spectrum cyber defense platform. BlueVoyant's approach to cyber defense revolves around three key pillars — technology, telemetry, and talent — that deliver industry-leading cybersecurity to more than 700 clients across the globe.
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
ThreatX | November 17, 2022
ThreatX, the leading API protection platform, today announced the launch of the ThreatX Academy, an online portal hosting an extensive library of cybersecurity training modules. These courses provide an accessible and approachable opportunity for those looking to begin, or advance, their cybersecurity careers.
ThreatX is providing all foundational 100-level content at no charge. Training content spans many areas of cybersecurity, including Application Security, Data Protection and Privacy, Networking, Secure DevOps and Wireless Security, among others.
The need for cybersecurity professionals has been growing at a rapid pace, and that demand is expected to continue. The number of unfilled cybersecurity positions worldwide grew 350% between 2013 and 2021 (from 1 million to 3.5 million). Further, it is predicted that the same number of jobs will still be open in 2025.
This cybersecurity skills gap, along with the accelerated pace at which both technology and cyberattackers’ tactics are evolving, has made protecting digital assets increasingly difficult for businesses. In fact, 80% of organizations suffered one or more breaches due to a lack of cybersecurity skills and/or awareness within the last 12 months, underscoring the need for solid and robust training content.
Alongside Massachusetts-based training company, Security Innovation, ThreatX developed more than 140 hours of online security training videos beginning at an introductory level and progressing to more advanced subjects, such as Blockchain Security and Automating Security Updates. All 100-level content will be available free of charge, while 200 and 300-level content will be accessible via subscription. Through the integrated learning management platform, users will be able to consume the content in sequential fashion and earn certifications. The ThreatX Academy experience is powered by Raven360, a Massachusetts-based digital Academy business.
ThreatX will share all content, free of charge, with select nonprofit organizations, including participants of the Massachusetts Rehabilitation Commission’s (MRC) Networking Technology Program.
In addition, ThreatX Academy has partnered with (ISC)2 and is now an approved (ISC)2 CPE Submitter Partner. ThreatX content may count toward (ISC)2 CPE credits. (ISC)², is an international nonprofit cybersecurity professional organization. Through (ISC)², members can earn several well-established security certifications, including:
Certified in Cybersecurity
SSCP - Security Administration
CCSP - Cloud Security
CSSLP - Software Security
In order to maintain these certifications, members must earn Continuing Professional Education (CPE) Credits. Through ThreatX’s partnership with (ISC)², security practitioners will now be able to earn CPE Credits for consuming ThreatX Academy content.
“Cybersecurity is a continuous learning experience, and the need for training resources in the industry is only growing stronger. “We are excited to announce the launch of ThreatX Academy, and we look forward to advancing the program in the future as part of our broader effort to close cybersecurity’s ongoing talent gap.”
Gene Fay, CEO of ThreatX
ThreatX’s API protection platform and complete managed services make the world safer by protecting APIs from all threats, including DDoS attempts, complex botnets, zero-day and multi-mode attacks. ThreatX applies artificial intelligence and machine learning to detect and respond to even the slightest indicators of suspicious activity in real-time. Today, ThreatX protects APIs for companies in every industry across the globe.
NETWORK THREAT DETECTION,PLATFORM SECURITY,SOFTWARE SECURITY
OneLayer | November 14, 2022
OneLayer, a pioneer in securing private LTE/5G networks for enterprises, announced today that it has partnered with Druid Software, the leading global provider of private cellular network core software solutions for enterprise. OneLayer will be securing Druid Software's 5G private network domain, ultimately providing its clients, including system integrators, with a platform and the abilities they need to successfully deliver and support end-to-end cellular networks to the enterprise.
Private cellular networks provide organizations with connectivity on a completely different level, including increased reliability, a dedicated bandwidth with capacity and range, no lag time, and connectivity of IoT and OT devices across vast areas. As organizations increasingly adopt these networks, they must consider a critical element of successful network deployment, namely, integrating the cellular network with the enterprise's existing IT network. To successfully accomplish this integration, organizations must keep the network secured, including both visibility and segmentation. Druid Software, a core cellular network software company, and OneLayer's partnership now provide a solution that removes the security concerns for Druid's clients.
OneLayer is integrating its SaaS solution on Druid Software equipment, allowing for seamless security for any private LTE/5G network running on Druid Software's core. Its solution for securing private cellular networks will enable network security using a Zero Trust approach, asset management, cellular and IoT device fingerprinting, policy enforcement that allows network segmentation, and anomaly detection, amongst other capabilities, securing devices connected to Druid Software's core.
"We are excited to be working with Druid Software as a strategic partner. In addition to providing a security solution for Druid, we have also included Druid's core as a part of our new 5G Security Lab. "By providing a much-needed security solution for Druid we are giving users the confidence to invest in adopting an LTE/5G network that has the potential to take their business to the next level. We feel this first-hand through our own implementations and research"
Dave Mor, CEO and Co-founder of OneLayer
"By adding this security solution which brings further essential capabilities for network protection we are addressing a market need for our clients and ensuring them the best and safest 5G or 4G offering to date," said Tadhg Kenny, Senior Vice President for Partnerships at Druid. "Our clients rely on Druid for the quality of its Raemis core network. Now with OneLayer's additional levels of security, we will be providing an even more comprehensive product to serve their business needs"
OneLayer provides enterprise-grade security for private LTE/5G networks. Its platform and IoT security toolkit can be implemented in private cellular networks to provide better visibility, control and protection for organizations. The company was founded by world-class cybersecurity experts with a deep understanding of both cellular protocols and IoT security needs along with veterans from the IDF's 8200 and 81 intelligence units. OneLayer is backed by industry-leading advisors and has partnered with experts both in the cybersecurity domain as well as the telecom industry.
About Druid Software
Druid Software is a core cellular network software company based in Ireland. Established in 2001 Druid Software has evolved into one of the world's leaders in Private 5G & 4G Cellular technology over the last 20 years. Druid Software's RAEMIS™ platform is a mature 3GPP compliant 4G/5G core network, with unique features designed specifically for business and mission critical use.