Chasm in perception” found regarding cyber security

Information Age | November 19, 2019

Chasm in perception” found regarding cyber security
55% of IT leaders deem their company data less valuable than that of the private sector, according to a recent Sophos study. A recent study has claimed there is a “chasm in perception” between IT decision-makers and cyber security experts. The study, conducted by Sophos and Sapio Research, found that 55% of IT decision-makers in the public sector think that their company data is less vulnerable than private sector data, despite the sensitive and confidential nature that they access. Participation came from over 780 UK-based IT professionals within the NHS, education and government who varied in level of position, from the c-suite to the frontline.

Spotlight

The new research analyzed 126 popular mobile health and finance apps from the US, UK, Germany, and Japan. It also examined the perceived level of security app users and app executives believe to have in their applications.

Related News

SOFTWARE SECURITY

DigitSec and UST Announce Partnership to Offer Continuous Application Security Testing for Salesforce DevSecOps

DigitSec and UST | August 27, 2021

DigitSec, provider of the most comprehensive AppSec testing platform purpose-built for Salesforce, and UST, a leading digital transformation solutions company, today announced a partnership to provide full-spectrum application security testing as part of a comprehensive Salesforce portfolio for enterprise customers. UST will offer its clients the DigitSec SaaS Security Scanner™- S4 for Salesforce™ as part of its plan to deliver more secure and resilient solutions for testing and remediation. DigitSec S4 is a continuous application security testing platform for Salesforce DevSecOps that integrates multiple security tools, empowering developers and administrators to accurately identify security issues faster and with far fewer false positives than traditional AppSec testing solutions. It offers an automated penetration testing solution combining static source code analysis (SAST), interactive runtime testing (IAST), software composition analysis (SCA), and cloud security configuration review for a truly comprehensive Salesforce security assessment. Commenting on the partnership, Prasan Vyas, General Manager and Global Head of SFDC Practice, UST, said, "At UST, we are constantly improving our value proposition for our Global 2000 and Fortune 500 customers by leveraging our platform expertise and working together with best-of-breed partners to help build secure and robust solutions. For our Salesforce customers, DigitSec presents a digital-age tool to secure applications against potential security threats early on in the build process. The partnership underwrites UST's deep commitment to the Salesforce platform and helping our customers identify and remediate security risks in their Salesforce orgs." "Given the mission-critical and sensitive nature of customer personally identifiable information (PII) and other data, it's critical that developers consider security first in their Salesforce projects. Our S4 platform provides a continuous and automated 360-degree view of potential threats and now is available to UST clients as they create and update their Salesforce applications," said DigitSec CEO Waqas Nazir. S4 for Salesforce can quickly and accurately identify thousands of potential security vulnerabilities with the lowest rate of false positives in the industry. The DigitSec platform also supports compliance framework requirements including GDPR, HIPAA, ISO-27001, SOX, PCI DSS, CCPA, and APPI. About DigitSec DigitSec provides the most comprehensive application security testing platform purpose-built for Salesforce, including automated penetration testing. Its patented SaaS Security Scanner, S4, quickly assesses Salesforce security posture, allowing developers to easily identify potential issues before deployment while supporting compliance requirements. About UST For more than 20 years, UST has worked side by side with the world's best companies to make a real impact through transformation. Powered by technology, inspired by people, and led by our purpose, we partner with our clients from design to operation. Through our nimble approach, we identify their core challenges and craft disruptive solutions that bring their vision to life. With deep domain expertise and a future-proof philosophy, we embed innovation and agility into our clients' organizations—delivering measurable value and lasting change across industries and around the world. Together, with over 26,000 employees in 25 countries, we build for boundless impact—touching billions of lives in the process.

Read More

DATA SECURITY

Balbix Extends Cyber Security Posture Automation to AWS

Balbix | November 02, 2021

Balbix, provider of the world's leading platform for cybersecurity posture automation, announced today the general availability of the Balbix Connector for AWS. As a result of the new offering, customers gain a comprehensive inventory of their assets spanning on-premises and cloud as well as the ability to discover, prioritize and mitigate unseen risks, including unpatched software vulnerabilities, weak credentials, missing or poor encryption, trust issues and cloud infrastructure misconfigurations. A surge in cloud adoption has made modern IT environments more complex and increased the enterprise attack surface. While gains have been made in cloud security, visibility remains siloed. Proactive cybersecurity tools are typically split into on-premises and cloud silos, making it extremely difficult to get a consolidated view into both environments. In addition, the ability to identify and address the most pressing risks requires the assistance of automation to successfully scale. Improved AWS Security Posture Management The new Connector for AWS provides support for the most popular AWS Cloud services including core services like Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3), and AWS Identity and Access Management (IAM); database and container services like Amazon Relational Database Service (Amazon RDS), and Amazon Elastic Kubernetes Service (Amazon EKS); and analytics services like Amazon OpenSearch Service. As a result, teams overseeing security of their AWS environments can: Get comprehensive visibility into cloud assets and accurately categorize them into compute, storage, network, and containers Discover exposure to common cloud attack vectors, especially misconfigurations – the most exploited attack vector for the cloud Measure risks in terms of the likelihood and monetary impact of them being exploited in order to prioritize risks for remediation and report on the overall security posture Visibility Across the Entire Network With the addition of the Connector for AWS, Balbix merges cloud and on-premises visibility in one view, eliminating the need for security practitioners to look through multiple dashboards and allowing them to work more productively. "With a significant portion of our IT infrastructure already running in AWS alongside a longer-term cloud-first strategy to migrate most workloads to the cloud, the addition of the Balbix Connector for AWS enables us to drive down risk comprehensively across our enterprise," said Nate Miller, Senior IT Manager, Global Cyber Security and IT Compliance at Cooper-Standard. "However, we know some critical IT infrastructure will remain on-premises. The unified visibility provided by Balbix is key to enable our cyber security teams to make the best decisions for the business and most efficiently minimize the risk of breach." Advanced Risk Analysis AWS data is analyzed using purpose-built AI algorithms to produce a comprehensive view of cyber-risk for organizational cloud assets, along with relevant context and recommended action items. Risk is measured in dollars, which provides a common language that organizations can use to prioritize projects, spending and track the effectiveness of their overall cybersecurity program. "Traditionally, cyber posture tools have been siloed, only offering views for cloud or on-premises, never both,We are excited to introduce the Balbix Connector for AWS to break down the siloed approach and offer AWS customers a holistic view of their overall corporate risk, along with new insights to manage security under the shared responsibility model." Gaurav Banga, CEO at Balbix About Balbix Balbix is the world's leading platform for cybersecurity posture automation. Using Balbix, organizations can discover, prioritize and mitigate unseen risks and vulnerabilities at high velocity. With seamless data collection and petabyte-scale analysis capabilities, Balbix is deployed and operational within hours, and helps to decrease breach risk immediately. Balbix counts many global 1000 companies among its rapidly growing customer base and was named a "Cool Vendor" by Gartner in 2018.

Read More

DATA SECURITY

CFGI and SecurityScorecard Collaborate to Provide Security Rating Monitoring as a Service

CFGI | May 26, 2021

CFGI, a leading provider of Accounting Advisory, Cybersecurity and IT Risk Advisory solutions, and SecurityScorecard, the worldwide leader in cybersecurity ratings, today announced a new partnership to streamline and strengthen how organizations manage their cybersecurity and third-party risk through the use of Security Ratings. CFGI has partnered with SecurityScorecard to non-intrusively evaluate an organizations' cybersecurity using an 'outside-in methodology. This approach enables CFGI to monitor and update the cybersecurity ratings of our clients in a very continuous manner. With these cybersecurity ratings and the extensive information on which they are based, organizations are presented with valuable information for assessing compliance with industry-leading cybersecurity risk standards. As a SecurityScorecard managed security services provider (MSSP), CFGI will be delivering industry-leading cybersecurity ratings to clients to enhance their security posture, ensure adherence to regulatory requirements, and continuously monitor third-party risk. This partnership comes at a time when risk and compliance teams are experiencing unprecedented pressure to successfully manage their own and third-party risk, due to changing regulatory requirements, higher numbers of vendors, and more pressure from the board of directors. Heightened regulatory scrutiny has created the necessity for next-generation solutions to assist organizations in better manage the risk posed by their business partners. With the partnership between CFGI and SecurityScorecard, organizations can now be aware of cybersecurity gaps and advised on what is needed to fill them. What value do CFGI clients receive? • Technical dashboards and detailed reports with your most critical risk factors. • Easy-to-read board-level reports and workflow tools for cybersecurity assessments. • Risk remediation advisory services by CFGI, whose experts work closely with your technology teams or third parties. • Ability to view your historical vulnerabilities and threats for continued improvement. • Ability to quantify and demonstrate your return on security investments. • Ability to benchmark your cybersecurity current state against industry peers and competitors. About CFGI CFGI, a portfolio company of The Carlyle Group, is a highly specialized financial consulting company that supports the office of the CFO with all its accounting, finance, risk management, and digital transformation needs. As an extension of your SOX, internal audit, corporate finance, or cybersecurity team, CFGI can serve in a variety of capacities – from technical accounting or finance transformation advisor to IPO and M&A support to controller or CFO.

Read More

Spotlight

The new research analyzed 126 popular mobile health and finance apps from the US, UK, Germany, and Japan. It also examined the perceived level of security app users and app executives believe to have in their applications.