ENTERPRISE SECURITY
SecurityScorecard | August 23, 2021
SecurityScorecard, the global leader in security ratings, today announces a partnership with Tenable the Cyber Exposure company, to deliver a comprehensive view into an organization's risk posture by marrying Tenable's unmatched visibility and depth of analytics into enterprise environments with external cyber monitoring powered by SecurityScorecard. As a result of this partnership, CISOs, IT leaders and security teams are able to review their SecurityScorecard rating, assess their external cybersecurity health, and understand their risk posture directly within the Tenable Lumin dashboard.
"Understanding your up-to-date risk posture has become a necessity in a world that's increasingly more complex, dynamic and transient," said Ray Komar, vice president of technical alliances, Tenable. "We're excited to partner with SecurityScorecard to give customers complete visibility into the risks that exist inside and outside their environment, and guidance for how to most effectively reduce that risk, all in a single platform."
Point-in-time or periodic cybersecurity testing procedures have become antiquated. Today's cyber risks change by the minute and companies need a solution that keeps pace with the dynamic nature of cybersecurity by continuously monitoring for exposures and measuring the security posture and cyber resilience across the organization.
"Organizations must be proactive to address cyber breaches, and security ratings are the foundation to measuring and understanding security resilience in real time," says Aleksandr Yampolskiy, CEO and co-founder of SecurityScorecard. "Together, SecurityScorecard and Tenable are advancing a new standard for continuous monitoring by blending external and internal risk assessments, which provide organizations with a holistic view into the risks that exist in their environments."
The integration pairs Tenable Lumin's advanced analytics capabilities for assessing risk alongside real-time visibility of external vulnerabilities from SecurityScorecard. This arms Tenable Lumin customers with the intelligence to develop external risk management and threat detection playbooks through real-time updates, allowing organizations to effectively identify and respond to threats and risks.
SecurityScorecard continuously monitors millions of entities globally, and uses non-intrusive proprietary methods to assess their security posture across ten risk categories to instantly deliver an easy-to-understand "A" through "F" rating; including DNS health, IP reputation, web application security, network security, leaked information, hacker chatter, endpoint security, and patching cadence. On a daily basis, these ratings are updated based on objective, publicly-available data that, similar to credit ratings, provides an "outside-in" view of an entity's security posture.
About SecurityScorecard
Funded by world-class investors including Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital and others, SecurityScorecard is the global leader in cybersecurity ratings with tens of millions of companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 18,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every company has the universal right to their trusted and transparent Instant SecurityScorecard rating.
Read More
DATA SECURITY
Radiflow | May 31, 2021
Radiflow has received extensive industry appreciation for its one-of-a-kind, fully IEC62443-compliant Cyber Industrial Automated Risk Analysis Platform (CIARA), enabling CISOs to optimize their cybersecurity expenditure non-intrusively simulating breach attempts in industrial automation networks and prioritizing the most effective mitigation measures.
In accordance with Radiflow's ongoing mission of "Taking the guesswork out of OT cybersecurity," the latest edition of CIARA allows users to further customize their cybersecurity optimization with additional operational and budgetary criteria.
Ilan Barda, CEO of Radiflow, announced the new features: "CIARA was warmly received in the market as the first-of-its-kind OT BAS solution (breach attack simulation). Since its release, we have seen an increase in demand for risk prioritization in the dynamic OT/ICS threat landscape. Our new edition responds to the critical need for data-driven decision-making. We are delighted to assist CISOs in developing the best budget-driven mitigation strategy."
Users of the updated version of CIARA can now:
Customize their OT-security optimization: Users can now choose from a wide range of factors to find a balance between security, compliance, and budget. CIARA prioritizes security requirements for mitigation measures (SRs) that match the chosen criterion to maximize their cybersecurity ROI. Among the current optimization criteria are:
• Zone impact: What is the financial impact of a disruption in that zone?
• Which zone has the lowest tolerated risk (as specified by the user)?
• Which zones have the highest disparity between real security measures and those prescribed by the IEC62443 standard?
New supply chain threats are included in attack simulations: Supply chain attacks, such as the SolarWinds breach, take advantage of vendor networks' vulnerabilities. In addition to the fundamental requirement control groups in IEC62443, CIARA users can now add a security control group for Supply Chain attacks (NIST 800-161) to CIARA's breach simulations, including such attack strategies prioritize the effectiveness of relevant mitigation measures.
Budget and Plan :
CIARA's new OT security project planner generates a complete quarterly mitigation plan based on the user's optimization preferences, balancing the estimated cost of mitigation controls against the quarterly budget constraints.
About Radiflow
These new features enhance Radiflow's objective to eliminate the guesswork from OT security. Radiflow is committed to assisting CISOs in prioritizing their activities by providing industrial threat detection and risk management solutions.
Read More
Google | April 27, 2020
Google says it has blocked 18 million daily malware and phishing emails related to COVID-19 over the past week.
Majority of malware and phishing emails involve impersonation.
This includes implementing multi-factor authentication methods that require people to prove their identity using two or more verification methods.
Google says it has blocked 18 million daily malware and phishing emails related to COVID-19 over the past week. The search giant also says it has encountered over 240 million daily spam messages related to the novel coronavirus. On a typical day, Google blocks over 100 million phishing messages daily. According to Google, the cybercriminals use both fear and financial incentives to create urgency to prompt users to respond.
Google says that the majority of malware and phishing emails involve impersonating government organizations such as the World Health Organization. Some of the coronavirus-related malware and phishing emails solicit fraudulent donations for various causes. In contrast, malware tricks attempt to deceive users into downloading files laced with malware on their devices. Other phishing attempts claim to possess information about the government stimulus packages for individuals and small businesses. Phishing scams targeting remote workers purport to be the recipient’s employer.
“The fact that 18 million Covid-19-related emails are blocked each day just by Google is a sign of just how prolific these attacks are,” Kron says. “In these times of high stress and change.
~ Erich Kron Cybersecurity Keynote Speaker
Learn more: PHISHING KITS BECOME “BESTSELLER” IN THE UNDERGROUND MARKET: RESEARCH
He added that criminals are aware of the system vulnerabilities arising from employees working at home away from secure corporate networks.
“The best thing organizations can do right now is to ensure that their employees have up-to-date training on how to spot and report phishing emails to their organization”.
~ LaSala, Director of Security Solutions
The search giant notes that most of the malware and phishing emails are not new but are existing campaigns updated to exploit the panic and curiosity caused by the current pandemic. The company adds that its machine learning AI algorithm can block 99.9% of spam phishing and malware from reaching its users. Google is also working on other techniques, such as implementing the Domain-based Message Authentication, Reporting, and Conformance (DMARC), to prevent fraudsters from impersonating the www.who.int domain. This method will also prevent WHO messages from accidentally being filtered out as spam due to the frequency of similar fraudulent messages.
Google advises people to avoid downloading files from untrusted users. Additionally, the search giant recommends using its email preview inbuilt tool to view documents before downloading.
However, some experts have been critical of Google’s response to malware and phishing emails threats. Colin Bastable, CEO of security awareness training company Lucy Security says Google allows scammers to associate Gmail accounts with phishing links while virtue-signaling its users about security.
Learn more: WORK FROM HOME: CYBER SECURITY DURING COVID-19
Read More