DATA SECURITY

Lack of Remote and Hybrid Work Policies Put Education Industry at Risk for IT Security Issues

Apricorn | July 23, 2021

The leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives, Apricorn, has announced various findings for the education sector from the Apricorn Global IT Security Survey, 2021. The survey says the education industry lacks concern about security threats from employees and, due to limited IT security policies related to remote work, has a greater risk for cybersecurity breaches and data loss than other industries. For example, 69.4% of respondents say, as targets that attackers can use to access data, employees at their organizations don't think of themselves,  compared to 37.5% in information technology (IT).

The survey was to compare cybersecurity policies of various industries about hybrid and remote work. More than 400 respondents completed the survey. Unfortunately, the education industry constantly lags behind many other healthcare, manufacturing, IT, and financial services when executing lost/stolen devices and data security policies. Remarkably, compared to 55% in IT, only 26% of respondents in the education industry agreed that they have policies regarding lost/stolen devices.

Many education institutions, in the Fall, will be returning to in-person instruction; however,  in the education sector, most survey respondents (90.77%) said a hybrid work option exists. Organizations in education demonstrated a trend of allowing employee choice when it comes to policy adherence when asked about policies and procedures that have been put in place regarding transporting data and devices. Compared to an average of 52% for other top industries, only 20% of education organizations require encrypted hardware. More than half of EDUCATION organizations permit the use of personal USB devices.

About Apricorn

Founded in 1983, Apricorn is a leading provider of secure storage innovations to prominent companies in education, healthcare, finance, and government throughout North America, EMEA, and Canada. Apricorn products have become the trusted standard for a myriad of data security strategies worldwide. Under the Apricorn brand, numerous award-winning products and patents have been developed.

Spotlight

Of the five stages in the Information Governance Maturity Model, the second stage - "Overwhelmed" - is typically the most uncomfortable. Many IT organizations experience a strong temptation to look for quick fixes based on the mechanics of storage. Thin provisioning, to take just one example, enables more efficient utilization of existing storage capacity, so that companies can effectively store more data at a lower cost.

Spotlight

Of the five stages in the Information Governance Maturity Model, the second stage - "Overwhelmed" - is typically the most uncomfortable. Many IT organizations experience a strong temptation to look for quick fixes based on the mechanics of storage. Thin provisioning, to take just one example, enables more efficient utilization of existing storage capacity, so that companies can effectively store more data at a lower cost.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Datadog Announces Integration with Amazon Security Lake

Datadog | November 30, 2022

Datadog, Inc., the monitoring and security platform for cloud applications, today announced a new integration with Amazon Security Lake. The integration, announced during AWS re:Invent, makes it easy for Amazon Security Lake users to send cloud security logs to Datadog in a standard format. Building data pipelines in order to aggregate and route security logs to various security analytics solutions can be a cumbersome and time-consuming process. For Amazon Security Lake customers, Datadog's integration provides an easy way to send security logs to Datadog with minimal configuration required. Once security logs are ingested into Datadog, customers can analyze and identify threats through out-of-the-box detection rules or by writing custom security rules. They can also do deeper investigations using Datadog's log management tools. "Amazon Security Lake makes it easier for teams to manage their cloud security data and analyze it with partner solutions of their choice," said Rod Wallace, General Manager for Amazon Security Lake. "Datadog's integration with Amazon Security Lake will allow customers to collect their security logs to improve their cybersecurity posture and send them to Datadog for analysis leveraging an open source schema." "Security threat detection and investigation is dependent on an effective logging strategy that ensures critical logs are being properly analyzed. However, managing dozens of log integrations from cloud-hosted accounts and entities can be cumbersome and lead to gaps in visibility. "Amazon Security Lake and Datadog are working together to provide an easy way to set up and manage important log integrations for Datadog Cloud SIEM, giving customers deep visibility into their most critical infrastructure." Pierre Betouin, SVP of Security Products at Datadog About Datadog Datadog is the monitoring and security platform for cloud applications. Our SaaS platform integrates and automates infrastructure monitoring, application performance monitoring and log management to provide unified, real-time observability of our customers' entire technology stack. Datadog is used by organizations of all sizes and across a wide range of industries to enable digital transformation and cloud migration, drive collaboration among development, operations, security and business teams, accelerate time to market for applications, reduce time to problem resolution, secure applications and infrastructure, understand user behavior and track key business metrics.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

BlueVoyant Research Reveals Defending Digital Supply Chains Remains a Business Challenge

BlueVoyant | November 14, 2022

BlueVoyant, an industry-leading cyber defense company that combines internal and external cybersecurity, today released the findings of its third annual global survey into supply chain cyber risk management. The study reveals that 98% of firms surveyed have been negatively impacted by a cybersecurity breach that occurred in their supply chain. This is up slightly from 97% of respondents last year. Digital supply chains are made of the external vendors and suppliers who have network access that could be compromised. "The survey shows that supply chain cybersecurity risk has not decreased and, in fact, more enterprises than ever have reported being negatively impacted by a cybersecurity disturbance in their supply chain," said Adam Bixler, BlueVoyant's global head of supply chain defense. "The good news is that across industries and regions, organizations are making supply chain defense a priority, but these organizations need to better monitor suppliers and work with them to remediate issues to reduce their supply chain risk." Other key survey findings include: 40% of respondents rely on the third-party vendor or supplier to ensure adequate security. In 2021, 53% of companies said they audited or reported on supplier security more than twice per year; that number has improved to 67% in 2022. These numbers include enterprises monitoring in real time. Budgets from supply chain defense are increasing, with 84% of respondents saying their budget has increased in the past 12 months. The top pain points reported are internal understanding across the enterprise that suppliers are part of their cybersecurity posture, meeting regulatory requirements, and working with suppliers to improve their security. "While supply chain defense is a challenge, there are solutions for enterprises to better defend against this risk," said James Rosenthal, BlueVoyant's CEO and co-founder. "Enterprises should continuously monitor their supply chain to be able to quickly remediate threats. As companies are being negatively impacted by supply chain disturbances, they must prioritize this risk with the appropriate budget." The study was conducted by independent research organization, Opinion Matters, and recorded the views and experiences of 2,100 chief technology officers (CTOs), chief security officers (CSOs), chief operating officers (COOs), chief information officers (CIOs), chief info security officers (CISOs), and chief procurement officers (CPOs) responsible for supply chain and cyber risk management in organizations with more than 1,000 employees across a range of industries. These include: business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defense. It covered 11 countries: U.S., Canada, Germany, Austria, Switzerland, France, the Netherlands, the United Kingdom, Australia, the Philippines, and Singapore. The 2021 research was also conducted by Opinion Matters and recorded the views and experiences of 1,200 CTOs/CSOs/COOs/CIOs/CISOs/CPOs in similar enterprises and the same industries. It covered six countries: U.S., Canada, Germany, the Netherlands, the U.K., and Singapore. Analysis of the responses from different commercial sectors revealed considerable variations in their experiences of supply chain risk: While healthcare and pharmaceutical was the third-highest vertical in terms of experiencing greater board scrutiny for supply chain risk at 42%, the sector also indicates the lowest likelihood to increase budget for external resources to bolster supply chain cybersecurity, by a margin of 7% below the next closest vertical. This sector is also the least likely of any vertical (34%) to have no way of knowing if an issue arises with a third party's environment. The energy sector was most likely to report negative impact from at least one supply chain breach in the last year (99%) but 49% are monitoring supply chain cyber risk regularly or in real time, and 44% are updating senior leadership monthly or more frequently. In addition, energy companies say they are increasing their budget for supply chain cyber risk by an average of 60%. In manufacturing, 64% of respondents say that supply chain cyber risk is on their radar and 44% say they have established an integrated enterprise risk management program. About BlueVoyant BlueVoyant combines internal and external cyber defense capabilities into an outcomes-based platform called BlueVoyant Elements™. Elements is cloud-native and continuously monitors your network, endpoints, attack surface, and supply chain plus the clear, deep, and dark web for vulnerabilities, risks, and threats; and takes action to protect your business, leveraging both machine learning-driven automation and human-led expertise. Elements can be deployed as independent solutions or together as a full-spectrum cyber defense platform. BlueVoyant's approach to cyber defense revolves around three key pillars — technology, telemetry, and talent — that deliver industry-leading cybersecurity to more than 700 clients across the globe.

Read More

PLATFORM SECURITY,SOFTWARE SECURITY

Phosphorus Launches New xIoT Security Capabilities to Discover and Disable Risky Devices Prohibited by the U.S. Government

Phosphorus | December 13, 2022

Phosphorus, the leading provider of proactive and full-scope security for the extended Internet of Things (xIoT), today announced new security features that will enable organizations to discover and monitor their networks for the presence of xIoT devices that the U.S. government deems a significant security risk. The new features also include the capability to remotely disable and remove the devices from the network. Phosphorus’s security update follows the FCC’s ban on the sale or importation of devices made by several Chinese manufacturers that it considers to pose “an unacceptable risk to national security of the United States or the security or safety of United States persons.” The Covered List includes video surveillance and telecommunications equipment produced by Huawei Technologies, ZTE Corporation, Hytera Communications, Hangzhou Hikvision Digital Technology, and Dahua Technology (and their subsidiaries and affiliates). “The Phosphorus xIoT Security Platform is the industry’s only solution that can discover the presence of these prohibited devices and remotely render them inert at scale. “These unique capabilities will empower enterprises and government organizations across the U.S. to discover, disable, and remove banned or potentially dangerous devices from their enterprise environments.” John Vecchi, Chief Marketing Officer at Phosphorus Advanced Discovery Capability A recent study by Phosphorus’s global research division, Phosphorus Labs, found that organizations consistently struggle to identify all of their xIoT devices – this means many companies may not realize they have banned devices lurking inside their networks. According to its research, 80% of enterprise security teams can’t identify the majority of their xIoT devices and customer estimates of xIoT inventories are consistently off by 40-60%. Phosphorus’s Enterprise xIoT Security Platform has unique capabilities for discovering xIoT assets, and it is the only technology platform able to communicate with these devices (ranging from security cameras to PLCs) in their native languages. This enables a high degree of accuracy, granularity, and speed when discovering and analyzing these devices to create comprehensive inventories of xIoT assets that include device type, brand, model, firmware version, credential status, default/enabled protocols, certificate status, and more. Disabling and Isolating High-Risk Devices Phosphorus empowers organizations by giving them direct control over every single device in their wide-ranging xIoT deployments. Through the platform’s Hardening and Remediation capabilities, organizations can update and rotate a device’s credentials, manage firmware, disable remote services, turn off unnecessary connectivity features, check for valid certificates, and reboot the device. For organizations that have detected banned xIoT technologies in their networks, specific device-level actions such as changing passwords, disabling services and reducing connectivity will be critical for limiting the potential risks of these devices prior to their removal from the network. World’s First and Only Proactive xIoT Security Platform Phosphorus’s Enterprise xIoT Security Platform is the industry’s only consolidated xIoT security offering, delivering state-of-the-art Attack Surface Management, Hardening and Remediation, and Detection and Response across the full range of IoT, OT, and Network-connected devices – spanning both new and legacy devices. For the first time in industry history, teams in IT, Facilities, and Security are able to collaborate on a single platform to safely discover, assess, remediate, and monitor their xIoT devices. Phosphorus is now the solution of choice for enterprises to secure devices that were previously unknown or overlooked, beginning with fundamental xIoT security hygiene. The company’s Enterprise xIoT Security Platform is currently deployed in Fortune 100, Fortune 500, and government networks. ABOUT PHOSPHORUS Phosphorus Cybersecurity® is the leading xTended Security of Things™ platform designed to secure the rapidly growing and often unmonitored Things across the enterprise xIoT landscape. Our Enterprise xIoT Security Platform delivers Attack Surface Management, Hardening & Remediation, and Detection & Response to bring enterprise xIoT security to every cyber-physical Thing in your enterprise environment. With unrivaled xIoT discovery and posture assessment, Phosphorus automates the remediation of the biggest IoT, OT, and Network device vulnerabilities—including unknown and inaccurate asset inventory, out-of-date firmware, default credentials, risky configurations, and out-of-date certificates.

Read More