Sikich Report Finds That Manufacturers and Distributors Neglect Key Cybersecurity Activities

Sikich | July 23, 2020

Less than 40% of respondents in Sikich's 2020 Manufacturing and Distribution Report said they perform important data breach prevention activities, such as penetration testing, phishing exercises on employees and assessments of vendors' data security efforts. However, manufacturers and distributors remain vulnerable to breaches. Nearly half of respondents said their companies experienced cyberattacks during the past 12 months. "Cybersecurity is an essential part of a company's operations, but too few manufacturers and distributors take the necessary precautions to protect sensitive data," said Brad Lutgen, partner-in-charge of Sikich's cybersecurity team. "The coronavirus pandemic, which sent many office workers to insecure remote environments, has only elevated the risk these companies face. Manufacturers and distributors must commit to a comprehensive cybersecurity strategy that includes everything from technical updates to employee training." The report also reveals extensive use of some advanced technologies, but stubbornly slow adoption of others. Eighty-six percent of respondents said their companies use cloud storage and solutions, and more than 60% use forecasting software, data-driven customer service technologies, advanced analytical tools, data visualization, and the internet of things. But only about half of the executives surveyed said their companies use robotics, robotic process automation and 3D printing/additive manufacturing. And 39% said they use blockchain and augmented virtual reality.

Spotlight

The cornerstones of a proactive security strategy are vulnerability management and risk assessment. However, traditional "scan-and-patch" vulnerability scanning approaches are inadequate for dynamic, virtualized environments. Traditional scanners cannot track changes in real time, so they cannot accurately measure constantly changing risks. Anyone charged with securing IT assets needs to understand the dynamic security risks inherent to virtualized environments, and more importantly, what to do to mitigate those risks. This whitepaper explores the challenges of securing a virtualized environment and gives actionable solutions to address them.

Spotlight

The cornerstones of a proactive security strategy are vulnerability management and risk assessment. However, traditional "scan-and-patch" vulnerability scanning approaches are inadequate for dynamic, virtualized environments. Traditional scanners cannot track changes in real time, so they cannot accurately measure constantly changing risks. Anyone charged with securing IT assets needs to understand the dynamic security risks inherent to virtualized environments, and more importantly, what to do to mitigate those risks. This whitepaper explores the challenges of securing a virtualized environment and gives actionable solutions to address them.

Related News

DATA SECURITY

BD to Advance Leadership in Cybersecurity Transparency and Preparedness

BD | June 07, 2021

A leading global medical technology company, BD (Becton, Dickinson and Company), today announced that it has become the first medical technology company authorized as a Common Vulnerability and Exposures (CVE®) Numbering Authority by the CVE Program, further demonstrating the company's leadership in health care cybersecurity. As a CVE Numbering Authority (CNA), BD is authorized to assign CVE identification numbers to newly discovered vulnerabilities in its software-enabled products. This includes using the Common Weakness Enumeration (CWE™) system to classify vulnerability types and applying the Common Vulnerability Scoring System (CVSS) to communicate vulnerability characteristics and severity. The purpose of the CVE Program is to bolster international cybersecurity defense by cataloguing publicly disclosed cybersecurity vulnerabilities. The CVE Program is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and operated by MITRE Corporation. BD was among the first medical technology companies to develop a mature Coordinated Vulnerability Disclosure program, enabling customers to manage cybersecurity risks through awareness and guidance. In 2020, the company launched the BD Cybersecurity Trust Center, increasing transparency and collaboration with its customers, and issued its inaugural cybersecurity annual report. In becoming a CNA, BD further demonstrates its commitment to cybersecurity in medical devices, making it easier for customers to manage vulnerabilities affecting BD products. About the CVE Program The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each of the vulnerabilities in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities. About BD BD is one of the largest global medical technology companies in the world and is advancing the world of health by improving medical discovery, diagnostics and the delivery of care. BD and its 70,000 employees have a passion and commitment to help enhance the safety and efficiency of clinicians' care delivery process, enable laboratory scientists to accurately detect disease and advance researchers' capabilities to develop the next generation of diagnostics and therapeutics. By working in close collaboration with customers, BD can help enhance outcomes, lower costs, increase efficiencies, improve safety and expand access to health care.

Read More

DATA SECURITY

AdvIntel & KPMG LLP announce alliance around cyber threat detection and ransomware response

AdvIntel | October 01, 2021

AdvIntel, a leading cybersecurity threat prevention and loss avoidance company with a unique and unparalleled ability to detect and disrupt ransomware and KPMG LLP, the global audit, tax and advisory firm, today announced an alliance around AdvIntel's "Andariel" Threat Prevention & Loss Avoidance Platform. The profile of ransomware victims has moved upmarket over the past year as the adversaries have enhanced their capabilities faster than cyber defenses at an alarming trend. The state of the current cyber security market is full of uncertainties. The current breach response is traditionally reactive, leading to a breach after a breach. Now, with the unique alliance, we are effectively reversing the traditional breach paradigm with the vision to disrupt breaches before they turn into ransomware. Our goal is to bring the world closer to a ransomware-free future via the proactive and preventative breach response. According to AdvIntel CEO, Vitali Kremez Andariel' s ability to track botnet initial compromises enables AdvIntel' s customers to take action before data and personally identifiable information is leaked, which could prevent regulatory, reputational, and legal losses related to data breach legal liability. Ed Goings, KPMG National Lead for Cyber Response Services stated "Intelligence of this level is a complete game changer. Many companies state they provide threat intelligence, but this is the first time I have seen actionable intelligence that can be used to potentially identify corporate ransomware attacks before they happen." Moreover, some of the tracked botnets have a unique relationship with some of the monitored ransomware families. Therefore, by timely identifying botnet activity in their systems, AdvIntel's clients can identify and potentially avert tremendous losses from ransomware attacks. Incident response case support through Andariel enables a corporate cyber investigation team by providing immediate information on the "patient zero", the way cyber infection spreads through the system, as well as the vulnerabilities which lead to the compromise. Andariel aims to significantly decrease the time and resources spent on investigations, as well as to decrease the insurance claims and coverage of the remediation effort. AdvIntel and KPMG will jointly go to market to combat cyber incidents, by providing early-warning alerting, applied threat detection, and long-term strategic threat intelligence. AdvIntel and KPMG are already working jointly with several cyber insurance providers around the threat prevention and loss avoidance needs of their customer base. About AdvIntel AdvIntel is the world's first and only cybercrime and adversarial disruption firm which leverages Andariel, a next-generation threat prevention and loss avoidance platform which has visibility beyond a company's own internal network. Andariel sheds light on the botnet and breach ecosystem in order to spot threats and compromises preemptively and proactively. Whether prolific botnets, ransomware syndicates, cyber extortionists, carders, advanced persistent threat groups, or crimeware operators, Andariel ensures ultimate visibility into these threats before they actualize and do harm. About KPMG LLP KPMG LLP is the U.S. firm of the KPMG global organization of independent professional services firms providing audit, tax and advisory services. The KPMG global organization operates in 146 countries and territories and has close to 227,000 people working in member firms around the world. Each KPMG firm is a legally distinct and separate entity and describes itself as such. KPMG International Limited is a private English company limited by guarantee. KPMG International Limited and its related entities do not provide services to clients. Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

Read More

SOFTWARE SECURITY

Cybermaxx Cybersecurity Provider partners with Logi Analytics to strengthen MAXX Data Defense Systems Suite data analytics capabilities.

prnewswire | November 02, 2020

Today, Logi Analytics, the main supplier of installed examination answers for programming groups, and CyberMaxx, the pioneer in network protection tasks administrations for medical care associations, report another organization incorporating Logi Info into CyberMaxx's MAXX Data Defense Systems set-up of oversaw security administrations and arrangements. CyberMaxx will be revealing the new information examination capacities beginning November second, 2020. Progressed information examination is a higher priority than any time in recent memory for network safety tasks groups – especially with cyberattacks expanding year-over-year for organizations, all things considered. For MSSPs like CyberMaxx, which is totaling information from various sources at the same time, viable representations and revealing is basic to guaranteeing their security administrations stay on top of things so their clients can settle on speedy choices and decrease their danger of a break. Presently with Logi Info, CyberMaxx is improving its information investigation and detailing capacities while as yet holding the innovative adaptability that has made it a powerful online protection accomplice to undertakings for more than 15 years. "Enterprises are dealing with an increasing volume of threats, and MSSPs entrusted with protecting these firms can't afford to lose their knowledge advantage – or else breaches will only continue," says Brett Hansen, CMO at Logi Analytics. "With the Logi Symphony suite of services – including Logi Info – CyberMaxx is now able to embed powerful data analytics, reporting, and visualization capabilities into their MAXX suite of managed services – equipping their security team and customers with the threat visibility and actionable data insights that are the difference between partner safety and business disruption." CyberMaxx has been giving overseen security administrations to endeavors for over 15 years, zeroing in on the three mainstays of individuals, cycle, and innovation to forestall, recognize, and react to cyberattacks. Eminently, CyberMaxx gives specific oversaw security administrations to endeavors in the medical care, money related administrations, and retail areas – requiring chief network safety skill as well as an intensive comprehension of the specific consistence needs every area requires. It's all day, every day/365 security activities place (SOC) and network safety group are more basic than any other time in recent memory for these organizations, and with Logi Info CyberMaxx can give clients will more noteworthy danger knowledge and announcing highlights that will forestall, distinguish and react to breaks quicker than at any other time. "CyberMaxx is constantly pushing forward to anticipate our customers' needs and provide the highest level of service in our industry, which is evidenced today by our 99% customer retention rate. The partnership with Logi and the combined force of the CyberMaxx and Logi teams have delivered an innovative data analytics platform with powerful dashboards that will help our customers prevent costly breaches." said Thomas Lewis, CEO of CyberMaxx. CyberMaxx can utilize Logi Info as a component of its more extensive Logi Symphony membership – which furnishes the MSSP with admittance to the full Logi Analytics programming suite for a solitary, set cost. As CyberMaxx's investigation needs develop over the long haul, they'll have the option to exploit the full broadness of Logi Analytics' bleeding edge implanted examination instruments effortlessly and cost-effectiveness. Logi Analytics' insight and comprehension of installed examination is basic to network safety activities for organizations in 2020 and past. These instruments help improve perceivability of dangers and new or disregarded assault vectors, while making it simpler for IT experts to dissect and follow up on the information without disturbing application work process. For MSSPs, these capacities are taking on consistently expanding significance as endeavors move a greater amount of their IT activities to the cloud while the quantity of endpoint gadgets increments essentially – especially in the wake of the COVID-19 pandemic and the more extensive move to far off work thus. About Logi Analytics Logi Analytics empowers the world's software teams with the most intuitive, developer-grade embedded analytics solutions and a team of dedicated people, invested in your success. Logi leverages your existing tech stack, so you can quickly build, manage and deploy your application. And because Logi supports unlimited customization and white-labeling, you have total control to make the application uniquely your own. Over 2,200 application teams have trusted Logi to help power their businesses with sophisticated analytics capabilities. About Cybermaxx CyberMaxx prevents, detects, and responds to cyberattacks for healthcare organizations. CyberMaxx equips its customers with a 24/7/365 security operations center with services including endpoint threat detection and response, network-based threat detection and prevention, security information and event management (SIEM) with advanced data analytics, vulnerability risk management, and incident response services.

Read More