DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

BeyondTrust Releases Cybersecurity Predictions for 2023 and Beyond

BeyondTrust | November 04, 2022 | Read time : 02:50 min

BeyondTrust
BeyondTrust, the leader in intelligent identity and access security today released its annual forecast of cybersecurity trends emerging for the New Year and beyond. These projections, authored by BeyondTrust experts Morey J. Haber, Chief Security Officer and Brian Chappell, Chief Security Strategist, EMEA/APAC, are based on shifts in technology, threat actor habits, culture, and decades of combined experience.

Prediction #1: Negative, Zero, and Positive Trust -- Next year, expect products to actually be “zero trust-ready", satisfy all seven tenants of the NIST 800-207 model, and support an architecture referenced by NIST 1800-35b. Zero trust product vendors will create marketing messages that may imply positive and/or negative intent (maybe not using such simple puns on the number zero). Some will provide positive zero trust authentication and behavioral monitoring, while others will work using a closed security model to demonstrate what should happen when a negative zero trust event occurs.

Prediction #2: Camera-Based Malware is here. Say “Cheese”! -- In 2023, expect to see the first of many exploits that challenge smart cameras and the technology embedded within to leverage vulnerabilities. While there have been timeless discussions on the risks of using QR codes, we’re only now beginning to understand the risks from our smart cameras. As cameras become more complex, the risk surface is expanding for novel approaches that could lead to their exploitation.

Prediction #3: Reputation for Ransom—The rise of Ransom-Vaporware – We will see a rise in the extortion of monies based purely on the threat of publicizing a fictional breach. Society so willingly accepts the veracity of breaches reported in the news—and without evidence. For a threat actor, this could mean the need to perpetrate an actual breach is reduced and a threat alone, that is not even verifiable, becomes an attack vector all in itself.

Prediction #4: The Foundation of Multi-Factor Authentication (MFA) Invincibility Fails -- Expect a new round of attack vectors that target and successfully bypass multifactor authentication strategies. In the next year, push notifications, and other techniques for MFA will be exploited, just like SMS. Organizations should expect to see the foundation of MFA eroded by exploit techniques that compromise MFA integrity and require a push to MFA solutions that use biometrics or FIDO2-compliant technologies.

Prediction #5: Cyber Un-insurability is the New Normal -- In 2023, more businesses will face the stark realization that they are not cyber-insurable. As of the second quarter of 2022, U.S. cyber-insurance prices already increased 79% over the prior year. The truth is, it’s becoming downright difficult to obtain quality cyber insurance at a reasonable rate.

Prediction #6: The Latest Concert Hack: Wearable Risk Surfaces and Hackable E-Waste -- If you have recently attended a large concert, you may have received a disposable LED bracelet that can receive RF transmissions during the event. The device is meant to be low cost, disposable, and have potentially only single use. In 2023, expect threat actors to easily decode the RF transmissions using tools like Flipper Zero to wreak havoc on venues that use these enhancements. Some, may be to form a protest for some other purpose.

Prediction #7: Compliance Conflicts are Brewing -- Significant compliance standards, best practices, and even security frameworks, are starting to see a diverging in requirements. In 2023, expect more regulatory compliance conflicts, especially for organizations embracing modern technology, zero trust, and digital transformation initiatives.

Prediction #8: The Death of the Personal Password -- The growth of non-password-based primary authentication will finally spell the end of the personal password. More applications, not just the operating system itself, will start using advanced non-password technologies, such as biometrics, either to authenticate directly or leverage biometric technology, like Microsoft Hello or Apple FaceID or TouchID, to authorize access.

Prediction #9: De-Funding of Cyber Terrorists Becomes Law -- Governments all over the world will entertain a new approach to protect organizations from ransomware and stop the funding of terrorists: ban ransomware payouts outright. Granted, threat actors may move on to a new form of cyber crime to fund their operations, but ransomware as we know it will fade away.

Prediction #10: Cloud Camouflage is Confronted -- To mitigate cloud security risks, expect a push for transparency and visibility into the security operations of SaaS solutions, cloud providers and their services. The push to ensure transparency of the architecture, foundational components, and even discovered vulnerabilities, will extend beyond SOC and ISO certifications.

Prediction #11: Social Engineering in the Cloud -- Attackers will turn from their software toolkits to their powers of persuasion as they increase the number of social engineering attacks leveled at employers and organizations across the cloud.

Prediction #12: Unfederated Identities to Infinity and Beyond -- Expect a push into unfederated identities to help provide a new level of services and potentially physical products that will become a mild access control and management nightmare. The size and scope will feel truly infinite—unless it is well-defined for identity management teams to provide access beyond what typically is available today.

Prediction #13: OT Gets Smarter, Converges with IT -- Expect attack vectors for basic Operational Technology (OT) to expand based on similar exploits that target IT. OT which once had a single function and purpose is now becoming smarter, leveraging commercial operating systems and applications to perform expanded missions. As these devices expand in scope, their design is susceptible to vulnerabilities and exploitation.

Predictions #14: Headline Breaches Move to Second-Page News -- Expect news of breaches to be buried deeper—whether in print or online format based on audience fatigue, lack of interest, or just because it is no longer exciting. With that said, legal, regulatory, and compliance responses will become front-page news should an organization fail to follow the proper steps for public disclosure and risk mitigation.

Prediction #15: A Record-“Breaching” Year -- Expect a record-breaking year of cyber security breach notifications, not only because of the sophistication of threat actors, but also due to the larger changes in the world that will impact an organization's ability to mitigate, remediate, or prevent a problem.

About BeyondTrust
BeyondTrust is the worldwide leader in intelligent identity and access security, empowering organizations to protect identities, stop threats, and deliver dynamic access to empower and secure a work-from-anywhere world. Our integrated products and platform offer the industry's most advanced privileged access management (PAM) solution, enabling organizations to quickly shrink their attack surface across traditional, cloud and hybrid environments.

BeyondTrust protects all privileged identities, access, and endpoints across your IT environment from security threats, while creating a superior user experience and operational efficiencies. With a heritage of innovation and a staunch commitment to customers, BeyondTrust solutions are easy to deploy, manage, and scale as businesses evolve. We are trusted by 20,000 customers, including 75 of the Fortune 100, and a global partner network.

Spotlight

Today’s digitally transformed organizations handle vast volumes of data that is at perpetual risk for loss and leakage, either intentionally through data breaches or unintentionally through employee errors. With cybercrime damages expected to reach $10.5 trillion annually by 2025, 1 organizations must protect their threat surface holistically.


Other News
SOFTWARE SECURITY

Keeper Security Releases iOS Updates for One-Time Share and Siri Shortcuts

Keeper Security | December 15, 2022

Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets and connections, today announced their latest iOS updates which include integration of the One-Time Share feature, which enables secure record sharing on a time-limited basis, using Keeper's zero-knowledge encryption and zero-trust security model. Keeper also now integrates with Siri Shortcuts, providing users with a quicker way to control their Keeper Password Manager. Keeper One-Time Share is the easiest and most secure way to send confidential information to a friend, family member or co-worker without exposing sensitive information over email, text or other forms of messaging. One-Time Share links are restricted to the recipient's device and automatically expire at a time of the Keeper user's choosing. One-Time Share records can only be used on one device. Even if the user forgets to unshare the record, it will expire automatically, and the recipient's access will be revoked. With Siri Shortcut integration, users will be able to quickly get things done on Keeper's Password Manager by asking Siri. "Keeper is thrilled to provide iOS users with this rich feature set that maximizes the security capabilities of their iOS devices, With One-Time Share, iOS users can securely share critical information, whether that's a family sharing their WiFi password with a friend or a security system code with a houseguest. Additionally, Siri integration allows users to control Keeper more easily with voice commands." Craig Lurey, CTO and Co-founder of Keeper Security. About Keeper Security: Keeper Security is transforming the way people and organizations around the world secure their passwords, secrets and confidential information. Keeper's easy-to-use cybersecurity platform is built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by millions of individuals and thousands of organizations globally, Keeper is the leader for best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging.

Read More

ENTERPRISE IDENTITY,PLATFORM SECURITY,SOFTWARE SECURITY

Bearer Launches Data-First Security Solution

Bearer | November 15, 2022

Bearer, the data-first security software company, today announced the general availability of the Bearer Data Security Platform. Based on extensive interviews with more than 130 enterprise CISOs at high-growth and global 2,000 companies, Bearer is in beta use across multiple industries with one customer protecting the private data of more than 75 million medical patients. “At Bearer, we strongly believe the best approach for a data-first security approach is to start at the beginning of the journey, following the shift-left security trend. “Data-first security should start in the code. And to be truly effective, it should never impede developers and never allow access to private data itself while still providing ownership context and protecting against vulnerabilities created in the business logic of an application or service.” said Guillaume Montard, CEO and co-founder of Bearer Why Bearer Data Security Platform Now Data security is becoming a top priority for businesses, with customers and governments demanding better data protection driven by the demands of GDPR, CCPA, PDPA and more. Bearer’s detection engine protects PD, PHI, PII and financial data. Cloud native organizations have more complex and fragmented architectures than ever before, making properly-implemented data security risk controls impossible without a proper solution. More than two-thirds of the enterprise 2,000 are focusing on cloud-native applications. DevSecOps is gaining huge traction. 57% of security teams have shifted security left already or are planning to this year, making them ready to use a solution such as Bearer. Bearer has been tested on more than 20,000 open source software projects as well as more than 6,000 data repositories at beta users, partners and early customers. The Bearer Data Security Platform Bearer is a SaaS platform that enables scalable deployments and workflow automation for security management. It discovers sensitive data flows automatically by continuously scanning source code and associated metadata. By monitoring data security risks proactively, it can automatically detect gaps within data security policies during coding and in production. Finally, it can remediate data security issues at a massive scale, giving developers immediate actionable advice on how to mitigate as well as prioritize an issue. Bearer accomplishes these results through three major innovations: Identification of data security risks – Including business logic flaws: Bearer pinpoints data security technical and business logic flaws in code before it’s too late and costly to correct. It then provides actionable context and ownership information to fix issues quickly – in minutes. Before Bearer, pinpointing business logic flaws could only be achieved manually – often left ignored. Frictionless deployment: Bearer is a data security SaaS solution that fits into the development cycles of Global 2000 enterprises without requiring any changes to how software engineering teams work. Additionally, Bearer does not require access to the underlying source code nor the sensitive data itself. Extreme automation: Designed by developers for developers in a world of constant code iterations, Bearer automates the burden of data security compliance for software engineers so they don’t have to become experts on data security regulations across different global markets. Security and compliance teams love how Bearer prioritizes the most critical issues in remediation workflow to allow for speedy resolution between security and development. About Bearer Bearer, the data-first security software company, pioneered a solution for developers to automatically detect sensitive data flow and data security risks while coding. Its policy engine proactively monitors data security policies before releasing code and its unique remediation workflow prioritizes the most critical issues – including business logic flaws – for quick resolution between security and engineering teams. Venture-backed with more than $8 million in seed financing, Bearer is used in markets where privacy protection and data security are business-critical, including eCommerce, financial services, and healthcare.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Absolute Software Unveils New Product Innovations for Resilient Zero Trust

Absolute | December 01, 2022

Absolute Software™ , the only provider of self-healing, intelligent security solutions, today announced new product innovations, empowering customers with deeper visibility and intelligence, expanded software integrations, and a refreshed user experience through its latest updates to Absolute Secure Endpoint and Absolute Secure Access. These product releases continue the company’s investment in bringing together the combined power of Absolute Secure Endpoint and Absolute Secure Access with our unique, firmware-embedded self-healing capability, enabling customers to achieve truly resilient Zero Trust environments and deliver an optimal user experience. This announcement builds on the launch of Absolute ZTNA – the industry’s first self-healing Zero Trust Network Access (ZTNA) solution – and Absolute Insights™ for Endpoints and Network, providing unparalleled intelligence into device, application, and network performance. Embedded in more than 600 million devices, Absolute is the only intelligent security solutions provider capable of delivering visibility, control, and resiliency across endpoints, applications, and network connections. The Absolute Platform enables IT and security teams to ensure their endpoints remain compliant and mission-critical applications remain operational, and empowers them to transition from traditional VPNs to a resilient Zero Trust approach without hindering security or user productivity. A recent 451 Research report validates Absolute’s differentiated platform approach and capabilities, saying: Too often, organizations don’t fully consider the resilience of the deployed zero-trust environment, and network access and device security are handled independently. It’s a situation that complicates security operations and one that can impact employee productivity. “Our common platform addresses a wide range of market needs, as we have the unique ability to apply self-healing capabilities to devices, applications, and network access. “Organizations are acknowledging that they need resilience-focused Zero Trust approaches, capable of integrating endpoint and access assessments at every step. By providing the critical components needed to achieve that resiliency - deep visibility, intelligence, and firmware-embedded Persistence - we are enabling them to not only protect devices, data, and users but also ensure critical controls are operating at maximum efficacy.” John Herrema, EVP of Products and Strategy at Absolute New capabilities available to Absolute Secure Endpoint customers in the latest product release include: Public API Expansion: The latest Absolute Secure Endpoint release adds new Public APIs to our existing library, allowing customers and partners to integrate our device actions into their existing workflows - significantly improving the efficiency of their existing workflows and enhancing automation capabilities. Absolute Connector for ServiceNow™: The Absolute Connector for ServiceNow enables joint customers to access Absolute’s comprehensive asset intelligence and single source of truth within their ServiceNow platform environment – enabling them to efficiently respond to service requests, supplement their ServiceNow workflows, and rapidly demonstrate compliance. Expanded Application Resilience™ Catalog: The Absolute Application Resilience catalog now includes support for more than 60 critical security applications that IT and security administrators can self-heal across their endpoints. Recent additions include WinMagic® MagicEndpoint™, Dell™ Trusted Device, Deep Instinct™, Norton 360™, OPSWAT™, UNOWHY™, Aranda Software™, and Pixart® MDM. The company also announced upcoming server and client enhancements to Absolute Secure Access, including: New Look and Feel: The names, status icons, fonts, and colors have been updated to reflect new product names and refreshed corporate brand; the core functionality and upgrade experience remain smooth and easy. SaaS Enhancements: The SaaS offering adds native NAT capabilities and enhanced alerting. Enhanced 5G Telemetry and Detection: Insights for Network dashboards that display cellular coverage, signal quality, and usage now include the 5G mid-band spectrum, and reflect improved 5G sensitivity. Deeper Visibility: The Secure Access/webService API has been enhanced, offering programmatic access to key pool performance metrics, including status information for our Active/Active server infrastructure. Faster NAC Checks: NAC capabilities are optimized, significantly reducing the time it takes for the VPN to connect and begin tunneling traffic. Android Client Enhancements: Collecting network telemetry on Android devices can now be done with the screen off to improve battery life, ensuring that administrators have actionable device and network information even if a device is in sleep mode. The Android cryptographic libraries providing FIPS 140-2 cryptography are also updated. The features included in the latest Absolute Secure Endpoint release are available now. For additional details, including which are available to Control, Visibility, or Resilience tier customers, visit here. The company expects to make Absolute Secure Access updates available to customers in January 2023. About Absolute Software Absolute Software is the only provider of self-healing, intelligent security solutions. Embedded in more than 600 million devices, Absolute is the only platform offering a permanent digital connection that intelligently and dynamically applies visibility, control and self-healing capabilities to endpoints, applications, and network connections - helping customers to strengthen cyber resilience against the escalating threat of ransomware and malicious attacks. Trusted by 18,000 customers, G2 recognized Absolute as a leader for the eleventh consecutive quarter in the Fall 2022 Grid® Report for Endpoint Management and as a high performer in the Grid Report for Zero Trust Networking.

Read More

PLATFORM SECURITY

Wib Forges Partnership with SecureIT to Accelerate API Security Across Nordics

SecureIT | December 14, 2022

Wib, the fast-growth cybersecurity startup pioneering a new era in API security, today announced a strategic partnership with SecureIT to accelerate its go-to-market momentum across the Nordics region. Based in Iceland, SecureIT is a leading provider of cybersecurity compliance, consulting and managed services to international financial institutions, airlines, large retailers, utility, biotech and healthcare, as well as multiple entities in the critical infrastructure and the government. In the wake of its recent launch and $16 million funding, Wib is actively investing in building out an international channel ecosystem of specialist cybersecurity partners to expand its reach, drive growth and leverage growing market demand for API security. The partnership with SecureIT gives access to Wib's industry-first holistic API security platform and recently launched API PenTesting-as-a-Service (PTaaS) capabilities, helping organisations across the region identify API vulnerabilities, defend against the growing tide of API based attacks and meet increasingly API centric regulatory compliance standards such as PCI DSS. "Building out our channel ecosystem is a strategic priority for Wib as we look to scale our go-to-market presence across key international territories, SecureIT has a trusted brand and strong reputation across the Nordics region with a dynamic team of qualified and experienced security and compliance professionals. Its consultative-led approach, strong compliance expertise and managed services capabilities made them the ideal partner for us and we're looking forward to a mutually beneficial relationship." -Ran Ohayon, CRO at Wib. The Nordic countries are synonymous with innovation and entrepreneurship, with an early-adopter mentality and pioneering spirit when it comes to new technologies,"explained Magnús Birgisson, CEO at SecureIT. However, where innovation leads insecurity tends to follow. APIs are critical in driving the modern applications and innovative new web services many organisations use today, but many are undetected, unmanaged and unprotected, creating vulnerability and risk. Our mission is to deliver cyber resilience to our customers across the region and our partnership with Wib is a great addition to our portfolio and will help us achieve this mission. Wib's holistic API security platform provides complete visibility across the entire API landscape, from code to production. By delivering rigorous real-time inspection, management, and control at every stage of the API lifecycle, Wib can automate inventory and API change management; identify rogue, zombie and shadow APIs and analyse business risk and impact, helping organisations to reduce and harden their API attack surface. Wib's new PTaaS solution combined with its API security platform, is the only offering that provides complete visibility, automatic inventory, auto-generated API documentation, and simulated attacks against test and/or production systems. About SecureIT: SecureIT is a leader in cyber security consultation, compliance and managed security services. Founded in early 2017, SecureIT has worked with multiple international financial institutions, airlines, large retailers, utility, biotech and healthcare, as well as multiple entities in the critical infrastructure and the government. SecureIT focuses on providing exceptional quality services, and to help the customer reach and maintain the desired and necessary security posture. SecureIT offers tailored consultation, assessments and audits, security testing and verification services, risk management and cyber threat intelligence services, along with extensive 24/7 monitoring, detection and response services, managed endpoint protection, API security and DDoS mitigation assessments and simulations. Meeting compliance, contractual and regulatory requirements is critical in today's business environment. About Wib: Wib is pioneering a new era in API security with its industry first holistic API security platform. Providing continuous and complete visibility and control across the entire API ecosystem, Wib enables developers to code with confidence and security teams to secure with surety. Wib's elite team of developers, attackers, defenders and seasoned cybersecurity professionals draw on real-world experience and expertise to help define and develop innovative technology solutions that enable customers with the identity, inventory and integrity of every API, wherever it may be within the development lifecycle, without compromising development or stifling innovation.

Read More

Spotlight

Today’s digitally transformed organizations handle vast volumes of data that is at perpetual risk for loss and leakage, either intentionally through data breaches or unintentionally through employee errors. With cybercrime damages expected to reach $10.5 trillion annually by 2025, 1 organizations must protect their threat surface holistically.

Resources