DATA SECURITY

GetApp Annual Data Security Report Reveals Information Security a Top Concern for Businesses

GetApp | September 29, 2021

GetApp, a recommendation engine that helps SMBs make informed software purchasing decisions, released findings from its 2021 Data Security Report. The results reveal that, regardless of industry, information security incidents have become more of a targeted threat for businesses, increasing in amount and efficacy.

Of all the security incidents identified by over 900 surveyed employees at U.S. businesses, the three most threatening incidents were: increasingly severe ransomware attacks, more effective phishing schemes, and rampant reusing of passwords.

Respondents reported phishing emails have nearly tripled in effectiveness over the past two years. Phishing emails are rapidly becoming more difficult to spot and thus far more destructive.

Over the past year, ransomware attacks have increased by 25%. Ransom demands were significantly higher than average for businesses in specific industries, such as banking and financial services and construction, with higher payouts.

The report found that password reuse is strongly associated with higher incidences of security breaches. Reported account takeovers were three times as common among people who reuse passwords as those who don’t.

Data security threats are becoming more targeted to individual victims, whether that’s a phishing scheme aimed at a specific person or ransomware attacks on a particular company.Companies must redouble security training efforts and fortify their networks to protect against today’s increasingly sophisticated cybercriminals.

Zach Capers, senior analyst at GetApp.

Alarmingly, 23% of the IT security managers surveyed say their company doesn’t have protocols in place to report a suspected cyberattack and 33% don’t have a formal cybersecurity incident response plan. Read the in-depth report for further insight regarding sensitive data, cyberattacks, and how your industry is keeping up with data security needs.

About GetApp
GetApp is the recommendation engine SMBs need to make the right software choice. GetApp enables SMBs to achieve their mission by delivering the tailored, data-driven recommendations and insights needed to make informed software purchasing decisions. GetApp is a Gartner company. For more information, visit www.getapp.com.

Survey methodology
GetApp’s 2021 Data Security Survey was conducted from August 20 to August 24 among 973 respondents to learn more about data security at U.S. businesses. Respondents were screened for full-time employment and 90 identified as their organization’s IT security manager.

Spotlight

Will 2019 be the tipping point for healthcare-centered virtual and augmented reality tech, or a wait-and-see year reserved for early adopters? Three key indicators provide the clues and contextual evidence your organization needs to confidently pull the trigger on embracing augmented and virtual reality technology with Lenovo de


Other News
SOFTWARE SECURITY

NowSecure Integrates with GitHub Dependabot for Developer-First Mobile Software Supply-Chain Security

NowSecure | July 06, 2022

NowSecure, the leading standards-based mobile app security and privacy software company, today announced a new GitHub Action for Dependency Graph integration to bring automated mobile app Software Bill of Materials (SBOM) generation to developer workflows directly inside GitHub. Now iOS and Android mobile app developers can gain visibility into the components, third-party libraries and frameworks they use and ensure their proper version, security and privacy as they build them — all to deliver high-quality, secure mobile app releases faster. GitHub,the leading software development platform for more than 83 million developers, announced new extensions for dependency information in the GitHub Dependency Graph with new GitHub Actions. As a recognized leader in mobile app security, NowSecure has delivered the first automated dynamic mobile app SBOM solution integrated into GitHub Dependency Graph. The NowSecure GitHub Action for Mobile SBOM to populate the GitHub Dependency Graph is now available in early access via the GitHub Marketplace. In addition, the NowSecure Platform can now be purchased through Microsoft Azure Marketplace. As part of the early access program, all GitHub mobile developers can request a free scan for dynamic SBOM generation into GitHub Dependency Graph. Underlying the urgency of managing software dependencies, software supply-chain attacks in 2021 grew by 650% with major incidents from SolarWinds, Microsoft, Kasaya, log4j and others. White House Cybersecurity Orders in 2021 identified critical risks in the global software supply chain and set out requirements for government agencies to establish standards and policies for securing the software supply chain. "Developers want to deliver innovative, high-quality mobile applications fast," said NowSecure CEO Alan Snyder. "This means they need a developer-first, easy to use and accurate mobile security solution embedded directly in their dev workflows. While mobile developers depend on third-party code for innovative experiences, complex functionality and time to market, they must ensure the code they use is up to date and secure. We are excited to extend our partnership with GitHub and the community by adding dynamic SBOM generation into GitHub Dependency Graph to help developers protect their software supply chain." NowSecure offers two GitHub Actions for automated mobile app analysis and mobile app SBOMs. The NowSecure GitHub Action provides automated static and dynamic security analysis of iOS and Android mobile apps built in any language or framework including Swift, Objective-C, Java, Kotlin, Dart, React-Native and more. The NowSecure GitHub Action for Mobile SBOMs generates component detail for visibility into the libraries/frameworks included in all mobile apps, identifying transitive dependencies, pinpointing libraries/frameworks that are using older versions, identifying components that remain but may have previously specified to be removed, and uncovering component license details. "The NowSecure GitHub Action for Mobile SBOM populates the GitHub Dependency Graph with mobile data so that in the future GitHub Dependabot alerts can update dependencies to the latest and more secure versions of libraries in mobile apps. "Furthermore, comparing SBOMs and dependencies from different versions of a mobile app provides insight into changes made by the developer over time that may require further analysis or help identify technical debt. Overall, we've been very impressed with GitHub's implementation, enabling third-parties to extend the Dependency Graph and Dependabot to support new ecosystems like mobile." NowSecure CTO David Weinstein "The software supply chain starts with the developer. Extending automated visibility into your SBOM means developers can significantly reduce their usage of vulnerable software dependencies as well as be confident in shipping new mobile features and products with security built in by design," said Jose Palafox, Director of Business Partnerships at GitHub. The NowSecure GitHub Action for Mobile SBOM early access program for GitHub Dependabot Graph is part of the world's most comprehensive suite for mobile app security including NowSecure Platform for continuous security testing in the development pipeline for DevSecOps, NowSecure Workstation kit for pen tester productivity, NowSecure Supply Chain Risk Management, NowSecure Pen Testing Services, and NowSecure Academy training courseware for dev and security teams. Built on a foundation of standards and automation, NowSecure empowers organizations to deliver secure mobile apps faster and continuously monitor their mobile app supply chains for risk. Top mobile innovators, global businesses and agencies trust NowSecure to secure their mobile apps including AT&T, Caribou Coffee, Chime, iRobot and Uber. About NowSecure As the standards-based mobile app security and privacy company, NowSecure protects the Mobile App Economy. The world's most demanding organizations, innovative mobile developers and advanced security teams entrust NowSecure to safeguard millions of mobile app users across banking, insurance, high tech, IoT, retail, hospitality, energy and government sectors. Only NowSecure delivers the full solution suite of continuous security testing for DevSecOps, mobile app supply-chain monitoring, expert mobile pen testing and training courseware with the depth, speed, accuracy, and efficiency to meet modern business demands. Dedicated to the open-source community and standards including OWASP, ioXt and NIAP, NowSecure is SOC 2 certified and recognized by IDC, Gartner, Deloitte Fast 500, and TAG Cyber.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

OneSpan Launches Virtual Room Enabling Secure Face-to-Face Transactions

OneSpan | September 19, 2022

OneSpan™ , the digital agreements security company, today announced the general availability of its secure Virtual Room cloud service which enables organizations to deliver live, high-touch assistance to their customers in a high-assurance virtual environment. This next-generation customer engagement solution gives organizations the ability to balance identity security, authentication, and e-signature solutions from the broader OneSpan portfolio with a high-assurance virtual experience that is the next best thing to entering a branch or meeting in person. Virtual Room complements digital-first transaction experiences by providing a unique opportunity for organizations to create personalized, high-touch, human-assisted interactions, and by improving the customer experience, increasing agreement completion rates, and reducing security risks and fraud. “Today, businesses requiring a high degree of security and regulatory compliance rely daily on a variety of technologies that use insecure, shared links and expose users to elevated risks including data breaches and compliance violations in the anywhere economy. This should not be the case. Organizations and their customers want to be confident that the person joining a virtual meeting is the person they claim to be. And multi-million dollar business agreements transacted digitally should not be subject to fraud fallout. “Today’s off-the-shelf video conferencing tools do not offer optimal security. As the complexity and value of transactions increase, customers want a live interaction rather than relying on a virtual assistant or self-service experience. We built Virtual Room for these scenarios to help our customers complete an agreement or transaction where they need a personal touch and where security is paramount.” Matthew Moynahan, President and CEO at OneSpan Combining OneSpan’s heritage in high-assurance identity verification and authentication with agreement co-browsing, web-enabled videoconferencing, rich collaboration features, and built-in e-signature, Virtual Room helps organizations engage and transact with customers with confidence. Virtual Room can be used for multiple high-value customer agreements, including account opening and maintenance, wealth management, and car financing. Virtual Room enables organizations to: Verify the identities of participants, utilizing OneSpan’s identity verification and mobile and hardware authentication solutions; Interact with signers remotely; Simultaneously review documents and address questions; Capture legally binding e-signatures in real-time; and Record virtual sessions to reinforce the electronic evidence captured in the audit trails. A recent report from Aragon highlighted the need for higher assurance within these processes. “It’s important for buyers to look for a provider that has global security compliance expertise in all aspects of the workflow, from the initial identity verification and authentication steps, to creating a secure virtual interaction environment and all the way through to securing the final output or artifact of the transaction, for compliance and enforceability purposes. Equally important, buyers should look for a vendor that has the flexibility to adapt any step in the digital workflow to meet local regulations for digital identity, secure customer authentication, transaction risk analysis, and the many other security requirements, which differ from one country to the next.” As a secure solution for customer-facing digital agreements where the integrity of the agreement is paramount, ​Virtual Room allows organizations to embrace a new way of working that’s more distributed, virtual, and dynamic, enabled by advancements in cloud technology. With the onset of the anywhere economy, and with more transactions being completed online, identity verification and authentication technologies are critical in the digital agreements process. This purpose-built, high-assurance digital agreement solution includes identification and authentication capabilities that enable organizations to increase the integrity and completion rates of agreements and transactions in a highly-secure and protected ecosystem without impacting user experience or productivity. About OneSpan OneSpan helps organizations accelerate digital transformations by enabling secure, compliant, and refreshingly easy customer agreements and transaction experiences. Organizations requiring high assurance security, including the integrity of end-users and the fidelity of transaction records behind every agreement, choose OneSpan to simplify and secure business processes with their partners and customers. Trusted by global blue-chip enterprises, including more than 60% of the world’s largest 100 banks, OneSpan processes millions of digital agreements and billions of transactions in 100+ countries annually.

Read More

DATA SECURITY

ShardSecure® To Present at Black Hat Cybersecurity Conference

ShardSecure | August 09, 2022

ShardSecure, inventor of the innovative MicroshardTM technology that mitigates data security and privacy risks in the cloud, will be exhibiting at Black Hat 2022, the leading information security event, from August 6 to 11 in Las Vegas, Nevada. While at Black Hat, ShardSecure will showcase their patented microsharding solution at Booth #30 in the Business Hall's Innovation City. During the conference, ShardSecure will demonstrate how microsharding renders sensitive data unintelligible in the wrong hands, offering crucial protection in multi-cloud and hybrid-cloud environments. ShardSecure Lead Developer Anthony Whitehead will present "Microsharding, an Alternative to Encryption for Data at Rest" from 2:25 to 2:45 p.m. PT on August 10 in the Business Hall, Theater C. Additionally, VP of Marketing Marc Blackmer will be interviewed on microsharding and encryption by Chuck Harold of SecurityGuyTV at 9:20 a.m. PT on August 11. "We're looking forward to making new connections and sharing how we can help organizations strengthen their data resilience, maintain business continuity, and mitigate the impact of ransomware," said Marc Blackmer. "Black Hat is an excellent opportunity for ShardSecure to participate in key industry conversations, strengthen our brand, and grow our networking opportunities." Microshard technology works to desensitize sensitive data by digitally shredding it into tiny microshards. Those microshards are then mixed with poison data and distributed to multiple customer-owned storage locations of the customer's choosing. Its self-healing data also reverses unauthorized data deletion and tampering — including ransomware — for data at rest. Through its ability to reconstruct data impacted by storage service outages, ShardSecure also helps protect against the effects of data loss and allows business operations to continue unaffected during an outage. "We're pleased to be sharing Microshard technology with a wide audience of thought leaders and vendors at Black Hat. "Combined with several new partnerships and our recent availability in Azure Marketplace, Black Hat is allowing us to reach more organizations with our innovative data security and data resilience solution. We look forward to continuing the discussion about how we can help organizations maintain control of their sensitive data in the cloud while protecting it from outages and attacks." Bob Lam, CEO and Co-Founder of ShardSecure About Black Hat Now in its 25th year, Black Hat USA is a leading cybersecurity event. With trainings, briefings, and virtual and in-person events, Black Hat 2022 will present the latest research, development, and trends in the information security industry. About ShardSecure ShardSecure is changing the nature of data security. It believes that all organizations can easily and securely enjoy the benefits of cloud adoption without surrendering control of their data. Inventors of the patented Microshard technology, ShardSecure cloud-enables sensitive data by desensitizing it in multi-cloud and hybrid-cloud environments.

Read More

PLATFORM SECURITY

Searchlight Security Elevates Dark Web Intelligence to Board Level with New Automated Reporting

Searchlight Security | August 02, 2022

Searchlight Security, the dark web intelligence company, has introduced new automated reporting functionality into its DarkIQ dark web monitoring solution to help security analysts and MSSPs to quickly and easily communicate external threats to executives. DarkIQ is a powerful dark web monitoring solution that utilizes the most comprehensive dark web dataset on the market, and the only one that includes dark web traffic to and from the organization’s network. It takes the attributes that are most important to a business - including employee credentials, software, devices, IP addresses, network components, and company datasets - and alerts organizations to their presence in deep and dark web marketplaces, forums, and conversations, which could indicate an imminent attack. This threat intelligence is specific to the organization, removing “alert fatigue” and allowing security teams to prioritize the most urgent threats to the business. DarkIQ’s new automated reporting function builds on its existing capabilities by helping analysts to more easily communicate the dark web intelligence they discover - improving response times to possible attacks and educating the wider business on dark web threats. “Our mission is to make dark web intelligence as relevant and actionable for businesses as possible and our new reporting function is a huge part of that. Threat intelligence is only powerful if it can be understood and acted on - otherwise it is just noise. Communication is everything.” Eric Milam, EVP product at Searchlight Security DarkIQ Reporting gives enterprise security teams and MSSPs the ability to: Generate slick reports with one click - with threat intelligence data automatically pulled, inputted, and presented from the DarkIQ platform. Select the right level of detail for the audience - with an “Executive” report option for a high level summary or “Detailed” report for security personnel, which includes recommended remediative actions that should be taken based on the threat data. Add and remove reporting fields - to further customize the report to suit the audience by adding, moving, or removing components, as well as the ability for security teams to add their own analysis, context and observations. Customize design - with the ability to brand reports and change the font and color scheme, a particularly important feature for MSSPs reselling DarkIQ to their customers. Resource more effectively - with less time spent on reporting so they can spend more time protecting the business. Demonstrate Return on Investment - with the ability to show imminent threats that have been identified and prevented through dark web intelligence. Milam concluded: “In threat intelligence, the job isn’t done until the report is filed. This is a burden on security teams that we wanted to - and have been able to - alleviate, because every minute less they spend reporting is a minute more they can spend stopping the bad guys. At the same time, they have a better solution to deliver pre-attack intelligence with more clarity so the business can be more proactive in stopping imminent threats.” About Searchlight Security Searchlight Security provides organizations with relevant and actionable dark web threat intelligence, to help them identify and prevent criminal activity. Founded in 2017 with a mission to stop criminals acting with impunity on the dark web, we have been involved in some of the world’s largest dark web investigations and have the most comprehensive dataset based on proprietary techniques and ground-breaking academic research. Today we help government and law enforcement, enterprises, and managed security services providers around the world to illuminate deep and dark web threats and prevent attacks.

Read More

Spotlight

Will 2019 be the tipping point for healthcare-centered virtual and augmented reality tech, or a wait-and-see year reserved for early adopters? Three key indicators provide the clues and contextual evidence your organization needs to confidently pull the trigger on embracing augmented and virtual reality technology with Lenovo de

Resources