DATA SECURITY

GM Sectec and SecurityScorecard Bolster Design Partnership

SecurityScorecard | March 17, 2022

SecurityScorecard
SecurityScorecard, the leader in security ratings, and GM Sectec, a leader in cyber protection laser-focused on the payments industry, today announced a design partnership to expedite the global growth and acceptance of security ratings in more than 55 countries across the globe.

GM Sectec's network of over 50,000 clients and end users across the world now has quick insight into the security posture of suppliers and business partners, as well as the capacity to conduct self-assessments, thanks to the relationship with SecurityScorecard.

COVID-19 has contributed in greater usage of digital tools and data generation, with the World Bank estimating that by the end of the year, yearly total Internet traffic will have climbed by 50% from 2020, reaching 4.8 zettabytes. The article emphasizes how businesses are more interconnected, as well as how rising digitalization has pushed the global population onto a new path of cyber dangers and assaults. In comparison to other insurable risks, the rapid increase in ransomware highlights the speed and scope of cyber risk. Ransomware attacks have climbed by 150% in the last year, with total ransoms paid up by 311% 2. Insurance providers had a record high loss ratio of 67% 3 as a result of the huge increase in frequency and severity.

"Enhancing our existing alliance with SecurityScorecard, supports organizations anywhere in the world in hardening their security posture and achieving the adoption of secure technologies and practices. Organizations need to understand their true cyber risk and be able to respond quickly and efficiently to strengthen their position."

Héctor Guillermo Martínez, president of GM Sectec

SecurityScorecard is the industry's top platform for security evaluations, with thousands of firms using it throughout the world. Vendor risk management, self-monitoring, board reporting, cybersecurity insurance underwriting, and M&A due diligence have all seen increased use cases as the firm has grown.

Aleksandr Yampolskiy, CEO and co-founder of SecurityScorecard said that "Organizations look to SecurityScorecard to transform the way they understand, mitigate, and communicate cybersecurity risk. Partnering with GM Sectec delivers value to organizations around the world by providing clearer visibility to their cyber postures and dramatically improving their ability to communicate, mitigate and respond to risks."

GM Sectec has over 50,000 clients and users throughout the globe, as well as four Critical Incident Response and Replication Centers (CIRRCs), three in the US and one in Mexico, that provide managed detection and security services to its customers 24 hours a day, seven days a week, 365 days a year. SOC 2 Type 2 Service Organization, TMA Certified, authorized to use CERT, PCI Qualified Security Assessor, PCI Approved Scanning Vendor, PCI Point-to-Point-Encryption (P2PE), PCI PIN, PCI PFI, UL Listed, Visa Preferred Partner in Cybersecurity, and FIRST Incident Response team member are just a few of the certifications the company has received.

Spotlight

As data breaches increase in scale and frequency, businesses must prepare today to ensure an effective, high-quality, and swift response. Consumers, regulators, and the media want a well-orchestrated response launched just days after a data breach, and preparation in advance is critical to success.


Other News
PLATFORM SECURITY

Cerby Launches With World’s First Security Platform for Unmanageable Applications

Cerby | June 28, 2022

Cerby officially launched today with the world’s first security platform for unmanageable applications and an approach that enhances security practices by empowering both employees and security teams. The Cerby Zero Trust architecture takes on the challenges of unmanageable applications in the shadow IT universe—technologies that are selected and onboarded by business units outside the purview and visibility of the IT department, or don’t support industry standards like SAML for authentication and SCIM for user provisioning. The Cerby offering is very different from other options on the market because it moves security automation capabilities into the hands of business users—in effect, it balances empowerment and autonomy with security and productivity. The company, which has been operating in stealth mode since 2020, already has early customers—including Fox, L’Oréal, MiSalud, Dentsu, Televisa, and Wizeline—where the technology is used to address common application liabilities efficiently while facilitating collaboration. It also announced today $12 million in seed funding from Ridge Ventures, Bowery Capital, Okta Ventures, Salesforce Ventures and others, bringing total funding to $15.5 million. “Our goal at Cerby is simple but sweeping: To increase productivity for enterprises by empowering employees to use the technologies they prefer while automating compliance and security,” said Co-Founder and CEO, Belsasar Lepe. “In this era of IT consumerization, employee choice and enterprise security are not mutually exclusive—with the right tools and strategies, they go hand-in-hand. When business professionals get real autonomy, security becomes everyone’s responsibility, rather than just one of many priorities for the IT department. The Cerby platform for unmanageable applications enables organizations to boost efficiency, comply with existing policies and reduce exposure to cyberattacks—it’s truly a win-win-win.” Cerby’s enrollment-based platform combines proprietary technology, robotic process automation (RPA) and seamless integrations with identity providers like Okta and Azure AD. This powerful functionality enables the platform to understand commonly used SaaS applications in a business context, and automate security policies before they lead to breaches. The scale of the problem is undeniable, in part because while employees choose the applications, they don’t pay for them. Analyst firms, such as Everest Group report that shadow IT spending represents 50% or more of the overall IT outlay in large enterprises. Meanwhile, teams preferring application autonomy are twice as likely to prioritize productivity over security. Cerby’s own research confirms this trend. The company just commissioned its own study of this critical subject, and the preliminary findings show how much attitudes have hardened with regard to employee choices. The comprehensive study of over 500 business professionals in North America and the UK employed by companies with more than $100M in annual revenue, conducted in partnership with Osterman Research, reveals that a staggering 91% of respondents believe they should have full control over the applications they purchase. On a related note, 52% want the company or IT department to “just get out of the way,” and when employers disallow applications desired by end users, respondents say it will “negatively affect” the way work gets done. To be clear, these perspectives are not emerging from a vacuum. More than three quarters of the companies surveyed, 78%, have policies in place regarding which applications employees can and cannot use, and just over half the respondents report knowledge or experience of particular applications being disallowed. These actions don’t necessarily go down well with employees: 68% ask for an alternative solution, preferably one that is stress-free and automated; 35% seek an alternative of their own, while stating that it negatively affects the way work is done; and 42% “demand a good reason” for the ban. “We chose Cerby because we needed a secure and centralized place to manage access to our paid social accounts. “Because Cerby can seamlessly integrate with our organization’s single sign-on technology and also connect to the social platforms’ APIs, we are able to create organizational efficiencies by granting and removing access within one place. Additionally, the automated access removal of employees who have left the company provides a level of security we did not previously have.” Nina Donnard, AVP, Paid Social, L’Oreal The issue of unmanageable applications within the organization is particularly sensitive because it puts two forces—employee autonomy and corporate security—in direct conflict. The C-suite—enterprise CIOs, CMOs, CISOs—wants security to be frictionless; when security teams take a heavy-handed approach, they often end up blocking key applications and negatively affecting productivity. This encompasses three core problems, which are sometimes contradictory. They feature: Brand risk (including errors, cyberattacks, and fraud); non-compliance (corporate policy, contracts, and industry/government regulations); and inefficient processes (insufficient resources; inconsistent, error-prone access reviews; extraneous steps and wasted time). Cerby steps into this chasm with numerous capabilities to plug security, compliance and productivity gaps. For example, end users can log in securely to any application, even those that don’t support SSO natively, store log-in data, and share this information securely with collaborators. At the same time, IT and security teams can set policy at the application, team, and company level. Throughout this process, Cerby is actively monitoring connected applications to ensure they are securely configured to meet corporate security standards for two factor authentication, password complexity and many other commonly missed security settings. “I love that Cerby solves a problem every CIO faces: unmanageable applications,” said Yousuf Khan, Partner at Ridge Ventures and former CIO. “When non-IT employees use unauthorized applications, they might be gaining productivity, but they are also unlocking a Pandora’s box of security vulnerabilities. The pandemic only made it worse: 71% of users in the US now acquire their own applications to do their jobs. Cerby is the first solution I’ve seen that significantly reduces the risk of these unmanageable applications by applying zero trust principles and automating the entire application lifecycle. The best part of it is that it’s not a top-down, managerial edict: Employees become an active and motivated part of the solution. Business professionals get the power to choose their applications, productivity gets a boost, and the company ensures security and compliance–everyone wins. Other cybersecurity products demand enforcement; Cerby encourages enrollment. This is the best way to enhance employee trust and increase productivity.” The technology is designed to help teams in diverse disciplines use the applications they choose while ensuring security. For example, marketing teams can now securely use any social platforms they prefer—Cerby provides a single place to add and remove access for employees and third-party agencies instead of signing into multiple social accounts and sharing passwords. In other fields, such as finance, Cerby provides an easy way for CFOs and their teams to securely manage access to bank accounts and credit lines without having to share passwords. About Cerby Cerby delivers the world’s first platform built to positively guide employees' security behaviors no matter which applications they use. We protect brands around the world, including some of the most recognizable businesses, by taking an approach that empowers both employees and security teams, using Zero Trust principles. Our proprietary technology uses robotic process automation to understand applications in a business context and automatically enforces security best practices before misconfigurations turn into breaches. Cerby is a must-have for technology executives and their teams to protect the brand, stay secure and increase productivity.

Read More

PLATFORM SECURITY

OpenText Security Cloud Powers and Protects Businesses

OpenText | June 03, 2022

OpenText™ , a global leader in information management, today announced an expanded suite of security solutions to address the heightened state of cyber security in today's vulnerable world. With OpenText, organizations of every size can protect their data and systems against evolving threats. OpenText is showcasing new and enhanced security offerings that strengthen cyber resilience for SMBs, government agencies, and enterprises at this year's RSA Conference in San Francisco at booths #4214, #4221 and #1535. Real-time threat intelligence is an essential component of a business's cyber resilience strategy. Further to the findings from the 2022 BrightCloud Threat Report, new quarterly findings released today from BrightCloud® Threat Intelligence show: 1122% increase in phishing in the first quarter of 2022 compared to 2021 Q1 phishing numbers, indicating a buck in the trend of hackers taking holiday in Q1; For the first time, Instagram broke into the top five most impersonated brands for phishing, demonstrating increased targeting of younger users; and 36.1% reduction in malware encounters for customers using both endpoint and DNS protection versus only endpoint protection, reinforcing the added efficacy benefit of securing DNS and using layered security. To ensure cyber resilience, organizations must deploy strong, multi-layered security and data protection policies to prevent, respond, and quickly recover from threats. OpenText has expanded its security offerings with new technology and increased capabilities that enable businesses to confidently power and protect information continuously at the data, application, infrastructure, and edge layers with intelligence and insights across the perimeter and endpoints. "With security risks escalating worldwide and a persistent state of evolving threats, compromises are inevitable, security remains job number one," said Mark J. Barrenechea, OpenText CEO and CTO. "Through our breadth of OpenText Security Cloud, we make it easier for businesses to increase their cyber resilience posture and protect themselves against threats. And if a vulnerability unfortunately leads to a breech, our solutions enable quick detection, response, and recovery to minimize disruption." "Texas Tech University Health Sciences Center, (TTUHSC), a large medical school serving more than 100 counties in the western portion of Texas, needed a trusted partner to help us protect our operations from cyberattacks. OpenText MxDR has been responding to our needs effectively and because it is a 24X7X365 service, our experience has been seamless," said TTUHSC, ISO, Lane Timmons. About OpenText OpenText, The Information Company™, enables organizations to gain insight through market leading information management solutions, powered by OpenText Cloud Editions.

Read More

SOFTWARE SECURITY

CyberSaint Releases CyberStrong Version 3.20 Empowering Customers to Further Automate the Cyber & IT Risk Management Function

CyberSaint | June 22, 2022

CyberSaint, the developer of the leading platform delivering cyber risk automation, announced the release of CyberStrong version 3.20 today, providing customers with the ability to further automate the assessment process via continuous control automation with Tenable and Microsoft Azure Security Center integrations. “CyberSaint’s continuous control automation functionality changes the way that security and risk teams perform assessments, and ultimately, manage cyber risk,” said Jerry Layden, CEO of CyberSaint. “Being first-to-market with this technology is exciting for us, and positions us to redefine the cyber and IT risk management market at large.” Until now, the process of assessing an organization’s cybersecurity risk posture against a framework or standard has been manual. CyberStrong’s continuous control automation leverages natural language processing (NLP) to map telemetry coming in from various security products, such as Tenable and Microsoft Azure Security Center, to controls in a customer environment, automating scores at the control level and pulling in evidence. Want to see this new feature in action? Register for the Live Demo on July 12th at 3:00pm EDT or watch after on-demand. “Having the capability to integrate with cybersecurity solutions such as those in a hybrid cloud environment is essential for successful integrated risk management (IRM) technologies. “IRM solution providers like CyberSaint offer companies real-time visibility and understanding of their cybersecurity risk. This provides a competitive edge by giving business leaders actionable data to mitigate growing cybersecurity and associated digital risks.” John A. Wheeler, Founder and CEO of Wheelhouse Advisors and former Gartner IRM analyst CyberSaint’s integration with Tenable allows customers to: Identify and create mappings to controls and control actions Automate the scoring of vulnerability scanning controls Keep assessment control scores up to date with every successful vulnerability scan CyberSaint’s integration with Microsoft Azure Security Center allows customers to: Pull in policies from Azure and relate their compliance to assessments within the CyberStrong platform Query the customer Azure configuration and correlate directly to NIST 800-53, the CSF, and additional standards such as CMMC, PCI, HIPAA, and more Provide nightly updates to control actions within the CyberStrong platform to keep compliance status up to date which aids in viewing variance of controls when evaluating risk About CyberSaint CyberSaint's mission is to empower today's organizations to build a cybersecurity program that is as clear, actionable, and measurable as any other business function. CyberSaint's solutions empower teams, CISOs, and Boards to measure, mitigate, and communicate risk with agility and alignment.

Read More

SOFTWARE SECURITY

GuidePoint Security Achieves AWS Security Competency Status

GuidePoint Security | July 27, 2022

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, announced today that it has achieved the Compliance and Privacy distinction in the Amazon Web Services (AWS) Security Competency. This designation recognizes that GuidePoint Security has demonstrated and successfully met AWS’s technical and quality requirements for providing customers with a deep level of consulting services expertise in Compliance and Privacy to help them achieve their cloud security goals. Achieving the Compliance and Privacy distinction in the AWS Security Competency differentiates GuidePoint Security as an AWS Partner that provides specialized consulting services designed to help companies from startups and mid-sized businesses to the largest global enterprises to adopt, develop, and deploy security into their AWS environments, increasing their overall security posture on AWS. To receive the designation, partners must possess deep AWS expertise and deliver solutions seamlessly on AWS. “GuidePoint Security was an original AWS Security Competency launch partner and we are proud to be launch partner yet again for the updated AWS Security Competency program having achieved the Compliance and Privacy distinction,” said Anil Badruddin, Practice Director – AWS Cloud Security, GuidePoint Security. “Our team is dedicated to helping organizations achieve their security goals by combining our in-depth knowledge of technical solutions along with our deep expertise of the powerful security tools AWS provides.” AWS is enabling scalable, flexible, and cost-effective solutions from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify AWS Partners with deep industry experience and expertise. GuidePoint Security’s distinction for Compliance and Privacy is based on the following attributes: Specialized consulting service offerings including: cloud security assessments, cloud governance, solution design and implementation, and security automation The ability to develop enterprise-wide security playbooks to help organizations mature their cybersecurity programs Deep technical expertise for a wide range of third-party security solution providers and AWS native services to help customers identify, implement, and manage the right solutions for their environment and business Expertise in helping customers ensure Payment Card Industry Data Security Standard (PCI DSS) compliance on AWS (GuidePoint Security is certified as a PCI QSA) About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk.

Read More

Spotlight

As data breaches increase in scale and frequency, businesses must prepare today to ensure an effective, high-quality, and swift response. Consumers, regulators, and the media want a well-orchestrated response launched just days after a data breach, and preparation in advance is critical to success.

Resources