Preventing Cyberattacks on Small Businesses with AIONCLOUD

AIONCLOUD | July 14, 2020

It's not uncommon to hear about huge companies having security breaches losing not only valuable personal information of their customers but also damaging them financially. This might lead one to think that cyberattacks are geared towards big fortune 500 companies but that's simply not true. Almost half of the cyberattacks are aimed at small businesses and only about 10% are equipped to defend against them. The consequences of these attacks are devastating. A cyberattack incident costs an average of $200,000 in damages. This figure does not just apply to a big enterprise but businesses of all sizes. More than half of the businesses that have been attacked close their business within six months after a security incident. "With COVID-19 and changes in the work environment created a lot of gap in cybersecurity and cyber attackers are exploiting this opportunity," says Kyle Lee, the CEO of the cybersecurity company, AIONCLOUD. "Oftentimes, small businesses can't afford to have a security expert on their team." People are well aware that a cybersecurity incident can bring a devastating blow to their company but some are hesitant due to the cost of cybersecurity. This is not an uncommon worry amongst business owners and this used to be a correct sentiment but not anymore. Traditional web firewalls would only cost a fortune to install but it would require an expert to configure and monitor the security equipment once installed, causing a recurring cost to the business.

Spotlight

Security and risk professionals recognize the value and benefits of implementing an employee-monitoring program. Privacy advocates and legal and human resources professionals see potentially unwarranted invasion of employee privacy as reasons not to monitor, or at least to restrict monitoring to instances where enough "probable cause" exists to warrant tilting the balance between the privacy of an employee and the interests of the company.


Other News
ENTERPRISE SECURITY

iTecs Enters Into A Partnership With Check Point

iTecs | December 20, 2021

iTecs, a Dallas based IT MSP, Cybersecurity, and Cloud Hosting Provider (https://itecsonline.com) enters into a partnership with Check Point, a leader in enterprise and SMB cybersecurity products and solutions, to provide iTecs clients with efficacious cybersecurity protection. The collaboration between the two parties enables iTecs to deliver the various services and products to clients as a managed service. "The traditional 'perimeter-based' security model is not aging well in this new landscape, and binary access tools are proving to be cumbersome and unscalable. Fixed perimeters no longer govern working environments. Instead, users work on their own devices and sensitive company data stored in third-party cloud services. As a result, companies can no longer rely on binary security models that focus on letting good guys in and keeping bad guys out. The challenge for modern enterprises is how to give users the required access while reducing set-up and maintenance costs without compromising security. Check Point's Zero Trust Network Access model provides the tools to safeguard companies in today's ever-growing work-from-home demand. Especially with the growing popularity and development of 'METAVERSE' work environments, it's essential to adopt new and intelligent ways of protecting your users," says Brian Desmot, CEO & Founder of iTecs. Currently in partnerships with Sophos, SentinelOne, Cisco, CoSoSys, and now Check Point, iTecs' Managed Security Services (MSS) division provides SMB and Enterprises with an array of sophisticated and synergistic threat-preventing solutions. "Our propensity of testing cybersecurity solutions has led us to the conclusion that Check Point is the right partner to provide our clients with maximum ROI. As a result, we are redesigning our website and will include new pages devoted to the broad menu of services our alliance with Check Point is providing," Brian Desmot iTecs is going through a rebranding campaign with the launch of a new logo and website which will be completed by early 2022. About iTecs IT Outsourcing and Support Brian Desmot founded iTecs in 2002, a white-glove IT support, consulting, managed IT services provider. The firm delivers an umbrella of IT services from break-fix, consulting, cybersecurity, to procurement for businesses of all sizes. If you need a professional, customer-centric offsite IT department, iTecs is the best choice.

Read More

PLATFORM SECURITY

Veracode Research Reveals Software Supply Chain Security Shortfalls for Public Sector

Veracode | March 30, 2022

Veracode, a leading global provider of application security testing solutions, has released new findings that show the public sector has the highest proportion of security flaws in its applications and maintains some of the lowest and slowest fix rates compared to other industry sectors. Analysis of data collected from 20 million scans across half a million applications revealed these sector-specific findings as part of Veracode’s annual report on the State of Software Security (SOSS). "Public sector policy makers and leaders recognize that dated technology and vast troves of sensitive data make government applications a prime target for malicious actors. That’s why the White House and Congress are working together to update regulations governing cybersecurity compliance. In the wake of May 2021's Executive Order to improve the nation's cybersecurity and protect federal government networks, the U.S. Office of Management and Budget, Department of Defense and the White House have issued four memos addressing the need to adopt zero trust cybersecurity principles and strengthen the security of the software supply chain. Our research confirms this need.” Chris Eng, Chief Research Officer at Veracode No Time to Waste: Fix More Flaws Faster Veracode’s research found that compared to other industries, the public sector has the highest proportion of applications with security flaws, at 82 percent. When it comes to how quickly organizations fix flaws once detected, the public sector posts the slowest times on average—roughly two times slower than other sectors. The research also revealed that 60 percent of flaws in third-party libraries in the public sector remain unfixed after two years, which is double that of other sectors and lags the cross-industry average by more than 15 months. Finally, with only a 22 percent fix rate overall, the public sector is challenged to keep software supply chain attacks from impacting critical state, local, and educational applications. Eng continued, “Organizations in this sector must act with urgency. They can improve their secure DevOps practices significantly by using multiple types of scanning—static, dynamic, and software composition analysis—to get a more complete picture of an application’s security, which in turn will help them to improve remediation times, comply with industry regulations, and make the case for increasing application security budgets.” High Severity Flaws Are Priority One Demonstrating a positive trend, the public sector ranks highly when it comes to addressing high severity flaws. The research reveals that government entities have made great strides to address high severity flaws, which appear in only 16 percent of applications. In fact, the number of high severity flaws has decreased by 30 percent in the last year alone, suggesting that developers in the sector increasingly recognize the importance of prioritizing flaws that present the greatest risks. This is encouraging and may reflect growing understanding of new software security guidelines, such as those outlined in the U.S. Executive Order on Cybersecurity and the U.K. Government Cyber Security Strategy 2022 – 2030. Eng closed, "Recognizing that time is of the essence, public sector leaders are beginning to set timelines. For example, in “Moving the US Government Toward Zero Trust Cybersecurity Principles”, Shalanda Young has set a deadline of September 30, 2024 for all US federal agencies to meet specific cybersecurity standards. We think that the progress made against high security flaws is a great starting point and support all public sector agencies who seek to gain better control over their software supply chains." About the State of Software Security Report The twelfth volume of Veracode’s annual report on the State of Software Security (SOSS) examines historical trends shaping the software landscape and how security practices are evolving along with those trends. This year’s findings are based on the full historical data available from Veracode services and customers and represent a cross-section of large and mid-sized companies, commercial software suppliers, and open-source projects. The report contains findings about applications that were subjected to static analysis, dynamic analysis, software composition analysis, and/or manual penetration testing through Veracode’s cloud-based platform. About Veracode Veracode is a leading AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities.

Read More

SOFTWARE SECURITY

LeanIX Announces Cloud Security Alliance Membership

LeanIX | March 11, 2022

LeanIX , the platform to plan and manage continuous transformation across the enterprise, today announced its membership in the Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. LeanIX is published on CSA's Security, Trust, Assurance, and Risk (STAR) Registry, a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. The company has maintained STAR Level ONE status on the registry since September 2020 and is now a registered SaaS Solution Provider with CSA. LeanIX builds information technology tools that promote a culture capable of navigating all types of change, both planned and unexpected. Its enterprise-ready, secure, and trusted SaaS platform supports the needs of leading companies around the world by providing the data, insights and common language needed to master software complexity. Whether rationalizing IT landscapes, preparing for a major technology migration, enabling flexible approaches to SaaS management, or mapping value streams from code to customer, LeanIX is the trusted partner for turning change into a competitive advantage. "SaaS depends on trust. We believe transparency around the protection of customer data and everything we do to ensure compliance and system availability helps build that trust. As proud CSA members, we share the organization's commitment to ensuring a trusted and secure cloud computing environment." LeanIX Co-founder and CEO André Christ "Publishing and maintaining Level ONE status on the STAR Registry is a testament to LeanIX's relentless commitment to information security, and we're thrilled to have the company as a member of the CSA," said Jim Reavis, CSA co-founder and CEO. "As a newly registered SaaS Solution Provider, our continued work with LeanIX will help promote excellent security practices and build on the foundation of trust for customers and the greater marketplace." About the Cloud Security Alliance The Cloud Security Alliance (CSA) is the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA's activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. About LeanIX LeanIX's Continuous Transformation Platform® is trusted by Corporate IT and Product IT to achieve comprehensive visibility and superior governance. Global customers organize, plan and manage IT landscapes with LeanIX's automated and data-driven approach. Offering SaaS for Enterprise Architecture Management, SaaS Management, and Value Stream Management, LeanIX helps organizations make sound decisions and accelerate transformation journeys. LeanIX has hundreds of customers globally, including Adidas, Atlassian, Bosch, Dropbox, Santander or Workday. The company is headquartered in Bonn, Germany, with offices in Boston, Hyderabad and around the world.

Read More

DATA SECURITY

IT-Harvest Launches the Analyst Dashboard for Cybersecurity

IT-Harvest | March 31, 2022

IT-Harvest, a data-driven industry analyst firm, announces the launch of an SaaS application for tracking and analyzing the entire cybersecurity industry. Some data will be published for free at dashboard.it-harvest.com. Subscribers will receive access to all the data assembled over a decade by IT-Harvest, including category, subcategory, headcount each quarter, investments, and key executives. Using the data on each of the 2,850 vendors worldwide, it is possible to compare countries, states, and regions. For instance, there are 1,567 cybersecurity vendors in the United States, 357 in the EU, and 236 headquartered in Israel. California is currently home to 560 cybersecurity companies. "The launch of this app is the realization of a 17-year journey to create an analyst firm that could offer more than opinions and reports. Subscribers get access to all the data we use in our research and reports. They can do their own analysis to test an investment thesis, find targets for acquisition, or create a short-list of vendors for a particular technology they are looking to acquire." Richard Stiennon, Chief Research Analyst at IT-Harvest In addition to the data, subscribers are purchasing a seat for advisory services, much like with a traditional analyst firm. IT-Harvest analysts are available for inquiries on markets, technology, and vendors as part of the annual subscription. The data available in the Analyst Dashboard is printed every year in the Directory in Security Yearbook available at www.it-harvest.com/shop. IT-Harvest tracks headcount at all cybersecurity vendors to identify fast growing companies and segments. That data is updated quarterly in the Analyst Dashboard and presented in a Leaderboard sorted by growth over the past quarter and calendar year. Subscribers can add any number of vendors to a watchlist and get email alerts when data on a company is updated. This could include new funding, a change in the executive team, inclusion in a research report, or an acquisition.

Read More

Spotlight

Security and risk professionals recognize the value and benefits of implementing an employee-monitoring program. Privacy advocates and legal and human resources professionals see potentially unwarranted invasion of employee privacy as reasons not to monitor, or at least to restrict monitoring to instances where enough "probable cause" exists to warrant tilting the balance between the privacy of an employee and the interests of the company.

Resources