HITRUST | December 18, 2021
HITRUST today announced it is addressing the need for a continuously-relevant cybersecurity assessment that aligns and incorporates best practices and leverages the latest threat intelligence to maintain applicability with information security risks and emerging cyber threats, such as ransomware. The design and selection of the controls for the HITRUST Implemented 1-year (i1) Assessment puts it in a new class of information security assessment that is threat-adaptive – designed to maintain relevance over time as threats evolve and new risks emerge, while retiring controls no longer deemed material.
Most existing assessment approaches are not designed to keep pace with current and emerging threats; those that do, rely heavily on broad control requirements that raise questions about suitability of control and consistency of review that ultimately impact reliability of results. In contrast, HITRUST identifies information security controls relevant to mitigating known risks and leverages cyber threat intelligence data to influence the selection – and where necessary, updating – of technically-focused HITRUST CSF requirements included in the HITRUST i1 Assessment. As a result, the HITRUST i1 Assessment includes controls selected to address emerging cyber threats active today.
“The HITRUST i1 Assessment is unique in both selection of controls and the design of its assurance program. Effort towards completion is comparable to other moderate assurance vehicles while delivering a higher level of reliability,”
Jeremy Huval, HITRUST Chief Innovation Officer
The HITRUST i1 Assessment is the first information security assessment of its kind with attributes not available through other assurance programs:
Designed to maintain relevant control requirements to mitigate existing and emerging threats and provide updates as new threats are identified (It is threat-adaptive, prescriptive, and focused on controls relevant to risk)
Designed to sunset controls that have lost relevance and have limited assurance value based on effort required to comply or assess
Its unique controls selection and assurance program design deliver a higher level of reliability than other moderate assurance options
The level of time and effort to complete is comparable to other moderate assurance options in the market
Offers a forward-looking, 1-year certification
As the HITRUST i1 was designed around relevant information security risks and emerging cyber threats, it is not surprising it provides coverage for numerous standards, such as NIST 800-171, GLBA Safeguards Rule, HIPAA Security Rule, and Health Industry Cybersecurity Practices (HICP).
HITRUST will evaluate security controls and review threat intelligence data no less than quarterly, and for each subsequent major and minor release of the HITRUST CSF, to ensure the HITRUST i1 Assessment requirement selection remains relevant over time. Guidance documents will also drive enhancements to the HITRUST CSF and HITRUST i1 Assessment control sets as needed. While the HITRUST i1 Assessment is intended to adapt and evolve to maintain relevance, it’s important to note that HITRUST i1 Assessment certified organizations will not be impacted by changes to the HITRUST i1 Assessment control requirements until their next HITRUST assessment cycle.
HITRUST is hosting a webinar at 11 a.m. CT on Thursday, February 3, 2022, to discuss the HITRUST Implemented 1-year (i1) Assessment in more detail. To register, and for more information, click here: Next Generation HITRUST Information Security Assessment Focuses on Continuous Cyber Relevance
Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies.
HUB Security | December 22, 2021
HUB Security, a secure computing solutions provider, announced it has signed a strategic partnership with global integration and Smart Space IoT leader, Getronics, to offer secure compute protection to hundreds of banks and organizations in the EU, LATAM, and APAC. HUB Security will be Getronics' cyber security partner and its cyber automation platform to enhance current offerings including Secure-by-Design iOT & Smart Spaces, Ransomware & IR, and SOC.
Getronics' clients in 23 countries and in its Global Workspace Alliance will use HUB's confidential computing platform and additional innovative cybersecurity services to receive unparalleled protection.
"With organizations facing increasing cyber challenges, we see great value in partnering with Getronics, a leader in digital transformation and integration,With a global reach and over 3700 experts, both companies can enhance cyber security protection for their clients and partners. "
Eyal Moshe, CEO and co-founder of HUB Security
"The global businesses we help support require the most advanced security platforms to maintain their operations," said Harsha Gowda Siddaveere, CTO Getronics. "HUB Security's offerings will allow our partners and customers a new level of cyber readiness facing new digital challenges in 2022."
"Both parties in this partnership complement and enhance each other's global offering to be cyber resilient and prepared for the future," said Joseph Souren, VP Sales EMEA, Comsec, a HUB Security Group.
About HUB Security
HUB Security was established in 2017 by veterans of the 8200 and 81 elite intelligence units of the Israeli Defense Forces. The company specializes in unique Cyber Security solutions protecting sensitive commercial and government information. The company debuted an advanced encrypted computing solution aimed at preventing hostile intrusions at the hardware level while introducing a novel set of data theft prevention solutions. HUB operates in over 30 countries and provides innovative cybersecurity computing appliances as well as a wide range of cybersecurity professional services worldwide.
Getronics is a global ICT integrator with an extensive history that extends over 130 years. With over 3,700 colleagues across Europe, Asia Pacific, and Latin America, Getronics' vision is to reimagine the digital future, one customer at a time. We do this by leveraging an integrated and secure-by-design portfolio around Digital Workplace, Business Applications, Smart Spaces, Multi-Cloud, Field & Onsite Support, Service Desk, Network Infrastructure, and Security & Compliance to serve our more than 1,800 customers in both public and private sector.
SecurityScorecard | December 21, 2021
SecurityScorecard, the global leader in cybersecurity ratings, today released a new report on the U.S. shipping industry, "Proactive Security Measures for Global Maritime Shipping." The research found that high severity cyber vulnerabilities pose a big risk to U.S. maritime security, especially ahead of a busy holiday season.
In December 2021, SecurityScorecard conducted an analysis of the cybersecurity health of 100 global shipping container companies compared to the Forbes Global 2000 companies, finding that:
Overall, the cybersecurity risk posture of the shipping industry was better than the Forbes Global 2000, but the shipping industry did not perform higher in every risk group factor
The largest risks to the sector include vulnerabilities in application security, irregular patching cadence, and network security
Data breach percentages for shipping container companies increased from 2018 through 2021, indicating that the industry may be an increasingly attractive target for malicious cyber actors during the 2021 winter holiday season
Shipping container companies initially did better than the Forbes Global 2000 until April 2020, when high-profile attacks sank the industry average. Since mid-2020, shipping container companies have continued to struggle to build resilience in their cybersecurity and have not yet returned to their pre-2020 breach scores.
Global supply shortages and shipping disruptions brought on by the COVID-19 pandemic pose a threat to U.S maritime security and threaten to disrupt the holiday gift-giving season. The maritime shipping network, which is responsible for 90% of the global trade, has gone from being a fast and cost-effective system to one plagued by delays, clogged shipping lanes, and exorbitant prices.
"The shipping and maritime industry is already strained and taxed by the pandemic and resulting supply chain backlog,A potential cyber incident in the shipping industry could have catastrophic effects on people and businesses all across the world. This research is a key indicator that the industry should continue to keep a focus on cyber resilience through continuous monitoring."
Aleksandr Yampolskiy, CEO and co-founder of SecurityScorecard
SecurityScorecard continuously monitors millions of entities world-wide, and non-intrusively assesses their security posture across ten risk categories, including DNS health, IP reputation, web application security, network security, leaked information, hacker chatter, endpoint security, and patching cadence. This instantly delivers an easy-to-understand "A" through "F" security rating.
Funded by world-class investors including Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparent Instant SecurityScorecard rating.
ACTZERO | December 15, 2021
ActZero, a cybersecurity startup whose AI-driven platform makes best-in-class security accessible for businesses of all sizes, today announced a strategic partnership with Measured Analytics and Insurance, the data and analytics-driven cyber insurance company. The partnership will enable businesses to protect themselves against emerging security threats with an integrated risk management approach.
Recent reports by lead researchers have found that a majority of organizations have experienced incidents of ransomware or phishing in the last 12 months, while other cybersecurity threats are also on the rise. This trend means that more and more businesses need to level up their cybersecurity posture, while also preparing for the ramifications of potential attacks with cybersecurity-specific insurance. The partnership between ActZero and Measured is among the first to holistically address a business's cybersecurity needs by combining sophisticated managed detection and response services designed to stop attacks and extortion with insurance services that position companies to mitigate potential losses.
"We're pleased to be working with Measured, which will serve as the foundation of our integrated risk management distribution channel,Pairing our solution with insurance coverage to better protect customers represents another leap forward in our pursuit of making cybersecurity more effective and affordable for small and mid-sized enterprises."
Chris Finan, ActZero's Chief Operating Officer
The ActZero platform combines next-generation antivirus protection, endpoint detection and response, extended detection and response technologies, and 24/7 automated and managed threat hunting capabilities to detect and prevent all types of cybersecurity threats, from commodity malware to sophisticated, headline attacks across endpoints, network and cloud. The combined offering with Measured means that ActZero clients can now take advantage of streamlined access to cyber insurance at better rates.
Measured Analytics and Insurance sells industry-leading comprehensive cyber insurance backed by the most reputable reinsurance companies in the world. Measured tackles the challenge of underwriting cyber insurance by combining proprietary data and machine learning algorithms to assess and price cyber insurance for small- and mid-sized businesses. In partnering with ActZero, Measured's clients gain access to a robust suite of cybersecurity technologies at preferred rates.
"In this era of growing concerns and evolving threats, it's critical to complement our cyber insurance offering with innovative detection and response capabilities to stop problems before they start," said Jack Vines, CEO of Measured Insurance. "ActZero is the ideal partner to deliver on this promise, enabling our customers to implement sophisticated risk management strategies, thereby best positioning themselves against today's current threat climate."
ActZero is a cybersecurity startup that makes small- and mid-size businesses more secure by empowering teams to cover more ground with fewer internal resources. Our intelligent managed detection and response service provides 24/7 monitoring, protection and response support that goes well beyond other third-party software solutions. Our teams of data scientists leverage cutting-edge technologies like AI and ML to scale resources, identify vulnerabilities and eliminate more threats in less time. We actively partner with our customers to drive security engineering, increase internal efficiencies and effectiveness and, ultimately, build a mature cybersecurity posture. Whether shoring up an existing security strategy or serving as the primary line of defense, ActZero enables business growth by empowering customers to cover more ground.
ABOUT MEASURED ANALYTICS AND INSURANCE
Measured Insurance offers an analytics-based approach to cyber insurance, specifically quantifying specific exposure to ransomware attacks. Measured Insurance is bridging the gap between technology and insurance by using AI-powered analytics that tracks individual exposure in real-time to create smarter insurance products. Every policy is tailored to fit the individual client–clearly identifying pre-event exposure in seven fundamental areas and customizing post-event loss mitigation services with real experts, real people, and real help if ever needed.