Research shows Boardroom investments in cybersecurity are most commonly the result of an incident or fears of compliance audit failure

prnewswire | October 08, 2020

Thycotic, provider of privileged access management (PAM) solutions to more than 10,000 organizations, including 25 of the Fortune 100, today released its CISO Decisions survey, an independent global study1 that examines what most influences the Board to invest in cybersecurity and the impact this has on CISO decision-making. Based on findings from more than 900 global CISOs/Senior IT decision-makers, the research shows Boardroom investments in cybersecurity are most commonly the result of an incident or fears of compliance audit failure. Because of this, the research shows more than half, 58 percent, of respondents say their organizations plan to add more towards security budgets in the next 12 months.

Spotlight

A new study by Symantec reveals that employees steal corporate data and do not believe it is wrong. The findings show that everyday, employees' attitudes and beliefs about intellectual property theft are at odds with the vast majority of company policies. The survey - conducted by Ponemon Institute, an independent data privacy research firm - examines the problem of information theft in the workplace.


Other News
ENTERPRISE SECURITY

SecurityScorecard and Marsh McLennan Collaborate to Elevate Cybersecurity in Challenging Risk Landscape

SecurityScorecard | January 28, 2022

SecurityScorecard, the global leader in cybersecurity ratings, today announced a collaboration with Marsh McLennan, the world's leading professional services firm in the areas of risk, strategy and people, to enable organizations around the world to improve their cyber resilience. As part of the collaboration, Marsh McLennan's Cyber Risk Analytics Center will leverage SecurityScorecard's data and analytics to gain real-time cyber risk insights and define risk mitigation strategies for the Company's global client base. The companies will also collaborate on joint research aimed at increasing awareness of cyber risk and educating the market on risk management strategies. "We are excited to work with Marsh McLennan, which understands that to stay competitive, you must stay innovative," said Prashant Pai, Senior Vice President and General Manager of Strategic Initiatives at SecurityScorecard. "Given how fast the cyber risk landscape evolves, it's essential that business leaders have access to the most up-to-date and complete view of a client's cybersecurity posture." "Cyber risk evolves minute-to-minute, making it challenging to build data-driven risk management strategies,SecurityScorecard's data and analytics are a valuable addition to our proprietary insights, furthering our ability to help our clients stay on top of emerging vulnerabilities and threats that may impact their businesses." Scott Stransky, Managing Director, Marsh McLennan Cyber Risk Analytics Center SecurityScorecard continuously monitors millions of entities worldwide and non-intrusively assesses their security posture across 10 risk categories including DNS health, IP reputation, web application security, network security, leaked information, hacker chatter, endpoint security and patching cadence. About SecurityScorecard Funded by world-class investors including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparent Instant SecurityScorecard rating.

Read More

DATA SECURITY

IT-Harvest Launches the Analyst Dashboard for Cybersecurity

IT-Harvest | March 31, 2022

IT-Harvest, a data-driven industry analyst firm, announces the launch of an SaaS application for tracking and analyzing the entire cybersecurity industry. Some data will be published for free at dashboard.it-harvest.com. Subscribers will receive access to all the data assembled over a decade by IT-Harvest, including category, subcategory, headcount each quarter, investments, and key executives. Using the data on each of the 2,850 vendors worldwide, it is possible to compare countries, states, and regions. For instance, there are 1,567 cybersecurity vendors in the United States, 357 in the EU, and 236 headquartered in Israel. California is currently home to 560 cybersecurity companies. "The launch of this app is the realization of a 17-year journey to create an analyst firm that could offer more than opinions and reports. Subscribers get access to all the data we use in our research and reports. They can do their own analysis to test an investment thesis, find targets for acquisition, or create a short-list of vendors for a particular technology they are looking to acquire." Richard Stiennon, Chief Research Analyst at IT-Harvest In addition to the data, subscribers are purchasing a seat for advisory services, much like with a traditional analyst firm. IT-Harvest analysts are available for inquiries on markets, technology, and vendors as part of the annual subscription. The data available in the Analyst Dashboard is printed every year in the Directory in Security Yearbook available at www.it-harvest.com/shop. IT-Harvest tracks headcount at all cybersecurity vendors to identify fast growing companies and segments. That data is updated quarterly in the Analyst Dashboard and presented in a Leaderboard sorted by growth over the past quarter and calendar year. Subscribers can add any number of vendors to a watchlist and get email alerts when data on a company is updated. This could include new funding, a change in the executive team, inclusion in a research report, or an acquisition.

Read More

DATA SECURITY

Netskope Revolutionizes Data Protection with Patented Lightweight, Cloud-Powered Endpoint Data Loss Prevention

Netskope | May 24, 2022

Netskope, the leader in Security Service Edge (SSE) and zero trust,announced a key expansion of data protection capabilities to endpoint devices and private apps. The introduction of a patented endpoint data loss prevention (DLP) solution will enable Netskope Intelligent SSE customers to protect data everywhere it moves across the hybrid enterprise. Zero trust principles are critical to SSE, which describes the security stack needed to enable a modern Secure Access Service Edge (SASE) architecture. Data protection is of utmost importance throughout a SASE architecture—specifically, the need for security to move with data wherever it is accessed, and apply zero trust to determine the right level of access. Additionally, legacy and endpoint DLP offerings have failed enterprises by being siloed, complicated, and intrusive, hindering user productivity. Netskope has been consistently recognized by top industry analysts for its advanced data protection capabilities. With today's continued expansion of the Netskope Intelligent SSE platform, Netskope customers will be able to protect data across SaaS, IaaS, private applications, web, e-mail, and endpoint devices from a single converged data protection solution, leveraging machine learning, user and entity behavior analytics (UEBA), and insider threat mitigation capabilities to improve security efficacy, efficiency, and agility. Notable features of Endpoint DLP include: Context-aware, zero trust data protection on local peripherals and devices, such as USB drives and printers Unified data classification, policy enforcement, and incident management for DLP across SaaS, IaaS, private apps, web, e-mail, and endpoint devices A patented lightweight endpoint agent with cloud-based inspection and contextual data protection policies that enhance the user experience Machine learning and Advanced Analytics to help simplify data classification and policy definition, lowering operational overhead UEBA, which makes it possible to identify and stop complex data loss scenarios such as insider risk, where users are unintentionally or even maliciously abusing their access to data "No SASE or zero trust journey will be successful without data protection capabilities that can address all critical use cases in a way that is easy to deploy and doesn't slow down users, The introduction of Endpoint DLP extends Netskope's award-winning data protection capabilities that much further, to critical use cases with endpoint devices. While some competitors may offer unified policy and management or provide data protection for certain vectors, Netskope is the only vendor that can provide truly converged data protection across the full IT environment. We are very excited to deliver Endpoint DLP to customers as another Netskope game-changer." John Martin, Chief Product Officer, Netskope "With Netskope's new eDLP, we can now offer single-pass data protection —across all vectors, from the cloud to the endpoint —with unified policies, within a single management console," said Mick Coady, Global Vice President CyberSecurity Solutions, World Wide Technology. "As a Platinum Partner in Netskope's Evolve partner program, we're seeing the huge growth opportunity that Netskope's Intelligent SSE approach represents. This new addition will accelerate that growth." A work-from-anywhere, or "hybrid," environment makes it increasingly difficult to maintain security models based on implicit trust in any entity that wants to connect. Zero trust principles enable organizations to govern access to data based on behavior by users, devices, networks, and applications— increasing confidence in policy enforcement everywhere. By evaluating several contextual elements—user identity, device identity and security posture, time of day, geolocation, business role, sensitivity level of the data, and more—the resource itself can determine an appropriate level of confidence, or trust, only for that specific interaction and only for that specific resource. Using Netskope Intelligent SSE with zero trust principles applied throughout the environment, businesses become more agile, reduce risk, and streamline solution deployment and maintenance. "DLP has been extremely complicated and cumbersome, and that's before you factor in cloud, web, email, private apps, and endpoints," said Frank Dickson, IDC Group Vice President, Security & Trust. "Netskope looks to address complexity with integration, providing a unified cloud delivered solution. Compared to old school network and endpoint-based DLP solutions, having DLP in this integrated solution makes it dramatically easier to protect data wherever it may be and in a manner that is frictionless for end users. It is a win-win." About Netskope Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply zero trust principles to protect data. The Netskope Intelligent Security Service Edge (SSE) platform is fast, easy to use, and secures people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Read More

PLATFORM SECURITY

OccamSec Unveils Revolutionary Cybersecurity Platform Set to Change the Industry

OccamSec | May 04, 2022

OccamSec, a leading cybersecurity provider, announced today the launch of their Incenter platform. Incenter identifies the security weaknesses an organization has in real-time, and helps teams develop insights and communicate business context from a security perspective. For today's organizations, the threat landscape is constantly evolving. Penetration testing and vulnerability scanning can help, but with new vulnerabilities and exploits found all the time, infrequent testing means risk data may be outdated. At the same time the industry is trending towards slicing the solution ever thinner, which means costs keep increasing. Incenter combines the functionality of a range of security services in one single solution. The platform provides, in real time, where an organization is vulnerable, and just as critically, what the impact will be if an attack occurs. Incenter utilizes a dual approach. It combines the best in technology with advanced automated testing, and the best in people with OccamSec's security team. Supported by vulnerability research and a threat intelligence team, the burden on clients having to buy multiple services is eliminated. Users have the ability to generate reports that compile real-time information with the touch of a button, rather than waiting for a timed report to be generated. Incenter also provides step-by-step guidance on how to mitigate any risks that are identified, with the tools an organization already has which means no hidden costs. Incenter combines the functionality of a range of security services in one single solution: Manual Penetration Testing Penetration Testing as a Service (PTaaS) Automated Security Validation (ASV) Vulnerability Scanning External Attack Surface Management (EASM) Crowd Source Penetration Testing Threat Intelligence This provides a single source of truth on the exposures an organization faces. Improving the effectiveness of any security team, regardless of size, and at the same time breaking organizations out of ever increasing cyber security expenditure. The platform's focus on the unique business context of each organization means that security teams no longer have to trudge through 1000's of scan findings or determine how relevant a penetration test finding is and how to fix it. At the same time from the dashboard, management can see a high level summary of their organization's exposure, the likelihood of a breach, and how much it's going to cost them. "Over the years we have seen what works, what doesn't and where the gaps are," says OccamSec founder Mark Stamford. "The biggest gap is organizations needing more and more tools and services to effectively secure themselves. The key to effective security is joining the dots, not having ever more dots scattered in ever more places. With Incenter we have combined the talents of our security team and their expert knowledge, with a technical solution that is unrivaled. The result is a win for our clients, regardless of size." About OccamSec OccamSec is a leading provider in the world of cybersecurity. Its clients rely on them to provide information security services that exceed current industry standards. OccamSec provides accurate, actionable information to reduce risk and enable better informed decisions. Its unique end-to-end solutions detect, identify, respond, and protect in order to maximize the effectiveness of security programs.

Read More

Spotlight

A new study by Symantec reveals that employees steal corporate data and do not believe it is wrong. The findings show that everyday, employees' attitudes and beliefs about intellectual property theft are at odds with the vast majority of company policies. The survey - conducted by Ponemon Institute, an independent data privacy research firm - examines the problem of information theft in the workplace.

Resources