CXO Spectrum

Security

Orchestrated Risk Management Provider ZeroNorth Secures $10M in Series A+ Funding

by

Boston-based ZeroNorth announced today $10 million Series A+ funding. The round was led by Crosslink Capital, with existing investors ClearSky, Rally Ventures, and Petriollo Capital participating.

The company launched in April 2019 with an initial $10 million, and by orchestrating many vulnerability scanning tools, ZeroNorth centralizes security within application security, development, and security operations.

CEO John Worrall said that the funding will enable companies to improve development and security, saying, “Software security has never been more important, but it’s never been this challenging either. Development and security teams are pushed apart by the need for speed, but it doesn’t have to be this way. Security teams can rise to the challenge and speed of DevOps, and orchestration across the development lifecycle is the answer.”

EMA Research and MobileIron Find Passwords Still the Biggest Security Vulnerability in New Study

by

Despite developments in identity management and authentication, recent research found passwords are still commonly used despite their vulnerabilities. Sponsored by MobileIron, Enterprise Management Associates security and authentication analyst Steve Brasen found that 42% of security teams report organizational security breaches due to user password compromise.

Additional findings of note:

  • The username/password continues to be the dominant method of authentication used to access business devices, apps and data.
  • The password is still the top attack vector for organizations of all sizes, with 42% of respondents indicating their organization had been breached as a result of a user password compromise.
  • Poor password hygiene is also a top cause of data breaches, with 31% of respondents indicating their organization had been breached as a result of user credentials being shared with an unauthorized peer.
  • Phishing attacks, which are designed to harvest employee credentials, are prevalent. Twenty-eight percent of respondents indicated their organization had been breached as a result of a successful phishing attack.
  • IT and security managers are most confident in the ability of hardware tokens/security keys, thumbprints, and mobile devices to prevent access-based security breaches, compared to other authentication methods like passwords and PINs.

Online Payment Fraud Attempts Increased by 73% Last Year

by

According to new research from digital trust and safety solution provider Sift, cyber criminals have been quite adept at exploiting vulnerabilities in digital payments and business, leading to an explosion in fraudulent attempts over the last year.

The company’s research, the Digital Trust & Safety Index, examines how fraudsters target online businesses, what platforms and payment types they’re using, when they most frequently strike, and other patterns unearthed by examining Sift’s global data network of more than 400 billion events per year.

Other key findings include:

  • Credit cards are not the most commonly used payment type associated with fraud, which are used less frequently than promotions and coupons, cryptocurrency, digital wallets, and “pay with cash” options
  • Fraudulent order values are roughly 3X the price of legitimate purchases on average
  • The largest attempted purchase on Sift’s platform in 2019 was for a $1M video game power-up
  • Payment fraud attempts are at their highest during the summer months.
  • Saturdays had the highest instances of payment fraud attempts of any day of the week.

Verizon Finds Majority of Companies Aware They’re Sacrificing Security for Efficiency

by

In its 2020 Mobile Security Index, Verizon found that 54% of companies were less confident about the security of their mobile devices than other systems.

With an increase in mobile security breaches, it’s not really a surprise that mobile would be a growing concern for IT teams. And self-awareness doesn’t seem to be the problem, as 43% percent of organizations admitted to sacrificing mobile security to meet deadlines or productivity targets.

Other key findings:

  • Fifteen percent of enterprise users (18% in the U.S.) encountered a mobile phishing link in Q3 2019.
  • Twenty-one percent of organizations that were compromised said that a rogue or unapproved application had contributed to the incident.
  • The number of insecure Wi-Fi hotspots an average device connects to each day (per Wandera)
  • Only 43% said that they limit their employees to using apps from an official app store or one owned by the company
  • Thirty-one percent of IoT respondents admitted to having suffered a compromise involving an IoT device.

Pindrop Demonstrates Rising Risk of Voice Deepfakes, Releases Deep Voice 3

by

At RSA, the global security company that uses AI for IVR Authentication and Anti-Fraud Solutions, announced the launch of Deep Voice 3, the new version of its market-leading voice recognition technology.

The biometric industry has been quick to develop improvements in voice-based speech recognition solutions given the rapid developments in deepfakes. Not only are video deepfakes a concerns, but there’s also been an alarming increase in voice deepfakes.

Pindrop aims to combat these attacks with Deep Voice 3, which is built on advanced machine learning and deep neural networks. The solution is designed to accurately recognize the voice of callers at a contact center with less speech, resulting in faster authentication, a smoother customer experience with higher enrollment, and a contact center that is both more efficient and secure. 

Pindrop anticipates GA of Deep Voice 3 in Q1.

KeyFactor Announces Unique IoT Identities for Device Manufacturers

by

One of the more interesting announcements out of RSA is that of the partnership with Keyfactor and wolfSSL. IoT growth has exploded, but is still bound by security concerns, especially in regard to how to lock down low-power devices. Keyfactor, which offers award-winning PKI as-a-service platform for certificate lifecycle automation and IoT device security, announced it will integrate with SSL/TLS crypto-library provider wolfSSL to improve IoT security.

Keyfactor VP of product, Mark Thompson, commented, “Establishing critical trust at design and over time is complex for device manufacturers juggling multiple mass-production product lines.“Assigning a unique identity to every device hardens its overall security and ability to securely install firmware and software updates. . . combining full-featured, easy-to-use cryptographic libraries with a solid Public Key Infrastructure (PKI) platform makes IoT security at scale manageable and achievable.”

The new integration, KeyfactorControl, allows device designers and manufacturers to leverage technology and PKI to continuously replace, manage and update cryptography on IoT devices, while wolfSSL SSL/TLS libraries support resource constrained IoT systems across industrial control systems, connected vehicles, and medical devices.

RSA Announces SECURITI.ai Lands Top Spot at RSAC Innovation Sandbox Contest 2020

by

Today at RSA, AI-powered PrivacyOps provider SECURITI.ai was announced as the winner of the Conference’s Innovation Sandbox Contest. The winner was determined by a panel of venture capitalists, entrepreneurs and industry veterans.

For the past fifteen years, the RSAC Innovation Sandbox Contest has been a leading platform for startups to showcase their technologies within the cybersecurity industry. And nabbing the top spot is quite the milestone, since RSAC Innovation Sandbox Contest’s top 10 finalists have collectively seen over 50 acquisitions and over $6.2 billion in investments.

SECURITI.ai simplifies and automates privacy and offers PRIVACI.ai, which automates privacy compliance with patent-pending People Data Graphs™ and robotic automation. Using it, enterprises can give rights to people on their data, comply with global privacy regulations, and build trust with customers.

Jigsaw Launches New Publication and Platform to Combat Disinformation

by

The potential for disinformation to impact everything from commerce to war has only grown as developments in AI have enabled increasingly sophisticated disinformation tools. To combat the threat, and to better arm fact-checkers and journalists with a seamless process for detecting disinformation, Jigsaw recently announced Assembler – a platform that’s been in development since 2016 with support from Google Research – and The Current, a new research publication.

Jigsaw’s team – comprised of researchers, engineers, designers, policy experts, and creative thinkers – has been working on Assembler, an experimental platform to test how technology can help fact-checkers and journalists to detect and analyze manipulated media.

The tool is currently being tested at Agence France-Presse, Animal Politico, Code for Africa, Les Décodeurs du Monde, and Rappler, wto determine how well it works in real newsrooms.

Jigsaw also recently announced the launch of The Current, a new research publication that examines “complex problems through an interdisciplinary approach — like our team.”

Ransomware Attacks Cost US Healthcare Organizations over $157M Over Since 2016

by

Recent research from reviews and research firm Comparitech highlights come unsettling statistics regarding ransomware in the healthcare industry.

Comparitech’s team undertook these efforts to try and gain insight into the growing problem, a difficult task given the complexity of ransomware attacks that aren’t publicly disclosed, as well as the requirement from U.S. Department of Health Services that publish information about attacks only if over 500 people are impacted.

Using a variety of different resources including specialist IT news, data breach reports, and the Health Services reporting tool, Comparitech gathered as much data as possible on ransomware attacks on US healthcare providers, though they acknowledge that this may only be the tip of the iceberg.

The report details costs to individual states and while California had the highest number of ransomware attacks, Michigan saw the highest number of affected patient records.

You can find the entire report here.

Its key findings from looking at the attacks since 2016 included:

  • 172 individual ransomware attacks on healthcare organizations
  • 1,446 hospitals, clinics, and organizations affected
  • 74 percent of organizations affected were hospitals or clinics, the remaining were IT providers (5%), elderly care providers (7%), dental (5%) or optometry practices (6%), plastic surgeons (2%), medical testing (2%), health insurance (1%), government health (1%), and medical supplies (1%)
  • 6,649,713 patients affected
  • Ransomware amounts vary from $1,600 to $14,000,000
  • Downtime caused varies from hours to weeks and even months
  • Hackers have demanded ransoms totaling more than $16.48 million since 2016
  • Hackers have received at least $640,000 since 2016
  • The overall cost of these attacks is estimated at $157 million