cyberattacks – EvaluateSolutions38 https://evaluatesolutions38.com Latest B2B Whitepapers | Technology Trends | Latest News & Insights Fri, 07 Apr 2023 14:59:50 +0000 en-US hourly 1 https://wordpress.org/?v=5.8.6 https://dsffc7vzr3ff8.cloudfront.net/wp-content/uploads/2021/11/10234456/fevicon.png cyberattacks – EvaluateSolutions38 https://evaluatesolutions38.com 32 32 Updates to Akamai’s Managed Security Service and a New Premium Offering Announced https://evaluatesolutions38.com/news/security-news/updates-to-akamais-managed-security-service-and-a-new-premium-offering-announced-2/ https://evaluatesolutions38.com/news/security-news/updates-to-akamais-managed-security-service-and-a-new-premium-offering-announced-2/#respond Fri, 07 Apr 2023 14:59:50 +0000 https://evaluatesolutions38.com/?p=51804 Highlights:

  • More Akamai Experts are now accessible through updates to Akamai Managed Security Services, and technical advisory hours with engagement managers and support delivery managers are now included without additional fees.
  • Enhanced site monitoring, regular reviews with Akamai SOCC experts to collaborate and exchange information, proactive communication from SOCC subject matter experts, a customer-specific security incident and event management or SIEM view in the SOCC dashboard, and proactive communication are all included in the premium service.

Akamai Technologies Inc., a provider of content delivery network and cloud services, recently confirmed an updated managed security service program and a new premium service offering to assist customers in protecting themselves from cyberattacks.

With proactive monitoring and rapid response in the event of a cyberattack, the new capabilities assist customers in protecting their businesses 24×7 from sophisticated attacks. Customers can use the increased access to Akamai security experts, reduced pricing, and better and direct assistance to their advantage because of the new capabilities. A premium version of the service is also available for customers who want personalized support and prioritized escalation paths.

With the release, Akamai hopes to address an ever-growing attack surface posing problems for businesses: distributed denial-of-service attacks and credential stuffing that can disrupt and shut down business services.

Roger Barranco, Vice President of support services at Akamai, said, “Businesses everywhere are struggling to defend against sophisticated cyber adversaries who are determined to create chaos and hinder business continuity. Our customers have asked for higher levels of service, which is what we’re delivering with Akamai’s managed security service and premium offerings. We’re partnering with our customers in a way that augments the availability of highly skilled proactive cybersecurity professionals.”

More Akamai Experts are now accessible through updates to Akamai Managed Security Services, and technical advisory hours with engagement managers and support delivery managers are now included without additional fees. The Managed Security Service from Akamai still offers the basic package price but with more features. The pricing of additional App and amp; API Protector with managed Advanced Security Management policy, managed Page Integrity configuration, and Bot Manager Premier endpoint, has also reduced.

According to the company, customers now have access to more support because Akamai University seats, after-hours configuration assistance, and quarterly customer business reviews are part of the base package.

According to the company, the Security Operations Control Center Premium service offers prioritized escalation and support tailored to the individual customer’s needs. Features for better outcomes and alignment include named resources, customer-specific data, and 24/7 customer access to SOCC experts.

Enhanced site monitoring, regular reviews with Akamai SOCC experts to collaborate and exchange information, proactive communication from SOCC subject matter experts, a customer-specific security incident and event management or SIEM view in the SOCC dashboard, and proactive communication are all included in the premium service. Faster escalations give clients faster access to SOCC management and immediate access to Akamai subject matter experts. Customers can access Akamai’s SOCC Premium Service from April 6.

]]>
https://evaluatesolutions38.com/news/security-news/updates-to-akamais-managed-security-service-and-a-new-premium-offering-announced-2/feed/ 0
Splunk’s Security Leaders Report More Cyberattacks and Downtime https://evaluatesolutions38.com/news/security-news/splunks-security-leaders-report-more-cyberattacks-and-downtime/ https://evaluatesolutions38.com/news/security-news/splunks-security-leaders-report-more-cyberattacks-and-downtime/#respond Wed, 05 Apr 2023 20:55:43 +0000 https://evaluatesolutions38.com/?p=51764 Highlights:

  • The report’s main conclusions include the fact that bad actors frequently go undetected on corporate networks for long stretches of time.
  • 95% of respondents claimed to have given third-party risk assessments more attention.

According to a recent report released by big-data analytics company Splunk Inc, security leaders continue to witness increased cyberattacks and unscheduled outages.

52% of organizations claim to have experienced a data breach in the last two years, up from 49% in 2022 and 39% in 2021, according to the Splunk State of Security 2023 report. In addition, 62% of security leaders reported that, up from 54% in 2022, unplanned downtime caused by a cybersecurity incident had affected their business-critical applications at least monthly.

The report’s main conclusions include that bad actors frequently go undetected on corporate networks for long periods.

Cybersecurity-related outages increased to around 22 annually, costing, on average, about 2.7% of annual revenue. A recent Splunk report estimates that downtime can cost businesses about USD 365,000 per hour. Nearly 40% of those surveyed claimed that cybersecurity incidents directly hurt their ability to compete, and 31% claimed that they decreased shareholder value.

Despite the unfavorable headline figures, there was good news because numerous organizations are taking action to deal with these issues. Almost all respondents predict an increase in their security budgets over the next two years, with 56% stating that their budgets are already growing “significantly.”

More than four-fifth of organizations claim to be combining certain aspects of their information technology and security operations. The security leaders surveyed indicated that 58% believed convergence would aid in increasing overall risk visibility in their environment, and 55% believed improved cooperation in threat identification and response processes would result.

Organizations are also putting more effort into securing their supply chains, with 95% of respondents reporting that they have given third-party risk assessments more attention. 91% of respondents concur that one of the best tools for preventing successful ransomware attacks is improved detection, data capture, and analysis.

Well-known Splunk security strategist Ryan Kovar said, “In the organizations, we’ve worked with, resilience has been strongest with a collaborative approach in everything, from software development and infrastructure monitoring to business continuity planning. This approach brings everyone to the table, including security leaders with IT and business leaders, so they all can focus on protecting the organization.”

]]>
https://evaluatesolutions38.com/news/security-news/splunks-security-leaders-report-more-cyberattacks-and-downtime/feed/ 0
Updates to Akamai’s Managed Security Service and a New Premium Offering Announced https://evaluatesolutions38.com/news/security-news/updates-to-akamais-managed-security-service-and-a-new-premium-offering-announced/ https://evaluatesolutions38.com/news/security-news/updates-to-akamais-managed-security-service-and-a-new-premium-offering-announced/#respond Wed, 05 Apr 2023 18:51:49 +0000 https://evaluatesolutions38.com/?p=51759 Highlights:

  • More Akamai Experts are now accessible through updates to Akamai Managed Security Services, and technical advisory hours with engagement managers and support delivery managers are now included without additional fees.
  • Enhanced site monitoring, regular reviews with Akamai SOCC experts to collaborate and exchange information, proactive communication from SOCC subject matter experts, a customer-specific security incident and event management or SIEM view in the SOCC dashboard, and proactive communication are all included in the premium service.

Akamai Technologies Inc., a provider of content delivery network and cloud services, recently confirmed an updated managed security service program and a new premium service offering to assist customers in protecting themselves from cyberattacks.

With proactive monitoring and rapid response in the event of a cyberattack, the new capabilities assist customers in protecting their businesses 24×7 from sophisticated attacks. Customers can use the increased access to Akamai security experts, reduced pricing, and better and direct assistance to their advantage because of the new capabilities. A premium version of the service is also available for customers who want personalized support and prioritized escalation paths.

With the release, Akamai hopes to address an ever-growing attack surface posing problems for businesses: distributed denial-of-service attacks and credential stuffing that can disrupt and shut down business services.

Roger Barranco, Vice President of support services at Akamai, said, “Businesses everywhere are struggling to defend against sophisticated cyber adversaries who are determined to create chaos and hinder business continuity. Our customers have asked for higher levels of service, which is what we’re delivering with Akamai’s managed security service and premium offerings. We’re partnering with our customers in a way that augments the availability of highly skilled proactive cybersecurity professionals.”

More Akamai Experts are now accessible through updates to Akamai Managed Security Services, and technical advisory hours with engagement managers and support delivery managers are now included without additional fees. The Managed Security Service from Akamai still offers the basic package price but with more features. The pricing of additional App and amp; API Protector with managed Advanced Security Management policy, managed Page Integrity configuration, and Bot Manager Premier endpoint, has also reduced.

According to the company, customers now have access to more support because Akamai University seats, after-hours configuration assistance, and quarterly customer business reviews are part of the base package.

According to the company, the Security Operations Control Center Premium service offers prioritized escalation and support tailored to the individual customer’s needs. Features for better outcomes and alignment include named resources, customer-specific data, and 24/7 customer access to SOCC experts.

Enhanced site monitoring, regular reviews with Akamai SOCC experts to collaborate and exchange information, proactive communication from SOCC subject matter experts, a customer-specific security incident and event management or SIEM view in the SOCC dashboard, and proactive communication are all included in the premium service. Faster escalations give clients faster access to SOCC management and immediate access to Akamai subject matter experts. Customers can access Akamai’s SOCC Premium Service from April 6.

]]>
https://evaluatesolutions38.com/news/security-news/updates-to-akamais-managed-security-service-and-a-new-premium-offering-announced/feed/ 0
DataDome, a Bot Protection Startup, Receives USD 42M to Combat Frauds and Cyberattacks https://evaluatesolutions38.com/news/security-news/datadome-a-bot-protection-startup-receives-usd-42m-to-combat-frauds-and-cyberattacks/ https://evaluatesolutions38.com/news/security-news/datadome-a-bot-protection-startup-receives-usd-42m-to-combat-frauds-and-cyberattacks/#respond Mon, 03 Apr 2023 18:38:17 +0000 https://evaluatesolutions38.com/?p=51719 Highlights:

  • Malicious algorithms are advancing and finding new ways to get around security measures, according to DataDome.
  • According to the company, its service can be installed and operational in under an hour and is simple to connect with any web infrastructure.

DataDome SAS, a startup providing Software-as-a-service for bot protection, revealed that it has received USD 42 million in fresh financing to help further its goal of purging the internet of bot-driven fraud and cyberattacks.

DataDome, a bot protection startup founded in 2014, employs artificial intelligence and machine learning to recognize and thwart advanced bot attacks in real time. The company’s technology determines in less than two milliseconds whether access to a page should be given by comparing each request to a website with an in-memory pattern database.

Malicious algorithms are advancing and finding new ways to get around security measures, according to DataDome. Web application firewalls, conventional CAPTCHAs, and user validation databases are examples of point-in-time, static obstacles that have become increasingly easier to consistently get around.

Benjamin Fabre, Co-founder, and Chief Executive of DataDome, said, “Bots have become a common path to fraud. In 2022 alone, DataDome stopped over 250 billion online fraud attempts in real time. Because of how our product is built and deployed, we have a unique lens into attack vectors and can see across silos to stop attacks in their tracks.”

In order to give DataDome, in Fabre’s words, an “award-winning competitive edge,” and to remain far ahead of bot creators and fraudsters, the new funding will be used to advance the company’s commercial rollout and research and development initiatives.

DataDome is a comprehensive software-as-a-service platform that provides enterprise-level professional services and dedicated bot security operations centers to DevSecOps and development, security, and operations people. According to the company, its service can be installed and operational in under an hour and is simple to connect with any web infrastructure.

In addition to others, the business provides assistance for integration with the Commerce Cloud from Salesforce.com Inc., Cloudflare Inc., Fastly Inc., and Amazon Web Services Inc.

DataDome serves clients like Rakuten Inc., Axel Springer SE, AngelList LLC, Reddit Inc., the New York Times Co., McDonald’s Corp., and Foot Locker Retail Inc.

Elephant Venture Capital GmbH, ISAI Gestion SAS, and other previous investors joined InfraVia Growth Management SAS in leading the Series C round. Reports show that DataDome has funded USD 81.2 million in total, including the most recent round.

]]>
https://evaluatesolutions38.com/news/security-news/datadome-a-bot-protection-startup-receives-usd-42m-to-combat-frauds-and-cyberattacks/feed/ 0
ForgeRock Introduces a Passwordless Authentication System https://evaluatesolutions38.com/news/tech-news/artificial-intelligence-news/forgerock-introduces-a-passwordless-authentication-system/ https://evaluatesolutions38.com/news/tech-news/artificial-intelligence-news/forgerock-introduces-a-passwordless-authentication-system/#respond Tue, 21 Mar 2023 12:45:32 +0000 https://evaluatesolutions38.com/?p=51579 Highlights:

  • Employees and customers can say goodbye to remembering passwords with the aid of ForgeRock, the only solution that offers a full spectrum of passwordless possibilities.
  • Users can add security signal analyses, include third-party capabilities, and establish user registration, lost devices, and help desk processes using a no-code orchestration engine with a drag-and-drop setup.

ForgeRock Inc., a provider of digital identity management services, recently unveiled Enterprise Connect Passwordless. This new authentication method does away with the use of passwords by users inside sizable corporations.

The new solution, integrated into the ForgeRock Identity Platform to protect frequently used and vulnerable enterprise resources like servers, workstations, remote desktops, and virtual private networks, was developed through a strategic partnership between password authentication firm Secret Double Octopus Ltd. and ForgeRock.

By enabling users to access legacy applications, systems, and services without a password, Enterprise Connect Passwordless assists major companies in actively defending against expensive cyberattacks and unwanted access. By removing employee interaction with passwords and lowering the danger of password compromise, the company claims that organizations using the new service become more secure. Advantages include decreased information technology issues and employee account lockouts, improved user experiences, and more productive workforces.

The service takes advantage of next-generation identity orchestration capabilities to create and implement passwordless logins specific to each enterprise’s security and user experience requirements.

Peter Barker, Chief Product Officer, said, “The move to passwordless authentication will fundamentally change every digital experience on the planet, starting with the most common experience of all — logging in. With the addition of Enterprise Connect Passwordless, ForgeRock is the only solution to offer a full spectrum of passwordless capabilities that help employees and consumers say goodbye to remembering their passwords.”

The service, which will go live in the second quarter, will build on the company’s current passwordless capabilities and further the effort it has been making for more than a decade to do away with consumer passwords.

With the Identity Cloud’s FIDO2 WebAuthn standards and passkeys, ForgeRock already provides passwordless authentication. It also supports low- and no-code access orchestration with Intelligent Access and AI-driven threat protection with Autonomous Access.

]]>
https://evaluatesolutions38.com/news/tech-news/artificial-intelligence-news/forgerock-introduces-a-passwordless-authentication-system/feed/ 0
RangeForce Inc. Raises USD 20M for Product Expansion https://evaluatesolutions38.com/news/security-news/rangeforce-inc-raises-usd-20m-for-product-expansion/ https://evaluatesolutions38.com/news/security-news/rangeforce-inc-raises-usd-20m-for-product-expansion/#respond Tue, 07 Mar 2023 19:40:55 +0000 https://evaluatesolutions38.com/?p=51383 Highlights:

  • RangeForce Inc., a company specializing in cybersecurity training, has revealed that it has raised USD 20 million to expand its product portfolio.
  • The Series B investment was headed by Energy Impact Partners LLC and Paladin Capital Group L.P., with participation from KPN Ventures BV, Lapa Capital Partners LLC, Lanx Capital Management LLC, and Cisco Investments Inc.

RangeForce Inc., a startup specializing in cybersecurity training, has revealed that it has raised USD 20 million to expand its product portfolio.

The Series B investment was headed by Energy Impact Partners LLC and Paladin Capital Group L.P., with participation from KPN Ventures BV, Lanx Capital Management LLC, Lapa Capital Partners LLC, and Cisco Investments Inc. According to statistics from PitchBook, RangeForce has raised around USD 38.5 million in fundraising to date, including the current capital. The startup raised USD 16 million in venture money in July 2020.

RangeForce, a company founded in 2009, markets itself as a provider of “cyber defense readiness at scale” with a continual approach to growing cybersecurity abilities. The firm offers cloud-based networks and servers that simulate cyberattacks and other dangers in a sandbox environment.

Three tiers of cyber defense upskilling solutions are available from RangeForce to fit the specific demands of each enterprise. All three levels involve interactive, real-world exercises replicating actual assaults better to defend teams from current and future cyber threats. Using their existing software tools, cybersecurity experts and operations teams can constantly upskill their staff, keeping their vital defensive abilities relevant against current threats.

The origins of the company’s software may be traced back to the North Atlantic Treaty Organization Cyber Range in Estonia, a multimillion-dollar facility with various hardware, software, and training rooms. Taavi Must, founder and CEO of RangeForce, designed the NATO Cyber Range while working as a contractor.

RangeForce’s clientele includes Fortune Global 2000 finance, technology, and healthcare organizations. Among notable clients are Cisco Systems Inc., Equifax Inc., Pipedrive Inc., Barclays PLC, and federal government institutions.

Taavi Must, said, “This funding supports our vision to equip the diverse modern workforce with comprehensive cybersecurity upskilling solutions that enable organizations of all sizes to defend against cyberattacks. Our mission is urgent in light of the global shortage of skilled cybersecurity professionals. RangeForce offers cyber defense training to frontline workers, who are the first line of defense in cybersecurity readiness, while providing management with valuable insights into their team’s strengths and weaknesses.”

]]>
https://evaluatesolutions38.com/news/security-news/rangeforce-inc-raises-usd-20m-for-product-expansion/feed/ 0
Blockchain Security Company Hypernative Bags USD 9M To Thwart Crypto Hacks https://evaluatesolutions38.com/news/tech-news/blockchain-news/blockchain-security-company-hypernative-bags-usd-9m-to-thwart-crypto-hacks/ https://evaluatesolutions38.com/news/tech-news/blockchain-news/blockchain-security-company-hypernative-bags-usd-9m-to-thwart-crypto-hacks/#respond Tue, 31 Jan 2023 20:40:21 +0000 https://evaluatesolutions38.com/?p=51024 Highlights:

  • Hypernative, a cryptocurrency security company, has announced nine million dollars in early financing to help web3 businesses mitigate losses from attacks.

Hypernative, a startup specializing in cryptocurrency security that protects against breaches, said it has secured nine million dollars in seed funding to assist web3 firms in preventing losses from cybercrimes.

Boldstart Ventures and IBI Tech Fund led the seed round, with strategic investments from cryptocurrency companies, Alchemy, Blockdaemon, Nexo, CMT Digital and Borderless, and other angel investors.

The business developed a security platform that leverages data on and off blockchains to identify and prevent future attacks in real time that target economic, governance, and community concerns. Using machine learning models to monitor incoming data, the company’s first product, the “Pre-Cog” platform, can capitalize on signs before an attack occurs.

According to the business, the platform has identified more than 764,000 threats and triggered over 33,000 warnings on more than 14,000 monitored protocols. Its platform enables its clients to respond in real time to possible risks that might harm their crypto assets before or during an attack to limit losses.

Gal Sagie, Chief Executive of Hypernative, said, “We created Hypernative early last year when we saw huge amounts of money getting stolen or phished or scammed in crypto. We saw huge gaps between tools that existed, and money being invested, so we wanted to create something to help prevent [attacks].”

According to a survey by Iimmunefi, a bug bounty and security services platform for web3, the crypto sector lost nearly USD 3.9 billion in 2022 because of hacks, fraud, and scams, while cyberattacks accounted for more than 95% of this loss. Although many of these attacks could have been avoided by proactively addressing the vulnerabilities, it is not always possible to identify every flaw or fault in the wild.

This is where the Pre-Cog platform from Hypernative steps in to alert, respond, and prevent attacks before or as they occur. It enables security teams of crypto companies to receive warning notifications and act swiftly by exporting the alerts to internal application programming interfaces, email, Slack, or Telegram so that engineers are notified immediately.

The platform is intended for protocols that boost security beyond audits and proactive defense, enabling teams to monitor critical metrics and anomalies. It also detects portfolio hazards in advance and in real time for asset managers and traders. By recognizing possible risks before a transaction is performed, users can be more confident in their operations. Hypernative can be easily incorporated with protocol security controls and automated trading wallet systems.

Ed Sim, Founding Partner at Boldstart Ventures, said, “Until now, there are no systems that not only accurately predict and alert on hacks before they happen but also provide actionable advice to stop them. The opportunity in front of Hypernative is massive as stopping zero-day attacks will go a long way towards rebuilding trust in the crypto ecosystem.”

Hypernative’s ideal clientele includes hedge funds, asset managers, exchanges, traders, market managers, and anybody that interacts with crypto and blockchain protocols and may need to respond swiftly to an attack or other incident.

]]>
https://evaluatesolutions38.com/news/tech-news/blockchain-news/blockchain-security-company-hypernative-bags-usd-9m-to-thwart-crypto-hacks/feed/ 0
AccSense Raises USD 5M for Its Data Protection Platform, Okta https://evaluatesolutions38.com/news/security-news/accsense-raises-usd-5m-for-its-data-protection-platform-okta/ https://evaluatesolutions38.com/news/security-news/accsense-raises-usd-5m-for-its-data-protection-platform-okta/#respond Thu, 19 Jan 2023 20:59:10 +0000 https://evaluatesolutions38.com/?p=50900 Highlights:

  • AccSense aims to use the fund to expand other IAM platforms and accelerate market strategies.
  • The platform is well-designed with multiple features such as one-click recovery, 10-minute RPO, verification, periodic testing of backup data, etc.

Startup AccSense intends to help organizations protect their Okta environment from cyberattacks. Acknowledging this, it has raised USD 5M in funding to expand the adoption of its namesake software platform.

Officially known as Empyrean Technologies Ltd., AccSense made its official announcement about the funding round recently. Many Angel investors actively participated in this seed funding. Joule Ventures led this funding round, followed by Gefen Capital, Fusion, and other angel investors.

To attain application security, many companies leverage Okta Inc.’s namesake identity and access management, or IAM. An IAM platform manages which users have logged into what application in the company’s network. Okta is built smart enough to detect and deny access to unauthorized requests automatically.

As the Okta platform majorly operates organizations’ cybersecurity activities, it also attracts many hackers. The hacker access the platform’s deployment to create malicious user accounts and enter into sensitive systems quickly. Also, hackers may even disrupt a genuine employee’s access to internal applications.

To fight back, Tel Aviv-based AccSense has developed a platform that provides essential tools. Such tools can identify potential malicious changes in the organization’s Okta environment. These tools are needed to mitigate such possible risks. Additionally, it also guarantees to simplify the detection of technical issues caused by human interference and ease them.

Moreover, the platform provides a facility to automatically create backup copies of an Okta environment. In case of the advent of a cyberattack or configuration error, the recovery of recent backup can be made by administrators with just a click.

RPO or Recovery Point Objective is a metric that tells how much data has been lost in case of an outage. RPO is of 10-minute, so data that is less than 10 minutes might be lost during an attack. This RPO of 10 minutes is guaranteed by this platform, as per AccSense.

In case of an attack, the need for employees to have consistent access to applications parallel with the administrator’s troubleshooting is fulfilled by this platform. More than this, other features, like offering backup features with a failover tool, are included. Also, this platform enables companies to create a standby copy of an Okta environment and bring it online as per need.

The company says that deployment of the Okta platform is relatively fast and simple. During installation, there is no need to deploy an additional piece of software in the Okta environment, as per AccSense.

Chief Executive officer and co-founder of AccSense, Muli Motola, said, “In today’s threat landscape, Cloud Identity Access Management systems are highly vulnerable to security breaches, human error, and insider threats. It is our mission to ensure that every IAM solution has optimal accessibility, maximum uptime, and next-level operational efficiency.”

The five-million-dollar funding raised by AccSense will not only be used for the platform Okta but also to add support for other IAM platforms. The company plans to speed up its go-to-market strategies.

 

]]>
https://evaluatesolutions38.com/news/security-news/accsense-raises-usd-5m-for-its-data-protection-platform-okta/feed/ 0
Report: Nearly 50% of 2021 Federal Employee Phishing Attacks Attempted Identity Theft https://evaluatesolutions38.com/news/security-news/report-nearly-50-of-2021-federal-employee-phishing-attacks-attempted-identity-theft/ https://evaluatesolutions38.com/news/security-news/report-nearly-50-of-2021-federal-employee-phishing-attacks-attempted-identity-theft/#respond Tue, 03 Jan 2023 14:25:29 +0000 https://evaluatesolutions38.com/?p=50616 Highlights:

  • According to Lookout’s 2022 Government Threat Report, mobile phishing and device vulnerability risk in US federal, state, and local governments is rising. In 2021, over 50% of phishing attempts against government employees sought employee credentials, up from 30% in 2020.

According to Lookout’s 2022 Government Threat Report, mobile phishing and device vulnerability risk across the United States is increasing across federal, state, and local government organizations. Over 50% of all phishing attacks against government people in 2021 intended to obtain employee credentials, up from 30% in 2020.

In addition to the increase in phishing attacks on government employees, the report’s findings include the following:

  • Between 2020 and 2021, the federal, state, and municipal governments increased their reliance on unmanaged mobile devices by 55%, signaling a shift toward Bring Your Own Device (BYOD) to serve a growing distant workforce.
  • One in eight federal personnel was vulnerable to phishing attacks. With over two million federal government personnel alone, this constitutes a substantial potential attack surface, as a single successful phishing effort is sufficient to infect an entire agency.
  • From 2020 to 2021, mobile phishing encounter rates for state and local governments on both managed and unmanaged devices increased by 48% and 25%, respectively. Through the first half of 2022, this steady ascent persisted.
  • The complexity of threat actors is increasing, with 16% of phishing assaults seeking to deliver malware.
  • Nearly 50% of state and local government employees utilize obsolete Android operating systems, leaving them vulnerable to a multitude of device vulnerabilities. Nevertheless, this is an improvement from the 99.9% in 2021.

Phishing attacks on the government are incredibly impactful

Government agencies keep and transmit a range of sensitive data, the protection of which is crucial to the welfare of hundreds of millions of people. A breach of a government institution that results in the disclosure of sensitive information, the theft of credentials, or the forced halt of activities due to ransomware can have a disproportionately impact compared to a usual cybersecurity event.

In addition, government personnel utilize iOS, Android, and ChromeOS devices daily to boost their productivity and efficiency. Their gadgets are a treasure mine of information and a gateway to government infrastructure, making them prime targets for cyber attackers. Due to the personal nature of smartphones, tablets, and Chromebooks, endpoint security must respect user privacy while protecting the individual, the device, and the company.

Tony D’Angelo, vice president of America’s Public Sector, Lookout, said, “It’s more important than ever for government agencies to keep pace with the evolution of the cyber threat environment. Regardless of whether devices are managed, protecting these modern endpoints requires a different approach — one that is built from the ground up for mobile. Only a modern endpoint protection solution can detect mobile threats in apps, device operating systems, and network connections while also protecting against phishing attacks that steal credentials and deliver malware.”

The Lookout Government Threat Report is based on a study of Lookout Security Graph data unique to federal, state, and local government institutions. The graph, comprised of telemetry data from the survey of more than 205 million devices and more than 175 million applications, allowed Lookout to identify and categorize the most significant mobile dangers faced by government agencies in 2021 and the first half of 2022. This report’s information was produced using aggregated, de-identified Lookout data.

]]>
https://evaluatesolutions38.com/news/security-news/report-nearly-50-of-2021-federal-employee-phishing-attacks-attempted-identity-theft/feed/ 0
Google Boosts Its Portfolio of Open-Source Software with Additional Privacy Capabilities https://evaluatesolutions38.com/news/security-news/google-boosts-its-portfolio-of-open-source-software-with-additional-privacy-capabilities/ https://evaluatesolutions38.com/news/security-news/google-boosts-its-portfolio-of-open-source-software-with-additional-privacy-capabilities/#respond Mon, 26 Dec 2022 16:43:26 +0000 https://evaluatesolutions38.com/?p=50541 Highlights:

  • Google LLC developed two open-source solutions aimed to facilitate the processing of user data in compliance with privacy regulations.
  • The first innovation is a tool called Magritte for blurring items in films, such as licence plates. The second is a revamped version of Google’s FHE C++ Transpiler, a privacy tool that was first launched last year.

Google LLC developed two open-source solutions aimed to facilitate the processing of user data in compliance with privacy regulations.

The first innovation is a tool called Magritte for blurring items in videos, such as licence plates. The second is a revamped version of Google’s FHE C++ Transpiler, a privacy tool that was first launched last year. It enables apps to process encrypted datasets without first decrypting them.

Magritte is based on an internal software project of the search giant. It automatically detects when an object holding sensitive data, such as a licence plate, appears in a video using Artificial Intelligence (AI). Then, Magritte blurs the object, eliminating the requirement for video editing teams to manually complete the process.

The AI features are enabled in part by Google’s MediaPipe, an open-source tool. The latter technology enables developers to create AI apps that can operate on devices with minimal computing power, such as smartphones.

Miguel Guevara, a product manager at Google’s privacy and data protection office said, “This code is especially useful for video journalists who want to provide increased privacy assurances. By using this open-source code, videographers can save time in blurring objects from a video, while knowing that the underlying ML algorithm can perform detection across a video with high-accuracy.”

Google introduced Magritte with a new version of FHE C++ Transpiler, an open-source tool that was first launched in last June. The tool facilitates the implementation of fully homomorphic encryption, or FHE, a type of encryption technique. In recent years, researchers have shown considerable interest in the technology since it has the potential to make corporate applications more secure.

To limit the danger of cyberattacks, enterprise apps save sensitive data in encrypted form. However, the data must be decrypted before being utilised. Decrypted files are more vulnerable to assaults because hackers may readily access their contents in the case of a security breach.

The FHE encryption mechanism utilized by Google’s FHE C++ Transpiler eliminates the requirement to decode data prior to processing. Hence, the strategy enables businesses to reduce the danger caused by cyberattacks.

In reality, however, it is difficult to employ FHE to increase security due to several technological hurdles. One is that running FHE software today demands a prohibitive amount of infrastructure. Another obstacle is that the technology is tough to install for developers.

Google claims that their open-source FHE C++ Transpiler tool simplifies FHE deployment. The tool is capable of analyzing a piece of code initially designed to decode data and automatically adapting it to execute on FHE-encrypted data. As a result, developers are able to construct apps capable of processing encrypted data with less effort than was previously necessary.

The latest version of FHE C++ Transpiler introduced by Google recently includes significant speed enhancements. Optimizations were implemented in the circuits used by the tool to process. In computer science, the term ‘circuit’ does not refer to an electronic component, but rather to a specific set of sequential computing processes.

Google’s engineers have halved the size of the data-processing circuits used by FHE Transpiler. According to the search giant, the consequence is a huge performance enhancement. It now requires less infrastructure to operate and can-do computations more quickly.

A substantial amount of infrastructure is required to run FHE software, which is one of the primary reasons why the technology has not yet been extensively embraced by businesses. By decreasing hardware requirements, Google’s FHE tool may facilitate the adoption of FHE by enterprises.

]]>
https://evaluatesolutions38.com/news/security-news/google-boosts-its-portfolio-of-open-source-software-with-additional-privacy-capabilities/feed/ 0