ContraForce Joins Microsoft Intelligent Security Association
Ransomware has already cost victims $45 million in 2021
Cobalt Iron Awarded Patent on Automated Network Traffic Shaping for Data Protection Operations
51% of exploits sold on underground forums are for Microsoft products
Over 60% of Android apps have security vulnerabilities
Atlas VPN’s new cutting-edge privacy feature allows users to have rotating IP addresses
HID Global’s PKI-as-a-Service Platform Enables Certificate Automation with ACME Protocol; Helps Customers Achieve 100% Secure Web
Strategic Communications Announces Exclusivity with Data Encryption Cyber Security Software Firm, DAtAnchor, Inc.
Atlas VPN launches a new privacy feature to block third-party trackers and ads
FBI’s Internet Crime Center registers over 2,000 complaints daily
NHS Business Services Authority achieves gold standard in information security management by British Standards
The NHS Business Services Authority (NHSBSA) has achieved the internationally recognised ISO 27001 (Information Security Management System Requirements) by the British Standards Institution. The certification is the result of three years’ of work and effort and shows that NHSBSA takes information security and management of the huge volumes of information and data that it owns very seriously (including scanning data, data covering all pharmacies, dental practices and health exemption information across England and Wales). The process included 13.5 audit days during February and March 2021 by certification body, the British Standards Institution (BSI). "We are extremely proud to obtain an ISO certification. Information security management is incredibly important to us and especially so during the COVID-19 pandemic”, Mark Dibble, Executive Director of People and Corporate Services at NHSBSA commented. "We will not rest on our laurels; we have and will always continue to seek ways to improve.” “The assessor was impressed with NHSBSA’s information security policies, processes, standards, and our strategic approach to information security management as an enabler for continual service improvement both within the NHSBSA and across the wider health and social care environment.” BSI will carry out annual surveillance visits for the next three years to make sure NHSBSA remains compliant with requirements and that it is continually improving on how it manages information and data.
In 2020 number of vulnerabilities in Microsoft products exceeded 1,000 for the first time
Microsoft products are used by billions of people worldwide. Historically, however, they are known to have many vulnerabilities that pose security risks to users of the software. According to data presented by the Atlas VPN team, the total number of vulnerabilities in Microsoft products reached 1,268 in 2020 — an increase of 181% in five years. Windows was the most vulnerability-ridden Microsoft product. It had a total of 907 issues, of which 132 were critical. However, Windows Server had the largest number of critical issues. In 2020, 902 vulnerabilities were detected in Windows Server, of which 138 were critical. Issues were also found in other Microsoft products, such as Microsoft Edge and Internet Explorer. Together, these browsers had 92 vulnerabilities in 2020. In total, 61 or even 66% of these vulnerabilities were of critical level. Meanwhile, Microsoft Office had 79 vulnerabilities, 5 of which were critical. Ruth Cizynski, the cybersecurity researcher and author at Atlas VPN, shares her thoughts on the situation : "These numbers are a massive problem because every Microsoft product has millions of users. Therefore, it is important that consumers update their software applications on time. Software updates can include security patches that can fix vulnerabilities and save users from getting hacked." Elevation of privilege is the most common Microsoft vulnerability A wide range of vulnerabilities was discovered in various Microsoft products last year. However, some types of vulnerabilities were more common than others. Elevation of privilege was the most frequently detected issue in Microsoft products. It was discovered 559 times and made up 44% of all Microsoft vulnerabilities in 2020. Next up is remote code execution. In total, 345 such vulnerabilities were found last year, putting it in second place on the list. Remote code execution accounted for 27% of the total number of Microsoft vulnerabilities in 2020. Information disclosure occupies the third spot on the list. There were 179 such issues discovered in 2020. Together, they made up 14% of all Microsoft vulnerabilities that year.
Cyberattacks surge by 33% in a year
Over the recent years, we hear about cyberattacks much more due to the constant increase in internet users and technology growth. According to the data presented by the Atlas VPN team, cyberattacks have increased by 33% since last year. The total amount of malicious attacks in Q1 rose from 538 in 2020 to 713 in 2021. In January 2020, there were a total of 160 cyberattacks. Meanwhile, January 2021 saw 183 malicious attacks — 14% more than the same month last year. Looking at February’s numbers, we can see a tremendous increase in cyberattacks in 2021 compared to 2020. Malicious attacks jumped by 33% from 191 in 2020 to 254 in 2021. In March 2021, cyberattacks grew more than 50% compared to March 2020. The total number of attacks went up from 187 to 276. Cybersecurity writer and researcher at Atlas VPN William Sword shares his thoughts on the increase of cyberattacks: “A significant increase in cyberattacks has shown that many companies or government administrations are not prepared to handle cybersecurity threats. With more and more people becoming victims of hackers, responsible institutions should step up their efforts in the cybersecurity field.” Most used cyberattack techniques Cybercriminals employ various techniques to penetrate vulnerable systems. Malware continues to be one of the most used techniques for cyberattacks. In Q1 2021 it was employed in 32% of all cyberattack cases. Hackers use malware to trick a victim into providing personal data for identity theft. Unknown attacks were the second most-used in the first quarter of this year at 22%. The unknown threat is classified as such when a security product cannot recognize its code, which is why it is tough to stop such attacks. Next up is account takeover (ATO). This type of cyberattack technique was used in 14% of all cyberattacks in Q1 2021. To read the full article, head over to: https://atlasvpn.com/blog/cyberattacks-surge-by-33-in-a-year
Atlas VPN releases a new security tool for monitoring data breaches
This month virtual network service provider Atlas VPN released a new security feature called Data Breach Monitor. The new feature, currently available on iOS and Android platforms, helps its users check if their personal information has been leaked online. First, users are prompted to scan their email addresses with Data Breach Monitor. The tool then searches through leaked databases to check whether the data there matches the user's information. If matching information is found, the user is presented with a list of past and current security breaches associated with their online accounts. In addition, the list includes information about when and where the breach occurred and what type of information was leaked. The leaked data can include anything from credentials such as email address, username, and password to social security numbers or other types of personal information. The tool also notifies users of new leaks affecting their personal data so they can take immediate action and stop malicious actors from exploiting their online accounts. "In the first quarter of 2021 alone, more than 5 billion records were leaked in various data breaches. These numbers are alarming, so in addition to a VPN, we wanted to offer our users an even broader set of tools to protect their online security," said the Chief Operating Officer at Atlas VPN. While all Atlas VPN users can take advantage of the Data Breach monitor to boost their online security, Premium users get full access to the feature. It means they can connect multiple email addresses to the tool to safeguard all their online accounts.
Cobalt Iron Compass Now in IBM Passport Advantage Program
Cobalt Iron Inc., a leading provider of Software-as-a-Service-based enterprise data protection, today announced that its Compass® enterprise SaaS backup solution is now part of IBM's product portfolio through the IBM Passport Advantage program. Through Passport Advantage, IBM sellers, partners, and distributors around the world will be able to sell Compass under IBM part numbers to any organizations, particularly complex enterprises, that greatly benefit from the automated data protection and anti-ransomware solutions Compass delivers. "With IBM's global sales ecosystem, entering IBM Passport Advantage gives more enterprises the opportunity to experience Compass' game-changing automated backup and security solution. Compass enhances and extends IBM technologies by automating more than 80% of backup infrastructure operations, optimizing the backup landscape through analytics, and securing backup data, making it a valuable addition to IBM's data protection offerings," said Cobalt Iron CEO and founder Richard Spurlock. "Compass automates, orchestrates, and optimizes IBM and other technologies to improve business outcomes. Now it will be simple for IBM and its channel partners to order Compass directly through IBM Passport Advantage." Through proprietary technology, the Compass data protection platform integrates with, automates, and optimizes best-of-breed technologies, including IBM Spectrum Protect, IBM FlashSystem, IBM Cloud, and IBM Cloud Object Storage. Compass will enhance IBM's data protection product portfolio with a modernized solution that delivers industry-leading cybersecurity and operational simplicity for backup infrastructures, multicloud integrations, and SaaS. In turn, with Compass in the IBM product portfolio, Cobalt Iron immediately has a global sales force with strong relationships in enterprise accounts that are an ideal fit for the Compass platform. Both customers and IBM partners will benefit from having greater accessibility to the simplicity and security of Compass. Cobalt Iron Compass is now available for purchase through the IBM Passport Advantage program.
Detection Technology unveils Aurora XS to address cost and reliability drivers of urban security market
Detection Technology, a global leader in X-ray detector solutions, today unveiled the Aurora XS to address the cost efficiency and reliability requirements of the urban security screening market. The Aurora XS adapts to versatile X-ray imaging systems, which secure safety on train and metro stations, and in public buildings and event venues, for example. The Aurora XS is available as a complete subsystem that includes detectors, a control unit, and software libraries for rapid time-to-market of cost-effective X-ray systems. “Almost everything is extra small in the Aurora XS, the newcomer to our Aurora product family. The abbreviation XS in the name stands for small bill of materials, small mechanics, small weight, small pixel size, small carbon footprint, and last but not least a smaller price, which is the most important enabler for succeeding in this price-driven segment. With the Aurora XS, small efforts and less risk-taking are required to introduce X-ray systems to entry-level non-aviation security systems that are known for their small form factors,” summarizes Jyrki Still, CTO at Detection Technology. “What is not small in the Aurora XS is innovativeness and reliability. The Aurora XS is built on a novel detector platform that is boosted by unique algorithms and an application-optimized, single-chip ASIC. These smart features make reliable dual-energy imaging with a single-layer sensor possible. In our view, we are the first in the industry to introduce such a simplified detector structure to the security market. This is a good example of our aim to simplify hardware by rethinking detector designs.” The Aurora XS has a durable structure with reliable mechanical and electrical interfaces, and a robust sensor for stringent radiation hardness requirements, and harsh imaging conditions such as humidity, mechanical stress, and temperature changes. With its robustness and simplified structure, the Aurora XS also enhances more environmental sound screening than conventional detector solutions in the segment. Furthermore, it supports safe and easy installation and maintenance. The Aurora XS provides imaging performance that meets industry regulations and responds to urban security requirements, even at low X-ray flux. The low-noise Aurora XS features a fully digitalized data path. It is equipped with an application-optimized, single-chip ASIC, which effectively mitigates the impact of external electromagnetic interferences. The Aurora XS has a wide sensitivity range from 0.25 pF to 31.75 pF with 127 controllable gain-setting steps, which ensure adaptability for the entire range of the urban X-ray screening applications. “The Aurora XS completes our offering to the security segment, as now our Aurora solutions cover all imaging needs from entry- to high-tier applications. The original Aurora detector series was introduced for mid-tier, and the Aurora CT for high-tier imaging, and now we have a perfect match for the entry level as well.” Engineering samples of the Aurora XS are available immediately. Shipments in volumes will be available starting the second half of 2021.
Cobalt Iron Assigned Patent Dynamic Authorization for Threats and Events
Cobalt Iron Inc., a leading provider of SaaS-based enterprise data protection, today announced that it has been granted a patent on its technology for dynamic authorization control based on conditions and events. Issued on May 4, U.S. patent #10999290 describes new capabilities for Cobalt Iron Compass®, an enterprise SaaS backup platform, that enable the use of analytics and machine learning to adjust user authentication and access to IT resources dynamically based on a variety of environmental and operational considerations. The technology meets an unfilled need in the industry for authorization control that responds to cyberthreats or other changes in the IT ecosystem. Authorization controls are defined as the processes by which individuals or entities are validated to have proper security authentication and permissions to execute some action against some resource, such as accessing an operations center or moving and deleting data. In most environments today, authentication roles and associated permissions often remain in place for long periods of time, sometimes years, without further validation or adjustment. As job responsibilities, projects, applications, architectures, and business needs change, these old roles and permission assignments often expose the enterprise to security risks. Cobalt Iron's newly patented techniques reduce security risks by automatically adjusting authorization controls based on conditions, events, project status, etc., thereby eliminating the pervasive security exposures of outdated, obsolete, and unresponsive authorization controls. This eases the minds of security administrators, backup administrators, systems administrators, CIOs, CISOs, and other IT professionals who are responsible for maintaining security, authentication, and access control in their environments. The techniques disclosed in this patent: Monitor for various conditions and events, such as a change in a state of a project, a change in a security alert level, or a change in the location of data or resources. Dynamically modify user authorization control, level, or duration based on the condition or event. Apply machine learning analytics to determine the condition or event. Leverage a cloud security profile to determine any user authorization modifications. An important element of the patent is that those techniques will improve over time based on machine learning. "Existing techniques for authorization control of IT resources are typically static and stale, resulting in security exposures in many of today's enterprise environments. It's impossible for humans to adequately monitor, analyze, and adjust all of the security authorization controls to IT resources that might be impacted by the innumerable changing conditions and events in an enterprise IT environment," said Rob Marett, chief technology officer at Cobalt Iron. "This patent covers techniques that automatically recognize changes in the environment and dynamically adjust associated authorization controls accordingly. This patent establishes new standards of automation, discipline, and analytics-based responsiveness of authorization control of IT resources."
HID Global Supplies Republic of Estonia with Next-Generation ePassport Solution
HID Global, a worldwide leader in trusted identity solutions, today announced it has delivered a redesigned ePassport booklet and document issuance software to Estonia’s Police and Border Guard Board (PPA ). The European country, known worldwide as a pioneer of electronic identity and services, recently issued the new passport booklet, making it possible for citizens renewing their travel documents to receive the new ePassport. “HID is proud to meet the rigorous quality and technical ePassport specifications required by the government of Estonia, which is widely renowned for providing high-caliber electronic identity documents and services to its citizens,” said Craig Sandness, Senior Vice President and Head of Secure Issuance and Citizen ID Solutions. “The new booklets and supporting software solution simultaneously enhance the country’s ePassport document with industry-leading security features, while capturing the essence of Estonia’s national identity.” Document holders benefit from various forward-looking features included in Estonia’s unique and improved ePassport. The document’s polycarbonate datapage incorporates optically variable inks, two laser images and a window in the shape of Estonia for strong protection against fraud. Additional visual components that reflect the country’s identity include visa pages that showcase six native animals found in Estonia’s natural habitats and UV and embossed features that depict the local climate. “Estonia took a significant step forward with the new passport project, introducing the identity document which binds the history, present and future of Estonia as a cohesive design and tells the story of Estonia in the world,” said Eliisa Sau, chief expert of the PPA Identity and Status Bureau. “With the project not only was the design changed, but the first ever polycarbonate datapage was introduced together with new technology and semi-automated personalisation process.” HID’s personalization and quality assurance software modules seamlessly integrate into Estonia’s existing issuance system and enable polycarbonate datapage personalization, secure chip encoding, encryption, and help ensure the condition of the ePassports. For additional security, the PPA is able to track each booklet from the manufacturing facility to the conclusion of the personalization process with HID’s inventory software module. The Estonian government issues seven types of travel documents to citizens that are valid for up to 10 years.
India, Austria, and US organizations most hit with ransomware
Ransomware attacks are one of the leading cyber threats that organizations have to face. According to the data presented by the Atlas VPN team, organizations in India, Austria, and the United States are among the most hit with ransomware attacks. To compare, more than 50% of companies in the mentioned countries experienced such attacks in the past year, while the global average is 37%. Out of 300 interviewees from India, 68% suffered from a ransomware attack. At the same time, 57 out of 100 respondents from Austria experienced a ransomware attack in the last year. Next up, in the United States, 51% of participants, out of 500 questioned, reported that they were hit with a ransomware attack. Cybersecurity writer and researcher at Atlas VPN Anton Petrov shares his advice on how to protect your organization against ransomware attacks. “Prepare a plan in case you would get hacked. Always have a backup of your data so you don't have to pay a ransom. Investing in cybersecurity will cost you less than having to deal with the aftermath of a ransomware attack.” Retail and education sectors suffer the most ransomware attacks Some organizations in specific sectors are more susceptible to hacker attacks due to their lower security levels or valuable data. However, cybercriminals do not shy away from attacking even the biggest companies or government administrations. Out of 435 respondents in the retail industry, 44% were hit with a ransomware attack last year. Hackers strike retailers when it could hurt them the most, for example, on Black Friday or Christmas seasons. Retailers share first place with education organizations — out of 499 education interviewees 44% experienced such malicious attacks. Cybercriminals usually deploy ransomware attacks at the start of a school year to cause maximum disruption. The business and professional services industry suffered the third most ransomware attacks, with a total of 42% out of 361 respondents stating they experienced a ransomware attack in the past year. Companies in this industry are usually smaller with less staff, meaning they might not have a dedicated person to ensure security. Out of 117 participants in the Central government and non-departmental public body (NDPB) sector, 40% reported being attacked with ransomware in the last year. Lastly, out of 768 respondents working in the other industries, 38% experienced a ransomware attack. To read the full article, head over to: https://atlasvpn.com/blog/india-austria-and-us-organizations-most-hit-with-ransomware
200 ethical hackers will attack the city in September 27
The municipality of The Hague in The Netherlands allows itself to be hacked every year during Hâck The Hague. A hacking competition organised by the municipality, together with cybersecurity company Cybersprint. On Monday 27 September 2021, 200 ethical hackers from the Netherlands and abroad will once again try to detect vulnerabilities in the digital infrastructure of the municipality and its suppliers. With this competition, The Hague wants to increase its resilience and stimulate its suppliers to continuously be in top digital condition, so that peace and security can be guaranteed. Selected hackers may attempt to break into the municipal digital systems and those of its suppliers on 27 September 2021. To ensure fair-play, all participating hackers agree in advance to report the vulnerabilities they find in a dedicated portal, to provide evidence of what they found, how they found it, and how it could be solved, and to not make them public. These conditions are in line with the Coordinated Vulnerability Disclosure of the municipality. Both professional hackers and students are welcome to give it a try. The municipality of The Hague strives to ensure that the handling of personal data and the availability of its services continuously meet the highest possible security requirements. This is also monitored during the hacking competition by a jury consisting of specialists from the cybersecurity industry. There are 12 cash prizes between € 500 and € 2,000 available in four categories: • Most creative hack • Most advanced hack • Most impactful hack • Hâckademic Award, including a recommendation letter (student award). With the Hâckadamic Award, The Hague wants to encourage students and other upcoming talent to do more with cyber security. Do you think you can hack the municipality of The Hague? Register before 1 June via the website Hâck The Hague.
HID Global Empowers qiiosk Ltd to Meet Rising Demand for Truly Touch-Free Dining Experiences
HID Global, a worldwide leader in trusted identity solutions, today announced that qiiosk Ltd. uses its HID NFC Tags to meet skyrocketing demand from restaurants and diners for its product Menu Tile, to give a completely contact-free dining experience. With HID NFC Tags, qiiosk was able to respond quickly to the demand for solutions capable of addressing the “new normal” of contactless dining, takeout, and delivery. The company’s enhanced solutions enable restaurant goers to securely access current menus, place orders, and submit payment simply by scanning a QR code or tapping an embedded NFC tag with an NFC-enabled smartphone or tablet. High-quality HID NFC Tags facilitate end-user interactions with qiiosk’s products, providing restaurants and other hospitality venues with robust hardware and best-in-class software for touch-free ordering and payment. “HID NFC Tags now solidly underpin our Menu Tile product and others in development,” said Justin Clark, Director at qiiosk. “We chose the solution due to our experience and confidence in the tags after significant and fierce field trials. We are confident in HID products and use them not only within our organization, but also in organizations we support.” Of particular importance to the Menu Tile product was the adhesive quality, read rate and ruggedness of HID NFC Tags, which allowed the company to equip its customers with a “fire-and-forget” solution to address rapidly evolving regulations in the hospitality sector due to the COVID-19 pandemic and increased attention on food allergen issues. With HID NFC Tags, qiiosk were able to quickly upgrade their physical product and produce enough tiles to supply customers. This positioned the company to maintain their high growth by delivering a high-quality product capable of enduring the harsh conditions of bars and restaurants—leading to cost savings and reliability. “We are pleased that qiiosk has leveraged the power of HID NFC Tags to deliver an improved product that provides exceptional results during a time of high demand and great uncertainty,” said Jean Miguel Robadey, Vice President of Industrial Smart Components, Identification Technologies with HID Global. “By integrating HID NFC Tags into its solutions, qiiosk was able to deliver to its customers more touch-free opportunities and the ability to immediately communicate menu changes and even possible COVID-19 exposures to protect their staff and diners.”
Russia’s Largest Internet Provider Mail.Ru Selects HID Global for Enabling Secure Access Control Using Smartphones
HID Global, a worldwide leader in trusted identity solutions, today announced that Mail.Ru has chosen its HID Mobile Access solution for secure and convenient access control using smartphones and other mobile devices. Mail.Ru reaches over 91% of all Russian internet users via its mail platform and social networks. The company has more than 7,000 employees and a high volume of visitors to its Moscow offices, necessitating an access control solution that provides best-in-class security and a seamless user experience. Mail.Ru was seeking a mobile solution that would easily integrate into its own smartphone app to allow employees and visitors to easily switch from using physical access cards to mobile IDs stored on their smartphones. “We considered several solutions and decided in favor of HID Global. Their reputation for reliable and secure solutions greatly contributed to our decision,” said Andrey Evtyushin, Mobile Development Team Leader Business Process Management Department, Mobile Development Group, Mail.Ru Group. “It was also important that HID Global provided the most convenient software development kit (SDK) for iOS and Android platforms to integrate into our mobile application, compared to other competitor solutions.” HID Global worked closely with local integrator partner AAM Systems to install 300 HID readers and issue 3,200 HID Mobile IDs to enable employees to use their smartphones for access control. The HID Mobile Access solution makes it possible for Mail.Ru to easily manage off-hours access and configure individual users’ security rights, as well as enable easy movement of people within the building while maintaining security. Seos credential technology, which powers HID’s solution, also enables robust mobile IDs security. Access to Mail.Ru’s global network of offices is centrally managed through HID’s cloud-based portal, and provisioning is done over the air to deliver mobile IDs to users’ phones via a mobile app. This makes it easy to add, remove or change access rights as required. “HID Mobile Access provides an ideal mix of security, convenience and flexibility; our SDK means customers can tailor the user experience so it is unique to them and on brand,” said Harm Radstaak, Senior Vice President and Head of Physical Access Control Solutions with HID Global. Mail.Ru used the HID Mobile Access SDK to integrate the mobile solution into its own company application to offer a consistent user experience across different mobile devices and operating systems, including iOS and Android™. The solution enables Mail.Ru to also provide visitors with building access so contractors, vendors and event attendees can use mobile IDs on their personal devices as part of Mail.Ru’s holistic approach to maintaining high levels of security.
Cobalt Iron Secures Patent for Automatic, Dynamic Data Collection in Response to Detected Events and Conditions
Cobalt Iron Inc., a leading provider of SaaS-based enterprise data protection, today announced that the company has been granted a U.S. patent entitled "Data Protection Automatic Optimization System and Method." Issued on Jan. 12, 2021, U.S. Patent #10891200 describes new capabilities for the Cobalt Iron Compass® enterprise software-as-a-service (SaaS) backup platform that enable automatic and dynamic adjustment to data collection activities in response to a detected event or condition. The patent addresses a large and unmet requirement for comprehensive data collection and effective monitoring in the enterprise backup world. Enterprise backup has many moving parts, including backup servers, backup server OSs, a backup catalog or database, backup software, backup agents, storage, networking, and possible cloud resources. Ideally, each of these components is continuously monitored for health, capacity, performance, and ransomware issues, but that is rarely the case. Under certain conditions or events, deeper data collection and monitoring is necessary to help identify, remediate, and track any issues. However, adequate data collection of these various metrics and conditions is seldom performed. Even when some data is collected, it almost always is static in nature — meaning the same level of data collection is performed at the same frequency, regardless of the situation or operational status. "We have developed this technology to create a more dynamic means of collecting data about backup infrastructure and operations. In particular, when certain conditions or events occur, more information is needed from components or operations in order to properly analyze, prepare for, and respond to those situations," said James Kost, senior systems engineer for Cobalt Iron. "For example, if there are operational or infrastructure issues with backup, it might be very desirable to increase the fidelity and frequency of automatic data collection for all involved components. Another example might be indications of a ransomware attack. If the business is under a particular security condition, increasing data collection fidelity and frequency can allow closer and more accurate insights into any activities that impact the backup environment and operations." The new dynamic data collection fidelity technology is targeted to IT administrators, backup administrators, systems administrators, CIOs, and other IT professionals who are responsible for maintaining backup and IT infrastructure and operations. The techniques disclosed in the patent dynamically adjust data collection activities in response to events such as failure of hardware components, network utilization issues, failed backups, transient errors, and security events, as well as business-driven dynamics such as audits and legal holds. After identifying components and operations that might be associated with a certain condition or event in the backup environment, the techniques dynamically adjust data collection fidelity and frequency accordingly. The new patent also protects the unique, pluggable Compass architecture, disclosing novel Compass techniques that automatically adjust backup, storage, cloud, and network plugged-in components as dictated by conditions or events. "This patent is a significant milestone in the ongoing development of Compass and extends Cobalt Iron's technology leadership in advanced, analytics-based optimizations of enterprise backup and IT operations," Kost added. "By initiating deeper and more dynamic levels of data collection for all infrastructure components and operations, the technology enables administrators and other IT professionals to gain deeper insights into their operations and respond faster to business, technical, political, meteorological, or other circumstances. The net result is minimized risk to IT infrastructure and operations, faster problem resolution, and the ability to capture critical information about an event that otherwise would likely be lost."
Cobalt Iron Compass Named One of DCIG's TOP 3 Google Cloud Platform Cloud Backup Solutions
Cobalt Iron Inc., a leading provider of SaaS-based enterprise data protection, today announced that DCIG has named the company's industry-leading Compass® enterprise SaaS backup platform as a TOP 3 Google Cloud Platform (GCP) backup solution for 2021. In its latest report, DCIG noted that Compass is a highly distinguished player in the cloud backup market, having earned three other rankings in earlier DCIG reports. These include the TOP 5 cloud backup solutions for Microsoft Azure, the TOP 5 for enterprise AWS, and the TOP 5 enterprise anti-ransomware backup solutions. "GCP offers many features organizations need from a public cloud platform: high availability, redundancy, security, and much more. Even with these benefits, organizations still have to assume responsibility for the applications and data they host with GCP — and that means adopting comprehensive solutions for backup and recovery," said DCIG president and founder Jerome M. Wendt in his latest report. "Cobalt Iron Compass continues to distinguish itself as a leading backup and recovery solution regardless of the public cloud environment, with all-inclusive licensing that offers multiple deployment options for GCP." In his detailed DCIG report, Wendt differentiates Compass from the other evaluated GCP cloud backup solutions in several key areas. These include: An analytics engine to improve backup and recovery — Users enjoy the benefits of the Compass Analytics Engine. This software constantly evaluates how Compass backups perform in the GCP cloud. Using this information, Compass may automatically act to optimize backup schedules, resolve backup storage issues, and detect and alert to ransomware's presence. A cloud-like, SaaS-based backup experience across hybrid environments — Organizations may deploy Compass on physical, virtual, or cloud instances. These instance types interact with one another to function as a single, logical, converged infrastructure across physical, virtual, and cloud environments. Instant recoveries — The need for instant recoveries does not instantly go away once organizations host applications and data in GCP. Among the DCIG TOP 3 backup solutions, Compass is the only one to provide this functionality. Protection for non-GCP MariaDB and NoSQL databases hosted in GCP — Cobalt Iron leads the way in certifying support for the protection of non-GCP databases hosted in the GCP. Organizations looking to back up their MariaDB or NoSQL databases hosted in GCP need look no further than Compass to perform this task. Support for backup across multiple public and private clouds — Cobalt Iron differentiates itself from almost all other backup solutions by offering backups across multiple public and private clouds. In addition to GCP support, Compass protects applications and data hosted in the Alibaba Cloud, AWS, Azure, and the IBM Cloud. "IT managers, execs, and engineers listen to DCIG when they're evaluating data protection solutions for their operations. That's why this latest TOP ranking is so significant — it really cements Compass' position as a platform-agnostic cloud backup provider that plays well with all of the major providers," said Andy Hurt, chief marketing officer at Cobalt Iron. "We appreciate DCIG's ongoing support and its validation of Compass as one of the industry's most powerful and versatile data protection solutions for any cloud or on-prem application."
SmartSafe City Solutions Market to Soar Globally as Governments Increase Public Safety Measures
Many cities around the world are planning for, purchasing, and bringing online their SmartSafe City programs and technology systems to integrate their public safety, health, city services, and citizen engagement capabilities to better serve and safeguard citizens. Frost & Sullivan’s recent analysis finds that the SmartSafe City solutions sector is expected to reach a market value of $12.2 billion by 2030, from $10.6 billion in 2019, driven by an increase in demand for digital threat remediation measures. Technologies used in these SmartSafe systems fit into three broader categories: observation, remediation, and protection solutions. Cities can plan the best operational structures for their programs to operate within by finding the best balance of the three technology solution types, coupled with agency manpower and security operations personnel. “These programs not only bring together the operations of multiple city departments and agencies but also look to integrate a host of technology solutions that can help augment public safety activities and inform better decision making and event response,” said Danielle VanZandt, Industry Analyst, Frost & Sullivan. “Rapid digitalization, a need for more real-time analysis, and information on public safety operations have driven the march forward for many SmartSafe City programs across the world. The pandemic has highlighted the need for an effective public safety response to multi-faceted incidents, ones which require multi-agency collaboration within a city environment to ensure the health and safety of citizens.” VanZandt added: “The Asia-Pacific region holds some of the most mature SmartSafe City programs in the world and will see the highest spending growth rate globally until 2030. North America will see some short-term growth due to new technology purchases, such as data analytics, digital platforms, and touchless access controls systems, to meet new public health requirements arising from COVID-19. In the Middle East, much of the current spending will be on ‘observation’ technologies in preparation for the 2022 FIFA World Cup and to enhance public health response to the pandemic.” For further revenue opportunities, market participants should explore these strategic recommendations: • Cloud System Migration: Vendors that can emphasize the multiple capabilities available within a cloud offering—such as multiple analysis capabilities, data synthesis, reduced storage capacity, and accessibility to data outside of the command center—will find cities and law enforcement agencies more willing to embrace the cloud model. They can do this through a total cloud solution upgrade or a shift to a hybrid-cloud model that allows for cloud capabilities while remaining connected to an existing command center or real-time crime center. • Digitalization of Legacy Processes: Digital solution vendors looking to engage with public safety agencies need to work with the end-user to determine whether an open integration with legacy systems is most feasible for the agency or whether a total solution upgrade will be necessary. Emphasizing the need to break down data silos and integrating all the investigative data will help determine an agency’s path. • Automated Processing and Analysis for Incident Detection and Response: When designing new analysis capabilities, vendors should first look at the analytics tools already put in place by a city and create risk-scoring criteria that can better identify incidents or suspicious activities and then rank them according to prioritization levels. Vendors should also ensure that these risk-scoring criteria can be updated as city priorities or threat vectors change over time.
Top Three Ways to Drive Boardroom Engagement around Cybersecurity Strategy
Trend Micro Incorporated (TYO: 4704; TSE: 4704) shared results from a sponsored study conducted by the Enterprise Strategy Group (ESG) that reveals systemic challenges with security integration into business processes. The report includes the top ways to drive engagement and agreement around cybersecurity strategies within an organization. Read a full copy of the report, Cybersecurity in the C-suite and Boardroom (https://resources.trendmicro.com/rs/945-CXD-062/images/ESG-eBook-TrendMicro-Cyber-C-Suite-Boardroom-Dec2020.pdf), or watch this webinar to learn more (https://resources.trendmicro.com/WBN-ESG-Cybersecurity-Boardroom.html?linkId=109490866). The study found that only 23% of organizations prioritize the alignment of security with key business initiatives. Here are three key recommendations to remedy this core challenge: Add a Business Information Security Officer (BISO) to improve business-security alignment. Build a top-down, measurable program to help CISOs better communicate with their boards. Change reporting structures so CISOs report direct to their CEO. The study also found that when board members are more educated and engaged in the cybersecurity function, they ask tougher questions, dig deeper into issues, and are more likely to make the leap from technical to business issues. The vast majority (82%) of survey respondents claimed that cyber risk has increased in the past two years, thanks primarily to a rise in threats, an expanding corporate attack surface and the fact that business processes are more dependent than ever on technology. Yet despite the rapid adoption of digital transformation processes in the past year, security is still viewed as primarily (41%) or entirely (21%) a technology area. The lack of cybersecurity prioritization is particularly true in the boardroom. Although 85% of respondents claimed that the board of directors are more engaged in security decisions and strategy than two years ago, often those executives are passively drawn in because of a major breach, new compliance requirements or the creation of a security program by a CISO. In fact, 44% of respondents indicated that their board of directors have limited involvement in many critical cybersecurity operations. This lack of engagement means many boards are only prepared to fund the bare minimum to meet requirements for compliance and protection. "Striving for 'good enough' security is frankly not good enough given today's cyber risk landscape. This report mirrors many of my conversations with CISOs highlighting that lack of boardroom engagement can lead to poor cyber hygiene, and security that is not properly integrated into business processes," said Ed Cabrera, chief cybersecurity officer for Trend Micro. "We can only create a culture of cybersecurity if CEOs and corporate directors lead by example. This encourages every employee to believe they have a role in protecting the organization." ###  The study was compiled from a web-based survey of 365 senior business, cybersecurity, and IT professionals in North America (US and Canada) and Western Europe (UK, France, and Germany) working at midmarket (500-999 employees) and enterprise-class (1,000+ employees) organizations.
V2X Market is Facing More Cyber Threats Than Ever
According to SAS, by 2025, there would 2 billion connected cars – cars with new car features and aftermarket devices. As vehicles are getting “smarter” with these internet connected devices, the risk of getting cyber attack is more than ever. When vehicles are connecting to everything (a V2X environment), they’re facing 3 main problems – 1. Many ways to break in the car: Driver assistance system, blind spot system, or even entertainment system on cars could be hackers’ target. In the other side, key players in automotive industry are aiming to achieve fully automatous driving. That means car will rely on connected devices and their communication more than before. Any slight malfunction in system could lead to significant accident. 2. Various types to break into the system: There is a long list for cyber attacks including WiFi / bluetooth Attack, remote vehicle hijacking, man-in-the-Middle attack, GPS Spoofing, etc. There is no one easy way to solve all of them by just one click. 3. No digital data / evidence for tracking: We may get record from car black box when car activity happens in physical environment. However, there’s no specific way to keep record for car activity in cyber space. It’ll hard for people to understand the real cause of car accident – physical hit or cyber attacks? ArcRAN, a cybersecurity company focusing in V2X, is continuously working on these problems. Based on ArcRAN’s real site test, top 1 cyber threat for V2X site is “GPS Spoofing” - when a person uses a radio transmitter to send a fake GPS signal to a receiver antenna in order to counter a legitimate GPS satellite signal. ArcRAN provides V2X cybersecurity solution – iSecV to monitor wireless signals (WiFi, Bluetooth, ZigBee, and C-V2X) in order to detect abnormal behavior in V2X environments. Powered by machine learning and Integrated with threat intelligence, it provides early warning to unexpected incidents.