Рубрика: Cybersecurity

How quantum computing will create opportunities for improved cybersecurity?

Quantum computing is emerging as a subfield of quantum information science. This technology has already started attracting interest from researchers and technology companies with almost feverish excitement and activity. Companies have even begun racing to achieve quantum supremacy. In 2019, Google officially announced that it achieved quantum supremacy. Quantum computing promises great potential in diverse areas, including medical research, financial modeling, traffic optimization, artificial intelligence, weather forecasting, and more.

Quantum computing can be a ground-breaking technology for cybersecurity, enabling companies to improve their cybersecurity strategies. It will help detect and deflect quantum computing-based attacks before they cause harm to groups and individuals.

Quantum Cybersecurity

Quantum cybersecurity is the field of study of all aspects affecting the security and privacy of communications and computations owing to the development of quantum technologies. Quantum computers are likely to solve problems that cannot be done by traditional computers, such as solving the algorithms behind encryption keys that safeguard data and the internet’s infrastructure. Moreover, as most of today’s encryption relies heavily on mathematical formulas that would take impractically much time to decode using today’s computers, a quantum computer can easily factor those formulas and break the code.

Over 20 years ago, Peter Shor, an MIT professor of applied mathematics, developed a quantum algorithm that could easily factor large numbers far more quickly than a conventional computer. Since then, scientists have been working on developing quantum computers that can break asymmetric encryption.

The development of large quantum computers could have calamitous consequences for cybersecurity. In this context, thinking quantum cybersecurity solutions will be an advantageous edge. Quantum cybersecurity can pave more robust and compelling opportunities for the security of critical and personal data. It will particularly be useful in quantum machine learning and quantum random number generation, as noted by IBM.

The pace of quantum research undoubtedly continues to accelerate in the years ahead. But it will also pose challenges and vulnerabilities to mission-critical information needed to retain its secrecy. Adapting to advanced cryptography to address these threats could be an obvious solution. The quantum cryptography approach is based on creating algorithms that are hard to break even for quantum computers. This approach can also work with conventional computers.

Another security approach against quantum computing attacks is lattice-based cryptography. Conventional cryptographic algorithms can be replaced with lattice-based algorithms that are designed with proven security. These new algorithms can conceal data inside complex math problems called lattices. Google already has begun testing post-quantum cryptography methods that integrate lattice-based algorithms. According to IBM researcher Cecilia Boschini, lattice-based cryptography will prevent future quantum computing-based attacks and form a basis for Fully Homomorphic Encryption (FHE) that makes it possible for users to perform calculations on a file without seeing the data or revealing it to hackers. The NSA, NIST, and other governmental agencies are also starting to invest in this developing method.

Moreover, according to a Forbes article, quantum computing can transform cybersecurity in four areas: quantum random number generation is fundamental to cryptography; quantum-secure communications, specifically quantum key distribution (QKD); post-quantum cryptography, and quantum machine learning.

The post The Promise and Impact of Quantum Computing on Cybersecurity appeared first on Analytics Insight.

It is impossible to escape from data breaches today, so why not strengthen cybersecurity through simple action plans?

Data is an important asset to any organization, which is why it is an important area of concern for every C-suite leader and a primary target of cybersecurity attack by criminals. In recent years, both large and small organizations have been affected by data breaches. With predictions that ransomware attacks, cloud data breaches, attacks on endpoint devices and the Internet of Things (IoT), to continue to rise in 2021 and beyond, protecting data has been a chief priority for enterprises.

Data breaches happen on an everyday basis, endangering email addresses, passwords, credit card numbers, social security numbers and other highly sensitive data. Today, we live in an age where one cannot afford to ignore the implications of leaving data unguarded. As per CSO, about 3.5 billion people saw their personal data stolen in the top two of 15 biggest breaches of this century alone. Last year, European budget airline EasyJet suffered a major breach that began in January. In this data breach, credit and debit card details of over 2,000 customers were exposed via emails and travel information.

In May, Russian delivery company, CDEC Express, suffered a major breach when it was discovered that the records of 9 million customers were for sale on the dark web. In June, a breach at the PostBank in South Africa affected between 8 and 10 million beneficiaries who receive social grants every month, as an unencrypted master key was stolen by employees – thus granting complete access to the bank’s systems and the ability to change information on any of the bank’s 12 million cards. Even social media platform Twitter saw a security breach where hackers targeted about 130 accounts, tweeted from 45, accessed the inboxes of 36, and were able to download Twitter data from seven.

These instances prove that securing data is not only an IT problem, nor is it limited to large firms, in reality anyone can be victim to these data based cyber threats. According to Cybersecurity Ventures in 2021, the annual costs of these attacks is expected to reach an incredible US$6 trillion.

As data breaches and other cybersecurity risks will increase with expanding computer networks, companies are investing heavily to deploy the best of cyber defense capabilities, to protect their critical assets. Meanwhile, C-suite leaders should identify where their most important data and sensitive business information lies, which can enable proactive monitoring and allocation of more resources to safeguard the most vital assets. A successful cybersecurity approach should consist of multiple layers of protection that spread across all the networks, computers, programs, and data that one intends to shield against data based cyber threats.

Start Simple is the Key

Some of the general ways to protect data include:

• Data Encryption — converting the data into a code that cannot be easily read without a key that unlocks it. One can also opt for multifactor authentication measures.

• Masking certain areas of data so personnel without the required authorization cannot look at it.

• Creating data backups so that it can be retrieved in case of massive data loss.

• Conducting regular audits to review the data storage systems, data strategy and loopholes, suggest improvements to guard the system and mitigate and prevent potential threats. C-suite leaders should also make sure to conduct enhanced recruitment checks and credit and criminal record checks on people with access to data.

• Educating and training employees about remote work cybersecurity, social engineering scams like phishing and sophisticated cybersecurity attacks like ransomware and other malware designed to steal intellectual property or personal data. Companies can enrolled them for cyber range training.

• Implementing strong end-point security, and continuous monitoring of activities and events on endpoints to detect and block threats that get past initial defenses.

• Install strong firewall to control internet traffic coming into and flowing out of the business.

• Limiting data accessibility by determining what an employee needs access to and ensure they have access to only what they need. Such limitations will help in efficient data management and ensure it is being safeguarded from theft or loss.

While installing antivirus and anti-malware software are important arsenals of data protection, there are a wide range of other options C-suite leaders must explore: enterprise data protection, cloud data security tools, all in one security softwares for mobiles, web browsers, emails and more.

The post Enhancing Cybersecurity Measures for Data Protection appeared first on Analytics Insight.

Managed Security Services Providers (MSSPs) work full-time to shield businesses against cyberattacks

The number of cybersecurity risks is consistently growing over years. Companies are facing ransomware, malware, virus infections, or cyberattacks. More than successfully running an organisation, businesses are now focused on encrypting their solutions in a safe place to protect them from security breach. Companies have long been going after the idea of forming in-house cybersecurity teams that work full-time to shield the business from security breaches. However, the recent concept of adopting Managed Security Services is becoming mainstream.

Like many other streams, cybersecurity is also leveraging advanced facilities from technology. Cybersecurity providers are also working on enabling advanced artificial intelligence (AI)-led security services. At the time when companies are undergoing a massive scale of digital transformation, the need for a secure place to house all the business information turns mandatory. Cybercriminals attack all kind and size of organisations. The days when firewall and antivirus solutions were more than enough to protect against cyberattacks are long gone. Today, hackers are coming up with advanced techniques to dwell into business information. In fact, 2019 Data Breach Investigation Report published by Verizon shows that almost half of all breaches occurred at small organisations. Unfortunately, small companies are financially tight to afford an in-house security team. A handy solution that small, medium and large enterprises can take is to adopt Managed Security Services. Managed security services (MSS) is the effective and proactive cybersecurity solution capable of delivering the level of protection organisations need to defend themselves in a hostile threat landscape.

What is Managed Security Services (MSS)?

Managed Security Services (MSS) is the outsourcing of security services to a service provider that holds advanced expertise and tools and stay ahead with the newest trends in cybersecurity. Third-party providers offer managed security services for the oversight and administration of a company’s security processes. Managed security service providers avail the service either in in-house or remotely through the cloud. Common services by MSSP include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services. As the MSSPs provide 24×7 services, companies relieve from employing operational security personnel and retain to maintain an acceptable security posture. Some managed security service providers specialise in certain areas while others offer full outsourcing of an enterprise’s information security program.

Major benefits of having a managed security service provider

Lowers cost in many ways

Managed security services providers avail security as a whole package. The overall features provided by MSSPs stop the companies from spending money both on cybersecurity tools and staff. Remarkably, companies don’t have to train the staff or ensure that the IT teams have up-to-date knowledge of cybersecurity and threats. MSSPs take care of all the loose ends in a company. Businesses don’t have to worry about hiring extra staff for in-house security teams as MSSPs provide 24 hours a day, 7 days a week service. An MSSP spreads the fixed costs of investments in technology over a broad customer base. And as a customer, the company directly benefits from the service.

Access to leading technology and expertise

The big trouble that both big and small organisations face is to tackle the challenge of hiring experienced security professionals and use advanced technology to tackle cyber attacks. One of the most significant benefits of using MSSP is that the provider has access to leading technology and expertise. As MSSPs focus only on encrypting and retrieving companies from cyber threats, they employ the best professionals and use best-of-breed technology to help their customers handle a variety of threats.

Rapid incident response and event investigation

MSSPs leverage unmatched experience in handling enterprise security incidents through Incident Response and Event Investigation services. As MSSPs are active all the time, it can give quick hit backs to hackers who individually or as a group try to enter the private space of a company. It also recommends specific actions using digital forensics and their experience with literally thousands of hours handling every possible crisis.

Round the clock service

More than providing security services round the clock, MSSPs also use artificial intelligence to identify anomalies and if there are no anomalies in certain areas, that is also something to keep an eye on as per the Zero trust policies which service providers follow. Despite being on the heels to shield real-time security breach, MSSPs also take necessary precautions to avoid any unplanned disruptions.

Automatic detection and fixing of vulnerabilities

MSSPs take a lot of load off the company’s head when it comes to detecting and fixing the vulnerabilities. An MSSP can structurally detect and reduce vulnerabilities in critical systems, proactively predict threats, especially, for targeted cyberattacks and automatically detect important offensive tactics and methods in threat situations. Besides, MSSPs also respond effectively and quickly, and reduce the likelihood of an attack succeeding and becoming an event that takes a lot of time to control.

The post Managed Security Services: Encryption against Cyberattacks appeared first on Analytics Insight.

2020 hasn’t been a promising year for many. Making matters worse, the healthcare industry which has always been our saviour (actually, more than a saviour in 2020) has seen the worst of cyberattacks ever. Yes, we’ve seen these attacks happening in other industries as well but a cyberattack pertaining to the healthcare sector has its own set of challenges. Healthcare industry is associated with loads of data and is also said to possess weak security in comparison to other sectors which is why it is prone to cyber-attacks. Theft of identity and other relevant information is the motive, needless to say.

Having said that, let’s have a look at the healthcare industry’s cyberattacks in the year 2020 that left the world baffled.

BLACKBAUD

There are always some events (good as well as bad) that remain in our memory forever. Well, the cyber-attack of Blackbaud is surely one of those events that’ll remain imprinted in our minds.

The very thought of breaching the data of millions of patients leaves us terrified. Now imagining how impulsive this attack would have been (though, it still is) for there is still no clear information available as to how many patients have been impacted so far itself sends chills down the spine. But, it is believed that over 10 million patients have been breached of their data. Yes, you read that right. OVER 10 MILLION!!

It was in the month of May that Blackbaud was infected with a ransomware attack. Even though the company’s cyber-security team was able to stop the attackers in midway, the attackers still had a good chunk of data with them such as name, contact details, health details, etc.

With over 10 million people being affected, this surely stands as one of the worst cyber-attacks one can think of.

LUXOTTICA

Luxottica, an eye-care conglomerate saw one of the worst cyber-attacks in the year 2020. In August, the attacker hacked the web-based appointment scheduling application (used to schedule appointments) that is managed by Luxottica. It was after 4 days of being hacked that it was detected.

It was found that the data about prescriptions, health insurance details, date and time of appointment, credit card information, etc. of as many as 8.29 lakh patients were stolen, making it yet another major cyber-attack in 2020.

HEALTH SHARE OF OREGON

What could be worse than breaching data by stealing a laptop that had data of not hundreds, not thousands but lakhs of people? This is exactly what happened when the laptop owned by a transportation vendor of the Health Share of Oregon got stolen and data of about 6.5 lakh patients was at stake.

The device that got stolen had information about the contact details of the patients, Medicaid ID numbers, date of birth, etc. The only thing that relieved the tension to some extent was that the device had no information about the health history of the patients. But, with 6.5 lakh patients’ data being involved in the attack, this surely makes its place in the top attacks of the year.

ASPENPOINTE

This cyber-attack came into light in the month of September. Aspenpointe, a behavioural and mental health provider, issued a statement saying that approximately the data of approximately 3 lakh patients was compromised. It was during this period that the company had to stop a majority of its operations for a number of days. A thorough investigation into this matter finally could reveal that the hackers who were involved in this attack had gathered information like contact details, bank account details, date of birth, etc.

MAGELLAN HEALTH

Magellan Health plan’s servers were hit by a ransomware attack in the month of April and the attack was severe enough as with this attack nearly 3.65 lakh patients and employees got impacted. Hackers had gained access by leveraging a social engineering phishing scheme that impersonated a Magellan Health client and all this was done 5 days prior to the attack.

Employee information like their credentials, passwords, etc. and patient data like health insurance account information, contact details, treatment information, etc. was stolen.

While the healthcare sector continues to offer life-saving services and is undoubtedly a blessing for all of us, but the number of cyber-attacks in this industry raises concern about its weak security. It is high time now that this is taken note of and come up with solutions to put a halt to these attacks.

The post Top 4 Cyberattacks that Shook the Healthcare Industry in 2020 appeared first on Analytics Insight.

Learn about cybersecurity engineer jobs and what do employers look for in a candidate?

Cybersecurity is a fascinating and relentlessly evolving industry. In the last few years, the industry has witnessed exponential growth with the rapid emergence of cyber-related threats. To ease such threats and risks, companies are actively looking for advanced cybersecurity solutions and professionals with germane knowledge and skills who can operate those solutions to ensure better protection. Cybersecurity engineer is one of the most demanding tech professions in the cybersecurity job market that is soaring unprecedently.

Cybersecurity engineers typically design information security solutions and make security strategies to defend against persistent threats. As every organization these days rely on a well-built IT infrastructure, it is cybersecurity engineers’ responsibility to safeguard it from cyberattacks.

What Does a Cybersecurity Engineer Do?

• Planning and executing security measures.

• Assessing security needs and carrying out best practices and standards accordingly.

• Checking for susceptibility, inspecting and detecting security risks, and creating the best security system.

• Responding to all security breaches of the network and associated systems.

• Conducting testing and scans regularly to identify vulnerabilities in the network and system.

• Taking an active role in the change management process.

What Skills a Cybersecurity Engineer Should Possess?

• Bachelor’s degree in Computer Science, Systems Engineering, or related STEM subject.

• Knowledge of programming languages such as Java, C++, Ruby, Python, Node, Go and Power Shell.

• Knowledge of firewall and intrusion detection/prevention protocols.

• Familiarity with Windows, UNIX and Linux operating systems.

• Expertise in virtualization technologies, and MySQL/MSSQL database platforms.

• Knowledge of the latest trends and awareness of current hacking techniques and cybercrime.

• Problem-solving skills, with technical aptitude and business acumen.

What Education and Certifications a Cybersecurity Engineer Should Have?

To become a successful cybersecurity engineer, an aspirant must have a bachelor’s and master’s degree in computer science from any recognized university. They also must carry knowledge in a related field. Apart from this, there is a myriad of certifications available that a candidate must learn. Some top certifications are:

Certified Information Systems Security Professional (CISSP)

This certification program is ideal for experienced security practitioners, managers and executives who are interested in proving their knowledge across a wide array of security practices and principles. With CISSP, an aspirant will be able to effectively design, implement and manage a best-in-class cybersecurity program. He/she can even validate their expertise and become an (ISC)² member, unlocking a broad range of exclusive resources, educational tools, and peer-to-peer networking opportunities.

Certified Ethical Hacker (CEH)

CEH is an ultimate ethical hacking certification issued by EC-Council. This certification is achieved through the CEH examination by attending training at an Accredited Training Center (ATC) and completed through EC-Council’s learning portal, iClass. The current version of the CEH is v11, which will teach learners the latest commercial-grade hacking tools, techniques, and methodologies used by hackers and information security professionals to lawfully hack an organization.

Certified Information Systems Auditor (CISA)

This certification course offers expertise in the acquisition, development, testing, and implementation of information systems and teaches the guidelines, standards, and best practices of protecting them. It helps learners with the skills required to govern and control enterprise IT and perform an effective security audit.

Global Information Assurance Certification (GIAC)

GAIC certifications develop and administer premier, professional cybersecurity certifications. GIAC Certifications provide the highest and most rigorous assurance of cybersecurity knowledge and skill available to industry, government, and military clients globally. GIAC offers over 30 cybersecurity certifications in security administration, management, legal, audit, forensics and software security. Each certification represents a certified individual’s mastery of a particular set of knowledge and skills.

Conclusion

There is no wonder that cybersecurity risks in the last couple of years have snowballed significantly. Companies are taking every step to safeguard susceptible information, customer data and other business assets from cybercriminals. This is increasingly soaring the demand for cybersecurity engineers and will continue to surge as organizations more rely on digital technologies.

The post Want to Become a Cybersecurity Engineer in 2021? appeared first on Analytics Insight.

The cybersecurity strategies built by an organization must be established in such a way that almost all users are kept safe.

Cyber threats are continuously fluctuating and are shifting in alignment with the times. Website hacking, illicit transactions via internet banking, and more have become an almost regular phenomenon. The rapid dissemination of emerging technologies such as IoT and the growing use of digitalization has been observed in recent years. In addition, cyber-attacks can cause a business tremendous harm. These reasons also increase the value of security measures than it has ever been.

According to The Print, “Cybersecurity experts predict that in 2021, there will be a cyber attack incident every 11 seconds. This is nearly twice what it was in 2019 (every 19 seconds), and four times the rate five years ago (every 40 seconds in 2016). It is expected that cybercrime will cost the global economy $6.1 trillion annually, making it the third-largest economy in the world, right behind those of the United States and China.”

Importance of Cybersecurity and its challenges

The data and integrity of computer properties belonging to or linking to the network of an entity are secured by cybersecurity. Its goal is to protect those resources over the whole lifespan of a cyber attack against all security threats.

Security policies could mean changes, as they may fluctuate in data access concentrations and may use different IT frameworks. To confirm that the security requirements of every client are acknowledged without gaps or overlaps of others, a robust cybersecurity policy is essential.

But with benefits come challenges. The increasing essence of security threats themselves is the most significant cybersecurity problem. Generally, much of their cybersecurity efforts have been concentrated on security controls by companies and the government to safeguard only their most sensitive device elements and protect against known attacks. Nowadays, this strategy is not enough as the risks progress and adapt faster than companies can. Hence, the cybersecurity strategies built by an organization must be established in such a way that almost all users are kept safe.

Cyber laws and regulations

That’s why it is important to have proper cyber laws to protect customers from fraudulent activity. They exist, but they continue to evolve to deter online piracy and crimes effectively. It is important to understand the cyber laws of your nation and the local community for someone who is using the internet, so you can see what is and does not happen legally online. It is possible to punish someone who commits such crimes with imprisonment or a massive fine.

According to Appknox, “As human dependence on technology intensifies, cyber laws in India and across the globe need constant upgradation and refinements. The pandemic has also pushed much of the workforce into a remote working module increasing the need for app security. Lawmakers have to go the extra mile to stay ahead of the impostors, in order to block them at their advent. Cybercrimes can be controlled but it needs collaborative efforts of the lawmakers, the Internet or Network providers, the intercessors like banks and shopping sites, and, most importantly, the users. Only the prudent efforts of these stakeholders, ensuring their confinement to the law of the cyberland – can bring about online safety and resilience.”

The post Unleashing the Development of Cyber Security Solutions appeared first on Analytics Insight.

Needless to say, one would definitely fall short of words when it comes to praising the healthcare sector for what it has been. Having said that, the role played by this sector especially in the global pandemic needs no special mention. This sector, in addition to being under a lot of pressure to provide services to the needy, is also struggling with numerous cyber-crimes for quite some time now. Be it Distributed Denial of service attack, ransomware attack, botnets or any cyber-attack for that matter, the healthcare sector has seen it all.

Healthcare is one of the most adversely affected sectors in terms of cyber-attacks. The struggle to manage help people (patients) and the need to protect the extremely sensitive information of them has always been a tough task and that’s the reason why the sector has seen some really bad cyber-attacks in the past. Covid-19 adds to this and makes matters worse. With the outbreak of Covid-19, this sector seems to have faced a lot more risks pertaining to cybersecurity. Hospital yards and vaccine development labs have seen the worst possible cyber-attacks. In this current situation where the development of vaccines is critical and the fact that the economy is severely dependent on the same, attacks to disrupt the economy of other countries are very much possible.

What can healthcare organizations do here? Just like we have insurance plans that cover our health, the concept of cyber insurance can serve to be a good option here. This, to some extent, can aid in getting things back to normal.

With more and more hackers engaging in cyber breaches, the healthcare sector is undoubtedly struggling to keep up with all of this. Thankfully, there are some groups that are voluntarily coming up to help the healthcare sector deal with the same. Also, a lot of initiatives are being taken up as well by the healthcare sector in order to fight these cyber-crimes. It is now seen that the healthcare organizations are working in the areas of suitable anti-virus, appropriate monitoring, patching the systems and so on. Updating regularly is also something that is being focussed on.

It is also worth noting that the healthcare sector is highly vulnerable to such cyber-attacks because the sector is not equipped with highly skilled teams that’d take care of these attacks and mitigate them without much efforts being put. This is where technology can serve as a blessing. There’s probably nothing more efficient and reliable than Artificial Intelligence and machine learning in this aspect.

Considering a situation where a health professional clicks on a suspect link, AI comes into the picture in no time and protects from threats like malware, viruses, ransomware, malicious websites and a lot more.

Some steps that healthcare organizations can take in order to deal with cyberattacks and to mitigate the risk could be by putting restrictions on the installed software applications, increase vigilance especially in the areas pertaining to IoT (Internet of Things) devices, home peripherals, etc. This is because a lot of appointments are virtual (from home) as a result of the pandemic. All this is, no doubt, important but what is equally worth paying attention to is educating the stakeholders. They should know every minute detail with regards to the security of the sector and how can they aid in dealing with the same. With all of this in place, the day when the healthcare sector would boast about its cyber-security is definitely not far away.

The post How Healthcare Industry can deal with Cyberattacks appeared first on Analytics Insight.

Analytics Insight has listed top cybersecurity funding and investments of 2021 so far

Cybersecurity will be a booming field in 2021. While all other tech sectors are driven by reducing inefficiencies and increasing productivity, cybersecurity funding and investments are driven by cybercrime. The world is slowly coming back to its normal self after undergoing a catastrophe. 2021 is the year of hope with vaccines and large-scale inoculation programs. However, the importance of cybersecurity remains the same as most companies chose to follow remote working for a long time. During the pandemic, organizations were forced to work from home. At that time, they became aware of cybersecurity issues and took special care to secure company data. This has further accelerated the funding in the cybersecurity sector. However, the landscape is set to undergo massive changes, and organizations need to have an idea about the future to take the necessary steps to adapt to the fast-changing threat landscape. Analytics Insight brings you a list of cybersecurity investment and funding that took place in 2021 so far.

Top cybersecurity investments and funding of 2021

Iboss

Amount funded: UD$145 million

Transaction type: Series B

Lead investor(s): Undisclosed

Cloud security provider, iboss has raised US$145 million in new funding. The US-based firm will use the new capital to support its growth plans for 2021, as enterprises across the world look to move their cybersecurity operations to the cloud. The company said that it has consolidated networking and cloud prediction into a Secure Access Service Edge (SASE) model that provides infinite scalability while ensuring fast, secure and compliant connections.

Lacework

Amount funded: US$525 million

Transaction type: Series D

Lead investor(s): Sutter Hill and Altimeter Capitol

Lacework, an end-to-end cloud security start-up has announced that the company has secured US$525 million in funding round, after reporting massive revenue growth during a year when demand for cloud security services boomed. Founded in 2015, Lacework software targets security gaps in threat detection, behavioural anomaly detection, and also aims to ensure cloud compliance across AWS, GCP, Azure and Kubernetes services. The company plans to use the new proceeds for product development, sales and market, and international expansion, especially into Europe.

Nisos

Amount funded: US$6 million

Transaction type: Series A

Lead investor(s): Paladin Capital Group

Nisos, the management intelligence company announced US$6 million funding led by global cyber investor Paladin Capital Group. The investment enables Nisos to expand its marketing and operations while extending its international footprint. Nisos solutions enable security, intelligence, and trust & safety teams to leverage a world-class intelligence capability tailored to their needs. The company also focuses on robust data collection with a deep understanding of the adversarial mindset delivering smarter defence and more effective response against advanced cyberattacks, disinformation and abuse of digital platforms.

Swimlane

Amount funded: US$40 million

Transaction type: Undisclosed

Lead investor(s): Undisclosed

Swimlane, a Denver-based security operations management software provider has raised US$40 million in funding to be put towards accelerating partnership and alliances, expanding R&D, and enabling further global expansion. Swimlane’s suite of the security orchestration, automation, and response (SOAR) tools can automate 80-90% of the incident response process with extensible automated workflows and playbooks that interface with organisations’ existing tools while addressing data compliance law and regulations.

SecurityAdvisor

Amount funded: US$7.3 million

Transaction type: Series A

Lead investor(s): ClearSky Security

SecurityAdvisor, the California-based security awareness platform closed a US$7.3 million Series A funding round led by ClearSky Security with participation from Crosslink Capital, SixThirty Ventures, and Cyber Mentor Fund. The company will use the capital to support product development and drive market awareness of its innovative offering amongst enterprise security leaders. SecurityAdvisor is the only personalised security awareness platform that quantifiably reduces security incidents. The company’s patented platform integrates easily within existing security infrastructure to deliver targeted coaching that teaches employees how to identify and remediate cyber-attacks while providing security teams with insights that help them better understand the human element of their organisation’s security posture.

OwnBackup

Amount funded: US$50 million

Transaction type: Series D

Lead investor(s): Insight Partners

OwnBackup, a leading cloud-to-cloud business continuity platform announced that the company has secured US$50 million in new funding led by Insight Partners, with participation from Salesforce Ventures and Vertex Ventures in a Series D funding. OwnBackup is a cloud backup firm centred on Salesforce. Com Inc. The provider’s service offers secure and automated daily backups of software as a service (SaaS) and Platform as a Service (PaaS) data, as well as data comparison and restoration tools for disaster recovery. The company aims to prevent data loss and corruption resulting from human errors, malicious intent, integration errors and rogue applications.

The post Top Cybersecurity Funding and Investments of 2021 appeared first on Analytics Insight.

The digital transformation across industries has elevated ransomware attacks and this should be addressed through strategic cybersecurity measures.

Digital transformation of enterprises across the world significantly improves business growth, increases revenue, minimizes production costs, and reduces workload. The Covid-19 pandemic saw an escalation in the number of industries embracing digital technologies and automation. As the old wise saying goes ‘every coin has two sides’, the coin of digital transformation also has another side to it. Since it is easier to speak about the benefits, people often ignore a discussion on the flaws. Misinformation is such a digital malware that has recently descended in the world of the internet.

The crippling cyberattacks and threats of ransomware demand an efficient and robust cybersecurity operation across all industries. In recent years, disinformation has taken over cyberspace. Disinformation is a close kin of misinformation with only one difference that disinformation aims at deliberately deceiving targets. A report by Livemint says, “A growing group of cybersecurity thinkers believe that disinformation is a new weapon in these psychologically driven attacks—one that will be used by cyber attackers too, perhaps for extortion, market manipulation or to damage the reputation of a rival company.”

Social media campaigns play a huge part in spreading misinformation in the new era. Considering the influence of social media on people, it is easier to manipulate the content and spread it across the internet. According to an article by Security Magazine, the rise in misinformation campaigns will be a major trend of 2021 to drive up costs of ransomware payments, and in some cases, influence markets to manipulate stock prices. It is high time that companies introduce the best cybersecurity measures and threat management systems to predict and resolve such grave cyber breaches. Let us take a look at some of the ways in which an enterprise can prepare to deal with disinformation and misinformation campaigns.

Know Your Social Media Platform

A company should have internal social media teams to constantly go through their own social media pages, posts, and algorithms. It is necessary to understand that the bad actors are continuously tracking social media accounts of enterprises to understand online behaviour, company initiatives, and biases. This information is sensitive and hence can be used to manipulate to spread disinformation and demand ransomware. Chief Security Officers (CSO) and Chief Information Security Officers (CISO) should initiate a team to monitor social media to understand the company image and detect any threats.

Develop Strategies to Detect and Intercept Cyberattacks

Attackers often use the dark web to propagate and gather data to attack organizations. Companies should develop control strategies to detect online threats by accessing the dark web and unstructured data sources that enable a better understanding of the activities surrounding their company. Anticipating attacks before they occur can reduce the damage and often help prevent it from happening. Since data collection from darknets is a difficult nut to crack, methods like scraping, crawling, or involving a third-party service, can enable companies to extract data from these dark webs.

Data Backups and AI-Driven

Regular backing up of data and important information is necessary to keep cyber attacks away. The backed up data should be encrypted and stored in a safe network system. It will be helpful if these encrypted data is stored in a separate network system rather than the usual ones. AI subsets like deep learning and machine learning are useful in processing unstructured data. AI enables automation of security processes and this helps in cost-reduction and minimizing risks.

These strategies help in timely detection and prevention of misinformation campaigns from getting serious. Ransomware attacks are getting sophisticated each day and strict security planning is necessary to tackle them. Automation is a significant method to enable the processing of huge datasets in less time. Even though misinformation and disinformation are looming over the world of the internet, there is a hope for better digitization strategies in the future.

The post Misinformation Campaigns and the Need for Enhanced Cybersecurity appeared first on Analytics Insight.

A look at cybersecurity companies and startups raised funding in February 2021

With decades of efforts in strengthening the security aspect of enterprise IT systems, cybersecurity will remain a red-hot topic in 2021 and the years ahead. The last few years have seen an increasing surge in cyberattacks and data breaches across industries. This has majorly happened with enterprise adoption of advanced technologies and solutions and the emergence of new ways to comprise sensitive data. Since companies pour huge capital in cybersecurity to protect their assets, funding in this sector remained strong this year. According to the data from Crunchbase, the cybersecurity sector witnessed an investment of over US$8.1 billion globally, as of late December.

Here’s the list of top cybersecurity funding and investment in February 2021.

CYE

Amount Raised: US$100 Million

Transaction Type: Series A

Key Investor(s): EQT

CYE, an Israel-based cybersecurity company, provides organizational security assessments, revealing complete attack routes and building optimized mitigation plans. Known for its cybersecurity optimization solutions, the company raised US$100 million in a Series A funding round led by EQT. The latest investment follows five years of partnership and will be used to continue CYE’s hyper-growth in the global market.

Scalarr

Amount Raised: US$7.5 Million

Transaction Type: Series A

Key Investor(s): European Bank for Reconstruction and Development

An advanced mobile ad fraud detection solution powered by machine learning, Scalarr secured US$7.5 million in a Series A round to combat mobile ad fraud. The round was led by the European Bank of Reconstruction and Development (EBRD), with participation from TMT Investments, OTB Ventures, and Speedinvest. Founded in 2016, Scalarr helps mobile app developers and ad networks worldwide to fight against all types of fraud, including attribution fraud, bots and emulators, incentive injections and more.

SecurityAdvisor

Amount Raised: US$7.3 Million

Transaction Type: Series A

Key Investor(s): ClearSky

SecurityAdvisor, a security awareness training and automation company that tackles security incidents within organizations, bagged US$7.3 million in a Series A round. The round was led by ClearSky Security along with additional investment from Crosslink Capital, SixThirty Ventures, and Cyber Mentor Fund. The capital will enable SecurityAdvisor to support product development and drive market awareness of its innovative offering amongst enterprise security leaders.

Horizon3.ai

Amount Raised: US$5 Million

Transaction Type: Series A

Key Investor(s): SignalFire

California-based cybersecurity company Horizon3.ai raised US$5 million in a Series A round led by SignalFire. The company provides continuous, automated Pen Test operations to enable customers to understand whether critical systems and data are protected, what urgent issues must be immediately triaged or remediated, how to prioritize vulnerabilities and other defensive efforts, whether detection and remediation times are improving, and identify ineffective tools, controls, policies, processes, and training.

anecdotes

Amount Raised: US$5 Million

Transaction Type: Seed Round

Key Investor(s): Aleph, Glilot Capital Partners

Anecdotes, a cybersecurity startup that builds enterprise-grade compliance solutions, raised US$5 million in a Seed funding round. The fresh capital intends to use to expand the adoption of the platform amongst mature enterprises and hyper-growth companies with complex compliance. The round was co-led by Aleph and Glilot Capital Partners with participation from Gerhard Eschelbeck, former CISO of Google, and Ron Zoran, former CRO of Cyberark.

Cavelo

Amount Raised: CA$1.3 Million

Transaction Type: Pre-Seed Round

Key Investor(s): MaRS Investment Accelerator Fund

Data discovery and cybersecurity startup Cavelo secured CA$1.3 million (US$1.02 million) in a pre-seed funding round led by MaRS Investment Accelerator. The fund will be used to expand Cavelo’s hiring efforts and platform development to meet customer demand across North America. The company provides a platform that helps businesses discover, classify, track and manage sensitive data in alignment with industry and regulatory reporting requirements.

The post Top Cybersecurity Funding and Investments in February 2021 appeared first on Analytics Insight.