Рубрика: Cybersecurity

Enterprises are vulnerable to advanced cyber-attacks and they need to adopt stronger digital verification methods to protect consumer data.

The Covid-19 pandemic brought in major changes and workspace shift was a major change among them. Digital transformation across enterprises enabled them to provide remote working facilities to their employees. The online working environment and WFH culture are here to stay at least for another year or two until we break free from the pandemic. Although it is convenient and cost-effective, this scenario has its share of flaws, among which vulnerability of cyberattacks takes the first spot. Since everything is digital, it is easier for bad actors to manipulate systems as well as humans into believing wrong identities.

Fraudsters have been targeting enterprises for identity thefts, account takeover attacks, data breaches, and more. Companies must understand the looming threat and act on it.

Why Should Enterprises be on Alert?

According to TransUnion’s US Financial Hardship Report, digital fraud related to Covid-19 was at 31% last year, with phishing being the most commonly reported crime at 28%.

This is just a small patch from the huge cyber breach array that has been looting enterprises and taking advantage of their digital vulnerability. Enterprises should ask themselves if they know their customers. In the digital world, it is easier to flash fake identities since there is no physical presence and you can’t check if it is the same person. Fintech organizations should be more careful while new account openings and transactions using digital interfaces.

Credential stuffing attacks are another significant threat that needs to be addressed. The Sun US reported the 2020 massive credential attack wherein more than 500,000 zoom accounts were on sale on dark webs and hacker forums for less than a penny. Several reports say that credential stuffing or account takeover attacks are on a rise since the pandemic. These attacks enable unauthorized access to user accounts which might lead to data breaches and ransomware attacks. Automated tools and botnets play a crucial role in credential stuffing attacks to gain user authentication across multiple platforms. Yes, AI is both a blessing and a curse sometimes.

Hackers using AI to carry out advanced cyber-attacks are not new. Attackers can manipulate AI algorithms and data sets to get the desired result. AI can be used to access data, identify vulnerabilities, and technically improve the usual attacking strategies. Cyber attackers can weaponize AI to mask identities and persuade authorities to provide sensitive data.

Stronger Identity Verification

According to Research and Markets study, “The Global Post-COVID-19 Identity Verification Market Size is forecast to grow from USD 7.6 Billion in 2020 to USD 15.8 Billion by 2025, at a Compound Annual Growth Rate (CAGR) of 15.6% during 2020-2025.”

Enterprises should adopt different methods for better identity verification and security to deal with rising cyberattacks. Companies can establish minimum Know Your Customer (KYC) and Anti-Money Laundering requirements to fight financial breaches.

There should be more data privacy regulations like California’s Privacy Rights and Enforcement Act 2020 that can protect data and take action against cybercriminals. Enterprises should leverage AI and machine learning to continuously monitor networks and systems to detect threats and prevent them on time. Securing data with multi-factor authentication and advanced biometrics can help make it difficult to crack for hackers. One of the reports by The Verge covers Facebook’s initiative to verify the identities of viral accounts to ensure security.

Many enterprises are embracing digital identity verification strategies to ensure maximum security from soaring cybercrimes and data breaches. The remote working phase is going to last for some time and digitally empowering your organization is the only way to defeat digitally empowered cyber attackers.

The post A Rise in Cyberattacks and the Need for Digital Identity Verification appeared first on Analytics Insight.

If you go back in time to 1954, when the world’s first robot, Unimate was invented by George Devol, scientists will say that robots can only do one task, repetitively. With advancements being made in science and technology, we know what a robot is capable of doing. We can predict a future where robots will automate several jobs, boosting productivity for businesses and making a human’s life easy. However, with science making leaps and bounds of progress, the risk of cybersecurity being compromised arises. Cybersecurity experts worry that hackers will hijack robots as easily as cloud servers. This will have devastating consequences for human wellbeing.

The fourth industrial revolution relies on AI and cloud storage to share information and react to real-time data. As a precaution, robots need to do more than just perform tasks. They need to have a way to strengthen their security while doing other tasks in a flexible business environment.

The majority of the robots around us don’t pose a threat to human operations. They coexist and work around humans. However, if a cybercriminal hacks one of these robots, that could change drastically.

Manufacturers Need To Prepare The Bots

The future is robot-dependent. We will soon live in a society where we will have to coexist with robots even outside of work. It’s already happening now via home bots and smart home devices. Therefore, manufacturers should step up to the challenge. Cyberattacks are a reality now and the number will only get higher with time, whether we like it or not.

The first step to secure our bots will be to secure the IoT devices against threats. Currently, there are no standard protocols. And that’s a threat in itself. To counter this, some companies are trying to put standards in place. For example, IEC 62443 tries to address autonomous systems and their control systems to make sure they have a standard cybersecurity element engineered.

For businesses that employ IoT, it is important for them to consult IEC 62443. By doing that, they can check what standards are already in place to protect the employees who work in close proximity to the machines. IEC 62443 clearly differentiates threats from automation and threats that involve information security management. Apart from this, there are many standards for businesses to follow, but those standards are still a work in progress. The coming year will see a full IEC code which will make this easier for businesses.

Cybersecurity Needs To Be A Part Of The Product Development Timeline

According to experts, businesses that use automation processes need to build cybersecurity into the systems development cycle. They need to ensure informational safety and then physical safety of devices with override digital instructions. Experts also say that most businesses are unaware of the threats. The fundamental solution to this issue is to create a culture of security where people are aware of the possible threats and are prepared for them with an alternate. IoT applications will function in many new ways. Security systems must catch up with it to avoid any pain and loss. People around it should understand that the stakes are higher and prevention should be their prime agenda.

The post Cybercriminals Might Attack Industrial Robots. Here’s What You Need To Do appeared first on Analytics Insight.

The world is up in the clouds (cloud computing) and the fourth industrial revolution is transforming our lives, society, and our work. While it is making things easy and accessible, it comes with its own perils like cyberattacks. The need to make the cybersecurity landscape stronger is more than ever as cybercriminals have become more clever. 2020 gave cyberattackers more opportunities to strike like email phishing scams. In terms of cyberattacks, we’ve reached a new low where phishers are using the COVID-19 vaccine rollout to trick people into paying for fake vaccines.

Scientists are working day and night to create innovative artificial intelligence and machine learning tools to eliminate evolving exploits. But the use of AI as a cybersecurity arsenal is being debated by experts. When it comes to determining what type of data is safe to send outside the company, humans do a much better job in making intricate decisions than machines. Relying on AI to make such decisions can lead to leaked data if the AI technology is not mature enough to fully understand the gravity of the situation. So how exactly does artificial intelligence fit into the cybersecurity picture, and where can it present challenges?

Spotting Risks

The one place artificial intelligence feels challenged when it comes to mitigating the risk from accidental insider breaches is spotting similarities between documents and knowing what files are okay to send to a specific person. For example, company invoices have the same template each time they are sent, with minor text differences that machine learning and artificial intelligence fail to distinguish. The technology will categorize all the invoices as the same despite differences in text and numbers, allowing a user to send the attachments, whatsoever. Whereas a human would know which invoice should be sent to a particular customer.

In a large organization, this kind of AI technology would only limit a small number of emails from being sent, and when it does find an error, it will intimate the administration and not the person sending the wrong email.

Data-Intensive Defence Strategy

When using AI technology, the entire setup will involve every email going to an external system (off-site) to be analyzed. This is especially the case with industries that deal with a lot of highly sensitive information and cannot afford to leak that data elsewhere. A machine learning technology would have to keep a part of this sensitive information to learn rules and accurate decisions from it. Given how machine learning works, it goes through a learning phase that can last for months, hence cannot provide instant security controls. For this reason, many companies are not comfortable with their sensitive data being sent elsewhere.

AI’s Role In Cybersecurity

In a business’ cybersecurity system, AI has a critical role to play. For instance, antivirus software operates on a ‘yes or no’ policy to determine if the file is malicious or not. AI can quickly find out whether it’s going to crash the system, take down the network, etc. So while AI might not be the best weapon of defence for preventing data leakage through email, it does have an important role to play in select areas like threat analysis and virus detection.

The post Artificial Intelligence Is Not the Best Defence Against Cyberattacks appeared first on Analytics Insight.

IoT devices are prone to cyber-attacks and hence deserve better security standards and guidelines to ensure data security.

The life around us has changed. We are now in a digital space where everything around us is intelligent, even the watches we wear. The advent of intelligent devices has improved daily lives and business operations. IoT plays a pivotal role in this digital transformation by connecting and controlling devices over the internet. Many features of the modern world depend on the IoT for processing and monitoring real-time data to gain efficiency and agility. According to IoT Analytics, it is expected that there will be more than 30 billion IoT connections by 2025, with almost 4 IoT devices per person on average driven by new technology standards like 5G.

IoT has a wide range of acceptance but the technology comes with certain security concerns. Securing IoT devices can be complicated considering the heterogeneity of devices connected. The remote work scenario brought in by the pandemic escalated the risk of cybersecurity breaches in the IoT system.

The Nokia Threat Intelligence Report 2020 found that the IoT devices make up 37.72% of infected devices, and the share occupied by IoT devices in the overall breakdown has increased by 100%.

Insecure IoT Threats

IoT devices are connected over the internet and hence are vulnerable to attacks. The wide connectivity and accessibility of IoT devices pose a threat as they can compromise privacy and sensitive data. Hackers often target weak IoT systems for ransomware and malware attacks like DDoS. The web-based interfaces of IoT systems give away data since they can be accessed easily.

Insecure IoT devices in a smart home will help bad actors get hold of personal information and access to your homes. Organizations should create awareness over IoT devices and their security since they might entertain unauthorized access and data breaches. IoT devices have also been a victim of sophisticated cyber attacks like Zero-day attacks that can cause dangerous repercussions to organizations. The large interconnected networks in an IoT system create vulnerable endpoints and hackers launch cyberattacks to jam websites and procure necessary data. Recently attackers have started leveraging advanced AI tools to drain sensitive information and even carry out cyber breaches since AI is capable of processing large data sets in less time.

The utilization of deepfakes in attacking IoT systems is also rampant through brute-force attacks, spoofing biometrics, etc. The increasing integration of IT and OT departments has escalated the vulnerabilities since OT systems are less mature in terms of updates and security patchworks.

These specialized IoT attacks threaten the existence and use of IoT devices that are the blood and bone of many organizational processes and real-life scenarios. Addressing these security issues should be considered essential to ensure a safer ecosystem for data protection and digital transformation.

Overcoming the Threats

The IoT security should evolve to accommodate technologies like blockchain to ensure better protection from hackers. Beating the challenges might not be easy but are definitely achievable with the right safety measures.

• More new policies like the IoT Cybersecurity Improvement Act 2020, should emerge in all countries to ensure security compliance. This act is aimed at federal agencies and it requires the National Institute of Standards and Technology to develop standards and guidelines for the use of IoT devices. It helps federal agencies to act on security vulnerabilities with minimum delay.
• Network segmentation of IoT devices can disable hackers from accessing the data. Splitting internal networks based on the connectivity requirements of IoT endpoints can restrict the area for the attackers and thus minimize risks. Network security solutions like installing Firewall will also help improve network security.
• Public Key Infrastructure (PKI) is a leading solution for securing IoT devices. PKI offers data integrity verification by authenticating identities, encrypting data, and flexible security measures. Organizations can customize and modify PKI systems to ensure better methods to detect unauthorized access and threats according to unique cybersecurity goals.
• AI and machine learning can efficiently fight the security issues concerning IoT devices by analyzing data sets and detecting anomalies. AI and machine learning-based Intrusion detection Systems (IDS) should be employed to monitor IoT networks and collect data. Further, ML and AI systems can analyze these datasets to provide insights on security breaches. Predictive analysis can be leveraged to examine data history, find anomalies based on the data, and predict threats and breaches.

Other security measures like multi-factor authentication, setting up a monitoring system, improving software infrastructure, regular software updates, and data backups can curb cybersecurity breaches in IoT devices and networks. Securing IoT devices cannot take a back seat and hence, manufacturers, organizations, and network providers should work together to ensure better security.

The post IoT Security: Understanding the Dangers and Mitigating Threats appeared first on Analytics Insight.

A new audio-only social network app, Clubhouse, has shot to fame to become one of the most popular apps of 2021. This app recently crossed eight million downloads, despite being IOS exclusive. Tech giants like Elon Musk and Mark Zuckerberg have shown interest in this app which screams its potential growth.

However, this invite-only app has become prone to hacking. Here’s what happened.

Clubhouse allows users to take part in public or private chat rooms with the assurance that the spoken content will expire once the session is over, and cannot be recorded. But much to everyone’s surprise, US cybersecurity researchers stated that a user has found a way to leak the audio stream from multiple chat rooms.

As told by a Bloomberg report, the hacker was able to access users’ audio chats and streamed them on third-party websites, alarming the officials. The audio that was leaked was collected from various rooms on the app. Clubhouse told Bloomberg that it has banned the user and installed new safeguards to protect conversations from being leaked again. Clubhouse told the BBC that “recording or streaming without the explicit permission of the speakers violates the app’s terms and conditions.”

According to spokeswoman Reema Bahnasy, “Over the weekend, an individual temporarily streamed multiple rooms from their own feed to a website. This individual’s account has been permanently banned from the service and we have added additional safeguards to prevent people from doing this in the future.”

How Was Clubhouse Hacked?

The hacker built a system about the JavaScript tools that were used to develop Clubhouse. This way, the hacker was able to modify the app and access users’ chats, and display them on another website. Stanford researchers say that even though Clubhouse adheres to strict security measures, users should not only rely on them and understand that the chats are still unsafe.

Alex Stamos, director of SIO (Stanford University Internat Observatory) that first reported the security issues in Clubhouse says, “Clubhouse cannot provide any privacy promises for conversations held anywhere around the world.”

Clubhouse officials confirmed that was an act of data spillage. Data spillage is different from a data breach. Data breaches are intentional and carried out with the purpose to steal data. Data spillage is an incident where confidential information is released into an environment that has no authorization to access the information.

It is also revealed that Clubhouse has connections with China. Most of the app’s backend is handled by a Shanghai-based startup called Agora Inc. This dependency raises questions regarding the app’s security as there are chances of users’ data being shared with the Chinese government. Considering the growth of this app in terms of downloads and influencer shout-outs, the thought of people’s data being shared by violating the app’s security is scary.

Australian cybersecurity researcher Robert Potter, who built the Washington Post’s cybersecurity operation centre says, “ I feel like there’s a bunch of users who got really enthusiastic because it’s a new thing and because you need an invitation, the conversations must be private. It happened with Zoom and Tiktok – again and again, we see an app that has really high growth, it goes viral, and then they have a privacy problem, or they find lots of problems that weren’t so big a deal when they were smaller, and cyber-security comes later. I think people just need to realize that the privacy and cybersecurity of newer social media platforms aren’t going to be as good as mature ones.”

The post Clubhouse Is Not A Safehouse. Proved A Recent Hacking Incident appeared first on Analytics Insight.

Ensure the security of your business with these cybersecurity startups in India

The rapid evolution and proliferation of technology have created open access to businesses’ confidential assets for cybercriminals. Recent years have seen an increasing number of cyberattacks and data breaches. With significantly affected by the COVID-19 pandemic, the year 2020 was remarkable in many ways. If we look at uncertainties, cybersecurity risks last year have seen an upward graph. The remote work, or work from home business model has been the most target point for bad actors as employees shifted to local networks for their jobs. According to a report, 81 global firms from 81 countries reported data breaches in the first half of 2020 alone. Indeed, the number of data breaches in 2020 has almost doubled with 3,950 confirmed breaches, compared to 2,103 recorded breaches in 2019.

While this number will continue to surge in 2021 and beyond, companies should invest in advanced cybersecurity solutions to survive in the new normal. However, finding the right tools and service providers might be a daunting task. That is why Analytics Insight has prepared a list of the 10 best cybersecurity startups in India that can meet your security needs.

1. Sequretek

Sequretek, a Mumbai, Maharashtra-based cybersecurity firm, helps businesses secure and manage information assets on all digital platforms. It provides AI and ML-driven security tools and solutions that ensure that companies are secured and properly armed against all the security threats without any vulnerability. Founded in 2013, the company has three major offerings to the industry: EDPR (Endpoint Detection, Protection and Response), MDR (Managed Detection and Response) and IGA (Identity Governance and Administration).

2. Securitybulls

Securitybulls analyzes a company’s site from a hacker’s point of view and provides a blueprint for remediation to start or enhance a comprehensive information protection strategy. The company checks businesses’ web applications through manual approach. It also checks for hundreds of vulnerabilities, including business logic flaws that cannot be easily detected by vulnerability scanners. Born in 2016 in Indore, Madhya Pradesh, Securitybulls is an award-winning penetration testing & infrastructure security service provider.

3. Threatsys

Threatsys helps companies to simplify cybersecurity by providing everything they need to define strategy, detect threats, deploy the right technology and ensure operational readiness to protect their business. As the leading cybersecurity company in Bhubaneswar, Odisha, Threatsys helps businesses, governments and organizations to plan, build and run successful security programs.

4. WiJungle

WiJungle develops and deploys a unified network security gateway that enables organizations to manage and secure their entire network through a single window. Founded in 2014, the company was initially launched as a completely Free WiFi service and it was the first Indian private company to do so. Its all-in-one product eliminates the need to deploy multiple stand-alone security products, cutting down the capital investment by up to 60% as well as simplifying the management.

5. Secuneus

Secuneus is an award-winning managed detection and response and security assessment services provider. By leveraging its understanding of the tactics that attackers use to breach defences, in-depth knowledge of the latest security tools and a commitment to innovation, the company ensures its clients are armed to continuously prevent, detect and respond to cyber threats. Secuneus also offers a Penetration Testing & Information Security training program that will empower a learner with knowledge in a simplified and easily graspable manner.

6. Securden

Secureden is an all-in-one platform for next-gen privileged access governance. The company offers complete control over privileged access, visibility without barriers, and better access governance across cloud, physical, virtual environments. Founded in 2018 by Balasubramanian Venkatramani and Kumaran Balan, Securden helps organizations avert malware, insider threats and cyberattacks harnessing the power of ML and AI.

7. Kratikal

Kratikal is an end-to-end cybersecurity solutions provider. The company provides a complete suite of manual and automated security testing services. Kratikal’s cybersecurity solutions include cyberattack simulation and awareness tool, email authentication and anti-spoofing solution; anti-phishing, fraud monitoring & take-down solution; phishing incident response, risk detection & threat analysis and code risk review. It delivers services to diverse industries including E-commerce, Fintech, BFSI, NBFC, Telecom, Cloud Service Platforms, Manufacturing, Healthcare, etc.

8. AppSecure

AppSecure offers distinguishable penetration testing services alongside prominent vulnerability assessment, unprecedented, security consulting and auditing. The company is founded in 2016 by a White hat hacker and ex-flipster Anand Prakash. AppSecure conducts penetration tests that would help businesses determine the weaknesses in their applications, networks, infrastructure, mobile or web services and cloud security.

9. Haltdos

Haltdos is a unified edge security and content delivery platform. It provides Web Application Firewall and DDoS protection to online businesses. The Noida-based cybersecurity startup uses an AI-driven website protection service that secures websites against cyber threats. Founded in 2015, Haltdos’ comprehensive offering provides DDoS protection, Web Application Firewall, and Load Balancing features in a single solution and is available on the cloud as well as on-premise appliances.

10. SheildSquare

ShieldSquare, a Bangalore, Karnataka-based cybersecurity startup, helps online portals to safeguard against web scraping by bots run by competitors and unauthorized third parties. The company offers a non-intrusive API-based solution to detect and eliminate bad bot traffic from websites, mobile apps, and APIs in real-time. Its solution leverages intent-based deep behavior analysis, device fingerprinting, and domain-specific detection technologies to spot and eliminate invalid traffic with zero false positives. ShieldSquare has been ranked as a Leader in Forrester Research’s New Wave: Bot Management Report for Q3 2018.

The post 10 Best Cybersecurity Startups in India Redefining Security Landscape appeared first on Analytics Insight.

In 2021, cybersecurity will remain the same, only needing a more concentrated attempt to implement current policies and procedures.

In 2020, new problems emerged as a result of rising levels of remote employees using new and experimental methods to access sensitive information, as well as significant increases in e – commerce use as retail shops were closed throughout lockdowns. With new access policies and increased traffic, multiple cyber threats appear, necessitating the development of new strategies to counteract them.

As a result of these developments, protecting your material, whether it’s a web app, digital content stored in a decentralized cloud environment, or consumer data in 2021, will look quite different. Many elements of cybersecurity, on the other hand, would remain the same, only needing a more concentrated attempt to implement current policies and procedures.

According to We Forum, “The far-reaching cybersecurity breaches of 2020, culminating in the widespread Solarwinds supply chain attack were a reminder to decision-makers around the world of the heightened importance of cybersecurity. Cybersecurity is a board-level issue now for many firms.

As per the World Economic Forum’s Global Risks Report 2021, cyber risks continue ranking among global risks. The COVID-19 pandemic has accelerated technological adoption, yet exposed cyber vulnerabilities and unpreparedness, while at the same time exacerbated the tech inequalities within and between societies.”

Top Cybersecurity Trends and Projections for 2021

Threats to the cloud

One of the top cybersecurity forecasts and developments for 2021 are cloud threats. The cloud vulnerability became an asset for businesses to maintain business processes as remote work and online collaboration expanded during the coronavirus outbreak. While global corporations had begun to move to the cloud prior to the epidemic, the pandemic accelerated the process.

The increasing transformation to the cloud, on the other hand, is anticipated to create a slew of new security issues and vulnerabilities. Companies will continue to be disrupted by cloud-based security risks such as improperly designed cloud storage, restricted access and control, incomplete information marginalisation, and insecure cloud applications.

Implementation of Artificial Intelligence

Artificial Intelligence (AI) can help inadequate security teams keep ahead of the risks as cyberattacks become more intense and frequent.

AI delivers threat information by processing vast amounts of risk data from unstructured and structured tools, reducing the time required for the security team to make important decisions and react to the attack.

Security procedures can be automated

Due to a scarcity of trained security staff, businesses can largely depend on security process automation. By automating security operations based on proven policies and procedures, security automated systems remove redundant security operations. As a result, security tasks can be completed faster, more effectively, and with fewer failures.

Threats from Inside

Unauthorized remote access, poor passwords, non – secured networks, and the abuse of personal devices have left global organizations unprepared to track or detect insider risks as a result of the rapid shift to working remotely. These trends are set to continue, if not accelerate, in 2021 or even beyond.

Phishing

It’s impossible to deny that homeworkers are more vulnerable to cyber attacks than employees who work in an office with cybersecurity systems in place. As a result, phishing has been identified as one of the top cybersecurity estimates and patterns for 2021, implying that cybercriminals will continue to abuse this weakness in every way they can. Directors of major organizations, including NGOs, are prone to spear-phishing attacks in comparison to phishing scams.

The post The field of Cybersecurity: What Lies Ahead in 2021? appeared first on Analytics Insight.

Cybersecurity funding and investments continue to be constant with the growth of cyberattacks

Cybersecurity has been a hot cake for modern businesses over the years. It will continue to be a trending space in technology and diverse industries alike. With relentless demand for network security, web and email security, endpoint security, data security, security analytics, and identity access management, the cybersecurity market is expected to reach US$60.2 billion in 2021. While the COVID-19 pandemic has hit the world and businesses shifted to remote work, work from home, the spending and adoption of cybersecurity solutions has risen.

In its ‘Data Protection Trends for 2021’ report, Dell Technologies unveiled that 42% of organisations in India and globally will continue to invest in cybersecurity and privacy solutions in 2021. This will allow them to stay ahead of the growing cyberattacks in the era of remote working.

Here’s the list of top 10 cybersecurity funding and investments happened in February/March 2021.

Axonius

Amount Raised: US$100 Million

Transaction Type: Series D

Key Investor(s): Lightspeed Venture Partners, Stripes

Axonius is a cybersecurity asset management platform providing asset inventory, uncovering security solution coverage gaps, and validating and enforcing security policies. The company in its new funding round has raised US$100 million to boost its asset management platform capabilities. The Series D funding round was led by Lightspeed and Stripes, with participation from existing investors Bessemer Venture Partners (BVP), OpenView, and Vertex. Ken Fox, founder and partner at Stripes, will join the Axonius board of directors.

Identiq

Amount Raised: US$47 Million

Transaction Type: Series A

Key Investor(s): Entrée Capital, Insight Partners

Identiq is an Israel-based Anonymous Identity Validation Network service provider. The company has secured US$47 million in its Series A financing round led by Insight Partners and Entrée Capital, with participation from Amdocs, Sony Innovation Fund by IGV, as well as existing investors Vertex Ventures Israel, Oryzn Capital and Slow Ventures. With the latest funds, Identiq will further accelerate its network growth, adding more members, each of which will improve the validation, quality and coverage for all members.

seedata.io

Amount Raised: £120,000 (US$165,946)

Transaction Type: Pre-Seed Round

Key Investor(s): Antler

seedata.io, a SaaS platform that lowers the time to detect cybersecurity breaches, received £120,000 pre-seed funding from Antler, a global early-stage VC. The fresh capital will enable seedata.io to further develop and bring to market its SaaS platform. The company has already agreed 9 proof of concept with global organisations across the U.S., UK and Italy.

CYE

Amount Raised: US$120 Million

Transaction Type: Series A

Key Investor(s): EQT

CYE is an Israel-based cybersecurity startup that provides organizational security assessments, revealing complete attack routes and building optimized mitigation plans. The company has raised US$120 million in a Series A financing round to bolster its growth plans and stimulate its go-to-market and product investments. The round was led by EQT and with participation from 83North.

vArmour

Amount Raised: US$58 Million

Transaction Type: Venture Round

Key Investor(s): AllegisCyber, NightDragon Security

California-based data-defined perimeter security solutions provider vArmour has raised US$58 million in a venture round. The fund will enable the company to increase its headcounts and expedite product innovation. The round was led by AllegisCyber Capital and NightDragon, with participation from existing investors Standard Chartered Ventures, Highland Capital Partners, Telstra, Redline Capital, and EDBI.

Armorblox

Amount Raised: US$30 Million

Transaction Type: Series B

Key Investor(s): Next47

Armorblox, a venture-backed stealth cybersecurity startup, has bagged US$30 million in a Series B round. The round was led by Next47, with participation from Polaris Partners and Unusual Ventures, as well as General Catalyst and other early investors. The funding round brings Armorblox’s total funding to US$46.5 million.

1Kosmos

Amount Raised: US$15 Million

Transaction Type: Series A

Key Investor(s): ForgePoint Capital

Digital Identity and passwordless authentication solutions provider for workforce and customers 1Kosmos raised US$15 million in a Series A funding round. The round was led by ForgePoint Capital, the premier venture investor for early-stage cybersecurity companies. With this funding, 1Kosmos comes out of stealth mode to offer a unique security platform that brings the highest identity and authentication assurance levels through advanced biometrics and a private blockchain ecosystem.

SecurityAdvisor

Amount Raised: US$7.3 Million

Transaction Type: Series A

Key Investor(s): ClearSky

SecurityAdvisor provides a personalized security awareness platform that quantifiably helps minimize security incidents. The company has closed US$7.3 million in a Series A funding round led by ClearSky Security with participation from Crosslink Capital, SixThirty Ventures, and Cyber Mentor Fund. The funds will support SecurityAdvisor’s product development and drive market awareness of its innovative offering amongst enterprise security leaders.

Spectral

Amount Raised: US$6.2 Million

Transaction Type: Seed Round

Key Investor(s): Amiti Ventures, MizMaa Ventures

Spectral is an Israel-based data leak prevention solutions provider. The company has bagged US$6.2 million in a Seed round led by Amiti Ventures and MizMaa Ventures. Spectral is a DevSecOps company that provides a developer-first cybersecurity solution that detects and protects against security mistakes in code, configuration, and other developer assets. The latest funds will enable the company to bring its new DevSecOps code scanner.

Horizon3.ai

Amount Raised: US$5 Million

Transaction Type: Series A

Key Investor(s): SignalFire

Horizon3.ai, a California-based cybersecurity startup, has secured US$5 million in a Series A funding round led by SignalFire. Founded in 2019, Horizon3.ai provides continuous, automated Pen Test operations to enable customers to interpret whether critical systems and data are protected. It also let them see what urgent issues must be immediately triaged or remediated, how to prioritize vulnerabilities and other defensive efforts, whether detection and remediation times are improving, and identify ineffective tools, controls, policies, processes, and training.

The post Top 10 Cybersecurity Funding in February/March 2021 appeared first on Analytics Insight.

Importance of cybersecurity mesh in businesses is useful and trending currently.

Cybersecurity is widespread, with many organizations adopting a safe environment and policies that can theoretically protect them from a cyber attack. This culture has spread across the market, with each person being treated as a critical security resource in order to achieve a comprehensive shift in the fight against cyberspace hostilities.

As per report of Simplilearn, Cybercrimes have cost the world $2 trillion so far in 2019. Cybersecurity Ventures predicted in 2017 that damages would hit $6 trillion by 2021, prompting global spending of roughly $10 billion in cyber-security measures by 2027 to protect against these catastrophic losses.

Importance of cyber security awareness

Cyber security awareness is described as the knowledge of and action taken to protect a company’s information resources. As workers at a company are cyber security conscious, it means they recognize what cyber threats are, the possible effect cyber-attacks could have on their company, and the measures necessary to mitigate problems and avoid cyber-crime from invading their online workplace.

Cybersecurity Mesh

IT companies could adopt a centralized cybersecurity strategy to protect from intrusions when data centers were housed in a safe, on-premise location and the computer network had a clear line. However, the rapid transition to work-at-home ecosystems with various access solutions to the firm’s data base and applications, exacerbated by sensors and devices linked to the Internet of things (IoT), necessitates a new strategy.

A cybersecurity mesh, a decentralized concept that aims to protect the identity of the user or computer, is one of the strategies that are currently growing rapidly. The aim is to limit access to the organization’s network to only approved users (or systems), whether on-premises or in the cloud. A cybersecurity mesh, in theory, helps the IT expertise to manage protection from each access point while also preventing an attacker from gaining access to the system.

Importance of cybersecurity meshes in business

Penncomp mentioned that if your employees and assets are located anywhere, your protection needs to extend there as well. If your employees or critical infrastructure are located outside the traditional security perimeter, so are critical assets and documentation belonging to your business.

Key enterprise assets can now easily lie outside the logical and physical boundaries of organizations. Your enterprise security infrastructure now needs to be agile enough to cover the employee working on intellectual property of your company from his/ her home. This sort of flexibility in enterprise security infrastructure can only be realized by decoupling policy decisions and enforcement.

The new tracing line of security will then, by necessity, be redrawn around identity than the traditional physical/ logical boundaries. This will ensure that the right people have access to the right information across the network – no matter where they or the information may be located. Also, this means that once policy is decided – say, a five-tiered information access protocol for employees – the same rules will apply for information access no matter who tries to access them or where they may be located in the network.

The post Cybersecurity Mesh plays a significant role in businesses: Here’s How appeared first on Analytics Insight.

The importance of cybersecurity in today’s fast-paced world cannot be overlooked. Business leaders worldwide are well aware of the importance of cybersecurity, yet the required attention is not given to its implementation and cyber resilience. Along with the deep understanding of the two, it is required to understand the practical implementation to safeguard you in the digital sphere. Those who do not pay attention to these two often land in massive fiscal loss along with the loss of reputation in the market.

Every day we observe that the mid sizes of big businesses are impacted worldwide by the cyber-attacks causing tremendous losses. In this way, the importance of these two becomes even more. Let’s quickly dive into this piece and carefully understand the difference between Cybersecurity and Cyber Resilience.

• Cyber Security v/s Cyber Resilience

Cybersecurity is a broad term that includes safeguarding the computer systems, the data within these systems, the network, and other IT components from the probable threats in the digital sphere. It is generally referred to as protecting against malware, ransomware, phishing, or other such cyber attacks.

A series of measures, such as installing an SSL certificate to keep the system intact and cause no or less damage to the entire system, are included under cybersecurity.

Once you install an SSL certificate on your website, you ensure that the web browser and client’s transit data stay encrypted. It is also seen as the primary measure of cyber resilience.

Cyber Resilience is a comparatively new notion that indicates the mitigation capacity, especially after the damage is done in the cybersphere. It includes the response and recovery after a cyber attack and the continuation of the operations even after the system’s failure and technical shortcomings.

While planning Cyber Resilience, it is Cyber Security that is kept in view. Cyber resilience provides an organization with the required potential to operate and handle the attack simultaneously. Though it is still a new concept globally, with fewer business organizations adopting such practices, there is an urgent need to reach the mainstream.

• How is cybersecurity rooted in cyber resilience?

The two terms:

Cyber Security and CyberResilience, are different from each other and have different meanings too, yet the two are closely associated. As mentioned, cybersecurity is a fundamental aspect of cyber resilience.

While planning the outline of a cyber resilience plan, it is the basics of cybersecurity. You are taken into consideration. The following are the major arenas in cyber resilience, which emerged as the prominent ones, deeply rooted in cybersecurity only:

• Preparing in advance:

To achieve well-worked cyber resilience, it is essential to prepare and foresee any malicious act by strengthening all the major areas, including technology, members of the organization, and procedures. This involves coming up with stringent policies within the firms.

• Providing Protection:

The roots of cybersecurity are laid down in this step of cyber resilience. This involves protecting through basic systems like the use of firewalls and employing high-end EDR tools and other modern technologies along with constant innovation.

• Absorption as a strategy:

This step is based on isolating and protecting the data and responding quickly and effectively during a cyber attack. This is seen as the major capacity of the organization during an attack.

• Recovering at a good pace:

This step is all about the efficiency of data backups taken and utilizing them for smooth operation to secure the data in the future and to avoid any other similar attack.

• Adaptability for the future:

It involves working on the system in such a manner as to prepare it before any other future attacks and to ensure smooth functioning after the attack. The system is so prepared that it also provides a clear prospect of any such cyber attacks.

• What is the practical meaning and importance of this?

The concept of cybersecurity is more intelligible than that of cyber resilience. The concept’s theoretical aspect has broad wings to expand, yet it is essential to understand it practically. In practice, it means the following:

⮚ Only the updated and current versions of the software and tools should be used.

⮚ Regularly review the versions of antivirus and firewalls used within the organization for security.

⮚ Patching of tools and software must be appropriate.

⮚ Invest in training your organization’s members as they are your primary currency to protect you in case of any cyber attack.

• What’s the difference between the two?

Carefully looking at the two, both cybersecurity and cyber resilience are complementary to each other. There are significant differences that exist and make them crucial in the cyber world. We can safely say that cybersecurity is what you have to do to keep any malicious threat outside the guarded system.

Cyber resilience is what you have to do if they still manage to get into your guarded system. Of course, the modus operandi will differ, but cybersecurity basics are employed within cyber resilience.

Conclusion

The two important terms:

Cyber Security and Cyber Resilience, have taken over the internet today. While these terms are yet used interchangeably still the importance of two has only increased in recent times.

In a world where all the major big businesses and e-commerce are unsafe and going through substantial security issues, it is essential to understand and employ both tools and technologies. The abovementioned talks about the difference between the two, yet it is not that easy to define it. Cybersecurity is not an isolated process, and it is advised to use both to provide your system security and make informed decisions.

The post The Important Difference between Cybersecurity and Cyber Resilience appeared first on Analytics Insight.