After the chaos of Infosecurity, 2024, this week was all about companies consolidating their news. Among the stories we found most interesting,
Forescout Technologies published its latest research looking at the riskiest devices in an enterprise. Its research arm, Vedere Labs, examined 19 million devices and called out the top five types in each of four categories. Interestingly, nine of the 20 device types were new this year.
Splunk and Oxford Economics, issued a report saying the Global 2,000 companies lose as much as US$400 billion annually due to hidden costs in downtime. Putting the $400 billion into perspective, the report authors say, “It equates to 9 per cent of profits when digital environments fail unexpectedly.” If that is the cost to the Global 2,000, the wider cost to the global economy will be several times higher.
Andrew Cunje, CISO, Appian, appeared in an Enterprise Times podcast talking about the challenges faced by CISOs. He talks specifically about generative AI and the different roles that CISOs have to deal with.
BlueVoyant
BlueVoyant has appointed Timothy (Tim) Yost as Chief Financial Officer (CFO). Tim will focus on setting and managing the company’s financial and strategic plans to enable continued scaling of the company.
Yost commented, “I understand what companies like BlueVoyant need as the team continues to transform cyber defense. BlueVoyant has a proven track record of sustained high growth, and I am excited to help take them to the next level of rapid acceleration and expansion.”
Europol
A bumper week for Europol with three key announcements. Two covered operations that took down infrastructure used by terrorists, and one looked at the challenge of balancing encryption to protect data while not allowing people to hide from law enforcement.
Operation Almuasasa
Eurojust and Europol coordinated supported action by several countries to take down infrastructure belonging to the I’LAM Foundation. The operation was led by the Spanish Civil Guard (Guardia Civil), supported by the US and several European countries. It is a follow-up operation from one that took place two years ago.
During that time, the I’LAM Foundation operated radio stations, a news agency, and social media content with a global reach. It promoted the directives and slogans of the Islamic State in over thirty languages.
The current infrastructure was described as sophisticated and included servers in Germany, the Netherlands, the United States, and Iceland. The Spanish Civil Guard also arrested several individuals.
Operation Hopper II
A second operation also took place this week, Operation Hopper II, involving ten countries coordinated by Europol. It targeted the online propaganda activities of religious and political groups, including Islamic State, al-Qaeda and its affiliates, and Hay’at Tahrir al-Sham.
Hosting providers were ordered to remove 13 websites, while servers in Romania, Ukraine and Iceland were seized. Authorities will be monitoring to see how quickly copycat websites appear in order to act against those as well.
One of the key elements of Operation Hopper II and Operation Almuasasa, is an EU technical solution to implement the EU TCOR. The Terrorist Content Online Regulation (TCO Regulation – (EU) 2021/784) is two years old and establishes a legal framework to force hosting service providers.
Equilibrium between security and privacy
The balance between the use of encryption and the demand from law enforcement to be able to access content is long-standing. To try and address that, the EU Innovation Hub for Internal Security has issued a new report. The 56-page report is interesting and needs to be read carefully.
Of particular interest are the main recommendations from the report. They include a need for new legal frameworks to provide access to data. That is likely to result in new laws and even the previously voiced risk of banning technologies. On the technologies themselves, the report’s authors believe that much more research is required.
Quantum Computing is called out specifically. The suggestion is that it can both as an aid to crack encryption but also a threat is used by adversaries. Such an approach seems to ignore the potential of post-quantum cryptography.
FBI
The FBI’s Uniform Crime Reporting (UCR) Program released the Quarterly Uniform Crime Report, Q1/2024. The details are available via the FBI’s Crime Data Explorer (CDE) at https://cde.ucr.cjis.gov.
Key statistics show that reported violent crime decreased by 15.2%. Murder decreased by 26.4%, rape decreased by 25.7%, robbery decreased by 17.8%, and aggravated assault decreased by 12.5%. Reported property crime also decreased by 15.1%.
Surprisingly, it does not include cybercrime or other associated crimes.
JumpCloud
Deciphex has deployed JumpCloud to help it achieve regulatory compliance and robust security for their employees’ devices. This effort was part of a larger effort to simplify the management of their technology infrastructure and increase the security of their cloud ecosystem.
Ben Cranks, application support specialist at Deciphex, said: “JumpCloud’s ease of use and support set it apart from the competition in managing a diverse ecosystem of devices. Our business model is entirely dependent on data security. JumpCloud is central to our security and compliance journey. They enable us to demonstrate to third parties, regulators, and investors that our data protection measures are efficient and robust.”
Qualys
Qualys Vulnerability Management, Detection and Response (VMDR) has been named the winner of the Best Vulnerability Management Solution category at the 2024 SC Awards Europe.
Pinkesh Shah, Chief Product Officer, QualysPinkesh Shah, Chief Product Officer, Qualys, said, “We are incredibly proud to be named the best vulnerability management solution by the prestigious SC Awards Europe 2024.
“This accolade reflects our unwavering commitment to delivering exceptional solutions that protect thousands of organizations from increasing cyber threats. As leaders in vulnerability management, we take great pride in the impactful results we achieve for our customers, helping them prioritize remediation efforts to effectively reduce their cyber risk.”
ThreatQuotient
ThreatQuotient has announced that Quadrant Knowledge Solutions is the 2024 technology leader in the SPARK Matrix™: Digital Threat Intelligence Management, 2024.
Riya Tomar, Analyst at Quadrant Knowledge Solutions, elaborates, “ThreatQuotient’s Digital Threat Intelligence management platform is notable for its Datalinq Engine, advanced Threat Library, and integration with multiple threat data sources.
“It leverages machine learning algorithms for threat prioritization, providing actionable insights and context to security teams. Additionally, the platform automates and streamlines threat investigations through its API and integrates seamlessly with existing security infrastructure, enabling faster and more informed response decisions.”
