Category Archives: Cybersecurity

Cybersecurity

Cohesity Goes Beyond Zero Trust with New SaaS Solutions Designed to Address Increasingly Sophisticated Ransomware Attacks

New Data Management as a Service Offerings Complement Cohesity’s Threat Defense Architecture and Can Help Customers Win the War Against Ransomware

Cohesity today announced new security and governance offerings designed to keep customers a step ahead of bad actors launching incredibly sophisticated ransomware attacks. These were announced at its inaugural user conference, Cohesity Connect.

In the early days, cyber criminals initially focused on encrypting production data. Cohesity countered by enabling customers to rapidly restore from backup data. Then, criminals started to destroy or encrypt backups. Cohesity countered with immutability. Now, bad actors are exfiltrating the data and threatening to post it on the dark web.

To help customers address the latest threats, Cohesity unveiled the following SaaS offerings, which will be housed under the company’s Data Management as a Service portfolio of Cohesity-managed solutions:

  • Cohesity DataGovern: a data security and governance service that uses AI/ML to automate the discovery of sensitive data and detect anomalous access and usage patterns which could indicate a cyberattack in play — key to thwarting bad actors trying to exfiltrate data.
  • Project Fort Knox: a service that will allow customers to maintain an isolated copy of their data in a Cohesity-managed vault to improve data resiliency in the face of ransomware attacks. In addition to immutability, this gives customers another means to thwart attackers trying to encrypt data.

These offerings will be key additions to the company’s comprehensive Threat Defense architecture that showcases how Cohesity and a wide range of ecosystem partners help customers address the latest cyber threats, including ransomware.

“Cybercriminals are rapidly becoming more sophisticated and aggressive, and the damage ransomware attacks cause to organizations can be catastrophic in terms of costs and brand reputation,” said Matt Waxman, vice president of product management, Cohesity. “Relying on legacy backup as an insurance policy no longer is sufficient. Customers need next-gen technology that makes it easy to identify sensitive data, detect anomalies, isolate data, and stay ahead of modern threats. That’s what we’re focused on providing via our solutions and our Threat Defense architecture.”

Cohesity DataGovern

DataGovern, available now for early access preview, uniquely brings together data security and data governance in a single SaaS offering that enables customers to:

  • Use AI/ML-based classification technology to identify sensitive data — including personally identifiable information (PII) — in backup and production data and determine who has access to it, helping to harden environments before attacks occur.
  • Automate and simplify data classification with predefined policies for common regulations like GDPR, CCPA, and HIPAA to meet compliance and governance mandates.
  • Detect behavioural anomalies in near real time, such as when a user suddenly accesses large volumes of sensitive data — an activity that could be a precursor to a data exfiltration event.
  • Trigger remediation workflows as determined by policy through integration with leading security orchestration, automation, and response (SOAR) platforms[1].

 

Project Fort Knox

Cohesity is introducing Project Fort Knox[2], a SaaS offering planned for early access preview in the coming quarters, that will deliver Cohesity-managed data vaulting capabilities. Through this offering, customers will be able to easily achieve secure data isolation through a cloud-based repository to store a copy of their data that’s designed to be tamper-resistant and always available. This service will offer the following benefits to customers:

  • Just connect, vault, and recover — no need to shuttle tapes around, attempt to construct a do-it-yourself (DIY) cloud-based data vault, build out additional storage infrastructure, or devise bespoke recovery processes to adhere to well-known “3-2-1” best practices.
  • In case of a ransomware attack, quickly identify a clean copy of data with confidence and rapidly recover safely to their desired location — on-premises or in the cloud.
  • Regularly test attack preparedness by running mock drills in an isolated environment.
  • Move from a CapEx intensive to an OpEx ‘as a service’ funding model.

Threat Defense: An Architecture for an Ever-Evolving Threat Landscape
These new SaaS offerings both draw from and contribute to Cohesity’s Threat Defense data security architecture. This multi-layered architecture brings together a range of products, services, and capabilities from Cohesity and ecosystem partners to help customers identify threats via AI and ML, protect their data, and easily recover in the event of a cyberattack.

“Providing data security and a fast response to attacks are critical as we jointly help customers combat cybercrime,” said Rishi Bhargava, vice president Product Strategy for Cortex XSOAR, Palo Alto Networks. “Through Cohesity’s integration into the Cortex™ XSOAR platform, we are helping our mutual customers combat ransomware attacks by quickly detecting and responding to critical data security alerts.”

Cohesity has successfully helped numerous customers protect themselves from ransomware attacks, where no ransoms had to be paid.

 

Cohesity Connect and Other Announcements
Attendees can learn more about these technologies and other next-gen data management innovations at our inaugural user conference, Cohesity Connect, taking place October 18-20 in the Americas and October 19-21 in Asia-Pacific and EMEA.

Additionally, attendees of this virtual event will hear about other exciting product announcements, including general availability of Cohesity’s disaster recovery as a service offering, which provides automated disaster recovery that helps minimize application downtime and data loss, critical in an age of ransomware attacks.

 

For more information:

  • To learn more about next-gen data management, click here.
  • To learn more about Threat Defense, please click here.
  • To learn more about data governance and compliance, please click here.
  • To sign up for a preview of DataGovern, please click here.
  • To learn more about SiteContinuity and disaster recovery as a service, please click here.

 

About Cohesity
Cohesity radically simplifies data management. We make it easy to protect, manage, and derive value from data – across the data center, edge, and cloud. We offer a full suite of services consolidated on one multicloud data platform: backup and recovery, disaster recovery, file and object services, dev/test, and data compliance, security, and analytics – reducing complexity and eliminating mass data fragmentation. Cohesity can be delivered as a service, self-managed, or provided by a Cohesity-powered partner.

© 2021 Cohesity, Inc. All rights reserved. Cohesity, the Cohesity logo, Helios, and other Cohesity marks are trademarks or registered trademarks of Cohesity, Inc. in the US and/or internationally. Other company and product names may be trademarks of the respective companies with which they are associated.

 they are associated.

Cybersecurity, Insurance, News

Cybersecurity risks could disrupt businesses on their return to the workplace, insurance expert warns

One of the UK’s leading insurance brokers is urging businesses to understand the cybersecurity risks associated with returning to the workplace.

Towergate Insurance Brokers is warning organisations that in preparation for ‘business as normal’, businesses need to be carrying out risk assessments and rewriting policies to ensure that they are ready for any large-scale return to the office.

Scott Mewse, Account Executive at Towergate Insurance Brokers says that cybersecurity risks will be just as significant as we return to the office as they were upon the move to home working, despite the environment we are returning to being more well established and secure, at least in theory.

Scott said: “The rapid reintegration of remote workers to the workplace will result in additional cybersecurity concerns for businesses, and these must be understood and addressed before it’s too late.

“A key potential issue comes with the integration of personal devices used for working from home now being connected to the office infrastructure, and unapproved and unvetted applications operating on work hardware, as both could open up a potential path for malware to enter the network.

“It’s also worth noting that systems that have been left unattended for over a year have the potential to miss security patches upon their reintroduction, or they could have been targeted by hackers during their closure ready for malware to enter the system when things start back up.

“Of course, the final and biggest threat which should not be forgotten, is the risk of human error.

“To help avoid these issues, organisations should always prepare for the worst, with a strong plan mapped out for all potential issues. We recommend businesses understand their external digital footprint in order to assess where they could be vulnerable to attack, as well as considering the insider threat by reviewing risk mitigation programmes and completing internal monitoring.

“Most importantly, businesses need a solid cyber insurance plan to cover them should the worst happen. The COVID-19 pandemic has already hit many businesses financially, slowing down operations and hampering productivity; the last thing a company needs upon returning to normal productions is to be impacted by a cyber security incident.

“Cyber insurance can cover downtime costs, data breaches and their consequences, as well as providing the technical, forensic and legal expertise needed to mitigate and remediate intrusions. Where cybercrime has occurred, Cyber insurance can cover such losses following fraud or social engineering, including extortion and the fraudulent transfer of funds. Cyber insurance can also cover liabilities arising from a data breach or potential data breach including forensic and technical costs as well as crisis management support and credit monitoring of those affected by the breach.”

Towergate Insurance Brokers is one of the UK’s leading independent insurance brokers and risk management advisors. Boasting an experienced team of insurance specialists, Towergate Insurance Brokers has built a solid reputation for understanding many business sectors and industries, and the everyday risks that they face in today’s increasingly complex world. They also look after the insurance needs of private individuals and families seeking tailored personal covers.

Cybersecurity, IoT, News, Tech

Device Authority launches KeyScaler Edge to address Edge IoT security challenges

Device Authority, a global leader in identity and access management (IAM) for the Internet of Things (IoT), today announces it latest major software release which includes KeyScaler Edge.

Today’s market is driving a more mature Edge computing model with localized AI and ML becoming more mainstream. However, no solution exists today to address localized Edge gateway IoT security services. Organizations require automation for Edge deployments to drive efficiency at IoT scale. This includes:

– Security lifecycle management
– Device bound identity
– Leaf device authentication and authorization to edge gateways
– Zero touch onboarding and registration
– Automated credential management

Additionally, organizations still need to meet compliance and regulatory adherence for private local network deployments. Safety, confidentiality, data theft/privacy, brand reputation, revenue protection is important for edge deployments.

“We’re delighted to bring KeyScaler Edge to the market and help our customers with their IoT edge deployments. Our BETA program has been a success within healthcare, retail and transport sectors, and we’re regularly speaking with companies who have experienced similar challenges and see KeyScaler Edge as the solution,” said Darron Antill, CEO of Device Authority.

KeyScaler Edge is the first device identity centric IAM to address the complex end-to-end challenges of IoT security lifecycle management at the Edge. It is a lightweight version of KeyScaler that is created specifically for Edge nodes, with the ability to register, authenticate, and provision certificates and tokens to devices in the local network, independent of an available internet connection.

“KeyScaler Edge gives technical, security and operations teams the confidence that their IoT devices won’t lose robust security when no connection to the cloud is available,” said James Penney, CTO of Device Authority. “We’ve developed the functionality to support any public and private CA, as well as provide central reporting and management of all certificates and central visibility of Edge and Leaf node relationships. As Edge becomes mainstream customers are asking for Online and Offline capability and for KeyScaler to solves the associated security challenges,” he added.

Cybersecurity, News

Before the start of the academic year, the number of DDoS attacks on online retail has increased

Before the start of the new academic year, StormWall specialists have identified a sharp increase in DDoS attacks on the e-commerce sector in August 2021. Online retail is traditionally one of the most attacked industries, and during the preparation for school, the number of attacks on online stores increases significantly. With the help of cyberattacks, online retailers are trying to harm their competitors and cripple their websites. Experts have found that the number of DDoS attacks on online stores increased by 62% in August 2021 compared to August 2020. Data from StormWall customers was used for the study.

As the study shows, most attacks in August this year targeted online clothing and footwear stores (41%) and online electronics stores (35%), as well as online stores for office supplies (5%), sporting goods (11%), furniture (4%), household goods (3%) and others (1%).

Experts were also able to analyze the type of DDoS attacks that hit e-commerce this year. Experts have found that the average attack performance is 50-200 thousand HTTP requests per second, and the maximum recorded performance for online stores was about 600 Gbps. Although hackers already know how to launch DDoS attacks with a capacity of up to 2 Tbit/s, even a much smaller attack can cause great damage, as such an attack can stop the work of the site for several hours. Most of the DDoS attacks on e-commerce in August 2021 were carried out via HTTP protocol (93%), some of the attacks were carried out via TCP protocol (5%), and there were also attacks via UDP protocol (2%).

“Every year it becomes more and more difficult for online retailers to defend against DDoS attacks. Now you can buy a botnet on the Internet that allows you to organize an attack with a capacity of up to 2 Tbit/s, and the online retailer is not able to defend against it independently. During the school preparation period, competition in the e-commerce market is significantly increased, and every online retailer should be prepared for a possible DDoS attack from the competition. Most businesses already use professional protection, but its effectiveness can vary. It is recommended to perform stress tests of your resources at regular intervals to check if the protection is working effectively,” says Ramil Khantimirov, CEO and co-founder of StormWall.

Cybersecurity, Midlands News, News

Birmingham Community Healthcare NHS Trust adopts cyber security solution to protect patient data

Birmingham’s Community Healthcare NHS Trust (BCHC) has invested in a full suite of cyber security services to keep its patients’ data and personal details safe from any would-be cyber-attacks, criminals and hackers.

BCHC provides over 100 community-based clinical and specialist services, via community hospitals, health centres, clinics, community centres, schools, care homes and dentists, to patients living in and around Birmingham.

With thousands of employees working in over one hundred sites, BCHC’s previous IT landscape made cyber security difficult to implement effectively for the disparate workforce, using the Trust’s own internal, stretched resources alone. As each NHS Trust’s security responsibility is theirs alone, BCHC recognised its need for additional security, which would offer value for money and not exceed public sector budgetary constraints.

Kidderminster-based CyberGuard Technologies is one regional IT security services provider that has taken responsibility for ensuring NHS Trusts like BCHC are kept safe from would-be attackers.

BCHC’s Head of IT, Gerard Kilgallon: “The Trust’s IT team has an unwavering priority to deliver IT services that enable its clinicians to provide patient care, meaning cyber security was being reluctantly de-prioritised across the Trust. This sizeable challenge was in the shadow of the infamous WannaCry ransomware attack that brought other NHS Trusts across the UK to a standstill in 2017. Ever since there’s been widespread acknowledgement that the NHS was suffering something of a cyber security crisis, being at serious risk of another attack.”

Initially Gerard planned to recruit his own cyber specialists but it quickly became apparent that employing a knowledgeable cyber security team would be a challenge in itself. Due to a skills shortage in the UK, salaries for efficient security experts are currently beyond BCHC’s recruitment budget.

CyberGuard spent time assessing BCHC’s security requirements via an audit and running a ‘proof of concept’ for the Trust for a number of weeks, which allowed the Trust to see CyberGuard Technologies’ security service and teams in action and was integrated into the NHS’ complex infrastructure to ensure visibility. CyberGuard also set up a Critical Incident Response Service to proactively protect the Trust’s systems and date, which saw CyberGuard’s Security Operations Centre (SOC) investigate, react to and remediate any threats at source.

Soon after, BCHC expanded CyberGuard Technologies’ scope with the implementation of its SIEM solution (Security Information & Event Management) to transform the communication between all of the Trust’s existing security products, which provided a clear picture of any threats to the Trust, along with possible attack vectors, so CyberGuard could escalate and respond to protect the strict patient data protocols and keep sensitive data safe.

Sean Tickle, Head of CyberGuard Technologies, concluded: “Taking our skills and expertise into the public sector has been thoroughly rewarding for CyberGuard, particularly at a time when the NHS has suffered unprecedented pressure due to the pandemic. The NHS is a precious public service and we’re proud to be working in partnership to keep BCHC’s network and highly sensitive data protected from cyber threats.”

Cybersecurity, News, Tech Thought Leadership

Simplifying Security in a World of Accelerated Digital Transformation

Written by James Alliband, Security Strategist at VMware Carbon Black 

In the current climate, maintaining business continuity has been a key priority for organisations worldwide. Likewise, re-evaluating security approaches has been crucial for survival, as COVID-19 forced businesses to make fundamental operational changes overnight to deploy a digitally dispersed workforce and migrate to private and public clouds. However, this rapid transformation has created multiple security challenges.  

From accelerating threat prevention, detection, and response mechanisms, to unifying endpoint and workload security to simplify the environment, organisations globally have had to shift the balance from a reactive security posture to a position of strength. The demand for secure access to applications and data soared as we rapidly moved to a digitally distributed way of working and, as a result, 98% of C-suite professionals surveyed in the UK said the volume of attacks they faced had increased. 

 

Defending a broader attack surface  

 As a result, cyber defences were placed under unimaginable strain. Security teams were tasked with handling hardware and software issues, managing remote devices, and allowing access to critical company resources, all while defending a much broader attack surface. With more employees working outside the traditional corporate environment, points of vulnerability became greater, providing an attractive space for bad actors to disrupt and extort enterprises. Attackers found new methods to penetrate defences and stay undetected. Some 88% of cybersecurity professionals reported increased phishing attacks relating to COVID-19, while new variants of ransomware were also released to stop companies in their tracks, as well as an influx of Denial of Service (DDoS) attacks.   

Outside of navigating increased threats, organisations faced multiple new challenges, including managing security in a remote working environment and ensuring employee accessibility. To enable employees to remain productive, organisations had to provide continuous, secure access to applications across remote endpoints, all while tackling security awareness for employees working from home.  

So, how have IT and security leaders across the world been dealing with these challenges?  And how can organisations unify IT and security teams to alleviate this pressure going forward?  

Many security teams have benefitted from moving back to the basics, simplifying and strengthening their security strategies.  

 

Simplifying security strategies and going back to basics 

To provide the flexibility and agility required in the modern environment, organisations had to build new elements into their security strategies, to fully leverage their infrastructure and control points while seamlessly securing data centres, clouds, and endpoints.  Now, in this heightened threat environment, attackers have become too sophisticated in their methods to be averted by traditional endpoint security. Therefore, the more modern security technologies deployed, like Endpoint Detection and Response, which are internet or cloud native, were the ones that worked seamlessly as organisations pivoted to support a distributed workforce.  

However, moving from in-office to remote working has required new security standpoints, and as a result, has forced businesses to move back to the fundamentals of security. Starting with internal accessibility, security teams had to start from ground zero and look strategically at their connections. For example, many organisations experienced a complete change in typical traffic volumes, with employees operating at different hours to suit their work-from-home lifestyles, which meant security teams had to rapidly alter their trigger points from a monitoring perspective. 

Nonetheless, despite shifting security strategies, products cannot solve these problems in isolation. To alleviate the immense pressure of rapid adaptations, IT and security teams need to unite and work closer together. More than ever, businesses require an approach that makes security intrinsic and enables IT operations and security teams to integrate both strategically and tactically.  

One obstacle which invariably challenges security teams is knowing who they should report to and how they can effectively collaborate with different teams, particularly IT.  The challenge internally can be difficult, however some level of cross-pollination of employees across different teams can work well. For example, someone in security can work in an adjacent function of the business that they have expertise in. Building bridges with other departments and being able to talk to each other is always beneficial. 

 

Journey toward cloud transformation and application modernisation  

 COVID-19 has radically changed the pace of innovation across many industries, with decisions like moving to cloud accelerating, after previous months and years of deliberation on infrastructure upgrades. However, such sudden transitions are not without complexity, with security teams having to adjust to the vast amounts of data now available. 

Here it is important for organisations to start with this data and identify its meaning; getting more context is critical for enriched visibility into the network environment. Capturing more data allows more context, so teams should work on putting this in place where it is accessible. Then layer over the top the ability to drive down into the core data elements.  

In an era of cloud applications and mobile users, organisations should prioritise their controls and rethink how they get that all-important visibility. While there is no magic wand to dissolve legacy technology, uniting teams will help to protect the business from threats – likewise prioritisation will help. By prioritising certain areas, security teams will be better positioned to overcome obstacles and navigate the current environment.  

Here are four top tips that our CTO Scott Lundgren recently shared at our CISO roundtable: 

 

1.      Accelerate the work you’re doing around security tooling to enable both the security team and the engineering team with a single set of tools, tailored for each department. This can make everyone work together more simply. 

 

2.      Recognise the importance of basic cyber hygiene. Understand what is installed and what’s not, where devices are and where they’re not. It’s easier said than done, yet it is the foundation of any security strategy. 

 

3.      Get the required visibility into your systems. If you don’t have the right visibility, then you can’t even begin to have efficiency because you’re completely blind and chasing threats that don’t exist. 

 

4.      Understand the consequences of your decisions. We often talk about specific technologies and specific product capabilities and, while they’re important, if they don’t tie the whole system together, it doesn’t work. Also understanding what the big decision points are and the multiple consequences is important for the future of security. 

 

In light of the new working environment, it is impossible for any organisation to say that they are truly secure. Here at VMware Security Business Unit we spend a lot of time trying to convince others that 100% security is not the goal, nor is it attainable. However, by putting the right foundations in place – including gaining visibility into the environment and shifting security to cloud - organisations can create a platform for success. 

It is time to unify endpoint and workload security to simplify the environment and build security intrinsically across applications, clouds, and devices. This will bring together IT operations and security teams to tackle new threats and eliminate blind spots to deliver better visibility and proactively address vulnerabilities before they become breaches or attacks, shifting from a reactive security posture to a position of strength. 

Cybersecurity, Data & Analytics, News, Tech Thought Leadership

Sarah Doherty: Summer is Here and Data Still Needs to be Protected

Written by Sarah Doherty, iland 

The summer of 2021 is upon us and everyone is excited to get back out and enjoy national parks, oceanfront beaches, amusement parks, campgrounds and so much more. With a large number of employees still working from home and taking time off this summer, it is still critical to protect your organisation’s data as it travels for summer holiday. Ransomware attacks are on the rise and continue to be a disruptive force affecting everything from financial institutions, healthcare to SLED (state and local government and education). Due to the rise in remote work prompted by the pandemic, attacks are up 148%.

Defending your data is more critical than ever

Over the past few years we have seen a steady increase in the number of ransomware attacks and this growing issue has quickly become an extremely profitable criminal enterprise. Targeted organisations often believe that paying the ransom is the most cost-effective way to get data back — and, unfortunately, this may be the truth.

The real issue is that every business that pays to recover their data is directly funding the development of the next generation of this cyber threat. As a result, it continues to advance, with more sophisticated variations and more specific targeted cyber-attacks. The costs continue to increase as well. Recent research from Cybersecurity Ventures predicts that these attacks will cost the global economy 6 trillion annually in 2021! This makes defending your organisation’s data more critical than ever.

The threat of ransomware is inescapable. Every 11 seconds, an organisation is hit with an attack. It’s time to take a proactive, unified approach. Moreover, It is important to remember that securing and defending against ransomware, before it happens, is critical but there is no silver bullet to combat this problem. The reality is that preparing to recover quickly after it happens can be just as important to the long-term viability of your business.

Today’s cloud backup and disaster recovery solutions have evolved with ransomware protection and recovery in mind. Heads of organisations should seek to find an industry leader that provides a combination of air-gapped backup and disaster recovery that can help their organisation avoid worst case scenarios, including paying a ransom, if their data becomes compromised. Disaster Recovery as a Service (DRaaS) and Backup as a Service (BaaS) help protect against ransomware attacks by maintaining multiple copies of data, including optional air-gapped copies of data, in secure offsite global data centers.

Another way to help protect against malicious internal or external threats is with Insider Protection which enables you to recover a full backup deleted by mistake, but more importantly it also protects you from malicious attacks from outside threats. Backing up your data locally and offsite is no longer a catch all solution as recent attacks show that backup files are being targeted and destroyed. Attackers are aware of retention policies for your backups as well. Instead of simply deleting your backup files, they may choose to corrupt your production data and continually run a backup job to a cloud target. This ages out any useful recovery points you may have and replaces them with backups of already corrupted data. With Insider Protection, backup files deleted accidentally or maliciously are retained in an air-gapped directory.

Summer is here and it is time to enjoy all that it has to offer, but don’t take a holiday from protecting your data. Cyber criminals aren’t taking time off and are a constant threat to the lifeblood of your organisation, your data. Beware and be prepared and let industry leaders provide you with the right solutions to continue to protect your data no matter the threat.

Blockchain, Cybersecurity, Fintech, News

Start-up raises $2.6m to drive uptake of digital ID

cheqd – a start-up whose technology could drive widespread uptake of digital IDs – has secured a $2.6m (£1.9m) investment to support the launch of its product later this year.

The latest funding round was backed by Outlier Ventures, Evernym, TitanBlock, Torque, 3GR and a consortium of private investors. It follows their initial investment in March this year and brings the total raised by the company to $3.3m (£2.4m).

cheqd’s software enables individuals to have their own digital ID that they can store on their mobile phone and use to verify their identity or information such as their qualifications, vaccine status or credit history. Like a passport or driving licence, it would be ‘signed’ by a trusted authority and accepted as proof of status by other organisations without the need to check the individual’s details on a central database.

The technology, which is based on blockchain, has been developed by a team led by Fraser Edwards and Ankur Banerjee. It is unique in that it not only enables organisations to create a digital ID, but also incorporates a payment system so they can charge users a fee to cover the cost, encouraging wider uptake. So for example, a bank that had carried out background checks on a new customer could provide him or her with a digital ID that they could use at other banks to avoid repeating the process.

Self-sovereign identity (SSI), as the concept is known, could be key to unlocking access to banking, government benefits or other services and research suggests it could boost economic growth by 3% in the UK in 2030. It also safeguards privacy by removing the need to store personal information on a central database and giving the individual control over what information they share.

Founders Fraser and Ankur – who met while working as analysts at Accenture in London – have spent the past seven years managing emerging technology projects and were selected to take part in Outlier Ventures’ Base Camp in spring 2021. The business currently employs a team of eight and is on course to launch its first product later this year. It will be aimed at tech firms developing digital ID solutions, as well banks, universities, hospitals or other bodies that issue credentials and may want to offer them in digital ID format.

Ankur Banerjee, the CTO, says digital IDs could save the time and cost involved in carrying out repeated background checks: “Covid accelerated uptake of digital technology but the question is, how do you prove your identity and build trust in an online world? Digital IDs give people control over their credentials which makes it easier and cheaper to verify their identity which makes banking and other services more accessible. 

“However until now uptake of digital IDs has been limited because there is no business model that allows providers to charge for creating them. cheqd makes this possible for the first time and could act as a catalyst to encourage wider uptake.”

Fraser Edwards, CEO at cheqd, added: “cheqd aims to build the trusted data economy to give people and organisations back their privacy and control of their data. We would like to thank all the investors who share our vision and brought us this far. The strong interest we have had from investors signals that the market is ripe and there is a big demand to address the data security, privacy and trust issues linked to our identities.”

Jamie Burke, CEO at Outlier Ventures, added: “You can’t have Web 3.0 without a form of decentralised identity that works at scale and has a business model for network participants hardcoded into it. That’s why we firmly believe in cheqd’s mission as they enable SSI.” 

Charity & CSR, Cybersecurity, News

ThreatQuotient Continues Tradition of Celebrating World Rhino Day in 2021

 ThreatQuotient™, a leading security operations platform innovator, today invites the cybersecurity industry to celebrate World Rhino Day 2021. Less than 30,000 rhinos remain in the world, and the poaching crisis is not slowing down. To help bring awareness to rhino conservation efforts and to raise money for initiatives that will ensure their protection, ThreatQuotient has been an official partner of Helping Rhinos, a charity organisation focused on providing a sustainable future for rhinos, since 2019.

ThreatQuotient’s ongoing support for Helping Rhinos includes sponsoring Nocry, a member of South Africa’s first all-female anti-poaching unit, Black Mambas. The Black Mambas took part in the first ever World Female Ranger Day in June 2021, highlighting the unique skills that female rangers bring to conservation and the incredible progress they are making. These rangers are not only protecting wildlife on the frontline, but are great role models in the community. ThreatQuotient’s sponsorship has contributed to vehicle, administrative, patrol and equipment costs, as well as the new Black Mambas operations center, providing a headquarters complete with computers, radios, grid maps and nature conservation books.

“Every year on World Rhino Day, I am proud that ThreatQuotient is part of something bigger than cybersecurity. Our love for the rhino species can be felt in every corner of ThreatQuotient, from our mascot and office space, to the rhino adoptions we have made on behalf of every region of the world where we have customers,” said John Czupak, CEO of ThreatQuotient. “We recognise there are many causes that deserve worldwide attention. Today, we call on our industry peers to join us in raising awareness of rhino conservation. We tip our hat to Helping Rhinos for their tireless work, and I thank my team for building a culture at ThreatQuotient that actively looks for ways to make an impact on the world around us.”

Loss of habitat is an increasing threat to the rhinos’ future on our planet. South Africa is home to 80% of Africa’s rhino population, and the region’s human population growth is forecast to rise by 20 million by 2075, putting unprecedented pressure on wild spaces and the wildlife that rely on them to survive. To support rhinos that are displaced, ThreatQuotient also maintains four rhino adoptions – Mthetho, Makhosi, Mpilo and Bhanoyi – each of which are growing and thriving at the Zululand Rhino Orphanage.

Simon Jones, CEO of Helping Rhinos, added, “Helping Rhinos applauds the collaborative international efforts with the law enforcement agencies in South Africa, however, we still have a long road ahead to overcome the poaching crisis. In the first half of 2021, poaching was 50% higher than in the same period in 2020. With the support of dedicated organisations like ThreatQuotient, we can continue to find creative and innovative ways to protect the world’s rhino population. Helping Rhinos is grateful for their efforts, and look forward to welcoming other supporters into our community as a result.”

Help Rhinos’ latest initiative is the Rhino Strongholds Protect project, aimed at improving the efficiency and effectiveness of anti-poaching operations. Radio tracking collaring is a proven deterrent against poaching, and by fitting 40 radio tracking collars on 40 rhinos, Helping Rhinos will be able to track rhinos across eight different reserves in the Eastern Cape of South Africa. These collars will help rangers watch the rhinos from a far distance and save time and resources.

To get involved and contribute to Helping Rhinos’ goals, consider attending the Global Gala for Rhinos on Oct. 23, 2021. The gala, as a hybrid virtual event, will showcase work being done to create and strengthen Rhino Strongholds that are essential to ensure the long term survival of both black and white rhino on Ol Pejeta Conservancy.

More information about Helping Rhinos and an online donation link can be found here.

About Helping Rhinos

Helping Rhinos prides itself in applying an innovative and forward-thinking approach to conservation and is delivering a positive change in the fortunes of the rhino. They will continue to work with passionate and dedicated partners, both internationally and on the ground in the heart of rhino habitats. Their funding will support creative and proven initiatives to provide a sustainable future for rhino. For more information please visit https://www.helpingrhinos.org/.

About ThreatQuotient

ThreatQuotient improves security operations by fusing together disparate data sources, tools and teams to accelerate threat detection and response. ThreatQuotient’s data-driven security operations platform helps teams prioritise, automate and collaborate on security incidents; enables more focused decision making; and maximises limited resources by integrating existing processes and technologies into a unified workspace. The result is reduced noise, clear priority threats, and the ability to automate processes with high fidelity data. ThreatQuotient’s industry leading data management, orchestration and automation capabilities support multiple use cases including incident response, threat hunting, spear phishing, alert triage and vulnerability prioritisation, and can also serve as a threat intelligence platform. ThreatQuotient is headquartered in Northern Virginia with international operations based out of Europe and APAC. For more information, visit www.threatquotient.com

Cybersecurity, Midlands News, News

West Midlands Cyber Resilience Centre (WMCRC) has launched a free membership aimed specifically at charities and third sector organisations to help them keep their funds and the personal data they hold safe.

With over 14,000 registered charities based in the region and with so much fundraising and charity donations now made online, the WMCRC is urging charities to be vigilant to the threat of cyber-crime and sign up for a free membership with the centre.

The centre’s Charity Membership provides charities, not-for-profits and third sector organisations that have under 50 employees with access to a range of resources and toolkits to help them identify their risks and vulnerabilities, as well as providing guidance on the steps they can take to increase their levels of protection.

Alongside the resources and toolkits offered as part of the core membership, should your charity need further support the WMCRC offers additional services to help you mitigate the cyber security risks your core membership has identified.

In a recent case in the West Midlands, a lady who raised a six-figure sum for her chosen charity was targeted by a hacker who found out about her fundraising efforts on social media.

The hacker managed to access her webmail address and started monitoring all the emails coming in and out of her account. The password was easy to guess, and she hadn’t turned on two-factor authentication. That meant that when the time came to transfer the funds to go to the charity, the hacker simply intercepted the email, changed the bank account details, and had the funds redirected to their own account.

Fortunately, the banks helped to recover most of the funds, but this case highlights how supporters of charities can be at risk and how charities can play a vital role in providing guidance to their supporters, so they are aware and no what to look out for.

Alison Hurst, Director of The Cyber Resilience Centre for the West Midlands said: “Cyber-attacks like this one might seem hard to believe, as you wouldn’t think cyber criminals would target a person who is trying to raise money for a good cause, sadly that isn’t the case.”

“While it is tempting to think cyber-attacks only happen to high-profile, high turnover businesses and charities, research shows that regardless of the size and complexity of your organisation, anyone can be targeted.

“There are some simple measures that not only safeguard you but can protect your devices and systems too. We understand that charities face the same financial strains as other businesses and that cyber security services are often expensive.

“However, this is where our cyber security service offering can help charities to focus on key areas of cyber security including securing your website from cyber-attacks to protect all your online activities, sensitive data, and business from cyber-attacks through our Web Application Vulnerability Assessment.

“We are here to support all charities in the region, big or small, just get in touch with the team via www.wmcrc.co.uk/contact-us so that we can help you.”