Category Archives: Cybersecurity

Cybersecurity, News

Cohesity Positioned as a Leader in the IDC MarketScape for Worldwide Cyber Recovery

Cohesity, a leader in AI-powered data security and management, today announced that it has been positioned as a Leader in the IDC MarketScape: Worldwide Cyber Recovery 2023 Vendor Assessment (doc #US49787923, October 2023). This is the first year of this assessment that is based on the National Institute of Standards and Technology (NIST) framework. To be included in the report, vendors must be able to address at least one pillar of the NIST cyber recovery framework beyond “Respond” and “Recover,” including “Identify,” “Protect,” or “Detect.” Cohesity solutions recognize all five pillars of the NIST framework.

“Cohesity has strong capabilities in core data protection and has pivoted quickly and effectively into cyber-resilience with a product portfolio designed to assist customers in cyber preparedness, including vulnerability scanning, early detection, incident response, and forensic analysis to orchestrated recovery. It also has AI-based anomaly detection that analyses backup data to compute the odds of an anomaly and identify novel or emergent trends,” said Phil Goodwin, IDC MarketScape author and Research Vice President, Infrastructure Systems, Platforms and Technologies Group.

Cohesity was recognized for several strengths, including:

  • Broad-ranging cybersecurity and recovery capabilities without forgetting the fundamentals of backup/recovery and disaster recovery
  • Well-integrated user interface that is intuitive to use and seamlessly incorporates third-party intellectual property
  • Strong “upstream” ecosystem development and IP leverage via the Data Security Alliance
  • Strong “downstream” ecosystem of relationships, including AWS and IBM
  • Zero trust concepts extensively embedded in the solution

The report states, “Cohesity’s product portfolio is designed to assist customers in cyber preparedness, including vulnerability scanning, early detection, incident response, and forensic analysis to orchestrated recovery. It also has ML-based anomaly detection that analyses backup data to compute the odds of an anomaly and identify novel or emergent threats.”

“At Cohesity, we believe that security and simplicity are the core tenets of modern data security and management. Our technology radically simplifies how enterprises secure and manage their data and unlock limitless value,” said Amith Nair, Senior Vice President, Marketing, Cohesity. “We’re pleased to be named a Leader in the IDC MarketScape report, as we believe it’s a testament to our commitment to providing our customers with a modern data management solution that supports the evolving threat landscape.”

Cohesity, Building Three Pillars to Protect Customers from Cyberattacks
As the threat of cyberattacks continues to plague organisations, it is not a matter of if, but when, sensitive data will be compromised. Equally critical to thwarting attacks is the ability to rapidly recover clean data and return business to full operation. Cohesity has addressed this challenge with a three-pronged approach. First, it offers best-in-class technology, including its award-winning, cyber vaulting service, FortKnox. Second, the Cohesity Data Cloud is an extensible platform that makes it easy to add and integrate third-party technologies, such as Tenable, zScaler, BigID, Qualys, and others. Third, Cohesity has convened a comprehensive and growing Data Security Alliance that includes an extensive set of leaders in the security market. With Cohesity’s modern data management approach, extensible platform, and Data Security Alliance, customers can protect, detect, respond, and recover from cyberattacks to maintain business continuity and minimise impact to their bottom line.

Cohesity’s three-pronged approach provides customers with a comprehensive approach to cyber resilience and business recovery. The threat of cyberattacks is not fading, and the need to enhance customers’ data protection and recovery with all the innovation the market offers is critical. To this end, seven of the top 10 banks in the US rely on Cohesity to protect and recover their data, six of the Fortune 10, and 42 of the Fortune 100.

Cybersecurity, News, Tech Thought Leadership

Double blow – Ransomware group denounces victims to American authorities

Written by Mark Molyneux, CTO for EMEA at Cohesity

The ransomware group AlphV says it has filed a complaint with the American Securities and Exchange Commission (SEC) because its victim, MeridianLink, did not report their successful attack that resulted in data loss. The pressure on companies is growing to structure their measures in the event of successful attacks.

On November 15th, the hacker group AlphV added the company MeridianLink to its own list of victims. The attack probably took place on November 7th. The group confirmed to the news portal Databreaches that it had reported the company to the American Securities and Exchange Commission (SEC).

Accordingly, AlphV wrote to the SEC: “We would like to draw your attention to a concerning issue regarding MeridianLink’s compliance with the recently adopted rules for disclosing cybersecurity incidents.” MeridianLink says it is investigating the cyber incident and possible consequences.

With this step, the ransomware group AlphV has broken new ground, highlighting the far-reaching consequences that companies can now expect if they are hacked.

This is effectively a quad-bubble ransomware attack: encrypt the data; exfiltrate and publish; harass the data subjects, and finally report to the regulator.

It is understandable that companies will want to initially downplay a successful break-in in order not to unsettle customers and the public, and to allow further time to investigate the incident in peace. However, with cybercriminals’ new manoeuvre, companies have less and less time to get their position in order, and further to this they will need to be more open than they may want to be, as the threat actors will not tone down their reporting. It is essential to modernise the processes and procedures in the event of an emergency in order to be able to react quickly.

Companies already have a very short time to investigate the cyber incident, assess the data that has been compromised, and provide an accurate report to the regulator. With threat actors now showing the will to report the breach themselves, together with evidence of the actual data encrypted or exfiltrated, companies will find themselves under increasing pressure to index, classify and secure data such that they can themselves provide accurate reporting, but more importantly, so they know what has been lost and how to quickly replace that from their vault system.

Synergies for enhanced cyber resiliency

Organisations should consolidate their disparate application data silos onto a single centralised data management platform that is based on a scalable hyper converged file system. In this case the data stored will be automatically analysed by the deduplication and compression functions to achieve the highest reduction rates across the organisation.

To protect stored data, such platforms take the Zero Trust model even further by implementing strict access rules and multi-factor authentication, encrypting the data automatically, both during transport and at rest, to further enhance security against cyber threats like ransomware. And it generates immutable backup snapshots that cannot be changed by any external application or unauthorised user.

These backup snapshots are analysed by AI-driven algorithms to identify indications of possible anomalies. These can be passed on to security automation tools from vendors such as Cisco or Palo Alto Networks, in order to examine the potential incident in more detail.

Finally, modern data management platforms also provide more insights from data analysis thanks to integrated classification. Organisations can better understand their compliance risks by getting visibility into their dark data, which according to Gartner affects between 55% and 80% of the data a company stores. They can decide with confidence whether to keep certain records or delete them with no risk.

All of these synergy effects found in a modern data platform enhance cyber resilience, reduce the operating and storage costs and help organisations to manage the growing volumes of their data in the long term.

The incident proves once again: Rather than the illusion of total cyber security, the focus must shift to operational cyber resiliency where organisations can effectively respond to and withstand attacks. While preventative measures are important, they’re table stakes, not the winning hand, when an organisation is fighting cyber-compromises. There is a very strong case for taking a modern approach to backup and recovery of data with a “‘identify / protect / detect / respond / recover’ setup”.

 

Cybersecurity, News, Tech, Tech Thought Leadership, Technology

API Security Threats Rising As Confidence Also Increases

Written by Shay Levi, CTO and co-founder, Noname Security

 

API security breaches are increasing, even as many organisations express confidence in their security strategies. Is there a disconnect between perception and reality?

APIs are the connective tissue linking applications and services in the modern enterprises that fuel today’s digital economy. But unfortunately, APIs are a lucrative target for attackers and our latest API Security report reveals these connections may be more vulnerable than companies realise.

We surveyed over 600 cybersecurity professionals and uncovered a troubling disconnect: 78% said they suffered an API security breach in the last 12 months, yet 94% expressed confidence in their security tools. This gap between perception and reality persists from our previous annual survey, indicating an ongoing lack of awareness of API security threats. As businesses rely on APIs more than ever, it’s essential to properly gauge risks and implement robust protections.

 

Key trends in API security

Our report highlights that API security-related breaches are rising, up from 76% in our 2022 report to 78% in 2023. This indicates a rising trend in API security attacks, despite high confidence levels. In 2023, the top attack vectors have shifted from dormant APIs and authorisation issues to Web Application Firewalls, network firewalls, and API gateways. So, while attack methods are continuously evolving, it would appear that security strategies are not keeping pace.

Perhaps more concerning, our findings show that 72% of organisations claim to have full API inventories but only 40% know which APIs handle sensitive data. In my own analysis of hundreds of companies’ API landscapes, I’ve seen that frequently organisations are flying blind and lack visibility into their inventories. Incomplete API inventories can lead to massive gaps in an organisation’s API security strategy. Security teams also need API inventory so that they can have a realistic view of their attack surface and risk posture to help prioritise the wide range of API security activities that must be accounted for.

On a more positive note, the report revealed that 55% of organisations now perform real-time or daily API security testing, which is an increase from 39% in 2022, but this still falls short of matching the frequency of API security attacks. Over half of the organisations surveyed cited lost customer goodwill and churn of customer accounts after API security incidents. The financial and reputational damages resulting from these incidents can be catastrophic.

 

A lack of cohesion, leading to potential blind spots

One of the most significant disconnects highlighted in our report is across roles within organisations. While 84% of CTOs reported API security breaches, only 48% of application security specialists directly managing APIs acknowledged such breaches. Web application firewalls were identified as the top attack vector for AppSec teams, while others pointed to a mix of vectors including network firewalls and API gateways.

Interestingly, only 84% of AppSec professionals expressed confidence in their security tools compared to 95% of those in other roles. These mixed signals indicate a lack of cohesion and potential blind spots across security teams.

The ongoing rise in API security breaches over the past few years makes it clear this is not just a passing fad, but a serious issue that demands urgent attention. Our repeated survey findings demonstrate a consistent pattern of escalating API security attacks, rather than this being an anomaly or temporary spike.

 

The API threat landscape is intensifying

This data shows that the API threat landscape is only intensifying with time, as more hackers recognise the value of targeting these vulnerabilities. APIs now provide an extremely attractive vector for data theft, service disruption, and other cybercrimes.

Ignoring or downplaying these risks is no longer viable given the empirical evidence. Organisations must accept that API security threats are a pressing reality that can severely impact operations and reputation. Proactive mitigation of API security vulnerabilities needs to become an immediate priority across industries.

Companies can’t afford to be complacent or slow to respond as API attacks proliferate. The time to implement robust API security measures is now, before incidents spiral out of control. Prioritising this area and dedicating appropriate resources is imperative. APIs represent a clear and growing danger facing all enterprises in today’s digital ecosystem.

 

A complex picture of API security

Our report paints a complex picture of API security. Breaches are demonstrably increasing, underlining APIs’ importance as attack vectors. But confidence and readiness don’t align with mounting threats. Patchwork visibility and testing approaches leave major gaps. And differing perceptions across functions suggest a lack of holistic understanding and strategy.

API security can’t be an afterthought given the role of APIs in connecting vital systems and data. Companies must approach protection proactively, not reactively. That requires complete visibility and scanning of the entire API inventory along with robust monitoring and testing. Rapid development and deployment of APIs also demand that developers fix issues earlier in the process, before going live.

Organisations should implement centralised API security centres to unify insights across teams. API security tooling should be able to offer a range of capabilities throughout the lifecycle and provide the necessary context to stop attacks and data exposures for an organisation’s unique API business logic.

 

As attack surfaces expand, enterprises can’t be complacent

As attack surfaces expand, enterprises can’t be complacent. They must accurately assess their API risk, make security a priority backed by budget, and bridge the gap between perception and reality. The coming year may be a watershed for API security as threats rise. Companies that align confidence with robust precautions will maintain their advantage. Those still underestimating risks may suffer the consequences.

In my experience, having a centralised API security team is crucial to connect visibility and insights across the organisation; API security is now a competitive advantage. Customers recognise and reward companies that invest in robust API protections. Enterprises absolutely cannot afford to underestimate API threats any longer – the time to shore up defences is now.

Cybersecurity, News

Veracity Trust Network among 17 UK companies picked to present at Austrian cyber security forum

Pioneering tech company Veracity Trust Network has been named as one of 17 UK businesses selected by the Government to present at next month’s CEE Cyber Security Forum in Austria.

Nigel Bridges, CEO of the Leeds-based cyber security business – which specialises in detecting and blocking bots attacking websites and online advertising – will attend the event at the Residence of the British Ambassador in Vienna on Tuesday 21st and Wednesday 22nd November.

The event – which will welcome delegates from Austria, Bosnia and Herzegovina, Bulgaria, Croatia, Czechia, Poland, Romania, Slovakia, and Slovenia – will see Nigel deliver a presentation titled: ‘Bad Bots Destroy Businesses – How to Stop Them’. 

Veracity will be joined at the Department for Business and Trade-held event by other leading cyber and information security firms from the UK, such as Atkins Global and BAE Systems.

Speaking ahead of the event, Nigel said: ‘I am delighted that Veracity has been chosen as one of 17 companies to represent the UK at the CEE Cyber Security Forum in Vienna.

‘This is an exciting opportunity for us to showcase our pioneering bot detection solutions to European delegates and help spread the important message of the threat that malicious bots present to organisations across the continent.’

For more information, visit: https://veracitytrustnetwork.com.

Business Advice, Cybersecurity, News

What Directors need to know about Cyber Security

Often cyber security is seen as a one-off or periodic exercise which is the responsibility of the IT department, Nick Denning, CEO of Policy Monitor, argues that it has become an integral part of a modern director’s role which is vital to the long-term success and sustainability of organisations.

 

What are the duties of directors?

Company directors need to know about cyber security because it is integral to several of the seven statutory duties of the Companies Act of 2006[i].  These responsibilities include a “Duty to promote the success of the company” and “Duty to exercise reasonable care, skill and diligence,” which sound simple and obvious but are in fact wide ranging in scope.

Cyber security is crucial for safeguarding sensitive data, intellectual property, customer information, financial records, and other critical assets. Cyberattacks are no longer new or a novelty. Ignorance of cyber security threats is not a defence so paying proper attention to cyber security has become fundamental to these duties.

The Board is responsible for ensuring that risks to delivering the strategy are identified, evaluated, and mitigated in line with the business risk appetite. Board members don’t need to be technical experts, but do need to know enough to have constructive discussions with key staff so that they can be confident that these risks are managed.

 

Cyber security is at least as important as physical security

It would be unreasonable for a director to be surprised if there was a burglary due to an organisation’s buildings having no locks, yet many directors do not see cyber security as just as important, as physical security and organisational wellbeing. Physical checks on equipment, investment in security and safety devices, tests of emergency evacuation procedures and renewals of buildings insurance are standard, non-negotiable budget items which are always renewed, yet investments in cyber security, cyber insurance and staff awareness training often need justification each year.

A data breach or cyberattack can result in significant financial losses, potentially fatal reputational damage, and legal and regulatory consequences which could stop the business from operating, result in large fines or even send the directors to jail. Directors treating cyber security seriously is the first step to mitigating risks and protecting the organisation’s overall wellbeing and longevity.

 

Compliance is a prerequisite to doing business

Many industries have specific cyber security requirements mandated by law or in industry-specific regulations. In many cases suppliers and business partners must prove that they meet such standards or they have no chance of winning business in a sector. Directors are accountable for ensuring the organisation is compliant with these standards to avoid penalties, fines, and legal action.

EU and UK data protection laws, global consumer privacy standards and payment processing rules are just a few examples of a growing number of laws requiring compliance. The results of non-compliance can be devastating. For example, breaking UK GDPR laws could result in fines of up to £17.5 million or 4% of annual global turnover. Cyber security should be near the top of directors’ priorities. A strong position on cyber security builds trust and protects an organisation’s reputation, which may well be its most valuable asset.

 

Cyberattacks can derail your business

Cyber security also plays a major part in another important element of a director’s role, namely ensuring business continuity and resilience. Cyberattacks can disrupt business operations, leading to outages, financial losses, and inefficiencies in business processes such as fulfilling orders or responding to customer queries.

Directors must recognise that cyber security is not solely a topic for IT but a critical aspect of business continuity and resilience. By implementing robust security measures, disaster recovery plans, incident response strategies, and communication plans, organisations can minimise the impact of cyber incidents. If these are well documented and kept up to date they can also act as proof that the issue is being taken seriously, which can help win new business and reduce cyber security insurance costs.

 

Cyber security is an essential part of a modern director’s role

Cyber threats are constantly evolving, with cyber criminals becoming ever more sophisticated and persistent. Directors need to stay informed about emerging threats, security standards and best practices, so they can allocate appropriate resources to cyber security. Regular assessments, audits and risk management processes will help directors understand the organisation’s vulnerabilities and highlight where proactive measures are needed. Cyber security is not a one-off or annual exercise. Directors need to take it seriously and bake it into daily business operations.

Company directors need to pay regular attention to cyber security because in today’s business environment it is essential for protecting the organisation, complying with laws and regulations, maintaining trust and reputation, ensuring business continuity and gaining competitive advantage to help win new business. In prioritising cyber security, directors are performing an essential element of their role and contributing to the long-term success, sustainability and profitability of their organisation.

 

To learn more about how to protect your business when it comes to cyber security visit our website for more hints and tips.

 

Nick Denning is the founder and CEO of Policy Monitor.

[i] https://www.legislation.gov.uk/ukpga/2006/46/part/10/chapter/2/crossheading/the-general-duties

Photo by bruce mars on Unsplash

 

About Policy Monitor:

Based in London, Policy Monitor is a cyber security company founded by experts with extensive experience in operational and risk management. We evolve safety procedures and protocols, providing security policy management solutions and services to Measure, Manage and Monitor cyber risk and guard against cyber-attacks.

Our flagship solution, Cyber Security Policy Manager (CSPM), is a cyber security policy management system that incorporates GDPR, US NIST and UK CE cyber security standards to guide organisations through complexity. It is a simple and cost-effective cloud-based solution that helps measure, manage and monitor an organisation’s cyber security workflows and compliance. Cyber Essentials and IASME templates are pre-loaded to help reference cyber security best practice, define and implement a security policy and monitor compliance.

 

Cybersecurity, News

ThreatQuotient Publishes 2023 State of Cybersecurity Automation Adoption Research Report

Survey results highlight the expanding importance of automation, a change in how cybersecurity professionals determine ROI, and how cybersecurity teams believe they can avoid burnout 

ThreatQuotient™, a leading security operations platform innovator, today released the State of Cybersecurity Automation Adoption 2023. Based on survey results from 750 senior cybersecurity professionals at companies in the U.K., U.S. and Australia from a range of industries, this global research report examines the drivers and challenges for implementing cybersecurity automation in today’s enterprises. The third edition of this annual survey highlights how automation has become significantly more important compared to 2022 results.

Three quarters of respondents (75%) now say cybersecurity automation is important, up from 68% last year. Additionally, compared to last year, a higher percentage of respondents are automating key areas of their cybersecurity programme. The most notable use case increase is in alert triage, with 30% now using automation compared to 18% in 2022. There has also been a 5% rise in the use of automation for vulnerability management. Overall, phishing analysis is the most common use case for automation in 2023, adopted by 31% of respondents.

 

Key research findings also include:

  • Every survey participant reported problems with cybersecurity automation: the top three challenges are lack of trust in outcomes, slow user adoption, and bad decisions such as incorrectly blocking benign domain names or innocent emails.
  • Insufficient budget, growing regulatory and compliance challenges, and high team churn rates are the top three challenges facing cybersecurity teams.
  • Employee satisfaction and retention has become the main metric for assessing cybersecurity automation ROI for more than 60% of leaders, outweighing other measures such as how well the solution is performing in security terms.
  • Leaders believe cybersecurity team wellbeing would be improved by smarter tools that simplify work, greater flexibility over working hours and location, and increasing team headcount.
  • Budget for automation projects is now less likely to be net new allocations – only 18.5% have new budget this year, a drop from 34% last year. 57% are allocating budget from outside the team, while 46% have increased it by allocating budget from other tools.
  • Increasing efficiency is a main driver for cybersecurity automation for 41% of respondents, closely followed by regulation and compliance (38%) and increasing productivity (36.5%). Interestingly, maintaining cybersecurity standards dropped from joint first last year to fifth place this year.
  • Integration with multiple data sources (24%), training availability (23%), and automated reporting (21%) top the wish list for organisations when choosing cybersecurity automation solutions.

 

“Implementing cybersecurity automation is a complex and multifaceted undertaking, as borne out by the last three years of our research,” said Leon Ward, Vice President, Product Management, ThreatQuotient. “While most surveyed organisations say cybersecurity automation is important to their business, there are signs of dissatisfaction, with all but one respondent saying they have encountered problems. That said, there are proven use cases for automation, and we believe the main barriers encountered are due to early adoption of solutions that didn’t deliver on their potential and had a lack of integration capabilities.”

 

On the topic of measuring the ROI of cybersecurity automation, Ward notes: “The shift in how businesses measure ROI is significant, indicating a change in what organisations view as the “point” of investing in cybersecurity automation – the prime motivation is to improve the experience of employees. By allowing automation to shoulder the burden of lower value, repetitive activities, and release analysts for more interesting and fulfilling work, companies can improve employee satisfaction, wellbeing, and reduce churn.”

Ward continues: “With ROI measured on the basis of team satisfaction and retention, vendors need to incorporate the human benefits of their solution into product design and messaging. There are several developments on the horizon that should respond to this need, including the introduction of AI (artificial intelligence) and greater rollout of low and no-code solutions.”

 

To download the full State of Cybersecurity Automation Adoption in 2023 report, including more detail on the survey questions, regional and industry snapshots, and recommendations for senior security professionals to follow if they are looking to automate their security processes, click here.

 

Report Methodology

Leading security operations platform innovator, ThreatQuotient, commissioned a survey, undertaken by independent research organisation, Opinion Matters, in June 2023. 750 senior cybersecurity professionals in the UK., US. and Australia from companies employing 2000+ people from a range of industries including: Central Government, Defence, Critical National Infrastructure, Retail, and Financial Services sectors, with 150 respondents from each.

 

About ThreatQuotient

ThreatQuotient improves security operations by fusing together disparate data sources, tools and teams to accelerate threat detection and response. ThreatQuotient’s data-driven security operations platform helps teams prioritise, automate, and collaborate on security incidents; enables more focused decision making; and maximises limited resources by integrating existing processes and technologies into a unified workspace. The result is reduced noise, clear priority threats, and the ability to automate processes with high fidelity data. ThreatQuotient’s industry leading data management, orchestration and automation capabilities support multiple use cases including incident response, threat hunting, spear phishing, alert triage, vulnerability prioritisation, and can also serve as a threat intelligence platform. ThreatQuotient is headquartered in Northern Virginia with international operations based out of Europe, MENA and APAC. For more information, visit www.threatquotient.com.

 

AI, Cybersecurity, News, Tech

Egress Announces Integration with CrowdStrike to Prevent Cloud Email-based Threats Driven by Human Risk

Integration with the AI-native CrowdStrike Falcon® Platform enhances Egress’ adaptive security model with identity risk data to prevent the risky human email behaviors that can lead to a breach

Egress announced a new integration with CrowdStrike to enhance the way organizations manage human risk in email. The integration of the Egress Intelligent Email Security suite with the AI-native CrowdStrike Falcon XDR platform enhances Egress’ adaptive security model with identity risk scoring from CrowdStrike Identity Threat Protection – empowering customers to stop email-based threats driven by risky human behaviours.

Egress offers an adaptive security model for cloud email, dynamically automating threat protection and transforming human risk management on email. The Egress Intelligent Email Security suite combines adaptive security architecture with AI-based detection capabilities to defend organizations from advanced phishing attacks, human error, and data loss.

Egress generates aggregated individual risk scores by augmenting product telemetry, open-source intelligence, and behavioral data with threat intelligence taken from any third-party security application via a two-way open API. When a score reaches a higher risk threshold, products in the Intelligent Email Security platform automatically adapt their controls to defend against advanced inbound and outbound threats. Following today’s announcement, Egress’ risk score will be enriched with data from the AI-native CrowdStrike Falcon XDR platform to provide a holistic view of user human risk.

 

Egress CEO Tony Pepper comments: “Every year, reports from across the industry highlight that the human element is involved in the majority of security incidents. Changing this narrative is only possible if vendors work together to share intelligence that can be aggregated to provide a hyper-accurate understanding of human risk across an organization. As technology suppliers within the customer ecosystem, we can all leverage enhanced user risk scores to automate better protection and surface insights that can be rapidly actioned by security teams. Today’s announcement is a positive step in that direction for Egress customers, enabling them to dynamically respond as risk changes across their estate and prepare for threats before they materialize.”

 

For more information, request a personalized product demonstration here.

 

Cybersecurity, Insurance, News

Cowbell Continues Rapid Growth in 2023, Increasing its New Customer Base 49% Year-Over-Year

Cowbell announces $25 M in equity financing, underscoring its leadership in the expanding cyber insurance market

According to a recent study, 72% of SMEs without cyber insurance say that a major cyberattack could destroy their business. Cowbell is closing the insurability gap for this critically important market, achieving 2.5x premium growth in 2022 to insure SMEs against evolving cyber threats.

Cowbell has widened its geographic footprint, recently launching operations in the UK market with Prime One for UK SMEs. Cowbell’s vertically integrated technology platform, AI-based approach, and continuously monitored risk pool– now comprising 38 Million US and UK businesses– remain key differentiators. The need for SMEs to augment their cybersecurity with a robust cyber insurance policy has never been greater, as more and more threat actors are targeting this market. Since its inception, Cowbell 365, Cowbell’s dedicated risk engineering and claims management service, has prevented ransom threats over 74% of the time and reduced ransom payments to an average of 26% of the initial ransom demand.

“Economic costs of cybercrime will reach $24T by 2027, accelerating cyber insurance adoption and growth even further. We are investing in Cowbell’s strengths – its people, culture and unit economics,” said Chris Zhong, Investment Principal at Prosperity7 Ventures. “Prosperity7 is excited to partner with Cowbell on their path to profitable growth and near-term operating profitability as the company further cements its leadership in global SME markets.”

Jack Kudale, CEO and Founder, Cowbell

“Momentum and policyholder growth is strong, with record renewal retention. We just closed our largest quarter to-date on the strength of omnichannel distribution, and with a focus on servicing our broker partners and policyholders,” said Jack Kudale, Founder and CEO of Cowbell. “With this new investment, we will deepen our focus on serving our chosen markets in the US and UK. This milestone is a testament to our expertise, culture, and market leadership.”

Cowbell’s momentum demonstrates its ongoing commitment to closing the insurability gap, and dedication to evolving as its customers’ needs evolve. Cowbell has a diverse set of reinsurance partners, spanning over 20 prominent reinsurers globally. Its approach to assessing cyber risk and providing tailored, flexible coverage are the underpinnings of its industry leadership. The company has pushed its omnichannel strategy forward in 2023, which differentiates its distribution model from its closest competitors, bolstering its combined retail broker and embedded insurance channels by 14% in the last 12 months.

Consistent recognition validates the effectiveness of Cowbell’s approach. Cowbell Specialty Insurance Company (CSIC), Cowbell’s wholly owned subsidiary, has earned a Financial Stability Rating® (FSR) of A, Exceptional, from Demotech, Inc. Last quarter, CBInsights recognized Cowbell as one of the top 100 private fintech companies globally, and the only Cyber Insurance provider on its annual Fintech 100 list. Earlier this year, as a testament to Cowbell’s deep expertise in serving SME customers with cyber insurance coverage tailored to their needs, Amazon Web Services (AWS) named Cowbell to its Cyber Insurance Partner Initiative.

For more information about Cowbell, please visit https://cowbell.insure/.

About Cowbell

Cowbell is a pioneer of Adaptive Cyber Insurance, a leader in providing small and medium-sized enterprises (SMEs) coverage adaptable to today’s and tomorrow’s threats and the advanced warning of cyber risk exposures. In its unique AI-based approach in risk selection and pricing, Cowbell’s continuous underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue in less than 5 minutes. Cowbell is backed by over 20 prominent leading global (re)insurance partners and serves SMEs in 50 U.S. states, the District of Columbia and the United Kingdom. Founded in 2019, Cowbell is based in the San Francisco Bay Area with employees across the U.S., Canada, India, and the U.K. For more information, please visit https://cowbell.insure/.

 

About Prosperity7 Ventures

Prosperity7 Ventures is the diversified growth fund of Aramco Ventures, a subsidiary of Aramco, the world’s leading integrated energy and chemicals company. The fund’s name derives from “Prosperity Well,” the seventh oil well drilled in Saudi Arabia and the first to strike commercial oil, paving the way to prosperity. Bringing forward this pioneering history, Prosperity7 invests globally with a long-term view in breakthrough technologies and transformational business models that bring prosperity and positive impacts on a vast scale. Official website: https://www.prosperity7vc.com/

 

 

Cybersecurity, Public Sector, Tech, Tech Thought Leadership, Technology

Oldham Council highlights the cost and scale of cyber attacks

Written By James Blake, Field CISO EMEA at Cohesity

Oldham Council has reminded us of the constant fight against cyber attackers and the financial costs of doing so. The Council recently announced that it is spending £682,000 on computer upgrades after bosses said they were fighting off 10,000 cyber attacks a day. Most CISOs have an 80/20 budget split between likelihood and impact mitigations as Deloitte points out in a recent global Cybersecurity survey. This report says that only 11% of the budget go into incident response/disaster recovery and into infrastructure security. Rather than the illusion of total cyber security, the focus must shift to operational cyber resiliency where organisations can effectively respond to and withstand attacks. While preventative measures are important, they’re table stakes, not the winning hand, when an organisation is fighting cyber-compromises.

An abundance of technology and a lack of process

It is worth pondering for a moment on how organisations approach recovery after a ransomware attack. It’s disheartening how often the public hears about scenarios in which an organisation’s response to an imaginary ransomware attack is to try to use business continuity and disaster recovery processes and technologies built for the scenarios of weather, loss of power or misconfiguration. These traditional business continuity and disaster recovery scenarios are, simply put, not suitable for cyber scenarios, where technology recovery efforts are actively targeted. Instead, organisations need to recover to first investigate how the attack manifested itself and which vulnerabilities were exploited so they are remediated while bolstering defence. Then finally all malicious artefacts of the attack need to be removed from the recovered environment. It is only then that recovered systems can be brought back into production.

The traditional timeline to the Recovery Time Objectives are very different in cyber recovery. If you recover without first understanding how you were attacked, how defences were circumvented, closing down that attack surface and removing all traces of the attacker, the chances are you’ll continue to be impacted. I’ve witnessed first-hand efforts to move to recovery too early and the resulting elongated response cycle and continuing impact on operations. Back in the halcyon days of when CISOs only had to deal with three secondary impacts from incidents – reputational damage, litigation and regulatory fines – this kind of response strategy could be tolerated. But with ransomware and wiper attacks incidents now have a primary impact: the inability of an organisation to deliver its products and services.

Many organisations have an abundance of protective and detective security technology but a lack of process resulting in a low-level of operationalization and integration. This situation used to be tolerated when impacts were secondary losses. But now when an organisation faces primary losses that grow exponentially over time, there is a need to achieve resilience by empowering existing security solutions with better context of data and files while bringing together the traditional silos of the IT and security teams and technologies.

A data-centric focus on cyber resilience

To achieve this, the organisation should adopt a data-centric focus on cyber resilience, ensuring that data from an organisation’s diverse compute and storage environments is brought together providing the governance, detective, response and recovery capabilities needed to achieve a high level of resiliency.

This is logically sensible. After all, it is data that drives the business, data that adversaries want to steal, encrypt or wipe, and data that has compliance obligations. Set alongside this, the technology infrastructure is becoming a commodity with orchestration, cloud and virtualisation now readily accessible to help organisations manage and protect that data. Any approach to bring this data together and provide those governance, detective, response and recovery capabilities should do so in a manner that supports the wider security and IT ecosystem though integration and orchestration.

Being resilient means being able to withstand any and all possible threats: fire, flood, hurricane, misconfiguration, ransomware, wiper attack and many, many other potential eventualities. The ability to resume normal service with minimal impact and cost is critical.

Added benefits – practical and financial

Once an organisation decides it wants to take a data centric approach to cyber resilience, there are plenty of other benefits to be reaped beyond those just related to recovery from cyber-attack or downtime caused by other reasons.

Siloes are removed – creating a level playing field for those who need to access and use data, and supporting remote collaboration and storage optimization. Data can be made ready for more robust and fruitful search and use by AI and other tools:

Compliance is made easier because discovery can be streamlined.

Incident response and forensics and protection is made easier: diverse workloads can be addressed with the same teams and tooling whether it’s cloud, virtual, on-premise or hybrid; triage and investigation can be prioritised by the sensitive or regulated data discovered on systems by scanning inside the snapshots; incident timelines can be rebuilt using snapshots over time from compromised systems; and historical filesystems can be hunted for indicators of compromise.

Once these data-centric platforms are integrated into security operations, the improved effectiveness and efficiency of response and recovery delivers improved cyber resiliency.

Protection is made less complex too, as it is possible to clone production servers for restore, for breach and attack simulation work, penetration testing and for deception and vulnerability scanning. The ability to clone data allows for robust application security testing and development, using data sets which are as close to live as it gets without actually being live.

What all this boils down to is an approach which delivers resilience to traditional disaster recovery scenarios as well as cyber incidents and streamlined data management. It will by its very nature bring Cybersecurity and IT teams closer together, and may derive further, data-related benefits to the organisation. While it won’t get rid of all threats of cyber-attack, a resiliency-based approach should help organisations get back on their feet much faster if the worst happens.

AI, Cybersecurity, News, Technology

Cyber-Security, Artificial Intelligence Safety Concerns & Global Threats: Independent research reveals poor CEO grasp of the threats and critical need for investment

Report by OnePoll and Gemserv “Through the Cyber Lens: The Evolving Future of Cyber Security” available now

  • Major increase in cyberattacks from deep fake AI technologies expected… but leaders lack both understanding of threats and urgent need to invest in protection
  • 83% of respondents say generative AI* will head up future cyber-attacks – but only 16% think their organisations really understand what advanced AI tools can do

 Recent announcements by the UK Prime Minister and the impending gathering of international governments, and global organisations at the world’s first Global Artificial Intelligence (AI) Safety Summit at the Bletchley Park next week have brought AI and cyber security to the fore.

New and timely research by OnePoll and Gemserv, the leading cybersecurity consultancy, reveals that companies must upgrade their systems now as AI threatens to make cyber-attacks more sophisticated.

Knowledge and information gaps are emerging as critical challenges, particularly for Chief Information Security Officers (CISOs), as the cyber threat landscape is expected to become increasingly volatile, further exacerbated by this year’s geopolitical tensions.

In their report titled Through the Cyber Lens: The Evolving Future of Cyber Security“, the study surveys 200 CISOs across the United Kingdom and Europe, assessing the readiness of CISOs to confront their evolving challenges, particularly those stemming from the rise of AI innovation, while also exploring their expectations for the future.

 

Generative AI and Emerging Threats: The Perilous Path Ahead

The survey reveals that 38% of respondents anticipate a significant increase in cyberattacks utilising deep fake AI technologies over the next five years, with an additional 45% expecting a moderate rise. In total, a striking 83% of respondents believe that generative AI will play a more prominent role in cyberattacks. However, a mere 16% of respondents consider their organisations to have an excellent understanding of these advanced AI tools.

Mandeep Thandi, Director of Cyber and Privacy at Gemserv, commented on the research findings: “As the AI revolution transforms the landscape of cybersecurity, CISOs stand at the forefront of this change. AI is reshaping the contours of cyber defence by augmenting human capabilities, predicting threats, and fortifying organisations against the volatile cyber threat landscape.”

 

A New Barrage of challenges: Preparing for Emerging Threats & The Need for Vigilance

The ever-evolving cyber threat landscape presents CISOs with the formidable challenge of predicting and preparing for attacks. Information and budgetary resources are essential for adequate preparation. However, the survey reveals concerning statistics:

  • 69% of organisations lack access to either SIEM tooling or cyber threat intelligence, with 8% having neither.
  • 78% of CISOs believe the cyber threat landscape will become more complex and challenging over the next 12 months.
  • A significant 83% of CISOs expect to see more cyber-attacks using generative AI tools.

In this environment of uncertainty, CISOs face challenges in securing adequate budgets, making informed decisions, and recruiting and retaining the right talent. These hurdles underscore the urgency of investing in cybersecurity resources, including robust cyber threat intelligence, as a proactive measure to combat evolving threats.

When it comes to advising key stakeholders within their organisations, the research reveals that 63% of CISOs feel that their senior leadership lacks a comprehensive understanding of the imminent cybersecurity and privacy threats. Moreover, 69% of European CISOs and 61% of UK CISOs report a deficiency in cyber threat intelligence (CTI), hindering their ability to prioritise budgets and inform their boards about impending threats.

Mandeep Thandi emphasised the importance of CTI, stating, “CTI is vital for organisations as it provides proactive insights into potential cyber threats, enabling timely identification, risk assessment, and tailored defence strategies. It empowers organisations to stay ahead of adversaries, enhance incident response, and continuously improve their cybersecurity posture in the face of evolving cyber risk.”

 

New Regulations: A Ray of Regulatory Hope

Amidst these challenges, new regulations are on the horizon. The European Union’s (EU) AI Act and the UK’s Data Protection and Digital Information (DPDI) Bill are set to reshape the regulatory landscape. These regulations aim to clarify, manage risks, and strengthen rules around data quality, transparency, human oversight, and accountability.

A notable 82% of CISOs believe these new regulations will support their organisations’ growth and expansion of services. The EU’s AI Act, in particular, distinguishes between high-risk and low-risk AI tools, ensuring that organisations maintain high standards of transparency and security.

 

A Call for Resources and Resilience

In conclusion, the survey offers a sobering glimpse into the world of CISOs tasked with safeguarding digital landscapes amidst a barrage of challenges. While CISOs demonstrate unwavering resilience, the need for additional resources and support is palpable. Budget constraints, talent shortages, communication gaps, and evolving cyber threats underscore the urgency of fortifying cybersecurity efforts.

The cybersecurity landscape is ever-changing, and as threats evolve, so must our commitment to equipping CISOs with the resources they need to protect our digital future.

For more information and detailed insights, please refer to the full Gemserv survey report.