Tag Archives: Cybersecurity

Technology

BlueVoyant Research Illuminates Latest Cyber Attack Techniques and Best Defence Practices

The most recent cyber criminal tactics include using generative AI for phishing, online advertisements as an attack vector, and continued quicker exploitation of new vulnerabilities 

BlueVoyant, a cybersecurity company that illuminates, validates, and remediates internal and external risks today released the findings of its second external cyber defence trends report, which highlights the new risks organisations face from outside the traditional IT perimeters. 

“Organisations’ attack surfaces are ever expanding, and cyber threat actors are adapting their strategies to exploit new avenues of vulnerabilities,” said Joel Molinoff, BlueVoyant’s global head of supply chain defence. “BlueVoyant undertook this research to shine a light on the attack vectors organisations need to be aware of and recommended actions to help prevent the latest threats.” 

 Artificial Intelligence (AI) is transforming how enterprises do business with the ability to generate content efficiently. Cyber criminals are also capitalising on AI to create more effective phishing campaigns. 

 “The biggest cybersecurity risk from the increasing use of AI tools is an escalated volume of attacks,” said Ron Feler, BlueVoyant’s global head of threat intelligence. “While the essentials of the attacks don’t change, the increased number and diversity of attacks make defenders’ jobs more challenging.” 

 The report’s key findings focus on: 

  • Online Ads as an Attack Vector: BlueVoyant’s threat intelligence has observed threat actors using search engine ads as phishing distribution vectors to lure unsuspecting victims to malicious websites impersonating large financial institutions in the United States, United Kingdom, and Eastern Europe.  
  • Cyber Criminals’ Use of AI: While AI does not fundamentally change the way threat actors levy attacks, security teams should be aware of how their adversaries are using it to streamline their workflow and make brand abuse easier. 
  • The Need for Better Email Security: Many organisations are not enabling all key components that secure the authenticity and integrity of the messages, which could leave them susceptible to email-based threats. 
  • The Continued Need to Patch Quicker: In the first report, BlueVoyant found that organisations were often slow to patch systems even as attackers were exploiting new vulnerabilities faster. Now, the exploitation of vulnerabilities is happening even faster, prompting a high-stakes race between threat actors and defenders after a disclosure. 

 The research was completed using trend data queries from BlueVoyant’s Supply Chain Defence and Digital Risk Protection solutions. 

 Supply Chain Defence  is a fully-managed solution that continuously monitors clients’ vendors, suppliers, and other third parties for any vulnerabilities, and then works with those third parties to quickly resolve issues. The platform identifies enterprises’ internet-facing software vulnerabilities and other exploitable opportunities with techniques similar to those used by external cyber attackers while profiling prospective targets. 

 Digital Risk Protection goes outside the wire to find threats against clients, employees and business partners on the clear, deep, and dark web, plus instant messaging applications. The platform has unique access to DNS data sets and cyber crime channels to find the latest cyber attacker techniques, tactics, and procedures, and to provide unlimited external remediation to help prevent financial loss and reputation damage.  

 Learn more about external threats and how to reduce risk in the BlueVoyant research report: “External Cyber Defence Trends.

Tech, Technology

How Telecommunications Providers Can Best Tackle DDoS Attacks

Written by Terry Young, Director of Service Provider Product Marketing, A10 Networks

The UK’s 2023 National Risk Register, published by the government in the summer, highlights the increasing cyberthreat posed to telecommunications providers who are a vital part of the communications critical national infrastructure (CNI) sector. The report lays out the volatile landscape these providers operate in and the government’s acknowledgement of the seriousness of cyber threats to telecommunications infrastructure. It also details the difficulty in implementing the Telecommunications (Security) Act 2021, which establishes guidelines for telcos to follow.

The risk register reinforces the need for telcos to strengthen their overall security posture and improve resilience against service-impacting attacks, such as DDoS attacks. The good news is that we have seen communication service providers (CSPs) responding to these higher threats and tighter compliance requirements. Our 2023 research, which surveyed 2,750 senior IT professionals in CSPs, suggests that they are investing in enhancing their network security to counter increasingly sophisticated cyber threats such as DDoS attacks.

Adopting a defence-in-depth approach

Over the last two years, CSPs have made significant progress in upgrading their cyber defences. In our inaugural CSP 2021 study, we found the highest priority security investments were for more basic security upgrades such as firewalls. This year, however, while firewall upgrades were still the highest priority, we found respondents aiming for a more mature, multi-layered, and defence-in-depth approach to security.

With 68% of all 2023 respondents expecting network traffic volumes to increase by over 50% in the next two-three years, firewalls and other security appliances must be routinely upgraded just to handle the increased traffic volume. Despite this, the percentage prioritising firewalls dropped from 48% in 2021 to 28% in 2023.

The growing importance of DDoS detection and monitoring

Other investments deemed nearly as important as firewalls were DDoS detection and monitoring, automation of security policies, investment in ransomware and malware protection services, and threat intelligence. Respondents also indicated interest in simplifying and integrating disparate point solutions.

This all points to a higher focus on security investments overall and a greater focus on capabilities that enable a more proactive approach rather than reactive response, such as DDoS detection (now the second highest priority) versus reactive DDoS attack mitigation (the least important priority) in the 2023 survey.

Additionally, with telecommunications considered a critical infrastructure, telecommunications organisations have a unique responsibility to protect the availability of their networks, data, and services. With two-thirds of respondents planning to extend their networks to unserved and underserved communities, protection of network availability and subscriber privacy is critical to their ongoing success.

This is an increasingly complex task as traffic volumes surge, and they build out to more remote and vulnerable communities. To achieve this, we recommend telecommunications providers should follow the below key steps:

  • Prioritise security investments to protect all domains. This includes the network itself, customer databases, customer facing services such as websites, and internal IT systems. Many DDoS attacks and security breaches in CSPs are targeting customer proprietary data.
  • Replace legacy DDoS defence systems and deploy new technologies that enable more granular detection using AI, machine learning, threat intelligence, and other capabilities that match the increasing sophistication of attacks.
  • Leverage automation to simplify management, improve control over network resources, and guarantee uptime.

Intelligent and automated DDoS protection solutions

DDoS protection is clearly a critical part of CSPs’ infrastructure but, while they need to stop malicious traffic, they need to do this without disrupting legitimate traffic. This is where intelligent and automated DDoS protection solutions that provide scalable, economical, precise and intelligent capabilities are important in order to help CSPs ensure optimal user and subscriber experiences. CSPs should be using solutions that efficiently identify abnormal traffic, automatically and intelligently mitigate the identified inbound DDoS attack, and provide a centralised point of control for seamless DDoS defence execution.​

So, what should telecommunications companies look out for to prevent a DDoS attack?

  • A sudden and/or unexpected increase in traffic. Though there are legitimate reasons to receive more traffic, a sudden increase should be checked.
  • System slowness or non-response. Websites can load slowly, or not at all, for many reasons—this doesn’t mean a DDoS attack is in progress, but it should be investigated.
  • Unusual traffic patterns. For example, when current traffic deviates from normal traffic patterns, such as inconsistent traffic with a typical user base, and receiving traffic at unusual hours.
  • Increase in traffic to a single endpoint. This is when part of your system, such as a specific URL, suddenly receives a high amount of traffic compared to others.
  • A high volume of traffic from a single IP or small range of IPs. This indicates that these addresses could be part of a larger botnet.

A market expected to reach $7.45 billion by 2030

Recent research emphasises the significant impact of DDoS attacks, with the latest data indicating a 200% increase in DDoS attacks in the first half of 2023. The research showed telecommunications companies experienced the most attacks, accounting for roughly half the overall attack volume. This is one reason why the global DDoS protection and mitigation market is expected to reach $7.45 billion by 2030.

As we look to 2024, the telecommunications industry will continue to focus on technologies such as cloud computing, standalone 5G, AI, and the Internet of Things (IoT) to offer better speed, scalability, and innovation. To support those new technologies, telecommunications providers will also need to continue to shore up their cybersecurity architectures and, while our research shows that progress has been made, there needs to be more of a focus on a layered and defence-in-depth approach, particularly where DDoS attacks are concerned.

Technology

New report reveals that 94% of global organizations have experienced email security incidents last year

  • Email security risks remain high with 94% of organizations experiencing incidents in the past 12 months.
  • 96% of organizations that experienced phishing attacks were negatively impacted, up from 86% last year.
  • Most cybersecurity leaders are stressed about email security, and 61% are kept awake at night by the use of AI in phishing.
  • Alarmingly, data loss and exfiltration incidents were experienced by 91% of respondents.

Leading cybersecurity company Egress today releases its second Email Security Risk Report. The report lays bare the attitudes and approaches to email security, the evolution of risks, and the impact of incidents. In the 2024 Email Security Risk Report, alongside expert commentary, a comparison of 2023’s results offers insight into how 500 Cybersecurity leaders view the threat landscape, including how they remain vulnerable to both inbound phishing attacks and outbound data loss and exfiltration, and how they continue to question the effectiveness of traditional approaches to email security.

The report contains new data on phishing attacks, data loss prevention, and concerns about technical defenses’ ability to detect and prevent advanced threats within Microsoft 365 environments.

Jack Chapman, VP of Threat Intelligence at Egress, comments:

“The 2024 Email Security Risk Report is an essential read for all cybersecurity professionals and ultimately a tool to help teams assess their inbound and outbound defenses.

“What has been staggering is the emergence of trends alongside the 2023 edition of the Email Security Risk Report; for example, 94% of respondents fell victim to phishing attacks, up 2% from the previous year. Organizations continue to face vulnerabilities when it comes to advanced phishing attacks, human error, and data exfiltration, and analyzing emerging trends will be key to bolstering defenses.

“The report also highlights how Cybersecurity leaders know that they’re vulnerable when it comes to phishing attacks. 58% of organizations have experienced account takeover incidents in the last 12 months, and 79% of these started with a phishing email that harvested an employee’s credentials, so it’s no wonder that phishing attacks and compromised accounts are causing concern for our Cybersecurity leaders.

“The use of AI by cybercriminals is also at the front of our leaders’ minds, and rightly so. While it’s currently impossible to actually prove chatbots are being used to create phishing attacks, cybercriminals generally take every advantage they can get. Organizations can’t afford to be left behind but must ensure their defenses keep pace with cybercriminals’ methodology and the resulting attacks.

“The stats in this latest report are truly staggering; 94% of companies have experienced security incidents in the last 12 months, and 95% of cybersecurity leaders are stressed about email security. Organizations urgently need to adapt their approach, or risk finding themselves in the same position next year.”

Email Security Risk Remains High

The Egress Email Security Risk Report 2024 has revealed that 94% of respondents fell victim to phishing attacks, up 2% from the previous year. Inbound email incidents primarily took the form of malicious URLs, attacks sent from a compromised account, and malware or ransomware attachments.

Looking towards outbound email incidents, 91% of organizations experienced data loss and exfiltration due to reckless behavior to ‘get the job done’, human error or malicious exfiltration amongst other contributing factors.

  • 94% of organizations were victims of phishing attacks
  • 96% of organizations were negatively impacted by phishing attacks
  • 94% of organizations were negatively impacted by outbound email security incidents
  • 79% of organizations were victims of account takeover attacks which started with a phishing email
  • 61% of cybersecurity leaders say the use of chatbots in phishing keeps them awake at night

Employees face the consequences for email security incidents

The impact of an email security incident can be severe for employees and their organizations. 96% of surveyed organizations experienced negative impacts from phishing attacks, which is a jump of 10% versus last year’s report (when the number sat at 86%). Findings from the Email Security Risk Report show that leaders are taking a tough stance with employees caught by phishing attacks with negative outcomes for the people involved happening in 74% of companies. In particular, the report revealed the way organizations responded, with:

  • 51% of employees caught in phishing attacks disciplined
  • 39% of employees caught in phishing attacks fired
  • 27% of employees caught in phishing attacks voluntarily leaving their roles

Looking at outbound threats, a similar picture is seen with 94% of the surveyed organizations reported being adversely affected, which is an increase of 8% from last year’s report. In outbound email incidents, 67% of people were disciplined, let go, or chose to leave the organization. Employees being disciplined was the most common outcome, seen in 51% of organizations.

It is evident from the report’s data that email security incidents continue to have far-reaching impacts for organizations, with financial loss from customer churn and reputational damage topping the organizational costs in both inbound and outbound incidents. Organizations should provide the right technology to their teams to detect advanced threats and SAT programs that genuinely increases their understanding of real threats going forwards.

AI is a growing concern for cyber risk

AI continues to be one of the industry’s biggest talking points, and our Cybersecurity leaders are savvy to the effect new tools, large language models, and generative AI could have on phishing attacks. 63% are being kept awake at night by deepfakes, and 61% by AI chatbots being utilized to create efficient phishing campaigns. This trend is expected to continue into 2024 and beyond, with organizations being encouraged to continuously review their defences.

Through stolen Microsoft credentials threat actors can gain access to the kingdom

Microsoft credentials are synonymous with being ‘the keys to the kingdom’, giving cybercriminals the power to move laterally across systems and networks to exfiltrate data and access email accounts to target customers and suppliers with further attacks.

Findings from the report show that account takeover attacks (ATOs) are a significant concern for Cybersecurity leaders as 58% of organizations experienced account takeover incidents. Of these:

  • 79% began with a phishing email harvesting an employee’s credentials
  • 83% saw multi-factor authentication bypassed before proceeding with the account takeover

Additionally, over half (51%) of organizations fell victim to phishing attacks sent from compromised accounts within their supply chain in the last 12 months. Utilizing a trusted domain helps enable attacks to get through traditional perimeter defenses and people are less suspicious of emails sent from addresses they recognize. Cybersecurity leaders are well-aware of their vulnerability, with supply chain compromise and ATO their top sources of stress.

Cybersecurity leaders question the value of their SEGs

Many of the email security features Microsoft 365 offers overlap with the functionality available in SEGs, leaving organization to question their tech stack. Of those who use a SEG, 91% expressed frustration with it, and 87% are considering replacing their SEG or have already done so. As organizations adopt native controls in favor of SEGs, they are still left vulnerable to the advanced phishing attacks that can bypass signature-based and reputation-based detection, as well as employees’ behaviors that lead to outbound incidents, such as human error.

Combining Microsoft’s controls and integrated cloud email security (ICES) solutions covers the full spectrum of inbound and outbound email security incidents, so it’s little surprise that a large portion of organizations are weighing up their options.

Training is considered a checkbox requirement

According to the findings from the report, email security risks remain a top concern for organizations with 94% having experienced security incidents over the past year. Despite this, according to the majority of respondents, training is provided only to meet compliance requirements with 88% acknowledging that they are doing SAT for compliance purposes.

If training is engaging, in bite-size modules and relevant to the employee’s tasks, it should be an enriching activity with real-time teachable moments throughout their workday, but Cybersecurity leaders are currently worried that employees skip through training as quickly as possible and that they find training annoying.

With this in mind, it is no wonder that 91% of Cybersecurity leaders have doubts about the effectiveness of traditional training, and making the training tailored to teams or individuals isn’t being offered commonly:

  • Only 19% of organizations deliver SAT that reflects on the department or team that employees work in
  • Just 9% of organizations tailor training to the individual employee.

The ramifications of this are significant for both employees and their organizations as quality learning can turn a company’s biggest risk into one of their strongest defences – their people.

For more information or to access the full report, please visit https://pages.egress.com/whitepaper-email-risk-report-01-24.html and https://www.egress.com/blog/company-news/stats-from-the-email-security-risk-report

Technology

Egress experts share predictions for cybersecurity in 2024

2023 has been a ground-breaking year for cybersecurity advancements and attacks, with new developments making headlines globally.

Experts from threat intelligence, product management, and customer services at Egress share their predictions for what’s to come in 2024 in this dynamic landscape.

 

Steve Malone, VP of Product Management:

Two pints please. That will be £25,000.

“QR codes took off as the pandemic swept the globe, but I predict that QR codes will disappear from pub and restaurant tables as more people scan and get scammed.

“As with any convenience tool, attackers have already started to use QR codes in phishing campaigns to evade traditional defenses. But walk into any bar and you’ll find a QR code on the table – what better way to harvest credit card details than through using a fake QR code!”

Rise of the machines

“AI, one of the venerable buzzword acronyms beloved by technology vendors, has finally come into the spotlight. With more and more technology products offering a “co-pilot” AI assistant, I expect that poisoning or take-over of AI tools will lead to breach, compromise and manipulation of users.

“In fact, AI has already wormed its way into CISOs brains; our 2023 Email Risk Report showed 72% of cybersecurity leaders are worried about the use of chatbots to improve phishing attacks. For 2024, it’s bound to be a prominent force.”

Email is dead! Long live email!

“Collaboration tools such as Teams and Slack are now gaining ground in corporate communications, driven mainly by the ability to communicate externally.

“However, as more corporate communication moves to these platforms, organizations will see more issues relating to communication style and tone. For the most part, email is used with a business tone, and most users now understand that they’re “doing business” when they send business email.

“Cut to a Teams or Slack chat though and style becomes colloquial, immediate, abbreviated and in many cases, not business appropriate.

“Email will remain the medium of choice for business communication in industries where regulation and control is key. I predict that collaboration will over-run the rest of the world and the floodgates of socially-engineered attacks will migrate from email to collaboration.”

 

Sudeep Venkatesh, Chief Customer Officer:

More interoperability and fewer silos

“The cybersecurity space has thousands of software vendors that solve specific problems with point solutions. Our customers are faced with the problem of owning dozens of solutions that do not talk to each other and this leads to management overheads and loss of productivity.

“My first prediction for 2024 is that customers will demand greater interoperability between their cybersecurity vendors which will help them enhance their security postures and reduce costs.”

Faster and more efficient time to value

“A customer’s buyer’s remorse is strongest when they have just signed a software contract and move into the implementation phase. This opens up a phenomenal opportunity for software vendors to offer a smooth deployment and get the customer realizing value in their investment ASAP.

“The trust built in the implementation phase is often rewarded with strong advocates and long-term loyalty. On the contrary, the seeds of almost all churn are sown during deployment!”

Obsessing with showing value

“The clock in Software As a Service (SaaS) is always ticking!

“Customers make significant investments in cybersecurity software to protect against ever evolving threats. Along with providing customers with the best protection possible, vendors need to obsess about showing value to customers. Every interaction with a customer including high touch QBRs, digital communications and analytics portals needs to focus on how you are better improving their security posture. Otherwise, customers battling cyber threats on multiple fronts will quickly move onto other priorities.”

 

Jack Chapman, VP of Threat Intelligence

Faster, harder and more targeted

“Moving from 2023 to 2024, a key trend is automation behind cyberattacks and more importantly how attackers can combine and automate across multiple steps of the traditional kill chain. This unfortunately will continue to expand; I expect it will go as far as automatically creating or selecting templated phishing attacks tailored to a user’s OSINT information, sending the attack, requesting and validating the MFA and validating the compromise to perform follow-up attacks.

“The reduction in attacker participation allows for more sophisticated targeted attacks, without the threat actor spending time, money or effort, and ultimately raising the average bar of successful attacks.”

Security of AI coming to the forefront

“We often talk about attackers weaponizing the use of AI, which is certainly coming! Whether it be utilizing LLM’s or automating the generation of A/B testing specific features within phishing emails and broader cyber-attacks. However, an area which is overlooked often, is targeting the AI systems which are in place to protect organizations themselves.

“Although these systems are an asset to improve the technology controls protecting organizations, attackers have realized the opportunity here. Why combat the technology if you can teach it that all of your attacks are “safe”?!

“This is an evolution from obfuscation-based attacks which target the technology directly; now attackers can target the technology and the machine learning behind it.”

New barrage of supply chain threats

“Over the past few years, we have seen the evolution of attackers utilizing compromised business accounts to target new and unexpecting victims, effectively bypassing authentication and trust-based protection systems.

“In 2024 I predict that this will follow on to the next effective method at a new scale and challenge, using the compromised accounts of those who are already known to an organization and its users. At Egress, we have already seen a sharp rise in the latter half of 2023, but it’s expected to grow drastically in 2024.

“For a threat actor, this has so many appealing features: a ready-made list of potential targets, far higher success rates than your run-of-the-mill compromised attack, and an easier path into more secure but appealing organizations which may be too tough to target directly. This is going to be a big trend for 2024.”

 

James Dyer, Threat Intelligence Lead:

Multi-channel attacks on the rise

“Cyberattacks are becoming increasingly sophisticated, but they’re also utilizing multiple channels to attempt to add legitimacy. Victims may receive a QR code in an email, and then a follow-up SMS text, replicating multi-channel methods seen commonly in marketing, and even multi-factor authentication.

“In 2024, I can only see this trend growing. And with messaging apps like WhatsApp and Signal having less security systems than email, I predict more channels will be targeted.”

AI becomes a threat actor’s best friend

“We’re seeing more and more advanced phishing attacks, with increasingly detailed and accurate information that is harvested with the help of AI. Cybercriminals will be using open-source intelligence (OSINT) to create plausible backstories by scraping social media profiles in less than a second, or asking ChatGPT to write the most persuasive messages, and even utilize AI software to help create payloads and speed up delivery.

“As AI is added to a threat actor’s arsenal, I hope 2024 brings more governance around these tools and the ethical use of AI software.”

AI systems targeted creatively

“As AI advances, threat actors are becoming creative with their attacks to make it tough for Natual Language Processing (NLP) and linguistic checks to locate malicious wording within emails. I predict that we’ll see more invisible characters, lookalike characters and use of images to avoid scannable words which NLP would traditionally pick up.

“Along a similar vein, we’ll probably see a spike in password-restricted payloads where the payload is hidden initially as well as more attacks coming through encrypted emails which security solutions cannot scan.”

 

About Egress

As advanced persistent threats continue to evolve, we recognize that people are the biggest risk to organizations’ security and are most vulnerable when using email.

Egress is the only cloud email security platform to continuously assess human risk and dynamically adapt policy controls, preparing customers to defend against advanced phishing attacks and outbound data breaches before they happen. Leveraging contextual machine learning and neural networks, with seamless integration using cloud-native API architecture, Egress provides enhanced email protection, deep visibility into human risk, and instant time to value. Trusted by the world’s biggest brands, Egress is private equity backed with offices in London, Sheffield, Cheltenham, New York, Boston, and Toronto.

News, Tech

NormCyber becomes first European Fortinet partner to attain SOC accreditation

NormCyber, the award-winning managed security service provider for mid-sized organisations, today announced that it has achieved Security Operations, Operational Technology (OT), and Cloud Security specialisations as part of the Fortinet Engage Partner Programme.

NormCyber is the first MSSP in Europe and only one in six firms across the wider EMEA region to achieve all three specialisations, demonstrating its commitment to helping midmarket organisations bolster their cyber resilience with state-of-the-art tools and practices.

A Fortinet partner since 2019, NormCyber has undergone rigorous sales training and multiple technical exams to achieve Advanced status in all three specialisations, proving its ability to deliver the full spectrum of Fortinet’s security solutions with certified staff to handle various implementation requirements.

With the Security Operations Specialisation, NormCyber is able to demonstrate its deep technical understanding and expertise when it comes to the delivery and operation of Fortinet’s security information and event management (SIEM), security orchestration, automation and response (SOAR) and endpoint detection response (EDR) in the SOC, along with deeper understanding of advanced analytics. Through this, NormCyber can manage security operations in a more efficient way on behalf of customers, allowing for response in near-real time.

To achieve the Operational Technology Specialisation, NormCyber’s sales and technical teams have demonstrated both a deep understanding of OT best practices and requirements as well as experience of deploying IT and OT security solutions. NormCyber can now help Fortinet customers secure their converged IT-OT networks to close OT security gaps, as well as provide the visibility, control and behavioural analytics they require.

For the Cloud Security Specialisation, NormCyber has demonstrated its proficiency in managing Fortinet’s portfolio of solutions, helping organisations to securely deploy on any cloud or virtual data centre with consistent policies, centralised management and visibility, security automation and orchestration. NormCyber can help customers better secure their cloud environments, with advanced application and API protection, hybrid security and cloud-native protection.
In a fast-moving industry, specialisations focused on market opportunities enabled by the Fortinet Engage Partner Programme help partners to be recognised and valued by current and potential customers as trusted partners which have the expertise, services and technologies they need to fulfil their business needs.

“Today, with mid-sized organisations facing a complex web of cyber security risks and an overwhelming choice for tools, NormCyber prides itself in standing out in the midmarket with its clear and straightforward approach, and with its commitment to partnering with best-of-breed solution providers,” said Paul Cragg, CTO at NormCyber. “Fortinet’s solutions fit perfectly into our strategy and so we take great pride in being the first cyber security services provider in Europe to achieve this hat-trick of specialisations, particularly as it speaks to our SOC team’s strengths.”

“Fortinet has developed a very strong relationship with NormCyber since the moment we started working together back in 2019”, said Guillaume Schlienger, EMEA MSSP Security Operations Leader at Fortinet. “Their flexible and customer centric approach to solving the complex cyber security challenges that mid-sized organisations face has enabled them to grow exponentially as a Fortinet partner, and we were delighted to recognise them as our first partner in Europe to achieve these specialisations.”

News

SentinelOne and KPMG announce alliance to accelerate cyber investigations and response

SentinelOne, an autonomous cyber security platform company, today announced an alliance with KPMG LLP, the audit, tax and advisory firm, to accelerate investigations and response to cyberattacks.

“Our customers are global in nature and find themselves rethinking cyber security,” said David Nides, KPMG Principal and National Cyber Threat Management Services Co-Leader. “The future of cyber security is autonomous, and SentinelOne, coupled with the industry experience of KPMG, helps prepare enterprises for tomorrow’s threat landscape. SentinelOne Singularity XDR can help our customers respond to incidents as well as collaborate on preventive services.”

Cyberattacks are a daily occurrence for enterprises in every geography and sector. Together, KPMG cyber response services and SentinelOne Singularity XDR can help organisations gain visibility, protection, and response against advanced threats to mitigate risk. Today’s threat landscape targets the modern enterprise perimeter, spanning endpoints, clouds, and identities. With KPMG and SentinelOne, enterprises are more protected against the loss of intellectual property, customer data, and other sensitive information that can cause financial and reputational damage.

“The KPMG and SentinelOne alliance helps provide integrated support to our clients. This is critical during an incident related deployment, and a term benefit that assists our clients in making the most of a cyber security investment,” said Jonathan Fairtlough, KPMG Principal, Cyber Threat Management Services.

“Our experience with KPMG and SentinelOne has resulted in a whole new cyber security posture,” said Michael Labate, Director of Global IT, The Middleby Corporation. “Combining the industry’s most autonomous cyber security technology with the tested and tenured cyber security expertise helps scale our security operations as well as bring cyber security assurance to our executives.”

For enterprises that have previously fallen victim to an attack, the KPMG Digital Responder (KDR) integrates with Singularity XDR’s data ingest, helping enterprises rapidly ingest and correlate data so incident response teams can go back in time and perform true enterprise forensics and understand the root cause of attacks. The alliance empowers enterprises to contain breaches, remediate impacted assets, and return to productivity in a rapid and complete fashion.

“The KPMG cyber team is consistently on the front lines of the most critical breaches of today, many of which compromise identity access, penetrate cloud instances and endpoints, and exfiltrate data,” said Jared Phipps, SVP, Americas Sales and Solution Engineering, SentinelOne. “Our technology provides the backbone to deliver best-in-class incident response at speed and scale as well as proactive cyber security readiness services. Together, KPMG and SentinelOne help the world’s leading enterprises reduce risk and stay protected.”

To learn more about SentinelOne’s alliance with KPMG visit https://www.sentinelone.com/partners/cyber-risk-partners/.

News

Manchester-based M247 bolsters senior team with trio of hires

Global connectivity and cloud services provider M247 has continued its run of strategic senior hires, appointing three new product managers.

Ashley Davies joins the Manchester-based business as cloud product manager; Liz Hawke has been appointed product manager for unified communications and collaboration (UC&C); and Robert Smith joins as product manager for cyber security.

Formerly cloud services director at THG Ingenuity, Ashley Davies has a track record of successfully leading product teams and transforming the way end users move from virtualised on-premise environments to automated cloud operating models. He will be responsible for commercial and technical ownership of M247’s flagship cloud product line, as well as full partner landscape management, to further M247’s strategic ambitions.

Liz Hawke joins the business from Gamma, the unified communications ‘as a service’ business, where she was direct product manager for over five years. Liz will lead on UC&C and develop M247’s workplace offering, as the communications needs of businesses evolve.

Robert Smith completes the current wave of senior hires, as product manager for cybersecurity. Prior to joining M247, Robert was networking and cyber security product manager at Maintel. With 25 years’ experience, Robert has a stellar track record of defining product strategy, overseeing product launches and delivering service improvement plans across a broad portfolio of services.

Darryl Edwards, CEO of M247, commented on the appointments: “I am delighted to welcome Ashley, Liz and Robert to the M247 product team teams. With ambitious plans for the business in 2023, the addition of three new Product Leaders, each with their own invaluable experience and expertise, will no doubt be instrumental to supporting the next step of our growth journey.”

News

SentinelOne announces executive appointments and promotions amidst rapid growth

SentinelOne, an autonomous cybersecurity platform company, has announced key executive appointments and promotions that will fuel the growth of its best-in-class cybersecurity platform and scale forward its go-to-market operations. Mitra Mahdavian has been appointed to SVP, Business Transformation; Bryan Gale has been appointed to VP, Product Marketing; Rajiv Taori has been appointed to GM, Dataset; Eric Tinker has been appointed to VP, Renewals; and Joni Tsumas has been appointed to VP, Global Accounts & Programs.

In addition, Jared Phipps has been promoted to SVP, Americas Sales and Solution Engineering and Daniel Kollberg has been promoted to SVP, EMEA Sales and Solutions Engineering. The appointments and promotions are a testament to the company’s commitment to deliver best-in-class XDR protection built for the new cyber security paradigm.

“At SentinelOne, we are on a mission to deliver real-time, autonomous cyber security at scale,” said Tomer Weingarten, CEO, SentinelOne. “The recent appointments and promotions will play an important role in enabling us to continue to stand out from the crowd and deliver cutting edge protection and innovation to our global customers as we deliver the most advanced enterprise security platform with trust and integrity. Their talent and relentless drive will enable us to do what no other company has done before in record time – give enterprises the advantage over tomorrow.”

Mrs. Mahdavian is a seasoned business leader with a proven track record of driving strategic growth. Mahdavian joins SentinelOne after over a decade at McKinsey & Co., where she was a partner and a leader in McKinsey’s Technology, Marketing and Sales practices, with clients including $50B+ software and hardware providers, global technology infrastructure organisations and multiple growth stage SaaS companies. As SVP of Business Transformation, Mahdavian will drive strategic initiatives, business intelligence and monetisation strategies.
Mr. Gale has over 20 years of experience driving product innovation across the cyber security industry in both marketing and product leadership roles. Prior to SentinelOne, Gale was the Global VP of Product Marketing at CrowdStrike, where he hired and built a marketing organisation spanning product, technical and competitive marketing as well as analyst relations. Before CrowdStrike, Gale was Chief Product Officer at Automox and Chief Product Officer at CyberGRX. As VP of Product Marketing, Gale will lead the go-to-market strategy for the Singularity platform.

Mr. Taori is a proven business leader with a 20-year track record of building businesses, establishing market leadership positions and creating successful products. Taori joins SentinelOne from Amazon Web Services, where he was Product Leader responsible for OpenSearch analytics, search, observability and security offerings. As GM of DataSet, Taori will be responsible for defining the strategic vision, operations and go-to-market execution for SentinelOne DataSet.

Mr. Tinker has more than 25 years of experience leading renewals and driving customer success across technology organisations. Prior to SentinelOne, Tinker was SVP of Global Renewal Sales and Operations, Acceleration Sales GTM at Riverbed Technology, where he led a global team responsible for over 55% of Riverbed’s total revenue. As VP of Global Renewals, Tinker will scale the global renewals organisation leveraging a standard enablement approach to increase bookings, net revenue retention and maximise gross revenue retention.

Mrs. Tsumas brings over 20 years of experience leading sales and strategic growth across high-tech companies. Tsumas joins SentinelOne from Cohesity, where she was VP of Sales, US Strategic & Enterprise. Prior to Cohesity, Tsumas held positions at VMware, NetApp and Cisco. As VP of Global Accounts & Programs, Tsumas will be responsible for leading and developing strategies that enhance customer experience across SentinelOne’s largest customers and prospects.

Appointments, News

Chris Dunning-Walton welcomed to Six Degrees’ advisory team

Six Degrees welcomes Chris Dunning-Walton to its advisory team, as the company strikes new ground in the cyber security landscape.

Six Degrees has appointed Chris Dunning-Walton to its advisory team. Chris joined the Six Degrees advisory team on 1st January 2023.

​​Chris is currently CEO and Managing Partner of Sentients, a boutique international executive search firm that focuses on placing Chief Information Security Officers (CISOs) and other cyber leaders with FTSE 250 enterprises. He is also CEO of InfoSec People Ltd, a multi-award-winning cyber security recruitment consultancy, and the founder and director of CyNam, the UK’s largest Cyber Cluster focused on cyber tech industry development, innovation, and inclusive talent enablement in Cheltenham and Gloucestershire.
Chris has worked with a number of premier brands including Admiral Insurance, Dixons, Carphone Warehouse, Aviva, The Economist, Vitality, BAE, BT Deloitte, and KPMG.

Chris said: “Cyber threats present as the world’s top business risk. It’s important that businesses develop strategies that not only seek to improve their cyber security postures, but also their cyber resilience: how technology and processes enable the business to respond when incidents arise. What drew me towards Six Degrees was their exceptional people and portfolio of services, fronted by expertise in hybrid cloud technology and with security at the core of everything they do. I am excited to be working closely with the leadership team of a great business which is committed to enabling its clients to not only survive – but to thrive in these complex times.”

Commenting on the appointment, Six Degrees CEO Simon Crawley-Trice said: “With the economic outlook we’re facing over the next few years, it’s more imperative than ever that companies transform their digital strategies to be reliable, resilient and cost-effective. Security must be at the heart of any transformation. Chris has years of experience working with top FTSE brands, helping them to better understand the challenges before them, to mature their cyber strategies, and to secure a return on their cyber security investments. Chris is the right person to work with us as we strive to connect our clients with the solutions needed to protect and grow their businesses.”

Six Degrees. Beyond Cloud.

We help customers enjoy all the game-changing potential of cloud. We create secure, flexible platforms that set organisations free to achieve and exceed their boldest aspirations, whatever those may be.
Our industry-leading security protects against today’s and tomorrow’s cyber threats, while our unrivalled technology stack means maximum productivity and efficiency, even with a remote workforce.
With a formal service agreement and the most flexible financial terms in the industry, we go above and beyond for every customer.

News

New research suggests UK businesses are overconfident when it comes to digital supply chain security

Organisations trust their MSPs, yet fail to ask them basic cyber security-related questions and admit to suffering unscheduled downtime

Kocho, the UK-based provider of cyber security, identity, cloud transformation and managed services, today announced the results of a survey assessing the cyber resilience of UK businesses’ digital supply chains. While virtually all of the respondents were either totally confident (71 percent) or moderately confident (29 percent) that their Managed Service Provider (MSP) could continue to deliver services in the event of a major attack, 97 percent had suffered unscheduled downtime in the previous year, with 88 percent of these incidents connected to cyber-related activity.

Conducted by Vanson Bourne in October 2022, the online survey polled 200 UK senior business and technology professionals at mid-sized businesses employing between 500 and 3,000 people. All of these businesses were from finance and insurance, private healthcare, legal or manufacturing verticals and rely on MSPs to run at least some of their IT. Slightly over half (51 percent) stated their operations would be severely impacted by a disruption to their MSP’s service, while 15 percent said they would be left unable to operate. Approximately one quarter (26 percent) said they would be partially impacted.

Six in ten (60 percent) respondents stated that cyber security procedures were a top priority in their decision-making process when their organisation selected its MSP, with a further 34 percent stating that they were a major part of the decision-making process. Despite this priority, many businesses failed to ask fundamental security-related questions at this initial tender stage.

Only 40 percent of businesses stipulated their MSP should be Cyber Essentials certified, even though this is the UK Government-backed scheme designed to protect all organisations against a range of threats. Just 38 percent asked if the MSP was fully GDPR compliant, while only 37 percent stipulated two factor authentication must be deployed. Fewer still (35 percent) asked if an incident response policy was in place and only 56 percent of organisations undertook third party audits to verify or test MSP defences.

“On the whole, UK businesses are very trusting of their MSPs’ abilities to withstand attacks and have considerable confidence in their digital supply chains. However, this research does also suggest that at least some of this confidence might be misplaced,” said Jacques Fourie, Director of Information Security, Kocho. “When selecting an MSP, businesses don’t always ask enough tough questions; this could leave them vulnerable. Organisations may think that by passing the management of their IT to a third-party, they no longer need to worry about security, but that’s simply not the case – we can see from this research that any MSP outage could hit businesses hard.”

For additional insights as well as actionable advice on how to verify MSPs’ security credentials, please download Kocho’s new report ‘Securing risks in the digital supply chain.’