Three days after Ivanti published an advisory about the high-severity vulnerability CVE-2024-8190, threat actors began to abuse the flaw.

Source: NicoElNino via Alamy Stock Photo

Just days after Ivanti released an advisory regarding a high-severity vulnerability in its Cloud Service Appliance (CSA), the company is alerting customers that the flaw is now being exploited in the wild. 

Ivanti initially disclosed the vulnerability, tracked as CVE-2024-8190, on Sept. 10, warning customers that it could allow unauthorized access to their devices. With a CVSS score of 7.2 out of 10, the attacker must have administrator-level privileges in order to exploit the vulnerability.

To remediate the bug, Ivanti recommended that users upgrade from Ivanti CSA 4.6 to CSA 5.0. In addition, CSA 4.6 Patch 518 customers can update to Patch 519, however, upgrading to CSA 5.0 remains the best option, the company noted.

On Sept. 13, Ivanti updated its advisory, making its customers aware that it knew of the active exploitation of the vulnerability.

"At the time of the September 13 update, exploitation of a limited number of customers has been confirmed following public disclosure," said the advisory.

Users should update to the latest version of the appliance as soon as possible.

If users find that they have been compromised before they can apply the recommended patch, according to the company, they can log a case or request a call through the Ivanti Success Portal.

**About the Author**

Ivanti Cloud Bug Goes Under Exploit After Alarms Are Raised

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Are the robots really taking over? Come up with a clever cybersecurity-related caption for the cartoon above, and our favorite will win a $25 Amazon gift card.

Here are four convenient ways to submit your ideas before the Oct. 16, 2024, deadline:

*   Via social media: X, Facebook, and LinkedIn. (If you win, we'll respond to you on the same platform, requesting your email address.)
    

**Last Month's Winner**

A round of congratulations goes to Vanilla Cyber's Renen Wasserman, whose caption for August's "Security Games" contest nailed first place:

Thanks to all who participated. Some noteworthy contenders included "This new threat detection method is 10% better than our old one," "Blindfolded and Breached: The Modern Cybersecurity Nightmare," and "This 5th level of multi-authentication may be taking things too far."

**About the Author**

John Klossner has been drawing technology cartoons for more than 15 years. His work regularly appears in Computerworld and Federal Computer Week. His illustrations and cartoons have also been published in The New Yorker, Barron's, and The Wall Street Journal.

Name That Toon: Tug of War

While the 2024 election may see various cyber threats, existing security measures and coordination across all levels of government aim to minimize their impact.

Mike Kosak, Senior Principal Intelligence Analyst, LastPass

September 16, 2024

4 Min Read

Source: Saphiens via Alamy Stock Photo

COMMENTARY

As the 2024 US presidential election approaches, cybersecurity is a frequent topic of conversation. From my time in the intelligence community supporting the Department of Defense, I'm familiar with government planning around elections. While the most discussed threats for 2024 are nation-state misinformation and disinformation, this election season, I'm also following cybersecurity threats to municipal election systems. 

The good news is the threat of an actual impactful disruption is low. As the US has funneled significant resources into securing elections over the past decade, US Cybersecurity and Infrastructure Security Agency (CISA) lead Jen Easterly said election infrastructure "has never been more secure." However, that doesn't mean threat actors aren't likely to attempt some sort of attacks, such as website defacements or distributed denial of service (DDoS) attacks against municipal election websites.

Here are the four threats against local election systems we will most likely hear about in 2024:

**Voting Machine Hacking**

The most high-profile threat to US elections is voting machine hacking. However, voting machines are rarely connected directly to the Internet, which aligns with current cybersecurity guidelines. This means the most realistic threat vector would require physical access to the machines, according to F5 Labs, a concern addressed through anti-tampering and physical security guidelines around the country. While cyber vulnerabilities within voting machines exist — as demonstrated annually at the DEFCON Voting Village hacking event — to date, there have been no reports of cyberattacks taking voting machines offline or changing votes, despite the clear value of such a capability to US adversaries.

**DDoS Attacks**

DDoS attacks are a less disruptive but more frequent threat to US elections. Election monitoring and information websites leveraging Google's Project Shield DDoS protection services experienced a 400% increase in weekly attacks during the 2022 midterms. While several companies like Cloudflare offer free DDoS protection services to election-related websites, some sites are still going down. Mississippi's election websites were briefly taken offline in 2022 by a DDoS attack claimed by a pro-Russia hacking group. However, the attack did not impact voting results or availability.

Given the increased profile of the presidential election, we can expect to see DDoS on a larger scale in 2024. However, as CISA and the FBI stated in a July 31 alert, these attacks would not prevent voters from casting their ballots.

**Ransomware**

The FBI and CISA released a similar alert on Aug. 15 related to ransomware disruptions, reassuring the public that any attack along these lines would not compromise the security or accuracy of voting. Ransomware groups will likely target municipalities — already a common target — in the run-up to the elections. 

For instance, a ransomware attack in April forced a Georgia county to temporarily disconnect from the state's voter registration system as a precautionary measure — highlighting disruptions that could occur around access to voter data or other election information. However, the FBI and CISA noted, "Any successful ransomware attack on election infrastructure tracked by FBI and CISA has remained localized and successfully managed with minimal disruption to election operations and no impact on the security and accuracy of ballot casting or tabulation processes or systems." Similar to DDoS attacks, no reporting suggests ransomware attacks have ever prevented a vote from being cast.

**Website Defacement and Email Access**

Website defacements are another common threat, where attackers take over election-related sites to alter data or images. These attacks can either aim to embarrass the site owner or subtly manipulate information, such as polling results or polling station hours.

In 2020, a threat actor briefly took over the campaign website for then President Trump, posting a derogatory message and seeking payment in return for not releasing data they claimed to have stolen. While these attacks may occur and could cause local disruptions, they would not impact the ability to vote or tally votes.

Hybrid cyber-physical threats, such as the increasing use of emails or spoofed phone numbers to deliver fake bomb threats or conduct swatting attacks, also present a concern, where false scenarios are reported to provoke a large police response. In 2018, a months-long campaign targeting US schools and businesses caused evacuations, police responses, and major disruptions. Similar attacks on election day could target polling stations, election offices, or ballot-counting sites.

Finally, threat actors (particularly nation-states) will continue to target email accounts of political operatives and organizations. The US intelligence community has already attributed social engineering attacks targeting both major US political parties to Iran. These attacks aimed to access sensitive or embarrassing information to influence the US election, highlighting the frequency of politically motivated social engineering attacks and the importance of secure, unique passwords and multifactor authentication. 

**Safeguarding the Vote**

While cyberattacks will undoubtedly target US election infrastructure over the next few months, it's important to place these events in the context of the protections put in place. Federal, state, local, and tribal governments, as well as international allies, have all been tracking these threats and implementing mitigations and contingencies to help ensure a secure and smooth election. 

While the 2024 election may see various cyber threats, existing security measures and coordination across all levels of government aim to minimize their impact. Voters should stay informed and rely on official sources to ensure their participation is not disrupted.

**About the Author**

Senior Principal Intelligence Analyst, LastPass

Mike Kosak is a former US Department of Defense (DoD) counterterrorism intelligence officer with more than 20 years of experience as a threat intelligence analyst. While with the DoD, he served in several senior intelligence officer roles, including leading the Pentagon office responsible for providing intelligence updates to the chairman of the Joint Chiefs of Staff, and was deployed to Iraq three times in support of Operation Iraqi Freedom. He also served as the acting senior command representative to the Joint Special Operations Command for the Defense Intelligence Agency. During his deployments, he led intelligence teams in support of both conventional and special forces. Following his government service, Kosak held private sector cyber intelligence positions at Bank of America, where he led the Strategic Cyber Intelligence and Threat Evaluation teams, and TIAA, where he led the Cyber Threat Intelligence team. He currently serves as the senior principal intelligence analyst at LastPass.

Cybersecurity &amp; the 2024 US Elections

PRESS RELEASE

Burlingame, Sept. 13, 2024 (GLOBE NEWSWIRE) -- CoherentMI published a report, titled, South Korea Digital Forensics Market is estimated to value at US$ 1.64 Billion in the year 2024 and is anticipated to reach US$ 3.52 Billion by 2031, at a CAGR of 11.5% during forecast period 2024-2031. With rising digitalization across various industry verticals in South Korea, incidents of cybercrimes have also increased exponentially over the years. Organizations across banking, finance, healthcare and other sectors are increasingly focusing on protecting sensitive data and investigating cyber threats. This has propelled the demand for professional digital forensics services that can retrieve hidden electronic data from computers, mobiles and other devices to solve cybercrime cases.

Market Dynamics: 

The South Korea digital forensics market is expected to witness significant growth, owing to increasing number of cybercrimes in the country. According to statistics, the number of cybercrimes reported in South Korea increased from 78,385 cases in 2018 to 95,172 cases in 2019. With rapid digitalization and increasing internet penetration, the cases of cyberbullying, hacking, data theft, and financial fraud have increased sharply. As a result, the demand for digital forensics solutions to collect, examine, and analyze digital evidence from computing devices such as smartphones, laptops, and servers is growing significantly. Moreover, increasing investments by law enforcement agencies to strengthen their digital investigation capabilities is also fueling the market growth.

Key Market Takeaways:

*   On the basis of forensic type, the computer forensics segment is expected to hold a dominant position, owing to a large volume of electronic evidence involving computers in cybercrime investigations.
    
*   On the basis of component, the services segment is expected to hold the largest share due to increasing demand for forensic consulting, investigation, training and education from law enforcement agencies and enterprises. 
    
*   On the basis of verticals, the government and defense segment is expected to hold the major market share due to initiatives towards strengthening cybersecurity and increasing reliance on digital forensics solutions.
    
*   Regionally, South Korea is expected to hold a dominant position over the forecast period due to stringent cyber regulations, robust law enforcement agencies and digital infrastructure in the country.
    
*   Key players operating in the South Korea digital forensics market include AhnLab, FireEye, IBM Corporation., Guidance Software, Inc., OpenTextCorp. These players are focusing on developing innovative forensic solutions and adopting organic and inorganic growth strategies to strengthen their market presence.
    

Market Trends:

Mobile device forensics and cloud forensics are the major trends witnessed in the South Korea digital forensics market. With increasing usage of smartphones and tablets, mobile device forensics solutions that can extract, recover, analyze and preserve deleted data from mobile devices are gaining more importance. Additionally, as more data is being stored on cloud systems, cloud forensics solutions are being increasingly used to investigate data breach incidents involving cloud applications and services. Major players in the market are focusing on developing advanced mobile and cloud forensics solutions to leverage lucrative business opportunities.

Recent Developments:

*   On April 22 2021, Plainbit Co., Ltd., has signed a memorandum of understanding with FRONTEO Inc. FRONTEO Inc. is an overseas subsidiary of FRONTEO Korea, Inc., based in Minato-ku, Tokyo. The partnership aims to strengthen digital forensic services through collaborative business initiatives, facilitating mutual exchange and cooperation between the two companies. FRONTEO specializes in digital forensic services, while Plainbit focuses on enhancing digital forensic capabilities through collaborative business initiatives.
    

Get a detailed analysis on regions, market segments, and companies: https://www.coherentmi.com/industry-reports/south-korea-digital-forensics-market

South Korea Digital Forensics Market Opportunities:

Computer Forensics: The computer forensics segment held the largest market share in 2024 owing to increasing cases of cybercrimes involving computers. Computer forensics aids in investigating computer related crimes by analyzing data stored on computers and recovering digital evidence. It allows examination of digital media in a forensically sound manner and law enforcement agencies heavily rely on computer forensics for examining digital devices seized from crime scenes.

Network Forensics: Network forensics is anticipated to witness substantial growth during the forecast period due to rising network intrusions and data breaches. It involves monitoring and analyzing network traffic for potential security issues and policy violations. Network forensics provides insights into network security incidents, data leakage and helps identify compromised accounts. The technology assists in conducting post-intrusion analysis and network traffic reconstruction to gather digital evidence from network infrastructure.

South Korea Digital Forensics Market Segmentation:

*   By Verticals:
    
    *   Banking, Financial Services, and Insurance (BFSI)
        
    

The research provides answers to the following key questions:

1.  What is the estimated growth rate of the market for the forecast period 2024-2031?
    
2.  What will be the market size during the estimated period?
    
3.  What are the key driving forces responsible for shaping the fate of the South Korea Digital Forensics market during the forecast period?
    
4.  Who are the major market vendors and what are the winning strategies that have helped them occupy a strong foothold in the South Korea Digital Forensics market?
    
5.  What are the prominent market trends influencing the development of the South Korea Digital Forensics market across different regions?
    
6.  What are the major threats and challenges likely to act as a barrier in the growth of the South Korea Digital Forensics market?
    
7.  What are the major opportunities the market leaders can rely on to gain success and profitability?
    

Purchase Latest Edition of this Research Report @ https://www.coherentmi.com/industry-reports/south-korea-digital-forensics-market/buynow

Key insights provided by the report that could help you take critical strategic decisions?

*   Regional report analysis highlighting the consumption of products/services in a region also shows the factors that influence the market in each region.
    
*   Reports provide opportunities and threats faced by suppliers in the South Korea Digital Forensics industry around the world.
    
*   The report shows regions and sectors with the fastest growth potential.
    
*   A competitive environment that includes market rankings of major companies, along with new product launches, partnerships, business expansions, and acquisitions.
    
*   The report provides an extensive corporate profile consisting of company overviews, company insights, product benchmarks, and SWOT analysis for key market participants.
    
*   This report provides the industry's current and future market outlook on the recent development, growth opportunities, drivers, challenges, and two regional constraints emerging in advanced regions.
    

Browse Related Reports:

United States Racing Drones Market: The United States Racing Drones Market is estimated to be valued at USD 353.01 Mn in 2024 and is expected to reach USD 1,333.19 Mn by 2031, growing at a CAGR of 18.1% from 2024 to 2031.

New Zealand Power Tool Market: New Zealand Power Tool Market is estimated to be valued at US$ 167.2 million in 2024 and is expected to reach US$ 286.1 million by 2031, exhibiting a compound annual growth rate (CAGR) of 8% from 2024 to 2031.

Philippines Robot as a Service Market: Philippines robot as a service market is estimated to be valued at US$ 298.9 Million in 2024, and is expected to reach US$ 918.8 Million by 2031, growing at a compound annual growth rate (CAGR) of 17.4% from 2024 to 2031.

UAE Dark Kitchens/Ghost Kitchens/Cloud Kitchens Market: The UAE Dark Kitchens/Ghost Kitchens/Cloud Kitchens market size was valued at US$ 330.3 million in 2023 and is expected to reach US$ 821.5 million by 2030, grow at a compound annual growth rate (CAGR) of 13.9% from 2023 to 2030.

Author of this marketing PR:

Ravina Pandya, PR Writer, has a strong foothold in the market research industry. She specializes in writing well-researched articles from different industries, including food and beverages, information and technology, healthcare, chemical and materials, etc. With an MBA in E-commerce, she has an expertise in SEO-optimized content that resonates with industry professionals.

About Us:

At CoherentMI, we are a leading global market intelligence company dedicated to providing comprehensive insights, analysis, and strategic solutions to empower businesses and organizations worldwide. Moreover, CoherentMI is a subsidiary of Coherent Market Insights Pvt Ltd., which is a market intelligence and consulting organization that helps businesses in critical business decisions. With our cutting-edge technology and experienced team of industry experts, we deliver actionable intelligence that helps our clients make informed decisions and stay ahead in today's rapidly changing business landscape.

South Korea Digital Forensics Market to Hit US $3.52B by 2031

PRESS RELEASE

September 11, 2024—Tampa, Fla— Cyber Florida at USF, in partnership with Cisco and WiCyS (Women in Cybersecurity), proudly hosted the premiere of the Do We Belong Here? documentary last night at the historic Tampa Theatre. The cybersecurity community showed strong support, with more than 200 attendees, including Cyber Florida at USF partners and documentary participants who traveled from out of town, gathering in person to watch the production. The event culminated nearly 18 months of planning, interviews, and relationship-building.

The 90-minute documentary, inspired by the popular Do We Belong Here? podcast, highlights the experiences of women and other underrepresented groups in the cybersecurity industry. Attendees were moved by the inspirational stories of perseverance and success shared by leading female cybersecurity practitioners, executives, and CISOs from top companies and organizations who generously contributed to the project.

While women's participation in the cybersecurity industry is growing, women still only representation about 20-25% of the cybersecurity workforce, according to ISC2. 

“This film represents the heart of what we’re striving for in cybersecurity—diversity, inclusion, and the understanding that everyone belongs here,” said Sarina Gandy, co-producer of the documentary and a key voice in its creation.

Following the screening, a lively Q&A panel with the podcast team took place, featuring:

·    Pam Lindemoen, Chief Information Security Officer Advisor, Cisco

·    Tashya Denose, Reality Labs Security Program Manager, Meta

·    Sarina Gandy, Cyber Communications & Marketing Analyst and Do We Belong Here Podcast Producer, Cyber Florida at USF

·    Rex Wilson, Brand Manager, Cyber Florida at USF

The documentary is available to watch on the Cyber Florida at USF YouTube channel.

Interviews with documentary participants and the podcast team can be arranged with Cyber Outreach Manager Jennifer Kleman, APR, CPRC at \[email protected\].

ABOUT CYBER FLORIDA AT UF  
The Florida Center for Cybersecurity at the University of South Florida, commonly referred to as Cyber Florida at USF, was established by the Florida Legislature in 2014. Its mission is to position Florida as a national leader in cybersecurity through comprehensive education, cutting-edge research, and extensive outreach. Cyber Florida leads various initiatives to inspire and educate both current and future cybersecurity professionals, advance applied research, and enhance cybersecurity awareness and safety of individuals and organizations.

Cybersecurity Community Celebrates Documentary Premiere at Tampa Theatre

The incident is a reminder why organizations need to pay attention to how they store and secure data in SaaS and cloud environments.

Source: JHVEPhoto via Shutterstock

Fortinet has confirmed the compromise of data belonging to a "small number" of its customers, after a hacker using the somewhat colorful moniker "Fortibitch" leaked 440GB of the information via BreachForums this week.

The hacker claimed to have obtained the data from an Azure SharePoint site and alleges they leaked it after the company refused to negotiate with the individual on a ransom demand. The situation once again highlights the responsibility that companies have to secure data held in third-party cloud repositories, researchers say.

Fortinet itself has not specifically identified the source of the breach. But in a Sept. 12 advisory, the company said someone had gained "unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party, cloud-based shared file drive."

The security vendor, one of the largest in the world by market cap, identified the issue as impacting less than 0.3% of its more than 775,000 customers worldwide, which would place the number of affected organizations at around 2,325.

Fortinet said it had seen no signs of malicious activity around the compromised data. "Fortinet immediately executed on a plan to protect customers and communicated directly with customers as appropriate and supported their risk mitigation plans," the security vendor noted in the advisory. "The incident did not involve any data encryption, deployment of ransomware, or access to Fortinet’s corporate network." Fortinet said it does not expect the incident to have any material impact on its operations or finances.

In a threat intelligence report shared with Dark Reading, CloudSEK said it had observed a threat actor using the Fortibitch handle leaking what appeared to include not just customer data, but also financial and marketing documents, product information, HR data from India, and some employee data.

"The actor attempted to extort the company but, after unsuccessful negotiations, released the data," CloudSEK said.  The company surmised that the hacker would have attempted to sell the data first, if it had been of any true value.

Fortinet did not confirm or deny if the hacker had attempted to engage with the company on the stolen data.

The hacker's post on BreachForums included somewhat context-free references to Fortinet's acquisitions of Lacework and NextDLP. It also referenced a few other threat actors, the most interesting of whom is a Ukrainian outfit tracked as DC8044. "There are no direct links between Fortibitch and DC8044, but the tone suggests a history between the two," according to CloudSEK. "Based on the available information, we can ascertain with medium confidence that the threat actor is based out of Ukraine."

**Breach a Reminder of Cloud Data Exposure Risks**

The Fortinet compromise — though apparently not too major — is a reminder of the heightened data exposure risks to enterprise organizations when using software-as-a-service (SaaS) and other cloud services without the appropriate guardrails. A recent scan by Metomic of some 6.5 million Google Drive files showed more than 40% of them containing sensitive data, including employee data and spreadsheets containing passwords.

Often, organizations stored the data on Google Drive files with little protection. More than one-third (34.2%) of the scanned files were shared with external email addresses, and more than 350,000 files had been shared publicly.

Rich Vibert, CEO and founder of Metomic, says there are three fundamental mistakes organizations make when it comes to protecting data in cloud environments: not using multifactor authentication (MFA) to control access to SaaS apps; giving employees too much access to folders and sensitive assets within the app itself; and storing sensitive data for too long.

It's unclear yet how the hacker might have accessed the data from Fortinet's SharePoint environment. But one likely scenario is that the attacker gained access to valid login credentials, via phishing for instance, and then logged in and exfiltrated data from SharePoint and similar environments, says Koushik Pal, threat intelligence reporter at CloudSEK. Information stealers are also a "really common" attack vector, Pal notes.

**Rethinking Cloud Security**

"Typically, developers should use environment variables, vaults, or encrypted storage for sensitive information, and avoid hardcoding credentials in source code," Pal says. Often developers hardcode access credentials like API keys, username and password into the source code and inadvertently push the code into a public or unsecured private repository from where they can be accessed relatively easily.

"Organizations should make MFA mandatory for accessing SharePoint and other critical systems to prevent unauthorized access even if credentials are compromised," Pal explains. "Monitor repositories on a regular basis for exposed credentials, sensitive data, or misconfigurations, and enforce security best practices across all teams."

Akhil Mittal, senior manager of cybersecurity at Synopsys Software Integrity Group, says incidents like the one Fortinet experienced show why it's a mistake for organizations to leave security around their cloud assets entirely to cloud service providers. "Organizations should rethink how they store customer data in shared drives, ensuring critical information is kept separate from less sensitive files," he says.

It's a good idea too to encrypt sensitive data both in transit and at rest, to mitigate damage even if attackers gain access. Mittal perceives continuous monitoring of cloud assets as fundamental to protecting them. "Applying zero-trust principles to third-party platforms also ensures no external service is trusted automatically, reducing the risk of unauthorized access," he adds.

Don't miss the latest Dark Reading Confidential podcast, where we talk to two cybersecurity professionals who were arrested in Dallas County, Iowa, and forced to spend the night in jail — just for doing their pen-testing jobs. Listen now!

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Fortinet Confirms Customer Data Breach via Third Party

In this case study, a CISO helps a B2B marketing automation company straighten out its manual compliance process by automating it.

Source: Moodboard Stock Photography via Alamy Stock Photo

Like many tech companies, Metadata.io built its B2B marketing automation business from the ground up, consistently adding key functions like personalization, prospect data enrichment, and creative micro-targeting strategies.

As it was growing, the company did its best to comply with critical attestations and standards like SOC 2 Type II and ISO 27001. But most of the focus was on building the company's core assets, not thinking of ways to streamline and automate compliance.

These frameworks aren't easy to comply with. Although they share about 60% of the same controls, they are completely different frameworks and require different processes.

The company did the best it could to comply with these controls with largely manual processes. All controls were written in spreadsheets, with no owners of specific controls and no way to ensure version control. Controls were stored in nested folders and Google Drive.

After a few years, it became clear that the compliance process simply wasn't working. To address the issue and shore up security in general, Metadata.io hired veteran CISO Raymond Taft.

**A Tangle of Manual Compliance**

"When I first got here, the company was just shy of about three months of its Series B fundraiser. It was still a very scrappy company," Taft says.

The first order of business was addressing the haphazard way Metadata.io was handling compliance. The current, largely manual system made it difficult to track compliance and ensure that controls were continuously monitored.

"Every single background check and confidentiality agreement had to be marked in a folder. It can take an enormous amount of time if you're continuously grabbing evidence for every one of those controls and putting them in these folders," Taft says. "It ends up being a nightmare to collect because you have to go back to that spreadsheet to, for example, collect evidence on specific need to things on specific days."

It was also labor-intensive, taking six people to do nothing but evidence collection. That's a lot of people when the total employee count is only 40.

Taft also discovered that the company was missing controls around background checks, performance reviews, and continuous monitoring of its cloud environment. Perhaps even more concerning was the haphazard way that data loss prevention, and security in general, was monitored and controlled.

"I knew within the first three months of working here that it would never scale as the company planned to grow to three or four times its current size," he says.

Without automation, Taft could see the writing on the wall. In addition to losing customer trust, the company would have had to continue spending a lot of money on evidence-gathering, and may have ended up outsourcing the entire function.

**Automating Compliance via Outsourcing**

Automating the compliance function was the only way Taft could see to gain control and ensure that controls were being consistently met. He didn't think it was a good idea to try to automate the function internally; not only was it not a core competency of the company, but it would incur a significant learning curve and take a significant amount of time.

Compliance automation is a good option for many enterprises, says Rik Turner, a cybersecurity analyst at Omdia.

"If your business spans multiple verticals and/or geographies, it's likely that you will be subject to multiple compliance requirements. This makes complying with them all a time- and resource-consuming undertaking, so automating your compliance activities represents significant potential savings," he says.

In addition, a typical human-driven compliance project is carried out on a monthly, quarterly, or even semi-annual basis, which means that it provides only a point-in-time view of compliance at the moment it was completed. An automated approach, on the other hand, holds the promise of continuous checking and alerting as soon as a change to the infrastructure or business processes risks slipping out of compliance, he adds.

Taft wanted a full-stack automation tool that would be able to configure policies, identify control failures or other issues, and quickly incorporate new controls. He also wanted to ensure that the solution could integrate with the stacks Metadata.io used most commonly. That included Jira, AWS, and GCP, along with its background check provider and HR platform.

"We knew if we could plug into those and continuously gather evidence, we could knock off more than 80% of our total evidence-gathering requirements for the year," he says.

There are plenty of tools that meet the requirements around continuous compliance, Turner says. More specifically, he notes that vertical and geographical breadth of coverage is key. But most importantly, he adds, potential buyers should check whether a tool that measures compliance stops at the alerting stage or can actually remediate situations when it detects that a change has caused the organization to slip out of compliance.

With these issues in mind, Taft settled on Drata for automated compliance monitoring. The tool automates evidence collection from all of its tooling, querying it every second of the day and reporting on status. It also communicates the state of Metadata.io's compliance program to auditors through a portal that also allows them to ask questions.

**Building on Good Results**

Since the implementation, Metadata.io's internal compliance team has been reduced to four people, even though the company has now grown to more than 100 employees. Taft says companies Metadata.io's size typically have compliance teams of 10 to 15.

The company also realized an unanticipated benefit: being able to fold some of its services into Drata via its trust center. Before, the company was paying $30,000 per year to upload its documentation to a trust center, where customers could access it. Drata's solution includes a trust center, saving the company that money.

That's just part of the cost savings. Taft says that all told, automated compliance has resulted in a 6x reduction in cost.

Time savings also has been substantial. For SOC 2 Type II and ISO 27001 compliance audits alone, for example, prep time went from six weeks to two weeks. Taft says that he recently met with the company's auditors for a total of five hours for the audit period. Last year that took four days.

With SOC 2 Part II and ISO 27001 fully automated and under control, Taft's next project is expanding into other compliance projects like ISO 27701, which is focused on data privacy, along with other frameworks.

The key to expanding, he says, is leveraging the automation tool's approach to control mappings and its ability to cross-map.

"There are dozens of frameworks, and they all share a little bit of DNA with each other," Taft explains. "The cross-mappings could be horrendous and could take months. For example, how does ISO 27701 relate to privacy for SOC 2?"

Drata's control and framework mapping enables users to click on a framework and see which controls apply to it. With that information, it's fairly simple to determine what's needed in terms of human resources to adopt the new framework, he says, and whether it makes sense for the business to move forward with it.

**About the Author**

Contributing Writer, Dark Reading

Karen D. Schwartz is a technology and business writer with more than 20 years of experience. She has written on a broad range of technology topics for publications including ITProToday, CIO, InformationWeek, GCN, FCW, FedTech, BizTech, eWeek, and Government Executive.

Compliance Automation Pays Off for a Growing Company

PRESS RELEASE

LONDON, Sept. 10, 2024 /PRNewswire/ -- In the past 12 months, over half of organisations were impacted by cyber threats. Larger companies in particular were much more likely to come under attack.

The severity of these incidents is directly contributing to job losses. Of 500 UK IT, resilience and cyber security professionals surveyed, 37% reported that cyber-attacks resulted in dismissals.

Last year, Databarracks' Data Health Check (DHC) found that cyber-attacks are organisation's leading cause of downtime and data loss. In 2024, that is still the case.

Data lost to cyber incidents varies greatly by company size, with larger businesses five times more likely to be impacted.

Chris Butler, Resilience Director at Databarracks, commented:

"It should come as little surprise that cyber remains organisations' leading cause of downtime and data loss. The real news is that cyber is now having a significant impact on employees.

"Over a third of those surveyed in the DHC report job losses as a result of cyber-attacks. These could be IT or Security staff being dismissed in direct response to the breach, or wider layoffs from business disruption.

"Cyber-attacks on businesses are often seen as victimless crimes because losses are covered by insurance. These results show that attacks have a personal impact.

"Today, IT teams are faced with significantly more risk and threats to the continuity of their organisations, which can have a profound impact on their wellbeing. But the same can be said for employees across a business.

"Staff may be uncertain about what an attack means for the future of their company, and by extension their own job security. Your first line of defence is your staff, and so it is crucial that they are kept well-trained and appropriately informed in the event of an incident."

Read the highlights from the Data Health Check 2024: https://datahealthcheck.databarracks.com/2024/ 

Download the full DHC report: https://www.databarracks.com/resources/data-health-check-2024

Over a Third of Cyberattacks Result in Job Losses

The FBI and CISA are warning citizens of attempts to convince voters that US election infrastructure has been compromised. (It hasn't been.)

Source: David R. Frazier Photolibrary, Inc. via Alamy Stock Photo

The FBI and Cybersecurity and Infrastructure Security Agency (CISA) are warning US citizens that the spread of disinformation is high, as false claims of cyberattacks compromising US voter registration databases begin to unfurl.

The agencies say that malicious actors are behind the discord, which is an attempt to manipulate public opinion as well as undermine trust in US democratic institutions. The tactics the malicious actors use involve obtaining voter registration information to support their false claims that election infrastructure has been compromised. 

According to the agencies, access to this kind of information is not in itself an indicator of voter registration database compromise. In fact, voter registration information can be viewed through sources that are publicly available. 

"The FBI and CISA have no information suggesting any cyberattack on US election infrastructure has prevented an election from occurring, changed voter registration information, prevented an eligible voter from casting a ballot, compromised the integrity of any ballots cast, or disrupted the ability to count votes or transmit unofficial election results in a timely manner," according to the announcement. 

The agencies recommend that individuals not take claims of election intrusion at face value, be cautious of the veracity of social media posts or emails from unfamiliar addresses, and seek information from state and local government election officials and trusted sources if they have questions. 

**About the Author**

Malicious Actors Sow Discord With False Election Compromise Claims

PRESS RELEASE

CLEARWATER, Fla., Sept. 11, 2024 /PRNewswire/ --  Concerns about the trustworthiness of internal data exist in nearly all organizations globally according to "The Real Value of Technology Connectivity" report released today by TeamViewer, a leading global provider of remote connectivity and workplace digitalization solutions. Ninety-nine percent of business leaders pointed to factors undermining trust in internal data, citing multiple versions of the truth (38%), conflicting data management practices (32%) and too many instances of poor hardware reliability (31%) as top reasons for mistrust.

Interestingly this mistrust of internal data varies across company size. It is more likely to be driven by lack of data literacy in smaller organizations. Forty percent of respondents working for companies generating US $10 million - US $49.99 million in yearly revenue report a lack of data literacy among employees, compared to 21% of companies generating US $10 billion and above.

The global research study also found that only 5% of business leaders believe they have seamless technology connectivity across their organizations, identifying a huge opportunity to close the connectivity gap to not only gain internal trust in data, but to also enhance nearly all areas of the business from innovation to HR.

When asked how seamless technology connectivity could help their organization:

*   80% of respondents state is allows for better customer interactions and increases customer satisfaction
    
*   81% say it enables better innovation
    
*   82% believe it allows more time for considered decision making
    
*   86% consider it an important aspect of working at their company increasing talent retention
    

Technology Connectivity = Industry Leadership & Cyber Defense 

The research also uncovered a correlation between excellent connectivity and industry leadership, with 33% of business leaders at organizations with excellent technology connectivity saying their financial performance is among the leaders in their industry. Just 16% of business leaders with good connectivity say the same. In addition, 61% say that excellent technology connectivity gives them a competitive edge.

Further, 34% of businesses with excellent connectivity say their operational performance is on par with industry leaders but only 19% with good connectivity say this is the case. Seamless technology connectivity, the extent to which staff can operate and connect without interruptions, and what all businesses should be aiming for, also increases resilience and supports risk management. In particular, better connectivity helps organizations to withstand the growing threat of cyberattacks. 38% of those with excellent connectivity, those one step below achieving seamless connectivity, are among the leaders in their sector for cybersecurity performance, compared to 22% of those with good connectivity.

"It's clear from the research that connectivity isn't just about driving workforce productivity and efficiencies. The approach of shifting connectivity from a supporting role and cost centre to one that empowers the business has an impact on growth, and ultimately revenue. Fragmented systems blunt competitive advantage so just being good is not good enough when it comes to connectivity. Businesses need seamless integration and harmonization of data to fully realise the opportunities that technologies like augmented reality (AR) and artificial intelligence (AI) bring," said Mei Dent, chief product and technology officer, TeamViewer.   

What is holding organizations back?

Organizations with gaps in connectivity (those who say they have good connectivity but not excellent or seamless) are more likely to be held back by differences between departments within their organization (30%) and the inability to show the ROI of tech connectivity (27%). Whereas those who say they have excellent connectivity are most likely to be held back by concerns about cybersecurity (24%). So, cybersecurity is both a benefit and a hindrance to better connectivity.

A company's ability to connect to any device, application and system in its infrastructure, and to make use of existing data, has an outsized influence on performance. Whether it is smarter logistics operations or remote technical guidance, access to knowledge from any device, at any time, helps people work smarter and reduces the mistrust that there are multiple versions of truth in data.

Dent continued, "There is a long way to go for companies to achieve seamless connectivity, but the benefits far outweigh the initial investment of time and resources. Doing nothing also has a cost. With many struggling with increased competition and a lack of skilled labour available, organizations need to do all they can to attract and retain the best talent. And one way to do this is to offer a working environment with integrated systems and connectivity that makes it a great place to work and thrive in their careers."

Research Methodology 

The research was conducted by FT Longitude between March and April 2024. 500 business leaders across six countries took part: Australia, Canada, Japan, Germany, United Kingdom and the United States. Business leaders represented enterprises from the automotive, industrial manufacturing, IT, logistics, transport & distribution, financial services, retail, public sector and utilities industries.

About TeamViewer

TeamViewer is a leading global technology company that provides a connectivity platform to remotely access, control, manage, monitor, and repair devices of any kind – from laptops and mobile phones to industrial machines and robots. Although TeamViewer is free of charge for private use, it has around 640,000 subscribers and enables companies of all sizes and from all industries to digitalize their business-critical processes through seamless connectivity. Against the backdrop of global megatrends like device proliferation, automation and new work, TeamViewer proactively shapes digital transformation and continuously innovates in the fields of Augmented Reality, Internet of Things and Artificial Intelligence. Since the company's foundation in 2005, TeamViewer's software has been installed on more than 2.5 billion devices around the world. The company is headquartered in Goppingen, Germany, and employs more than 1,500 people globally. In 2023, TeamViewer achieved a revenue of around EUR 627 million. TeamViewer SE (TMV) is listed at Frankfurt Stock Exchange and belongs to the MDAX. Further information can be found at  https://www.teamviewer.com/.

Source

DARKReading