Led by NTTVC, the funding enables further development of Cloud Native Intrusion Prevention from the team that invented Network Intrusion Prevention Systems.

AUSTIN, Texas, Oct. 25, 2022 /PRNewswire-PRWeb/ — Spyderbat, a cloud native runtime security company, today announced it has raised $10 million in Series A funding. The funding was led by NTTVC with participation from LiveOak Venture Partners, Benhamou Global Ventures and John McHale to fuel product development and go-to-market activities.

The Enterprise shift-left trend toward a more embedded approach to security in the continuous integration and continuous delivery (CI/CD) pipeline requires new innovation. While organizations adopt strategies to reduce exploitable vulnerabilities in cloud native environments, it has proven insufficient to defend against breaches. The rate of change enabled by cloud provisioning and microservice architectures increase the probability of misconfigurations and missed known and unknown vulnerabilities. Additionally, the dependencies on third-party components increase the probability of supply chain compromises and zero-day attacks. Spyderbat addresses these needs with capabilities that integrate runtime security throughout the lifecycle.

CEO Marc Willebeek-LeMair and CTO Brian Smith, co-founders of Spyderbat, are no strangers to intrusion prevention systems (IPS). As the original founders of TippingPoint, Willebeek-LeMair and Smith invented the network IPS in the early 2000s.

"As we grew closer to understanding the fundamental security concerns in cloud native environments, we recognized the need for a brand-new approach," states Willebeek-LeMair. "Traditional detection methods, along with the rate of change found in cloud native environments, create inaccurate findings that require teams to investigate each with limited data. This leads to high volumes of interrupt-driven efforts that are inconclusive. DevOps and Platform Engineering teams need an accurate understanding of what is happening before automation can occur and a broader protection solution."

The Spyderbat SaaS platform boasts three critical capabilities for detecting and blocking intrusions attacking known and unknown vulnerabilities:

*   Runtime Visibility -Spyderbat generates live detailed mapping and historic contextual visibility across Kubernetes, container and VM  
    environments to enable DevOps and Platform Engineering teams' immediate visibility to the root cause of security and operational issues. 
*   Runtime Delta - Armed with the ability to capture runtime activities with causal context, Spyderbat's Runtime Delta enables development teams to rapidly and securely iterate within guard rails, using an automated understanding of runtime behavior differences between builds and environments.
*   Runtime Intrusion Prevention - Spyderbat provides the industry's broadest form of protection that blocks attacks against cloud-native  
    workloads throughout the software development lifecycle, including supply-chain attacks, compromised credentials, ransomware, and  
    cryptojacking.

In addition to the platform's core capabilities, Spyderbat Labs produces continuous actionable intelligence updates to the Spyderbat platform by performing threat research for cloud native environments. Spyderbat Labs creates Shields to stop attacks against known vulnerabilities, packaged baseline policies to built-in Linux and Kubernetes services, and Attack Detections mapped to MITRE ATT&CK techniques.

"Spyderbat opens the doors to a new level of security and operational awareness," states Aldo Gonzalez, CTO at Client Support Software. "It identifies previous unknowns that require my attention, allowing me to easily see the whole picture and take action."

"It is not about detecting individual activities that may or may not indicate a compromise," adds Smith. "What separates Spyderbat is a complete understanding of runtime activities to recognize new workload behaviors or connect threat indicators to each other and their root cause. This context enables early detection and accuracy, with a thorough understanding of the intrusion that enables automation to block it."

"Spyderbat's platform offers early cloud-native intrusion prevention, which is critical for enterprises in today's complex and high-threat environment," said Fay Hazaveh Costa, Partner at NTTVC. "We are looking forward to supporting the Spyderbat team and helping to fuel their next phase of growth."

In addition to its core offering, Spyderbat separately announced today its Open-Source program. Spyderbat is exhibiting at KubeCon+CloudNativeCon October 26th through October 28th. Learn more about Spyderbat's solution for cloud native runtime security by visiting their booth #SU45.

**About Spyderbat**

  
Spyderbat delivers cloud native runtime security to customers with unprecedented precision in intrusion prevention and mitigation. Founded in 2019 on the recognition that the manual processes of traditional security operations are completely ineffective in rapidly changing cloud environments, Spyderbat is making threat prevention and security operation automation available with a platform for early, accurate, and thorough recognition of attacks. To learn more about Spyderbat's solutions, open-source projects, career opportunities, or to begin using Spyderbat's free tier, visit http://www.spyderbat.com.

Spyderbat Raises Series A to Deliver Runtime Security Throughout Cloud Native Software Development Environments

New report shows 75% of MSPs will invest in security threat intelligence services in the next 12 months to help businesses combat increased threats.

**MIAMI, FL / ACCESSWIRE / October 25, 2022** — Lumu, the creator of the Continuous Compromise Assessment cybersecurity model that empowers organizations to measure compromise in real-time, has partnered with Enterprise Management Associates (EMA) to conduct an independent survey exploring why MSPs are focusing on growing their cybersecurity practices, cites their most pressing concerns when it comes to threats and offers guidance on how MSPs can build a security stack effectively.

"There's been a monumental shift in threat actors' operations, which have led SMBs to face a higher risk of targeted security breaches," said Ricardo Villadiego, Founder and CEO of Lumu. "Now more than ever, entrepreneurs and small business leaders need to understand the heightened need for cybersecurity. With that awareness comes the need to implement a comprehensive cybersecurity program, but not every small business has the means to do so in-house. MSPs that can effectively meet the current needs of SMBs will gain market share and see significant growth opportunities."

The "MSP Cybersecurity Market Opportunity Blueprint" study found that:

*   In the next 12 months, 75% of MSPs are planning to invest in security and threat intelligence, 66.2% in threat detection and response, 66.2% in real-time attack visibility and 50% in forensics and incident response.
*   The most important concerns of MSPs when it comes to protecting customers from cyber threats are malware (77.9%), ransomware (70.6%), business email compromise (64.7%), and phishing (69.1%).
*   More simplistic malware techniques are enough for cyber-criminals to compromise SMBs, while larger organizations must employ more sophisticated and scalable techniques. Cyberattacks on small businesses consist mainly of malware (60%).
*   The top fears MSPs are around when/if customers experience a cyberattack are operational downtime (69.1%), losing the trust of your customers (64.7%), financial losses (63.2%), and reputational losses (61.8%).

Based on the findings of the report, EMA recommends five steps that MSPs should follow to start or evolve their cybersecurity practice:

*   **Customers' network-level threat visibility is vital:** MSPs should develop methods to identify any and all traces of compromise in the network because it will help MSPs minimize damage and avoid disruption.
*   **Ensure scalability through effective tools:** MSPs should favor SaaS-based commercially available solutions that can grow effectively with the MSP - tools built to effectively use cybersecurity talent, so they spend their time effectively.
*   **Leverage response automation:** MSPs achieve great levels of efficiency by combining real-time attack monitoring with integration capabilities that use out-of-the box or API techniques for data exchange and touchless response.
*   **Understand the pricing thoroughly:** MSPs need flexible pricing that matches the services delivered to their customers to not get locked into unfavorable long-term contracts which are undesirable considering the changing threat landscape.
*   **Protect the human element:** With phishing and other social engineering techniques increasing in sophistication and effectiveness, MSPs should train their staff and users across their customer base to identify and report these threats.

"We foresee that more than half of SMBs will part ways with MSPs that fail to address cybersecurity needs effectively and seek out alternative solutions," said Chris Steffen, Managing Research Director at EMA. "There's a huge opportunity for MSPs to get ahead of this and invest in security areas that are most prevalent to SMBs in the next 12 months such as security threat intelligence services, threat detection and response, real-time attack visibility, and forensic and incident response. The MSPs that prioritize these areas will be at an advantage over competitors and will be better equipped to grow their customer base."

To view the full findings of the MSP Cybersecurity Market Opportunity Blueprint report please download https://lumu.io/msp-growth-blueprint/.

**About Lumu**  
Headquartered in Miami, Florida, Lumu is a cybersecurity company focused on helping enterprise organizations illuminate threats and isolate confirmed instances of compromise. Applying principles of Continuous Compromise Assessment, Lumu has built a powerful closed-loop, self-learning solution that helps security teams accelerate compromise detection, gain real-time visibility across their infrastructure, and close the breach detection gap from months to minutes. Learn more about how Lumu illuminates network blindspots at www.lumu.io.

**About EMA**  
Founded in 1996, Enterprise Management Associates (EMA) is a leading industry analyst firm that specializes in going "beyond the surface" to provide deep insight across the full spectrum of IT management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solutions to help its clients achieve their goals.

Learn more about EMA research, analysis, and consulting services for enterprise IT professionals, and IT vendors at www.enterprisemanagement.com or follow EMA on Twitter or LinkedIn.

MSP Market Opportunity Report Finds Cybersecurity as Primary Growth Driver as SMBs Lack Resources to Develop Security Program In-House

**PITTSBURGH, PA – October 25, 2022** — Security Journey, a best-in-class application-security education company, today launched a report revealing that security experts across industry and academia are calling for greater focus on programmatic secure coding training to solve the ‘AppSec dilemma’. As a group, the application security leaders acknowledged the gap that academia has left when teaching developers how to deliver code securely, and outlined the ways enterprises can make this education possible.

Currently, none of the top 50 undergraduate computer science programs in the U.S. require a course in code or application security . Yet the attack surface is growing; new vulnerabilities within the NIST National Vulnerability Database increased by over 200% from 2015 to 2021. The Security Journey report was born out of a roundtable discussion, conducted during cybersecurity awareness month, to find a solution to this lack of secure coding education for developers and others involved in the Software Development Lifecycle (SDLC).

Roundtable participants include a Professor in the Human Computer Interaction Institute at Carnegie Mellon University, a Program Manager for Security Awareness and Education, Security Journey’s CEO, Director of Content Engineering, and Security Education Evangelist, Amy Baker, as Moderator. The roundtable established key differences between security ‘awareness’ and ‘education’, noted the areas that AppSec regulation can go further, and concluded that enabling more continuous and programmatic education is essential.

To make this education possible, the report from the roundtable discussion identifies key shifts that organizations need to make, which include:

*   **Investment needs to be driven down from the top**: Key decision-maker, financial, and organizational support to advance ‘shift left’ initiatives.
*   **Training must be relevant to each professional:** Training programs bespoke to the challenges that developers face in their day-to-day, complementing their current stage of knowledge.
*   **Industry and academia collaboration:** Computer science and computer engineering professors examining curriculum to ensure security is included, making it easier for industry to embrace security from the start.

“Education is an underrated but essential part of computer security. The industry is currently severely under-educating all developers out there on really basic aspects of security and it’s hurting organizations.” Says Jason Hong, Professor in the Human Computer Interaction Institute at Carnegie Mellon University. “Education in academia and industry now needs to start focusing more on the human side of things – how do we improve people’s knowledge, where are their biggest gaps in understanding, and how do we incentivize and motivate not just developers but the corporations that employ them?”

Amy Baker, Security Education Evangelist at Security Journey added, “We need to bridge the gap between what development teams need to know about cybersecurity, and what education is provided to them either as part of undergraduate curriculum or by their employers. It’s not an impossible feat by any means, and we have a truly exciting opportunity now to improve application security knowledge in industry and academia.

To read all insights from the Security Journey Education vs. Awareness roundtable discussion, download the full paper.

**About Security Journey**

Security Journey helps enterprises reduce vulnerabilities through application security education for developers and everyone in the SDLC. Their programmatic approach provides video-based and text-based lessons along with live sandbox code experiments and real-world application exercises. All culminating in a collective security-first culture among development teams.

HackEDU’s spring 2022 acquisition of Security Journey brings together two powerful platforms to provide application security education for developers and the entire SDLC team. The two officially became one in August 2022 and are now Security Journey. Two approaches, one path to build a security-first development culture. Learn more and try our training at www.securityjourney.com.

Security Leaders are Calling for Industry to Take Action and Programmatically Improve Secure Coding Education

BILBAO, Spain, Oct. 25, 2022 /PRNewswire/ — SealPath, a leading provider of zero-trust data-centric security and enterprise digital rights management, announced the launch of SealPath Data Classification powered by Getvisibility, leveraging the latest Artificial Intelligence and Machine Learning technologies to provide their customers with an advanced standard of visibility, protection, control, and a dynamic understanding of their data as it is being created.

This innovative AI-enhanced data classification solution provides the insights and continuous automated protection that enterprise customers need to securely and accurately classify data over its entire lifecycle. Thus, organisations across multiple business verticals gain the ability to prevent data leaks and achieve compliance with the strictest data protection regulations.

With SealPath's classification, the user receives suggestions about the classification level when creating and editing a document. The software learns and adapts to different document types, continuously improving accuracy through AI, and allows organisations to classify unstructured information with unprecedented confidence.

SealPath's information protection is 100% integrated with the new intelligent data classification system so that those files labeled with a certain classification level or subject to a specific regulation can be protected automatically and without user intervention.

"SealPath Data Classification powered by Getvisibility was born in response to the outdated technologies most modern companies currently utilise to classify and manage their data. The solution's machine learning models have been pre-trained for years via data containing a wide array of data types – from personal information, medical and financial to defense data. Combined with robust software specialised in data classification, these thoroughly trained models minimize human error, costs, and time in labelling corporate information. We expect this new AI-powered approach will transform how organisations classify and protect their data," Luis Angel del Valle, CEO of SealPath, stated.

SealPath Data Classification deploys a flexible approach, considering different dimensions such as data sensitivity, associated regulations, data types, and scope of dissemination. Consequently, the system can adapt the classification to the organisation based on the aforementioned dimensions, enabling the automated protection of tagged data via AI/ML algorithms.

SealPath's protection, coupled with the AI and Machine Learning-powered classification system, streamlines an organization's efforts to avoid sensitive information data classification errors quickly and cost-effectively.

**About SealPath**

SealPath is a European leader in Zero-Trust Data-Centric Security and Enterprise Digital Rights Management, working with major companies in more than 25 countries. SealPath has been helping organisations across multiple business verticals, such as Manufacturing, Oil & Gas, Retail, Finance, Healthcare, and Public Administrations, protect their data for over a decade. SealPath's client portfolio includes organisations within the Fortune 500 index and Eurostoxx 50. SealPath makes it easy to avoid costly mistakes, lower the risk of data leaks, ensure security for confidential information and protect data assets.

SealPath Data Classification Powered by Getvisibility Applies Artificial Intelligence to Improve Accuracy and Efficiency of Data Labelling and Protection

The Marsh McLennan Cyber Risk Analytics Center conducted independent analysis of BitSight's Security Rating and risk vectors and cybersecurity incident data.

BOSTON, Oct. 25, 2022 /PRNewswire/ — BitSight, the Standard in Security Ratings, has released results from an independent study which found fourteen BitSight analytics, including the BitSight Security Rating, and thirteen BitSight risk vectors, to be correlated with cybersecurity incidents. The study concluded that cybersecurity performance deficiencies in the identified areas increases an organization's risk of experiencing a cybersecurity incident, while strong performance implies a lower risk of an incident occurring.

The study was conducted by the Marsh McLennan Cyber Risk Analytics Center, which brings together the cyber risk data and analytics expertise of Marsh McLennan's businesses, Marsh, Guy Carpenter, Mercer and Oliver Wyman. Marsh McLennan independently determined the methodology and analyzed BitSight's security performance data on 365,000 organizations and Marsh McLennan's proprietary cybersecurity incidents and claims information.

"After comparing the security performance data of thousands of organizations that experienced cybersecurity incidents against those that did not, we identified a statistically significant correlation between BitSight Security Ratings as well as certain BitSight risk vectors and the likelihood of a cybersecurity incident," said Scott Stransky, managing director and head of the Marsh McLennan Cyber Risk Analytics Center.

The marketplace has historically struggled to establish a data-driven relationship between poor cybersecurity performance and the increased likelihood of cybersecurity incidents. Demonstrating how quantitative performance measurements created by BitSight correlate to the likelihood of a cybersecurity incident show that BitSight's cybersecurity analytics can assist security, business, and insurance leaders in making more informed and data-backed decisions.

"The findings from this critical study confirm the value of BitSight's Security Ratings and analytics," said Stephen Harvey, chief executive officer, BitSight. "Our goal has always been to provide leaders with insightful data to help drive smarter decisions around cybersecurity. We anticipate this research will be used to augment the market's cybersecurity decision making, and now those in the marketplace can be more confident that our data effectively assesses the cyber risk of organizations and provides actionable insights when creating or managing a cybersecurity program."

The fourteen analytics with measured correlation cover a diverse set of security concerns including – Endpoint Management and Malware Detection, Vulnerability Management, Secure Communications, and User Training and Awareness. One critical finding from the report concerns the importance of an organization's patching initiatives. Many organizations struggle to effectively deploy patches when a new vulnerability is identified. BitSight measures how many systems within an organization's network are affected by important vulnerabilities, and how quickly the organization remediates them. Marsh McLennan found that an organization's patching cadence, as measured by BitSight, was correlated to the likelihood of experiencing a cybersecurity incident.

For more information on the report and to download the findings, visit:  
https://www.bitsight.com/resources/the-marsh-mclennan-cyber-risk-analytics-center-study-finds-statistically-significant-correlation-between-bitsight-analytics-and-cybersecurity-incidents

**About BitSight**

BitSight creates trust in the digital economy and transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog or follow @BitSighton Twitter.

Study Finds Significant Correlation Between BitSight Analytics and Cybersecurity Incidents

Identity fraud has increased at 84% of dealerships, with 60% losing three or more vehicles in the last year.

FOOTHILL RANCH, Calif., Oct. 25, 2022 /PRNewswire-PRWeb/ — Identity fraud has increased dramatically in auto dealerships since the pandemic, with 60% of auto dealerships reporting the loss of three or more vehicles to it in the past year, according to the new report, "Is Identity Fraud Jeopardizing Digital Retailing Profitability," from automotive fintech innovator eLEND Solutions. The report, based on a survey of over 700 auto dealerships across the U.S., reveals that while dealerships cite identity fraud as their top fraud challenge/concern, and almost unanimously agree that its increase is because of the increased digitization of the deal, 66% lack adequate identity fraud protections.

"The pandemic changed a lot of things in the auto industry - and that is particularly true when it comes to fraud which, as this report underscores, is causing more and more losses for dealers - an estimated $619 million\[1\] for franchise dealers alone," said Pete MacInnis, CEO, and Founder of eLEND Solutions. "Economic conditions and, especially, increasing digitization of the car buying process are driving more fraud but, unfortunately, this report reveals that most dealerships have not implemented ID verification technologies that can prevent it."

According to the report, 84% of dealerships have directly experienced identity fraud at their dealership since the pandemic, with a third seeing an over 20% increase in identity fraud-related activities since the pandemic started. And, in just the past year, 79% directly experienced an identity fraud-related vehicle loss at their dealership.

When asked to explain the increase in identity fraud, 95% relate it directly to the increase in the digitization of the deal and remote buying experiences, with 86% predicting that as more of the transaction moves online, identity fraud will increase and become harder to prevent. The report also reveals that losses are not limited to identity fraud, with the vast majority of dealerships reporting an increase in loan application fraud in the past year. Seventy-seven percent saw a 10- 20% increase or more, with over one-third reporting that one in every 100 applications at their dealership was fraudulent.

The report also investigates what dealerships have been doing to prevent fraud: "photocopying the driver's license / ID" (64%) is number one, with the "Red Flags Rule" (56%) at number two. Only 33% reported using critical document authentication as part of their process, a significant disconnect.

"Without actually validating/authenticating ID documents and buyer identities, dealerships remain particularly vulnerable," said MacInnis. "As more of the transaction becomes digital, embracing ID verification technologies that include forensic authentication of the driver's license document, in conjunction with matching data extracted from the document against hundreds of databases, can easily help dealers minimize fraud risks before it becomes an expensive problem."

Dealers were also asked about the timing of their credit pulls, a practice that rapidly evolved once the pandemic prompted more of the process to move online. As compared to 2018, when only 8% of dealers said they pulled credit before the test drive, today 40% report doing so, with only 20% today waiting until right before the F&I handoff, versus 39% in 2018.

"This shift in credit pull timing is a dramatic and positive change in the way auto dealerships do business and, with the right technology in place, has positive implications for preventing fraud if dealerships take the opportunity to validate customer identity upfront with the simple swipe of a driver's license - but only if document authentication is part of that process," concluded MacInnis.

**Key Data Takeaways**

*   84%, say there has been a noticeable increase in identity fraud since the pandemic.
*   79% of dealers experienced an identity fraud-related vehicle loss at their dealership in the past year.
*   Seventy-nine percent say that identity fraud has increased in their dealerships by over 10%, and nearly one-third say it has increased  
    between 21% and 30%, or more. 
*   60% reported a loss of three to five vehicles, or more, in the last twelve months.
*   89% of dealerships report an increase in loan application fraud in the past year.
*   34% report that one in every 100 applications at their dealership was fraudulent.
*   95% track identity fraud to the expansion of remote buying experiences and the digitization of the deal.
*   86% agree that as more of the transaction moves online, identity fraud will continue to grow and become even more challenging to prevent.
*   67% do not include driver's license document authentication to protect themselves from identity fraud.
*   40% report pulling credit before the test drive, vs 8% in 2018.
*   93% say that if a driver's license scan could be converted into a consumer consented pre-qualification it would be a meaningful benefit.

About eLEND Solutions: eLEND Solutions(TM) (DealerCentric rebranded) is an automotive FinTech company focused on deal generation solutions - that power transactional digital buying experiences for the retail automotive industry. The platform specializes in digital credit, identity, and finance solutions for remote and in-store shoppers, designed to accelerate conversions of digital end-to-end purchase experiences concluding with fundable, transactable deal structures.

For more information, please visit http://www.elendsolutions.com.

Dealers Report Dramatic Increase in Identity Fraud: Most Lack Effective Protection

From ransomware to remote workers to cyber-extortion gangs to Fred in shipping who clicks on the wrong link, cybersecurity concerns can keep you awake this season and all seasons.

Autumn is here and with it, pumpkins, Halloween, and scary movies. And despite the horrors that accompany the season, for many people, nothing is more terrifying than … cybersecurity risks.

In fact, among US executives, literally nothing is more frightening than cyberattacks. According to a survey by PwC this year, 40% of executives considered cyberattacks to be their top business risk. With some research suggesting the average breach could cost nearly $10 million, it's no wonder cybersecurity concerns are so scary.

In honor of Cybersecurity Awareness Month, we've decided to break down some of the chilling threats facing business leaders, as well as spotlight stats from a recent iboss and Forrester research survey of cybersecurity pros.

From professional Russian hackers to simple-but-dangerous human error, here are the horrors keeping business leaders up at night.

**Ransomware's Villain is Back**

_Spooky stat from cyber pros: Nearly two-thirds (63%) of security pros say an increasing number of ransomware incidents are driving their cybersecurity decisions._

Just like Freddy Krueger, Michael Myers, and Jason Voorhees, who always come back from the dead, one of the most notorious ransomware villains was "gone" for a moment but is back with a vengeance.

The ransomware resurgence was headlined by the resurrection of the notorious operation REvil. Most known for its high-profile attack on Kaseya that paralyzed as many as 1,500 organizations, REvil gave businesses and cybersecurity professionals nightmares for years. Then, suddenly in 2021, REvil dropped offline. At the time, the reasons it shuttered were unclear, with some suggesting its members had been arrested. However, earlier this year, amid rising tensions between Russia and the US, REvil announced its triumphant return.

Armed with new infrastructure and resources enabling the organization to carry out more targeted attacks, REvil is a boogeyman for companies of all sizes.

**Digital Transformation, Remote Work & The Great Unknown**

_Spooky stat from cyber pros: Two-thirds (66%) have difficulty monitoring user activity in remote/hybrid settings and 60% admit they have difficulty protecting a remote workforce._

We all fear change … and maybe rightfully so.

The last several years have given rise to organizations rapidly accelerating their digital transformation, driven in part by the long-term adoption of remote and hybrid work. To help ensure remote workforces are remaining connected and productive, companies have adopted new technology and practices. In a startlingly short period of time, many businesses have implemented multicloud environments, countless productivity apps, Internet of Things (IoT)-connected devices, VPNs, and much more.

With more devices in more places accessing more company data and resources, attack surfaces have become larger than ever. As a result, the majority of cybersecurity professionals admit they have less visibility into user activity in remote settings.

All of these factors combined add up to increased cybersecurity risks for organizations that have embraced digital transformation and modern workplaces.

**Human Error: The Killer You Know**

_Spooky stat from cyber pros: Nearly three-quarters (74%) of cyber pros say protecting their network from insider threats is a top strategic priority this year._

In many horror films, it turns out that the killer is someone the audience already knows, making them harder to spot and nearly impossible to stop. When it comes to cybersecurity, often "the call is coming from inside the house," with many incidents caused by company employees and the result of simple human error.

Unfortunately, this type of human error is chillingly common. In fact, in a recent survey, 84% of IT leaders said that human error was the top cause of serious incidents. Human error even led to some of the most notable recent cyber incidents on record, including those that befell Capital One and Equifax. A postmortem of the Equifax incident found that the breach likely could have been prevented if an employee had installed simple software fixes as directed.

**Escalating Cyber Conflict May Have Nuclear Consequences**

_Spooky stat from cyber pros: There's no spooky stat for this one. It's too spooky._

At the outset of the war in Ukraine, many experts also thought that the invasion would quickly lead to all-out global cyber warfare. Fortunately, to date, many of those cyberwar predictions have not come true.

However, as Russia sustains losses on the battlefield and ramps up its rhetoric, fears of an escalation in global cyberwar suddenly carry alarming, nuclear consequences. In Ukraine, Russia has already carried out multiple cyber offensives against a nuclear power plant, sparking international fears of a catastrophic meltdown.

Additionally, the Russian government has also essentially admitted to working with hacking groups, the likes of which have been tied to attacks on critical American nuclear infrastructure and weapons agencies in the past.

Despite all the cybersecurity horrors that lurk under the bed, there is still hope. More organizations are embracing modern cybersecurity solutions and architectures designed to prevent the very threats we've laid out. If organizations continue to take threats seriously and improve their security posture, there's a good chance we can all make it through the spooky season together.

Cybersecurity Risks & Stats This Spooky Season

Free service provides insights developers need to systematically identify and reduce container vulnerabilities.

DETROIT, Oct. 25, 2022 /PRNewswire-PRWeb/ — KUBECON + CLOUDNATIVECON NORTH AMERICA — In software supply chain security, knowing your software means knowing what's in it--for better or worse. Slim.AI, the Boston-based startup focused on optimizing and securing cloud-native applications, has today launched Container Intelligence, a free and open service that anyone can use to quickly gain  
valuable insights into what's in the most popular container images that they're baking into their software every day.

Despite the supercharged emphasis on security in the software industry, containers now have more vulnerabilities than ever before; moreover, a worrisome gap exists between developers and leadership on resources needed to address the problem. These findings are detailed in the second annual Slim.AI Public Container Report, published today and available for complimentary download.

Slim.AI aims to help close the gaps identified in the report by making Container Intelligence available to everyone, free. Container Intelligence scans more than 160 popular public container images making up 30% of total global pull volume using a combination of open-source and proprietary scanning tools. Slim.AI will quickly expand the dataset to cover the majority of public containers used by developers today across multiple registry providers. Developers can use Container Intelligence to make informed decisions when selecting containers or containerized applications for use in their tech stacks.

"Democratizing information about the security posture of public containers is critical if we want to meet the challenges of today's software supply chain," said John Amaral, co-founder and CEO at Slim.AI. "At Slim.AI, we believe in sharing information we have about the security and usability of public containers with developers so that they can make informed decisions about the containers they work with."

Key features of 'Container Intelligence' by Slim.AI:

*   Publicly available container profile pages on the Slim.AI website -- no login, no registration needed.
*   Profiles include vulnerability counts by severity, container construction details, and package information, along with comparisons to  
    similar public containers.
*   Containers are fully searchable and categorized according to use case (for example, base images, CMSs or DevOps tools).
*   The data is updated daily to ensure freshness.

Slim.AI will be adding more capabilities to Container Intelligence throughout the coming year. Future enhancements will include expanding the database to include more public registries, adding comparative analysis across images and providing container update notifications.

**Taking It to the Next Level with Slim.AI**

  
For those who want to know even more about their containers, developers can log in to the Slim.AI platform from the Container Intelligence page to analyze their own private containers, get vulnerability reports from multiple scanners, and automatically harden their container images for production.

Additionally, Slim.AI has been adding functionality for teams and is accepting a limited number of organizations into its design partner program. For more information, contact \[email protected\].

**Learn More About Container Security at KubeCon/CloudNativeCon**

  
For those interested in hearing more, Ayse Kaya, Slim.AI's senior director of strategy and insights, will present a keynote at KubeCon NA based on this dataset on Wednesday, October 26 at 10:05 a.m. EDT. Her presentation, "What We Learned Dissecting the World's Most Popular Containers," demonstrates the current paradox in software supply chain practices, especially the trade-offs teams make between "developer experience" and "production readiness."

Kaya's insights are based on a Dimensional Research survey of 300 software developers and DevOps engineers globally as well as an analysis of the most popular public container images used by developers today. This work forms the basis of the second annual Slim.AI Public Container Report.

"Perhaps the most stunning finding at a macro level is that after a year of intense focus on security, the cloud-native ecosystem is no safer today than it was this time last year," said Kaya. "The silver lining, however, is that awareness is increasing. The complexity of the problem is not our enemy; ignorance of the problem is. And our industry is taking strides to come together and make applications more secure."

Watch Kaya's keynote at KubeCon to learn more about her findings, which include:

1.  Of the top public containers Slim.AI observed over the past year, 60% actually contain more vulnerabilities today than they did one year ago. Most notably, high-severity vulnerabilities increased by 50%, followed by a 10% increase in critical vulnerabilities. The average public container has 287 vulnerabilities, 30% of which belong to a high/critical category (up from 20% last year).
2.  A discrepancy between executives and developers on both the capabilities required for supply chain security and the organization's preparedness. According to the survey, executives believe that more container security practices are happening in their organizations (49%) than frontline developers (34%).
3.  Developers are getting squeezed from both sides -- shifts to the left mean removing vulnerabilities from containers is a developer problem, with more and more customers demanding often unrealistic "zero vulnerabilities" in delivered software. Among developers, 88% said it is challenging to ensure containerized apps are free from vulnerabilities, complexity being the #1 contributing factor. Seventy percent stated their customers demand that their containers have zero vulnerabilities.

Visit Slim.AI at Booth SU64 to learn more from Slim.AI representatives.

**About Slim.AI**

  
Slim.AI helps developers create, build, deploy and run their cloud-native applications more efficiently and securely. The unique approach used by Slim.AI moves the focus on container optimization upstream in the DevOps lifecycle, giving developers the tools they need to author, manage and ship production-ready containers efficiently and effectively. More information at https://slim.ai and @SlimDevOps.

As Vulnerabilities Soar, Slim.AI Launches 'Container Intelligence' to Give In-Depth Analysis on Hundreds of Popular Container Images

Platform delivers unmatched performance, broad analysis capabilities, and governance across any data, geo, or cloud.

Hoboken, New Jersey — (October 25, 2022) Duality Technologies, the leader in secure data collaboration for enterprises, has launched the first of its kind, enterprise-ready privacy-enhanced data collaboration platform that enables organizations to share and jointly analyze sensitive data while ensuring privacy and regulatory compliance. The fully production-ready platform comes equipped with unparalleled data science and performance capabilities that significantly reduce the time to carry out encrypted queries on large datasets across any environment or cloud.

Enterprises need to have the ability to conduct deep analytics on data across their organization and subsidiaries, as well as with their business ecosystem: customers, partners, and suppliers. However, many are blocked by concerns around privacy, competition, and regulatory compliance. The platform serves as a one-stop-data-collaboration solution, replacing single point tools, and is powered by advanced cryptographic and data science techniques that eliminate concerns around data exposure while realizing the value of enterprise data.

Duality seamlessly integrates with OpenFHE, the leading open-source fully homomorphic encryption library, as well as uniquely supports the combination and stand-alone use of the breadth of Privacy Enhancing Technologies (PETs) to compute on data without exposing it. These include fully homomorphic encryption, multiparty computation, federated learning, differential privacy and more.

“Enterprises are increasingly moving from applying analytics and data science to data in silos, to setting strategies for how they collaborate on information to derive greater value.” Comments, Dr. Alon Kaufman, chief executive officer and co-founder at Duality. “The Duality platform opens up a full new set of opportunities to enhance an enterprise data strategy, while breaking down data silos.”

This highly scalable platform complies with each enterprise’s data privacy policy and governance needs, empowering data analysts and researchers to compute on sensitive data, anywhere, across any cloud or any geography. With Duality, enterprise customers are completely in control of how their data is used in collaborations and can select from a broad range of analytical capabilities to drive improved insights and outcomes.

Kaufman added, “Duality consolidates and builds on our years of expertise in data science, cryptography, and collaborative computing to deliver a production-ready solution that addresses enterprise needs for secure and compliant data collaboration. With Duality, organizations have the power to control how they collaborate, and consume data – compliantly and with privacy always maintained.”

Gartner recently listed privacy-enhancing computation (PEC), an umbrella term for various forward-looking and emerging techniques that maintain privacy and security, as a top three strategic technology trends for 2022, Gartner, Top Strategic Technology Trends for 2022, Bart Willemsen et al., 18 October 2021. Duality responds directly to this trend by embedding several leading privacy-enhancing technologies and computations within the Duality platform, such as fully homomorphic encryption (FHE), multiparty computation (MPC), federated learning (FL), differential privacy (DP), and more.

“By 2025, 60% of large organizations will use at least one privacy-enhancing computation technique in analytics, business intelligence and/or cloud computing,” Gartner, Top Strategic Technology Trends for 2022: Privacy-Enhancing Computation, Bart Willemsen, Ramon Krikken, et al.., 18 October 2021.

For more information about Duality and how they are revolutionizing the sensitive data sharing landscape, read the full white paper: Eliminate Data Silos to Unleash the Power of Collaboration.

**About Duality Technologies**

Duality is the leader in privacy enhanced secure data collaboration, empowering organizations worldwide to maximize the value of their data without compromising on privacy or regulatory compliance. Founded and led by world-renowned cryptographers and data scientists, Duality operationalizes privacy enhancing technologies (PETs) to accelerate data insights by enabling analysis and AI on encrypted data, while preserving data privacy, compliance and protecting valuable IP. A Gartner® Cool Vendor®, Duality was named a Tech Pioneer 2021 by the World Economic Forum (WEF) and listed on Fast Company's 2020 Most Innovative Companies and recently won the 2022 CB Insights’ AI 100, the 2022 RegTech 100 Awards, and the AIFinTech100 2022 Awards.

Duality Launches First Ever Enterprise-Ready Privacy-Enhanced Data Collaboration Platform

Trend Micro research finds most are over-confident about ability to withstand ransomware.

DALLAS, Oct. 25, 2022 /PRNewswire/ -- Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today revealed that financial services firms are more confident they're protected from ransomware than any other sector. Yet at the same time, they're exposed by supply chain risk and sub-par detection capabilities.  
  
Trend Micro commissioned Sapio Research to poll over 355 financial services IT and business leaders across the globe, as part of a wider cross-industry report into ransomware.

It found that 75% believe they're adequately protected from ransomware, far higher than the average of 63% across all sectors.

This confidence is partly justified: 99% say they regularly patch servers, 92% secure remote desktop protocol (RDP) endpoints, and 94% have rules in place to mitigate risks from email attachments.

However, 72% of respondents admitted their organisation has been compromised by ransomware in the past, and 79% see their sector as a more attractive target for threat actors than others.

This awareness of current threat levels in the financial services sector does not always translate into action.

Around two-fifths do not use network detection and response (40%) or endpoint detection and response tools (39%), and half (49%) don't have extended detection and response (XDR) in place.

This may account for poor detection rates for activity connected with ransomware. Only a third (33%) say they can accurately spot lateral movement, and 44% initial access.

Trend Micro also uncovered significant third-party cyber risk for financial services organisations:

*   56% have had supplier compromised by ransomware, mostly partners (56%) and subsidiaries (29%)
*   54% believe their suppliers make them a more attractive target
*   52% say a significant number of their suppliers are SMBs, who may have less resource to spend on security

"Greater collaboration and information sharing with third parties could help to improve the security posture of the overall supply chain," said Bharat Mistry, Technical Director at Trend Micro. "However, without adequate detection and response capabilities, they may not have the intelligence to hand in the first place. Financial services leaders recognise they're a top target for ransomware actors. It's time to turn that awareness into action."

A quarter (24%) of financial services firms don't share any threat information with their partners, 38% do not do so with suppliers, and even more (42%) don't engage with the broader ecosystem, according to the research.

**About Trend Micro**

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. www.TrendMicro.com.

Source

DARKReading