The "0ktapus" cyberattackers set up a well-planned spear-phishing effort that affected at least 130 orgs beyond Twilio and Cloudflare, including Digital Ocean, DoorDash and Mailchimp.

_This post was updated at 12:30 ET on Aug. 26 to include information on DoorDash being compromised._

The hackers who social-engineered Twilio and Cloudflare employees earlier in August (and breached the former) also infiltrated more than 130 other organizations in the same campaign, vacuuming up nearly 10,000 sets of Okta and two-factor authentication (2FA) credentials.  

From there, they launched supply-chain attacks on downstream customers, resulting in firms like Digital Ocean and DoorDash becoming secondary victims.

That's according to an investigation from Group-IB, which found that several well-known organizations were among those targeted in a massive phishing campaign that it calls 0ktapus. The lures were simple, such as fake notifications that users needed to reset their passwords. They were sent via texts with links to static phishing sites mirroring the Okta authentication page of each specific organization.

"Despite using low-skill methods, \[the group\] was able to compromise a large number of well-known organizations," researchers said in a blog post today. "Furthermore, once the attackers compromised an organization, they were quickly able to pivot and launch subsequent supply chain attacks, indicating that the attack was planned carefully in advance."

Such was the case with the Twilio breach that occurred Aug. 4. The attackers were able to social-engineer several employees into handing over their Okta credentials used for single sign-on across the organization, allowing them to gain access to internal systems, applications, and customer data. The breach affected about 25 downstream organizations that use Twilio's phone verification and other services — including Signal, which issued a statement confirming that about 1,900 users could have had their phone numbers hijacked in the incident.  

The majority of the 130 companies targeted were SaaS and software companies in the US — unsurprising, given the supply chain nature of the attack.

For instance, additional victims in the campaign include email marketing firms Klaviyo and Mailchimp. In both cases, the crooks made off with names, addresses, emails, and phone numbers of their cryptocurrency-related customers, including for Mailchimp customer DigitalOcean (which subsequently dropped the provider). 

On Friday, DoorDash announced that it was a supply-chain victim, noting in a blog post, that the attackers obtained credentials from employees of a third-party vendor, which were then used to access DoorDash’s internal tools and systems. The adversaries then stole names, email addresses, delivery addresses and phone numbers of DoorDash customers and drivers, and some payment-card information was stolen.

In Cloudflare's case, some employees fell for the ruse, but the attack was thwarted thanks to the physical security keys issued to every employee that are required to access all internal applications.

Lior Yaari, CEO and co-founder of Grip Security, notes that the extent and cause of the breach beyond Group IB's findings are still unknown, so additional victims could come to light.

"Identifying all the users of a SaaS app is not always easy for a security team, especially those where users use their own logins and passwords," he warns. "Shadow SaaS discovery is not a simple problem, but there are solutions out there that can discover and reset user passwords for shadow SaaS.”

**Time to Rethink IAM?**

On the whole, the success of the campaign illustrates the trouble with relying on humans to detect social engineering, and the gaps in existing identity and access management (IAM) approaches.

"The attack demonstrates how fragile IAM is today and why the industry should think about removing the burden of logins and passwords from employees who are susceptible to social engineering and sophisticated phishing attack," Yaari says. "The best proactive remediation effort companies can make is to have users reset all their passwords, especially Okta."

The incident also points out that enterprises increasingly rely on their employees' access to mobile endpoints to be productive in the modern distributed workforce, creating a rich, new phishing ground for attackers like the 0ktapus actors, according to Richard Melick, director of threat reporting at Zimperium.

"From phishing to network threats, malicious applications to compromised devices, it's critical for enterprises to acknowledge that the mobile attack surface is the largest unprotected vector to their data and access," he wrote in an emailed statement.

Twilio Hackers Scarf 10K Okta Credentials in Sprawling Supply-Chain Attack

Online Security autonomously blocks malicious URLs, extensions, ad trackers, and pop-ups 24/7, protecting consumers from complex and rapidly evolving cyber threats online.

**NEW YORK, Aug. 24, 2022 /PRNewswire/** — ReasonLabs, a leading cybersecurity company providing enterprise-grade protection to users worldwide, has launched its newest product, Online Browser Security. The product provides real-time, 24/7 protection against malicious URLs, phishing, harmful extensions, suspicious downloads, intrusive cookies and trackers, unauthorized notifications, and pop-ups. It is currently available worldwide as a free download.

Online Browser Security is seamlessly integrated with RAV Endpoint Protection, ReasonLabs' leading antivirus software built on a multilayered machine-learning engine, to keep personal data safe from security threats. Bringing all the elements of a next-generation antivirus solution to the web browser, the solution allows consumers to use the internet with confidence and peace of mind.

Powered by an autonomous protection engine, users can choose their own protection settings and let the endpoint protection do the work for them. It comes complete with a dashboard to stay informed regarding any identified and blocked online threats. Scheduled and user-initiated scans are also available at the touch of a button.

"Our mission at ReasonLabs is to provide every home user with the same degree of cybersecurity protection that large companies receive," said Kobi Kalif, ReasonLabs CEO. "In our connected world, everyone deserves the highest level of protection, and today, we have added another solution that will safeguard users in real-time, 24/7. As an additional layer to our security platform, RAV Online Security offers next-generation protection for all next-generation cyber threats."

Key features of RAV Browser Security include a malicious URL blocker, the ability to disable harmful extensions, and the blocking of suspicious cookies and ad trackers. The product also monitors all file downloads and comes equipped with an advanced threat scanner, and has notification control. These features can be easily managed through the easy-to-use RAV Online Security dashboard.

Optimizing users' online experience, Online Security is a key component of ReasonLabs' advanced breach prevention product suite, which also includes RAV EDR, RAV VPN, RAV Safer Web, and FamilyKeeper, its parental control solution.

About ReasonLabs:  
ReasonLabs is a global pioneer in cybersecurity detection and prevention. Powered by machine learning, ReasonLabs' cutting-edge technology is revolutionizing consumer-focused cybersecurity, bringing enterprise-grade protection into the homes of tens of millions of users worldwide. Its innovative engine scans over 2 billion files in 180 countries a day, delivering fast, comprehensive data while providing 24/7 real-time threat detection. Founded in 2016, ReasonLabs is based in New York and Tel Aviv.

**Learn more:** https://www.ReasonLabs.com  
**Follow us:** Blog | Twitter | Facebook | LinkedIn | Instagram | YouTube

  
SOURCE: ReasonLabs

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

ReasonLabs Launches Free Online Security Tool to Power Secure Web Experience for Millions of Global Users

As cryptocurrency valuations make strikes less lucrative, ransomware gangs like the new RedAlert and Monster groups are modifying their tools to attack across platforms.

Two emerging ransomware gangs, known as RedAlert and Monster, have adopted cross-platform capabilities to make attacks easier to execute against multiple operating systems and environments. It's a shining example of a snowballing trend toward multiplatform ransomware attacks, for which defenders need to gear up.

One of the new threat groups, referred to as RedAlert or N13V, creates executables in a Linux-specific version of C, and also supports VMware's enterprise-class ESXi hypervisor. The other threat group, Monster, uses an older cross-platform language, Delphi, which makes it easy to tailor the attack for a specific victim's configuration.

The ability to impact a variety of client operating systems within a single victim's environment started gaining steam in 2021, according to an advisory from Kaspersky published on Thursday. The Conti group, for example, allows affiliates to access a Linux variant of its ransomware, which also allows targeting of systems running VMware's ESXi hypervisor.

**Deploy Once, Affect Many**

There are several reasons for the trend: For one, it cuts down on labor. Attackers need only to write a certain program functionality once, and are then be able to use the resulting code to script the attacks against multiple targets, Kaspersky's advisory stated.

"We've gotten quite used to the ransomware groups deploying malware written in cross-platform language," Jornt van der Wiel, senior security researcher at Kaspersky's Global Research and Analysis Team, said in a statement. "These days, cybercriminals \[have\] learned to adjust their malicious code written in plain programming languages for joint attacks, making security specialists elaborate on ways to detect and prevent the ransomware attempts."

Other benefits to cross-platform attacks is the ability to hamper analysis, plus the ability to customize attacks to specific victim environments. Groups can use command lines to customize an attack to prevent code from running on ESXi environments, for instance — or conversely, to focus on certain kinds of client virtual machines.

"Recently, their goal is to damage as many systems as possible by adapting their malware code to several OS at the time," Kaspersky stated in its blog post on 2022 ransomware trends. "\[But\] there are a few other reasons to use a cross-platform language." 

Kaspersky also noted that ransomware gangs are getting better and better at adapting n-day exploits, which it dubbed "1-day" exploits, to multiplatform attacks. N-days refer to just-reported vulnerabilities that cybercriminals race to exploit before companies have time to patch them.

"\[Such broad functionality\] is something we usually see in commercial exploits," the company said, noting that one of the two exploits covered in its latest advisory was used "in the wild" during an attack on a large retailer in the Asia-Pacific region.

The move to cross-platform is borne out of necessity, researchers said. In the first half of 2022, as the value of cryptocurrencies plummeted, ransomware attacks declined, with cybersecurity firm Arctic Wolf reporting a drop of about a quarter. While the trend did not hold for other cybercrimes, such as investment scams and business email compromises, the headwinds for ransomware groups meant that threat actors have had to find ways to increase their success.

**Rust and GoLang Gain Steam for Ransomware Coding**

A common way that groups have tackled the process of adding cross-platform capabilities is to write the code in a language that supports other platforms, such as Rust or Golang, Kaspersky noted in its Aug. 24 advisory.   

The BlackCat ransomware program, for instance, is written in Rust, a successor to C, which has gained traction because of its improved security features. 

"Due to Rust cross-compilation capabilities, it did not take \[a\] long time for us to find BlackCat samples that work on Linux as well," Kaspersky said in the advisory. "The Linux sample of BlackCat is very similar to the Windows one."

Ransomware written in Rust and Go also make analysis harder for malware researchers, since tools to analyze those languages are not as sophisticated as analyzing programs written in the common C programming language, Kaspersky noted.

More Bang for the Buck: Cross-Platform Ransomware Is the Next Problem

Following whistleblower complaint, Oregon senator renews commitment to passing bipartisan legislation to address the national security risks.

**Washington, D.C.**, **Aug. 24** — Sen. Ron Wyden, D-Ore., issued the following statement following a complaint this week by a former Twitter employee that alleged widespread poor privacy and security practices at the social media company:

"The best time to encrypt users' DMs was 5 years ago. The second-best time is today, after reports that thousands of Twitter employees may have access to those conversations.

"I personally urged Jack Dorsey to secure users' private conversations with strong, end-to-end encryption years ago, to ensure Americans couldn't be targeted by criminals, predators and spies. And I renewed that call over, and over again. Unfortunately, I and other advocates were right to be concerned. For the same reason, Apple should end-to-end encrypt iCloud data and secure it against unwanted access. I am also deeply troubled by accusations that foreign companies and governments may have had access to Americans' private data. I've introduced bipartisan legislation to address the national security risks of foreign companies getting our data, and remain deeply committed to passing it in light of these new accusations."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Wyden Renews Call to Encrypt Twitter DMs, Secure Americans' Data From Unfriendly Foreign Governments

The Forte Group, which gained momentum as an informal organization during the pandemic, will offer career development and advocacy for women execs in cybersecurity as well as newcomers.

At the start of the pandemic two years ago, a group of high-level female cybersecurity executives informally began meeting remotely to share ideas, expertise, and professional support. That group of women execs — now with 90 members — today launched as a nonprofit called The Forte Group to officially offer career assistance, advocacy, mentoring, and educational programs for women in the infosec and technology fields.

The Forte Group includes CISOs from large enterprises such as Johnson & Johnson and Wayfair, and leaders from technology giants like Microsoft, as well as cybersecurity business leaders. 

What started as an "offset" in the pandemic grew into a community, says Didi Dayton, chair and president of the newly formed Forte board.

"The opportunity for cybersecurity practitioners to connect regularly with peers has bolstered that community, and we have seen an evolving network effect by members amplifying: sharing speaking opportunities, surfacing hot topics \[such as\] emerging tech, ransomware, hiring strategies, celebrating personal and professional wins, and finding peer mentors and a social network to have meaningful connections with," Dayton explains.

**"When Things Get Tough"**

The virtual forum that the Forte Group initially created provided a way for them to efficiently meet and collaborate on specific topics as well, she says. "Forte members share ideas and resources, and ground one another when things get tough — which for our CISOs is often, unfortunately," she says. For example, the group earlier this year held a town hall to share ideas and expertise on managing software bills of management (SBOMs).

"We have hosted world-renowned speakers to talk about everything from high-stakes negotiation tactics, global policy, personal branding, insurance, board prep ... to other curated topics for this audience," Dayton says.

The group's nonprofit status gives it room to raise funding for more formalized programs in career development and education for women in the industry, as well as scholarships for newcomers. "We're already in talks with corporate sponsors who align with our mission of developing and further careers for a diverse workforce in cybersecurity," says Zenobia Godschalk, vice president of The Forte Group. "In addition, some of our members are eager to contribute or redirect their speaker fees and other professional fees they receive towards Forte’s efforts."

**Other Groups**

Of course, The Forte Group is not the only organization for women in cybersecurity. Groups such as the Executive Women's Forum, Women in CyberSecurity (WiCys), the Diana Initiative, Women's Society of Cyberjutsu (WSC), and others have been active for several years. But Godschalk says the new nonprofit will provide yet another resource for women in cybersecurity. 

"We know there is a lot of overlap in our membership with other groups in this space, and that's a wonderful thing," she says. "While some focus on just career development, and others focus on just privacy, for example, we believe there's room and need for a welcoming umbrella where women in this industry can find a resource for just about anything they're up against in their careers — whether that's how to negotiate an equity offer for comp or investment, how to navigate ransomware best practices, or how to join your first board."

In addition to Dayton and Godschalk, The Forte Group's board of directors includes Flora Garcia (secretary), global privacy and data protection office leader at Wayfair; Caroline Wong (treasurer), chief strategy officer at Cobalt; Swathi Joshi (member), vice president of SaaS cloud security at Oracle; Yael Nagler, Office of the CISO at Yass Partners; and Chenxi Wang (member), managing general partner at Rain Capital.

The Forte Group's roots date back to the so-called "Equal Respect" movement at the RSA Conference in 2014. Other members of The Forte Group include Aanchal Gupta, corporate vice president of Azure and M365 Security at Microsoft; Marene Allison, CISO of J&J; and Marnie Wilking, CISO at Wayfair.

Senior-Level Women Leaders in Cybersecurity Form New Nonprofit

Venture firm hires former Splunk CEO to spearhead new GTM advisory board and help portfolio companies scale up.

**JERUSALEM – Aug. 24, 2022 —** Cyberstarts, a venture capital firm focused on building next-generation cyber companies, today announced the closing of Cyberstarts Seed Fund III with $60 million committed capital to invest in early-stage cybersecurity companies. This fund was raised only a few months after the firm raised $200 million for a new opportunity fund in February 2022, bringing total assets under management to $374 million. In addition, Cyberstarts announced the appointment of Doug Merritt, former President and CEO of Splunk, to chair Sunpeak, its new go-to-market (GTM) advisory board. Sunpeak will provide Cyberstarts' portfolio companies with hands-on guidance from world-renowned technology leaders on scaling GTM strategy and creating repeatable sales cycles to ensure early success. The addition of this community is a natural next step in the firm's mission to build the world's most important cybersecurity companies.

Since its inception in 2018, Cyberstarts has formed one of the world's most successful venture capital firms focused on funding, launching and supporting early stage cybersecurity companies and entrepreneurs. With its unique entrepreneur-backed model, Cyberstarts' investors and limited partners (LPs) are comprised of the industry's most prominent leaders including Shlomo Kramer of Cato Networks, Imperva and Check Point, Marius Nacht of Check Point, Nir Zuk from Palo Alto Networks, Udi Mokady from CyberArk, Nir Polak of Exabeam, and Michael Shaulov of Fireblocks, to name a few. These investors provide strategic counsel to portfolio companies and entrepreneurs from guidance on product-market fit to talent recruitment and everything in between.

Doug Merritt joins Cyberstarts as Chair of Sunpeak, the firm's new GTM advisory board to help portfolio companies scale up their business. In this role, Merritt will work with Cyberstarts to recruit some of the nation's top GTM experts composed of CEOs, CROs, CMOs, and VPs of Sales to design a measurable, KPI-driven approach to advising, nurturing, and scaling early stage portfolio companies. Prior to Cyberstarts, Merritt served as President and CEO of Splunk and also held senior leadership roles at large enterprise companies including Cisco, SAP, and PeopleSoft.

"Building the world's most important cybersecurity companies requires more than capital — it requires a methodical and holistic investment model from day one by investing in the right talent and supporting them across every business function, from initiation to product-market fit and beyond," said Lior Simon, General Partner of Cyberstarts. "We take a unique approach to mentoring our portfolio companies via our Sunrise, and now, Sunpeak communities. Doug brings unparalleled experience in executing go-to-market strategy and will be key to helping our portfolio accelerate business potential, while minimizing risk."

"I'm very impressed by the success Cyberstarts and its portfolio has experienced in such a short period of time," said Doug Merritt, Chair of the GTM advisory board at Cyberstarts. "I'm excited to work with the team to build the Sunpeak community with top GTM leaders from across the globe and help the next generation of cybersecurity entrepreneurs scale their businesses rapidly and strategically."

Cyberstarts' first fund showed a weighted annual return to investors of 300% and its portfolio companies raised a total of $2 billion in 2021, with a combined valuation of $20 billion, from firms including Sequoia, Greylock, Lightspeed, Index, Insight, Accel, General Atlantic, and many more.

"Most of the entrepreneurs we have partnered with grow into significant businesses over a short period of time because we invest in people, not ideas. In fact, sometimes our portfolio companies don't even have the 'idea' prior to investment," said Gili Raanan, founder of Cyberstarts. "We have created a highly differentiated vehicle, dubbed Sunrise, that relies on communities of experienced cybersecurity entrepreneurs and forward-thinking CISOs and CIOs to drive the creation of the most influential cybersecurity companies in the world. I'm excited to have Doug Merritt join our team to help create the cybersecurity textbook for optimizing go-to-market strategy as chair of our Sunpeak advisory board. The addition of this new community is a natural next step in our mission to build the world's most important cyber companies."

Cyberstarts is managed by Lior Simon and Gili Raanan. The small team also includes Jason Clark, chair of the CISO advisory board, Curtis Simpson, who heads the product-market fit activities with portfolio companies, and Doug Merritt, chair of the GTM advisory board.

**About Cyberstarts**

Founded in 2018 by Gili Raanan, and managed by Lior Simon and Gili, Cyberstarts operates a laser-focused seed line of business, nurturing cybersecurity entrepreneurs and helping to shape companies from product ideation to product-market fit and beyond. Cyberstarts funds Israeli, early-stage cybersecurity organizations, and is the only venture capital firm primarily funded by the industry's most successful cybersecurity founders. Cyberstarts' seed investments include Fireblocks, Wiz, Transmit, Island, Noname Security, and many others, including some still operating in stealth mode. For more information, please visit https://cyberstarts.com/.

Cyberstarts Closes $60M in Seed Fund III

According to new Venafi research, two-thirds of organizations have changed cyber strategy in response to war in Ukraine.

**SALT LAKE CITY, Aug. 24, 2022 —** Venafi®, the inventor and leading provider of machine identity management, today announced the findings of new research that evaluates the security impact of the increasing number of nation-state attacks and recent shifts in geopolitics. Venafi research into the methods used by nation-state threat actors shows the use of machine identities is growing in state-sponsored cyberattacks.

The study of over 1,100 security decision makers (SDMs) globally found that 66% of organizations have changed their cybersecurity strategy as a direct response to the conflict between Russia and Ukraine, while nearly two-thirds (64%) suspect their organization has been either directly targeted or impacted by a nation-state cyberattack.

Other key findings from the research include:

*   77% believe we're in a perpetual state of cyberwar
*   82% believe geopolitics and cybersecurity are intrinsically linked
*   More than two-thirds (68%) have had more conversations with their board and senior management in response to the Russia/Ukraine conflict
*   63% doubt they'd ever know if their organization was hacked by a nation-state
*   64% think the threat of physical war is a greater concern in their country than cyberwar

"Cyberwar is here. It doesn't look the way some people may have imagined it would, but security professionals understand that any business can be damaged by nation-states. The reality is that geopolitics and kinetic warfare now must inform cybersecurity strategy," said Kevin Bocek, vice president, security strategy and threat intelligence at Venafi**.** "We've known for years that state-backed APT groups are using cybercrime to advance their nations' wider political and economic goals. Everyone is a target, and unlike a kinetic warfare attack, only you can defend your business against nation-state cyberattacks. There is no cyber-Iron Dome or cyber-NORAD. Every CEO and board must recognize that cybersecurity is one of the top three business risks for everyone, regardless of industry."

Venafi research has also found that Chinese APT groups are conducting cyber espionage to advance China's international intelligence, while North Korean groups are funneling the proceeds of cybercrime directly to their country's weapons programs. The SolarWinds attack — which compromised thousands of companies by exploiting machine identities to create backdoors and gain trusted access to key assets — is a prime example of the scale and scope of nation-state attacks that leverage compromised machine identities. Russia's recent HermeticWiper attack, which breached numerous Ukrainian entities just days before Russia's invasion of the country, used code signing certificates to authenticate malware in a recent example of machine identity abuse by nation-state actors.

The digital certificates and cryptographic keys that serve as machine identities are the foundation of security for all digital transactions. Machine identities are used by everything from physical devices to software to communicate securely. The only way to reduce risks of machine identity abuse commonly used by nation-state attackers is through a control plane that provides observability, governance and reliability.

"Nation-state attacks are highly sophisticated, and they often use techniques that haven't been seen before. This makes them extremely difficult to defend against if protections aren't in place before they happen," continued Bocek. "Because machine identities are regularly used as part of the kill chain in nation-state attacks, every organization needs to step up their game. Exploiting machine identities is becoming the modus operandi for nation-state attackers."

For more information about this research, please read the blog.

**About the research**

Conducted by Sapio in July 2022, Venafi's study evaluated the opinions of 1,101 security decision makers across the United States, United Kingdom, France, Germany, Benelux (Belgium, Netherlands, Luxembourg) and Australia.

**About Venafi**

Venafi is the cybersecurity market leader in machine identity management. From the ground to the cloud, Venafi solutions manage and protect identities for all types of machines — from physical and IoT devices to software applications, APIs and containers. Venafi provides global visibility, life cycle automation and actionable intelligence for all machine identity types and the security and reliability risks associated with them.

Jetstack, a Venafi company, is a cloud native products and strategic consulting company working with enterprises using Kubernetes and OpenShift.

An open source pioneer, Jetstack has achieved notable industry recognition as the creator of cert-manager, the open source industry standard for cloud native machine identity management. Jetstack's open source products and solutions protect the application environments and platform infrastructure of global banks, multinational retailing companies and defense organizations by providing enterprise platform and security teams the power to build, scale and secure their cloud infrastructure.

With more than 30 patents, Venafi delivers innovative machine identity management solutions for the world's most demanding, security-conscious organizations and government agencies, including the top five U.S. health insurers; the top five U.S. airlines; the top four credit card issuers; three out of the four top accounting and consulting firms; four of the five top U.S. retailers; and the top four banks in each of the following countries: the U.S., the U.K., Australia and South Africa.

For more information, visit www.venafi.com and www.jetstack.io.

The (Nation) State of Cyber: 64% of Businesses Suspect They've Been Targeted or Impacted by Nation-State Attacks

Understanding how and why people respond to cyber threats is key to building cyber-workforce resilience.

The complexity, ceaselessness, and increasingly destructive nature of today's cyber threats creates a high cognitive workload. This is why it's crucial to ensure that employees are developing the right cognitive skills and agility to protect against attacks. Doing so will have a powerful impact on an organization's cyber-workforce resilience.

A recent "Cyber Workforce Benchmark" report from Immersive Labs took the pulse of cyber skills, knowledge, and preparedness of organizations and their workforces across numerous industries, including financial services, retail, healthcare, and government. The report examines how prepared certain industries are for cyberattacks, providing results from a psychological standpoint. Here are some key findings from the report and the psychological analysis behind them.

**The frequency of organizations conducting cyber-crisis exercises varies significantly across different industries — and can also impact performance scores.**

An analysis of more than 6,400 crisis response decisions shows that technology and financial services companies prepare the most for cyberattacks, running nine and seven exercises per year, respectively. Critical national infrastructure organizations prepare the least, with just one exercise per year. Healthcare runs a mere two. When it comes to these industries' performance in cyber-crisis exercises, healthcare scored 18%, which is low when compared with technology companies, which scored 80%.

_What it means: The more an organization exercises its abilities, the better they become._

Psychology provides an explanation as to why this is the case. People develop surface-level knowledge of a capability before moving on to more advanced thinking. If these skills aren't reinforced or exercised, they fade. It's like learning a new language: If you don't practice the language and speak it on a regular basis, odds are you will lose your knowledge of it. Only with regular, consistent practice and exercise will crisis response teams be able to develop the ability to make connections between previous decisions and how to apply them — or not — during a cyberattack.

**Ransomware causes great uncertainty for crisis response teams.**

The research asked participants to rate how confident they were in their answers during training, and the simulations that focused on ransomware were the ones where participants lost confidence in their decision-making and judgments. Teams did not want to pay the ransom, with 83% of participants saying they would not do so. However, they were also uncertain about the outcome if they did not pay. Interestingly, the report showed, the industries most likely to pay ransoms were education (25%), consulting (23%), and retail and e-commerce (20%).

_What it means: This lack of decision-making confidence points to a classic issue for crisis response teams, often referred to as a "wicked problem."_

When considering options with no clear-cut resolution, decisions are challenged by data overload and decision fatigue. The sheer amount of information can be overwhelming. Decisions may be rushed, based on uncertainty or even fear. In the end, because the brain becomes overwhelmed, we settle on a compromise that leads to a lack of confidence in the decision.

**High-profile vulnerabilities see a significantly decreased time to capability.**

Four of the top five fastest-developed skills in 2021 came from dealing with the Log4j vulnerability. It took cybersecurity teams an average of two days to develop the knowledge and skills to defend against it. This was a whopping 48 times faster than the average threat intelligence lab. This reflects the severe impact of Log4j. It also demonstrates the scramble many teams faced in understanding and responding to the threat.

_What it means: The human need to take action is an automatic response, hardwired into our brains, and could cause people to rush into making decisions — good or bad._

The brain makes assumptions and takes shortcuts based on previous experiences, which could spell trouble for organizations. These assumptions and shortcuts, known as biases and heuristics, can lead to irrelevant decisions that may end up backfiring or even making situations worse. If people understood how their minds work and how they react in emergencies, they could learn how to eventually counteract their natural instincts. This will help increase confidence and the effectiveness of decision-making in the future.

**The Bottom Line**

Cyber-workforce resilience is more crucial than ever before. Cyber-crisis exercises should not be considered a one-and-done occurrence — nor should they be exclusive to cyber teams. We must shift our mindset to making regular exercises a critical business function, developing cognitive agility across the entire workforce. Continuous professional development needs to become part of the day job. We call this concept "microdrilling." It helps to sharpen teams' skills, bolster their confidence when making decisions, and enable them to make smarter decisions in real-life situations. The goal is not to teach people to respond to a specific crisis, but rather to develop the necessary decision-making skills to respond to _any_ crisis. Organizations will never become truly cyber resilient unless they make regular cyber exercises across the workforce a priority.

What You Need to Know About the Psychology Behind Cyber Resilience

Increase driven by increasingly sophisticated cyberattacks as well as increase in mobile-based business-critical applications, according to report.

**CHICAGO****, Aug. 24, 2022 /PRNewswire/** -- Penetration Testing Market size is expected to grow from an estimated value of USD 1.4 billion in 2022 to 2.7 billion USD by 2027, at a Compound Annual Growth Rate (CAGR) of 13.7% from 2022 to 2027, according to a new report by MarketsandMarkets™.

Some of the factors that are driving the market growth include regular penetration testing practices required due to strict regulations and compliances; increasing sophistication of cyberattacks, causing organisations to suffer financial and reputational losses; and more people are using smartphones and the internet, leading to an increase in mobile-based business-critical applications.

_Browse in-depth TOC on_ **"Penetration Testing Market"  
401 – Tables  
49 – Figures  
320 – Pages**

**Download PDF Brochure:** https://www.marketsandmarkets.com/pdfdownloadNew.asp?id=13422019

**By deployment mode, the cloud segment is projected to grow with a higher CAGR during the forecast period.**

An authorized, simulated cyberattack on a system that is hosted on a cloud provider, such as Microsoft Azure or Amazons AWS, is known as cloud-based penetration testing. Finding a system's vulnerabilities and strengths allows for an accurate assessment of its security situation, which is the fundamental goal of a cloud penetration test. Increased technical assurance and a greater comprehension of the attack surface that the systems are exposed to are two main advantages of a cloud penetration test. Whether they are Infrastructure as a Service, Platform as a Service, or Software as a Service, cloud systems are susceptible to security vulnerabilities, attacks, and threats similar to traditional systems. Despite cloud service providers providing more effective security measures, it is ultimately the organization's responsibility to secure its cloud-based operations. As a result, businesses must use penetration testing services for the cloud both now and in the future.

**By Type, the web application segment to hold a larger market size during the forecast period.**

With an increase in the use of web applications, the business process has changed along with sharing and accessing data. Because of this, malicious attackers get an opportunity to intrude into the system. Therefore, web application pen testing has become important to defend the application and network. Web application penetration testing simulates unauthorized attacks internally or externally to access sensitive data. This process helps end users discover the possibility for a hacker to access the data from the internet, check out the security of their email servers, and secure the web hosting site and server. Furthermore, the outcomes of web application penetration testing help identify and mitigate the security weaknesses in web applications and other components, such as source code, back-end network, and database associated with application penetration testing.

**Request Sample Pages:** https://www.marketsandmarkets.com/requestsampleNew.asp?id=13422019

**By region, Europe to grow at a significant CAGR during the forecast period.**

Europe comprises the major growing economies, including the UK, Germany, and France. The region has been exhibiting continued growth in adopting penetration-testing solutions. The growing number of mobile users accessing huge amounts of business data and the lack of skills have led to concerns over data security and privacy breaches across the region.

In Europe, penetration testing is mostly adopted to comply with regulations, such as the Payment Card Industry Data Security Standard (PCI DSS) or the EU GDPR. Various regulations and standards have multiple offerings specifically related to system auditing and security and either indicate or specify that penetration testing is necessary to determine whether identified vulnerabilities pose a genuine risk to an organization. Red teaming has become an increasingly present practice in the finance sector. The EU has developed the Threat Intelligence-Based Ethical Red (TIBER) teaming initiative to test the resilience of European financial institutions with regard to cyberattacks.

**Get 10% Free Customization on this Report:** https://www.marketsandmarkets.com/requestCustomizationNew.asp?id=13422019

**Market Players**

Major vendors in the global **Penetration Testing Market** include Rapid7 (US), Secureworks (US), Synopsys (US), CrowdStrike (US), IBM (US), Coalfire Labs (US), Indium Software (US), Cigniti Technologies Ltd. (US), Trustwave (US), Cisco Systems (US), Fortinet (US), Bugcrowd (US), Invicti (US), Hackerone (US), Raxis (US), RSI Security (US), Rhino Security Labs (US), Sciencesoft Limited (US), Portswigger (UK), Netragard (US), Software Secured (Canada), Vumetric Cybersecurity (Canada), Nettitude (UK), Zimperium (US), NowSecure (US), SecurityMetrics (US), NetSPI (US), CovertSwarm (UK), Holm Security (Sweden), Intruder Systems (UK), BreachLock (US), ISECURION (India), and Redbot Security (US).

**Browse Adjacent Markets**: Information Security Market Research Reports & Consulting

**Related Reports:**

**Application Security Market** by Component (Software Tools (SAST and DAST) and Services), Type (Web Application Security and Mobile Application Security), Organization Size, Deployment Mode, Vertical (Healthcare and BFSI), and Region — Global Forecast to 2025

**Automated Breach and Attack Simulation Market** by Offering (Platform and Tools, and Services), Service, Deployment Mode, Application (Configuration Management, Patch Management, and Threat Intelligence), End User, and Region — Global Forecast to 2025

**About MarketsandMarkets™**

MarketsandMarkets™ provides quantified B2B research on 30,000 high growth niche opportunities/threats which will impact 70% to 80% of worldwide companies' revenues. Currently servicing 7,500 customers worldwide, including 80% of global Fortune 1000 companies as clients. Almost 75,000 top officers across eight industries worldwide approach MarketsandMarkets™ for their pain points around revenues decisions.

Our 850 fulltime analyst and SMEs at MarketsandMarkets™ are tracking global high growth markets following the "Growth Engagement Model — GEM". The GEM aims at proactive collaboration with the clients to identify new opportunities, identify most important customers, write "Attack, avoid and defend" strategies, identify sources of incremental revenues for both the company and its competitors. MarketsandMarkets™ now coming up with 1,500 MicroQuadrants (Positioning top players across leaders, emerging companies, innovators, strategic players) annually in high growth emerging segments. MarketsandMarkets™ is determined to benefit more than 10,000 companies this year for their revenue planning and help them take their innovations/disruptions early to the market by providing them research ahead of the curve.

MarketsandMarkets's flagship competitive intelligence and market research platform, "Knowledge Store," connects over 200,000 markets and entire value chains for deeper understanding of the unmet insights along with market sizing and forecasts of niche markets.

Penetration Testing Market Worth $2.7B By 2027: MarketsandMarkets(TM) Report

Optiv's Black Employee Network offers the scholarship, paid out over 4 years, for students seeking a career in the cybersecurity/information security industry.

**KANSAS CITY, Mo., Aug. 24, 2022 /PRNewswire/** — As part of its continued commitment to diversity within the cyber and information security fields, Optiv, the cyber advisory and solutions leader, is accepting applications until Jan. 27, 2023, for its annual $40,000 scholarship for Black, African-American-identifying STEM (science, technology, engineering and mathematics) students.

Awarded by Optiv's Black Employee Network, the scholarship is paid out over four years. Previous recipients include AJ McCrory, a freshman studying computer science with an emphasis on software development at James Madison University, and Lauren Harris, a sophomore studying biology and computer science at Princeton University.

Applicants must meet the following qualifications to apply:  
— Be a graduating high school senior.  
— Verify acceptance into an eligible degree program in a STEM-related field (including, but not limited to, computer science, electrical engineering, math, etc.).  
— Minimum cumulative high school GPA is 3.5 on 4.0 scale.  
— Must maintain a cumulative undergraduate GPA of at least 2.8 on 4.0 scale over the course of four years to remain eligible for the scholarship.  
— Be planning a career in cybersecurity/information security.  
— Complete the scholarship application, including a one-page essay and two letters of reference.  
— Identify as Black and/or African-American (African, African-American, Caribbean, for example) and be a US Citizen, US national or permanent resident.  
Qualified candidates are encouraged to apply and learn more about the scholarship program here.

"It's our belief that our organization is at its best and our clients are better-served when a diverse range of voices has the opportunity to be heard, lead, and make an impact," said Heather Strbiak, Optiv's chief human resources officer. "We want boardrooms and breakrooms across our industry to more closely represent the population at large. By dedicating effort and resources to spur that outcome, we're aiming to close the talent and diversity gap in cybersecurity."

Optiv's Black Employee Network (BEN) is entirely employee-driven and part of the company's Diversity, Equity, and Inclusion (DEI) initiative.

"The most creative, thought-provoking, and successful projects I've worked on have been the result of inclusive environments where everyone's unique ideas were valued and represented," said Tesfaye Williams, Optiv's BEN community outreach leader. "This scholarship is our way of ensuring the cybersecurity industry continues to progress and be an attractive career path for people of color seeking to make a difference."

Optiv honors and embraces the diverse perspectives, ideas, backgrounds, and experiences of its people. The company's approach to DEI is grounded in listening, learning, and growing.

Learn more about Optiv at https://www.optiv.com/company/optiv-newsroom.

Follow Optiv  
Twitter: www.twitter.com/optiv  
LinkedIn: www.linkedin.com/company/optiv-inc  
Facebook: www.facebook.com/optivinc  
YouTube: www.youtube.com/c/OptivInc  
Blog: www.optiv.com/explore-optiv-insights/blog

**Optiv Security: Secure greatness.™**

Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy, and operate complete cybersecurity programs, from strategy and managed security services to risk, integration, and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners, and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber-risk so you can secure your full potential. For more information, visit www.optiv.com.

SOURCE: Optiv Security Inc.

Source

DARKReading