CXO Spectrum

Security

Javelin Finds Financial Institutions Not Ready for Modern, Global Threats

by

In new research sponsored by Booz Allen Hamilton and conducted by digital finance analyst firm Javelin Strategy & Research, the current state of financial institutions’ threat landscape is rather alarming.

The research firm finds that today’s businesses need to look view cybersecurity threats as essentially asymmetrical warfare.

The full report can be downloaded here, but key findings are:

  • Economic and political interests can underpin state-sponsored cyber-threats as financial institutions function as lucrative targets
  • Cloud deployments can complicate operations if strategy is not considered thoroughly
  • “Crypto-jacking,” malware hosting, and command-and-control infrastructure attacks are serious threats and should be considered/prepared for as seriously as data breaches
  • Wiper and ransomware attacks are looming and FIs are not prepared to prevent them
  • Authentication is a source of concern, with 40% of FIs worried about unauthorized access.
  • Multi-cloud environments can invite vulnerability, whether by a likelihood of poor configuration management or simple weak understanding of cloud environments.
  • Security teams have a real opportunity to embrace automation.

Verizon Finds Majority of Companies Aware They’re Sacrificing Security for Efficiency

by

In its 2020 Mobile Security Index, Verizon found that 54% of companies were less confident about the security of their mobile devices than other systems.

With an increase in mobile security breaches, it’s not really a surprise that mobile would be a growing concern for IT teams. And self-awareness doesn’t seem to be the problem, as 43% percent of organizations admitted to sacrificing mobile security to meet deadlines or productivity targets.

Other key findings:

  • Fifteen percent of enterprise users (18% in the U.S.) encountered a mobile phishing link in Q3 2019.
  • Twenty-one percent of organizations that were compromised said that a rogue or unapproved application had contributed to the incident.
  • The number of insecure Wi-Fi hotspots an average device connects to each day (per Wandera)
  • Only 43% said that they limit their employees to using apps from an official app store or one owned by the company
  • Thirty-one percent of IoT respondents admitted to having suffered a compromise involving an IoT device.

Pindrop Demonstrates Rising Risk of Voice Deepfakes, Releases Deep Voice 3

by

At RSA, the global security company that uses AI for IVR Authentication and Anti-Fraud Solutions, announced the launch of Deep Voice 3, the new version of its market-leading voice recognition technology.

The biometric industry has been quick to develop improvements in voice-based speech recognition solutions given the rapid developments in deepfakes. Not only are video deepfakes a concerns, but there’s also been an alarming increase in voice deepfakes.

Pindrop aims to combat these attacks with Deep Voice 3, which is built on advanced machine learning and deep neural networks. The solution is designed to accurately recognize the voice of callers at a contact center with less speech, resulting in faster authentication, a smoother customer experience with higher enrollment, and a contact center that is both more efficient and secure. 

Pindrop anticipates GA of Deep Voice 3 in Q1.

RSA Announces SECURITI.ai Lands Top Spot at RSAC Innovation Sandbox Contest 2020

by

Today at RSA, AI-powered PrivacyOps provider SECURITI.ai was announced as the winner of the Conference’s Innovation Sandbox Contest. The winner was determined by a panel of venture capitalists, entrepreneurs and industry veterans.

For the past fifteen years, the RSAC Innovation Sandbox Contest has been a leading platform for startups to showcase their technologies within the cybersecurity industry. And nabbing the top spot is quite the milestone, since RSAC Innovation Sandbox Contest’s top 10 finalists have collectively seen over 50 acquisitions and over $6.2 billion in investments.

SECURITI.ai simplifies and automates privacy and offers PRIVACI.ai, which automates privacy compliance with patent-pending People Data Graphs™ and robotic automation. Using it, enterprises can give rights to people on their data, comply with global privacy regulations, and build trust with customers.

Jigsaw Launches New Publication and Platform to Combat Disinformation

by

The potential for disinformation to impact everything from commerce to war has only grown as developments in AI have enabled increasingly sophisticated disinformation tools. To combat the threat, and to better arm fact-checkers and journalists with a seamless process for detecting disinformation, Jigsaw recently announced Assembler – a platform that’s been in development since 2016 with support from Google Research – and The Current, a new research publication.

Jigsaw’s team – comprised of researchers, engineers, designers, policy experts, and creative thinkers – has been working on Assembler, an experimental platform to test how technology can help fact-checkers and journalists to detect and analyze manipulated media.

The tool is currently being tested at Agence France-Presse, Animal Politico, Code for Africa, Les Décodeurs du Monde, and Rappler, wto determine how well it works in real newsrooms.

Jigsaw also recently announced the launch of The Current, a new research publication that examines “complex problems through an interdisciplinary approach — like our team.”

Ransomware Attacks Cost US Healthcare Organizations over $157M Over Since 2016

by

Recent research from reviews and research firm Comparitech highlights come unsettling statistics regarding ransomware in the healthcare industry.

Comparitech’s team undertook these efforts to try and gain insight into the growing problem, a difficult task given the complexity of ransomware attacks that aren’t publicly disclosed, as well as the requirement from U.S. Department of Health Services that publish information about attacks only if over 500 people are impacted.

Using a variety of different resources including specialist IT news, data breach reports, and the Health Services reporting tool, Comparitech gathered as much data as possible on ransomware attacks on US healthcare providers, though they acknowledge that this may only be the tip of the iceberg.

The report details costs to individual states and while California had the highest number of ransomware attacks, Michigan saw the highest number of affected patient records.

You can find the entire report here.

Its key findings from looking at the attacks since 2016 included:

  • 172 individual ransomware attacks on healthcare organizations
  • 1,446 hospitals, clinics, and organizations affected
  • 74 percent of organizations affected were hospitals or clinics, the remaining were IT providers (5%), elderly care providers (7%), dental (5%) or optometry practices (6%), plastic surgeons (2%), medical testing (2%), health insurance (1%), government health (1%), and medical supplies (1%)
  • 6,649,713 patients affected
  • Ransomware amounts vary from $1,600 to $14,000,000
  • Downtime caused varies from hours to weeks and even months
  • Hackers have demanded ransoms totaling more than $16.48 million since 2016
  • Hackers have received at least $640,000 since 2016
  • The overall cost of these attacks is estimated at $157 million