Venafi | December 27, 2021
Venafi, the inventor and leading provider of machine identity management, announced the findings of a global survey of more than 1,500 IT security decision makers that reveals that almost two-thirds (60%) of security almost two-thirds (60%) believe ransomware threats should be prioritized at the same level as terrorism. These opinions echo the U.S. Department of Justice, which raised the threat level of ransomware following the Colonial Pipeline attack earlier this year. The study also found that less than one-third of respondents have implemented basic security controls that break the ransomware kill chain.
Other key findings include:
Over two thirds (67%) of respondents from organizations with more than 500 employees experienced a ransomware attack over the last 12 months—a figure that rises to 80% for respondents from organizations with 3,000-4,999 employees.
Over a third (37%) of respondents would pay the ransom but more than half of these (57%) would reverse that decision if they had to publicly report the payment, as required by the Ransomware Disclosure Act, a U.S. Senate bill that would require companies to report ransomware payments within 48 hours.
Despite the rising number of ransomware attacks, more than three-quarters (77%) say they are confident the tools they have in place will protect them from ransomware attacks. Australian IT decision makers have the most confidence in their tools (88%), compared with 71% in the U.S. and 70% in Germany.
Twenty two percent believe paying a ransom to be “morally wrong.”
Seventeen percent of those breached admitted they paid the ransom, with U.S. respondents paying most often (25%) and Australian companies paying least often (9%).
The fact that most IT security professionals consider terrorism and ransomware to be comparable threats tells you everything you need to know; these attacks are indiscriminate, debilitating and embarrassing. Unfortunately, our research shows that while most organizations are extremely concerned about ransomware, they also have a false sense of security about their ability to prevent these devastating attacks. Too many organizations say they rely on traditional security controls like VPNs and vulnerability scanning instead of modern security controls, like code signing that are built-in to security and development processes.”
Kevin Bocek, Vice President ecosystem and threat intelligence at Venafi
The study shows that most organizations are not using security controls that break the ransomware kill chain early in the attack cycle. Many ransomware attacks start with phishing emails that include a malicious attachment—but just 21% restrict the execution of all macros within Microsoft Office documents. Less than a fifth (18%) of companies restrict the use of PowerShell using group policy, and only 28% require all software to be digitally signed by their organization before employees are allowed to execute it.
About the research
Conducted by Sapio Research, Venafi’s survey evacuated the opinions of 1,506 IT security officers across the U.K., Australia, France, Germany, Benelux and the U.S.
Venafi is the cybersecurity market leader in machine identity management, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, SSH, code signing, mobile and IoT. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise—on premises, mobile, virtual, cloud and IoT—at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.
With over 30 patents, Venafi delivers innovative solutions for the world's most demanding, security-conscious Global 5000 organizations and government agencies, including the top five U.S. health insurers; the top five U.S. airlines; the top four credit card issuers; three out of the top four accounting and consulting firms; four of the top five U.S. retailers; and the top four banks in each of the following countries: the U.S., the U.K., Australia and South Africa.
Nord Security | February 18, 2022
Nord Security, a family of digital privacy and security solutions, has joined the Centre for Cybersecurity, launched by the World Economic Forum. Alongside other global cybersecurity companies, Nord Security will accelerate the societal benefits of a secure digital world and participate in invaluable knowledge sharing within the sector.
The World Economic Forum's Centre for Cybersecurity is an independent and impartial global platform committed to fostering international dialogues and collaboration between the global cybersecurity community in both the public and private sectors. The focal points of the center are to build cyber resilience, strengthen global cooperation, and understand future networks and technology. Nord Security joining the Centre for Cybersecurity will not only benefit the World Economic Forum and its aims, but it will also help Nord Security to further develop into an encompassing cybersecurity suite.
As a global brand that has continuously advocated for greater online privacy and security, joining the World Economic Forum's Centre for Cybersecurity marks the natural next step for us and our products. Nord Security has accumulated extensive cybersecurity experience that could provide valuable insights to this platform. But more importantly, we hope that, together with other members of the center, we will further boost the users' trust and close cooperation between public and private stakeholders in the cybersecurity industry."
Tom Okman, one of the co-founders of Nord Security
"We are excited that Nord Security has joined the Centre for Cybersecurity. Their expertise will be a value add to ongoing projects on cyber resilience, governance and privacy," said Alexander Klimburg, head of the Centre for Cybersecurity, World Economic Forum.
NordVPN — the first brand in the Nord Security family of products — was established in 2012. Throughout the years, it became the VPN solution of choice worldwide. Lately, the company has been expanding to include security solutions for businesses and advanced tools for consumers. These include the next-generation password manager NordPass, the powerful file encryption tool NordLocker, and the business solution NordLayer.
BlackBerry Limited | October 14, 2021
BlackBerry Limited announced the availability of a QNX Hypervisor and VIRTIO-based reference design to virtualize Android Automotive OS on the 3rd Generation Snapdragon Automotive Cockpit Platform, helping automakers to deliver the ultimate cockpit experience while accelerating time to market.
The automotive industry is consolidating disparate in-cabin functionality such as digital instrument clusters, infotainment and heads-up display into unified digital cockpit architectures all running on a single, extremely powerful underlying system-on-chip (SoC). This mixed-criticality architecture tightens the integration between previously discrete in-cabin functionality to deliver a cockpit domain controller solution supporting a unified user experience for the consumer while simultaneously reducing overall cost.
VIRTIO is an open standard that defines the interface between Android Automotive OS and the underlying hypervisor to deliver the full Android Automotive OS experience. The combination of the QNX Hypervisor and QNX's VIRTIO implementation allows Android Automotive OS to run out of the box without modification. This allows systems deployed in the field to easily upgrade to newer versions of Android Automotive OS as they are released.
While the VIRTIO interface is standardized, the implementation of the interface is not. The BlackBerry QNX reference has been extended to support dynamic graphics sharing between Android Automotive OS applications in the infotainment domain and the digital instrument cluster, shared Vulkan drawstream support and system-wide audio management to holistically manage all sound within the vehicle. The BlackBerry QNX VIRTIO implementation adds 10 additional virtual devices to the existing 25 currently available in the QNX Hypervisor family of products.
The QNX hypervisor-based reference design incorporates an infotainment system powered by Android Automotive OS and a digital instrument cluster virtualized by the QNX Hypervisor and running on a single Snapdragon Automotive Cockpit Platform. This architecture will also allow automotive manufacturers to enjoy the freedom from interference necessary to achieve safety certifications while delivering the full Android Automotive OS experience.
The reference design demonstrates fast-boot and sharing of audio, graphics, video (camera), touchscreen, vehicle HAL sharing, USB and streaming video between the digital instrument cluster and the infotainment system powered by Android Automotive OS enabling Tier 1s and OEMs to deliver the ultimate cockpit experience.
BlackBerry provides intelligent security software and services to enterprises and governments around the world. The company secures more than 500M endpoints including 195M vehicles. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety, and data privacy solutions, and is a leader in the areas of endpoint security, endpoint management, encryption, and embedded systems. BlackBerry's vision is clear - to secure a connected future you can trust.