**FRANKLIN LAKES, N.J.****,** **Jan. 25, 2023** **/PRNewswire/ --** BD (Becton, Dickinson and Company) (NYSE: BDX), a leading global medical technology company, today released its third annual cybersecurity report to update stakeholders about the company's ongoing efforts to advance cybersecurity maturity, protect against cyberattacks and empower customers with information about cyber risks and vulnerabilities.

Through the BD 2022 Cybersecurity Annual Report, the company is increasing awareness of health care cybersecurity challenges and the company's commitment to transparency and collaboration.

"In health care, cybersecurity is about protecting patient safety and privacy, while also securing systems and data," said Rob Suárez, chief information security officer of BD. "Patients receive medical care at some of the most critical and vulnerable moments in their lives. They trust the safeguards put in place to protect them. Upholding strong cybersecurity measures and continuing to advance cybersecurity is part of honoring that trust."

In the context of recent cybersecurity trends and developments, the report discusses:

*   **Transparency and communication** – BD strives to help customers manage risk properly through awareness and guidance. The BD 2022 Cybersecurity Annual Report outlines the company's mature coordinated vulnerability disclosure processes and how customers can access product security documentation, including certifications and attestations from Underwriters Laboratories Cybersecurity Assurance Program (UL CAP), System and Organization Controls (SOC2) and the International Standards Organization (ISO/IEC 27001:2022).
*   **Collaborative efforts to advance cybersecurity** – Strengthening cybersecurity across the health care industry requires collaboration. The report highlights the work of multiple cybersecurity working groups and outlines the company's contributions to advancing secure cybersecurity practices, including ethical hacking exercises, cybersecurity scenario trainings and preparing for greater software-bill-of-materials (SBOM) visibility.
*   **The state of health care cybersecurity** – Ransomware, phishing and software supply chain attacks reinforce the need for strong proactive and preventive measures. The report details how the company strives to protect its products, manufacturing operational technology and enterprise IT from emerging risks and threats.

For more information about the company's approach to cybersecurity, download the BD 2022 Cybersecurity Annual Report**.**

**About BD**BD is one of the largest global medical technology companies in the world and is advancing the world of health by improving medical discovery, diagnostics and the delivery of care. The company supports the heroes on the frontlines of health care by developing innovative technology, services and solutions that help advance both clinical therapy for patients and clinical process for health care providers. BD and its 77,000 employees have a passion and commitment to help enhance the safety and efficiency of clinicians' care delivery process, enable laboratory scientists to accurately detect disease and advance researchers' capabilities to develop the next generation of diagnostics and therapeutics. BD has a presence in virtually every country and partners with organizations around the world to address some of the most challenging global health issues. By working in close collaboration with customers, BD can help enhance outcomes, lower costs, increase efficiencies, improve safety and expand access to health care. For more information on BD, please visit bd.com or connect with us on LinkedIn at www.linkedin.com/company/bd1/ and Twitter @BDandCo.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

BD Publishes 2022 Cybersecurity Annual Report

Despite economic headwinds and layoffs in other areas, most retail and hospitality CISOs expect to add staff in 2023, according to a new report.

**VIENNA, Va.****,** **Jan. 25, 2023** **/PRNewswire/ --** Information security teams have always had to do more with less, but 2023 might be the year when they are able to do more with more. Riding a three-year trend, 70% of CISOs expect their budgets to increase again this year, while 60% also expect more FTEs, according to the CISO Benchmark Report released today from the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC).

The annual report surveys cybersecurity leaders from consumer-facing industries to assess data about budgets, personnel, and organizational priorities.

The increase in budget and personnel reflects how cybersecurity has grown as a critical part of business operations in many organizations. This year, business disruption emerged as a top 10 (No. 7) risk that organizations currently face, up seven spots from No. 14 in 2021. Similarly, 50% of CISOs now have business continuity/disaster recovery as part of their core responsibilities, an increase of 11 percentage points since last year.

Surprisingly, although fraud in its many forms greatly impacts the bottom line, and continues to be a top risk for organizations, very few CISOs have fraud as part of their core responsibilities, according to the report.  

New this year is an additional benchmark report from RH-ISAC that survey cybersecurity practitioners to understand the challenges and priorities staff have in executing daily job functions.

Key insights from the Practitioner Benchmark Report include:

*   83% serve more than one job function, which means that employees have a valuable and diverse skill set across security operations (76%), threat intelligence (66%), and risk management (66%)
*   93% believe they have the necessary skill sets to perform their job effectively

"The retail and hospitality industries are constantly evolving, and so are the cybersecurity challenges they face," said Suzie Squier, president of RH-ISAC. "The RH-ISAC Benchmark Reports provide valuable insights and actionable information for CISOs and other information security professionals to stay informed about trends and resource allocation among infosec teams."

The companies represented in the surveys include retail, restaurants, hospitality, travel, and consumer packaged goods/manufacturing companies, and reflect more than 718,000 total locations, 3.4 million corporate employees, and $2.3 trillion in annual sales.

The full reports are available to RH-ISAC members, and summary versions of each report are available to download:  
CISO Benchmark Report   
Practitioner Benchmark Report 

**About the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC)**

The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) is the trusted community for sharing sector-specific cybersecurity information and intelligence. The RH-ISAC connects information security teams at the strategic, operational, and tactical levels to work together on issues and challenges, to share practices and insights, and to benchmark among each other – all with the goal of building better security for consumer-facing industries through collaboration. RH-ISAC serves businesses, including retailers, restaurants, hotels, gaming casinos, food retailers, consumer products, and other consumer-facing companies. For more information, visit www.rhisac.org.

SOURCE Retail and Hospitality ISAC

Cybersecurity Budgets Increase for Retail & Hospitality Industry

Report identifies 1.75m cyberattacks were stopped by BlackBerry in the last 90 days.

**WATERLOO, ON****,** **Jan. 25, 2023** **/PRNewswire/ --** BlackBerry Limited (NYSE: BB; TSX: BB) today released its Global Threat Intelligence Report, highlighting the volume and model of threats across a range of organizations and regions, including industry-specific attacks targeting the automotive and manufacturing, healthcare and financial sectors. After the success and continued demand for its annual threat report, BlackBerry has switched to a quarterly cadence to match the speed adversaries evolve to provide a more holistic view of the threat landscape, helping businesses to prepare and protect themselves accordingly.

BlackBerry's Threat Research and Intelligence team identified that in the 90 days between September 1 and November 30, 2022 (Q4), BlackBerry's AI-driven prevention-first technology stopped 1,757,248 malware-based cyberattacks. This includes 62 unique samples per hour, or one sample each minute. The most common cyber-weapons used in  attacks include the resurgence of the Emotet botnet after a four-month dormancy period, the extensive presence of the Qakbot phishing threat, which hijacks existing email threads to convince victims of their legitimacy, and the increase in infostealer downloaders like GuLoader.

"Annual threat reports have been a fantastic way to provide insight into overall trends, but now more than ever, organizations need to make well-informed decisions and take prompt effective actions, using the latest actionable data," said Ismael Valenzuela, Vice President, Threat Research & Intelligence at BlackBerry. "Our public and private reports are written by our top threat researchers and intelligence analysts, world-class experts that not only understand the technical threats but also the global and local geopolitical situation, and how it affects organizational threat models in each region. This expertise allows us to provide actionable and contextualized threat intelligence to increase cyber resilience and to enable mission and business objectives."

Highlights from the report include:

*   **MacOS is not immune**. It is a common misconception that macOS is a "safe" platform due to it being used less among enterprise systems. However, this could be lulling IT managers into a false sense of security. BlackBerry explores the pernicious threats targeting macOS, including malicious codes that are sometimes even explicitly downloaded by users. In Q4, the most-seen malicious application on macOS was Dock2Master which collects users' data from its own surrepticious ads. BlackBerry researchers noted that 34 percent of client organizations using macOS had Dock2Master on their network.
*   **RedLine was the most active and widespread infostealer in this last quarter.** Post-pandemic work models have necessitated the need for businesses to support remote and hybrid employees, putting corporate credentials at greater risk of attack from malicious actors than ever before. RedLine is capable of stealing credentials from numerous targets including browsers, crypto wallets, and FTP and VPN software, among others, and selling them on the black market. Cybercriminals and nation state threat actors rely on initial access brokers trading stolen credentials. RedLine is one of them providing initial access to another threat actors.
*   **BlackBerry is uniquely positioned to uncover threats that affect industries that aren't often discussed in other threat reports**. With a strong presence in both the cyber and IoT markets, BlackBerry provides insights into the current threat landscape and trends for the future that affect the automotive and manufacturing industries, along with financial and healthcare. The report includes analysis of GuLoader and the BlackCat ransomware group that targets small-to-medium sized enterprises, largely in the manufacturing sector, and threatens victims to leak compromised data to further extort their ransom.

To learn more, download a copy of the Global Threat Intelligence Report: Delivering Actionable and Contextualized Intelligence to Increase Cyber Resilience now, and tune into BlackBerry's LinkedIn Live Session on January 26th to discover more.

**About BlackBerry**

BlackBerry (NYSE: BB; TSX: BB) provides intelligent security software and services to enterprises and governments around the world. The company secures more than 500M endpoints including over 215M vehicles. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety, and data privacy solutions, and is a leader in the areas of endpoint security, endpoint management, encryption, and embedded systems.  BlackBerry's vision is clear - to secure a connected future you can trust.

BlackBerry's Inaugural Quarterly Threat Intelligence Report Reveals Threat Actors Launch One Malicious Threat Every Minute

If you or your company can't find good infosec candidates, consider changing up the qualifications to find more nontraditional talent.

Cyber and information security job openings seem to have one of the higher barriers to entry compared with other services-focused roles, and this gatekeeping can be largely blamed for the shortage of available talent in the field. For some reason, other positions are very open to nontraditional backgrounds and limited experience provided the candidate isn't a complete novice and can demonstrate interest in pursuing the field (think: customer service/support, bookkeepers, or IT help-desk roles).

In a world where talent is desperately needed, it is incumbent on hiring managers to rely less on keywords in a resume to prescreen candidates for most roles and instead consider the candidate's transferable skills.

Take the list of requirements and preferences below, which was derived from a recent posting for an entry-level security role. Here are some ways to reframe the skills and qualifications that are likely to give employers most, if not all, of what they're seeking. I've also included suggestions for adjacent skills that may satisfy what the job poster is looking for.

****Requirement: Thorough Understanding of Cybersecurity Principles, Concepts, and Best Practices****

Let's change this to, "Demonstrated understanding of at least one cybersecurity domain." Why? Anyone who has been in this field for any length of time knows you can dedicate your entire career to mastering the concepts, principles, and best practices of just one domain, let alone all of cybersecurity. Instead, highlight those areas most important for this role. If the person _needs_ to understand the basics of identity access and management and the rest is beneficial, state as much. This way, if the person is truly new to the field, they can study up on exactly what you need and highlight their willingness to learn during the interview.

****Requirement: Excellent Critical Thinking and Problem-Solving Skills and Ability to Work Under Pressure****

Leave as is, but carefully consider where the applicant may have acquired these skills. As hiring managers, we always want to hear examples of dealing with this pressure during an outage or other event. Be open to hearing from a parent who had to juggle two sick kids while their spouse was traveling, or the department manager who severely underestimated the demand for toilet paper in 2020. None of these stories involve incident response (at least as we define it), but all will provide examples of being put in a difficult situation, navigating their way through it, and what they learned from it that can be applied to your role.

****Requirement: 1-2 Years Professional Experience with Firewalls, VPN, SIEM, and/or IDS and Network Management/Monitoring Tools, Azure or AWS, and IAM****

Change this to, "Demonstrable experience with common security tools, such as firewalls, cloud providers, SIEM tools, IDS/IPS, or identity providers." This requirement is nearly impossible to meet for someone brand new to the field, but if it is a requirement for the role, consider those with amateur experience with the same tools. Perhaps they built a virtual lab at home with freeware to understand the concepts, took a course on Wireshark and tapped their home Internet, or configured Pi-Hole to better secure their home network. Perhaps they have a free Amazon Web Services account and configured RBAC with test accounts or stood up a virtual syslog server.

This is arguably the most difficult requirement for new entrants and even some experienced ones because we all use different tools, so look for someone who has used _any_ relevant tools and ask them how they learned about it, what they did with it, and what they learned from the experience. A natural curiosity shows a propensity to spend the time learning any tool your company has now or will acquire later.

****Requirement: Industry Certifications****

Leave as is but consider it optional and not required. This is perhaps the easiest to meet as CompTIA, ISC2, and others offer entry-level certifications, but consider the candidate may not have the means to pursue these certifications independently due to the cost, time, or other factors. One of the greatest benefits we can offer candidates is the opportunity to learn more, so don't let this be a disqualifier.

****Requirement: 2- or 4-Year Degree in Computer Science or Related Field****

Try using, "A college degree or recently completed training in relevant technologies and concepts." I concede this one proves a base level of knowledge in a topic, but it ignores several important factors. Many candidates may not have pursued college for one reason or another; it may have been unaffordable, or they tried and weren't successful, or like many of us perhaps they simply didn't know what they wanted to do after high school. Regardless, otherwise qualified candidates should not be rejected because of a lack of a degree if they can prove relevant training and skills. 

There are plenty of other degrees and backgrounds that lend themselves to what we do. A candidate who spent four years in the military has the mindset to understand an adversary and execute on a plan as it's been prescribed, both of which are incredibly helpful in incident response. A middle school teacher can demonstrate juggling multiple priorities while maintaining incredible documentation and providing updates to stakeholders (parents). It's also exactly what you need from an internal compliance team. Similar examples are all around but require us to be flexible when deciding what we really need from entry-level hires.

Can't Fill Open Positions? Rewrite Your Minimum Requirements

Skyhawk Synthesis extends cloud security misconfiguration detection across multiple clouds, the company says — throwing cloud security posture management in for free.

At this point, multicloud networks are the default. Estimates of multicloud adoption in the enterprise range from 80% to 92%, which means from "most people" to "almost everyone." And yet organizations continue to struggle with correctly configuring multicloud environments. In a recent study, Aqua Security found that 82% of companies left their cloud storage open to the public. Again, that's "most people" levels of misconfiguration. Clearly something needs to be done to improve cloud security configuration, and Skyhawk Security has a suggestion.

The Radware spinoff recently launched its Skyhawk Synthesis platform, which combines cloud threat detection and response (CDR), cloud infrastructure entitlement management (CIEM), identity threat detection and response (ITDR), and cloud security posture management (CSPM) into a unified environment. Because Skyhawk considers it a baseline capability, the company is offering its CSPM solution as a "freemium," including complete posture management and hardening, compliance reports, and governance enforcement for up to 1,000 assets.

The point of using all those approaches is to automate cloud security maintenance as much as possible to conserve the efforts and attention of security staff. Skyhawk Synthesis uses machine learning to identify critical runtime sequences and then monitors the environment to flag when the sequences are activated in a potentially dangerous way. Focusing on the most dangerous events, the company claimed, can reduce the occurrence of false alerts, which have long been lamented as time-wasting burdens on security staff's attention.

According to Skyhawk, Synthesis Platform uses behavioral analytics and context-based event correlation to pick up on breaches, then presents the alerts in the CDR Runtime Hub interface. The curation allows human analysts to react quickly to real threats instead of jumping at false alarms, the company said.

Chen Burshan, CEO of Skyhawk Security, said in a statement, "This bridges the gap between having an exhaustive list of misconfigurations and vulnerabilities to having awareness that those issues are being used to compromise your infrastructure."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Skyhawk Security Launches Multicloud Runtime Threat Detection and Response Platform

Participants in a working session on ransomware at the World Economic Forum discussed how planning ahead can reduce cyber risk.

_Editor's note: The author participated in_ _a panel discussion at the World Economic Forum titled "Ransomware: To Pay or Not to Pay" on_ _January 19, 2023__._

While much of the press on the 2023 World Economic Forum in Davos, Switzerland, focused on international strife, on the ground it was a significantly more economic affair. Certainly, many of the conversations focused on how society must do more to align around solutions to the many _polycrises_ we are facing today, including the threat of a third world war, accelerating climate change, and widening income inequality over COVID. But chief among topics was real, tactical discussion on how to reduce the profit motives of cybercriminals — and help enterprises look at their cyber risk in a radically different way.

In our ransomware panel, Catherine De Bolle, executive director for Europol, noted that cybercrime is a risk created by humans, driven by the economic conditions of high profit and easy opportunity. Ransomware is the most recent monetization of these motives and opportunities, and it has evolved from simple malware to advanced exploits and double or triple extortion models.

The _motive_ for cybercrime is clear: to steal money. But the digital nature of cybercrime makes the _opportunity_ uniquely attractive, due to the following:

1.  Cryptocurrency makes online extortion, trading illicit goods and services, and laundering fraudulent funds highly anonymous and usually beyond the reach of Western financial regulators or inspection.
2.  There isn't enough fear of getting caught for cybercrime. Recently, the US Department of Justice had a major win bringing the founder of an illicit crypto exchange, Anatoly Legkodymov, to justice. But the US had to wait until he traveled to a country within the jurisdiction of Western law enforcement. Most criminals are not so careless, making such an arrest a rare success.
3.  With the explosion in spending on digital transformation (16.3% CAGR over the next five years), data is the new gold. And it is incredibly easy to steal, due to lapses in basic hygiene like encrypting data at rest and in transit or limiting access to only authorized users.
4.  Paying extortion through extensive cyber insurance policies only feeds the ransomware epidemic by incentivizing further crime, as FBI Director Christopher Wray noted.

As a veteran Air Force cyber operations officer who now runs a cyber risk solutions company writing insurance policies covering extortion payments, I feel these points all too clearly. That is why it's time that enterprises dramatically rethink how they manage their cyber risk as not just a technical problem, but a financial problem as well.

**Fighting Cybercrime With Cyber Resilience**

While helping companies pay extortion is never the first choice for any insurer, its role is to help make its clients whole and reduce their financial exposure. But insurers have a responsibility to help their clients think proactively and holistically about how they assess, measure, and manage their cyber risk overall. In other words, ask:

*   Is the client investing their cybersecurity budget in the controls that matter most?
*   Is the client making an effort to help improve the cyber hygiene of their organization?
*   Is the client doing more to break the management silos separating security and business?
*   Is the client able to predict and quantify their risk based on their security posture?
*   Is the client able to improve their insurance coverage when they do all of the above?

This is the core idea behind cyber resilience, a way to protect digital infrastructure for enterprises by integrating the technical, policy, behavioral, and economic elements necessary to mitigate and manage cyber as a predictable risk.

Compared to insurance lines like property or auto, which have decades of data measuring what keeps a building from burning down or a car crash victim alive, cyber is a less mature line of insurance. Cyber policies are still harder to underwrite, given the difficulty in quantifying and pricing the risk. They require talented underwriters backed by technical knowledge, threat assessment software, and advanced analytics to measure a company's security controls balanced against risks in their sector. But like pushing regulations that require fire sprinklers in buildings and seatbelts in cars, insurance can rewrite the rules of how cyber risk is managed by helping our clients make their digital infrastructure significantly more resilient to extortion threats.

**Best Practices Help Thwart Extortion**

Chainalysis, a member of the Institute for Security and Technology's Ransomware Task Force, found that ransomware revenue declined by nearly 50% in 2022. Though we have seen extortion _attempts_ remain strong, we can anecdotally say that fewer companies are deciding to pay extortion due to controls that allow them to restore from backups or rebuild their IT networks.

This tells us that for a certain segment of the corporate ecosystem, sharing best practices builds resilience to extortion and raises the cost for attackers. Our goal now is to shift the view of companies and the insurance industry toward this new approach of cyber resilience and reward those who invest in strong cyber hygiene.

In our discussion group on ransomware, a CEO who had just thwarted an extortion attempt said it best when they noted that what saved them was rehearsing a holistic plan to respond to an incident. Exercising with real-world lessons helped their executive team successfully navigate an intrusion without paying the ransom. Davos' blend of public and private sector leaders made the perfect audience to hear this message.

Fighting cybercrime is a team sport, and to succeed, we must adopt this framework of cyber resilience that integrates the technical, policy, behavioral, and economic elements necessary to manage the reality of ever-growing cybercrime as a predictable and manageable cyber risk.

View from Davos: The Changing Economics of Cybercrime

Ticketmaster testified in the Senate that a cyberattack was to blame for the high-profile Taylor Swift concert sales collapse, but some senators aren't so sure.

When armies of Taylor Swift fans in November were locked out of being able to purchase tickets for her upcoming The Eras tour, the so-called "Swifties" demanded answers.

And the Senate agreed.

This week, Ticketmaster testified in Senate Judiciary Committee hearings that it's not the company's monopoly on the live music market that caused the Swifty sales collapse — it was instead a cyberattack, executives said.

"There was unprecedented demand for Taylor Swift tickets," according to the opening testimony, shared ahead of the hearing with Dark Reading. "We knew bots would attack that on-sale, and planned accordingly."

However, Ticketmaster added that it received triple the amount of bot traffic that it had ever experienced, with bots both attempting to purchase tickets as well as breach the ticket sales servers for access codes.

"While the bots failed to penetrate our systems or acquire any tickets, the attack required us to slow down and even pause our sales," according to the company, which added that the difference in this instance is that instead of bots attempting to beat humans to the tickets, these bots were also attacking the system itself.

Some senators, including Marsha Blackburn, a Republican from Tennessee, didn't agree with Ticketmaster's assessment that the company was prepared in advance for the Taylor Swift swarm.

"This is unbelievable," Blackburn said during the hearing. She added, "Why is it that you have not developed an algorithm to sort out what is a bot and what is a consumer?"

Ticketmaster asked the Senate to consider stronger anti-bot legislation, enforcement, and penalties, but that does little to help shore up systems for future blockbuster tour event sales against an increasingly aggressive legion of shopper bots.

"It is absolutely an ever-growing arms in race in terms of fighting the bots," Berchtold said in response to Senator Blackburn's questioning. "These are bots that are trying to impersonate people on an automated basis. They are faster and putting American consumers at a disadvantage."

**When Bot Traffic Looks Like a DDoS Attack**

Rather than a targeted, intentional distributed denial-of-service (DDoS) attack, Ticketmaster's outage was simply the result of the system getting crushed under a tidal wave of traffic. But the result was the same: disruption.

"Botnets are often used to launch DDoS attacks; they're also used to do other things such as attempting to quickly (and unfairly!) snap up tickets to popular events the moment they go on sale," Roland Dobbins, a DDoS expert and principal engineer with Netscout, explains to Dark Reading. 

He adds, "Even though the intent in the latter scenario isn’t to cause an outage — which defeats the purpose of the bot-driven purchases — high levels of aggressive, bot-driven, 'flash crowd' transactions can effectively constitute an unintentional application-layer DDoS attack against the online ticket vending system, if all the key elements in the system’s service delivery chain haven’t been designed with resilience, scale, and defense against application-layer DDoS attacks in mind."

**SeatGeek Had Similar, but Not as Serious, Swift Sales Problems**

Although it was also bogged down under a similar traffic spike, Ticketmaster competitor Seat Geek was able to sell tickets to 52 Taylor Swift concerts without the same technical failures, the company explained to Politico, blaming Ticketmaster's troubles on its market monopoly.

"Ticketmaster’s outage, recovery time, and continued lack of a solution are the results of a monopoly’s complacency," SeatGeek said in a statement. "No competition means no incentive to innovate and iron out problems that they’ve experienced in the past."

**Bot & DDoS Attack Defense Differ**

Online retailers trying to protect against both bots and DDoS attacks need to adopt different approaches for each, Boaz Gelbord, senior vice president and chief security officer at Akamai, explains to Dark Reading in reaction to the Ticketmaster Senate testimony.

"Organizations face an increasing array of cyber-threats during 'hype events' such as flash sales or online commercial events," Gelbord says. "These can include both DDoS attacks aimed at bringing down the event and bots that aim to subvert the legitimate sales process. The goals of these attacks differ and they also require different protection."

DDoS protection is about putting up infrastructure and application defenses prior to an attack, while thwarting bots requires "a deeper understanding of the behavior to determine which traffic is legitimate and which is automated," Gelbord explains.

**Battling the Bot Problem**

Online brands experienced a 71% increase in bot attacks in 2022 over 2021, with bad bots making up nearly a third of online traffic, Michael Pezely points out in response to the Ticketmaster hearing.

"All these trends were reflected in Ticketmaster’s own experience with the Taylor Swift tour," Pezely adds. "While 3.5 million fans preregistered as verified fans, according to Ticketmaster, 3.5 billion purchase attempts were made."

Pezely urges online retailers to consider a holistic artificial intelligence (AI) approach to battling the bot problem.

"Fighting AI with AI will continue to be part of the solution. Merchants, whether they’re selling PlayStations, sneakers, or tickets, can counter the bots with learning machines that provide the intelligence to understand the identity and intent behind each order," Pezely explains. "That understanding allows merchants to turn to automation to block illegitimate orders."

Ticketmaster Blames Bots in Taylor Swift 'Eras' Tour Debacle

Mainz brings 25 years of industry experience to execute on Forescout’s strategy and drive its next phase of growth.

**SAN JOSE, Calif.--(****BUSINESS WIRE****)--** Forescout Technologies Inc., the global leader in compliance and cybersecurity for all connected devices, today announced that Barry Mainz will join the company as CEO, effective immediately.

Barry Mainz brings more than 25 years of experience in executive leadership across infrastructure software and cybersecurity companies. Mainz has served as CEO and member of the Board of Directors for MobileIron and also led Wind River Systems, a division of Intel, as President during important years of growth. Additionally, Mainz has held leadership roles, as well as advisory and board positions at private and public companies such as Mercury Interactive, Makara (acquired by Red Hat, Inc.) and Sun Microsystems.

“Barry has been working with Wael, our Board and myself for the last several months as we prepared to execute our next stage of growth. Barry is a passionate and inspirational leader who delivers customer value, builds strong teams and drives operational discipline and rigor,” said Greg Clark, Chairman of the Board, Forescout and former CEO of cybersecurity companies BlueCoat and Symantec. “His experience across scaled and innovative companies makes him an ideal leader to take the company to the next level. Barry rounds out a fantastic team at Forescout and will be building on our strong foundation. We are pleased with the results of Forescout’s journey to date, and we are excited about the new value Forescout is bringing to our customers through our acquisitions as well as our organic development.”

Bryan Taylor, head of Advent’s technology investment team and a Managing Partner in Palo Alto added, “We are excited for Barry’s appointment as CEO as he brings a wealth of experience and expertise to the role, and we are confident that under his leadership, the company will continue to thrive and achieve even greater success. We also want to thank Wael Mohamed for his leadership and his significant contribution to Forescout.”

“I am really excited about the work we’ve done to plan Forescout’s next horizon and am thrilled to partner with our Board, our strong management team and employees as we execute our plans,” said Barry Mainz, CEO, Forescout. “Working together with Greg and our Board over the past few months gives me high confidence that we are on the right strategy and will deliver immense value to our customers.”

**About Forescout**

Forescout Technologies, Inc. delivers compliance and cybersecurity for all connected devices, including IT, IoT, OT, IoMT, and cloud environments. The Forescout Platform provides complete asset visibility, continuous compliance, network segmentation and a strong foundation for Zero Trust. For more than 20 years, Fortune 100 organizations and government agencies have trusted Forescout to provide automated cybersecurity at scale. Forescout arms customers with data-powered intelligence to accurately detect risks and quickly remediate cyberthreats without disruption of critical business assets. www.forescout.com

Managing cyber risk, together.

Forescout Appoints Technology Veteran Barry Mainz as CEO

Restoration teams must be part of a collaborative, initial response team to address costly downtime.

**CHATTANOOGA, Tenn.****,** **Jan. 24, 2023** **/PRNewswire/ --** Fenix24, a leading provider of disaster recovery services, released a white paper proposing a new flow for post-cybersecurity breach incident response that would significantly shorten downtime, the most-costly aspect of cyberattacks today. The paper, titled "The High Price of Business Interruption Requires New Response Modalities," argues that today's cyberattacks, particularly ransomware, have been designed to cause maximum destruction to the organization; and since downtime can cost between $100K and $1M for most organizations, it's time to redesign incident response (IR) flows to reduce business interruption by getting companies back to business faster. This can be accomplished by prioritizing restoration efforts to begin in the immediate aftermath of breach discovery. 

"The earlier restoration teams are brought into events, the lower the overall business interruption expenses," said Heath Renfrow, co-founder, Fenix24. "A few years ago, restoration was turning on systems. Today, these teams are essential to accelerating forensic data capture, establishing remote access into a compromised environment, and helping identify and prioritize critical systems for restoration, easing the pain of business interruption. When restoration is there from the beginning, everyone else can move faster. We have forged new models with Digital Forensics/Incident Response partners that are very collaborative and, in concert with Fenix24's intelligent restoration strategies, are producing up to 50% shorter downtimes."

The paper: proposes that the industry at large considers redefining the incident response model to involve restoration teams in the initial attack aftermath; encourages cyber insurance carriers to include restoration panels in their policies to encourage greater referral rates for high-quality restoration experts; and urges DFIR solutions providers not already adopting a collaborative model to consider the advantages it provides. Today's pre-, mid- and post-incident efforts can be greatly supported by real-time orchestration and communications tools such as Cygnvs, helping make this collaborative model a reality.

Historically, breach coaches have brought in Digital Forensics/Incident Response Teams (DFIR) to take the lead in containing the incident and providing initial response. DFIR leads or breach coaches may—or may not—recommend restoration partners following this process, which can extend business interruption weeks or even months. However, it is becoming clear to customers and carriers alike that downtime is becoming far too expensive and commands most of the incident's exorbitant costs.

"At Eos, we work closely with large insurers and vendors in the cyber sector and consistently hear how business interruption has become a major factor in escalating cyber losses," said Zach Powell, partner at Eos Venture Partners. "Through our research, we see that BI now accounts for over 50% of losses in select cyber lines."

**Resource:** Download and read the full white paper**.**  

**About Fenix24**

Fenix24, part of the Conversant Group family of companies, is raising the bar for post-incident disaster recovery and restoration with a fast, thorough and professional operation. Our battle-tested professionals execute the most intelligent and strategic recovery playbook for minimal cost of incident response and business interruption. Fenix24 is the army you need to push out the criminals that have compromised your environment and restore your company's IT operations. Learn more at fenix24.com.

SOURCE Fenix24

Fenix24 Releases White Paper Proposing New Cyber Incident Response Paradigm

Respondents indicate organizations are unprepared to handle cyberwarfare, there's no one-size-fits-all response to ransomware, and cybersecurity spending is on the rise.

**SAN** **FRANCISCO** **,** **Jan.** **24**, **2023** **/PRNewswire/ --** Armis, the leading asset visibility and security company, today announced the Armis State of Cyberwarfare and Trends Report: 2022-2023, which highlights global IT and security professionals' sentiment on cyberwarfare. The study shares sentiment from more than 6,000 global respondents across multiple industries, including healthcare, critical infrastructure, retail, supply chain and logistics, and more.

The Russian invasion of Ukraine has not only tragically upended the lives of countless people in a sovereign nation, but it is also causing geopolitical shockwaves of cyberwarfare that will reverberate for the foreseeable future. Today's targets extend well beyond the higher levels of the opposition governments; any organization is a potential victim, with critical infrastructure and high-value entities at the top of the list.

"Cyberwarfare is the future of terrorism on steroids, providing a cost-effective and asymmetric method of attack, which requires constant vigilance and expenditure to defend against," said Nadir Izrael, CTO and Co-founder of Armis. "Clandestine cyberwarfare is rapidly becoming a thing of the past. We now see brazen cyberattacks by nation-states, often with the intent to gather intelligence, disrupt operations, or outright destroy data. Based on these trends, all organizations should consider themselves possible targets for cyberwarfare attacks and secure their assets accordingly."

Key global findings from the Armis State of Cyberwarfare and Trends Report: 2022-2023 include:

*   One-third (33%) of global organizations are not taking the threat of cyberwarfare seriously, identifying as indifferent or unconcerned about the impact of cyberwarfare on their organization as a whole, leaving room for security gaps.
*   Nearly a quarter of global organizations (24%) feel underprepared to handle cyberwarfare. Even still, the lowest-ranking security element in the eyes of IT professionals is preventing nation-state attacks (22%).
*   Over 3 in 5 (64%) IT and security professionals surveyed agree with the statement, 'The war in Ukraine has created a greater threat of cyberwarfare.'
*   Over half (54%) of professionals who are the sole decision maker for IT security said they experienced more threat activity on their network between May 2022 and October 2022 when compared to the six months prior.
*   Over half (55%) of IT professionals surveyed agree with the statement, 'My organization has stalled or stopped digital transformation projects due to the threat of cyberwarfare.' This percentage is even higher in specific countries, including Australia (79%), the U.S. (67%), Singapore (63%), the UK (57%), and Denmark (56%). 
*   When asked about their organization's policy on paying ransoms in the event of a ransomware attack, IT professionals globally were divided in their responses. Twenty-four percent of respondents indicated their organization always pays, 31% said their organization only pays when customer data is at risk, 26% said the organization never pays, and 19% indicated that it depends.
*   Just over three-quarters (76%) of IT professionals surveyed agree that the boards of directors are changing their organization's culture towards cybersecurity in response to the threat of cyberwarfare.
*   Almost 4 in 5 (78%) IT professionals surveyed said, when thinking about recent and ongoing sudden global events (such as the pandemic, Ukraine conflict, etc.), it's likely that their company invests more of its budget into cybersecurity, with nearly 2 in 5 (37%) who think it's very likely.

Proprietary data from the Armis Asset Intelligence and Security Platform collected from June 1, 2022 through November 30, 2022 confirmed the aforementioned trends haven't slowed, only worsened. Threat activity against the global Armis customer base increased by 15% from September to November when compared to the three months prior. Further, Armis identified the largest percentage of threat activity against critical infrastructure organizations, with healthcare organizations the second most targeted when compared to various industries.

In addition to the key global findings from the report and complimentary proprietary data from the Armis platform, Armis zoomed in on regional trends with unique country-by-country analysis within breakout reports for the U.S., UK, France, DACH (Austria, Germany, Switzerland), Iberia, Italy, Denmark, the Netherlands, and APJ (Australia, Japan, Singapore).

For further information on the Armis State of Cyberwarfare and Trends Report: 2022-2023, please visit: https://www.armis.com/cyberwarfare/

**Methodology**

Armis surveyed 6,021 IT and security professionals in firms with more than one hundred employees across the U.S., UK, France, DACH (Austria, Germany, Switzerland), Iberia, Italy, Denmark, the Netherlands, and APJ (Australia, Japan, Singapore). Those findings were gathered between September 22, 2022 and October 5, 2022 and depict the state of cyberwarfare globally across various regions and industries.

**About Armis**

Armis, the leading asset visibility and security company, provides the industry's first unified asset intelligence platform designed to address the new extended attack surface that connected assets create. Fortune 100 companies trust our real-time and continuous protection to see with full context all managed, unmanaged assets across IT, cloud, IoT devices, medical devices (IoMT), operational technology (OT), industrial control systems (ICS), and 5G. Armis provides passive cyber asset management, risk management, and automated enforcement. Armis is a privately held company and headquartered in California.

Source

DARKReading