**KIRKLAND, Wash., July 13, 2022 –** Adaptiva today released the inaugural “Managing Risks and Costs at the Edge” report. Sponsored by Adaptiva and conducted by Ponemon Institute, 629 IT and IT security practitioners in the United States were surveyed, representing an average organizational headcount of 13,213 and IT budget of $184,366,500. Respondents indicated that most enterprises struggle to maintain visibility and control of their endpoint devices, leading to increased security breaches and impaired ability to ward off outside attacks.

Report findings show that the average enterprise now manages approximately 135,000 endpoint devices. Despite $4,252,500 of annual budget spent on endpoint protection, an average of 48 percent of devices – or 64,800 per enterprise – are at risk because they are no longer detected by the organization’s IT department or the endpoints’ operating systems have become outdated. Additionally, 63 percent of respondents find that the lack of visibility into their endpoints is the most significant barrier to achieving a strong security posture.

Additional report highlights include:

*   **Sprawling Centralized Infrastructure:** IT organizations are facing unprecedented rates of distribution point sprawl, which has grown rapidly since the onset of the COVID-19 pandemic. 61 percent of respondents say distribution points have increased in the last two years, and the average endpoint has as many as 7 agents installed for remote management, further adding to management complexity.
*   **Updates Are Hardest to Maintain:** 62 percent of respondents say new OS and application versions are the most difficult to maintain across all endpoints, followed by patches and security updates at 59 percent, and network settings and connectivity issues at 50 percent.
*   **Lacking Resources:** 66 percent of respondents say that their organizations don’t have ample resources to minimize endpoint risk. Consequently, respondents indicate they could only stop 52 percent of attacks with their current technologies and expertise.

"The world has been changing at unprecedented rates in the last two years, yet there haven’t been any significant innovations in the endpoint management space for over a decade, since the advent of cloud computing,” said Deepak Kumar, Founder and CEO of Adaptiva. “Unfortunately, most organizations are running uphill with endpoint management tools that weren’t designed for today’s distributed, decentralized, and digital-first world. IT needs tools that provide organizations with total and complete visibility over their endpoints, with real-time and continuous delivery of content to keep them healthy, patched, and secure. This won’t be achieved by the dominant endpoint management solutions in the market today, which still rely on bloated centralized infrastructure, in the cloud and on-prem."

As cyberattacks increase in frequency and magnitude, organizations are under increasing pressure to implement effective endpoint management solutions. Fifty-four percent of respondents had an average of 5 attacks on their organizations in the last year, at an average annual cost of $1.8 million. The cascading effects of system downtime and disruptions to employee productivity have left organizations scrambling to keep up.

Fortunately, enterprises now have options that can help eliminate costly infrastructure and repetitive human effort, while also continuously monitoring and automatically remediating endpoint issues with simple customization that keeps the edge of your network secure.

Visit adaptiva.com to read the full report and learn how Adaptiva’s solutions can help your organization gain proactive control over all their Windows endpoint devices.

**About Ponemon Institute**  
Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in a variety of industries.

**About Adaptiva**  
Adaptiva provides serverless endpoint management that eliminates the need for a vast IT infrastructure and monitors itself by automating traditionally manual tasks. Leveraging innovative peer-to-peer protocols, the Adaptiva Edge Cloud Platform is powered by the surplus capacity of existing devices already on the network – in the office or working from home. This enables IT to continuously deliver software, configurations and patches to endpoints no matter where they are. The world’s largest enterprise organizations and government agencies rely on Adaptiva for real-time endpoint visibility and content delivery, as well as automated compliance checks, remediations, and patching without ever throttling the network or the end user experience. Learn how at adaptiva.com.

Nearly Half of Enterprise Endpoints Present Significant Security Risks

Microsoft reveals now-fixed flaw in Apple's App Sandbox controls could allow attackers to escalate device privileges and deploy malware.

Microsoft has revealed a now-fixed flaw in Apple's macOS that allowed specific kinds of code to bypass the operating system's App Sandbox restrictions on third-party applications, potentially allowing attackers to escalate device privileges and install additional malicious payloads.

Microsoft shares credit for the find (CVE-2022-26706) with researcher Arsenii Kostromin, the company said in its announcement, adding that Apple patched the vulnerability in its May 16 security update.

The team at Microsoft discovered the bug while researching malicious macros in Microsoft Office for macOS, they explained in a recent blog post.

"Our research shows that even the built-in, baseline security features in macOS could still be bypassed, potentially compromising system and user data," the team wrote. "Therefore, collaboration between vulnerability researchers, software vendors, and the larger security community remains crucial to helping secure the overall user experience. This includes responsibly disclosing vulnerabilities to vendors."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

MacOS Bug Could Let Malicious Code Break Out of Application Sandbox

Most organizations are flying blind when remediating vulnerabilities. We lack the tooling to secure software fast enough. We need a new approach to vulnerability management now.

In a world increasingly dependent on technology, software sprawl is growing. Companies use custom-built software, open source software, and products from third-party providers when building applications. Through this software supply chain, the digital attack surface expands. Each software dependency can also open it up to potential attack as bugs are found in all types of software that malicious actors can exploit. Certain attacks in the headlines in the last year, including those that impacted SolarWinds and Kaseya, highlight the fragility of the software supply chain and the far-reaching implications if the supply chain is exploited.

Now the federal government is paying attention to software threats. It is now a requirement for companies that want to contract with government agencies to maintain a software bill of materials (SBOM) in order to have a clear and complete inventory of the software an organization has throughout its environment.

In tandem with understanding one's software environment is also the need to find vulnerabilities within that environment. Vulnerability management tools look for specific vulnerabilities and are segmented to specific areas within the various environments where software resides. Some scan for CVEs in the infrastructure, some on containers, and some in OSS libraries.

But there are severe limitations to both of these tools. While SBOM tools have been developed, unfortunately, most require a lot of manual work and are limited to specific parts of the software stack and environment. And while vulnerability scanners may locate bugs, they do not give security teams context that is specific to their own individual environments about how much risk each flaw might pose.

The result is most organizations are still flying blind when it comes to remediating vulnerabilities. Static SBOMs only reveal a point in time view of the software environment. And vulnerability scanners only offer limited information about flaws, with no real "action plan" on how to prioritize and remediate them other than CVE scores, which are of little value in many cases. Tech debt grows, and the attack surface is still massive.

In this software-driven world, we lack the tooling to release secure software — or secure released software — fast enough.

**We Need a New Approach to Vulnerability Management**

With software outpacing the ability of traditional vulnerability management to scan everything, a new approach is needed. The answer? Tools and strategy that allow security and development professionals to see all software across the stack and understand risk holistically.

Here's why.

1.  **Understanding what you have is not enough.** More software and more vulnerabilities are creating huge backlogs for IT. That's why we not only need tools to detect the vulnerabilities associated with the software, but also tools to prioritize these vulnerabilities and understand what matters. Rezilion's research shows that only a small percentage of discovered vulnerabilities are loaded into memory and therefore, exploitable, reducing patching backlogs by up to 85%.
2.  **Context is key.** You must be able to figure out which software and applications will be most affected by vulnerabilities and whether the vulnerability poses a high risk. You also need to know what the attacker will achieve by exploiting the vulnerability and gaining access to your network, and what the impact will be.
3.  **Knowing what vulnerabilities matter doesn't mean you know how to fix them effectively**. Furthermore, remediation has also become more complex with many stakeholders and even more vulnerabilities.

To solve this, security and dev teams need intelligence on how to handle every vulnerability, what packages to upgrade, and to make sure this information is passed to the right stakeholders to make it easy for them to apply patches. This is the future of vulnerability management.

**Detect. Prioritize. Remediate: The New Road Map for Software Attack Surface Management**

The path forward in vulnerability management includes three key stops: Detect. Prioritize. Remediate. If these components sound familiar to you, it's because they're part of a framework called "Attack-Surface Management" that has been successfully applied to assets and networks. This is the strategy needed to expand software security beyond its traditional boundaries of simply scanning for vulnerabilities.

You can arrive at the stops with three capabilities:

**Detect:** A dynamic SBOM to see in real-time into the software environment and identify flaws.

**Prioritize:** A vulnerability prioritization tool to understand which bugs pose an actual risk.

**Remediate:** An automated vulnerability remediation that fixes the critical vulnerabilities.

**Does Your Vulnerability Management Strategy Include the Three Key Elements?**

Ask yourself whether your organization is protected with the traditional approach to vulnerability management using manual tools to find vulnerable software components. Most organizations today are fighting battle that fails to reduce the rapidly growing software attack surface. The best way forward is one that not only identifies bugs but also prioritizes and fixes them quickly and efficiently. That's why new tools and approaches are required in order to truly manage vulnerabilities in today's constantly growing attack surface.

**About the Author**

    

Liran Tancman, CEO and co-founder of Rezilion, is one of the founders of the Israeli cyber command and spent a decade in Israel's intelligence corps. In 2013, Liran co-founded CyActive, a company that built a technology capable of predicting how cyber threats could evolve and offer future-proof security. Liran served as CyActive's CEO and led it from its inception to its acquisition by PayPal in 2015. Following the acquisition, Liran headed PayPal's global Security Products Center responsible for developing cutting-edge technologies to secure PayPal's customers.

The 3 Critical Elements You Need for Vulnerability Management Today

Two mostly defunct threats — WannaCry and NonPetya — top the list of ransomware searches, but does that mean they are still causing problems?

Five years ago, two ransomware programs, WannaCry and NonPetya, used self propagation to spread quickly across the globe, infecting hundreds of thousands of computers, shutting down business operations, and causing billions in damages.

The two programs, often referred to as worms, have refused to die. In a back-of-the-napkin analysis of search terms for common ransomware programs, Canadian IT services and support firm Firewall Technical found that WannaCry and Petya claimed the top and third spot on a list of most searched-for ransomware — at 6,000 and 1,800 monthly searches, respectively — with Ryuk beating out Petya to claim the No. 2 slot, according to data collected from keyword-search tools commonly used by search engine optimization (SEO) firms.

With the Petya searches, it is likely that people are equating Petya with the more damaging NotPetya. People searching for information about Petya are more than likely looking for how to deal with NotPetya, as it has far more effect on everyone, the company says.

Certain other keyword phrases — such as "_X_ decryptor" and "_X_ ransomware removal" — highlighted different trends: "Locky ransomware removal" had a slight lead in monthly searches, and "Cerber decryptor" was the second most common after WannaCry. Arguably, searches for decryptors and removal information are more indicative of infections, according to the support firm's experts.

"Although reports of infections are the best way of detecting threats, monitoring search engine user behavior can give us a clue into both trends and the infections that users are dealing with," a Firewall Technical spokesperson said.

    

Source: Firewall Technical (https://www.firewalltechnical.com)

The fact that two worm-like programs continue to have a long-term impact on systems is not surprising. In its threat update on ransomware, security software firm WithSecure found that WannaCry still accounted for 53% of all detections in 2021 — more than the next four ransomware families combined.

The programs typically embed themselves inside organizations that do not have good visibility into the state of their systems and lack the ability to regularly patch systems, says Neeraj Singh, research and development manager at WithSecure.

"Most of the upstream ... cases that we receive come from the organizations \[that\] do not have the infrastructure to upgrade \[or\] patch operating systems," he says.

Luckily, the worms' impacts are blunted at present. Following a successful infection, WannaCry attempts to connect to a URL and, if successful, does not encrypt the files on the system — a behavior that researcher Marcus Hutchins used to create a kill switch that continues to work to this day.

While NotPetya has no kill switch, current volumes of infections are low enough to make tracking them difficult, according to WithSecure. To date, no new versions of either program have been observed since 2017, the company said.

If WannaCry and NotPetya follow the trajectory of past worm-like threats, they are unlikely to fade away quickly. Four years after the Slammer worm started spreading, for example, the so-called "flash" worm remained the most common network threat. More than a decade after the Conficker worm started spreading in 2008, endpoint security firms continue to block hundreds of thousands of intrusion attempts by infected systems every year.

The data collected by Firewall Tactical also shows the limits of relying on search terms for threat intelligence. Searches for "WannaCry ransomware" were only a sliver of the 201,000 hits in May 2017, when the crypto ransomware worm first appeared, suggesting that the long tail will continue to cause headaches for IT administrators. The 6,000 searches is also a far cry from the more general query for the keyword "WannaCry," which topped 3.4 million that month.

Internet Searches Reveal Surprisingly Prevalent Ransomware

It's time to expand the approach of TPRM solutions so risk management is more effective in the digital world.

SaaS-to-SaaS integrations are an inherent part of modern software-as-a-service use in business, and the adoption of third-party services is scaling rapidly to adapt. Malicious actors aren't lagging behind. They realize the lucrative benefits of leveraging these integrations to steal, leak, or abuse organizational assets.

Traditional third-party risk management (TPRM) solutions were introduced to help streamline and automate compliance processes. Recent supply chain breaches, such as the malicious third-party OAuth token abuse that affected GitHub customers, show how threats grow while SaaS use scales, making it imperative for business requirements around third-party risk evaluation and management to shift. The cybersecurity community's approach to these risks must shift accordingly.

While TPRM solutions serve a noble purpose — assessing the security of an organization's vendors — their value stops there. A vendor could be considered healthy in terms of its security controls, with a low-risk score, but only as a stand-alone vendor and regardless of its required integration and interaction with the organization and its valuable assets. Risk assessments, questionnaires, and aggregated data are time-consuming and costly to manage and provide minimal value without the proper context and holistic strategy to govern them.

Here are three critical considerations that should be top of mind as you assess and onboard third-party vendors:

**Can You Continuously Assess Their Access Level and Business Impact Risk?  
**

Existing TPRM solutions usually lack the context needed to understand the scope and nature of SaaS-to-SaaS integrations with third-party vendors. Given the dynamic nature of the SaaS sprawl, this can introduce tremendous amounts of (otherwise avoidable) risk. As part of the onboarding process, organizations must be able to accurately gauge critical elements of this partnership: Is the original business impact assessment aligned with the actual interaction with the vendor? Is the initial vendor assessment aligned with the permissions granted and the organizational need for the vendor? Did the relationship with the vendor or business requirement change over time?

TPRM questionnaires must be customizable and allow organizations to evaluate and manage vendors according to their associated business risk. Vendors that are crucial to your business and require access to sensitive information such as employee or customer data should be assessed using different parameters from those used to assess a lower-risk vendor.

Adding to this complexity is the interconnectivity between vendors. As the number of vendors grows, so does the number of connections. Supply chain management requires comprehensive visibility into all vendors and the vendors connected to them. Without such accountability, an organization can be breached through a third-party integration it wasn't even aware existed in its supply chain. For example, Salesforce may have third-party plug-ins that access sensitive data and personal identifiable information (PII) in Salesforce and therefore may pose a risk for an organization that uses Salesforce but is unaware of other vendors connected to it. In such a case, the vendors behind such plug-ins should be assessed accordingly.

**Do You Have a Vendor Offboarding Process?  
**

This is a deceptively simple question that has profound implications for third-party risk management. When an employee leaves the company, their privileges are revoked using a dedicated identity access and management (IAM) offboarding process, yet there's no similar procedure to offboard vendors. Making matters worse, vendors are onboarded daily by multiple functions across the organization. Even if a TPRM assessment process is triggered, it is set and forget, without the necessary continuous reassessment over time as the vendor access drifts from the initial setup.

What follows is a veritable vendor graveyard. Some vendors may have been onboarded during a previous vendor selection process, one was chosen, but the other two remain dormant and connected to the organization, usually with high privilege access that is never revoked. It is imperative to realize that even if you terminate your tenant on a vendor's platform, it doesn't mean you revoked its tokens to your environment.

Most organizations fail to adopt the required processes that answer this significant question: Is the vendor still used by the business unit? Without a periodic review of your vendors, their access privileges, who uses them, and how — you will have no way to establish and assess their risk.

**Can Your Vendor Risk Processes Scale to Support a Decentralized IT Organization?  
**

In a modern organization with dozens or hundreds of SaaS applications, IT is now decentralized and end users, citizen developers, and business owners onboard new third-party vendors daily. The lack of continuous supply chain risk assessment as the organization becomes more decentralized renders initial vendor evaluations irrelevant and outdated. As a result, security teams are increasingly unable to detect if a vendor has altered its characteristics, if its access into the organization has widened, or worse — if it has been compromised.

It's therefore critical to ask whether the vendor's business impact has increased over time and whether it requires a new assessment. Manually assessing vendor privileges and integrations is impractical and quickly becomes irrelevant in an increasingly agile and dynamic SaaS environment. Adding to this burden is the lack of awareness on the part of users and even system administrators of the importance of updating assessments and ensuring they're aligned with current needs and requirements. The absence of a clear policy defining when and how to conduct inventories of vendor integrations prevents common-sense changes from being implemented.

**Make Room for Changes  
**

A uniform approach to third-party vendor assessments is a near-sighted, partial solution to a dynamic problem.

Vendors differ in their essential purpose, with some geared toward low risk and others requiring access to personal or financial client information which, if leaked, lost, or stolen, could pose significant harm. Therefore, the security community must expand existing TPRM approaches to adapt to the vendor risk management life cycle and ensure its effectiveness in securing SaaS-to-SaaS integrations in the dynamic digital enterprise.

3 Golden Rules of Modern Third-Party Risk Management

Cynet CISO survey reveals lack of staff, skills, and resources driving smaller teams to outsource security with advanced tools, technologies, and services.

**Boston, MA – July 13, 2022 –** Cynet, the world’s first provider of an autonomous, end-to-end, fully automated extended detection and response (XDR) platform, today announced the results of its second annual “CISO Survey of Small Cyber Security Teams." The survey found that companies with small security teams continue to face a number of unique challenges that place these organizations at greater risk than larger enterprises. These enhanced risks are moving these companies to consolidate security platforms to fewer, more robust and comprehensive tools to simplify and improve protections.

The Cynet survey analyzed responses from 200 Chief Information Security Officers (CISOs) at small and medium size enterprises (SMEs) with five or fewer security staff members and cybersecurity budgets of $1M USD or less. It found that a majority of these organizations were overwhelmed by an endless volley of cyberattacks. These security professionals report that they are inundated by many of the same threats facing larger organizations, but lack the financial resources, staff specialists, training and proper tools to consistently remediate them.

According to the survey results:

*   58% of the responding CISOs felt their risk of attack was higher compared to enterprises, despite the fact that enterprises have a larger target on their back.
*   94% say they have barriers in maintaining their security posture, due to a lack of skilled security personnel (40%), excessive manual analysis (37%), and the increasingly remote workforce (37%) among other factors.
*   87% have difficulty in managing and operating their threat protection products due to overlapping capabilities (44%) and difficulty visualizing the full scope of an attack (42%).
*   As a result, 90% of small security teams are outsourcing security mitigation to a Managed Detection and Response (MDR) service, while also using Managed Security Service Provider (MSSP) services (21%) and Virtual Chief Information Officer (vCISO) services (15%).

The survey also revealed a huge year-over-year rise in the use of Endpoint Detection and Response (EDR) tools (from 52% to 85% of respondents), as well as a doubling of Extended Detection and Response (XDR) tool usage (from 15% to 30%). Among respondents, 77% indicated that EDR is now the #1 tool for detecting threats, up significantly from 23% in 2021. Those reporting Network Detection and Response (NDR) as the primary method for detecting threats fell from 46% in 2021 to only 3% in the 2022 survey. It's clear that small security teams are seeing the value in robust EDR/XDR solutions, especially in remote working landscapes where employees are often not on the company network.

"CISOs with small security teams struggle to purchase and maintain the comprehensive set of security solutions needed to protect their companies from increasingly sophisticated threats," said Eyal Gruner, CEO and Co-Founder of Cynet. "The survey results once again show how these security experts continue to adapt their protection strategies in response to the ongoing wave of criminal and state sponsored cyberattacks."

To see complete metrics, analyses and data visualizations, download a free copy of the 2022 Cynet CISO Survey of Small Cyber Security Teams.

About Cynet  
Cynet is a provider of the world’s first end-to-end, natively automated extended detection and response (XDR) platform – Cynet 360 AutoXDR™ – backed by a 24/7 MDR service. Its mission is to make it easy and stress-less for any organization to be safe and secure from cyber threats. The platform was purpose-built to enable small security teams to achieve comprehensive and effective protection regardless of their resources, team size, or skills. It does this by managing day-to-day security operations so teams can focus on managing security rather than operating it. The complementary 24/7 MDR service provides organizations with monitoring, investigation, on-demand analysis, incident response, and threat hunting. Visit to learn more: https://www.cynet.com.

Survey: Small Cybersecurity Teams Face Greater Risk from Attacks than Larger Enterprises

The massive phishing campaign does not exploit a vulnerability in MFA. Instead, it spoofs an Office 365 authentication page to steal credentials.

Microsoft recently discovered a widespread phishing attack campaign targeting Office 365 users that lures victims to a phony Office authentication page where it pilfers their credentials and later executes a second wave of attack, business email compromise (BEC), using intel gathered from their email accounts.

The attackers behind the campaign have targeted more than 10,000 organizations since September 2021, according to Microsoft, and employ the Evilginx2 phishing kit as the infrastructure for hijacking the authentication process. "We also uncovered similarities in their post-breach activities, including sensitive data enumeration in the target’s mailbox and payment frauds," according to a post by the Microsoft 365 Defender Research Team that details the attacks.

The man-in-the-middle attack — or, as Microsoft now calls it, adversary-in-the-middle (AiTM) — sets up a proxy server that sits between the victim and the actual authentication page. "Such a setup allows the attacker to steal and intercept the target's password and the session cookie that proves their ongoing and authenticated session with the website. Note that this is not a vulnerability in MFA; since AiTM phishing steals the session cookie, the attacker gets authenticated to a session on the user’s behalf, regardless of the sign-in method the latter uses," Microsoft said in its post.

Organizations should up their MFA game with conditional access policies, which vet sign-in requests based on identity, IP location, and device status, for example, according to Microsoft.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Microsoft: 10,000 Orgs Targeted in Phishing Attack That Bypasses Multifactor Authentication

QuSecure’s QuProtect leverages unique post-quantum cryptographic algorithm on government legacy systems to achieve world’s first and only post-quantum resilient channel within a government facility.

**SAN MATEO, Calif. — July 12, 2022 —** QuSecure™, Inc., a leader in post-quantum cybersecurity (PQC), today announced the U.S. Federal Government is currently orchestrating the world’s first-ever post-quantum encryption communication over a Government network by utilizing its QuProtect™ PQC solution. QuProtect is the industry’s first end-to-end PQC software-based solution uniquely designed to protect encrypted communications and data with quantum-resilience using quantum secure channels.

The Government is leveraging QuSecure’s unique post-quantum cryptographic algorithm on its legacy systems at a combined Air Force, Space Force and NORAD location. The quantum-resilient deployment has 100-percent uptime protecting data that previously used standard encryption, with no increased bandwidth or latency issues through QuProtect’s quantum tunnel. Data currently being transmitted cannot be decrypted by others unless they have the QuProtect system, and any adversary collecting the protected data to store will be unlikely to decrypt it in the future, even with a quantum computer.

“This is extremely significant because the U.S. Government has not employed a post-quantum communications channel on premises before,” said Pete Ford, QuSecure Head of Federal Operations. “The QuProtect platform is performing exceptionally well with uninterrupted, continuous quantum channel uptime protecting formerly classically encrypted and quantum vulnerable asymmetric keys.”

This historic event was possible due to activities around QuSecure’s evaluation for, and eventually winning, the Small Business Innovation Research (SBIR) Phase III Federal Government procurement contract for PQC solutions. Announced last month, QuSecure has been established as the Government’s leading provider of PQC solutions, setting the standard for Government’s PQC requirements. This is the Government’s first and only Phase III designation aimed at addressing end-to-end comprehensive solutions to the post-quantum threat, and further emphasizes today’s need to deploy PQC for classical and future quantum attacks.

Federal agencies participating in SBIR include the following agencies and departments: Small Business Administration, Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Transportation, Environmental Protection, the National Aeronautics and Space Administration (NASA), and the National Science Foundation.

The Government’s deployment of QuSecure is being operated over an open Internet network on legacy equipment and systems. QuSecure has proven it works on Government systems by using cryptographic agility that supports all National Institute of Standards and Technology (NIST) finalist algorithms in the post-quantum cryptography standardization competition. The winners of the NIST competition were announced on July 5.

“With the current speed of business, commerce, warfare and everyday communications, QuProtect protects all data on existing systems and devices and does not slow the systems down,” added Ford. “We have proven this in our successful pilot, which will lead to the large-scale deployments as a result of our SBIR Phase III contract with the Government. This historic moment places QuSecure one step closer to fulfilling our vision of ensuring an exceptionally secure quantum future.”

QuProtect enables organizations for the first time to leverage quantum resilient technology to help prevent today’s cyberattacks, while future-proofing networks and preparing for post-quantum cyberthreats. It provides quantum-resilient cryptography, anytime, anywhere and on any device. QuProtect uses an end-to-end quantum-security-as-a-service (QSaaS) architecture that addresses the digital ecosystem’s most vulnerable aspects, uniquely combining zero-trust, next-generation post-quantum-cryptography, quantum-strength keys, high availability, easy deployment, and active defense into a comprehensive and interoperable cybersecurity suite. The end-to-end approach is designed around the entire data lifecycle as data is stored, communicated, and used.

**About QuSecure**  
QuSecure is a leader in post-quantum cybersecurity with a mission to protect enterprise and Government data from quantum and classical cybersecurity threats. Its patent-pending, quantum-safe solutions provide an easy transition path to quantum resiliency across any organization. The company’s QuProtect solution is the industry’s first PQC software-based platform uniquely designed to protect encrypted communications and data with quantum-resilience using a quantum secure channel. QuSecure has current customer deployments in banking/finance, healthcare, space/satellite, IT/data enterprises, datacenters, and various Department of Defense agencies. QuSecure is investor backed and has offices in Silicon Valley. For more information visit www.qusecure.com.

US Government and QuSecure Orchestrate First-Ever Post-Quantum Encryption Communication over a Government Network

Barracuda research finds organizations are struggling to protect operational technology and getting breached as a result.

CAMPBELL, Calif., July 12, 2022 /PRNewswire/ -- Barracuda Networks Inc. (Barracuda), a trusted partner and leading provider of cloud-enabled security solutions, today released key findings from a report titled _The State of Industrial Security in 2022__._ Commissioned by Barracuda, the research surveyed 800 senior IT managers, senior IT security managers, and project managers responsible for industrial internet of things (IIoT)/operational technology (OT) in their organization to get their perspectives on IIoT/OT security projects, implementation challenges, security incidents, technology investments, and a variety of issues related to cybersecurity risks.

Overall, the research shows that critical infrastructure is under attack, and despite agreement that IIoT and OT security is critical, businesses are facing some significant challenges as the geopolitical landscape becomes increasingly tense. Security breaches have shown to have impacts beyond monetary losses as well, resulting in significant downtime with long-lasting breach impact. The research found:

*   **Attacks are widespread:** 94% of organizations surveyed acknowledged experiencing a security incident in the last 12 months.
*   **Geopolitical concerns:** 89% of respondents are very or fairly concerned about the impact that the current threat landscape and geopolitical situation will have on their organizations.
*   **Breaches are impacting operations:** 87% of organizations that experienced an incident were impacted for more than one day.

"In the current threat landscape, critical infrastructure is an attractive target for cybercriminals, but unfortunately IIoT/OT security projects often take a backseat to other security initiatives or fail due to cost or complexity, leaving organizations at risk," **said Tim Jefferson, SVP, Engineering for Data, Networks and Application Security, Barracuda.** "Issues such as the lack of network segmentation and the number of organizations that aren't requiring multifactor authentication leave networks open to attack and require immediate attention."

Organizations across the board have acknowledged the importance of investing even further in IIoT and OT security, with 96% of business leaders noting that their organization needs to increase their investment in industrial security. A full 72% of organizations signaled that they have either already implemented or are in the process of implementing IIoT/OT security projects, but many are facing significant challenges when it comes to implementation, including basic cyber hygiene.

*   **Manufacturing and healthcare lag behind:** Critical infrastructure organizations are leading with implementation, and 50% in oil and gas having completed projects. Only 24% in manufacturing and just 17% in healthcare have completed projects.
*   **Businesses are experiencing failures:** 93% have failed in their IIoT/OT security projects.
*   **Effective IIoT security implementations are making an impact:** For organizations with completed IIoT and OT security projects, 75% have experienced no impact at all from a major incident.
*   **Multifactor authentication (MFA) use is low:** Only 18% of companies surveyed restrict network access and enforce multifactor authentication when it comes to remote access to OT networks.
*   **Low MFA use is prevalent even in critical industries:** Critical verticals like energy (47%) allow full remote access without MFA for external users.
*   **Skills have an impact:** Less than half of organizations surveyed can handle applying security updates themselves (49%).
*   **Manual updates are cumbersome:** Organizations are hit the worst when security updates are not automatic.

IIoT and OT security continue to be a major target for attackers, but there is hope for businesses that take a proactive approach. Businesses should implement tools to combat these challenges, including the use of secure endpoint connectivity devices and ruggedized network firewalls, all centrally deployed and managed via a secure cloud service that can enable effective network segmentation and advanced threat protection, provide multifactor authentication, and even implement Zero Trust Access.

"IIoT attacks go beyond the digital realm and can have real-world implications." said **Klaus Gheri, VP Network Security, Barracuda.** "As attacks continue to rise across industries, taking a proactive security approach when it comes to industrial security is critical for businesses to avoid being the next victim of an attack."

**Resources:**

Download the full report: https://barracuda.com/iiot-2022-report  
Read the blog post: http://cuda.co/51231

**About Barracuda**

At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-first, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data, and applications with innovative solutions that grow and adapt with our customers' journey. More than 200,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level. For more information, visit barracuda.com.

New Research Reveals 93% of Organizations Surveyed Have Had Failed IIoT/OT Security Projects

Machine learning and automation can help free up security pros for higher-value tasks.

Humans have a well-deserved reputation for being the weakest link in the cybersecurity of any size organization. Whether it's an IT specialist misconfiguring a firewall setting, a DevOps engineer failing to secure a cloud storage bucket, or a hapless business user falling for a phishing scam, the vast majority of cybersecurity breaches are primarily caused by human error creating exploitable vulnerabilities. The result is many avoidable weaknesses being pursued by criminal opportunists enabled by cheap, plentiful cybercrime tools of the trade.

Thankfully, the humans working in the security operations center (SOC), the Tier 1 and Tier 2 analysts on the front line of cyber defense, are the strongest link in cybersecurity operations. They must be kept in the loop, ideally performing higher-value tasks than keeping "eyes on the glass" to review security telemetry.

**Tools for Assisting, Not Replacing, Humans  
**

Looking to technology to help us secure technology is the right approach. The servers, Web applications, endpoints, network devices, and security measures in a company's digital landscape produce massive volumes of security telemetry and alerts that must be monitored and analyzed, but most turn out to be benign.

Identifying the meaningful alerts in high-volume event streams is the perfect job for correlation rules and unsupervised machine learning (ML) algorithms that combine human knowledge and threat intelligence with continuous learning and improvement. Machines can handle the speed and scale required for the initial screening of the high-volume stream of event logs and alerts. Also, algorithms don't get tired or have a lapse in attention, go on vacation, or call in sick.

Automating this facet of SOC operations allows these AI-based tools to do the tedious work of sifting out false positives and correlating and surfacing real alerts in real time. Automation can also go a step further, applying rules in playbooks to enrich alerts with context (which machine or user, what happened, when), contain suspicious activity in the network, and trigger an automatic response in well-defined use cases.

The result can be minimizing the volume of alerts by a factor of 10 or more, from 10,000 a day to 1,000 or less. This noise reduction saves up to 50% of expert SOC labor, dramatically increasing SOC efficiency and effectiveness.

**Humans Are the Ones Who Catch the Cybercriminals in Action  
**

This type of automation frees expert human analysts to use their experience, skills, intuition, and problem solving in the hunt for cybercriminals active in your environment. The automation feeds junior SOC analysts who triage the findings by applying human intelligence to recognizing patterns, evaluating anomalies, eliminating false positives, and identifying alerts that need further human assessment.

For example, John in HR typically accesses two databases during regular business hours. An alert comes through that John has accessed a third database on a Saturday. Only a human can determine if this new behavior is anomalous but nonthreatening. After the SOC analyst notifies the IT department about the unexpected database activity, IT confirms that John has been granted temporary access to the additional data, which is HR-related.

After triage by junior SOC analysts, high-priority alerts are forwarded to SOC senior analysts. These skilled security specialists are charged with investigating the alerts and identifying where an attack is coming from, the cybercrime groups behind the attack, methods they are using, lateral movement observed, and the dwell time of attackers. SOC experts also propose strategies for mitigation and eradication.

Humans are most essential when identifying attacks that cut across different systems, applications, and access methods. It was skilled humans who uncovered new activity on the part of Hafnium. The nation-state cybercriminals had been exploiting vulnerabilities in Microsoft Exchange servers to steal emails, compromise networks, and move laterally in affected organizations. These incursions took place for three months prior to discoveries credited by Microsoft to researchers at security firms Volexity and Dubex.

**Key Takeaways  
**

Organizations of any size, but particularly midsize and larger enterprises, can benefit from having their SOCs use artificial intelligence, unsupervised ML, and automation to remove the burden of first-level event log screening from junior analysts and provide intelligence that senior analysts can use in investigations. Such automation is necessary to handle the ever-increasing volume, velocity, and variety of security telemetry. It cannot, however, eliminate the need for the expert human analyst.

SOC analysts need not be concerned about job security in the face of ML and automation. Rather, they should welcome the improved productivity and freedom automation provides to use their intelligence and creativity for higher-value activities such as research, threat analysis, remediation, and threat hunting.

Source

DARKReading