New analysis reveals basic regulatory password requirements fall far short of providing protection from compromise.

A new look at a database of more than 800 million known-breached passwords reveals that 83% of them met basic security standards set by five different standards agencies. 

Minimum password lengths prescribed by NIST, HITRUST for HIPPS, PCI, ICO for GDPR, and Cyber Essentials for NCSC ranged from seven to 10 and included requirements for password complexity, special characters, and numbers — but none were enough to keep compliant passwords off the breached list, according to a new report from Specops Software. 

"What this data really tells us is that there is a very good reason why some regulatory recommendations now include a compromised password check," said Darren James, product specialist at Specops Software, in a statement about the new password policy research. "Complexity and other rules might help but the most compliant password in the world doesn’t do anything to protect your network if it's on a hacker's compromised password list."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Strong Password Policy Isn't Enough, Study Shows

New features include context-aware, zero-trust data protection on local peripherals and devices.

SANTA CLARA, Calif. – May 24, 2022 – Netskope, the leader in Security Service Edge (SSE) and zero trust, today announced a key expansion of data protection capabilities to endpoint devices and private apps. The introduction of a patented endpoint data loss prevention (DLP) solution will enable Netskope Intelligent SSE customers to protect data everywhere it moves across the hybrid enterprise.

Zero trust principles are critical to SSE, which describes the security stack needed to enable a modern Secure Access Service Edge (SASE) architecture. Data protection is of utmost importance throughout a SASE architecture—specifically, the need for security to move with data wherever it is accessed, and apply zero trust to determine the right level of access. Additionally, legacy and endpoint DLP offerings have failed enterprises by being siloed, complicated, and intrusive, hindering user productivity.

Netskope has been consistently recognized by top industry analysts for its advanced data protection capabilities. With today’s continued expansion of the Netskope Intelligent SSE platform, Netskope customers will be able to protect data across SaaS, IaaS, private applications, web, e-mail, and endpoint devices from a single converged data protection solution, leveraging machine learning, user and entity behavior analytics (UEBA), and insider threat mitigation capabilities to improve security efficacy, efficiency, and agility.

  
Notable features of Endpoint DLP include:

· Context-aware, zero trust data protection on local peripherals and devices, such as USB drives and printers

· Unified data classification, policy enforcement, and incident management for DLP across SaaS, IaaS, private apps, web, e-mail, and endpoint devices

· A patented lightweight endpoint agent with cloud-based inspection and contextual data protection policies that enhance the user experience

· Machine learning and Advanced Analytics to help simplify data classification and policy definition, lowering operational overhead

· UEBA, which makes it possible to identify and stop complex data loss scenarios such as insider risk, where users are unintentionally or even maliciously abusing their access to data

“No SASE or zero trust journey will be successful without data protection capabilities that can address all critical use cases in a way that is easy to deploy and doesn’t slow down users,” said John Martin, Chief Product Officer, Netskope. “The introduction of Endpoint DLP extends Netskope’s award-winning data protection capabilities that much further, to critical use cases with endpoint devices. While some competitors may offer unified policy and management or provide data protection for certain vectors, Netskope is the only vendor that can provide truly converged data protection across the full IT environment. We are very excited to deliver Endpoint DLP to customers as another Netskope game-changer.”

“With Netskope’s new eDLP, we can now offer single-pass data protection —across all vectors, from the cloud to the endpoint —with unified policies, within a single management console,” said Mick Coady, Global Vice President CyberSecurity Solutions, World Wide Technology. “As a Platinum Partner in Netskope’s Evolve partner program, we’re seeing the huge growth opportunity that Netskope’s Intelligent SSE approach represents. This new addition will accelerate that growth.”

A work-from-anywhere, or “hybrid,” environment makes it increasingly difficult to maintain security models based on implicit trust in any entity that wants to connect. Zero trust principles enable organizations to govern access to data based on behavior by users, devices, networks, and applications— increasing confidence in policy enforcement everywhere. By evaluating several contextual elements—user identity, device identity and security posture, time of day, geolocation, business role, sensitivity level of the data, and more—the resource itself can determine an appropriate level of confidence, or trust, only for that specific interaction and only for that specific resource. Using Netskope Intelligent SSE with zero trust principles applied throughout the environment, businesses become more agile, reduce risk, and streamline solution deployment and maintenance.

"DLP has been extremely complicated and cumbersome, and that's before you factor in cloud, web, email, private apps, and endpoints,” said Frank Dickson, IDC Group Vice President, Security & Trust. “Netskope looks to address complexity with integration, providing a unified cloud delivered solution. Compared to old school network and endpoint-based DLP solutions, having DLP in this integrated solution makes it dramatically easier to protect data wherever it may be and in a manner that is frictionless for end users. It is a win-win.”

Visit Netskope and take a demo of Intelligent SSE at Booth #S449 at RSA Conference, June 6-9, 2022, in San Francisco. For more on today’s announcement, read the Netskope blog.

**About Netskope**  
Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply zero trust principles to protect data. The Netskope Intelligent Security Service Edge (SSE) platform is fast, easy to use, and secures people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements. Learn how Netskope helps customers be ready for anything on their SASE journey, visit netskope.com.

Netskope Expands Data Protection Capabilities to Endpoint Devices and Private Apps

New funding led by global cyber investor Paladin Capital Group, alongside existing investors Columbia Capital and Skylab Capital.

**ALEXANDRIA, Va., May 24, 2022**\--(BUSINESS WIRE)--Nisos, The Managed Intelligence CompanyTM, today announced $15 million in Series B funding led by global cyber investor Paladin Capital Group alongside existing investors Columbia Capital and Skylab Capital. The new funding will be leveraged to accelerate company growth with investments in the company’s Managed Intelligence services, the Nisos Intelligence PlatformTM, and additional staff to meet client’s increasing intelligence needs.

"Nisos provides a level of intelligence that is timely, relevant, and actionable. Their monitoring, analysis, and investigation services have been a critical component of our diligence process, enabling us to quickly quantify risk and accelerate acquisitions," said Jason Button, Lead for Security, Integration, and Mergers, Cisco Systems, Inc.

To date, the company has secured over $33 million in funding and experienced tremendous momentum, with a 140 percent increase in Q1 bookings year-over-year. In the last year, the company expanded internationally with the opening of its first European office, increased its headcount by 60 percent, and issued prominent, high visibility research that reveals cybersecurity issues and disinformation campaigns throughout the globe.

"While threat intelligence holds the promise of making protection efforts more precise, in many cases it does the exact opposite, overwhelming teams with terabytes of unorganized information. Managed Intelligence is addressing these shortcomings and empowering security teams with the right information at the right time so that they can effectively combat today's sophisticated adversaries," said Christopher Steed, Chief Investment Officer and Managing Director at Paladin Capital Group. "In this emerging space, Nisos is pioneering an innovative new approach with its unique ability to connect cyber and physical risk for more effective threat intelligence, enabling the company to triple its valuation in two years while also positioning itself for continued rapid growth."

As part of the company’s client enablement strategy, the new funding will be used to expedite product management and development, drive market awareness and elevate customer services and success. This includes plans to refine the Nisos Intelligence Platform to improve analyst and client experiences and build a foundation for additional growth ahead.

"Over the last year, Nisos has grown tremendously as we’ve expanded our platform and continued to add talented experts to address the needs of our growing client base, positioning us at the forefront of the Managed Intelligence market," said David Etue, CEO at Nisos. "This funding helps us expand our offerings and the company to meet accelerating demand from clients who increasingly understand the value of intelligence, and discover that the more they learn, the more resources and expertise they require."

**About Nisos**

Nisos is The Managed Intelligence CompanyTM. Our services enable security, intelligence, and trust & safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyberattacks, disinformation and abuse of digital platforms. For more information visit: www.nisos.com

**About Paladin Capital Group**

Paladin Capital Group was founded in 2001 and has offices in Washington DC, New York, London, Luxembourg, and Silicon Valley. As a multi-stage investor, Paladin Capital Group’s core strength is identifying and supporting innovative companies that develop promising, early-stage technologies to address the critical cyber and advanced technological needs of both commercial and government customers.

Combining proven investment experience with deep expertise in global security, cyber technology, and cutting-edge research, Paladin has invested in more than 60 companies and has been a trusted partner to investors, entrepreneurs, and governments for over two decades. Follow the firm on Twitter @Paladincap and visit www.paladincapgroup.com.

Nisos Announces $15 Million in Series B Funding Round

Million-dollar crypto heists are becoming more common as the currency starts to go mainstream; prevention and enforcement haven't kept pace.

The attack against the Ronin Network in March was quickly speculated to be one of the largest cryptocurrency hacks of all time. Approximately $540 million was stolen from the cryptocurrency and NFT games company in a combination of USDC and Etherium, with $400 million of the stolen funds owned by customers playing the game Axie Infinity.

This attack was the latest in a string of thefts perpetrated against crypto and should be a jolt to both the digital asset and cybersecurity communities to bring the security of cryptocurrencies into line.

**A History of Heists  
**The current vogue of large-scale crypto heists goes as far back as the 2014 Mt. Gox hack (another cryptocurrency exchange built around a game, Magic: The Gathering), which went into bankruptcy after losing $460 million of assets.

However, the trend has been gathering pace. In the months leading up to the Ronin Network attack, cybercriminals stole nearly $200 million worth of cryptocurrency from the crypto trading platform BitMart, attacked 400 Crypto.com users, and orchestrated NFT-related scams, to name but a few incidents.

There is often an uncomfortable tendency to see these attacks as something that takes place in isolation in a remote part of the Internet when they actually have a huge impact on thousands of people. Axie Infinity, for example, has millions of players around the world, and in the wake of the Ronin Network attack, regular users reported losing tens of thousands of dollars. In some cases, this was their livelihood, with many players in the Philippines playing to win digital assets as a full-time job.

**Crypto Goes Mainstream  
**This demonstrates how digital assets have become more deeply ingrained into our society since the Mt. Gox hack. Cryptocurrency is now used by a far broader cross-section of the population (13% of Americans traded crypto in 2020), major companies now accept it as payment (such as Tesla), and nations have integrated cryptocurrencies into their economies.

El Salvador famously became the first country to adopt Bitcoin as an official currency in 2021, but many countries are now looking to join the party. The UK, for example, recently announced its intention to become a "global hub" for the crypto industry, proposing new regulations for stablecoins and even an NFT backed by the Royal Mint. President Biden’s Executive Order on Digital Assets, released in March, also acknowledged the growing role of cryptocurrencies in the US economy.

**The Knock-on Effects of a Hack  
**As digital assets become deeply ingrained into our lives, the attacks against them have wider societal impacts. For example, crypto is the currency of choice for cybercriminal activity and the Dark Web, including ransomware attackers, malware operators, scammers, human traffickers, dark-net market operators, and terrorist groups.

Their vulnerability and the ease in which they can be laundered therefore contributes to the coffers of cybercriminals. An analysis of wallets controlled by cybercriminals suggested that at least $8.6 billion of cryptocurrency was laundered in 2021. There is also evidence of stolen cryptocurrencies funding hostile nation-states, with North Korean groups reported to have stolen $400 million of cryptocurrency last year, potentially to offset financial sanctions.

This criminal activity also creates a burden on law enforcement around the world. In 2021, the Department of Justice launched the National Cryptocurrency Enforcement Team (NCET), focusing specifically on crime involving digital assets. In one single seizure this year, the task force obtained 94,000 Bitcoin ($3.6 billion), demonstrating the scale of the illegal market it is trying to tackle.

**Security and Regulation  
**First, crypto companies need to improve their cybersecurity — fast. The Ronin Network admitted that it took six days to notice that a hacker had exploited a security flaw and stolen $540 million worth of cryptocurrency. This level of security is unacceptable. If these organizations are asking users to trust them with assets, they must provide the security to protect them. If they don’t invest in security, the attacks will continue and users will very quickly lose confidence in these platforms.

Second, the increasing severity of these attacks supports the argument that crypto companies require greater regulation. Regulated financial institutions cannot afford to get away with the loss of millions in assets. Of course, attacks do happen, but regulations hold the security of regulated institutions to a sufficient standard that losses are mitigated. When these standards are not met, there are consequences put in place by the regulators.

We have to eliminate the perception that crypto hacks are inconsequential, only affecting those at the margins of society. They are not: Thousands of people are affected directly, with ever more joining the cryptocurrency world every day. Moreover, with cryptocurrencies funding the criminal community, these hacks will increasingly impact everyone whether you directly engage with digital assets or not.

Crypto Hacks Aren’t a Niche Concern; They Impact Wider Society

An analysis from Google TAG shows that Android zero-day exploits were packaged and sold for state-backed surveillance.

At least eight governments around the world have purchased a package of Android zero-day exploits from a company called Cytrox and are using them to install spyware on targets' mobile phones. The development highlights the sophistication of off-the-shelf surveillance offerings, according to a recent report. 

Google's Threat Analysis Group (TAG) said that by taking advantage of the time difference that keep some systems from being updated for hours after patches were released, the Cytrox exploits allowed governments to target Android users with malware to record audio, add CA certificates, and hide apps, Google's TAG said.

The report explained that the governments of Armenia, Côte d’Ivoire, Egypt, Greece, Indonesia, Madagascar, Serbia, and Spain are confirmed to have used the Cytrox exploits in at least three state-backed campaigns, adding there are likely others. 

"Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits," the TAG report said, adding that the group is currently tracking more than 30 additional surveillance vendors with the capability of selling tools to state-backed actors. 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Multiple Governments Buying Android Zero-Days for Spying: Google

NIST may be on the brink of revealing which post-quantum computing encryption algorithms it is endorsing, solidifying commercial developments like QuProtect.

Cybersecurity experts are awaiting the imminent announcement from the National Institute for Standards (NIST) of its recommended post-quantum computing (PQC) encryption algorithms, an important milestone in a years-long process that started back in 2016 with 82 candidates. NIST has signaled it will reveal its decision imminently — possibly just before or during the RSA Conference in San Francisco in two weeks, amid a swirl of new activity in the field of quantum computing.

The PQC algorithms would join RSA and elliptic curve cryptography (ECC) as a new generation of NIST-recommended encryption standards. The PQC algorithms promise to enable encryption that is exponentially more powerful than current standards, which will become essential when quantum computers are available for commercial use.

Once NIST reveals which four algorithms it is endorsing, the next phase of drafting standards will begin. That process is expected to take roughly a year. But the pending decision will establish which algorithms to focus on. While the NIST selection will allow stakeholders to apply them to their offerings, many providers say that is just one part of the solution. Several startups focused on addressing PQC are now coming out of stealth. The latest came last Thursday, when QuSecure, a San Mateo, Calif.-based company formed three years ago, officially launched both itself and its first PQC product, called QuProtect. QuSecure describes QuProtect as an orchestration platform that can protect data in transit and at rest encrypted with the new PQC algorithms.

**A 'Perfect Storm' for Quantum Computing**

NIST's selection, until recently considered at least a year away, would come amid a perfect storm unfolding this month in quantum computing, all signaling that CISOs should accelerate their PQC strategies. Recent disclosures portend that quantum computing could become commercially available sooner than once thought likely. Notably, IBM two weeks ago revealed that it will release a 433-qubit processor called IBM Osprey by the end of this year, more than a threefold increase from IBM Eagle, a 127-qubit processor introduced in November 2021. IBM's updated roadmap calls for the introduction of a 1,000-qubit processor next year called IBM Candor. In three years, IBM plans to deliver a multi-cluster offering capable of exceeding 4,000 qubits.

"By 2025, we will have effectively removed the main boundaries in the way of scaling quantum processors up with modular quantum hardware and the accompanying control electronics and cryogenic infrastructure," Jay Gambetta, VP of quantum computing and an IBM Fellow, explained in a May 10 blog post. During that same week, D-Wave Systems announced the availability of its Advantage quantum computer via the Leap quantum cloud service, a part of the University of Southern California-Lockheed Martin Quantum Computing Center hosted at USC's Information Sciences Institute (ISI).

After the creation of Shor's algorithm in 1994, researchers realized that once quantum computers arrive with an abundant level of scale and precision, they will be able to break current forms of encryption. Besides RSA and ECC, quantum computers are expected to break the long-trusted Diffie-Hellman key exchange algorithm used for modern cryptographic communications including SSL, TLS, PKI, and IPsec.

Meanwhile, efforts to provide protections from quantum computing is accelerating. The recent White House directives emphasized that the government and industry should move forward with NIST's standards as well as calling for swift passage of the Bipartisan Innovation Act, legislation reintroduced last year as the Endless Frontier Act by US Senate Majority Leader Chuck Schumer, Senator Todd Young (R-IN), Representative Ro Khanna (D-CA), and Representative Mike Gallagher (R-WI). The bill seeks to boost funding in research and the advance of technology deemed critical to US national security, which includes artificial intelligence, PQC, and semiconductors.

Following the White House directive, the US House of Representatives Oversight and Government Reform Committee on May 11 unanimously passed the Quantum Computing Cybersecurity Preparedness Act, a bill proposed by US Representative Nancy Mace (R-SC) seeking to advance the migration of federal government IT systems with PQC capabilities. The legislation now sits before the House for consideration.

**Building QuProtect**

QuSecure was founded by chairman and COO Skip Sanzeri, CEO Dave Krauthamer, and chief product officer Rebecca Krauthamer, who is also a member of the World Economic Forum's Global Future Council on Quantum Computing.

Sanzeri tells Dark Reading that roughly 15 customers are now piloting QuProtect, including several branches of the US Department of Defense and large enterprise businesses. The only commercial customer QuSecure has permission to reference is Franklin Templeton, the New York-based diversified investment firm with roughly $1.5 trillion in assets under management as of April 30, which is best known for its large mutual funds. QuSecure is incubated within Franklin Templeton, which is also an investor in the company.

While Franklin Templeton declined to comment on its QuProtect pilot, Sanzeri says it is currently in beta there. "We are moving to the next step to a broader rollout," Sanzeri says. While Sanzeri said he was restricted in the amount of detail he could offer, it has established the quantum communications link between its servers and select institutional customers. The technology doesn't require the customers to add anything on their end, he says.

The QuProtect communications channels can run on servers on premises and in the cloud, Sanzeri adds. Eventually, it will run on network switches as well, according to Sanzeri, who says QuSecure has been in talks with players including Cisco, Fortinet, Juniper Networks, and Palo Alto Networks. "The switch providers are very standards based," Sanzeri says. "And one of the reasons why they haven't necessarily adopted this yet, across the board is because NIST hasn't finalized their standards. But once they do, then I think the switch providers will all come along nicely."

QuProtect provides a secure communications channel designed to protect any node on a network and is designed to use any of the NIST-approved PQC algorithms. Sanzeri claims QuSecure is the first company that is offering a complete PQC platform. "There are some point solutions out there that might be focusing on, say, quantum random number generation, or possibly just on cryptography," Sanzeri says. "And we think that is fine. However, it's not enough. If you're going to protect the enterprise, you need to be able to protect holistically."

Vincent Berk, chief strategy officer of QuantumXchange, which provides software that uses PQC keys shared on two specific endpoints, disputes QuSecure's claim of being the only company developing a complete offering. "To claim you're the first one that brings post quantum cryptographic solutions to the entire world, I can make that exact same claim for QuantumXchange, and we can start bickering over what we consider post quantum hard," Berk says.

Nevertheless, Berk, who joined QuantumXchange earlier this year after serving as CTO and chief security architect at Riverbed Technology, believes the QuSecure has a viable offering. "What I think they're doing a great job of is they're trying to make it as easy as possible to get you to know that you can trust your new cryptographic algorithms are working for you," Berk adds.

QuSecure Carves Out Space in Quantum Cryptography With Its Vision of a Post-RSA World

The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.

Public repositories of open source code are a critical part of the software supply chain that many organizations use to build applications. They are therefore an attractive target for adversaries seeking to distribute malware to a mass audience.

The latest case in point is a malicious package for distributing Cobalt Strike on Windows, macOS, and Linux systems, which was uploaded to the widely used Python Package Index (PyPI) registry for Python application developers. The "pymafka" package has a name that's very similar to "PyKafka," a popular Apache Kafka client for Python that has been downloaded more than 4.2 million times so far.

More than 300 users were tricked into downloading the malicious package, thinking it was the legitimate code, before researchers at Sonatype discovered the issue and reported it to the PyPI registry. It has since been removed, but applications that incorporated the malicious script remain a threat.

**Second Typosquatting Incident in a Month**

The incident marks the second typo-squatting incident involving the Apache Kafka project that Sonatype researchers uncovered this month. Earlier, they discovered a package on PyPI that had the same name as a Kafka-related Python project on GitHub called "karaspace." Though the malicious package on PyPI had the same name as the legitimate project, it was designed to steal IP addresses, user names, and other information for fingerprinting devices on which the package was installed.

In a blog Friday, Sonatype described pymafka as designed to detect the platform on which it is installed and then embed an OS-appropriate version of a Cobalt Strike beacon on the device. Cobalt Strike is often used maliciously for lateral movement within a target network environment.  

Sonatype said it observed the executables being downloaded from an IP address associated with cloud-hosting provider Vultr. Once installed on a system, the beacon attempts to communicate with a China-based IP address assigned to Alibaba. 

"Less than a third of antivirus engines detected the samples as malicious at the time of our submission to VirusTotal, although that's still a better detection rate than the zero-detections seen in some of our earlier discoveries," according to Sonatype.

**Blind Trust**

The pymafka incident is the latest in a growing number of security incidents involving PyPI and other public repositories. For instance, last November researchers from JFrog discovered 11 malicious Python packages on PyPI. In July, they discovered malicious PyPI packages attempting to steal credit-card data and other information from some 30,000 systems on which the packages had been installed. The same month, a Japanese researcher reported a security issue that gave attackers a way to remotely execute malicious code on the registry.  

"Developers are blindly trusting repositories and installing packages from these sources, assuming they are secure," JFrog warned last year. "Sometimes malware packages are allowed to be uploaded to the package repository, giving malicious actors the opportunity to use repositories to distribute viruses and launch successful attacks on both developer and \[continuous integration/continuous delivery\] CI/CD machines in the pipeline."

Concerns over the growing attacker interest in public repositories have prompted several security initiatives at PyPI in recent years. These include the addition of two-factor authentication as a log-in option and API tokens for uploading software to the registry, a dependency resolver to ensure the pip package installer installs the right versions of package dependencies, and creating databases of known Python vulnerabilities in PyPI projects.

Concerns over software supply-chain security has prompted other, more strategic initiatives as well. Earlier this month, the National Institute of Standards and Technology (NIST) updated its cybersecurity guidance with new recommendations for addressing risks in the software supply chain. MITRE, too, has released a prototype framework called System of Trust that organizations can use to evaluate the security practices of service providers and suppliers in the software supply chain.

Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems

Analysts have seen a massive spike in malicious activity by the XorDdos trojan in the last six months, against Linux cloud and IoT infrastructures .

Cybercriminal use of the Linux Trojan known as XorDdos is on the rise, according to a new report, which found a 254% increase in malicious activity against Linux endpoints using the malware over the last six months. 

It was first discovered in 2014, and the Microsoft 365 Defender Research Team explained in a recent blog post that the XorDdos Trojan targets Linux cloud and Internet of Things (IoT) endpoints, and deploys botnets to carry out distributed denial-of-service (DDoS) attacks. 

The team added that the attacks fit a wider trend of attacks targeting Linux-based systems. 

"By compromising IoT and other internet-connected devices, XorDdos amasses botnets that can be used to carry out DDoS attacks," the team wrote in describing the rise of the XorDdos Trojan. "DDoS attacks in and of themselves can be highly problematic for numerous reasons, but such attacks can also be used as cover to hide further malicious activities, like deploying malware and infiltrating target systems."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Linux Trojan XorDdos Attacks Surge, Targeting Cloud, IoT

A culture of trust, combined with tools designed around employee experience, can work in tandem to help organizations become more resilient and secure.

The modern workplace is changing at a pace never seen before in history. A lot of this stemmed from COVID and remote work necessities, with 74% of CFOs noting they've adopted some kind of telecommuting policies due to coronavirus challenges. Now, more than ever, the employee experience (EX) is critical for keeping us connected and productive. That applies not just from a company growth perspective, but from a cybersecurity one.  

EX is a combination of three things: Policies, environment/culture, and tools. The key to addressing all three lies in empathy, as discussed in the book _Empathy In Action: How to Deliver Great Customer Experiences at Scale_, by Tony Bates and Dr. Natalie Petouhoff. In their book, the two position empathy as a business strategy. It’s also something that we can use to address cybersecurity.

The cybersecurity field isn’t always rewarding. It can be a relatively thankless and stressful position. COVID hasn't helped, with 70% of cybersecurity professionals reporting consistently high stress levels of cybersecurity professionals reporting consistently high stress levels. Mental health issues and even suicides are increasing among those who work in these environments. We must address the issue empathetically not just to protect systems but to save lives.

**Creating a Frictionless Office Environment Through Zero Trust  
**Zero trust is a bit misleading, because it's a technology methodology and a policy that's all about enabling EX. With zero trust in place, access is denied as the baseline. So how does that build EX? To understand, we have to compare zero trust to the traditional office network.

This is made up of company devices, software, and workers on a separate network from the Internet. Everything touching that network has been rigorously vetted to gain a "trusted" status that allows it to connect without question. Workers are expected to adhere to strict controls, confining them to certain devices, software, and practices.

This is where shadow IT rears its head. Inevitably workers end up routing around trusted devices and software to get their jobs done, creating untrustworthy networks of tools.

To respond, the industry — led by Google — came out with zero trust. Enterprises just assume everyone — software, devices, and people — are bad actors until proven otherwise. This creates a much simpler world to defend. And simpler, easier, and more streamlined experience is what EX is all about.

Zero trust is also a means of simplifying policy, which can bleed into the next point: building a blameless culture.

**Stopping Threats With a Blameless Culture**

Some 43% of employees admit to making an error at work that compromised cybersecurity. It's highly unlikely that cybersecurity professionals at those companies have corresponding reports for all those incidents. People do not like to admit when they do something wrong. They especially don't like to admit it when there are potential repercussions like job loss, demotions, or other disciplinary measures.

Meanwhile, when responding to a threat, cybersecurity professionals need clear information. They will not get this in a culture of fear. That culture of fear expands to IT and cybersecurity professionals responding to incidents, as well.

With a blameless culture, there is clear transparency of the events going on at the time of a security incident. Individuals, unafraid of repercussions, come forward with key information and increase the likelihood of resolution.

Blameless culture leads right back to EX. It does not mean a complete lack of accountability, nor does it excuse any malicious action. Zero trust is about how you create open cultures that enhance the resilience of your business. Much of that centers on the tools provided to workers.

**Empowerment Through Software Enablement**  
Software tools, especially in today’s tech-connected world, set the foundation for the employee experience. There are dozens of examples of technology improving employee productivity and happiness. The most effective, based on a Forrester study, tend to target two things:  

*   **Everyday productivity gains:** Tasks that employees have to tackle every single day are the ones where they see the most benefit when technology is deployed.

*   **Daily stress:** Barriers to their ability to do their jobs stem from technology that is outdated or difficult to understand. Technology that is easy to use eliminates this stress.

Software that meets these standards is well designed and enhances tasks. It does not create new ones. When building these tools and enterprise capabilities, it's important to take that EX into account. That should occur regardless of whether that tool is aimed at a business analyst seeking revenue guidance or cybersecurity experts on the hunt for vulnerabilities.

A culture of trust, combined with tools designed around EX, work together to help organizations become resilient. When viewed through an empathetic lens, it's easier to establish the right policies and technology to help workers be happier, healthier, and more productive.

Why the Employee Experience Is Cyber Resilience

Next I.T. is the sixth and largest acquisition to date for Valeo Networks.

ROCKLEDGE, Fla. and MUSKEGON, Mich., May 23, 2022 /PRNewswire/ -- Valeo Networks, a leading Managed Security Service Provider (MSSP), today announced the acquisition of Next I.T., a Michigan-based Managed Service Provider (MSP). Financial terms are not being released.

A recognized and highly respected MSP, Next I.T. is the sixth and largest acquisition to date for Valeo Networks and further supports its goal of building a national network of IT and cybersecurity experts to comprehensively support and protect its client base.

The company will continue to operate as DBA Next I.T. (A Valeo Networks Company), and maintain its current Michigan office locations in Muskegon, Kalamazoo, and Traverse City. The Next I.T. team consists of Microsoft Certified Engineers, Cisco Certified Engineers, and certified technicians in both HP and Dell. They specialize in providing IT solutions for clients across a wide range of industries, including manufacturing, non-profits, and healthcare.

"We are thrilled to welcome Next I.T. to the Valeo Networks family," said Travis Mack, CEO, Valeo Networks. "Their deep skill set and broad expertise will be an excellent fit within our organization, as we continue to advance our nationwide growth strategy. As with each of our divisions, we will partner with Next I.T. to strengthen resources and capabilities in cybersecurity, managed services, cloud solutions, and compliance."

"I am excited for Next I.T. to join Valeo Networks and be part of a larger organization," said Eric Ringelberg, CEO, Next I.T. "With as much as we have grown over the past twenty-one years and having robust IT services in place, this was the natural next step for our continued growth. The Valeo leadership team really stood out to me in offering a true partnership, holding the same values, and having a track record of keeping its acquired companies intact. I look forward to accelerating Next I.T.'s growth throughout the Midwest region with the resources, capital backing, and collaboration that Valeo Networks provides."

**About Next I.T.  
**Next I.T., an award-winning Managed Service Provider (MSP), specializes in industry-specific solutions that leverage technology, increase productivity, and reduce risk for small and medium-sized businesses. It offers a full line of computer hardware, telecommunication equipment, and the professional expertise with remote capabilities to install and service systems. Next I.T. is headquartered in Muskegon, MI, with additional branches in Kalamazoo and Traverse City. For more information, visit www.next-it.net.

**About Valeo Networks  
**Valeo Networks is a full-service, award-winning Managed Security Service Provider (MSSP) that serves State, County, Municipal markets; small-to-medium businesses (SMBs); and non-profit organizations. Firmly seated in the top 5% of revenue generating MSSPs nationwide—making it one of the largest MSSPs nationally—Valeo Networks provides solutions in the areas of cybersecurity, compliance, cloud, network infrastructure, and managed IT services. With over 20 years of industry experience, Valeo Networks is headquartered in Rockledge, FL, with additional locations nationwide. Learn more at www.valeonetworks.com.

Source

DARKReading