A Look Ahead: John Kindervag's Zero Trust Outlook for 2023

Tom Field • November 30, 2022

The foundation of a landmark presidential executive order, and now a standard embraced by governments and enterprises globally: zero trust has come far in the past two years. Zero trust creator John Kindervag offers a progress report and insight into the key trends he sees shaping the New Year.

►

Cryptocurrency Fraud

Zeppelin Ransomware Proceeds Punctured by Crypto Workaround

Latest

Artificial Intelligence & Machine Learning

Open Systems Buys Tiberium to Automate Security on Microsoft

Michael Novinson • November 30, 2022

Open Systems has purchased an early-stage Microsoft-centric MSSP to help automate investigating, triaging and responding to basic security alerts. The Silicon Valley-based MDR provider says its acquisition of U.K.-based Tiberium will free up security analysts to focus on preventative defenses.

Identity & Access Management

Okta Clears Up Customer Identity Confusion as SMB Sales Dip

Michael Novinson • November 30, 2022

Okta has stemmed employee attrition and accelerated customer identity sales by clarifying product function but now has to grapple with longer sales cycles for small to midsized businesses. Okta says efforts to reposition its customer identity offering over the past quarter have borne fruit.

Endpoint Protection Platforms (EPP)

CrowdStrike Sales Growth Slows as SMB Clients Delay Spending

Michael Novinson • November 29, 2022

A longer sales cycle for small businesses and delayed subscription start dates for large enterprises have forced CrowdStrike to lower its sales forecast going forward. The Austin-based endpoint security company says deals with SMB clients took 11% longer to close in the fiscal quarter ended Oct. 31.

Application Security

Veracode CEO Sam King on Joining AppSec, Container Security

Michael Novinson • November 29, 2022

The push to migrate applications to cloud-native architectures has driven increased use of containers and created the need for more security, says Veracode CEO Sam King. Veracode's expertise in application security helps the company identify open-source code and known vulnerabilities in containers.

Industry Specific

Why Are HIPAA Fines Down 93% - With Data Breaches Soaring?

Marianne Kolbasuk McGee • November 29, 2022

Healthcare providers and their vendors often fear federal regulatory action, but do fines and corrective action many any difference at all? As breach cases have nearly doubled since 2018, federal fines dropped 93% in 2022, and some say the agency is understaffed and crippled by legal challenges.

Industry Specific

Cybersecurity Stigma: More Victims Avoid Saying 'Ransomware'

Mathew J. Schwartz • November 29, 2022

Is the ransomware problem getting better or worse? Unfortunately, gauging attack trends continues to be complicated by the fact that many incidents never come to light publicly and many victims are hesitant to say "ransomware" when describing what hit them, says Comparitech's Rebecca Moody.

Governance & Risk Management

RegScale Buys GovReady to Simplify Compliance for the Masses

Michael Novinson • November 29, 2022

RegScale has purchased a startup founded by the FCC's former chief data officer that makes documenting compliance easier for nontechnical personnel by using a questionnaire. The GovReady deal means customers will be able to demonstrate their adherence to standards by answering questions.

Geo Focus: The United Kingdom

UK Online Safety Bill Harms Privacy & Security, Experts Say

Akshaya Asokan • November 28, 2022

The United Kingdom is the newest front in the long-fought conflict over end-to-end encryption, as a slew of civil society groups urge the prime minister not to back legislation empowering regulators to force online intermediaries into providing decrypted messages.

Governance & Risk Management

What India's Data Protection Bill Means for CISOs

Suparna Goswami • November 28, 2022

What does the latest version of India's data protection bill mean for CISOs, and what impact does it have on security practitioners? Khushbu Jain, advocate, of the Supreme Court of India, shares some of the fine print in the draft legislation and discusses some changes that CISOs may need to make.

Fraud Management & Cybercrime

Cybercrime Forum Dumps Stolen Details on 5.4M Twitter Users

Mathew J. Schwartz • November 28, 2022

Information amassed on 5.4 million Twitter users by an attacker who abused one of the social network's APIs has been dumped online for free. While Twitter confirmed that breach, a researcher suggests other attackers also abused the feature to amass information for millions of other users.

Cybercrime

A Look Ahead: Lisa Sotto's Privacy, Security Outlook in 2023

Michael Novinson • November 28, 2022

A multitude of state privacy laws taking effect in 2023 has forced organizations to revamp their compliance programs to incorporate the disparate requirements, says Lisa Sotto. Companies across every industry face a threat environment that's more active and malicious than ever before.

Cybercrime

SharkBot Trojan Spread Via Android File Manager Apps

Prajeet Nair • November 26, 2022

The operators behind the banking Trojan SharkBot are targeting Google Play users to spread its malware masquerading as Android file manager apps that already have tens of thousands of installations, according to researchers from Bitdefender.