Archive for September 22, 2020

New Research Reveals Companies Are Losing The Web Application Security War

Posted in Commentary with tags on September 22, 2020 by itnerd

Acunetix, a global leader in automated web application security testing, teamed up with Dimensional Research to learn how effectively companies are handling web application security. Security, DevOps, and C-suite professionals from 382 organizations across the globe responded to the survey; Acunetix analyzed the findings and today released a report, “Web Application Security – Enterprises are Losing the War.”

Companies are struggling to keep up with rapidly evolving threats and the need to automate security efforts. Attacks against web applications have increased in prevalence to become the single biggest cause of data breaches. As the battlefield shifts more and more from the network to the application, it is important to understand how companies are meeting this challenge.

Verizon’s 2020 Data Breach Investigation Report (DBIR), found that 43% of breaches could be traced back to attacks against web applications – more than double the results from last year. Equifax is a high-profile example of a web application data breach that exposed the personal information of 147 million people, costing the company $1.38 billion in settlements and security upgrades. 

According to the Acunetix report, 88% of companies now develop web applications in-house. Half of the respondents have been successful with their shift-left efforts and include web application security scans with every code build or during unit testing. However, that leaves half that don’t scan early enough and may incur major time and resource costs to remediate vulnerabilities. Remarkably, half of the respondents said that vulnerabilities are found faster than they can be fixed, meaning their web applications are open to an attack. 

Nearly 64% of enterprises still burden specialized security personnel with simple web application security testing that could be automated. And less than half of companies empower developers to run security scans on their own code. 

Here is a link to the final report: https://www.acunetix.com/report-web-application-security-enterprises-losing-war/.

LinkedIn Unveils Annual Edition Of Canada’s Top Startups for 2020

Posted in Commentary with tags on September 22, 2020 by itnerd

LinkedIn has released the Canadian edition of the 2020 Top Startups list, featuring the top emerging startups to work for. In the wake of COVID-19, the 2020 list reflects the current state of the economy and the world, showcasing emerging and resilient startups and how they’re navigating the ever-changing world of work

The startups on this list are all experiencing growth, are still in high demand amid the pandemic, and have weathered through an increasingly challenging economic climate this year. These are the key trends we’re seeing among the Top Startups in Canada this year:

  • BREAKING BARRIERS IN HIGHER EDUCATION: Education technology companies have pivoted to embrace new virtual and flexible models to help students pursue educational opportunities remotely. This includes application assistance, online study from abroad, increase student diversity on campus, advocacy for greater flexibility in study permit requirements for international students.
  • EXPANDING ACCESS TO HEALTHCARE: Digital health startups have gained further prominence in the fight against COVID-19, as they address labour shortages, offering telehealth, pandemic healthcare needs, employee-focused health, de-stigmatization of mental health. 
  • EVOLVING FINANCIAL SERVICES: Financial services companies have ramped up innovation to help companies and consumers access the funds they need in new and creative ways, for example online valuation tools and emergency funding for startups, early access to paycheques and government support for consumers.

These are the top emerging startups on LinkedIn right now:

  1. Clearbanc – As e-commerce booms in Canada over the pandemic, it’s no wonder this fintech startup – which specializes in funding online brands – has found its way to the top of the list. Clearbanc has also recently launched a tool to help startups assess their own worth.
  2. Drop – Drop is a personalized platform that matches consumers with brands through a mobile app, allowing customers to earn points for purchases that can be redeemed for rewards. The company has raised over $71M from global investors, and offers employees unlimited time off.
  3. ApplyBoard – The online education platform connects students with academic institutions and recruitment partners around the world. Even as the pandemic disrupts education, the edtech startup closed another round of funding that brought its valuation to USD $1.5 billionand has continued to hire rapidly, adding nearly 250 new employees since March.
  4. BookJane – BookJane’s online platform creates a sort of gig economy for workers across health care facilities. As demand for doctors climbed through the pandemic, the company has been helping the Ontario Medical Association manage a shortage of physicians.
  5. Symend – Symend uses analytics and behavioural science to create individualized debt recovery programs. The startup, which has offices in Calgary, Toronto and Denver, Colorado,received USD $52 million in funding earlier this year and plans to hire up to 300 more roles in 2021.

___

Methodology:

LinkedIn measures startups based on four pillars: employment growth, engagement, job interest and attraction of top talent. Employment growth is measured as percentage headcount increase over one year, which must be a minimum of 15%. Engagement looks at non-employee views and follows of the company’s LinkedIn page, as well as how many non-employees are viewing employees at that startup. Job interest counts rate at which people are viewing and applying to jobs at the company, including both paid and unpaid postings. Attraction of top talent measures how many employees the startup has recruited away from LinkedIn Top Companies, as a percentage of the startup’s total workforce. Data is normalized across all eligible startups. The methodology time frame is January 1, 2020 through July 31, 2020. To be eligible, companies must be independent and privately held, have 50 or more employees, be 7 years old or younger and be headquartered in the country on whose list they appear. We exclude all staffing firms, think tanks, venture capital firms, management and IT consulting firms, nonprofits and philanthropy, accelerators, and government-owned entities. Startups who have laid off 20% or more of their workforce within the methodology time frame are also ineligible.

*For fairness, we have removed LinkedIn and Microsoft from consideration for the LinkedIn Top Startups list as we do with all other lists in the editorial franchise.

LinkedIn Top Startups – Canada 2020

  1. Clearbanc
  2. Drop
  3. ApplyBoard
  4. BookJane
  5. Symend
  6. Dialogue
  7. BlueDot
  8. League
  9. KOHO
  10. Maple

College Of Nurses Of Ontario Pwned In Ransomware Attack

Posted in Commentary with tags , on September 22, 2020 by itnerd

The College of Nurses of Ontario (CNO) is still trying to figure out if the personal information of its 300 employees and 195,500 members has been compromised more than ten days following a ransomware attack. CBC News has the details:

“We are aware of a claim on the dark web regarding data theft from CNO,” the nursing regulatory body told CBC News in a statement.

“While we are not able to confirm at this time, through a comprehensive forensic investigation, CNO is seeking to determine whether personal information was compromised as result of the incident that may require notification to individuals. Although CNO was affected by ransomware, the organization is implementing a range of approaches to resume operations safely and securely, including restoring from backups.”

Hackers have posted some of the information they claim to have obtained online, including folders marked “Human Resources” and “Human Rights Matters.” Among the information posted are photos of small claims and Superior Court settlements, which include the full names, addresses and phone numbers of people. 

Lovely. This isn’t a trivial attack as clearly someone has information that they shouldn’t have. And it will be interesting to see what The College of Nurses of Ontario does to remedy this situation. You should likely stay tuned for updates.

David Masson, Director of Enterprise Security at Darktrace had this to say:

This latest news follows a number of intensifying ransomware attacks globally – just last week a woman’s death in Germany has been directly linked to a cyber-attack. Threat actors no longer simply lock up data until the ransom is paid; instead they steal it and threaten exposure until they receive payment. This ransomware technique has been a developing trend since the end of 2019 in Canada. When attackers are able to target data, we can assume they have been lying dormant in the infrastructure for some time before they launch a full blown attack.

This is common amongst organizations around the world who struggle to get visibility over their increasingly disparate and dynamic workforces. CNO may now pay a price in loss of trust through not having disclosed to their clients as soon as possible that they suffered a compromise. In situations like this it is best practice to have a disclosure plan and to disclose as soon as possible otherwise it is likely that someone else will make the story public and it won’t be on the company’s terms.

Ransomware is evolving but the key to preventing attacks remains the same. It is clearer than ever before that the status quo is not good enough. Organizations need to ensure they are using the best technologies available to them, like AI, to automatically stop fast-moving attacks in their tracks.