Archive for April 6, 2021

40% of Enterprises Face High Likelihood Of Outages According To New Report

Posted in Commentary with tags on April 6, 2021 by itnerd

Keyfactor, the leader in PKI as-a-Service and crypto-agility solutions, and Ponemon Institute today released the first-ever State of Machine Identity Management Report, a study exploring enterprises’ ability to manage and protect machine identities, keys and certificates in digital business.

Distributed workforces and the proliferation of connected devices have contributed to a rapid rise in the volume of machine identities. As a result, increased workloads, lack of visibility, misconfigurations and shorter SSL/TSL certificate lifespans are creating concern and risk for IT professionals and security leaders.

Additional key report findings:

  • Certificate-related outages are widespread: 88% of organizations reported experiencing at least one unplanned outage due to expired certificates in the past 24 months. Another 41% reported four or more outages.
  • The rate of failed audits is rising: on average, organizations experienced approximately five failed audits or compliance incidents due to insufficient key management within the past 24 months. Compared to other machine identity-related incidents, such as unplanned certificate outages or theft and misuse of keys and certificates, audit failures are considered the most serious, according to 75% of respondents. 
  • Neglected SSH credentials and code signing keys are increasing security risk: 57% of respondents do not have an accurate inventory of SSH keys and 26% say they never rotate SSH credentials. Many enterprise teams continue to store sensitive code-signing keys on build servers (33%) and developer workstations (19%).
  • Enterprises are struggling to establish internal policies, governance and best practices: only 1/3 of organizations report having a mature cryptographic center of excellence (CCoE) to support the direction and implementation of an enterprise-wide cryptography strategy. 
  • Staffing shortages: 40% of respondents identified a lack of skilled personnel as a barrier to setting an enterprise-wide cryptography and machine identity strategy. Only 45% of teams say they have sufficient staff dedicated to their PKI deployment.

The study was conducted by Ponemon Institute on behalf of Keyfactor and includes responses from 1,162 IT and infosec executives and practitioners in North America and EMEA, spanning 12 industries, including financial services, healthcare, manufacturing, retail and automotive.

View the complete findings and download the 2021 State of Machine Identity Management Report today.

Guest Post: Atlas VPN Says That Microsoft & Zoom Are The Most Impersonated Brands At 80% In 2020

Posted in Commentary with tags on April 6, 2021 by itnerd

It is no secret that cybercriminals often pretend to be someone they are not to lure out people’s money or valuable information, and what can be better used for this purpose than a well-known and trusted brand?

According to the data presented by the Atlas VPN team, Microsoft and Zoom were the most commonly impersonated companies in the phishing attacks in 2020. In total, 80% of all last year’s brand email phishing campaigns imitated Microsoft or Zoom to scam victims.

Multinational technology company Microsoft was a definite leader over the other brand impersonators. The brand was used in a whopping 28,536 unique phishing attempts accounting for 70% of all last year’s brand phishing campaigns. 

However, Zoom, which exploded in popularity amid the pandemic when all the industries turned to remote video communication tools, came in second. It was exploited in 3,803 brand phishing campaigns, which constitute more than 9% of all such attempts.

In the meantime, the third spot in the list is occupied by the world’s largest online retailerAmazon. Amazon’s brand name was taken advantage of in 2,747 or nearly 7% of all phishing campaigns impersonating well-known brands. 

In total, over 12% of all last year’s phishing emails used brand impersonation as their tactics.

Technology was the most impersonated industry of 2020

With Microsoft being the most phished brand, it is not surprising that the technology sectordominated phishing emails last year. Companies in the technology sector, such as Microsoft, Netflix, DocuSign, LinkedIn, Apple, Dropbox, and ADP, were exploited in close to 72% of all phishing campaigns that imitated existing brands.

The technology sector is followed by the telecommunication industry. Names of telecommunication industry leaders, such as Zoom, RingCentral, eFax, Xerox, and AT&T, were used in close to 14% of such phishing attempts in 2020.

Meanwhile, companies’ names in the retail industry were utilized in 8.5% of such phishing attempts in 2020. Notable brands include the already mentioned Amazon and CVS, as well as Sam’s Club and Walmart.

Ruth Cizynski, the cybersecurity researcher and writer at Atlas VPN, shares her thoughts on the situation: “With the eruption of the global pandemic, most of our lives transferred online, and cybercriminals were quick to take advantage of the situation by launching new scam schemes and phishing attacks. When it comes to the latter, fraudsters favored brands and industries that people were relying on the most during the pandemic.”

To read the full article, head over to: https://atlasvpn.com/blog/microsoft-and-zoom-most-impersonated-brands-at-80-in-2020-phishing-attempts

ServiceNow & Qualtrics Partner To Help Companies Deliver Next-Generation Experiences

Posted in Commentary with tags on April 6, 2021 by itnerd

ServiceNow and Qualtrics today announced a strategic partnership to help companies deliver next-generation employee experiences and customer service, leveraging the combined power of ServiceNow’s digital workflows with Qualtrics’ experience management technology on a single platform. With the new solutions, companies will be able to bring sentiment data from Qualtrics into ServiceNow Customer and IT Workflows to quickly act on customer insights with digital workflows, increasing employee productivity, and enhancing customer loyalty.   

Feedback-driven experiences for a new era of work 

Great experiences drive customer loyalty and powerful employee engagement. Yet organizations still struggle with siloed systems that cannot deliver the modern, digital experiences employees want and customers expect. To address this challenge at scale, ServiceNow and Qualtrics will fuel great experiences and unlock productivity by making feedback actionable in the enterprise.  

With the following new joint solutions, companies will be able to bring experience data from Qualtrics into ServiceNow Agent Workspaces to visualize performance, uncover key drivers of service satisfaction, and easily act on those insights.  

  • Experience Management for IT: Combining Qualtrics EmployeeXM™ for IT with ServiceNow IT Service Management to enable companies to connect their business-critical operational and service delivery data with employee feedback on a company’s internal IT services on a single platform. IT teams will be able to measure the effectiveness of their internal technologies, optimize service management processes, and provide seamless digital experiences as companies permanently shift to a remote or hybrid work model. 
  • Experience-led Customer Service: Bringing together Qualtrics CustomerXM™ with ServiceNow Customer Service Management will give service agents and managers the tools they need to automatically trigger workflows based on feedback, uncover drivers for customer satisfaction, improve cost-to-serve, and increase content effectiveness. 

The new solutions will be available to joint customers through a phased joint product and go-to-market strategy. 

As part of today’s announcement, ServiceNow and Qualtrics will also expand their use of each other’s solutions to unlock productivity across their respective companies.   

Customers can access Qualtrics and ServiceNow workflow integration today. New solutions available starting in the second half of 2021.  

40% of Enterprises Face High Likelihood of Outages According To State of Machine Identity Management Report: Keyfactor

Posted in Commentary with tags on April 6, 2021 by itnerd

Keyfactor, the leader in PKI as-a-Service and crypto-agility solutions, and Ponemon Institute today released the first-ever State of Machine Identity Management Report, a study exploring enterprises’ ability to manage and protect machine identities, keys and certificates in digital business.

Distributed workforces and the proliferation of connected devices have contributed to a rapid rise in the volume of machine identities. As a result, increased workloads, lack of visibility, misconfigurations and shorter SSL/TSL certificate lifespans are creating concern and risk for IT professionals and security leaders.

Additional key report findings:

  • Certificate-related outages are widespread: 88% of organizations reported experiencing at least one unplanned outage due to expired certificates in the past 24 months. Another 41% reported four or more outages.
  • The rate of failed audits is rising: on average, organizations experienced approximately five failed audits or compliance incidents due to insufficient key management within the past 24 months. Compared to other machine identity-related incidents, such as unplanned certificate outages or theft and misuse of keys and certificates, audit failures are considered the most serious, according to 75% of respondents. 
  • Neglected SSH credentials and code signing keys are increasing security risk: 57% of respondents do not have an accurate inventory of SSH keys and 26% say they never rotate SSH credentials. Many enterprise teams continue to store sensitive code-signing keys on build servers (33%) and developer workstations (19%).
  • Enterprises are struggling to establish internal policies, governance and best practices: only 1/3 of organizations report having a mature cryptographic center of excellence (CCoE) to support the direction and implementation of an enterprise-wide cryptography strategy. 
  • Staffing shortages: 40% of respondents identified a lack of skilled personnel as a barrier to setting an enterprise-wide cryptography and machine identity strategy. Only 45% of teams say they have sufficient staff dedicated to their PKI deployment.

The study was conducted by Ponemon Institute on behalf of Keyfactor and includes responses from 1,162 IT and infosec executives and practitioners in North America and EMEA, spanning 12 industries, including financial services, healthcare, manufacturing, retail and automotive.

View the complete findings and download the 2021 State of Machine Identity Management Report today.