Archive for November 2, 2023

Salesforce Research: 78% of Canadian Analytics and IT Leaders Say They Struggle to Drive Business Priorities with Data

Posted in Commentary with tags on November 2, 2023 by itnerd

Salesforce today released its State of Data and Analytics report with key trends from over 10,000 analytics, IT, and business leaders across 18 countries, including 600 from Canada. 

The report highlights trends impacting data leaders including strategies used to navigate rapid advancements in artificial intelligence (AI), challenges organizations face in realizing the full potential of their data, and tactics analytics and IT leaders employ to manage increasingly extensive and complex data.

Key insights of this year’s State of Data and Analytics report include:     

  • AI advancements intensify demand for trusted, secure data. Advances in AI are fast-moving, and companies are eager to profit from new iterations like generative AI. 84% of Canadian  business leaders are worried about missing out on its benefits. This puts pressure on data management teams to power algorithms with high-quality data. 89% of Canadian analytics and IT leaders say advances in AI make data management a high priority. 
  • Security threats and lack of trust hinder data potential. The path to unlocking data’s potential is winding. Only 49% of Canadian business leaders are completely confident in their data accuracy. Both Canadian business leaders and IT and analytics leaders cite security threats as their number one data challenge. 
  • Leaders leverage data culture and data governance to reach goals. To maximize data value and trust, analytics and IT leaders lean on data governance. Eighty-six per cent (86%) of Canadian analytics and IT leaders use data governance to ensure and certify baseline data quality. Seventy-nine per cent (79%) of Canadian analytics and IT leaders are investing more in data training in the next year to strengthen internal data culture. 

Methodology

Data in this report are from two double-anonymous surveys conducted from June 16 through July 31, 2023. The first survey generated 5,540 responses from analytics and IT decision makers from 18 different countries across North America, Latin America, Asia-Pacific, and Europe. The second survey generated 5,540 responses from line-of-business leaders from the same countries. More details can be found in the report. Cultural bias impacts country-level survey results.

For more information:

Boeing Confirms That It Was Pwned By LockBit

Posted in Commentary with tags on November 2, 2023 by itnerd

Last week I posted a story on the fact that there was chatter that Boeing was pwned in a ransomware attack perpetrated by LockBit . Today Reuters is reporting that they have actually have been pwned by LockBit:

Boeing (BA.N), one of the world’s largest defense and space contractors, said on Wednesday it was investigating a cyber incident that impacted elements of its parts and distribution business and cooperating with a law enforcement probe into it.

Boeing acknowledged the incident days after the Lockbit cybercrime gang said on Friday it had stolen “a tremendous amount” of sensitive data from the U.S. planemaker that it would dump online if Boeing didn’t pay ransom by Nov. 2.

The Lockbit threat was no longer on the gang’s website as of Wednesday, and it didn’t immediately respond to a request for comment. Boeing declined to comment on whether Lockbit was behind the cyber incident it disclosed.

“This issue does not affect flight safety,” a Boeing spokesperson said. “We are actively investigating the incident and coordinating with law enforcement and regulatory authorities. We are notifying our customers and suppliers.”

Anurag Gurtu (he/him), CPO, StrikeReady had this comment:

In light of Boeing’s confirmation of a system compromise by the LockBit ransomware group, this incident highlights the escalating challenges that corporations face in the digital age. The breach into Boeing’s parts and distribution systems signifies a serious concern for both operational security and potentially wider supply chain implications. It’s imperative that industries, especially those involved with critical infrastructure, prioritize robust cybersecurity frameworks that include real-time monitoring, rapid response capabilities, and resilience planning to counteract such inevitable threats. Additionally, the importance of collaborating with government and private cybersecurity entities to address and mitigate these risks cannot be overstressed. This event should catalyze a unified effort to enhance security measures across all sectors.

At least Boeing is being somewhat honest about being pwned. But clearly there are questions that Boeing will have to answer. And I for one look forward to getting a lot more details about this hack and what Boeing is going to do to not get pwned again.

Elon Musk Wants To Turn Twitter Into A Dating App

Posted in Commentary with tags on November 2, 2023 by itnerd

Elon Musk, who for the record has been married three times, has another brilliant idea to get Twitter to not only be the “everything” app, but to make money. That idea is to make Twitter a dating app along with everything else that he wants to do:

An insider told Insider that during a company call on Thursday, Musk announced he plans to add a “fully fledged” mating component in 2024. How will that work? Details are fuzzy, but never second guess Musk when it comes to actually implementing ideas that sound terrible (and, when finished, are).

Turning the ex-Twitter into a hook-up joint isn’t the only ambitious-yet-dodgy idea Musk has cooked up. He’s been saying he wants to turn it into an “everything app,” where one can do banking. Some have sworn they wouldn’t trust the guy whose yen for self-driving cars has resulted in horrific accidents with their money.

Elon is really grasping at straws here or he is insanely delusional. Honestly, this whole Twitter thing hasn’t worked out for him. And I think that he really has to get introduced to reality because I can’t see any of this stuff working to turn things around for him.

Appdome Partners with JetBrains TeamCity

Posted in Commentary with tags on November 2, 2023 by itnerd

Appdome, the mobile app economy’s one-stop shop for mobile app defense, today announced it has integrated its Cyber Defense Automation Platform with the CI/CD cloud-based service from JetBrains TeamCity allowing teams to automate the build, test and deployment of their mobile applications. JetBrains TeamCity is now part of the Appdome Dev2Cyber Agility Partner Initiative to advance the delivery of secure mobile apps globally.

Manual methods of cyber defense implementations in Android and iOS apps are complex, slow and brittle. Appdome’s cyber defense automation platform streamlines delivery and accelerates release times by using technology to build cybersecurity defenses into iOS and Android apps – including runtime application self-protection (RASP), code obfuscation, mobile data encryption, jailbreak detection, root detection, man-in-the-middle attack prevention, on-device anti-malware, anti-fraud, anti-cheat, anti-bot and other protections. The new Appdome-JetBrains TeamCity partnership solves mobile brands’ need for technology platforms to automate the delivery of cyber defense in mobile apps and to keep pace with modern DevOps pipelines.

Today, global consumers demand more protection than ever in their mobile app experiences. Appdome’s recent Global Consumer Expectations of Mobile App Security survey revealed that 94% of global consumers would promote a brand if the mobile apps protected them against security, fraud and malware risks. 68% also indicated they would abandon brands that offered no protection.

For more information on how to use Appdome’s Build 2-Secure Plugin for JetBrains TeamCity, please register for their webcast November 7 or please see this knowledge base article.

Learn more at www.appdome.com.

BlackFog State of Ransomware Report For October Is Out

Posted in Commentary with tags on November 2, 2023 by itnerd

BlackFog has today released the State of Ransomware report for October 2023. As always, please feel free to utilize this report and its data as needed. Additionally, Dr. Darren Williams, CEO and Founder, BlackFog, has offered his perspectives on the State of Ransomware for October 2023, below: 

     “October was the 3rd largest month for ransomware this year with a total of 64 disclosed and 303 undisclosed attacks with a ratio of 473% unreported to reported. This ratio is now one of the lowest we have seen in the last year and a good sign that companies are starting to report breaches rather than hide them. We expect this trend to continue with the recent charges against the SolarWinds CISO by the SEC. 

Other notable changes this month saw the biggest changes in the Services and Government sectors with 33% and 25% increases respectively. Smaller increases were seen in both Healthcare and Manufacturing of 16% and 13% respectively. 

BlackCat and Lockbit continue to dominate the unreported attacks with 18.8% and 16.9% respectively and also correlate with the top trends in unreported variants. As in previous months, data exfiltration continues to dominate as the primary mechanism for extortion at 90% with traffic flowing to China at 32% and Russia 9% of the time.” 

Today’s full report can be found here: https://privacy.blackfog.com/wp-content/uploads/2023/11/BlackFogRansomwareReport-Oct-2023.pdf 

Zoho Launches New Data Centres in Canada 

Posted in Commentary with tags on November 2, 2023 by itnerd

Zoho Corporation is solidifying its commitment to the Canadian market with the opening of two new data centres in Montreal and Toronto offering Canadian customers the benefit of localized data storage and processing. 

A Localized Solution for Canada’s Growing Market

The new data centres will help build on Zoho’s momentum in Canada. This momentum includes a five-year Compound Annual Growth Rate of 36% for mid-sized enterprises and an overall Canadian customer base increase of 24%, with Zoho Workplace customers growing 32% over the same period. 

Globally, Zoho surpassed 100 million users in August, thanks to the continued support of Canadian customers, as well as the dedicated effort of the company’s partner network.

The new Canadian data centres represent Zoho’s 13th and 14th globally and underscore the company’s commitment to user privacy and security, as well as its efforts to serve customers locally.

Zoho Privacy Pledge

Zoho respects user privacy and does not have an ad-revenue model in any part of its business, including its free products. More than 100 million users around the world, across hundreds of thousands of companies, rely on Zoho every day to run their businesses, including Zoho itself. For more information, please visit: https://www.zoho.com/privacy-commitment.html

Abnormal Security Announces Enhanced Capabilities to Detect QR Code Attacks

Posted in Commentary with tags on November 2, 2023 by itnerd

Abnormal Security, the leading AI-native cloud email security platform, today announced enhanced capabilities to detect QR codes in emails and parse their corresponding links. The signals extracted from parsing the QR codes, combined with Abnormal’s behavioral analysis across the broader email environment, strengthens the platform’s ability to detect and block malicious activity. 

Recent data from Abnormal shows that QR codes are the primary attack vector in 17% of all advanced attacks targeting customer environments. As QR codes have risen in popularity, offering a convenient format for sharing information, threat actors have also begun to exploit their familiarity, including through credential phishing, extortion, and invoice payment fraud attacks. Attackers are increasingly crafting emails that contain malicious QR codes, often linking these images to a seemingly legitimate website, like a Google or Microsoft login page, and prompting recipients to enter their login credentials, which are then stolen or used to launch additional attacks. 

In contrast, Abnormal takes a radically different approach to stopping advanced email attacks. The unique API architecture ingests thousands of diverse signals to build a baseline of the known-good behavior of every employee and vendor in an organization based on communication patterns, sign-in events, and thousands of other attributes. It then applies advanced AI models including natural language processing (NLP) to detect abnormalities in email behavior that indicate a potential attack. This is how Abnormal has historically detected attacks that use QR codes, including this quishing campaign detected in late 2021. 

With the updated capabilities announced today, Abnormal has introduced models specifically designed to determine when an email contains a QR code, whether that is in the body of the email or in image and PDF attachments. The platform now parses the embedded link associated with the QR code, and ingests that information alongside other signals to identify and remediate malicious activity.

For more information on a recent QR code attack and additional product details, read this blog post