Organizations with HITRUST Certification Achieve <1% Breach Rate

Posted in Commentary with tags on February 20, 2025 by itnerd

HITRUST today released its Second Annual 2025 HITRUST Trust Report, reaffirming HITRUST as the only information risk and cybersecurity certification that delivers quantifiable proof of risk reduction. The data is clear: organizations with HITRUST certifications experience dramatically fewer breaches than those without, demonstrating that HITRUST is the benchmark for cybersecurity trust and assurance.

Key Findings from the 2025 Trust Report:

  • HITRUST-Certified Organizations Remain Protected: Organizations with a HITRUST certification reported an incident rate of just 0.59% in 2024, meaning 99.41% remained breach-free. This rate—down from 0.64% in 2023—now covers all HITRUST certifications (e1, i1, and r2), not just the r2, proving that HITRUST’s entire portfolio delivers measurable risk reduction.
  • HITRUST Protects Against 100% of Known Cyber Threats: The HITRUST CSF is cyber threat-adaptive and leverages top intelligence sources to counter modern cyber threats. With direct mapping to MITRE ATT&CK, HITRUST is the only framework proven to mitigate 100% of addressable TTPs.
  • HITRUST Drives Continuous Security Maturity: Organizations that maintain HITRUST certification see up to 54% fewer corrective actions required year-over-year, proving that repeat certification leads to material, ongoing security improvements.
  • HITRUST Introduces Two AI Security Assurances: HITRUST now provides industry-leading AI Security Assessment and Certification, allowing organizations to seamlessly integrate AI risk management into their broader security programs.
  • HITRUST found system vulnerability exploits as the top breach type over three years. Password Management, Data Protection, and Access Control are the hardest domains to achieve security maturity. Inadequate Endpoint Protection is the leading cause of HITRUST certification failures.

HITRUST’s Cyber-Threat-Adaptive Delivers Continued Relevance

HITRUST’s superior risk mitigation is driven by its cyber threat-adaptive engine, ensuring that its control requirements are continuously evaluated against the latest threat landscape. Using proprietary, patent-pending technology and indicators of attack and compromise, HITRUST ensures that controls remain effective in mitigating current and emerging threats. Unlike static, one-size-fits-all standards and frameworks, HITRUST’s framework ensures that its controls have an intended and measurable risk mitigation effect.

Reliable Assurance Built for Trust

HITRUST certifications are built on a highly reliable assurance methodology, which includes:

  • Prescriptive control requirements are designed for validation, measurement, and scoring from the start.
  • Independent third-party validation to verify accurate and effective implementation.
  • Centralized QA review, reporting, and certification to ensure consistency and trustworthiness.
  • A robust gap and corrective action plan model, driving continuous improvement.
  • Annual recertifications that ensure organizations maintain their cybersecurity maturity.

Together, these relevant controls and reliable assurances create measurable, consistent, significant, and ever-improving security outcomes. This fact is further validated by the cyber insurance industry, which has recognized HITRUST’s accuracy and dependability in understanding and reducing risk. As recently announced, multiple insurers have now formed a shared risk facility to offer HITRUST-certified entities enhanced cyber insurance options, including better coverage, reduced rates, and a streamlined process for application and renewals.

Coming Soon: Public Cyber-Threat-Adaptive Reporting

In the coming months, HITRUST will begin publicly reporting cyber threat-adaptive analytics and findings. These reports will not only reinforce greater confidence in HITRUST’s control requirements but also guide organizations on which controls are under the most pressure and where they should prioritize security investments. This data-driven approach will enable organizations to proactively strengthen high-impact controls based on real-world attack trends and evolving threats.

How Organizations Are Using HITRUST

HITRUST is more than just a certification—it is a blueprint and benchmark to manage information security risk and compliance and to establish trust between organizations and parties:

  • Business, security, and risk leaders rely on HITRUST as a structured approach to internal security programs.
  • Third-party risk managers leverage HITRUST to ensure strong, practical, and scalable vendor risk management.
  • Sales and marketing leaders use HITRUST certification to demonstrate a trusted security posture, removing friction with prospects and customers.
  • Compliance leaders utilize HITRUST to streamline regulatory compliance and reporting across multiple requirements.

With the release of this year’s Trust Report, HITRUST continues to cement its position as the gold standard and industry leader in cybersecurity assurance.

Get the Full ReportFor a deeper dive into how HITRUST is leading the way, visit: HITRUST 2025 Trust Report

Leave a comment »

Ericsson and Telstra pioneer the first programmable network in Asia-Pacific

Posted in Commentary with tags on February 20, 2025 by itnerd

Customers of Australian communications service provider (CSP) Telstra are set to become the first in the Asia-Pacific region to benefit from a high-performing, programmable network with 5G Advanced capabilities, thanks to a major partnership with Ericsson. 

Under the four-year deal, Telstra will upgrade its radio access network (RAN) with Ericsson’s next-generation Open RAN-ready hardware solutions and 5G Advanced software. It will also implement AI and automation to optimize network management through self-detection and self-healing capabilities.  

The transformation will power Telstra with one of the most advanced, resilient and reliable 5G networks in the world. Telstra’s programmable network will provide a platform for innovative application development and the ability to tailor superior connectivity to the unique requirements of its customers, including new performance-based offerings. 

Further, it will open the network to tech innovators from wider ecosystems via network APIs (Application Programming Interfaces). 

The adoption and acceleration in uptake of network APIs, and how they can drive telecom industry monetization opportunities, is also the focus of the recently announced global venture, Aduna, of which Ericsson and Telstra are founding members. Telstra’s new 5G Advanced network capabilities will be central to the delivery of such API-based services. 

The high-performing capabilities of the 5G Standalone (5G SA) solutions involved are also key to enabling the next-generation use cases and developer innovation that will make Industry 4.0 a reality in Australia. 

OTHER TELSTRA BENEFITS

The new network will maximize Telstra’s spectrum investments and operational efficiency. It aims to double 5G capacity, deliver improved consistency of service, increase depth of coverage, increase uplink and downlink speeds, and reduce energy consumption.

In addition, it will enable the transformation of traditional one-size fits all mobile services towards differentiated connectivity, where consumers and enterprises can create their own service experience. 

MORE ON THE TECH

Solutions include Ericsson’s Open RAN-ready Massive MIMO radios and new RAN Compute solutions as well as Ericsson’s latest 5G Advanced subscriptions to deliver new services, drive operational efficiency, and increase performance. The scope also includes Ericsson Intelligent Automation Platform (EIAP), Ericsson’s open network management and automation platform for open, multi-vendor and multi-technology networks, supporting all 4G and 5G RAN. 

EIAP will improve network management and automation by leveraging EIAP and developer eco-system tools to create and deploy custom applications (rApps) that employ advanced automation techniques, including machine learning and AI, to optimize the network and deliver improved sustainable operations.

This latest partnership extension builds on Ericsson and Telstra’s long-standing collaboration across radio access networks, core, optical, transport and business support systems.

ADUNA

In addition to Ericsson and Telstra, the founding members of Aduna are América Móvil, AT&T, Bharti Airtel, Deutsche Telekom, Orange, Reliance Jio, Singtel, Telefonica, T-Mobile, Verizon, and Vodafone.

The venture was announced in September 2024, with the company name announced in January 2025.  It aims to combine and sell network APIs on a global scale to spur innovation in digital services.

Partners will open their networks to make advanced capabilities easily accessible to millions of developers world-wide, through a global platform for aggregated network APIs. This aim is to drive new use cases across multiple industries and sectors. 

Leave a comment »

CISA /FBI Warn of Ghost Ransomware Attacks in Over 70 Countries

Posted in Commentary with tags on February 20, 2025 by itnerd

The CISA, the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint cybersecurity advisory warning of widespread Ghost ransomware attacks targeting and compromising organizations in more than 70 countries with outdated versions of software and firmware on their internet facing services:

Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software and firmware. This indiscriminate targeting of networks containing vulnerabilities has led to the compromise of organizations across more than 70 countries, including organizations in China. Ghost actors, located in China, conduct these widespread attacks for financial gain. Affected victims include critical infrastructure, schools and universities, healthcare, government networks, religious institutions, technology and manufacturing companies, and numerous small- and medium-sized businesses.

Ghost actors rotate their ransomware executable payloads, switch file extensions for encrypted files, modify ransom note text, and use numerous ransom email addresses, which has led to variable attribution of this group over time. Names associated with this group include Ghost, Cring, Crypt3r, Phantom, Strike, Hello, Wickrme, HsHarada, and Rapture. Samples of ransomware files Ghost used during attacks are: Cring.exe, Ghost.exe, ElysiumO.exe, and Locker.exe.

Ghost actors use publicly available code to exploit Common Vulnerabilities and Exposures (CVEs) and gain access to internet facing servers. Ghost actors exploit well known vulnerabilities and target networks where available patches have not been applied.

The FBI, CISA, and MS-ISAC encourage organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of Ghost ransomware incidents.

Roger Grimes, data-driven defense evangelist at KnowBe4, commented:

“The joint release has a few new surprises. One is that the ransomware groups move from initial compromise to deployment of ransomware very quickly, often on the same day. This is quite different from traditional ransomware groups that may have days, weeks, or even months from the initial access gained to the deployment of the ransomware. Second, the frequent use of Cobalt Strike. I see the use of Cobalt Strike by ransomware groups fairly common. If you’re not looking for and detecting Cobalt Strike instances, you’re just asking for trouble. Last, unpatched software and firmware (and zero-days) are involved in at least a third of successful compromises. Every organization has a patching process, but most don’t get it perfect and if one-third of all successful compromises involved finding and exploiting vulnerable software and firmware, it really should be a primary focus for all organizations. You can’t just make it one of the many things you do out of hundreds of things you do. It has to be something you focus on and dedicate significant resources to (as you also need to do to mitigate social engineering). Because if you don’t, you’ll miss something and become the next ransomware victim.”

I would recommend that anyone that is responsible for securing their organizations from cyberattacks take a look at the mitigation section of this advisory as this is pretty serious.

Leave a comment »

KnowBe4 Recognized on CRN’s 2025 Security 100 List 

Posted in Commentary with tags on February 19, 2025 by itnerd

KnowBe4 today announced that CRN®, a brand of The Channel Company, has named it to the prestigious Security 100 list. This list highlights leading IT security vendors that are committed to collaborating with channel partners to keep businesses secure from cyber threats.

Now in its 10th year, CRN’s Security 100 list honors channel-focused security vendors across five technology categories: Endpoint and Managed Security; Identity, Access and Data Security; Network Security; Security Operations, Risk and Threat Intelligence; and Web, Email and Application Security.

The esteemed companies on the Security 100 list deliver a combination of cutting-edge security technologies and services for both partners and customers. With cybersecurity needs accelerating alongside the emergence of AI-powered solutions and threats, this annual list is a valuable guide for solution providers exploring security vendors they can partner with to deliver outstanding solutions to their customers.

KnowBe4 earned its place on the 2025 Security 100 list for its revolutionary approach to human risk management. The company’s AI-driven HRM+ platform stood out for its comprehensive integration of security awareness training, phishing simulation, and real-time coaching capabilities. CRN recognized KnowBe4’s commitment to channel excellence through its robust partner program and innovative approach that help organizations transform their human layer from a potential vulnerability into a security asset.

The 2025 Security 100 list will be featured in the February 2025 issue of CRN and online at www.crn.com/security100.

Leave a comment »

Rogers Recognized as Canada’s Most Reliable Wireless Network by Opensignal

Posted in Commentary with tags on February 19, 2025 by itnerd

Rogers Communications announced today that it has been awarded Canada’s most reliable wireless network by Opensignal, a global leader in independent network benchmarking.

Opensignal’s study shows that in Canada Rogers holds the top spot for reliability and quality in wireless networks. Rogers also won on 5G Upload Speed and 5G Video Experience, making Rogers the most awarded network by Opensignal. 

Rogers has invested over $40 billion in its networks over the last decade and will invest $4 billion in capital investments this year. Rogers is committed to bringing Canadians the biggest and best wireless networks. The company continues to invest to expand the country’s largest and most reliable 5G network, which now reaches more than 2,500 communities.  

Leave a comment »

Hobson & Company Analysis of KnowBe4 Finds 200-400% ROI in Reducing Human Risk 

Posted in Commentary with tags on February 19, 2025 by itnerd

 KnowBe4 today released the findings from a new report from Hobson & Company titled “From Risk to Return: How KnowBe4 Helps Deliver Measurable ROI”. 

Despite multiple security layers, breaches remain costly, with IBM reporting a 10% increase in the average data breach cost, reaching $4.88 million in 2024.

The independent analysis from Hobson & Company found that organizations implementing KnowBe4’s Human Risk Management platform can achieve payback in just 3.5 months. For a typical organization with 2,000 employees,  KnowBe4  delivered over $537,000 in operational savings and $415,500 in reduced risk exposure over three years.

Key findings from the study include:

  • 80% reduction in time spent delivering security awareness training
  • 95% reduction in time spent conducting phishing simulations
  • 85% reduction in time investigating and remediating malicious emails
  • 25% decrease in risk of data breaches and ransomware attacks
  • The monthly cost of delaying the implementation of KnowBe4 would be $19,000
  • 20% decrease in cyber insurance premiums and potential compliance fines 

To download the report, visit https://www.knowbe4.com/resources/whitepapers-and-ebooks/risk-to-return-how-knowbe4-delivers-roi

Leave a comment »

US military and defense contractors systems found to be containing infostealing malware

Posted in Commentary with tags on February 19, 2025 by itnerd

This is not good news at all.

There is a claim that the US Army, Navy, and major defense contractors — Lockheed Martin, Boeing, and Honeywell — have hundreds of computers with active infostealer infections:

For years, the U.S. military and its defense contractors have been considered the gold standard of security — equipped with multi-billion-dollar budgets, classified intelligence networks, and the world’s most advanced cybersecurity measures.

Yet, Global Infostealing Malware Data from Hudson Rock reveals an unsettling reality:

  • Employees at major defense contractors — including Lockheed Martin, Boeing, and Honeywell — have been infected by Infostealer malware.
  • U.S. Army and Navy personnel had their login details stolen — exposing VPN access, email systems, and classified procurement portals.
  • Even the FBI and Government Accountability Office (GAO) have active infections, exposing investigative and cybersecurity personnel.

Each one of these infected employees is a real person — it could be an engineer working on military AI systems, a procurement officer managing classified contracts, a defense analyst with access to mission-critical intelligence.

At some point, these employees downloaded malware on a device they used for work, exposing not just their credentials, but potentially their entire digital footprint: browsing history, autofill data, internal documents, and session cookies for sensitive applications.

And if these organizations — the backbone of U.S. national security — are infected, what does that say about their ability to defend against more sophisticated attacks?

That’s really not good at all. Roger Grimes, Data-Driven Defense Evangelist at KnowBe4 had the following comment:

“The Infostealer is a secondary problem. The real question is how the infostealers are getting on military computers in the first place. Was it social engineering (most common), unpatched software or firmware (second most likely cause), or something else? Either way, the method used to allow the infostealer to gain initial access can be used by bad people to do anything. Adversarial spies, like Russia or China, could gain access. Ransomware taking down the infrastructure could be launched. If the involved department doesn’t take care of how the infostealer is gaining initial access, they are going to have far greater problems than just stolen passwords.”

Needless to say, someone needs to figure out how the bad guys got in so that something like this doesn’t happen again. Because this is not just bad, it’s the worst possible scenario that I can think of based on who the targets apparently are.

Leave a comment »

The Humane AI Pin Is Dead

Posted in Commentary with tags , on February 19, 2025 by itnerd

At about this time last year, the Humane AI pin was getting all sorts of attention. It was a pin that would answer all sorts of questions that you asked it and help you to move about your day. But it was blasted by reviewers as not working at all. Most notable was YouTuber MKBHD who called it the worst product that he has ever reviewed. It was only downhill from there for Humane who couldn’t give the things away.

Fast forward to today. Actually late yesterday were HP announced that they had acquired Humane for $116 million. In relation to this announcement, Human announced that the pin would no longer work at the end of February as they were shutting down the back end services that the pin connected to. If you bought a pin in the last 90 days, you could get a full refund. But if you were an early adopter, it sucks to be you as no refund will be offered. That is sure to ruffle a few feathers so watch this space as I suspect that that part of the story isn’t over.

I have ask if this was the plan by Humane all along. Start a company, hype it up and cash out? I’m sure that part of the story will eventually come out. Until then, RIP Humane AI pin.

Leave a comment »

Half of people globally worry about being hacked: NordVPN

Posted in Commentary with tags on February 19, 2025 by itnerd


Around a third of internet users say they would like to delete themselves from the internet, with people in the US and Canada being at the top.

According to joint research conducted by the cybersecurity company NordVPN and the personal data removal service Incogni, 45% of respondents are concerned about potentially being hacked. That is one of the main reasons people want to erase their online presence.

People globally also expressed that:

  • Almost half (44%) of people feel hopeless, as they don’t know how to remove themselves from the digital world.
  • 76% of respondents express concern about the potential for hackers or malicious third parties to access their financial information. Statistically, Canadians are notably more likely to fear that such entities could compromise their financial data.
  • 57% of all respondents say they know how to delete their personal information from the internet, or at least some of it.

Additionally, according to the National Privacy Test conducted by NordVPN, with 25,567 respondents from 181 countries, only half of the population claim to know how to secure their privacy online. 

The shift in people’s attitude and their increasing need to delete their presence from the internet highlights a trend: People no longer passively accept the idea that their data should live on the internet forever. There is a growing demand for control, empowerment, and the right to be forgotten. 

Another significant source of worry for individuals is the complexity of recovering from a hack. Regaining control of compromised accounts, securing financial assets, and addressing any harm caused by cybercriminals can be time-consuming and overwhelming. 

Methodology: 2024 survey: Would you delete yourself from the internet? was commissioned by NordVPN and carried out by Cint between June 28 and July 10, 2024. A total of 6,800 respondents aged 18 years old and older from the US, UK, Canada, Germany, France, Spain, and Italy were surveyed. Researchers placed quotas on respondents’ gender, age, and place of residence to achieve a nationally representative sample of internet users.

Leave a comment »

Neeraj Methi Joins Myriad360 as New Vice President of Cybersecurity Solutions

Posted in Commentary with tags on February 19, 2025 by itnerd

Myriad360 today announced the appointment of Neeraj Methi as its new Vice President of Cybersecurity Solutions. As the company continues to expand its cybersecurity practice, the role of VP of Cybersecurity Solutions remains a key leadership position. Alpesh Shah, who previously held this role, has transitioned into the newly created position of Vice President of Security Alliances to further strengthen the company’s strategic partnerships.

A Philadelphia suburban resident, Methi brings extensive leadership experience in cybersecurity, strategic business growth, and solution architecture, reinforcing Myriad360’s commitment to delivering cutting-edge security solutions to its clients. As VP of Cybersecurity Solutions, Methi will develop and drive the Go-To-Market (GTM) strategy for Myriad360’s cybersecurity practice, setting the vision and direction for the company’s security solutions. He will also develop a roadmap for the growth of cybersecurity practice and identify areas of opportunity for expansion.

Methi joins Myriad360 with over 26 years’ experience in the technology sector, having played key roles in multiple high-growth companies. His career includes contributions to one IPO (Okta), one unicorn (OutSystems), and three successful startups. He is passionate about guiding organizations through complex cybersecurity challenges, fostering business expansion, and driving innovation in security solutions.

Outside of work, Methi enjoys yoga, meditation, healthy eating, and golf when time allows. He is a proud father of a 19-year-old son following in his footsteps in the tech industry, and a 16-year-old daughter who is a talented musician and crew team member.

For more information about Myriad360 and its leadership team, visit www.myriad360.com.

Leave a comment »

« Older Entries
Newer Entries »