Today Is World Password Day

Posted in Commentary with tags , , on May 2, 2024 by itnerd

World Password Day is today. It started as a sort of Valentine’s Day (i.e., a completely made-up day) to remind everyone to pay extra close attention to log-ins so as not to fall prey to bad actors. Nowadays, the day just seems like more of a reminder of how hackable we all are.

Below are the thoughts of some industry experts on World Password Day:

Ted Miracco, CEO, Approov

https://www.linkedin.com/in/tedmiracco

“Despite the availability of more secure methods, too many systems still rely solely on passwords for protection. This makes them vulnerable to textbook attacks such as phishing, keylogging, and credential stuffing. Combining mobile attestation with token-based API access presents a more robust and user-friendly alternative to traditional password-based authentication, particularly in mobile environments. By shifting the security focus from something the user knows (password) to something the user has (a secure device) and something the user can access (a token), the security model becomes inherently multi-factor, without the added friction typically associated with 2FA methods. This approach effectively addresses both security and usability, which are critical for mobile device interactions and the protection of sensitive data in mobile applications.”

Craig Harber, Security Evangelist: Open Systems

https://www.linkedin.com/in/craig-harber-531883188/

“Strong passwords are essential but cannot be a standalone defense mechanism to deter threat actors. The optimal length for a password depends on various factors, but security experts generally agree that a longer password is more secure. However, if the passwords are too long and too complex, users will write them down, defeating the purpose. Strong passwords must be paired with Multi-Factor Authentication (MFA) to provide a significant hurdle to stop threat actors. 

“So, as we celebrate another World Password Day, it’s important to remember that without a unique, random, and complex password acting as the first line of defense, the additional protection of MFA is weakened.”

Albert Martinek, cyber threat intelligence analyst, Horizon3.ai
https://www.linkedin.com/in/albert-martinek-6267aa227/

“As the trend remains from last year, cyber threat actors don’t typically use sophisticated hacking tools and techniques like zero-day exploits to gain access to a network; they simply log in with legitimate user credentials. Once they gain initial access, threat actors then appear as legitimate users and can move laterally within a network to gain further access and establish persistence, steal sensitive data, bring down systems, and/or hold the organization hostage through ransomware.

“To help harden organizational systems and networks, as well as your personal accounts, implementing strong password policies are key. This includes sophistication and length requirements as described in the latest recommendations from NIST Special Publication 800-63B to include: 12 characters or more; no passwords matching the list of known breached passwords, no passwords derived from dictionary terms, contextual terms (company name, products name, etc.), or user information (first name, username, DOB, etc.); and uniqueness.” 

Leave a comment »

Verizon Data Breach Investigations Report For 2024 Is Out

Posted in Commentary with tags on May 2, 2024 by itnerd

Verizon has released the 2024 Data Breach Investigations Report (DBIR). The report, as always has a wealth of great statistics to choose from. Here’s the key takeaways:

  • Vulnerability exploitation surged by nearly 3X (180%) last year.
  • Ransomware and the meteoric rise of extortion techniques accounted for a third (32%) of all breaches.
  • More than two-thirds (68%) of breaches involve a non-malicious human element.
  • 30,458 security incidents and 10,626 confirmed breaches were analyzed in 2023—a two-fold increase over 2022.
  • Verizon security by the numbers: 4,200+ networks managed globally, 34 trillion raw logs processed/year, and 9 security operation centers around the globe.

Ted Miracco, CEO, Approov Mobile Security:

   “The fact that it takes 55 days for organizations to remediate 50% of critical vulnerabilities listed in the CISA’s KEV catalog after patches are available points to a significant gap, that presents a critical window of opportunity for attackers to exploit known vulnerabilities. it is crucial for organizations to streamline their vulnerability scanning and patching procedures to outpace malicious activities. Without timely and comprehensive vulnerability information, organizations are at an extreme disadvantage in securing their systems against known exploits.”

I would register to get this report and spend some time reading it in detail. It will give you a roadmap as to secure your organization from the ever growing threats that seem to be everywhere these days.

UPDATE: Darren Williams, CEO and Founder, BlackFog adds this comment:

     “Mirroring BlackFog’s own data this report shows a significant increase in attacks over previous years. While this report indicates 32% of all breaches involved extortion, BlackFog’s own data shows that 92% of all ransomware involves extortion, an important distinction in this subset. It is also important to point out once the data is stolen it can, and is often used to target multiple victims from the original source down to the individual themselves. This data is also used to target other victims months or years into the future and highlights the importance of preventing data exfiltration.”

Leave a comment »

Token Advances Next-Generation MFA with New Token Ring Featuring BioTouch Secure

Posted in Commentary with tags on May 1, 2024 by itnerd

Token today announced the new Token Ring with BioTouch Securetm, a simple, fast, and user friendly way to protect organizations against phishing and ransomware cyberattacks. The new Token Ring features a high-resolution 508 DPI capacitive fingerprint sensor, a large capacity secure element, a capacitive-touch bezel, and NFC and Bluetooth communications. BioTouch Secure integrates fingerprint biometrics, the most secure form of user authentication, into an attractive wearable device for convenience and to prevent the loss or theft of authentication devices. The new Token Ring will be available starting in late Q2. The company will be demonstrating the new Token Ring at RSAC 2024 in the Token Booth, NXT-1 in the Next-Stage Expo.

The Ransomware Epidemic

Losses from ransomware attacks and data breaches are reaching new highs every year and will set another record in 2024. In numerous surveys of CISOs, the threat of ransomware attacks and data breaches is reported as the greatest cybersecurity risk to the organization. This year has already witnessed the first billion-dollar-plus ransomware loss, something unthinkable just a short time ago. Organizations of all types and sizes have become attractive targets for cybercriminals because most are using 20-year-old legacy MFA technology as their primary defense. The Cybersecurity and Infrastructure Security Agency (CISA), an operational component of the Department of Homeland Security (DHS), reports that 90% of successful cyberattacks start with a phishing email. The easy availability of non-technical tools on the dark web, including Ransomware-as-a-Service and Fraud GPT, have democratized cyberattacks and removed the technical barrier previously limiting the number of attacks.

The Benefits of Next-Generation MFA

The sophistication of cyberattacks and the technology integrated into modern cybersecurity solutions has advanced at an incredible pace while human skills have not kept pace. User vulnerabilities are the number one risk factor. The adoption of generative AI by cybercriminals means that phishing emails are becoming increasingly difficult for even the best trained user to detect. According to Rob Joyce, the Director of Cybersecurity at the National Security Agency (NSA), cybercriminals are using generative Artificial Intelligence (AI) Large Language Models such as ChatGPT to make their attacks appear more legitimate to native English speakers. The advent of deep fakes compounds the risk. Organizations that rely on 20-year-old MFA technology are at significant risk of credential theft, MFA prompt bombing, BYOD compromise, Adversary-in-the-Middle (AitM/MitM), and other common attack methods. Next-generation MFA eliminates all these vulnerabilities by removing user vulnerabilities from the process.

A Market in Desperate Need of a Solution to Ransomware

First introduced in 2023, Token Ring has received a tremendous response from the market. It offers security that stops phishing and ransomware attacks, has very fast implementation, integrates easily with every IAM, SSO, and PAM solution available, and is easy for users to adopt. The growing list of organizations awaiting evaluation (Proof of Concept) rings and engaged with Token includes:

  • 5 of the top 10 US financial institutions
  • 3 of the top 5 consulting firms
  • 3 of the top 5 US wireless providers
  • 2 of the largest healthcare providers
  • Major retailers, insurance providers, automakers, and businesses

Organizations have invested countless millions of dollars and innumerable hours of lost productivity training every user to be an expert at identifying phishing attacks and ways to avoid falling victim to attacks on MFA. Increasingly, these efforts are failing because outdated legacy MFA has not kept pace with modern cyberattacks.

Resources for more information about Token and Token Ring 

Token and Microsoft webcast:
Generative AI: A Game Changer for Infrastructure Security and Hacker Strategy
https://www.tokenring.com/blog/cybersecurity-generative-ai

Token and Cisco webcast:
Prioritize Your 2024 Cybersecurity To-Do List: Strategies and Insights for the Year Ahead
https://www.tokenring.com/blog/2024-cybersecurity-to-do-list

Token and Okta webcast:
The Increasing Importance of Identity Security in the Era of The Mega-Breach and Gen AI
https://www.tokenring.com/blog/2024-importance-of-identity-security

Token website: www.tokenring.com

Leave a comment »

TikTok Is Trying To Dodge Apple App Store Fees

Posted in Commentary with tags on May 1, 2024 by itnerd

If TikTok isn’t in enough trouble as it is, you can add angering Apple to the list. TechCrunch is reporting that it appears that the beleaguered social network appears to be trying to dodge App Store fees:

TikTok may be routing around the App Store to save money on commissions. According to new findings, the ByteDance-owned social video app is presenting some of its users with a link to a website for purchasing the coins used for tipping digital creators. Typically, these coins are bought via in-app purchase, which requires a 30% commission paid to Apple.

The feature may be hidden from most users, either by design or because it’s only shown to users in a specific group, like testers or high spenders. In any event, those who do have access to the new option are seeing a screen that encourages them to “recharge” — that is, buy more coins — via tiktok.com. Although these screenshots were discovered within the iOS app by TechCrunch tipster David Tesler, it’s not clear how many TikTok users are seeing them or when or how they’re being shown.

Tesler says the option to purchase via the web was displayed to an account that had previously purchased a large amount of coins.

In some cases, users are shown a screen that includes a message such as “Try recharging on tiktok.com to avoid in-app service fees” followed by a “Try now” link. Other times, they may get a pop-up that says “Try recharging on tiktok.com” with another message about the potential savings. This one reads, “You can save the service fee and get access to popular payment methods,” and is followed by a big, red “Try now” button or a less prominent option that says “Don’t show again.”

That honestly is exactly the sort of thing that Epic Games tried to do which led to it being punted off the App Store, not to mention the Google Play store. If TikTok is truly that stupid to try this, I expect the same result. Which means that they won’t have to worry about the US Government shutting them down. Instead they will have to worry about Apple and presumably Google taking them out globally.

This should be fun to watch.

Leave a comment »

Elon Caught Hyping Up Tesla’s Self Driving Claims To The Determent Of Having Safe Roads For All

Posted in Commentary with tags on May 1, 2024 by itnerd

Boy oh boy does Elon have a lot of issues at the moment. On top of sacking 10% of Tesla staff because sales have plummeted, then yesterday sacking the team behind the Supercharger network, which has to scare you if you have a Tesla or another EV with an NACS plug, the self driving capabilities of Tesla have come under scrutiny. An organization called The Dawn Project conducted tests on Tesla’s self driving capabilities, and the results were not good. In fact, if Tesla’s full self driving were to take a driving test, it would fail. To make matters worse, according to The Dawn Project, Tesla has not fixed any of these issues, but they also tried to silence them.

Classy Elon. Really Classy.

But we’re not done. The NTHSA has looked in this and said the following:

A comparison of Tesla’s design choices to those of L2 peers identified Tesla as an industry outlier in its approach to L2 technology by mismatching a weak driver engagement system with Autopilot’s permissive operating capabilities.

Translation: Tesla’s self-driving software lacks the necessary safeguards to protect people.

The NTHSA also said this:

Notably, the term “Autopilot” does not imply an L2 assistance feature, but rather elicits the idea of drivers not being in control. This terminology may lead drivers to believe that the automation has greater capabilities than it does and invite drivers to overly trust the automation. Peer vehicles generally use more conservative terminology like “assist,” “sense,” or “team” to imply that the driver and automation are intended to work together, with the driver supervising the automation.

Translation: Tesla’s marketing is kind of playing fast and loose with the term “Autopilot” giving consumers the perception that it is more capable than it really is.

The net result is that the NTHSA is taking another look into Tesla and self driving. And you can bet that this look is going to be far more involved than the last look that the government agency did. Which is a good thing because we all deserve to be safe on the roads. And if you have a company that might be throwing caution to the wind in order to sell cars, that company needs to be held accountable. That likely explains why Tesla cut the price on full self driving and gave away a free one month trial recently. Elon knows that accountability is coming, and it’s coming very soon.

Sucks to be you Elon.

Leave a comment »

Appdome Announces Agentless Endpoint Detection Response

Posted in Commentary with tags on May 1, 2024 by itnerd

 Appdome today announced Appdome MobileEDR™, a new enterprise mobile app protection service that consolidates Mobile Threat Defense (MTD) and Endpoint Detection & Response (EDR) capabilities into a single agentless product offering. MobileEDR leverages the 300+ defenses of the Appdome platform and provides real-time mobile threat and attack detection, deep mobile device inspection and anywhere enforcement to keep enterprise networks and resources safe from malware, supply chain and other attacks.

Legacy MTD and mobile EDR solutions have failed to adequately protect against the growing proliferation of mobile threats. To work, these early offerings required user-dependent software agents, such as separate mobile apps or profiles, to be installed on the user’s mobile device(s). These added agents, apps and profiles raised privacy concerns among employees, slowed adoption and could be disabled by the mobile end user, leaving gaps in device inspection and mobile threat detection.  Likewise, these early offerings often impose a manual implementation burden and complex SDKs on resource constrained mobile development teams, leading most teams to shelve or abandon MTD and mobile EDR deployment. Appdome is eliminating this friction and delivering the world’s first agentless, no code, no server solution for enterprise mobile apps to ensure maximum enterprise adoption and protection.

The Appdome MobileEDR is an in-app mobile EDR and MTD solution coded into enterprise mobile applications by Appdome’s patented no-code, unified mobile app defense platform. By delivering the needed device inspection, threat detection and telemetry capabilities in the mobile app itself, Appdome provides continuous and comprehensive monitoring of Android and iOS devices, including mobile smartphones, embedded apps, VR apps, and wearable apps. All mobile threat inspections are performed throughout the lifecycle of use for each mobile app, without any server, server call outs or other external attestation. This ensures full runtime protection, improves stability and responsiveness, and eliminates signal spoofing common with server attestation services. 

Key features of Appdome MobileEDR solution include:

  • In-App Enterprise Delivery: Appdome MobileEDR is the only solution that can be deployed in both internally developed and 3rd party mobile applications without any code, coding, SDKs or servers. All mobile EDR/MTD capability is added in the enterprise application and hardened against reverse engineering and attacks by design.
  • In-Use Mobile Threat Inspection:  Once embedded in an enterprise mobile app, Appdome’s Threat-EKG feature functions as a persistent mobile EDR/MTD solution during the lifecycle of use for each mobile application. That means, it operates when the enterprise mobile application is in use (and does not operate when it’s not in use). This eliminates any privacy concerns and allows the mobile EDR/MTD to detects mobile threats relevant to the enterprise business in real time.
  • Broadest Mobile Threat Detection: Appdome packs 300+ mobile app security, anti-malware, anti-spyware, anti-vishing, anti-fraud, social engineering, geo-compliance, and anti-bot defenses into MobileEDR to offer enterprises the most comprehensive mobile device inspection, EDR and MTD on the market. 
  • Anywhere Enforcement: The Appdome MobileEDR’s Anywhere Enforcement™ model allows enterprises to use mobile threat detection and defense data across the entire enterprise infrastructure, including the mobile app, mobile app server, IAM service layer, UEM/MAM/MDM, or firewall/WAF. This ensures that enterprises can get the full benefit of deep device inspection on managed and unmanaged mobile devices.
  • Adaptive Mobile Trust: Appdome MobileEDR is the only mobile threat detection and defense system that empowers the enterprise to set the level of trust to use in evaluating on-device mobile threats. Enterprises can use either Zero-Trust, to ensure the device is free of any specific threat before allowing connection, login or activity in the mobile app. Or, Enterprises can use Dynamic Trust which evaluates the device state dynamically throughout the lifecycle of mobile app use.
  • Appdome ThreatSource™: Appdome MobileEDR comes ready to use with application userID or sessionID to give enterprises even deeper investigation and telemetry on threats and attacks impacting their users and network.
  • Appdome ThreatScope™ Mobile XDR: Telemetry data is visualized in ThreatScope, which provides instant visibility and rapid, agile response to any threat or attack against Android & iOS apps.

Appdome will be demonstrating the new Appdome MobileEDR solution at the RSA Conference 2024 in San FranciscoMay 6-9, 2024 in booth #2339. For more information about Appdome MobileEDR, please visit our web site at https://www.appdome.com/enterprise-mobile-app-security/mobile-endpoint-detection-and-response/.  

Leave a comment »

ESET PROTECT Portfolio Now Includes New MDR Tiers and Features 

Posted in Commentary with tags on May 1, 2024 by itnerd

 ESET today announced the launch of two new Managed Detection and Response (MDR) subscription tiers: ESET PROTECT MDR for small and medium businesses (SMBs) and ESET PROTECT MDR Ultimate for enterprises. These offerings are built on the foundation of ESET PROTECT Elite and ESET PROTECT Enterprise, offering businesses of all sizes the most comprehensive, AI-powered threat detection and response capabilities, in combination with expert human analysis and comprehensive threat intelligence.

ESET’s MDR offerings are designed to cater to the specific needs of both SMBs and Enterprises. To that end, ESET PROTECT MDR delivers a comprehensive cybersecurity package, offering 24/7/365 superior protection that addresses the most common challenges of small and medium-sized businesses. This includes modern protection for endpoints, email, and cloud applications, vulnerability detection and patching, and managed threat monitoring, hunting, and response. It addresses the cybersecurity talent shortages and ensures compliance with cyber insurance and regulations, offering a remarkable 20-minute average time to detect and respond, a comprehensive MDR dedicated dashboard and regular reporting for complete peace of mind.

For enterprises, ESET PROTECT MDR Ultimate offers continuous proactive protection and enhanced visibility, coupled with customized threat hunting and remote digital forensic incident response assistance. This comprehensive service is designed to support overstretched SOC teams, providing them with 24/7 access to world-class cybersecurity expertise. It ensures enterprises stay one step ahead of all known and emerging threats, effectively closing the cybersecurity skills gap, and facilitating expert consultations for incident management and containment in a fully managed experience.

ESET also sets itself apart with its own telemetry and unique global coverage, leveraging its detections and ESET Research to gather unique data about attacks, a competitive edge not offered by many players in the market.

Enhancements to the ESET business portfolio

Additionally, all ESET PROTECT subscription tiers, starting from ESET PROTECT Advanced, are now enhanced with ESET Mobile Threat Defense (EMTD). This new value-added, standalone module extends attack vector coverage to an organization’s entire mobile fleet, seamlessly integrating into the ESET PROTECT Platform for efficient management, ensuring comprehensive protection for mobile devices. EMTD also includes a Mobile Device Management (MDM) functionality, with added support for Microsoft Entra ID.

Moreover, ESET Server Security introduces a firewall specifically designed for Windows servers, and Vulnerability & Patch Management, offering manual patch management and a 60-second delay of application process kill.

For more detailed information about ESET and its updated portfolio, please visit the dedicated offering pages forSMBs and Enterprises

Leave a comment »

Qantas Has An EPIC Privacy Breach On Their Hands

Posted in Commentary with tags , on May 1, 2024 by itnerd

This one is bad. Qantas as in the Australian airline has one hell of a privacy breach on its hands. The Guardian has the rather bad (if you’re Qantas) details:

Potentially thousands of Qantas customers have had their personal details made public via the airline’s app, with some frequent flyers able to view strangers’ account details and possibly make changes to other users’ bookings.

Qantas said late Wednesday its app had been fixed and was stable, after two separate periods that day “where some customers were shown the flight and booking details of other frequent flyers”.

The airline said this didn’t include displaying financial information, and that users were not able to transfer Qantas points from another account or board flights with their in-app boarding passes.

Clare Gemmell from Sydney said that she and four colleagues encountered the problem shortly after 8.30 on Wednesday morning.

“My colleague logged in and said ‘I think the Qantas app has been hacked because it’s not my account when I log in’.”

When Gemmell logged into the app, she was greeted with a message saying “Hi Ben”. The app told her Ben had more than 250,000 points and an upcoming international flight.

“Another colleague of mine said it looked like she was able to cancel somebody’s flight ticket,” she said.

“You could see boarding passes for other people, one of my colleagues could see a flight going to Melbourne and it looked like you could interact and actually affect the booking.”

Well, that’s one hell of a screw up that Qantas has apparently now fixed. But it’s still bad. Ted Miracco, CEO, Approov had this comment:

This incident with the Qantas mobile app is quite concerning from both a cybersecurity and privacy perspective. Many companies fail to implement adequate API security, which can lead to issues like the one potentially faced by Qantas. The security of APIs is critical as they often handle the logic, user authentication, session management, and data processing that apps rely on to function.

The problem described suggests a significant issue with how user sessions and data are being handled within the app. The Application Programming Interface (API) is incorrectly processing or validating session tokens, leading to unauthorized access to data. The exposure of such personal information, including booking details, frequent flyer numbers, and boarding passes, poses serious risks and liability. The data could be used for identity theft, phishing scams, or unauthorized access to further personal information. Such a breach should have significant legal and compliance implications, particularly under data protection regulations like the Australian Privacy Act (APA) or GDPR, if any EU citizens are affected, or other local privacy laws, depending on the nationality of the affected passengers.

The reliance solely on Google and Apple’s app store security measures for safeguarding mobile applications is indeed a common oversight that can lead to significant security challenges, as potentially evidenced by the Qantas incident. The security features provided by these platforms primarily focus on ensuring that apps are free from known malware at the time of upload and meet certain basic security criteria. However, these protections do not extend into the realms of runtime security, business logic, and specific data handling practices which are critical for ensuring application security.

Stephen Gates, Security SME, Horizon3.ai adds this:

Most people who utilize mobile apps don’t realize that these apps use APIs to communicate between the app and the app provider’s backend. And APIs are often full of potential vulnerabilities and subsequent risks due to how they are implemented. 

This is the primary reason why the OWASP API Security Project was created resulting in the most recent version: 2023 OWASP API Security Top 10. Being a contributor of the Top 10 2019 version, and spending time with founding leaders of the Security Project, the API risks organizations and consumers face today are quite clear. 

Today’s software (app) developers must not only become familiar with the API Top 10, but also become experts in understanding the intricacies associated with APIs. The API Top 10 provides highly detailed example attack scenarios as well as excellent recommendations on how to prevent such risks from occurring.

Qantas has some explaining to do to a whole lot of people because of this screw up. I hope they have detailed answers at the ready because this is one of these situations where people are going to want those answers. And they won’t be satisfied with anything less.

Leave a comment »

Volvo Study Reveals, 64% of Canadians Are Eyeing Electrified Vehicles for Next Purchase

Posted in Commentary with tags on May 1, 2024 by itnerd

Despite industry headwinds, 64% of Canadians looking to purchase a new vehicle say they would consider a hybrid, plug-in hybrid, or fully electric as their next vehicle in the next five years, according to new research released today.

This insight appears in the 2024 Mobility Trend Report, an exploratory study by Volvo Car Canada. The study comes as the country is experiencing mixed sentiment in the electric vehicles (EVs) category due to Canadians’ automotive preferences and evolving economic conditions.

The 2024 Mobility Trend Report highlights that amidst economic headwinds, three quarters of Canadians who wouldn’t consider an EV, say it’s because they’re too expensive. While other barriers center on infrastructure and charging aspects of the vehicle: 65% are worried they will get stranded if they run out of charge, and 59% say there are not enough places to charge one respectively.

New data points to help to illustrate the barriers that are top of mind and the current sentiment towards fully electric vehicles include:

  • Three-quarters (76%) of those not open to purchasing an EV say it’s too expensive.
  • Nearly four in five (78%) agree there currently isn’t enough publicly available charging infrastructure to make electric vehicles a good option and 72% say they aren’t worth the cost.
  • Only 15% of Canadians feel EVs are generally better than gas vehicles in terms of overall costs, including purchase price, gas/charging costs, maintenance, insurance, etc.
  • Two-thirds (64%) feel the environmental benefits of EVs are over-hyped.

Addressing these concerns is critical to making a difference in consumer willingness to purchase an EV, as 46% of respondents say vehicles with a longer maximum range would make a difference, 42% say easier to find charging stations, and 38% say better government rebates or incentives.

In 2023, Volvo Car Canada unlocked additional charging access with NACS that will come into effect this year as an effort to address consumers concerns around charging infrastructure. The agreement will enable access to Tesla’s Supercharger network providing access to an additional 12,000 fast-charge points.

Recently, Volvo Car Canada launched the EX30, its smallest and most affordable SUV yet, demonstrating its efforts to effectively meet consumers’ needs. The EX30 is designed to have the smallest CO2 footprint of any Volvo car to date, and to make people’s lives safer, more convenient, and more enjoyable through cutting-edge technology and Scandinavian design.

According to the 2024 Mobility Report, those most likely to consider a hybrid, plug-in hybrid, or fully electric vehicle are from BC (74%) and between the ages of 18 and 34 (76%).

March sales underscore Volvo Car Canada’s leadership in electrification and understanding consumer demands with electrified models — including both plug-in hybrids and fully electric vehicles — making up 50% of all sales.

Volvo Car Canada remains committed to its sustainability goals, continuously adapting to meet the needs of Canadians and paving the way for a greener future. The company plans to expand its discussions on consumer education about EVs and collaborate closely with stakeholders to enhance the EV ecosystem across Canada.

About This Study
These are the findings of a survey conducted by Volvo Car Canada from March 26th to 28th, 2024 among a representative sample of 1,000 online Canadians who are members of the Angus Reid Forum. The survey was conducted in English and French. For comparison purposes only, a probability sample of this size would carry a margin of error of +/- 3 percentage points, 19 times out of 20.

Leave a comment »

TELUS Volunteers Contributed 1.5 Million Volunteer Hours In 2023

Posted in Commentary with tags on May 1, 2024 by itnerd

TELUS has announced its 19th annual TELUS Days of Giving, a month-long initiative rallying TELUS team members, retirees, and partners around the world to volunteer and give back in their local communities. At a time when charities are seeing an increased need for services, and companies are facing increased levels of disengagement, giving back helps foster meaningful connections, driving short and long-term benefits for individuals, teams and the broader community. According to the most recent Canada Helps Giving Report, 55.2 per cent of charities have fewer volunteers than before the pandemic and an alarming 57 per cent of charities are already unable to meet their current demand. Meanwhile, Gallup’s latest research finds that 64 per cent of US employees are either actively disengaged or not engaged. Championed by TELUS team members for almost two decades, TELUS Days of Giving has since become its signature, global volunteer movement, supporting thousands of team members and charities alike. Last year alone, more than 80,000 volunteers gave back in 32 countries through thousands of volunteer opportunities, contributing to 1.5 million volunteer hours in 2023, more than any other company in the world. TELUS’ goal is to match these record-breaking results in 2024.

Companies with a strong social purpose experience a 52-per- cent lower turnover rate among new employees and have a more engaged workforce than ones that don’t. Driven by its philosophy, “Give where we live”, TELUS’ unwavering commitment to giving back has served to fuel its incredible strategic growth from regional telecom provider to global technology powerhouse, with over 132,000 team members and retirees around the world. From cleaning local shorelines and parks, donating blood, planting trees, recycling old mobile devices, or volunteering at neighbourhood food banks, TELUS Days of Giving enables team members, their families, customers and retirees to foster deeper connections with each other while helping make a meaningful difference in their own backyard. 

Throughout the month of May, TELUS is also encouraging customers to join them in raising funds for local animal charities by entering for a chance to win a special critter date experience and all expenses paid trip to Pegasus Animal Sanctuary, located in Ontario. For every entry TELUS will donate $1 to a local animal charity. Additionally, for less than $1/month customers can also join TELUS Change for Good, rounding up their monthly bill to support local youth charities through the TELUS Friendly Future Foundation

To learn more about how TELUS is helping create a friendlier future for all, visit telus.com/purpose.

Leave a comment »

« Older Entries
Newer Entries »