BlackMatter, a new ransomware-as-a-service affiliate program which describes itself as incorporating “the best features of DarkSide, REvil, and LockBit”, has launched with promises that it will not target non-profits, healthcare, defence, government, utilities or oil and gas.…
UK MoD completes first-ever bug bounty exercise
The Ministry of Defence has, for the first time in its history, worked with ethical hackers to test and strengthen the cybersecurity of its network and estate of 750,000 devices.…
Google alum appointed as new Okta CTO
Former Vice President of Engineering Sagnik Nandy is to join the executive management team of identity provider Okta, as their new President of Technology and CTO – the second in as many weeks to leave Google for Okta.…
Remote workers save on coffee and commutes – but pay over $1mil more for a breach
This year’s Cost of a Data Breach report, put together by IBM Security and the Ponemon Institute, has found an annual increase of 10% in the cost of a breach, with a $1.1 million gap between breaches with or without remote work as a factor.…
White House issues memo on “vital” improvements to CNI cybersecurity
The White House has issued a national security memorandum aimed at countering cyberattacks against critical national infrastructure, which it describes as “among the most significant and growing issues confronting our Nation”.…
“My family could be in danger”: details of over 100,000 Guntrader users exposed
A database including thousands of names and addresses has been stolen from Guntrader, the UK’s largest online marketplace for guns, and published on the dark web.…
Okta announces first Chief Digital Officer
Identity provider Okta has announced that John Zissimos, formerly of Google and Salesforce, is to be their first Chief Digital Officer.
In the newly created role, Zissimos will report to Kendall Collins, Chief Marketing Officer, and will be responsible for the holistic creative, campaign, digital, and brand strategy for the company.
“Okta is a remarkable company and I was immediately drawn to the people, purpose, and product,” said Zissimos. “I’m a storyteller and teambuilder at heart and am humbled to play a role in telling the Okta story and leading the creative brand strategy in the next phase of the company’s journey. I’ve long admired the company’s culture, values, and effective method of empowering people and teams. In doing so, Okta has become the most trusted platform to secure every identity and I look forward to building on its strong brand foundation to create work that inspires and drives value for customers and workforces worldwide.”
Zissimos’ most recent position was as Vice President of Creative, Brand, Media, and Customer Programs at Google, where he led the team responsible for marketing the Google Cloud Platform globally. Other notable experience includes Chief Design Officer for Salesforce, and two decades as an award-winning advertising and design executive, film director, and photographer.
Since going public in 2017, Okta’s growth has slowed somewhat over the past few years, though the pandemic-driven need for more effective and friction-free identity management means it still saw a healthy 43% revenue growth in FY 2021.
Earlier this year, it announced new offerings in the areas of privileged access management and identity governance and administration, as well as a £6.5 billion acquisition of digital identity platform Auth0, which will continue to operate as an independent business unit within Okta.
With Okta clearly aiming to firmly consolidate its position as a leader in the identity space, and ramp up its revenue growth, the new Chief Digital Officer role is likely to play a key role in determining strategy.
“Okta has the incredible potential to become an iconic brand, and we are so excited to have John lead this effort and creatively influence our next phase of growth,” said Collins. “The Okta Identity Cloud touches tens of millions of knowledge workers and customers every day and John has the ideal skill set to evolve Okta’s brand strategy and deliver the delightful digital experiences that our users have come to expect. Okta will benefit tremendously from John’s pedigree in building the most recognizable software brands in the world. His brand vision, award-winning creative expertise, and empathetic approach to leadership and culture are unmatched. We are thrilled to welcome him to the team.”
Why bother with bolt-cutters? Almost half of Singapore’s crimes were online in 2020
According to the Cyber Security Agency of Singapore, cybercrime represented 43% of overall crime in 2020, with 16,117 cases reported: a year-on-year increase of 172%.
The Singapore Cyber Landscape report, published on July 8 2021, provides a review of Singapore’s cybersecurity standing in 2020, putting it its global context as well as providing a number of case studies.
The stand-out figure was the sharp increase in the number of cybercrimes reported. In terms of specific crimes, the largest growth area was in cyberextortion, which went from 68 reported cases in 2019 to 245 in 2020, an increase of 360%. Ransomware also saw a dramatic year-on-year rise of 154%, with the report noting a high proportion of incidents among small and medium sized enterprises.
The Internet of Things is also a major concern. The Cyber Security Agency observed a 94% increase in the number of malicious Command & Control servers hosted in Singapore, and detected approximately 6,600 botnet drones with Singapore IP addresses each day, a 287% rise from 2019’s daily average of 2,300.
“Due to the challenges brought about by COVID-19, 2020 was a watershed for digitalisation efforts across all parts of the economy and society,” said David Koh, Commissioner of Cybersecurity and Chief Executive of the Cyber Security Agency.
“Unfortunately, the speed and scale at which digital technology was adopted may have led to some risks being taken, and threat actors are capitalising on this. The Government, organisations, and individual users need to work together in order to keep ourselves secure in cyberspace.”
Looking forward to 2021 and beyond, the Cyber Security Agency cautions businesses to be aware of three key near-term cyber threats: ransomware, targeting of the remote workforce, and supply chain security. In the mid- and long-term, Singaporean businesses should be prepared to shore up IoT security – and to defend “space infrastructure”, with the Cyber Security Agency warning that satellites could be compromised in order to disrupt activities or obtain strategic information on targets.
UK Armed Forces launch new regiment to counter ‘deadly’ cyberattacks
A new cyber unit, the 13th Signal Regiment, has been formally stood up by the UK Ministry of Defence to protect ‘the new cyber frontline’.
The regiment consists of 250 specialists, brought together from across a number of existing UK Armed Forces cyber functions, and will form the basis of the new Army Cyber Information Security Operations Centre. In addition to providing secure networks for military communications, it will also offer specialist technical support for a hub which will test and implement ‘next generation information capabilities’.
“This is a step-change in the modernisation of the UK Armed Forces for information warfare,” said Defense Secretary Ben Wallace. “Cyber-attacks are every bit as deadly as those faced on the physical battlefield, so we must prepare to defend ourselves from all those who would do us harm and 13th Signal Regiment is a vital addition to that defence.”
Cyber-attacks are every bit as deadly as those faced on the physical battlefield, so we must prepare to defend ourselves from all those who would do us harmBen Wallace MP, Secretary of State for Defence of the United Kingdom
Though the cyber regiment itself is new, it takes the name of a previously existing regiment which was founded in 1934 and played a similar role providing secure communications until it was disbanded in 1994 in response to the Options for Change reforms which followed the end of the Cold War. It helped establish the use of wireless technology and high-frequency wireless radios, and was deployed to both France and the Middle East during WW2, as well as operating in Germany during the Cold War.
“The reformation of 13th Signal Regiment is an exciting step forward as the Royal Signals, Army and wider Defence rapidly drives up their potency and resilience in the information environment and cyber domain,” said Brigadier John Collyer, Commander of the 1st (UK) Signal Brigade, under which the 13th Signal Regiment will operate.
“The stakes are high and our success is increasingly and critically reliant on focusing our brightest men and women onto the opportunities and risks that underpin our operations – both home and away.”
Etisalat completes acquisition of ‘Who Secures The UAE’ multi-winner Help AG
Help AG, named by UAE CISOs as their most trusted cybersecurity reseller and consultant in Cyberviser’s own ‘Who Secures The UAE’ report, has been acquired by multinational Emirati telecoms giant Etisalat.
The German information security services, consultancy and solutions provider has been active in the Middle East for almost twenty years, with particular success in the UAE and Saudi Arabia. The acquisition is expected to create “the region’s strongest cyber security unit” by adding Help AG’s expertise and customer base to Etisalat’s existing information services and cybersecurity offerings.
“Help AG has established itself as the region’s trusted security advisor. With cybersecurity playing a fundamental role in all aspects of digital business today, this acquisition fits perfectly into our strategy of being a key enabler of secure, seamless and effective digital transformation for our customers,” said Salvador Anglada, Group Chief Business Officer at Etisalat.
“We have full trust and confidence that Help AG’s leadership will effectively add value to our security portfolio and amplify the cyber security capabilities of our clients.”
The acquisition forms part of a trend seen worldwide in recent years, with cybersecurity providers – particularly those providing consulting services – being acquired by non-cybersecurity companies. Telcos in particular have shown a significant interest in the space, with Orange and AT&T being notable examples, though consultancy firms such as Accenture and others in the technology space such as Broadcom have also made a number of high-profile acquisitions.
Globally, the trend reflects the growing acceptance that cybersecurity is not just for banks and the Fortune 500 anymore. Particularly driven by tighter regulatory requirements around data privacy (notably the introduction of the GDPR and CCPA in 2018), companies which previously took their chances on security have now realised two things.
Firstly, that inadequate cybersecurity now presents a significant risk – and secondly, that for the majority of SMBs, in-house cybersecurity is prohibitively costly, requiring significant investment not just for purchasing solutions but also hiring and maintaining specialised staff.
For many of these organisations, the answer is to outsource the majority of their cybersecurity workload to a company which can provide security as a service – and for companies unfamiliar with the overwhelmingly expansive cybersecurity market and its wide range of services, if they can get that service from a trusted provider, so much the better. If it can be packaged with an existing telecoms bundle, further simplifying the vendor management process, that significantly adds to the appeal of both the security offering and the telecoms bundle.
This is doubly the case in the UAE, which research shows is particularly hard-hit by the global shortage of cybersecurity professionals – AKJ’s ‘Who Secures The UAE’ research has found year after year that the UAE’s cybersecurity teams are a fraction of the size of their European counterparts, with most companies reporting they employ only one or two cybersecurity professionals.
Many UAE organisations have been impacted by the GDPR and CCPA via their clients and partners, as well as the Bahrain Data Protection Law which came into force last year. But there’s more to come, with the UAE parliament having recently approved a draft federal law on consumer protection, which includes provisions on data security.
Etisalat may well have anticipated that if and when this new law comes into effect, it will drive a similar rush to shore up security, and a similar demand for expert guidance, as the GDPR did in Europe. The acquisition of Help AG combines its reputation as a trusted supplier of cybersecurity services and solutions with Etisalat’s own status as a trusted household name and provider of digital services – positioning the company perfectly to take advantage of the likely spike in demand for cybersecurity expertise in the next few years.