The editors at Solutions Review have curated this list of the most noteworthy identity management and information security news for the week of February 10. This curated list features identity management and information security vendors such as Baffle, Cisco, Cybrary, and more.
Keeping tabs on all the most relevant identity management and information security news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month, in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy identity management and information security news items.
Identity Management and Information Security News for the Week of February 10
Baffle Launches Multi-Tenant Data Security Platform
Baffle, Inc. announced that its release of Baffle Multi-Tenant Data Security makes SaaS applications and their underlying databases even easier to protect with record-level encryption. This ensures that any SaaS provider meets the most stringent privacy regulations and gives their customers complete protection and control of their data. As a result, the SaaS vendor gains a competitive advantage and the ability to monetize enhanced data security.
Sharp Notifies Nearly 63,000 Patients of Data Breach
Sharp HealthCare, San Diego’s largest health provider, announced Monday that it has begun notifying 62,777 of its patients that some of their personal information was compromised during a hacking attack on the computers that run its website, sharp.com. Stressing that the breach did not include bank account or credit card information, Social Security numbers, health insurance information, dates of birth, health records or “information about the services received,” Sharp says the type of compromised information “varied from person to person.”
Dashlane Open-sourced Its Android and iOS Apps
Dashlane announced it had made the source code for its Android and iOS apps available on GitHub under the Creative Commons Attribution-Noncommercial 4.0 license. The popular subscription-based password manager and digital wallet have decided to release the code of its mobile apps to increase transparency in how they operate while also promoting a more collaborative and open development approach going forward.
NCC Group Report: “Ransomware Attacks Take Slight Dip in 2022”
Global cyber security and risk mitigation expert NCC Group monitored a slight decrease of 5 percent in ransomware attacks between January – December 2022 with 2,531 attacks, according to its 2022 Annual Threat Monitor Report. Compiled by NCC Group’s Global Threat Intelligence team, the report details the events of 2022 and their impact on the cyber threat landscape, providing an overview of incidents across all sectors and highlighting global trends.
Researcher Breaches Toyota Supplier Portal with Info on 14,000 Partners
Toyota’s Global Supplier Preparation Information Management System (GSPIMS) was breached by a security researcher who responsibly reported the issue to the company. GSPIMS is the car manufacturer’s web application that allows employees and suppliers to remotely log in and manage the firm’s global supply chain. In a test intrusion, the researcher found that he could freely access thousands of confidential documents, internal projects, supplier information, and more.
Strike Graph Now Offers Security Audits as Part of Platform
Strike Graph, a compliance operation and certification platform, this week announces a new integrated solution which allows customers to go through security audits powered by technology at a fraction of the cost and time. Strike Graph makes the process efficient and simple by providing all the necessary capabilities and technology to go from start to certification. Its platform helps small to midsize companies scope right-sized compliance programs, dynamically adjust controls, and successfully complete and deliver security certifications, like SOC 2 and ISO 27001, through technology-powered audits.
Cisco Announces Major Hybrid Work-Related Updates to Security Cloud Platform
Cisco customers can now access new risk-based capabilities across Cisco’s security portfolio to better protect hybrid work and multi-cloud environments. These advancements demonstrate progress towards realizing the full vision of the Cisco Security Cloud protecting the integrity of an organization’s entire IT ecosystem. Cisco also introduced initial findings from the first-ever Cybersecurity Readiness Index focused on five core pillars of security protection– identity, devices, network, applications, and data. While technology to secure devices is widely adopted, more progress is needed to protect identity, networks and applications.
Logpoint Adds ChatGPT To Its Cybersecurity Arsenal
The latest to embrace the potential of ChatGPT is Logpoint which is launching ChatGPT integration for its Security Orchestration, Automation and Response (SOAR) product. Integration with ChatGPT allows it to create an executive summary of the main findings and remediation recommendations from an investigation that’s easy for executives to read. A SOAR playbook can also provide ChatGPT with the severity level and main timeline events of an investigation to generate breach report drafts from attacks for an analyst to review and approve before further distribution, saving a lot of time spent on reporting.
Cybrary Makes 500+ Hours of Premium Training Content Free
Cybrary, a training platform for cybersecurity professionals, this week announced Cybrary Free Access, an offering unlocking more than 500 hours of free, premium cybersecurity skills training and upskilling content. The move is designed to address the longstanding cybersecurity skills shortage, which is a result of the lack of affordable quality training options that provide current and prospective cybersecurity professionals with the guidance and practical skills required to secure employment. Through Cybrary Free Access, participants gain access to guided instruction on key foundational roles and concepts, certification preparation, and threat-based training to develop skills to defend against real adversaries.
Expert Insights Section
Watch this space each week as Solutions Review editors will use it to share new Expert Insights Series articles, Contributed Shorts videos, Expert Roundtable and event replays, and other curated content to help you gain a forward-thinking analysis and remain on-trend. All to meet the demand for what its editors do best: bring industry experts together to publish the web’s leading insights for enterprise technology practitioners.
Security Compliance: Why It’s A Business Accelerator
All too often, early-stage companies wait until a security certification is required by one of their partners or becomes legally required before they decide to take action. At that point, they’re already way behind on their security compliance. While they’re playing catchup, the competition is winning deals. I’ve experienced the pain of this situation firsthand. At one of my prior companies, we were in the final stages of closing a deal with a critical customer when they requested our SOC 2 audit. But, like many young organizations, we didn’t have one yet. We spent the next six months scrambling– filling out security questionnaires, reviewing our policies and practices, and going through security reviews.
Super Bowl Cybersecurity Lessons
“The highly anticipated game between the Eagles and the Chiefs serves as a timely reminder of how vulnerable these types of transactions are and how frequently they are targeted by attackers and bots. Regardless of whether you are purchasing tickets to a football game, concert, or transferring money, all transactions need to be secured and ultimately, we want to ensure every transaction has a real identity tied to it. Ticket sales are a digital transaction that could be further secured by having a digital identity tied to help ensure bot-based attacks have less impact.
Although service providers — such as Ticketmaster — may be concerned about impacting the user experience, implementing the right technology for verifying the end user, does not have to come at the price of increasing the user experience. Most ID verification capabilities ensure a secure process that helps customers put more trust in their vendors. After performing ID verification, customers are protected via strong credentials such as passwordless FIDO (Fast ID Online) technologies, or secure PUSH Authentication leveraging built in mobile biometrics, like FaceID and fingerprints. As the transaction is processed, the provider typically looks to capture the user’s intent and to store that intent so that it can be verified in the future, if needed.
The bottom line is that transactions not tied to identities and not secured lead to bad user experiences and offer increased attack surfaces. Customers should look at their digital processes and start to envision how those transactions are changing in the virtual world that is on the horizon.”
-Will LaSala, Field CTO at OneSpan
- 9 SIEM Best Practices to Consider in 2023 - March 27, 2023
- Identity Management and Information Security News for the Week of March 24; Veza, Zenoss, Softforum, and More - March 24, 2023
- 7 Questions to Ask MDR Solutions Providers in 2023 - March 17, 2023