JumpCloud has acquired Resmo to boost its platform. It adds asset management and SaaS security tools for cloud-native IT and SecOps teams to the JumpCloud Platform. Justin Giardina, Chief Technology Officer of 11:11 Systems, recently visited London. It was an opportunity for Enterprise Times editor Ian Murphy to ask him about cyber resiliency and how it is helping their customers become more resilient to attack.
FBI
The FBI Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report. It draws together information from over 880,000 complaints of suspected Internet crimes amounting to more than $12.5 billion nationwide. Complaints were up around 10% from 2022, while losses were up just over 20%. Both numbers are significant jumps, but it’s not clear if that is due to better recording or just increased crime.
Only two of the top five causes of Internet crime increased from 2022. Tech Support and impersonation was up 15% to 37,560 reports. Extortion also rose by roughly 23% to 48,223. The most reported crime was phishing, which showed a negligible decline to 298,878 reports. The other two causes were non-payment/non-delivery (50,523) and personal data breach (55,851).
The biggest cause of losses was investment scams, with over $4.57 billion lost, an increase of 38%. That number will surprise many who might think that ransomware would be the biggest hit. in fact, only $59.6 million was reported lost to ransomware, raising the question of how underreported this crime is.
The age group most likely to report a crime and which lost the most was 60+. Collectively, they lost $3.4 billion. The least affected were those under 20, who lost just $40.7. Of course, they had the least to lose, and it is questionable as to how heavily they were targeted.
California residents lost the most, $2,159.5 billion, with Texas ($1,021 billion) and Florida ($874.7 million) the closest.
Noname Security
In a blog post, Stas Neyman, Senior Director of Product Marketing at Noname Security, detailed its latest platform update, 3.28. The Noname Security 3.28 release supports policies to restrict API access based on IP addresses, a new method to discover and identify GraphQL APIs, and enhancements to Active Testing role-based access control.
Incident policies can now be created automatically when API traffic anomalies are detected. This will allow customers to harden access to their APIs to registered IP addresses from customers and partners.
The most interesting news is the role-based access control enhancements inside Active Testing. It enforces the principle of least privilege rather than allowing them to be managed separately. It will reduce the risk of the wrong permissions being used during testing.
ThreatQuotient
ThreatQuotient has partnered with the Electricity Information Sharing and Analysis Center as a member of its Vendor Affiliate Program. It will see ThreatQuotient contribute its expertise to E-ISAC to support the defense of North America’s electricity grid against cyber attacks.
E-ISAC is a community of electricity asset owners, operators, and select partners committed to reducing the risk of cyber and physical security threats to the industry across North America by providing unique insights, leadership, and collaboration.
John Czupak, CEO at ThreatQuotient, commented, “We are honored to join the E-ISAC vendor affiliate program and contribute to building collective cyber resilience across the industry. Information-sharing is an essential element of building a robust, collective cyber defense program and central to our ethos at ThreatQuotient.
“E-ISAC provides an excellent forum for raising awareness of critical vulnerabilities, emerging threats, and supply chain risks, allowing organizations to make informed decisions, take action, and build operational resilience.”