With RSA taking place this week, vendors spent last week drumming up business by positioning their announcements ahead of the crowds arriving. Lots of new products and partnerships were announced with, as expected, a significant focus on using AI for cybersecurity.
In other news, DigiCert announced World Quantum Readiness Day on 26th September 2024. It wants to raise awareness of the need to rethink security architectures as quantum computing gets closer to general availability. Cyera announced that it has expanded its products from cloud back to on-premises environments.
Veeam has acquired Coveware as it looks to expand its ransomware tooling. It also plans to let Coveware continue under its own brand rather than rename the products. At Appian World, Michael Beckley, CTO and co-founder, talked with Enterprise Times about the need for trusted data in creating LLMs. Interestingly, he also discussed how Appian prevents data leakage through its data fabric.
FBI
A Nigerian national has been convicted of a business email compromise scheme. Okechuckwu Valentine Osuji, 39, and his co-conspirators, targeted companies in the United States and other countries. In addition to defrauding companies of monies, they also used a group of “money mules” to cash out the stolen funds. Over $6.3 million was stolen.
The jury convicted Osuji of conspiracy to commit wire fraud, wire fraud, and aggravated identity theft. The charge of identity theft carries a mandatory minimum sentence of two years. The rest of the charges carry a maximum of 60 years in jail. What is not clear is how much of the stolen funds have been recovered or what restitution order will be made.
Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division, said, “Osuji led a network of scammers in Malaysia and elsewhere in a sophisticated business email compromise scheme to defraud victims of millions of dollars.
“Today’s conviction is another example of how the department’s collaboration with international law enforcement partners enables us to bring cybercriminals to justice in the United States.”
In a separate case, an IT consultant, Vincent Cannady, has been charged with attempting to extort an IT company out of $1.5 million. He has been charged under the Hobbs Act, which carries a maximum sentence of 20 years in prison.
Cannady was hired as a contractor to assess and remediate potential vulnerabilities in the victim’s systems. He was terminated after a year in the role, but using retained credentials, he logged in and stole sensitive information. The threat to release the documents was accompanied by a promise that he would destroy all the documents and sign a gag order. He also sought protection from prosecution.
National Cyber Security Centre
The UK NCSC has issued a warning over the evolving threat from Russian state-aligned actors targeting critical infrastructure. It reports that attacks have been observed across North America and Europe. The targets are vulnerable small-scale industrial control systems (ICS).
Typical attacks include DDoS, website defacement and the spread of misinformation. All of these will have reputational risks to affected companies.
The NCSC says, “Without external assistance, we consider it unlikely that these groups have the capability to deliberately cause a destructive, rather than disruptive, impact in the short term. But they may become more effective over time, and so the NCSC is recommending that organisations act now to manage the risk against successful future attacks.”
NOYB
NOYB has filed a complaint against OpenAI with the Austrian DPA. The complaint relates to misinformation about individuals delivered by ChatGPT. NOYB points out that “the GDPR requires that information about individuals is accurate and that they have full access to the information stored, as well as information about the source.”
NOYB continues, “OpenAI openly admits that it is unable to correct incorrect information on ChatGPT. Furthermore, the company cannot say where the data comes from or what data ChatGPT stores about individual people.”
In its announcement of the complaint, NOYB says that the European Data Protection Board (EDPB) has set up a task force on ChatGPT. It will be interesting to see what recommendations it comes up with. It will also be interesting to see how this impacts the recent EU AI act
Protegrity
Protegrity launched the Protegrity Borderless Data Solution. Its goal, according to the announcement, “is to enable easy, secure and compliant cross-border data flows for large global enterprises.”
Paul Mountford, CEO at Protegrity said, “Cross-border data flows are the cornerstone of our rapidly digitizing global economy. Data localization requirements, however well intended, put global innovation – which brings benefits to people everywhere – at risk.
“Protegrity’s Borderless Data Solution helps enterprises put their cloud strategies back on track, expedite their growth plans, and turn privacy from an inhibitor into a business accelerator.”
Protegrity also released its State of Data Security Optimisation and Monetisation report (registration required). The report addresses three key problem trends when it comes to data.
- The exploding costs and complexity of compliance
- Businesses are struggling to keep up with the pace of innovation because data to power new technologies like AI is sensitive
- Organisations see the innovation and profit opportunity in sensitive data but struggle to capitalise on this cost-effectively without more sophisticated and usable data monetisation strategies
The report itself is short and to the point. Many readers, however, will be more interested in the survey findings attached to the report. For example, 43.5% of respondents claimed a 5-10% profit margin from better use of data. However, only 58% of UK companies and 51% of US companies have robust data controls.
The surprise result from the report is that virtually every respondent said that their sensitive data is classified. Getting at it, now that’s a more complex process with lots of delays
Qualys
Qualys, Inc has announced the launch of its Managed Security Services Partner (MSSP) Portal. This is an extension of its current partner program. It gives global MSSP partners access to a unified platform that will give MSSPs a holistic view of their customers’ accounts, licences and opportunities.
IDC says that the global market for MSSPs is expected to reach $68.3 billion in 2028. Qualys wants its partners to be best placed to manage opportunities and improve operating margins.
Barb Huelskamp, senior vice president, global channels and alliances at Qualys. “The new MSSP portal is a major step forward allowing partners to address current client demands and scale operations to meet future challenges while ensuring optimum security and risk reduction for clients.”
US Department of Justice
Yaroslav Vasinskyi, also known as Rabotnik, 24, a Ukrainian national has been sentenced to 13 years and seven months in prison for being a Sodinokibi/REvil affiliate. He has also been ordered to pay over $16 million in restitution for his role in conducting over 2,500 ransomware attacks and demanding over $700 million in ransom payments.
pay over $16 million in restitution for his role in conducting over 2,500 ransomware attacks and demanding over $700 million in ransom payments.
Deputy Attorney General Lisa Monaco said, “Deploying the REvil ransomware variant, the defendant reached out across the globe to demand hundreds of millions of dollars from U.S. victims. But this case shows the Justice Department’s reach is also global—working with our international partners, we are bringing to justice those who target U.S. victims, and we are disrupting the broader cybercrime ecosystem.”