Skip to content

Posts from the ‘Louis Columbus’ blog’ Category

The Best Tech Companies For Remote Jobs In 2020 According To Glassdoor

The Best Tech Companies For Remote Jobs In 2020 According To Glassdoor

  • Modern Tribe, CloudBeds, Dataiku, PartnerCentric, GitLab, Hotjar, HubSpot, PowerToFly, Close.io, Fuse, Databricks, eightfold.ai, Fortinet, and SAP are most likely to be recommended by 93% or more of the employees who work for these companies in 2020.
  • Between LinkedIn, Glassdoor, and Indeed there are over 12,000 open remote-based software technical professional jobs available today. Companies with open positions on these sites include Aha!, AutoDesk, Calix, Cardinal Financial,  Chef Software, CoreLogic, Couchbase, Medidata Solutions, OutSystems, Qlik,  RedHat,  Riverbend, Salesforce, ServiceNow, Ultimate Software and many others.
  • Working Nomads has 10,127 open remote-based developer jobs listed, along with over 1,800 in tech marketing, 1,700 in management, and just over 1,000 in tech sales.

These and many other insights are from a comparison of the leading tech companies who offer remote, work-from-home job positions today and their Glassdoor scores. Tech companies with open remote positions are compared on two Glassdoor scores of the (%) of employees who would recommend this company to a friend and (%) of employees who approve of the CEO. Of the many companies include in the comparison, PowerToFly and GitLab stand out as exceptional in their ability to create strong virtual organizations. They’re defining the future of work today.

PowerToFly was launched by Milena Berry and Katharine Zaleski in 2014 to connect Fortune 500 companies and fast-growing startups with women who are looking to work for companies that value gender diversity and inclusion. PowerToFly is building the platform to propel diversity recruiting and hiring. PowerToFly’s job search engine currently has 994 open remote positions. Founders Milena Berry and Katharine Zaleski have created an excellent remote-based culture where 95% of employees would recommend working there to a friend, and 94% approve of them as CEOs.

GitLab has team members located in more than 65 countries around the world and provides a Guide to Remote Work. GitLab has over 100 open remote locations open, and you can find them here. Open positions are in Engineering, Marketing, Sales, Quality, Security, UX, and several other areas. GitLab knows how to excel at creating and growing a remote-based culture, reflected in 97% of employees willing to recommend the company to a friend and their CEO Sid Sijbrandij having a 97% approval rating based on 125 ratings. GitLab is one of several remote-only software companies defining the future of work.

The best tech companies for remote jobs in 2020 table is shown below. You can download the original Excel data set here. If the image below is not viewable in your browser, you can see the image here.

Where To Find Remote Tech Jobs Today

Originally posted on Forbes here. 

 

How Absolute Protects Patient Data At Apria Healthcare

How Absolute Protects Patient Data At Apria Healthcare

Bottom Line: Healthcare providers need to adopt more persistent, resilient endpoint cybersecurity to thwart cybercriminals who are escalating their efforts to steal healthcare records. Motivated by up to $1,000 being offered on the Dark Web for healthcare records, cybercriminals are prioritizing healthcare breaches for financial gain.

Endpoint Resilience Is the Cornerstone of Apria Healthcare’s Cybersecurity Strategy

Healthcare providers are a favorite target for cybercriminals, and their popularity is growing. In the first eight weeks of 2020, the U.S. Department of Health and Human Services received 66 reports of breaches affecting 500 patient records or more at healthcare providers and health plans. The Health & Human Services Breach Portal, which contains a list of all cases under investigation today, reflects the severity of healthcare providers’ cybersecurity crisis and the urgent need for a strong, resilient system to protect patient information. Apria Healthcare is well aware of these threats and has taken an innovative, insightful approach to thwart them.

Apria Healthcare’s cybersecurity strategy focuses heavily on deterrence at the endpoint and device level, an approach that has proven effective in mitigating breaches globally. The company is a recognized leader in healthcare, serving nearly 2M patients annually across 300 locations in 49 states. They have more than 8,000 laptops, desktops and tablets, many of which regularly leave the organization. Apria needed a way to deliver zero-touch IT asset management, provide self-healing endpoint security, and employ always-on data visibility and protection whether an asset was on or off their corporate network. They turned to Absolute and the company’s patented Persistence technology.

“Persistence [located] in the BIOS is the number one item that I think really sets Absolute apart from other companies touting that they can do asset tracking better,” said Janet Hunt, Senior Director, IT User Support at Apria Healthcare. “The other vendors really can’t, they don’t have that piece – that persistent piece is so important to me. I always am looking for opportunities to use different technologies as they come up, and I haven’t found anything that’s as good as Absolute. Nothing can compare.”

Absolute’s Persistence technology, the foundation of the company’s Resilience solution, enables a self-healing, unbreakable two-way connection to endpoints, applications, and data. It provides an adaptive layer of defense by notifying IT of where devices are and when security applications are removed or corrupt, and triggering automatic reinstallation. Because Absolute is already embedded in the BIOS of Dell, HP, Lenovo, and 22 other leading manufacturers’ devices, it provides Apria with the single source of truth needed to protect personal data and help achieve HIPAA compliance.

Turning HIPAA Compliance into A Competitive Advantage  

Apria quickly established a leadership position in the healthcare industry by setting and maintaining stringent requirements needed to achieve HIPAA compliance across its patient data platform. Leveraging Absolute’s Resilience solution and Persistence technology, Apria differentiated itself from its competitors and reduced the risk they would ever see fines for HIPAA non-compliance. And with HIPAA fines ranging from $25,000 to $15.M per year, Apria’s prescient decision to turn compliance into a competitive advantage was an excellent one because it put patients’ welfare and data security first, above all other IT priorities.

Achieving Greater Device Control & Visibility Is Key 

Absolute’s dashboard provides Apria with both a snapshot of the status of all devices, updated every 15 minutes, as well as a complete device history that enables security managers to see and report on encryption, geolocation, and usage.

“Our geo-fencing is extremely tight. I have PCs that live in the Philippines. I have PCs that live in India. I have one, or actually two, PCs that live in Indonesia. If somebody goes from where they say that they’re going to be to another part of Indonesia, that device will freeze because that’s not where it’s supposed to be, and that’s an automatic thing. Don’t ask forgiveness, don’t ask questions, freeze the device, and see what happens. It’s one of the best things we’ve done for ourselves,” Janet Hunt recently said during a recent during a recent panel discussion. Geofencing is a must-have in any persistent endpoint security strategy.

“[With Absolute] I have a complete history of each device, which makes it really easy for me to say not only whether it is encrypted now, but also what its status was a week ago, or two weeks ago, or two months ago,” said Dave Ochoa, Manager, Information Security Operations at Apria Healthcare. “So, you get this lovely little package that you can hand off to your auditor and say, ‘Not an issue.’ You know that this is not an incident, this is not a breach.”

Endpoint Security’s Network Effect Is Accelerating

Apria Healthcare’s decision to protect its 8,000 laptops, desktops, and tablets using Absolute’s Resilience endpoint solution is a leading indicator of the Network Effect happening with endpoint security today. A sure sign the Network Effect is taking place is how demand is growing for more endpoint security agents and applications. Absolute is seeing this Network Effect globally and has been steadily adding integrations with more than 30 endpoint security agents and applications – most recently adding support for the market-leading security solution VMware® Carbon Black.

“The average enterprise today has already spent thousands, if not millions, of dollars on security controls and applications, and that total security investment only continues to rise in the face of escalating risk,” said Christy Wyatt, CEO of Absolute. “However, the vast number of controls and agents being invested in and subsequently piled onto the endpoint can introduce a false sense of security; those controls are only effective if they are present and actually running. A foundation of Resilience enables IT and security teams to understand the current state of their assets, understand if the security controls have been compromised, and heal those that have been taken offline.”

Conclusion

In the face of increasingly sophisticated attackers and vectors, organizations continue to layer on security controls. Gartner estimates that more than $174B will be spent on security by 2022, and of that, approximately $50B will be dedicated to protecting the endpoint. Absolute’s 2019 Endpoint Security Trends Report revealed that organizations have an average of 10 distinct agents layered onto endpoint devices, all competing with one another for device services and resources. The resulting complexity not only negatively impacts endpoint performance but creates an environment ripe for collision and decay. This, along with humans tampering with or removing security controls, means that even the most well-functioning endpoint agents have a high probability of failure.

All of this has IT and security administrators grappling with increasing complexity and risk levels, while also facing mounting pressure to ensure endpoint controls maintain integrity, availability, and functionality at all times, and deliver their intended value. And so, organizations need complete visibility and real-time insights to pinpoint the dark endpoints, identify what’s broken and where gaps exist, as well as respond and take action quickly.

Absolute’s Resilience offering empowers organizations to build an enterprise security approach that is intelligent, adaptive, and self-healing. Rather than perpetuating a false sense of security, Absolute provides a single source of truth and the diamond image of resilience for endpoints as Apria Healthcare’s cybersecurity strategy and results indicate.

 

 

 

 

COVID-19’s Impact On Tech Spending This Year

COVID-19's Impact On Tech Spending This Year

The human tragedy the COVID-19 pandemic has inflicted on the world is incalculable and continues to grow. Every human life is priceless and deserves the care needed to sustain it. COVID-19 is also impacting entire industries, causing them to randomly gyrate in unpredictable ways, directly impacting IT and tech spending.

COVID-19’s Impact On Industries

Computer Economics in collaboration with their parent company Avasant published their Coronavirus Impact Index by Industry that looks at how COVID-19 is affecting 11 major industry sectors in four dimensions: personnel, operations, supply chain, and revenue. Please see the Coronavirus Impact Index by Industry by Tom Dunlap, Dave Wagner, and Frank Scavo of Computer Economics for additional information and analysis.  The resulting index is an overall rating of the impact of the pandemic on each industry and is shown below:

Computer Economics and Avasant predict major disruption to High Tech & Telecommunications based on the industry’s heavy reliance on Chinese supply chains, which were severely impacted by COVID-19. Based on conversations with U.S.-based high tech manufacturers, I’ve learned that a few are struggling to make deliveries to leading department stores and discount chains due to parts shortages and allocations from their Chinese suppliers. North American electronics suppliers aren’t an option due to their prices being higher than their Chinese competitors. Leading department stores and discount chains openly encourage high tech device manufacturers to compete with each other on supplier availability and delivery date performance.

In contrast to the parts shortage and unpredictability of supply chains dragging down the industry, software is a growth catalyst. The study notes that Zoom, Slack, GoToMyPC, Zoho Remotely, Microsoft Office365, Atlassian, and others are already seeing increased demand as companies increase their remote-working capabilities.

COVID-19’s Impact On IT Spending  

Further supporting the Coronavirus Impact Index by Industry analysis, Andrew Bartels, VP & Principal Analyst at Forrester, published his latest forecast of tech growth today in the post, The Odds of a Tech Market Decline In 2020 Have Just Gone Up To 50%.

Mr. Bartels is referencing the market forecasts shown in the following forecast published last month, New Forrester Forecast Shows That Global Tech Market Growth Will Slip To 3% In 2020 And 2021 and shown below:

Key insights from Forrester’s latest IT spending forecast and predictions are shown below:

  • Forrester is revising its tech forecast downward, predicting the US and global tech market growth slowing to around 2% in 2020. Mr. Bartels mentions that this assumes the US and other major economies have declined in the first half of 2020 but manage to recover in the second half.
  • If a full-fledged recession hits, there is a 50% probability that US and global tech markets will decline by 2% or more in 2020.
  • In either a second-half 2020 recovery or recession, Forrester predicts computer and communications equipment spending will be weakest, with potential declines of 5% to 10%.
  • Tech consulting and systems integration services spending will be flat in a temporary slowdown and could be down by up to 5% if firms cut back on new tech projects.
  • Software spending growth will slow to the 2% to 4% range in the best case and will post no growth in the worst case of a recession.
  • The only positive signs from the latest Forrester IT spending forecast is the continued growth in demand for cloud infrastructure services and potential increases in spending on specialized software. Forrester also predicts communications equipment, and telecom services for remote work and education as organizations encourage workers to work from home and schools move to online courses.

Conclusion

Every industry is economically hurting already from the COVID-19 pandemic. Now is the time for enterprise software providers to go the extra mile for their customers across all industries and help them recover and grow again. Strengthening customers in their time of need by freely providing remote collaboration tools, secure endpoint solutions, cloud-based storage, and CRM systems is an investment in the community that every software company needs to make it through this pandemic too.

Why Your Biometrics Are Your Best Password

Why Your Biometrics Are Your Best Password

Bottom Line: Biometrics are proving to be better than passwords because they’re easier to use, provide greater privacy and security, and are gaining standardization across a broad base of mobile, desktop, and server devices that users rely on to access online services.

In keeping with the theme of this year’s RSA Conference of Human Element, vendors offering passwordless authentication were out in force. Centrify, Entrust Datacard, HID Global, Idaptive, ImageWare, MobileIron, Thales, and many others promoted their unique approaches to passwordless authentication, leveraging the FIDO2 standard. FIDO2 is the latest set of specifications from the FIDO Alliance, an industry standards organization that provides interoperability testing and certification for servers, clients, and authenticators that meet FIDO2 specifications.

The Alliance has introduced a new Universal Server certification for servers that interoperate with all FIDO authenticator types (FIDO UAF, WebAuthn, and CTAP). The following graphic explains how the FIDO2 architecture authenticates every account requesting access to resources on a secured system:

Why Your Biometrics Are Your Best Password

The security industry has been trying to kill the password for decades. It has long been viewed as a weakness, primarily because of the human element: people continue to use weak passwords, on multiple accounts, at work, and in their personal lives. 81% of data breaches involve weak, stolen, default, or otherwise compromised credentials, according to a Verizon Data Breach Investigations Report.

Usernames and passwords (“something you know”) was the best factor of authentication available for decades yet didn’t provide enough of a barrier to hackers. Then came two-factor authentication, which added “something you have” as a second factor, such as a smartphone, key card, token, or other tangible item associated with the user.

Today everyone lives in a multi-factor authentication (MFA) world where cybersecurity technologists have added another factor: “something you are.” This is where biometrics come in, and facial recognition, fingerprint scanning, retinal scanning, and other forms of bio-identification have become normal thanks to technologies like Apple’s Touch ID and Face ID. Many people have already been using these technologies for years on their iPhones.

The reality is that these additional factors based on “something you have” or “something you are” are both much stronger than “something you know,” such as a password or PIN. Not only can the latter be easily stolen, guessed, or phished for, but authentication based on biometrics is very hard to fake or duplicate.

In short, by using the two newer factors of authentication, everyone who uses an electronic device daily is moving closer to a passwordless reality. Cybersecurity technologists are going to continue making authentication easier and more secure to improve user experiences and reduce the threat of a breach.

Privileged Admin Passwords Need To Be The First To Go  

Key lessons learned from visiting with the 30 or so vendors who claimed to support passwordless authentication include the following:

  • Centrify was the only vendor who prioritized enforcing FIDO2-based privileged administrator logins. It was also one of the few that specifically mentioned support for Apple’s Touch ID and Face ID, as well as Windows Hello, showing full support for the FIDO2 standard.
  • Windows Hello and Windows Hello for Business are table stakes in passwordless authentication, all vendors claim and can demo this capability.
  • Combining multiple forms of biometrics is proving problematic for the majority of vendors, as evidenced by the inconsistent demos on the show floor. No one could conclusively demo multiple types of biometrics for their solutions on the fly in a demo environment while at RSA. Of the many vendors claiming this capability, Centrify’s approach is the most unique in that privileged user identities are verified, satisfying a valuable pillar of its Identity-Centric PAM approach.
  • All vendors claiming FIDO2 compliance were able to demonstrate Apple’s Touch ID electronic fingerprint recognition, while Apple Face ID facial recognition product demos were hit or miss. If you are evaluating biometrics vendors who claim FIDO2 compliance be sure to stress-test facial recognition, as the demos on the show floor made it clear there’s work to do in this area.
  • Product management teams have been studying the NIST 800-53 high-assurance authentication controls standard and integrating it into their roadmaps. The 170 controls that comprise the NIST 800-53 standard are being adopted quickly across the vendors who claim passwordless authentication as a core strength in their product strategies. Using biometrics eliminates the risk of credential theft techniques and provides better alignment with the NIST 800-53 high-assurance authentication controls standard.
  • Vendors are at varying levels of maturity when it comes to being able to capitalize on the metadata biometrics provides, with a few claiming to have real-time analytics. Every vendor had a different response to how they manage the massive amount of metadata being generated by their biometrics, which all claim also to support analytics. After speaking with the vendors at RSA, analytics used to authenticate rather than just report activity is far more effective. I had a chance to talk to Dr. Torsten George, Cybersecurity Evangelist at Centrify, who said, “Centrify’s support for the FIDO2 standard is a direct result of our ongoing commitment to our customers and their requests for biometric authentication of privileged user identities. Combining our support for the FIDO2 standard with our existing multi-factor authentication and real-time analytics capabilities, we’re able to greatly reduce the risk of security breaches that might exploit weak, default, or stolen privileged credentials.”

Conclusion

RSA’s theme Human Element was prescient from the heavy emphasis on passwordless authentication at this year’s conference. FIDO2 is getting solid support across the cybersecurity vendors who chose to exhibit there, which is great for enterprises, organizations, and small businesses who need to defend themselves. Of the many vendors there, Centrify’s approach stood out based on its unique approach to authenticating privileged user identities for its Identity-Centric PAM platform.

FIDO2 ultimately makes security stronger and less disruptive because it can not only eliminate passwords but also make the user experience more seamless and less likely to be circumvented. Passwordless authentication ensures that login credentials are unique across every website, never stored on a server, and never leave the user’s device. This security model helps eliminate the risks of phishing, as well as all forms of password theft and replay attacks.

We’re closer than ever before to the elusive goal of a passwordless future.

Five Interesting Takeaways From RSA Conference 2020

Five Interesting Takeaways From RSA Conference 2020

 

Bottom Line: Passwordless authentication, endpoint security, cloud-native SIEM platforms, and new API-based data security technologies were the most interesting tech developments, while keynotes focusing on election security, industrial control systems’ vulnerabilities and the persistent threat of state-sponsored ransomware dominated panel discussion.

This year’s RSA Conference was held February 24th to 28th in San Francisco’s Moscone Center, attracting more than 36,000 attendees, 704 speakers, and 658 exhibitors unified by the theme of the Human Element in cybersecurity. The conference’s agenda is here, with many session recordings and presentation slides available for download. Before the conference, RSA published the RSAC 2020 Trend Report (PDF, 13 pp., no opt-in). RSA received 2,400 responses to their Call for Speakers and based their report on an analysis of all submissions. The ten trends in the RSAC 2020 Trend Report are based on an analysis of all papers submitted to the conference. It’s a quick read that provides a synopsis of the main themes of the excellent sessions presented at RSAC 2020.

The following are the five most interesting takeaways from the 2020 RSA Conference:

  • Endpoint security products dominated the show floor, with over 120 vendors promoting their unique solutions. There were over 50 presentations and panels on the many forms of endpoint security as well. Instead of competing for show attendees’ attention on the show floor, Absolute Software took the unique approach of completing a survey during RASC 2020. Absolute’s team was able to interview 100 respondents, with most holding the position of a manager/supervisor or C-level executive. More than three in four respondents reported their organizations are using endpoint security tools, multi-factor authentication, and employee training and education to protect data, devices, and users. You can review their survey results here.
  • The number of vendors claiming to have Zero Trust solutions grew 50% this year, from 60 in 2019 to 91 in 2020. There continues to be a lot of hype surrounding Zero Trust, with vendors having mixed results with their product and messaging strategies in this area. A good benchmark to use for evaluating vendors in the Zero Trust market is the Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q4 2019, written by Chase Cunningham and published on October 29, 2019. I’ve summarized the lessons learned in the post, What’s New on the Zero Trust Security Landscape In 2019.
  • Over 30 vendors claimed to have passwordless authentication that met the current FIDO2 standard. In keeping with the theme of this year’s RSA Conference of Human Element, vendors offering passwordless authentication were out in force. Centrify, Entrust Datacard, HID Global, Idaptive, ImageWare, MobileIron, Thales, and many others promoted their unique approaches to passwordless authentication, leveraging the FIDO2 standard. FIDO2 is the latest set of specifications from the FIDO Alliance, an industry standards organization that provides interoperability testing and certification for servers, clients, and authenticators that meet FIDO2 specifications. I’ve written a separate post just on this topic, and you can find it here, Why Your Biometrics Are Your Best Password. 
  • Cloud-based security information and event management (SIEM) systems capable of integrating with 3rd party public cloud platforms reflect the maturity nature of this market. Of the several vendors claiming to have cloud-based SIEM, Microsoft’s Azure Sentinel’s demo showed in real-time how fusion AI technology can parse large volumes of low fidelity signals into a few important incidents for SecOps teams to focus on. Microsoft said that in December 2019 alone, Azure Sentinel evaluated nearly 50 billion suspicious signals, isolating them down to just 25 high-confidence incidents for SecOps teams to investigate. The following graphic explains how Azure Sentinel Fusion works.
  • One of the most interesting startups at RSA was Nullafi, who specializes in a novel API-based data security technology that combines data aliasing, vaulting, encryption, and monitoring to create an advanced data protection platform that makes hacked data useless to hackers. What makes Nullafi noteworthy is how they’ve been able to build a data architecture that protects legacy and new infrastructures while making the original data impossible for a hacker to reverse engineer and gain access to. It desensitizes critical data so that it’s useless to hackers but still useful for an organization to keep operating, uninterrupted by a breach to your business. Nullafi is built to AWS GovCloud standards. The Nullafi SDK encrypts the data before sending it to the Nullafi API. It then re-encrypts the data within their zero-knowledge vault in the cloud (or on-premises). The result is that no sensitive data in any format is shared with Nullafi that could be used or lost, as their architecture doesn’t have visibility into what the actual data looks like. The following graphic explains their architecture:

 

What You Need To Know About Location Intelligence In 2020

What You Need To Know About Location Intelligence In 2020

  • 53% of enterprises say that Location Intelligence is either critically important or very important to achieving their goals for 2020.
  • Leading analytics and platform vendors who offer Location Intelligence include Alteryx, Microsoft, Qlik, SAS, Tableau and TIBCO Software.
  • Location Intelligence vendors providing specialized apps and platforms include CARTO, ESRI, Galigeo, MapLarge, and Pitney Bowes.
  • Product Managers need to consider how adding Location Intelligence can improve the contextual accuracy of marketing, sales, and customer service apps and platforms.
  • Marketers need to look at how they can capitalize on smartphones’ prolific amounts of location data for improving advertising, buying, and service experiences for customers.
  • R&D, Operations, and Executive Management lead all other departments in their adoption and use of Location Intelligence this year.
  • Enterprises favor cloud-based Location Intelligence deployments in 2020, with on-premise deployments also seeing new sales this year.

These and many other fascinating insights are from Dresner Advisory Services’ 2020 Location Intelligence Market Study, their 7th annual report that examines enterprise end-users’ requirements and features including geocoding support, location intelligence visualization, analytics capabilities, and third-party GIS integration. The study is noteworthy for its depth of insights into industry adoption of Location Intelligence and how user requirements drive industry capabilities. Dresner Advisory Services defines location intelligence as a form of Business Intelligence (BI), where the dominant dimension used for analysis is location or geography. Most typically, though not exclusively, analyses are conducted by viewing data points overlaid onto an interactive map interface.

“When we began covering Location Intelligence in 2014, we saw the potential for the topic to gain mainstream interest,” said Howard Dresner, founder, and chief research officer at Dresner Advisory Services. “With the growth in visualization and the emergence of the Internet of Things (IoT), incorporating maps and location into business analyses have become increasingly important to many organizations.” Please see page 11 for a description of the methodology and page 13 for an overview of study demographics. Wisdom of Crowds® research is based on data collected on usage and deployment trends, products, and vendors.

Key insights from the study that provides an excellent background on the current state of location intelligence in 2020 include the following:

  • R&D, Operations, and Executive Management lead all enterprise areas in adoption with Location Intelligence being considered critical to their ongoing operations. The majority of Marketing & Sales leaders see Location Intelligence as very important to their ongoing operations. The following graphic compares how important Location Intelligence is to each of the seven departments included in the survey:
  • 90% of Government organizations consider Location Intelligence to be critical or very important to their ongoing operations. Healthcare providers have the second-highest number of organizations who rate Location Intelligence as critical. The study found that mean importance levels are similar across Business Services, Financial Services, Manufacturing, and Consumer Services organizations and decline further among Technology, Retail/Wholesale, and Higher Education segments.
  • Data visualization/mapping dominates all other Location Intelligence use cases in 2020, with over 70% of organizations considering it critical or very important to accomplishing their goals. The study found that the majority of other use cases haven’t achieved the broad adoption data visualization & mapping has. Despite the lower levels of criticality assigned to the nine other use cases, they each show the potential to streamline essential marketing, sales, and operational areas of an enterprise. Site planning/site selection, geomarketing, territory management/optimization, and logistics optimization make up a tier of secondary interest that taken together streamlines supply chains while making an organization easier to buy from. The Dresner research team also defines the third tier of use cases led by fleet routing and citizen services, followed by IoT & smart cities, indoor mapping, and real estate investment/pricing analysis. Despite IoT being over-promoted by vendors, just over 50% of enterprises say the technology is not important to them at this time. The following graphic compares Location Intelligence use cases by the level of criticality as defined by responding organizations:
  • R&D leads all departments in data visualization/mapping adoption, reflecting the high level of importance this use case has across entire enterprises as well. Additional departments and functional areas relying on data visualization/mapping include Operations, Business Intelligence Competency Center (BICC), and Executive Management. Geomarketing is seeing the most significant adoption in Marketing & Sales. Operations lead all other functional areas in the adoption of logistics optimization and fleet routing use cases. Dresner’s research team found that R&D’s interest in Location Intelligence, which varies across use cases, may reflect the use of packaged applications as well as select custom development.
  • Map-based visualization, dashboard inclusion of maps, and drill-down navigation through map interfaces are the three highest priority features enterprises look for today. These three features are considered very important to between 64% to 67% of leaders interviewed. Layered visualizations, multi-layer support, and custom region definition are the next most important features. The following graphic provides an overview of prioritized Location intelligence visualization features.
  • Executive Management, BICC, and Operations have the highest level of interest in map-based visualizations that further accelerate the adoption of Location Intelligence across enterprises. Executive Management also leads all others in their interest in dashboard inclusion of maps and custom map support. Executive Management’s increasing adoption of multiple Location intelligence use cases is a catalyst driving greater enterprise-wide adoption. R&D’s prioritizing the layering of visualizations on top of maps, offline mapping and animation of data on maps are leading indicators of these use cases attaining greater enterprise adoption in future years.
  • Four of the top ten Location Intelligence features are considered very important/critical to enterprises, reflecting a maturing market. The most popular (counting, quantifying, or grouping) is critical or very important to 46% of organizations and at least important to nearly 70%. Another indicator of how quickly Location Intelligence is maturing in enterprises is the advanced nature of analytics features being relied on today. Predicting trends and volatility, detecting clusters and outliers, and measuring distances reflect how multiple departments in enterprises are collaborating using Location Intelligence to achieve their shared goals.
  • Government dominates the use of data visualization/mapping with a strong interest in site planning/site selection, citizen services, fleet routing, and territory management. Business Services are most interested in using Location Intelligence for Indoor Mapping and IoT & Smart Cities. Geomarketing is the most adopted feature in Higher Education, Financial Services, Healthcare, and Retail/Wholesale. Manufacturing and Retail/Wholesale lead all other industries in their adoption of Logistics Optimization. The following graphic provides insights into Location Intelligence use case by industry:
  • Executive Management and Business Intelligence Competency Centers (BICC) most prioritize Location Intelligence applications that have built-in or native geocoding. Enterprises are looking at how built-in or native geocoding can scale across their Location Intelligence use cases and broader BI strategy with Executive Management taking the lead on achieving this goal. Automated geocoding support and street-level geocoding support are also a high priority to Executive Management. Marketing/Sales lead all other departments in their interest in geofencing/reverse geofencing, indicating enterprises are beginning to use these geocoding features to achieve greater accuracy in their marketing and selling strategies. It’s interesting to note that geofencing/reverse geofencing has progressed from R&D in previous studies to Marketing/Sales putting the highest priority on it today. Dresner’s research team interprets the shift to customer-facing strategies being an indicator of broader enterprise adoption for geofencing/reverse geofencing.
  • 61% of organizations say Google integration is essential to their Location Intelligence strategies. Google continues to dominate organizations’ roadmaps as the integration of choice for adding more GIS data to Location Intelligence strategies. ESRI is the second choice with 45% of organizations naming it as an integration requirement. Database extensions (30%) are the next most cited, followed by OpenStreetMap (20%). All other choices are requirements at less than 20% of organizations.

How To Redefine The Future Of Fraud Prevention

How To Redefine The Future Of Fraud Prevention

Bottom Line: Redefining the future of fraud prevention starts by turning trust into an accelerator across every aspect of customer lifecycles, basing transactions on identity trust that leads to less friction and improved customer experiences.

Start By Turning Trust Into A Sales & Customer Experience Accelerator

AI and machine learning are proving to be very effective at finding anomalies in transactions and scoring, which are potentially the most fraudulent. Any suspicious transaction attempt leads to more work for buying customers to prove they are trustworthy. For banks, e-commerce sites, financial institutes, restaurants, retailers and many other online businesses, this regularly causes them to lose customers when a legitimate purchase is being made, and trusted customer is asked to verify their identity. Or worse, a false positive that turns away a good customer all together damages both that experience and brand reputation.

There’s a better way to solve the dilemma of deciding which transactions to accept or not. And it needs to start with finding a new way to establish identity trust so businesses can deliver better user experiences. Kount’s approach of using their Real-Time Identity Trust Network to calculate Identity Trust Levels in milliseconds reduces friction, blocks fraud, and delivers an improved user experience. Kount is capitalizing on their database that includes more than a decade of trust and fraud signals built across industries, geographies, and 32 billion annual interactions, combined with expertise in AI and machine learning to turn trust into a sales and customer experience multiplier.

How Real-Time AI Linking Leads To Real-Time Identity Trust Decisions

Design In Identity Trust So It’s The Foundation of Customer Experience

From an engineering and product design standpoint, the majority of fraud prevention providers are looking to make incremental gains in risk scoring to improve customer experiences. None, with the exception of Kount, are looking at the problem from a completely different perspective, which is how to quantify and scale identity trust. Kount’s engineering, product development, and product management teams are concentrating on how to use their AI and machine learning expertise to quantify real-time identity trust scores that drive better customer experiences across the spectrum of trust. The graphic below illustrates how Kount defines more personalized user experiences, which is indispensable in turning trust into an accelerator.

An Overview of Kount’s Technology Stack

How To Redefine The Future Of Fraud Prevention

Realize Trust Is the Most Powerful Revenue Multiplier There Is

Based on my conversations with several fraud prevention providers, they all agree that trust is the most powerful accelerator there is to reducing false positives, friction in transactions, and improving customer experiences. They all agree trust is the most powerful revenue multiplier they can deliver to their customers, helping them reduce fraud and increase sales. The challenge they all face is quantifying identity trust across the wide spectrum of transactions their customers need to fulfill every day.

Kount has taken a unique approach to identity trust that puts the customer at the center of the transactions, not just their transactions’ risk score. By capitalizing on the insights gained from their Identity Trust Global Network, Kount can use AI and machine learning algorithms to deliver personalized responses to transaction requests in milliseconds. Using both unsupervised and supervised machine learning algorithms and techniques, Kount can learn from every customer interaction, gaining new insights into how to fine-tune identity trust for every customer’s transaction.

In choosing to go in the direction of identity trust in its product strategy, Kount put user experiences at the core of their platform strategy. By combining adaptive fraud protection, personalized user experience, and advanced analytics, Kount can create a continuously learning system with the goal of fine-tuning identity trust for every transaction their customers receive. The following graphic explains their approach for bringing identity trust into the center of their platform:

Putting Customers & Their Experiences First Is Integral To Succeeding With Identity Trust

How To Redefine The Future Of Fraud Prevention

 

Improving customer experiences needs to be the cornerstone that drives all fraud prevention product and services road maps in 2020 and beyond. And while all fraud prevention providers are looking at how to reduce friction and improve customer experiences with fraud scoring AI-based techniques, their architectures and approaches aren’t going in the direction of identity trust. Kount’s approach is, and it’s noteworthy because it puts customer experiences at the center of their platform. How to redefine the future of fraud prevention needs to start by turning trust into a sales and customer experience accelerator, followed by designing in identity trust. Hence, it’s the foundation of all customer experiences. By combining the power of networked data and adaptive AI and machine learning, more digital businesses can turn trust into a revenue and customer experience multiplier.

Top 10 Cybersecurity Companies To Watch In 2020

Worldwide spending on information security and risk management systems will reach $131B in 2020, increasing to $174B in 2022 approximately $50B will be dedicated to protecting the endpoint according to Gartner’s latest Information Security and Risk Management forecast. Cloud Security platform and application sales are predicted to grow from $636M in 2020 to $1.63B in 2023, attaining a 36.8% Compound Annual Growth Rate (CAGR) and leading all categories of Information & Security Risk Management systems. Application Security is forecast to grow from $3.4B in 2020 to $4.5B in 2023, attaining a 9.7% CAGR. Security Services is projected to be a $66.9B market this year, increasing from $62B in 2019. AI, Machine Learning And The Race To Improve Cybersecurity The majority of Information Security teams’ cybersecurity analysts are overwhelmed today analyzing security logs, thwarting breach attempts, investigating potential fraud incidents and more. 69% of senior executives believe AI and machine learning are necessary to respond to cyberattacks according to the Capgemini study, Reinventing Cybersecurity with Artificial Intelligence. The following graphic compares the percentage of organizations by industry who are relying on AI to improve their cybersecurity. 80% of telecommunications executives believe their organization would not be able to respond to cyberattacks without AI, with the average being 69% of all enterprises across seven industries. Top 10 Cybersecurity Companies To Watch In 2020 STATISTA The bottom line is all organizations have an urgent need to improve endpoint security and resilience, protect privileged access credentials, reduce fraudulent transactions, and secure every mobile device applying Zero Trust principles. Many are relying on AI and machine learning to determine if login and resource requests are legitimate or not based on past behavioral and system use patterns. Several of the top ten companies to watch take into account a diverse series of indicators to determine if a login attempt, transaction, or system resource request is legitimate or not. They’re able to assign a single score to a specific event and predict if it’s legitimate or not. Kount’s Omniscore is an example of how AI and ML are providing fraud analysts with insights needed to reduce false positives and improve customer buying experiences while thwarting fraud. The following are the top ten cybersecurity companies to watch in 2020: Absolute – Absolute serves as the industry benchmark for endpoint resilience, visibility and control. Embedded in over a half-billion devices, the company enables more than 12,000 customers with self-healing endpoint security, always-connected visibility into their devices, data, users, and applications – whether endpoints are on or off the corporate network – and the ultimate level of control and confidence required for the modern enterprise. To thwart attackers, organizations continue to layer on security controls — Gartner estimates that more than $174B will be spent on security by 2022, and of that approximately $50B will be dedicated protecting the endpoint. Absolute’s Endpoint Security Trends Report finds that in spite of the astronomical investments being made, 100 percent of endpoint controls eventually fail and more than one in three endpoints are unprotected at any given time. All of this has IT and security administrators grappling with increasing complexity and risk levels, while also facing mounting pressure to ensure endpoint controls maintain integrity, availability and functionality at all times, and deliver their intended value. Organizations need complete visibility and real-time insights in order to pinpoint the dark endpoints, identify what’s broken and where gaps exist, as well as respond and take action quickly. Absolute mitigates this universal law of security decay and empowers organizations to build an enterprise security approach that is intelligent, adaptive and self-healing. Rather than perpetuating a false sense of security, Absolute provides a single source of truth and the diamond image of resilience for endpoints. Centrify - Centrify is redefining the legacy approach to Privileged Access Management (PAM) with an Identity-Centric approach based on Zero Trust principles. Centrify’s 15-year history began in Active Directory (AD) bridging, and it was the first vendor to join UNIX and Linux systems with Active Directory, allowing for easy management of privileged identities across a heterogeneous environment. It then extended these capabilities to systems being hosted in IaaS environments like AWS and Microsoft Azure, and offered the industry’s first PAM-as-a-Service, which continues to be the only offering in the market with a true multi-tenant, cloud architecture. Applying its deep expertise in infrastructure allowed Centrify to redefine the legacy approach to PAM and introduce a server’s capability to self-defend against cyber threats across the ever-expanding modern enterprise infrastructure. Centrify Identity-Centric PAM establishes a root of trust for critical enterprise resources, and then grants least privilege access by verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, Centrify minimizes the attack surface, improves audit and compliance visibility, and reduces risk, complexity, and costs for the modern, hybrid enterprise. Over half of the Fortune 100, the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies, all trust Centrify to stop the leading cause of breaches – privileged credential abuse. Research firm Gartner predicts that by 2021, approximately 75% of large enterprises will utilize privileged access management products, up from approximately 50% in 2018 in their Forecast Analysis: Information Security and Risk Management, Worldwide, 4Q18 Update published March 29, 2019 (client access reqd). This is not surprising, considering that according to an estimate by Forrester Research, 80% of today’s breaches are caused by weak, default, stolen, or otherwise compromised privileged credentials. Deep Instinct – Deep Instinct applies artificial intelligence’s deep learning to cybersecurity. Leveraging deep learning’s predictive capabilities, Deep Instinct’s on-device solution protects against zero-day threats and APT attacks with unmatched accuracy. Deep Instinct safeguards the enterprise’s endpoints and/or any mobile devices against any threat, on any infrastructure, whether or not connected to the network or to the Internet. By applying deep learning technology to cybersecurity, enterprises can now gain unmatched protection against unknown and evasive cyber-attacks from any source. Deep Instinct brings a completely new approach to cybersecurity enabling cyber-attacks to be identified and blocked in real-time before any harm can occur. Deep Instinct USA is headquartered in San Francisco, CA and Deep Instinct Israel is headquartered in Tel Aviv, Israel. Infoblox - Infoblox empowers organizations to bring next-level simplicity, security, reliability and automation to traditional networks and digital transformations, such as SD-WAN, hybrid cloud and IoT. Combining next-level simplicity, security, reliability and automation, Infoblox is able to cut manual tasks by 70% and make organizations’ threat analysts 3x more productive. While their history is in DDI devices, they are succeeding in providing DDI and network security services on an as-a-service (-aaS) basis. Their BloxOne DDI application, built on their BloxOne cloud-native platform, helps enable IT, professionals, to manage their networks whether they're based on on-prem, cloud-based, or hybrid architectures. BloxOne Threat Defense application leverages the data provided by DDI to monitor network traffic, proactively identify threats, and quickly inform security systems and network managers of breaches, working with the existing security stack to identify and mitigate security threats quickly, automatically, and more efficiently. The BloxOne platform provides a secure, integrated platform for centralizing the management of identity data and services across the network. A recognized industry leader, Infoblox has a 52% market share in the DDI networking market comprised of 8,000 customers, including 59% of the Fortune 1000 and 58% of the Forbes 2000. Kount – Kount’s award-winning, AI-driven fraud prevention empowers digital businesses, online merchants, and payment service providers around the world to protect against payments fraud, new account creation fraud, and account takeover. With Kount, businesses approve more good orders, uncover new revenue streams, improve customer experience and dramatically improve their bottom line all while minimizing fraud management cost and losses. Through Kount’s global network and proprietary technologies in AI and machine learning, combined with flexible policy management, companies frustrate online criminals and bad actors driving them away from their site, their marketplace, and off their network. Kount’s continuously adaptive platform provides certainty for businesses at every digital interaction. Kount’s advances in both proprietary techniques and patented technology include mobile fraud detection, advanced artificial intelligence, multi-layer device fingerprinting, IP proxy detection and geo-location, transaction and custom scoring, global order linking, business intelligence reporting, comprehensive order management, as well as professional and managed services. Kount protects over 6,500 brands today. Mimecast – Mimecast improves the way companies manage confidential, mission-critical business communication and data. The company's mission is to reduce the risks users face from email, and support in reducing the cost and complexity of protecting users by moving the workload to the cloud. The company develops proprietary cloud architecture to deliver comprehensive email security, service continuity, and archiving in a single subscription service. Its goal is to make it easier for people to protect a business in today’s fast-changing security and risk environment. The company expanded its technology portfolio in 2019 through a pair of acquisitions, buying data migration technology provider Simply Migrate to help customers and prospects move to the cloud more quickly, reliably, and inexpensively. Mimecast also purchased email security startup DMARC Analyzer to reduce the time, effort, and cost associated with stopping domain spoofing attacks. Mimecast acquired Segasec earlier this month, a leading provider of digital threat protection. With the acquisition of Segasec, Mimecast can provide brand exploit protection, using machine learning to identify potential hackers at the earliest stages of an attack. The solution also is engineered to provide a way to actively monitor, manage, block, and take down phishing scams or impersonation attempts on the Web. MobileIron – A long-time leader in mobile management solutions, MobileIron is widely recognized by Chief Information Security Officers, CIOs and senior management teams as the de facto standard for unified endpoint management (UEM), mobile application management (MAM), BYOD security, and zero sign-on (ZSO). The company’s UEM platform is strengthened by MobileIron Threat Defense and MobileIron’s Access solution, which allows for zero sign-on authentication. Forrester observes in their latest Wave on Zero Trust eXtended Ecosystem Platform Providers, Q4 2019 that “MobileIron’s recently released authenticator, which enables passwordless authentication to cloud services, is a must for future-state Zero Trust enterprises and speaks to its innovation in this space.” The Wave also illustrates that MobileIron is the most noteworthy vendor as their approach to Zero Trust begins with the device and scales across mobile infrastructures. MobileIron’s product suite also includes a federated policy engine that enables administrators to control and better command the myriad of devices and endpoints that enterprises rely on today. Forrester sees MobileIron as having excellent integration at the platform level, a key determinant of how effective they will be in providing support to enterprises pursuing Zero Trust Security strategies in the future. One Identity – One Identity is differentiating its Identity Manager identity analytics and risk scoring capabilities with greater integration via its connected system modules. The goal of these modules is to provide customers with more flexibility in defining reports that include application-specific content. Identity Manager also has over 30 direct provisioning connectors included in the base package, with good platform coverage, including strong Microsoft and Office 365 support. Additional premium connectors are charged separately. One Identity also has a separate cloud-architected SaaS solution called One Identity Starling. One of Starling’s greatest benefits is its design that allows for it to be used not only by Identity Manager clients, but also by clients of other IGA solutions as a simplified approach to obtain SaaS-based identity analytics, risk intelligence, and cloud provisioning. One Identity and its approach is trusted by customers worldwide, where more than 7,500 organizations worldwide depend on One Identity solutions to manage more than 125 million identities, enhancing their agility and efficiency while securing access to their systems and data – on-prem, cloud, or hybrid. SECURITI.ai - SECURITI.ai is the leader in AI-Powered PrivacyOps, that helps automate all major functions needed for privacy compliance in one place. It enables enterprises to give rights to people on their data, be responsible custodians of people’s data, comply with global privacy regulations like CCPA and bolster their brands. The AI-Powered PrivacyOps platform is a full-stack solution that operationalizes and simplifies privacy compliance using robotic automation and a natural language interface. These include a Personal Data Graph Builder, Robotic Automation for Data Subject Requests, Secure Data Request Portal, Consent Lifecycle Manager, Third-Party Privacy Assessment, Third-Party Privacy Ratings, Privacy Assessment Automation and Breach Management. SECURITI.ai is also featured in the Consent Management section of Bessemer’s Data Privacy Stack shown below and available in Bessemer Venture Partner’s recent publication How data privacy engineering will prevent future data oil spills (10 pp., PDF, no opt-in). Top 10 Cybersecurity Companies To Watch In 2020 SOURCE: BESSEMER VENTURE PARTNERS, HOW DATA PRIVACY ENGINEERING WILL PREVENT FUTURE DATA OIL SPILLS , SEPTEMBER, 2019. (10 PP., PDF, NO OPT-IN). Transmit Security - The Transmit Security Platform provides a solution for managing identity across applications while maintaining security and usability. As criminal threats evolve, online authentication has become reactive and less effective. Many organizations have taken on multiple point solutions to try to stay ahead, deploying new authenticators, risk engines, and fraud tools. In the process, the customer experience has suffered. And with an increasingly complex environment, many enterprises struggle with the ability to rapidly innovate to provide customers with an omnichannel experience that enables them to stay ahead of emerging threats.

  • Worldwide spending on information security and risk management systems will reach $131B in 2020, increasing to $174B in 2022 approximately $50B will be dedicated to protecting the endpoint according to Gartner’s latest Information Security and Risk Management forecast.
  • Cloud Security platform and application sales are predicted to grow from $636M in 2020 to $1.63B in 2023, attaining a 36.8% Compound Annual Growth Rate (CAGR) and leading all categories of Information & Security Risk Management systems.
  • Application Security is forecast to grow from $3.4B in 2020 to $4.5B in 2023, attaining a 9.7% CAGR.
  • Security Services is projected to be a $66.9B market this year, increasing from $62B in 2019.

AI, Machine Learning And The Race To Improve Cybersecurity  

The majority of Information Security teams’ cybersecurity analysts are overwhelmed today analyzing security logs, thwarting breach attempts, investigating potential fraud incidents and more. 69% of senior executives believe AI and machine learning are necessary to respond to cyberattacks according to the Capgemini study, Reinventing Cybersecurity with Artificial Intelligence. The following graphic compares the percentage of organizations by industry who are relying on AI to improve their cybersecurity. 80% of telecommunications executives believe their organization would not be able to respond to cyberattacks without AI, with the average being 69% of all enterprises across seven industries.

The bottom line is all organizations have an urgent need to improve endpoint security and resilience, protect privileged access credentials, reduce fraudulent transactions, and secure every mobile device applying Zero Trust principles. Many are relying on AI and machine learning to determine if login and resource requests are legitimate or not based on past behavioral and system use patterns. Several of the top ten companies to watch take into account a diverse series of indicators to determine if a login attempt, transaction, or system resource request is legitimate or not. They’re able to assign a single score to a specific event and predict if it’s legitimate or not. Kount’s Omniscore is an example of how AI and ML are providing fraud analysts with insights needed to reduce false positives and improve customer buying experiences while thwarting fraud.

The following are the top ten cybersecurity companies to watch in 2020:

Absolute – Absolute serves as the industry benchmark for endpoint resilience, visibility and control. Embedded in over a half-billion devices, the company enables more than 12,000 customers with self-healing endpoint security, always-connected visibility into their devices, data, users, and applications – whether endpoints are on or off the corporate network – and the ultimate level of control and confidence required for the modern enterprise.

To thwart attackers, organizations continue to layer on security controls — Gartner estimates that more than $174B will be spent on security by 2022, and of that approximately $50B will be dedicated protecting the endpoint. Absolute’s Endpoint Security Trends Report finds that in spite of the astronomical investments being made, 100 percent of endpoint controls eventually fail and more than one in three endpoints are unprotected at any given time. All of this has IT and security administrators grappling with increasing complexity and risk levels, while also facing mounting pressure to ensure endpoint controls maintain integrity, availability and functionality at all times, and deliver their intended value.

Organizations need complete visibility and real-time insights in order to pinpoint the dark endpoints, identify what’s broken and where gaps exist, as well as respond and take action quickly. Absolute mitigates this universal law of security decay and empowers organizations to build an enterprise security approach that is intelligent, adaptive and self-healing. Rather than perpetuating a false sense of security, Absolute provides a single source of truth and the diamond image of resilience for endpoints.

CentrifyCentrify is redefining the legacy approach to Privileged Access Management (PAM) with an Identity-Centric approach based on Zero Trust principles. Centrify’s 15-year history began in Active Directory (AD) bridging, and it was the first vendor to join UNIX and Linux systems with Active Directory, allowing for easy management of privileged identities across a heterogeneous environment. It then extended these capabilities to systems being hosted in IaaS environments like AWS and Microsoft Azure, and offered the industry’s first PAM-as-a-Service, which continues to be the only offering in the market with a true multi-tenant, cloud architecture. Applying its deep expertise in infrastructure allowed Centrify to redefine the legacy approach to PAM and introduce a server’s capability to self-defend against cyber threats across the ever-expanding modern enterprise infrastructure.

Centrify Identity-Centric PAM establishes a root of trust for critical enterprise resources, and then grants least privilege access by verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, Centrify minimizes the attack surface, improves audit and compliance visibility, and reduces risk, complexity, and costs for the modern, hybrid enterprise. Over half of the Fortune 100, the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies, all trust Centrify to stop the leading cause of breaches – privileged credential abuse.

Research firm Gartner predicts that by 2021, approximately 75% of large enterprises will utilize privileged access management products, up from approximately 50% in 2018 in their Forecast Analysis: Information Security and Risk Management, Worldwide, 4Q18 Update published March 29, 2019 (client access reqd). This is not surprising, considering that according to an estimate by Forrester Research, 80% of today’s breaches are caused by weak, default, stolen, or otherwise compromised privileged credentials.

Deep Instinct – Deep Instinct applies artificial intelligence’s deep learning to cybersecurity. Leveraging deep learning’s predictive capabilities, Deep Instinct’s on-device solution protects against zero-day threats and APT attacks with unmatched accuracy. Deep Instinct safeguards the enterprise’s endpoints and/or any mobile devices against any threat, on any infrastructure, whether or not connected to the network or to the Internet. By applying deep learning technology to cybersecurity, enterprises can now gain unmatched protection against unknown and evasive cyber-attacks from any source. Deep Instinct brings a completely new approach to cybersecurity enabling cyber-attacks to be identified and blocked in real-time before any harm can occur. Deep Instinct USA is headquartered in San Francisco, CA and Deep Instinct Israel is headquartered in Tel Aviv, Israel.

Infoblox – Infoblox empowers organizations to bring next-level simplicity, security, reliability and automation to traditional networks and digital transformations, such as SD-WAN, hybrid cloud and IoT. Combining next-level simplicity, security, reliability, and automation, Infoblox can cut manual tasks by 70% and make organizations’ threat analysts 3x more productive.

While their history is in DDI devices, they are succeeding in providing DDI and network security services on an as-a-service (-aaS) basis. Their BloxOne DDI  application, built on their BloxOne cloud-native platform, helps enable IT professionals to manage their networks, whether they’re based on on-prem, cloud-based, or hybrid architectures.  BloxOne Threat Defense  application leverages the data provided by DDI to monitor network traffic, proactively identify threats, and quickly inform security systems and network managers of breaches, working with the existing security stack to identify and mitigate security threats quickly, automatically, and more efficiently. The BloxOne platform provides a secure, integrated platform for centralizing the management of identity data and services across the network. A recognized industry leader, Infoblox has a 52% market share in the DDI networking market comprised of 8,000 customers, including 59% of the Fortune 1000 and 58% of the Forbes 2000.

Kount – Kount’s award-winning, AI-driven fraud prevention empowers digital businesses, online merchants, and payment service providers around the world to protect against payments fraud, new account creation fraud, and account takeover. With Kount, businesses approve more good orders, uncover new revenue streams, improve customer experience, and dramatically improve their bottom line all while minimizing fraud management cost and losses. Through Kount’s global network and proprietary technologies in AI and machine learning, combined with flexible policy management, companies frustrate online criminals and bad actors driving them away from their site, their marketplace, and off their network. Kount’s continuously adaptive platform provides certainty for businesses at every digital interaction. Kount’s advances in both proprietary techniques and patented technology include mobile fraud detection, advanced artificial intelligence, multi-layer device fingerprinting, IP proxy detection and geo-location, transaction and custom scoring, global order linking, business intelligence reporting, comprehensive order management, as well as professional and managed services. Kount protects over 6,500 brands today.

MimecastMimecast improves the way companies manage confidential, mission-critical business communication and data. The company’s mission is to reduce the risks users face from email, and support in reducing the cost and complexity of protecting users by moving the workload to the cloud. The company develops proprietary cloud architecture to deliver comprehensive email security, service continuity, and archiving in a single subscription service. Its goal is to make it easier for people to protect a business in today’s fast-changing security and risk environment. The company expanded its technology portfolio in 2019 through a pair of acquisitions, buying data migration technology provider Simply Migrate to help customers and prospects move to the cloud more quickly, reliably, and inexpensively. Mimecast also purchased email security startup DMARC Analyzer to reduce the time, effort, and cost associated with stopping domain spoofing attacks. Mimecast acquired Segasec earlier this month, a leading provider of digital threat protection. With the acquisition of Segasec, Mimecast can provide brand exploit protection, using machine learning to identify potential hackers at the earliest stages of an attack. The solution also is engineered to provide a way to actively monitor, manage, block, and take down phishing scams or impersonation attempts on the Web.

MobileIron – A long-time leader in mobile management solutions, MobileIron is widely recognized by Chief Information Security Officers, CIOs and senior management teams as the de facto standard for unified endpoint management (UEM), mobile application management (MAM), BYOD security, and zero sign-on (ZSO). The company’s UEM platform is strengthened by MobileIron Threat Defense and MobileIron’s Access solution, which allows for zero sign-on authentication. Forrester observes in their latest Wave on Zero Trust eXtended Ecosystem Platform Providers, Q4 2019 that “MobileIron’s recently released authenticator, which enables passwordless authentication to cloud services, is a must for future-state Zero Trust enterprises and speaks to its innovation in this space.” The Wave also illustrates that MobileIron is the most noteworthy vendor as their approach to Zero Trust begins with the device and scales across mobile infrastructures. MobileIron’s product suite also includes a federated policy engine that enables administrators to control and better command the myriad of devices and endpoints that enterprises rely on today. Forrester sees MobileIron as having excellent integration at the platform level, a key determinant of how effective they will be in providing support to enterprises pursuing Zero Trust Security strategies in the future.

One Identity – One Identity is differentiating its Identity Manager identity analytics and risk scoring capabilities with greater integration via its connected system modules. The goal of these modules is to provide customers with more flexibility in defining reports that include application-specific content. Identity Manager also has over 30 direct provisioning connectors included in the base package, with good platform coverage, including strong Microsoft and Office 365 support. Additional premium connectors are charged separately. One Identity also has a separate cloud-architected SaaS solution called One Identity Starling. One of Starling’s greatest benefits is its design that allows for it to be used not only by Identity Manager clients, but also by clients of other IGA solutions as a simplified approach to obtain SaaS-based identity analytics, risk intelligence, and cloud provisioning. One Identity and its approach is trusted by customers worldwide, where more than 7,500 organizations worldwide depend on One Identity solutions to manage more than 125 million identities, enhancing their agility and efficiency while securing access to their systems and data – on-prem, cloud, or hybrid.

SECURITI.ai – SECURITI.ai is the leader in AI-Powered PrivacyOps, that helps automate all major functions needed for privacy compliance in one place. It enables enterprises to give rights to people on their data, be responsible custodians of people’s data, comply with global privacy regulations like CCPA, and bolster their brands.

The AI-Powered PrivacyOps platform is a full-stack solution that operationalizes and simplifies privacy compliance using robotic automation and a natural language interface. These include a Personal Data Graph Builder, Robotic Automation for Data Subject Requests, Secure Data Request Portal, Consent Lifecycle Manager, Third-Party Privacy Assessment, Third-Party Privacy Ratings, Privacy Assessment Automation and Breach Management. SECURITI.ai is also featured in the Consent Management section of Bessemer’s Data Privacy Stack shown below and available in Bessemer Venture Partner’s recent publication How data privacy engineering will prevent future data oil spills (10 pp., PDF, no opt-in).

Worldwide spending on information security and risk management systems will reach $131B in 2020, increasing to $174B in 2022 approximately $50B will be dedicated to protecting the endpoint according to Gartner’s latest Information Security and Risk Management forecast. Cloud Security platform and application sales are predicted to grow from $636M in 2020 to $1.63B in 2023, attaining a 36.8% Compound Annual Growth Rate (CAGR) and leading all categories of Information & Security Risk Management systems. Application Security is forecast to grow from $3.4B in 2020 to $4.5B in 2023, attaining a 9.7% CAGR. Security Services is projected to be a $66.9B market this year, increasing from $62B in 2019. AI, Machine Learning And The Race To Improve Cybersecurity The majority of Information Security teams’ cybersecurity analysts are overwhelmed today analyzing security logs, thwarting breach attempts, investigating potential fraud incidents and more. 69% of senior executives believe AI and machine learning are necessary to respond to cyberattacks according to the Capgemini study, Reinventing Cybersecurity with Artificial Intelligence. The following graphic compares the percentage of organizations by industry who are relying on AI to improve their cybersecurity. 80% of telecommunications executives believe their organization would not be able to respond to cyberattacks without AI, with the average being 69% of all enterprises across seven industries. Top 10 Cybersecurity Companies To Watch In 2020 STATISTA The bottom line is all organizations have an urgent need to improve endpoint security and resilience, protect privileged access credentials, reduce fraudulent transactions, and secure every mobile device applying Zero Trust principles. Many are relying on AI and machine learning to determine if login and resource requests are legitimate or not based on past behavioral and system use patterns. Several of the top ten companies to watch take into account a diverse series of indicators to determine if a login attempt, transaction, or system resource request is legitimate or not. They’re able to assign a single score to a specific event and predict if it’s legitimate or not. Kount’s Omniscore is an example of how AI and ML are providing fraud analysts with insights needed to reduce false positives and improve customer buying experiences while thwarting fraud. The following are the top ten cybersecurity companies to watch in 2020: Absolute – Absolute serves as the industry benchmark for endpoint resilience, visibility and control. Embedded in over a half-billion devices, the company enables more than 12,000 customers with self-healing endpoint security, always-connected visibility into their devices, data, users, and applications – whether endpoints are on or off the corporate network – and the ultimate level of control and confidence required for the modern enterprise. To thwart attackers, organizations continue to layer on security controls — Gartner estimates that more than $174B will be spent on security by 2022, and of that approximately $50B will be dedicated protecting the endpoint. Absolute’s Endpoint Security Trends Report finds that in spite of the astronomical investments being made, 100 percent of endpoint controls eventually fail and more than one in three endpoints are unprotected at any given time. All of this has IT and security administrators grappling with increasing complexity and risk levels, while also facing mounting pressure to ensure endpoint controls maintain integrity, availability and functionality at all times, and deliver their intended value. Organizations need complete visibility and real-time insights in order to pinpoint the dark endpoints, identify what’s broken and where gaps exist, as well as respond and take action quickly. Absolute mitigates this universal law of security decay and empowers organizations to build an enterprise security approach that is intelligent, adaptive and self-healing. Rather than perpetuating a false sense of security, Absolute provides a single source of truth and the diamond image of resilience for endpoints. Centrify - Centrify is redefining the legacy approach to Privileged Access Management (PAM) with an Identity-Centric approach based on Zero Trust principles. Centrify’s 15-year history began in Active Directory (AD) bridging, and it was the first vendor to join UNIX and Linux systems with Active Directory, allowing for easy management of privileged identities across a heterogeneous environment. It then extended these capabilities to systems being hosted in IaaS environments like AWS and Microsoft Azure, and offered the industry’s first PAM-as-a-Service, which continues to be the only offering in the market with a true multi-tenant, cloud architecture. Applying its deep expertise in infrastructure allowed Centrify to redefine the legacy approach to PAM and introduce a server’s capability to self-defend against cyber threats across the ever-expanding modern enterprise infrastructure. Centrify Identity-Centric PAM establishes a root of trust for critical enterprise resources, and then grants least privilege access by verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, Centrify minimizes the attack surface, improves audit and compliance visibility, and reduces risk, complexity, and costs for the modern, hybrid enterprise. Over half of the Fortune 100, the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies, all trust Centrify to stop the leading cause of breaches – privileged credential abuse. Research firm Gartner predicts that by 2021, approximately 75% of large enterprises will utilize privileged access management products, up from approximately 50% in 2018 in their Forecast Analysis: Information Security and Risk Management, Worldwide, 4Q18 Update published March 29, 2019 (client access reqd). This is not surprising, considering that according to an estimate by Forrester Research, 80% of today’s breaches are caused by weak, default, stolen, or otherwise compromised privileged credentials. Deep Instinct – Deep Instinct applies artificial intelligence’s deep learning to cybersecurity. Leveraging deep learning’s predictive capabilities, Deep Instinct’s on-device solution protects against zero-day threats and APT attacks with unmatched accuracy. Deep Instinct safeguards the enterprise’s endpoints and/or any mobile devices against any threat, on any infrastructure, whether or not connected to the network or to the Internet. By applying deep learning technology to cybersecurity, enterprises can now gain unmatched protection against unknown and evasive cyber-attacks from any source. Deep Instinct brings a completely new approach to cybersecurity enabling cyber-attacks to be identified and blocked in real-time before any harm can occur. Deep Instinct USA is headquartered in San Francisco, CA and Deep Instinct Israel is headquartered in Tel Aviv, Israel. Infoblox - Infoblox empowers organizations to bring next-level simplicity, security, reliability and automation to traditional networks and digital transformations, such as SD-WAN, hybrid cloud and IoT. Combining next-level simplicity, security, reliability and automation, Infoblox is able to cut manual tasks by 70% and make organizations’ threat analysts 3x more productive. While their history is in DDI devices, they are succeeding in providing DDI and network security services on an as-a-service (-aaS) basis. Their BloxOne DDI application, built on their BloxOne cloud-native platform, helps enable IT, professionals, to manage their networks whether they're based on on-prem, cloud-based, or hybrid architectures. BloxOne Threat Defense application leverages the data provided by DDI to monitor network traffic, proactively identify threats, and quickly inform security systems and network managers of breaches, working with the existing security stack to identify and mitigate security threats quickly, automatically, and more efficiently. The BloxOne platform provides a secure, integrated platform for centralizing the management of identity data and services across the network. A recognized industry leader, Infoblox has a 52% market share in the DDI networking market comprised of 8,000 customers, including 59% of the Fortune 1000 and 58% of the Forbes 2000. Kount – Kount’s award-winning, AI-driven fraud prevention empowers digital businesses, online merchants, and payment service providers around the world to protect against payments fraud, new account creation fraud, and account takeover. With Kount, businesses approve more good orders, uncover new revenue streams, improve customer experience and dramatically improve their bottom line all while minimizing fraud management cost and losses. Through Kount’s global network and proprietary technologies in AI and machine learning, combined with flexible policy management, companies frustrate online criminals and bad actors driving them away from their site, their marketplace, and off their network. Kount’s continuously adaptive platform provides certainty for businesses at every digital interaction. Kount’s advances in both proprietary techniques and patented technology include mobile fraud detection, advanced artificial intelligence, multi-layer device fingerprinting, IP proxy detection and geo-location, transaction and custom scoring, global order linking, business intelligence reporting, comprehensive order management, as well as professional and managed services. Kount protects over 6,500 brands today. Mimecast – Mimecast improves the way companies manage confidential, mission-critical business communication and data. The company's mission is to reduce the risks users face from email, and support in reducing the cost and complexity of protecting users by moving the workload to the cloud. The company develops proprietary cloud architecture to deliver comprehensive email security, service continuity, and archiving in a single subscription service. Its goal is to make it easier for people to protect a business in today’s fast-changing security and risk environment. The company expanded its technology portfolio in 2019 through a pair of acquisitions, buying data migration technology provider Simply Migrate to help customers and prospects move to the cloud more quickly, reliably, and inexpensively. Mimecast also purchased email security startup DMARC Analyzer to reduce the time, effort, and cost associated with stopping domain spoofing attacks. Mimecast acquired Segasec earlier this month, a leading provider of digital threat protection. With the acquisition of Segasec, Mimecast can provide brand exploit protection, using machine learning to identify potential hackers at the earliest stages of an attack. The solution also is engineered to provide a way to actively monitor, manage, block, and take down phishing scams or impersonation attempts on the Web. MobileIron – A long-time leader in mobile management solutions, MobileIron is widely recognized by Chief Information Security Officers, CIOs and senior management teams as the de facto standard for unified endpoint management (UEM), mobile application management (MAM), BYOD security, and zero sign-on (ZSO). The company’s UEM platform is strengthened by MobileIron Threat Defense and MobileIron’s Access solution, which allows for zero sign-on authentication. Forrester observes in their latest Wave on Zero Trust eXtended Ecosystem Platform Providers, Q4 2019 that “MobileIron’s recently released authenticator, which enables passwordless authentication to cloud services, is a must for future-state Zero Trust enterprises and speaks to its innovation in this space.” The Wave also illustrates that MobileIron is the most noteworthy vendor as their approach to Zero Trust begins with the device and scales across mobile infrastructures. MobileIron’s product suite also includes a federated policy engine that enables administrators to control and better command the myriad of devices and endpoints that enterprises rely on today. Forrester sees MobileIron as having excellent integration at the platform level, a key determinant of how effective they will be in providing support to enterprises pursuing Zero Trust Security strategies in the future. One Identity – One Identity is differentiating its Identity Manager identity analytics and risk scoring capabilities with greater integration via its connected system modules. The goal of these modules is to provide customers with more flexibility in defining reports that include application-specific content. Identity Manager also has over 30 direct provisioning connectors included in the base package, with good platform coverage, including strong Microsoft and Office 365 support. Additional premium connectors are charged separately. One Identity also has a separate cloud-architected SaaS solution called One Identity Starling. One of Starling’s greatest benefits is its design that allows for it to be used not only by Identity Manager clients, but also by clients of other IGA solutions as a simplified approach to obtain SaaS-based identity analytics, risk intelligence, and cloud provisioning. One Identity and its approach is trusted by customers worldwide, where more than 7,500 organizations worldwide depend on One Identity solutions to manage more than 125 million identities, enhancing their agility and efficiency while securing access to their systems and data – on-prem, cloud, or hybrid. SECURITI.ai - SECURITI.ai is the leader in AI-Powered PrivacyOps, that helps automate all major functions needed for privacy compliance in one place. It enables enterprises to give rights to people on their data, be responsible custodians of people’s data, comply with global privacy regulations like CCPA and bolster their brands. The AI-Powered PrivacyOps platform is a full-stack solution that operationalizes and simplifies privacy compliance using robotic automation and a natural language interface. These include a Personal Data Graph Builder, Robotic Automation for Data Subject Requests, Secure Data Request Portal, Consent Lifecycle Manager, Third-Party Privacy Assessment, Third-Party Privacy Ratings, Privacy Assessment Automation and Breach Management. SECURITI.ai is also featured in the Consent Management section of Bessemer’s Data Privacy Stack shown below and available in Bessemer Venture Partner’s recent publication How data privacy engineering will prevent future data oil spills (10 pp., PDF, no opt-in). Top 10 Cybersecurity Companies To Watch In 2020 SOURCE: BESSEMER VENTURE PARTNERS, HOW DATA PRIVACY ENGINEERING WILL PREVENT FUTURE DATA OIL SPILLS , SEPTEMBER, 2019. (10 PP., PDF, NO OPT-IN). Transmit Security - The Transmit Security Platform provides a solution for managing identity across applications while maintaining security and usability. As criminal threats evolve, online authentication has become reactive and less effective. Many organizations have taken on multiple point solutions to try to stay ahead, deploying new authenticators, risk engines, and fraud tools. In the process, the customer experience has suffered. And with an increasingly complex environment, many enterprises struggle with the ability to rapidly innovate to provide customers with an omnichannel experience that enables them to stay ahead of emerging threats.

Transmit Security – The Transmit Security Platform provides a solution for managing identity across applications while maintaining security and usability. As criminal threats evolve, online authentication has become reactive and less effective. Many organizations have taken on multiple point solutions to try to stay ahead, deploying new authenticators, risk engines, and fraud tools. In the process, the customer experience has suffered. And with an increasingly complex environment, many enterprises struggle with the ability to rapidly innovate to provide customers with an omnichannel experience that enables them to stay ahead of emerging threats.

How AI Is Improving Omnichannel CyberSecurity In 2020

How AI Is Improving Omnichannel CyberSecurity in 2020

  • 52% of financial institutions plan to invest in additional measures to secure existing accounts, and 46% plan to invest in better identity-verification measures.
  • 42% of digital businesses that consider themselves technologically advanced are finding fraud is restraining their ability to grow and adopt new digital innovation strategies.
  • 33% of all businesses across retail, financial institutions, restaurants, and insurance are investing in their omnichannel strategies this year.

These and many other insights are from Javelin Strategy, and Research report published this month, Protecting Digital Innovation: Emerging Fraud and Attack Vectors. A copy of the report can be downloaded here (25 pp., PDF, opt-in). The methodology is based on a survey of 200 fraud and payment decision-makers for businesses headquartered in the United States. Respondents are evenly distributed from four industries, including consumer banking, insurance, restaurants/food service, and retail merchants.

The survey’s results are noteworthy because they reflect how AI and machine learning-based fraud prevention techniques are helping retailers, financial services, insurance, and restaurants to reduce false positives that, in turn, reduces friction for their customers. All industries are in an arms race with fraudsters, many of whom are using machine learning to thwart fraud prevention systems. There are a series of fraud prevention providers countering fraud and helping industries stay ahead. A leader in this field is Kount, with its Omniscore that provides digital businesses with what they need to fight fraud while providing the best possible customer experience.

The following are the key insights from the Javelin Strategy and Research report published this month:

  • Retailers, financial institutions, restaurants, and insurance companies need to invest in fraud mitigation at the same rate as new product innovation, with retail and banking leading the way. Restaurants and insurance are lagging in their adoption of fraud mitigation techniques and, as a result, tend to experience more fraud. The insurance industry has a friendly fraud problem that is hard to catch. Over half of the financial institutions interviewed, 52% plan to invest in additional technologies to secure existing accounts, and 46% plan to invest in better identity-verification measures. Based on the survey, banks appear to be early adopters of AI and machine learning for fraud prevention. The study makes an excellent point that banking via virtual assistants is still nascent and constrained by the lack of information sharing within the ecosystem, which restricts authentication measures to PINs and passwords.

How AI Is Improving Omnichannel CyberSecurity in 2020

  • 57% of all businesses are adding new products and services as their leading digital innovation strategy in 2020, followed by refining the user experience (55%) and expanding their digital strategy teams. Comparing priorities for digital innovation across the four industries reflects how each is approaching their omnichannel strategy. The banking industry places the highest priority on improving the security of existing user accounts at 52% of financial institutions surveyed. Improving security is the highest priority in banking today, according to the survey results shown below. This further validates how advanced banking and financial institutions are in their use of AI and machine learning for fraud prevention.

How AI Is Improving Omnichannel CyberSecurity in 2020

  • Digital businesses plan to improve their omnichannel strategies by improving their website, mobile app, and online catalog customer experiences across all channels in addition to better integration between digital and physical services is how. 40% of respondents are actively investing in improving the integration between digital and physical services. That’s an essential step for ensuring a consistently excellent user experience across websites, product catalogs, buy online and pick up in-store, and consistent user experiences across all digital and physical channels.

How AI Is Improving Omnichannel CyberSecurity in 2020

  • 69% of all digital businesses interviewed are planning to make additional fraud investments this year. Banking and financial institutions dominate the four industries surveyed in the plans for additional fraud investment. 82% of consumer banks are planning to invest in additional fraud detection technologies. Insurers are least likely to invest in fraud detection technologies in 2020. The study notes that this can be attributed to insurers’ unique challenges with first-party fraud or fraud committed by legitimate policyholders, which is poorly addressed by many mainstream fraud controls.

How AI Is Improving Omnichannel CyberSecurity in 2020

  • Using AI-based scoring techniques to detect stolen credit card data being used online or in mobile apps, dominates financial institutions’ priorities today. 34% of financial institutions cite their top fraud threat being the use of stolen credit card data used online or in mobile apps. 18% say account takeovers are their most important area to reduce fraud. Financial institutions lead all others in fraud technology investments to thwart fraud, with managing digital fraud risk being the highest priority of all compared to the three other industries represented in the survey.

How AI Is Improving Omnichannel CyberSecurity in 2020

  • 52% of all financial institutions say that improving the security of existing user accounts leads all digital investment priorities in 2020. What’s significant about this finding is that it outpaces adding new digital products and services and improving identity verification of new users. This is another factor that contributes to financial institutions’ leadership role in relying on AI and machine learning to improve fraud detection and deterrence.   

How AI Is Improving Omnichannel CyberSecurity in 2020

 

 

10 Ways To Own Your Cybersecurity In 2020

10 Ways To Own Your Cybersecurity In 2020

Bottom Line: One of the best New Year’s resolutions anyone can make is to learn new ways to secure their personal and professional lives online, starting with ten proven ways they can take greater control over their own cybersecurity.

For many professionals, their personal and professional lives have blended together thanks to the growing number of connected, IoT-capable devices, including cars, home security systems, smartphones, virtual assistants including Amazon Echo, Google Home, WiFi routers, and more. It’s typical to find homes with two dozen or more connected devices that are relied for everything going on in a person’s life from personal interests, connecting with friends, and getting work done.

It’s Time to Secure Every Area of Your Smart, Connected World

Faced with chronic time shortages, many people rely on smart, connected devices supported by AI and machine learning to get more done in less time. They’re proliferating today because they’ve proven to be very effective at personalizing experiences while providing the added convenience of being always on and available to help. Smart, connected devices are an extension of a person’s identity today as they contain insights into buying behavior and, in some cases, actual conversations. The more these devices are protected, the more a person’s identity and most valuable resource of all – time – is protected too.

Strengthening your own cybersecurity starts by seeing every device and the apps you use as potential attack surfaces that need to be protected. Just as you wouldn’t likely leave any of the physical doors to your home unprotected and locked, you need to secure all the digital entrances to your home and person. Like the CEO and cybersecurity team of any organization who is focusing on how to reduce the risk of a breach, the same level of intensity and vigilance to personal cybersecurity needs to become the new normal.

10 Ways You Can Own Your Cybersecurity

The following are the top ten ways you can take control and own your own security. Several of the ways mentioned below are from the recent Centrify webinar, Cybersecurity Best Practices: The Basics and Beyond:

  • Replace weak passwords used on multiple accounts with a unique, longer password for each online account. Start by getting away from having the same password for multiple accounts. When a single account gets hacked, it can easily lead to all the others with the same password and comparable user ID. Passwords are proving to be the weakest attack vector there is for personal information today. World Password Day serves as a reminder every May to use stronger, different passwords on each account.
  • Start researching and choose a Password Manager that is flexible enough to match how you like to work. It’s time to get beyond Post-It notes and paper-based approaches to managing your own passwords now. Dashlane, LastPass, and OneLogin are all excellent password managers worth checking out. If you’re not sure password managers are worth it, I’ve seen them add an additional layer of security to personal and work accounts that would not have otherwise been available. Some will even notify you when an account you have might have been breached, and recommend a new password for you. A screen capture from the webinar illustrates the differences between personal, professional and Privileged Access Management (PAM) levels of password security:

10 Ways To Own Your Cybersecurity In 2020

  • Use single-sign-on (SSO) if available for systems at work, even if you’re logging in at the office. SSO systems use temporary tokens, which have proven to be more reliable than static credentials. One of the primary design goals of SSO is to authenticate your identity once, and give you access to the applications and system resources you need and are entitled to access to get work done.
  • Vault away passwords to critical systems and data. In the privileged access world of Cybersecurity operations in any organization, password vaults have become commonplace. Password vaults are similar to password managers many people use for their personal devices, web applications, and sites they regularly visit. In the case of a password vault, privileged credentials are checked in and out by admins, with each password automatically rotating to ensure greater randomization.
  • Enable security on all the devices you received over the holidays, starting with your WiFi router. If you’ve never set an admin password on your WiFi router and the two guest access points they typically have, now is a great time to do that. If you have an Amazon Echo or Google Home, manually disable the microphones. On the Echo, press the microphone button until the external ring turns red. On Google Home, use the small switch on the side to turn off the microphone..On an Amazon Alexa, it’s possible to review voice recordings associated with your account and delete the voice recordings one by one, by date range, by Alexa-enabled device, or all at once by visiting Settings > Alexa Privacy in the Alexa app or https://www.amazon.com/alexaprivacysettings. It’s a good idea to use PIN protection to disable voice purchases too. If you have Baby Monitors in your home, connect to them using a secured WiFi connection, not Bluetooth. Have everything behind your home firewall, so there’s a minimal number of threat surfaces in your home.
  • Take few of the many LinkedIn learning courses on practical cybersecurity to stay current on the latest techniques. LinkedIn Learning has 19 courses available today that are focused on practical cybersecurity steps you can take to protect your company’s systems and your own. You can find all the 19 courses here. LinkedIn Learning has 462 learning resources available today, available here. I’ve taken a few over a lunch break and have found them informative, interesting, and useful.
  •  Realize that you may be getting phishing and spear-phishing e-mails every week. Cybercriminals are becoming increasingly sophisticated in their use of browser plug-ins to pop up messages asking for your login and password information for sites. Combining the latest information from LinkedIn, Facebook, Twitter, and other sites, hackers often target new employees and with spearfishing campaigns where they impersonate a CEO and other senior-level executives. Spearfishing attempts can be easily thwarted by calling the supposed sender to ask if the request is legitimate. A second way to spot phishing and spear-fishing attempts is they will ask you for one or more of the pieces of information needed for completing a Multi-Factor Authentication (MFA) login to an account. Misspelled words, questionable e-mail addresses, and unsecured domains and websites are also a sure tip-off of a phishing attempt.
  • Bring Your Own Device (BYOD) greatly expands the enterprise attack surface. Define the success of a BYOD security strategy by how well it immediately shuts down access to confidential data and systems first. Being able to immediately block access to confidential systems and data is the most important aspect of securing any BYOD across a network. It’s common for BYOD enablement strategies to include integrations to Dropbox, Slack, Salesforce and Workday, Slack, Salesforce, and others.
  • Always use Multi-Factor Authentication (MFA) everywhere it’s offered. MFA is based on three or more factors that can authenticate who you are. Something you know (passwords, PINs, code works), something you have (a smartphone, tokens devices that produce pins or pre-defined pins) or something you are (biometrics, facial recognition, fingerprints, iris, and face scans). Google, for example, provides MFA as part of their account management to every account holder, in addition to a thorough security check-up, which is useful for seeing how many times a given password has been reused.

10 Ways To Own Your Cybersecurity In 2020

  • Determine where you and your company are from a privileged access maturity standpoint. Centrify shared the four stages of privileged access security on the webinar, and each phase is a useful benchmark for anyone or organization looking to improve their cybersecurity effectiveness. Centrify found in a recent survey that 42% of organizations are at the nonexistent phase of the model. As an organization progresses up the model, there’s greater accountability and visibility for each aspect of a cybersecurity strategy. For individuals, the progression is much the same, all leading to a lower risk of a breach and stolen privileged access credentials occurring.

10 Ways To Own Your Cybersecurity In 2020

Conclusion

While not every user in an organization is going to have privileged entitlements, it is up to every individual to take ownership of their cybersecurity hygiene to ensure they don’t become the most-easily-exploited employee in the company. That’s what the bad guys are looking for: the easiest way in. Why try to hack in against sophisticated technology when they can just guess your easy password, or get you to hand it over to them by phishing? Be cyber smart in 2020 – these ten tips might save you from being the weakest link that could cost your organization millions.

%d bloggers like this: