Author: bacohido

San Francisco and Cork, Ireland, Aug. 3, 2023 — Vaultree, a cybersecurity leader pioneering Fully Functional Data-In-Use Encryption (FFDUE), today announces a strategic integration with Tableau, a renowned platform for data visualization and business intelligence.

This marks a monumental leap forward in secure financial and healthcare data analytics, enabling encrypted data to be safely analyzed and visualized for the first time, all while maintaining absolute data privacy and security.

“Today, we are introducing a unique synergy between encryption and data visualization,” says Ryan Lasmaili, Founder and CEO of Vaultree. “Our integration with Tableau is a significant step in driving data security and business intelligence to new heights. It combines our persisten

New features and benefits include:

End-to-End Encrypted Data Analytics: The Vaultree-Tableau integration empowers organizations to carry out sophisticated predictive modelling, trend analysis, and market research on encrypted data. This innovation is set to transform how sensitive financial and healthcare data is utilized, transforming the industry landscape by allowing organizations to unlock their full potential while preserving data security and privacy.

Secure Data Visualization: This integration enables the viewing of insights derived from computations on encrypted data in plaintext on a Tableau dashboard. This breakthrough provides a new level of secure business intelligence, combining the power of advanced analytics with the security of end-to-end encryption.

AI & ML on Encrypted Data: The Vaultree-Tableau integration allows organizations to perform advanced encrypted search, machine learning, and AI-powered data analysis on sensitive data. This functionality fosters unprecedented levels of innovation and enhances decision-making without sacrificing data security.

Lasmaili

“We’re fostering a future where persistent FFDUE encryption and secure data visualization are driving industry innovation, fueling growth, and reducing cybersecurity risks, all while ensuring stricter compliance with regulatory requirements,” adds Lasmaili. “Today, we’re making that future a reality.”

Vaultree continues to push the boundaries of what’s possible in secure data collaboration and management, delivering solutions that address the evolving challenges of data privacy and security in both the financial services and healthcare sectors. With this integration, Vaultree further affirms its commitment to driving industry-wide transformation and shaping the future of secure, data-driven innovation.

Vaultree is also thrilled to announce its sponsorship at Black Hat USA 2023. Visit the startup city, booth #204, for a live demo of the integration, and to see firsthand how Vaultree and Tableau are transforming secure data analytics. Ryan Lasmaili, Founder and CEO of Vaultree, will deliver a session titled ‘Navigating Data Encryption: Discover the Power of Fully Functional Data-In-Use Encryption (FFDUE)’ on Thursday, August 10, from 2:25pm-2:45pm at the Start-Up City Theater. You can schedule a meeting to meet with our team at https://www.vaultree.com/rsvp/.

About Vaultree: Vaultree, a leader in cybersecurity, has redefined sensitive data protection and access with our Fully Functional Data-In-Use Encryption (FFDUE). Our solution enables enterprises to securely process, search, and compute structured and unstructured encrypted data, driving AI and ML applications. Our technology resolves traditional encryption hurdles and also provides an enterprise blend of performance, speed, and scalability—making it an ideal match for data-intensive sectors. Moreover, our technology guarantees persistent encryption, even during a data leak. Under specific GDPR provisions, companies are exempt from disclosing a breach if the data was encrypted using Vaultree—a testament to the trustworthiness of our system. With a seamless integration process that doesn’t demand any major platform or technology changes, Vaultree is trusted by Google and numerous other data-focused organisations worldwide to safeguard their sensitive information. Our commitment is to always keep your data encrypted, accessible, and secure, while driving innovation and mitigating cybersecurity risks. Vaultree is a privately held company based in Ireland and the U.S. For more information, please visit www.vaultree.com.

San Francisco, Calif., Aug. 2, 2023 – Normalyze, a pioneer in cloud data security, today introduced new capabilities to protect data across hybrid cloud deployments and on-premises environments.  With an extensive platform that already offers comprehensive data security posture management for data at rest and in motion across all IaaS, PaaS, SaaS data assets, Normalyze now provides IT and security teams with unprecedented visibility into data housedon-premises.

With Normalyze, companies that operate hybrid cloud environments can now manage their data security posture from a single platform for a complete understanding of their data attack surface.

Padron

“As our hybrid environment grew due to cloud migration and regulatory requirements, getting holistic visibility into our data stored on-premises and in the cloud is becoming a challenging task for our security and compliance teams,” said Nick Padron, Director of Information Security at Fairfield. “With the new hybrid cloud capabilities of the Normalyze platform, we can assess our entire data landscape no matter where the data resides and prioritize risks with the highest business impact.”

According to an ESG report “2/3 organizations prefer a comprehensive integrated data security platform” as security solutions offered by cloud native tools as well as existing solutions built for a non-cloud world do not scale to the current reality of cloud data. With Normalyze, security teams can now secure data in hybrid cloud environments as follows:

•Discover all sensitive content in their on-premises database deployments

•Assess monetary value associated with sensitive data

•Identify and prioritize data exposure risks, anomalous activity associated with sensitive data, and duplicated data

•Maintain a consistent data security posture across all surfaces where enterprise data resides

Deeba

“Legacy data security tools have been built and optimized for a single surface area where data resides and do not scale for all the different surfaces and platforms where enterprise data today resides including IaaS, PaaS, SaaS and on-prem,” said Amer Deeba, CEO and co-founder ofNormalyze. “Organizations with sophisticated hybrid cloud frameworks struggle to get an end-to-end picture of the risks across all data stores. Now they can, with Normalyze in one platform that supports data everywhere and provides security teams a comprehensivedashboard for data across the board – for both structured and unstructured – using patented, privacy-friendly data scanners with quick onboarding and highest degrees of accuracy.”

With the explosion in data – driven by workload migration to the cloud – it is no longer enough for cybersecurity teams to treat data protection as a secondary capability. The need for a holistic data security platform is paramount enabling security teams to be data first in their cyberdefenses. The Normalyze data security platform was purpose built to have data as the central focus of security operations and with a cloud native architecture to scale to customers’ ever proliferating data assets across various public cloud and hybrid cloud environments. Normalyze platform’s capabilities already include:

•Comprehensive data discovery & classification

•Data access governance with full visibility into access configurations and granular privileges associated with sensitive data

•Data exposure risks prioritized by monetary impact to customer

•Extensive customization – Ability to build custom, sensitive data classifiers, policies, queries for ad hoc-investigations

Product Availability. With the latest product update, Normalyze data security capabilities for on-premises data stores (Microsoft SQL Server, MySQL, Oracle, PostgreSQL etc.) are now available for customers. Support for additional data stores including on-premises file share solutions will be available within the next quarters.

About Normalyze: Normalyze is a pioneering provider of cloud data security solutions helping customers secure their data, applications, identities, and infrastructure across public clouds. With Normalyze, organizations can discover and visualize their cloud data attack surface within minutes and get real-time visibility and control into their security posture, including access, configurations, and sensitive data to secure cloud infrastructures at scale. The Normalyze patented and agentless scanning platform continuously discovers resources, sensitive data and access paths across all cloud environments. The company was founded by industry veterans Ravi Ithal and Amer Deeba and has several customers, including ChargePoint, Corelight, Fairfield, Ginkgo Bio, Netskope, Sigma Computing and others. The company is funded by Lightspeed Venture Partners and Battery Ventures. For more information, please visit normalyze.ai

Media contact: Bulleit PR, normalyze@bulleitgroup.com

Cambridge, Mass. – Aug. 1, 2023 – Devo Technology, the cloud-native security analytics company, today announced its financial support for Cybermindz, a not-for-profit organization dedicated to improving the mental health and well-being of cybersecurity professionals. Founded in Australia just over one year ago, Cybermindz entered the U.S. in April to expand its global reach.

A recent study found that 55% of SOC analysts have considered leaving their jobs due to stress. New applications of AI-powered security tools are being applied to reduce analyst workloads and alleviate burnout, but they are only one piece of the puzzle. While Devo believes in the future of AI, it recognizes that solving mental health challenges requires a two-pronged approach. That’s why the company is also proud to support organizations such as Cybermindz.

“When more than half of entry-level cybersecurity staff have considered quitting due to stress and anxiety, it’s clear that something needs to change – and as quickly as possible. Bringing our services to the U.S. is part of our larger goal of international expansion, with a UK launch in September 2023. Partners like Devo are bringing this goal into reality,” said Peter Coroneos, founder and executive chairman, Cybermindz.

Cybermindz implements the evidence-based iRest protocol, which has found success within the US Military for almost 20 years and is used to treat conditions like anxiety, depression, and post-traumatic stress.

Zadelhoff

“Day after day, SOC analysts are burdened by an onslaught of alerts, understaffed teams, and high levels of pressure to succeed, leaving them with unmanageable workloads and chronic stress,” said Marc van Zadelhoff, CEO, Devo. “We’re supporting Cybermindz’s expansion into the U.S. to provide more resources for cybersecurity professionals to manage their mental well-being. By layering in wellness initiatives like Cybermindz’s neuroscience-backed program and cutting-edge security technology like Devo, companies will further reduce analyst stress and burnout and ultimately, contribute to a better future for this field.”  

Organizations and customers of Devo and Cybermindz can participate in this partnership in several ways:

•Devo will donate $10 for every visitor it receives at its Black Hat booth #2160, in addition to a lump-sum donation.

•Organizations can partner with Cybermindz at https://cybermindz.org/.

•Cybermindz offers a pilot mental health program available for early adopters.

About Devo. Devo is the only cloud-native security analytics platform that combines the power of people and intelligent automation to confidently defend expanding attack surfaces. An ally in keeping your organization secure, Devo augments security teams with AI — enabling you to continuously scale SOC efficiency, increase the speed of threat detection and response, and gain greater clarity to empower bold action, minimize risk, and maximize outcomes. Headquartered in Cambridge, Massachusetts, with operations in North America, Europe and Asia Pacific, Devo is backed by Insight Partners, Georgian, TCV, General Atlantic, Bessemer Venture Partners, Kibo Ventures and Eurazeo. Learn more at www.devo.com. 

Media Contact: Shannon Van Every, Shannon@force4.co  

Tel Aviv, Israel, Aug. 1, 2023 – Guardz, the cybersecurity company securing and insuring SMEs, today disclosed the existence of a Hidden Virtual Network Computing (hVNC) malware targeting macOS devices. The malware, which is available on the major Russian dark web forum Exploit, allows cybercriminals to gain and maintain persistent unauthorized access to a victim’s Mac computer without being detected, and demonstrates the concerning emergence of a growing number of macOS-focused Attack-as-a-Service tools.

While cybercriminals have predominantly designed malware to target Microsoft Windows devices at scale, they are now increasingly developing tools for macOS. This shift directly affects small and medium-sized enterprises (SMEs), among whom macOS devices are widely utilized. Recently, Guardz identified an information stealing malware called ‘ShadowVault,’ which also exclusively targets macOS devices. This discovery, as well as the growing talk of macOS tools within underground cybercrime forums, suggests an imminent surge in cyberattacks against macOS users. SMEs, who once considered macOS as the safer option, should exercise caution and prepare themselves for the impacts of this changing threat landscape.

Traditional Virtual Network Computing (VNC) software allows users to remotely control another computer over a network with permission and is often used for remote technical support. hVNC is a nefarious variation of this technology, typically distributed through attack vectors such as email attachments, malicious websites, or exploit kits.

The macOS hVNC identified by Guardz has been available since April 2023, with updates made as recently as July 13, 2023, and was tested on a wide array of macOS versions from 10 through 13.2. It is being sold at a lifetime price of $60K with additional capabilities available for an added fee, on offer from an active Exploit forum member called RastaFarEye. The forum member holds a significant track record of malicious activity, having already developed a Windows OS hVNC variant, among other attack tools.

The macOS malware operates covertly, gaining access without requesting permission from the user and deliberately concealing its presence to evade detection by SMEs. Its persistence mechanisms ensure its continued activity even after system reboots or attempts at removal. It is mainly utilized to perpetrate data theft, with a focus on extracting sensitive information from employees’ computers, including login credentials, personal data, financial information, and more. This combination of stealth, persistence, data theft, and remote control makes the malware a very potent tool in the hands of malicious actors.

Eisner

“SMEs must remain vigilant and work with their trusted MSP partners to obtain complete protection against the growing threats targeting the macOS systems that were previously assumed to be more secure,” said Dor Eisner, CEO and Co-Founder of Guardz. “As with all Attack-as-a-Service tools, protecting against this new stealth malware requires robust and active cybersecurity measures, as well as ongoing user education about the risks of suspicious email attachments and files from untrustworthy sources, in particular. We look forward to continuing to shed light on emerging threats to help more companies and MSP partners ensure that their business and employees remain secure.”

The revelation by Guardz follows the company’s disclosure of the ShadowVault malware in July 2023, when the Guardz research team announced the existence of the new information stealer, available for rent on the dark web’s popular XSS forum. The malware is capable of stealing sensitive data from macOS-based devices, posing a significant threat to businesses and individuals alike.

To learn more about the newly disclosed macOS hVNC and the rising trend of threats against SMEs, see Guardz’s recent blog post here.

About Guardz: Guardz is a holistic cyber security and insurance solution designed for SMEs. Its all-in-one, affordable platform is on guard 24/7, and is easy to use for both in-house IT personnel and MSPs. With cutting-edge technologies stacked into a robust platform, Guardz’s solution continuously monitors businesses’ digital landscapes to protect their entire range of assets, enables them to react to cyber risks in real time with swift remediations, and provides cyber insurance for peace of mind. Guardz was founded in 2022 by Dor Eisner and Alon Lavi along with a team of cyber and insurance experts who combine innovation, experience, and creativity to create a safer digital world for small businesses.

Press contact: Allison Grey, Headline Medi, allison@headline.media, US: +1 323 283 8176, UK: +44 203 807 4482, IL: +972 53 820 2606

New York, NY, Aug. 1, 2023– AppViewX, a leader in automated machine identity management (MIM) and application infrastructure security, today announced the results of a research study conducted by Enterprise Management Associates (EMA) on SSL/TLS Certificate Security. The survey found that nearly 80% of TLS certificates on the Internet are vulnerable to Man in the Middle (MiM) attacks, while as many as 25% of all certificates are expired at any given time.

A full copy of the AppViewX sponsored report is available here.

Buckler

“We were surprised with the sheer volume of expired and self-signed certificates in circulation, and how many organizations are still not using TLS 1.2 and 1.3,” said Ken Buckler, CASP, Director of Information Security Research for EMA. “With Google’s proposed TLS certificate 90-day expiration mandate looming, it’s clear that the only path forward for IT administrators and security professionals is automated certificate management.”

Survey Highlights

As part of the study sponsored by AppViewX, EMA gathered data from multiple sources for this research report, including Google Trends from 5/6/2018 to 4/30/2023, Stack Exchange from 1/1/2009 to 12/31/2022, and Shodan in May 2023 focused on servers with SSL/TLS certificates on port 443. Some of the report’s key findings include:

Palanisamy

•Only 21% of servers on the internet utilize TLS 1.3, meaning 79% of SSL certificates in use today are still subject to man-in-the-middle attacks

•Up to 25% of certificates on the internet pose a security threat because are expired (10%) or self-signed (15%) which are not considered secure for publicly accessible websites or services

•45% of IP addresses exposed to Top 10 vulnerabilities also had expired certificates (22%) or self-signed certificates (23%)

•The Generic Top-Level Domains (gTLDs) with the most expired certificates are:

.org (15%)

.com (12%)

.mil (11%)

“With almost six million expired SSL/TLS certificates currently in use on the internet and almost nine million self-signed certificates, this survey quantifies that many organizations are failing to perform basic certificate management hygiene,” said Murali Palanisamy, Chief Solutions Officer at AppViewX. “The recent certificate expiration incidents at Cisco, Microsoft and StarLink demonstrate the importance of automating the management of digital identities to eliminate critical outages and ensure strong security and risk postures.”

About AppViewX: AppViewX is trusted by the world’s leading organizations to reduce risk, ensure compliance, and increase visibility through automated machine identity management and application infrastructure security and orchestration. The AppViewX platform provides complete certificate lifecycle management and PKI-as-a-Service using streamlined workflows to prevent outages, reduce security incidents and enable crypto-agility. 

Fortune 1000 companies, including six of the top ten global commercial banks, five of the top ten global media companies, and five of the top ten managed healthcare providers rely on AppViewX to automate NetOps, SecOps, and DevOps. AppViewX is headquartered in New York with offices in the U.K., Australia and three development centers of excellence in India. For more information, visit https://www.appviewx.com and follow us on LinkedIn and Twitter.

Miami, Fla., Aug 1, 2023  –? Lumu, the creators of the Continuous Compromise Assessment cybersecurity model that empowers organizations to measure compromise in real time, will debut Lumu for Threat Hunting at the Black Hat USA 2023.

Lumu for Threat Hunting goes a step further than traditional cybersecurity tools by using automation to continuously monitor networks and point out unusual activity. When something out of the ordinary is detected, an incident is created and automatically triggers the hunt.

“Defensive technologies rely on rules, heuristics and outliers to find threat actors but these technologies lack one essential component that is essential to the threat hunting practice: the creativity of the practitioners defending networks,” said Ricardo Villadiego, founder and CEO of Lumu.

Villadiego

“Effective threat hunting requires the foresight of humans and the tools have to amplify what humans are capable of,” Villadiego says. “Our new capabilities help threat hunters do their job better by finding attacks that circumvent detection capabilities in cybersecurity products and managed security services.”

Effective threat hunting requires the fusion of human intelligence, creativity and foresight with the speed, scale and efficiency provided by advanced technological tools. This combination empowers organizations to detect and respond to threats more efficiently and proactively, ultimately reducing the potential impact of cyberattacks. Lumu for Threat Hunting will assist threat hunters in the following ways:

Trigger

•Incidents: Provides coordinates and information from endpoints to trigger your threat hunting exercise

•Playback: Lumu stores two years of metadata and compares prior metadata with new threat intelligence to defend against zero-day threats and emerging attacks

•Global Mitre Matrix: Gives a detailed view of the tactics and techniques attackers are using to target your organization to prioritize threat hunting and red team exercises

Investigation

•Threat Triggers: Contains Indicators of Compromise (IoCs) related to an incident as reported by Lumu’s threat intelligence engines or third-party sources.

•Compromise Radar: Shows threat hunters contact patterns to help distinguish occasional contact from persistent and automated attacks

•Attack Distribution: Enables prioritization by uncovering which areas of the organization are most affected by threat actors

Resolution

•Operational Timeline: All incidents contain a timeline section where teams can track the steps of the resolution flow

•Email Reports: Each incident provides the ability to email all of the details of what happened and what actions were taken directly to your CISO and others as needed

•Response Automation: Connect Lumu with your existing cyber stack to take automated actions against active threats

As ransomware groups continue to successfully bypass defenses and grow bolder, ransomware maintains as a top threat to businesses in 2023. To highlight ransomware precursors and how the attacks evade common cyber defenses, Lumu has also released an update to its 2023 Ransomware Flashcard. Key findings that are valuable for threat hunting teams include:

•The most prevalent ransomware precursors (Qakbot, Phorpiex, Emotet, Cobalt Strike, Ursnif, Dridex and ZLoader)

•Which ransomware precursors active cybercrime gangs are using: ALPHV/BlackCat, one of the groups behind the recent cyber attack on Estée Lauder,  is using Emotet; BlackBasta, an offshoot of Conti and behind the recent ransomware attack on multinational tech firm ABB, is using Qakbot; Conti is using Qakbot and Emotet, BitRansomware is using Phorpiex,  Egregor is using Qakbor and Ursnif.

To learn more about Lumu for Threat Hunting, please visit https://lumu.io/threat-hunting/ or visit us at Black Hat USA 2023, Start-Up City SC220 for a demo.

About Lumu: Headquartered in Miami, Florida, Lumu is a cybersecurity company focused on helping enterprise organizations illuminate threats and isolate confirmed instances of compromise. Applying principles of Continuous Compromise Assessment™, Lumu has built a powerful closed-loop, self-learning solution that helps security teams accelerate compromise detection, gain real time visibility across their infrastructure, and close the breach detection gap from months to minutes. Learn more about how Lumu illuminates network blind spots at?lumu.io.

San Jose, Calif. – Aug.1, 2023 – Nile the leader in next-generation enterprise networks, today announced a $175 million Series C investment round co-led by March Capital and Sanabil Investments, with strategic participation from solutions by stc, Prosperity7, and Liberty Global Ventures, and contribution from 8VC, Geodesic Capital, FirstU Capital, and Valor Equity Partners. Nile’s impressive raise, which brings its total funding to $300 million, reflects the significant progress the company is making to expand its global position and redefine the way enterprises consume IT infrastructures.

After emerging from stealth mode less than a year ago, Nile has built a market-leading network-as-a-service (NaaS) solution designed to deliver a more secure wired and wireless service through the extensive use of monitoring, analytics, and automation. The company has rapidly expanded beyond North America into Europe, the Middle East, Africa, and Asia, and has seen increasing demand for its innovative access network service from organizations including Stanford University, Pitney Bowes, and Carta, among others. Collaborations with over 100 channel and service provider partners further underscore Nile’s growing market presence.

“Nile is in a strong position to take advantage of several paradigm shifts occurring across the technology ecosystem,” said Pankaj Patel, CEO and co-founder of Nile. “Cloud-born edge infrastructure solutions are altering the way we engage with each other and interact with physical spaces in offices, schools, and venues. AI is enabling data-driven decision-making to be adopted at a rapid pace.

Patel

“Cloud migration strategies for anywhere access to enterprise apps is top of mind for all IT executives, creating a tremendous opportunity for Nile. These trends present unique challenges in the way enterprise infrastructure is consumed, and Nile is committed to addressing them head-on, making our service as agile and innovative as the technology solutions it enables.”

This round of financing will further Nile’s mission to eliminate the operational complexities plaguing enterprise networks in their ability to support cloud-born enterprise IT solutions, while also delivering the highest levels of integrated defenses to protect both wired and wireless connectivity from cyber attacks. With Nile, innovation is as swift at the enterprise edge as it is in the cloud, the burden of high upfront capital expenditure-based consumption is eliminated, and the automation of all network services is enabled with data-centric, zero-touch orchestration.

Mandal

“In just four years, Nile has engineered an entirely new connectivity experience through a groundbreaking approach that prioritizes security and empowers IT to transform operations,” said Sumant Mandal, co-founder and managing partner at March Capital. “Led by a team of seasoned industry veterans with extensive C-suite expertise and bolstered by a dedicated group of skilled engineers and architects, Nile is rapidly evolving into a market leader ushering in a new era in networking that promises unparalleled possibilities. We’re thrilled to deepen our support for Pankaj, John Chambers and their impressive bench of talent as they accelerate their momentum and continue to innovate the enterprise network at the forefront of the industry.”

Kevl

“Since the invention of the LAN [local area network] on our campus, we have taken pride in being at the forefront of new network innovations, and Nile has undoubtedly been a game-changer for us,” said Andrej Krevl, Director of IT at Stanford. “After experiencing challenges with unreliable Wi-Fi, which interrupted classes, Zoom meetings, and everyday work for our computer science department, we turned to Nile to upgrade our network with a simplified and secure solution. As a result, our IT team is once again able to drive department innovations and focus on providing uninterrupted network performance to our students and staff, without being burdened by basic network tasks.”

In the era of rapid transformation, CIOs and CISOs are increasingly concerned about the integrity of their business data and digital assets. Built with a steadfast commitment to security, Nile’s service incorporates Campus Zero Trust Network Access (ZTNA) principles by design, and automates network access control (NAC) mechanisms that traditionally required significant manual effort to provision and maintain. This unwavering focus on security has enabled Nile to achieve top-tier certifications, including ISO 27001, SOC2 Type II, and CSA Level 1, validating its position as a leader in network service delivery to enterprises.

To learn more about Nile and its industry-first service architecture, visit nilesecure.com/enterprise-network.

About Nile: Nile is the leader in next generation enterprise networks, with a vision to transform the way businesses interact with their IT infrastructure. Nile is dedicated to helping customers redirect a significant portion of the $75B in infrastructure operating expenses that they currently bear to critical IT initiatives. Nile’s network-as-a-service (NaaS) solution is designed to keep pace with the rapid innovation seen across private and public clouds, and its commitment to agile solutions is setting a new standard for enterprise networks. For more information, visit nilesecure.com.

Media contact: Meghan Matheny, +1-734-255-5954, meghan.matheny@sourcecodecomms.com

 New York, NY, July 27, 2023 – QBE North America today announced the launch of a cyber insurance program with new MGA, Converge, acting as program administrator.

The program will be broken down into two separate distribution structures, each with a distinct revenue focus and cyber security data access formation.

•ConvergeElements™ offers primary and excess cyber coverage through select agents and brokers for companies with up to $100 million in revenue. Converge’s proprietary technology platform allows it to ingest and collate data from applications, external system scans, underwriting and claims workspaces, insured/broker portals, analytics workspaces, and other specialized data sources to underwrite cyber risks more swiftly and effectively.

•ConvergeConnect™ offers primary cyber coverage through prequalified technology provider partnerships for companies with up to $750 million in revenue. These partners provide Converge with access to insured-specific behind-the-firewall security and underwriting data to provide best-in-class customer solutions leveraging unmatched insights on cybersecurity posture.

“Converge’s unique ability to access and analyze detailed cyber risk information aligns perfectly with our control-based underwriting approach,” said Danielle Librizzi, Head of Professional Liability and Financial Lines Programs, QBE North America.

Librizzi

“Furthermore, Converge’s operational efficiency allows us to target small business through the program, complementing business we write through our retail Cyber practice,” she says.

Tom Kang, CEO, Converge, added, “We’re thrilled to partner with QBE North America given their experience and reputation in the cyber insurance market. Their product, underwriting and claims expertise have proven invaluable as we have set up the program, and we are excited to help them tap the growing need for cyber protection for small and mid-sized enterprises in the U.S.”

Cyber coverage through the Converge program will be provided on a non-admitted basis through QBE North America’s A.M. Best “A” rated insurance companies. More information about the program is available at qbe.com/us/specialty/converge.

About QBE North America: QBE North America is a global insurance leader helping customers solve unique risks, so they can stay focused on their future. Part of QBE Insurance Group Limited, QBE North America reported Gross Written Premiums in 2022 of $7.27 billion. QBE Insurance Group’s results can be found at qbe.com. Headquartered in Sydney, Australia, QBE operates out of 27 countries around the globe, with a presence in every key insurance market. The North America division, headquartered in New York, conducts business primarily through its insurance company subsidiaries. The actual terms and conditions of any insurance coverage are subject to the language of the policies as issued. QBE insurance companies are rated “A” (Excellent) by A.M. Best and “A+” by Standard & Poor’s. Additional information can be found at qbe.com/us or follow QBE North America on LinkedIn and Facebook. 

About Converge: Converge fuses cyber insurance, security and technology to provide businesses with clear, confident cyber protection. Deploying a proprietary data ecosystem underpinned by expert underwriting, it provides risk solutions that deliver high-value strategies with improved outcomes. Converge’s philosophy is that insurance needs the right elements and personalized approach to mitigate risk. By partnering with its policyholders, Converge precisely formulates their business needs so they can confidently become cyber secure. Converge is headquartered in New York and operates across the U.S. Learn more at convergeins.com.

 Media contact: Kathy Phelps, PR Director, (585) 432-9604, khelps@pinckeyhugo.com.

# # #

Tel Aviv, Israel, July 27, 2023 — Perception Point, a leading provider of advanced threat prevention across digital communication channels, today published a new report analyzing global cyberattack trends in H1 2023 amidst the paradigm shift brought about by advances in generative AI (GenAI) capabilities.

In its H1 2023 Report: Cybersecurity Trends & Insights, Perception Point reported an overall increase in social engineering attacks, including a 20% growth in the prevalence of Business Email Compromise (BEC) attacks along with a 41% surge in phishing attacks from H2 2022 to H1 2023.

Additionally, the report observed a 75% increase in attacks targeting cloud collaboration apps and storage, including Microsoft 365 apps, Salesforce, Slack, AWS S3 Buckets and others. The report identifies and analyzes additional concerning cyberattack trends, based on intelligence gathered from the company’s Advanced Threat Prevention solutions, which intercept attacks across email, web browsers, and cloud collaboration apps.

As a result of growing access to easy-to-use generative AI tools such as OpenAI’s ChatGPT, malicious actors can now attempt more sophisticated attacks with alarming simplicity and regularity. Cybercriminals are also leveraging the power of unethical GenAI alternatives like WormGPT to create increasingly sophisticated and deceptive malicious content. GenAI tools arefueling this year’s rise in both BEC and phishing attacks, whose prevalence had already increased in 2022 according to previous Perception Point research.

To combat the rising threat posed by generative AI, Perception Point has developed an innovative Large Language Model (LLM)-based detection engine to detect and prevent social engineering attacks. This model, which mirrors the technology behind popular LLMs like ChatGPT and Google’s Bard, enables organizations to identify AI-generated attacks, strengthening their defenses against these sophisticated threats.

In examining cyberattacks by type, channel, and industry, the report gives a holistic overview into the changing threat landscape. The total number of cyberattacks rose by 36% in H1 2023. Email continued to be the main vector for delivering malicious content, with as many as 1 in every 100 emails sent in the first half of 2023 found to be malicious. Phishing remains the most widespread threat type across all channels, accounting for 70% of all attacks. Malware accounted for 20% of attacks, and BEC constituted 8%.

Salinger

“The continued rise in cyberattacks of all forms, particularly phishing and BEC powered by generative AI, emphasizes the need for innovative approaches to enhance organizations’ defense mechanisms,” said Yoram Salinger, CEO of Perception Point. “We expect cybercriminals to continue sharpening their tools in order to target a wider range of communication and collaboration channels, which is likely to fuel an unprecedented surge in attacks in 2023. Organizations should adopt proactive security measures and embrace emerging technologies and holistic, managed services to strengthen their ability to prevent and remediate such pernicious cyber threats.”

The H1 2023 report goes on to analyze the distinct cybersecurity challenges faced by organizations based on size, region, and sector. Attack patterns varied across industries, with phishing responsible for 94% of all attacks targeting the Oil & Gas sector, 24% of attacks on Industrial companies was malware related, while the technology sector was more likely than others to experience BECs and advanced attacks.

The full report with detailed analysis can be accessed here, and contains a comprehensive breakdown of these findings as well as examples of some of the attack types mentioned in the report.

About Perception Point: Perception Point is a Prevention-as-a-Service company for the fastest and most accurate next-generation detection and response to all attacks across email, cloud collaboration channels, and web browsers. The solution’s natively integrated incident response service acts as a force multiplier to the SOC team, reducing management overhead, improving user experience and delivering continuous insights; providing proven best protection for all organizations.

Deployed in minutes, with no change to the enterprise’s infrastructure, the patented, cloud-native and easy-to-use service replaces cumbersome legacy systems to prevent phishing, BEC, spam, malware, Zero-days, ATO, and other advanced attacks well before they reach end-users. Fortune 500 enterprises and organizations across the globe are preventing content-borne attacks across their email and cloud collaboration channels with Perception Point. To learn more about Perception Point, visit our website, or follow us on LinkedIn, Facebook, and Twitter. 

Media Contact: Ben Crome, Headline Media, ben@headline.media, +1 914 336 4922