Contributed by Sysdig

To date cloud security has been fragmented. It’s been built from many different categories, with different acronyms, which has been challenging for teams trying to navigate their cloud-native security needs. The industry needed a consolidated approach to cloud, containers, and workload security. With the 2023 Gartner Market Guide for Cloud-Native Application Protection Platforms (CNAPP), Gartner has provided key findings and recommendations to get there.

According to Gartner, when considering a CNAPP solution, you need to “Build a team for the evaluation and selection of CNAPP offerings with skills spanning cloud security, workload security (including containers), application and middleware security, development security and developers.

Dig into the 2023 Gartner Market Guide for CNAPP to learn:

• The state of the cloud security market and how it has become more integrated
• The types of capabilities available today and how offerings are likely to evolve
• How to make a decision for selecting CNAPP vendors that best suit your business needs in today’s market
• Strategic Planning Assumptions for the market in the next 2 years

Download & Read Gartner’s Market Guide report here

About Sysdig 

Sysdig secures and accelerates cloud innovation. Powered by Runtime Insights, our platform stops threats in real time and reduces vulnerabilities by up to 95%. Our roots are in runtime as the creators of Falco, the open standard for cloud threat detection. We apply Runtime Insights across the software lifecycle to prioritize vulnerabilities and instantly detect attacks. From shift left to shield right, customers rely on Sysdig to prevent, detect, and respond at cloud speed.

Contributed by Cyolo

What do the high-profile breaches at Uber, Kaseya, and SolarWinds have in common?

They all demonstrated the risks posed by third-party access and revealed just how much we don’t know about our vendors’ security posture.

At the same time, these and other attacks have exposed the tremendous extent to which modern businesses depend on other businesses. Third-party partnerships are simply too valuable to give up, so the only answer is to make access less risky for third-party users.

This paper explores the top challenges associated with third-party access and how they can be overcome with a zero-trust access solution that reduces risk while preserving business efficiency and productivity.

Read the full report here.

About Cyolo

Cyolo’s unified platform securely connects local and mobile users to the tools and data they need, in the organizational network, cloud or IoT environments and even offline networks, regardless of where they are or what device they are using. Cyolo provides users access to all the assets they need including, applications, resources, workstations, servers and files, without granting risky network access to information assets.

To learn more, visit cyolo.io.

Contributed by Hoxhunt

Email-originated cyber attacks account for roughly 90% of all data breaches, which in total exacted a $6 trillion toll on the global economy in 2021 at a clip of over $14 million-and-climbing per company per successful phishing attack, according to reports by the Ponemon Institute and Cybersecurity Ventures. Collectively, those little clicks would add up to the GDP of the third largest nation in the world behind the US and China. Understanding employee behavior in relation to cybersecurity as well as effective behavior change methodology is a critical step towards protecting individuals and organizations from phishing attacks and data breaches.

This inaugural Behavioral Cybersecurity Report by Hoxhunt analyzed email data of 1.6 million Hoxhunt participants and their 24.7 million simulations. This analysis indicates that user email behavior can vary significantly depending on their industry, type of job, and geographical location. More importantly, user behavior, skill and progress over time indicates robust improvement. Global phishing simulation failure rates and missed simulations clearly decline, while rates of skill acquisition, threat reporting, and phishing simulation success increase. Employees and their mailboxes constitute the greatest cybersecurity risk factor for enterprises and other organizations. 2021 saw record-setting venture capital and PE activity in cybersecurity. But investment into security awareness solutions lagged behind technical solutions, as has effective innovation in security awareness models. Traditionally, improving employee cybersecurity awareness has been seen as Email-originated cyber attacks account for roughly 90% of all data breaches, which in total exacted a $6 trillion toll on the global economy in 2021 at a clip of over $14 million and climbing per company per successful phishing attack, according to reports by the Ponemon Institute and Cybersecurity Ventures. Collectively, those little clicks would add up to the GDP of the third largest nation in the world behind the US and China. Understanding employee behavior in relation to cybersecurity as well as effective behavior change methodology is a critical step towards protecting individuals and organizations from phishing attacks and data breaches.

A lost cause in terms of actually reducing risk. Awareness has thus been relegated to a compliance-based approach, which is more check-a-box than actual risk reduction. But with next-gen training solutions, which combine advanced technology with a people-centric approach, a truly riskbased approach can and will offer high ROI in terms of risk reduction. The results section of this report will show how a global sample of 1.6 million Hoxhunt users performed with millions of highly realistic phishing simulations of varying difficulty over time. Users are segmented by their geography, industry, and job role. Their behavior is segmented by their failure, success, and missed email rates. There are many intriguing findings that bear further inquiry as we seek to understand why users behave the way they do with emails. But, more importantly: so what?

Read Hoxhunt’s full report here

About Hoxhunt

Hoxhunt is a human risk management platform that goes beyond security awareness to drive behavior change and measurably lower risk. We combine AI and behavioral science to create individualized micro-training experiences people love. Employees learn to detect and report advanced phishing attacks. Operations teams respond fast with limited resources. And security leaders gain outcome-driven metrics to document reduced cybersecurity risk.

Hoxhunt works with leading global companies such as Airbus, IGT, DocuSign, Nokia, AES, Avanade, and Kärcher and partners with leading global cybersecurity companies such as Microsoft and Deloitte.

To learn more, visit https://www.hoxhunt.com/

Contributed by Hoxhunt

Where did the winding 5-year journey to human risk reduction take CISO, Ryan Boulais and Fortune 500 energy company, The AES Corporation?

 Like all great  #securitybehaviorchange and #humanriskmanagement journeys, this one started with legacy awareness training tools. But the journey led to Hoxhunt, and a:

 2,533% improvement in resilience ratio (#phishing simulation reporting rate divided by the failure rate)
 500% improvement in training engagement
 79% reduction in the failure rate
 Massive upswell in real threats detected and reported
 Reduction in resources needed to analyze threats and escalate incidents

1) The AES security team tried to improve security culture with three of the biggest SAT tools on the market for five years. But SAT engagement actually fell over time to 10%.
2)  That led to Hoxhunt. Recognizing that the traditional awareness model was flawed, AES launched an innovative security behavior change and human risk management program, leveraging the capabilities of Hoxhunt.
3) And that led to results. Read how they did it. This is an incredible success story given its time and scope.

“…With phishing simulation engagement rates reaching above 60 percent and failure rates dropping below 2 percent, Hoxhunt has helped us push our resilience into new territory, with our resilience ratio jumping by over 2,500 percent in just a few months. Hoxhunt has helped us surpass anything our legacy SAT tools could deliver.” — Ryan Boulais, VP & Chief Information Security Officer

The resilience ratio score of 38 is astonishing given the industry, size, and scope of AES. Similar companies will strive for scores of 10-15, and typically topout at 20. The resilience ratio is calculated by dividing the engagement rate by the failure rate, yielding a more accurate metric for risk than either engagement or failure alone.

“We focus on engagement. We aren’t beholden to click rate. Previously, we’d had a click rate of 7% with our awareness training solution, but we had a low reporting rate of only 10%. No matter what awareness tool we tried, engagement remained stagnant. We needed a new model to gain better visibility into our human risk and manage that risk, and Hoxhunt enabled that. Now we have a reporting rate of 70% and a click rate of like 2%. We’ve measurably reduced risk and improved security culture in a way that aligns with our cultural values, and people seem to really like it.” — David Badanes, Director of Cybersecurity Strategic Initiatives, AE

Read Hoxhunt’s full report here 

About Hoxhunt

Hoxhunt is a human risk management platform that goes beyond security awareness to drive behavior change and measurably lower risk. We combine AI and behavioral science to create individualized micro-training experiences people love. Employees learn to detect and report advanced phishing attacks. Operations teams respond fast with limited resources. And security leaders gain outcome-driven metrics to document reduced cybersecurity risk.

Hoxhunt works with leading global companies such as Airbus, IGT, DocuSign, Nokia, AES, Avanade, and Kärcher and partners with leading global cybersecurity companies such as Microsoft and Deloitte.

To learn more, visit https://www.hoxhunt.com/