Blockchain Press Releases
Picus Security analysis of 14m attack simulations reveals organizations only prevent 6 out of every 10 attacks
Blue Report highlights four ‘impossible trade-offs’ security teams make with threat exposure management
SAN FRANCISCO, Aug. 10, 2023 /PRNewswire/ — Picus Security, the pioneer of Breach and Attack Simulation (BAS) technology, has released The Blue Report 2023. Based on an analysis of more than 14 million cyber attacks simulated by The PicusPlatform*, the report highlights four ‘impossible trade-offs’ limiting modern security teams’ ability to manage their organization’s threat exposure.
“Like a short blanket that covers either someone’s head or feet, not both, security teams can only dedicate their time, money, and resources to so many problems at once,” said Picus Co-founder and VP of Picus Labs, Dr Suleyman Ozarslan. “They deploy their budgets and resources to cover one exposed spot, but this leaves other areas out in the cold. The Blue Report shines a light on these impossible trade-offs and how they hinder organizations’ readiness to defend themselves against the latest threats.”
According to the report, security teams make four trade-offs in deciding:
Which attacks to prioritize
Picus’ Blue Report data shows that, on average, organizations’ security controls (such as next-gen firewalls and intrusion prevention solutions) only prevent 6 out of every 10 attacks. However, some attack types are prevented far more effectively than others. For instance, organizations can prevent 73% of malware downloads but only 18% of data exfiltration attacks.
Organizations also prevent complex, multi-stage attacks less than half the time. This is particularly concerning given the findings of The Red Report 2023, a previous research study by Picus, which found that over a third of malware samples exhibit 20 or more attacker tactics, techniques and procedures (TTPs).
The Blue Report also reveals wide variations in organizations’ ability to prevent specific threats. For example, over a third of organizations can prevent Black Basta and BianLian ransomware attacks but only 17% can prevent Mount Locker. This is despite Mount Locker’s emergence in 2021 before the other two malware attacks.
Which vulnerabilities to remediate
The Blue Report also reveals the limitations of security teams’ approach to managing common vulnerabilities and exposures (CVEs). Analysis of the simulated attacks shows that the list of top 10 CVEs to which they remain most exposed includes mainly critical and high risk vulnerabilities as well as CVEs that have been known for years. Some CVEs discovered in 2019 remain a threat to more than 80% of organizations.
Whether to optimize prevention or detection controls
Generally speaking, the better an organization is at preventing threats, the weaker it is at detecting them, and vice versa. For instance, globally healthcare is the least effective sector at preventing attacks but is twice as successful as the average organization when it comes to detecting them. North American organizations are almost twice as successful at preventing attacks as they are at triggering alerts to detect attacks in progress.
What to log and alert on
Organizations leveraging security event and incident management (SIEM) solutions also face decisions about how much to invest in attack detection. In most cases, organizations routinely prioritize logging over alerting but do neither very well. Simulation data shows that, on average, organizations log 4 out of 10 attacks but only generate alerts for 2 in 10 attacks.
“Since preventing and detecting every threat is practically impossible, security teams will always have to prioritize some aspects of security more than others,” said Dr Ozarslan. “Fortunately, there is an approach that can help them improve their performance. By adopting a more unified approach that incorporates insights from attack simulations combined with attack surface and vulnerability data, security teams can allocate resources efficiently and effectively to address their most critical exposures. As a result, they can simultaneously improve their ability to prevent and detect attacks, rather than making trade-offs between them, and sleep better at night.”
Picus Security will discuss the findings of The Blue Report at Black Hat USA 2023 in Las Vegas on August 9th and 10th. Visit booth #2700 to learn more and discover the benefits of using attack simulations to reduce threat exposure.
Notes
* Picus Labs analyzed over 14 million attack simulations executed by The Picus Complete Security Validation Platform between January and June 2023.
About Picus Security
Picus Security helps security teams of all sizes to continuously validate and enhance organizations’ cyber resilience. Our Complete Security Validation Platform simulates real-world threats to automatically evaluate the effectiveness of security controls, identify high-risk attack paths to critical assets, and optimize threat prevention and detection capabilities.
As the pioneer of Breach and Attack Simulation, we specialize in supplying the actionable insights our customers need to be threat-centric and proactive.
Picus has been named a ‘Cool Vendor’ by Gartner and is recognized by Frost & Sullivan as a leader in the BAS market.
Frost Radar™:: Breach and Attack Simulation 2022, Frost & Sullivan
Logo: https://mma.prnewswire.com/media/2183222/Picus_Logo.jpg
View original content:https://www.prnewswire.co.uk/news-releases/picus-security-analysis-of-14m-attack-simulations-reveals-organizations-only-prevent-6-out-of-every-10-attacks-301897942.html
A new bill introduced in the U.S. House of Representatives, known as the Blockchain Integrity Act, seeks to address concerns surrounding the use of cryptocurrency mixers and tumblers. The proposed legislation aims to regulate these privacy-enhancing tools, which are often used to obscure the origins of cryptocurrency transactions.
The bill, if passed into law, would impose strict regulations on the operation of cryptocurrency mixers and tumblers within the United States. These tools, which allow users to mix their funds with those of other users to obfuscate the transaction trail, have raised concerns among law enforcement agencies and regulators due to their potential use in money laundering, terrorist financing, and other illicit activities.
Under the Blockchain Integrity Act, operators of cryptocurrency mixers and tumblers would be required to register with the Financial Crimes Enforcement Network (FinCEN) and comply with anti-money laundering (AML) and know-your-customer (KYC) regulations. Failure to register or comply with these requirements could result in significant penalties, including fines and imprisonment.
The proposed legislation also seeks to empower law enforcement agencies to investigate and prosecute individuals and entities that operate unregistered cryptocurrency mixers and tumblers. By enhancing regulatory oversight and enforcement capabilities, the bill aims to safeguard the integrity of the blockchain ecosystem and prevent the illicit use of cryptocurrencies.
However, critics argue that the Blockchain Integrity Act could stifle innovation in the cryptocurrency space and infringe on individuals’ privacy rights. They contend that while cryptocurrency mixers and tumblers can be used for illicit purposes, they also serve legitimate privacy-enhancing functions, such as protecting users’ financial privacy and security.
The introduction of the Blockchain Integrity Act reflects growing concerns among policymakers about the potential risks associated with cryptocurrencies and their use in illicit activities. As lawmakers continue to grapple with these issues, it remains to be seen how the regulatory landscape for cryptocurrencies will evolve in the United States and around the world.
Source: cointelegraph.com
The post Proposed US Blockchain Integrity Act would ban crypto mixers for 2 years appeared first on HIPTHER Alerts.
The government-owned KfW Bank, based in Germany, is delving further into its plans to issue digital bonds leveraging blockchain technology. This move underscores the institution’s commitment to exploring innovative financial solutions in the digital age.
The proposed digital bond issuance is poised to mark a significant milestone for KfW, as it seeks to embrace the transformative potential of blockchain technology. By tokenizing bonds on a blockchain platform, KfW aims to streamline the issuance process, enhance transparency, and optimize operational efficiency.
One of the key advantages of digital bonds lies in their potential to reduce the reliance on intermediaries and streamline the entire bond lifecycle. Through blockchain-based tokenization, KfW aims to automate various aspects of bond management, including interest payments and maturity settlements, thereby reducing the need for manual intervention and minimizing operational costs.
Moreover, digital bonds have the potential to enhance liquidity in the secondary market, allowing investors to trade bonds seamlessly on digital asset exchanges. This increased liquidity could attract a broader range of investors, thereby diversifying KfW’s investor base and potentially lowering borrowing costs.
In addition to the issuance of digital bonds, KfW is also exploring the integration of blockchain technology into other areas of its operations. By leveraging blockchain for various use cases, such as trade finance and supply chain management, KfW aims to unlock new efficiencies and drive greater transparency across its ecosystem.
Overall, KfW’s foray into blockchain-based digital bonds underscores its commitment to innovation and its recognition of the transformative potential of blockchain technology. As the institution continues to explore and implement blockchain solutions, it is poised to stay at the forefront of digital innovation in the financial sector.
Source: ledgerinsights.com
The post Government-owned KfW elaborates on blockchain digital bond plans appeared first on HIPTHER Alerts.
During the recent crypto bull market, blockchain education initiatives have gained significant traction as individuals seek to capitalize on the growing opportunities in the digital asset space. These initiatives aim to empower enthusiasts, developers, and professionals with the knowledge and skills needed to navigate the complex world of blockchain technology and cryptocurrencies.
As interest in blockchain continues to soar, educational platforms and programs have emerged to cater to the diverse needs of learners. These initiatives offer a wide range of courses, workshops, and resources covering various aspects of blockchain technology, including smart contracts, decentralized finance (DeFi), non-fungible tokens (NFTs), and more.
One of the key drivers behind the surge in blockchain education is the growing demand for blockchain talent in the job market. With companies across industries exploring blockchain solutions, there is a pressing need for skilled professionals who can design, develop, and implement blockchain-based applications. As a result, individuals are increasingly turning to educational initiatives to gain the necessary expertise and credentials to pursue lucrative career opportunities in the blockchain space.
Moreover, the crypto bull market has fueled interest in cryptocurrencies and digital assets, prompting individuals to seek comprehensive education on topics such as trading, investment strategies, and risk management. Blockchain education initiatives play a crucial role in providing individuals with the knowledge and tools they need to make informed decisions in the fast-paced and volatile crypto market.
In addition to traditional educational platforms, blockchain-focused communities, forums, and online resources have become invaluable sources of learning and knowledge-sharing. These communities provide a supportive environment for enthusiasts and professionals to exchange ideas, collaborate on projects, and stay updated on the latest developments in the blockchain industry.
Overall, blockchain education initiatives are playing a vital role in democratizing access to blockchain knowledge and empowering individuals to participate in the digital economy. As the crypto bull market continues to fuel interest in blockchain technology, these initiatives are expected to play an increasingly important role in shaping the future of the industry and driving innovation across sectors.
Source: cointelegraph.com
The post Blockchain education initiatives take off amid crypto bull market appeared first on HIPTHER Alerts.
-
Blockchain Press Releases4 days agoTiger Brokers (HK) officially launches virtual asset trading services, leading the way in Hong Kong’s online brokerage industry
-
Blockchain4 days agoTop 10 Sessions You Can’t Miss at MARE BALTICUM Gaming & TECH Summit 2024 (Tallinn, Estonia, 4-5 June)
-
Blockchain Press Releases3 days agoSecure, Compliant but Flexible: FinchTrade Elevates Crypto Custody Offering with Fireblocks
-
Blockchain3 days ago
Ethereum Developers Target Ease of Crypto Wallets With ‘EIP-3074’
-
Blockchain Press Releases2 days agoHTX Collaborates with Astar Network to Accelerate Blockchain Innovation through the TGE Catalyst Grant
-
Blockchain22 hours agoAlpha Sigma Capital Research Releases April Report on ASC AI Index
-
Blockchain4 days agoByteBitPro Exchange Announces Entry into International Markets and Establishes Collaborative Relationships with Local Financial Institutions in Brazil and Australia
-
Blockchain4 days agoRevoluGROUP Canada Inc. Announces $1 Million Private Placement, Ex-CEO Marshall Outreach to Bernard Lonis Company Chairman
