Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
The Five Strategies Users Use to Determine Phishing: Which Work and Which Don’t?
https://www.infosecurity-magazine.com/blogs/the-five-strategies-used-to/
Excerpt:
Verizon estimates that 90% of all data breaches originate from phishing and according to the Anti Phishing Working Group, the number of phishing websites are at an all-time high right now.
==================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Strong Security
• Authenticate securely, encrypt email, and prove integrity of the device with one management console
• Protect against phishing, malware and other network security threats by storing authentication credentials in hardware
• Provide centralized enforcement of custom policies
=================================================================
http://www.wavesys.com/products/wave-virtual-smart-card
Excerpt:
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
=================================================================
Protecting against phishing is another great feature of Wave VSC 2.0, and one of the reasons that every organization should be using it for their cybersecurity along with Wave's other solutions!!!
Better security at less than half the cost!!!
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on.
IMPORTANT Excerpt from:
http://www.wavesys.com/wave-alternative
And add on to Post #246578.
The use of the TPM with Wave software puts cybersecurity on higher level, and it should be used extensively across the World!!!
BETTER SECURITY AT LESS THAN HALF THE COST!!!
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
REvil’s Big Apple Ransomware Gambit Looks to Pay Off
https://threatpost.com/revil-apple-ransomware-pay-off/165570/
=================================================================
Given what happened here with Quanta and Apple and ALL the ransomware attacks (these attacks keep happening over and over again), one would think that with the TPM and device authentication, these companies would want only known and approved devices accessing their networks for data. THIS SHOULD BE TECHNOLOGY THAT ALL ORGANIZATIONS ARE EDUCATED ABOUT OR REQUIRED TO USE. IT COULD SAVE MILLIONS IF NOT BILLIONS OF DOLLARS, AND CREATE A MUCH MORE SECURE ENVIRONMENT FOR ORGANIZATION'S DATA!!! Wave software MAKES IT HAPPEN!!! BETTER SECURITY AT LESS THAN HALF THE COST!!!
==================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
==================================================================
http://www.wavesys.com/data-protection
Security = data protection
When we talk about security, what we really mean is protecting data from theft and misuse. Proprietary information, R&D, corporate strategy, customer names and phone numbers, social security numbers, passwords … All have potential monetary value, and all are targets. Data theft is a growth industry. As an example, tens of thousands of new malware strains pop up daily. With online tools, even a non-technical person can create one in minutes.
The IT perimeter has vanished
Data protection is easy enough when your data is sitting in secure servers. But today, it’s not. The workforce is increasingly mobile. More than 60 percent of corporate data lives not on servers but on laptops, tablets, and other devices (and more and more of those devices are owned by employees). Data is dispersed, constantly moving, and constantly exposed to the Internet and all the malware, viruses, and hackers lurking there.
Wave’s solution: start with the device
The Wave approach to this challenge is to make the IT perimeter irrelevant. Wave turns on and manages the self-encrypting drives (SEDs) and trusted platform modules (TPMs), or security chips, that are already embedded in many of your devices. The upshot is that each and every device is equipped with its own data protection system—while being centrally managed. This gives you unprecedented yet straightforward control over exactly who has access to your data, with what devices, over what networks.
We cost less too. Wave works on your existing hardware, across platforms. That’s because our solutions are based on an open standard that’s already been implemented on 600 million–plus laptops and is now working its way onto mobile devices. Our software is all you need to reach a whole new level of data protection. It’s one of the big reasons why total cost of ownership can be almost half that of a traditional software-based system that doesn’t even work very well.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
AV Under Attack: Trend Micro Confirms Apex One Exploitation
https://www.securityweek.com/av-under-attack-trend-micro-confirms-apex-one-exploitation
Anti-malware vendor Trend Micro is warning that attackers are attempting to exploit a previously patched vulnerability in its Apex One, Apex One as a Service, and OfficeScan product lines.
Tracked as CVE-2020-24557 (CVSS 7.8), the high-severity vulnerability was patched in August last year after researchers with Trend Micro’s Zero Day Initiative explained that prior access to a vulnerable system is required for successful exploitation of the bug.
“This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability,” the researchers said.
The security issue impacts ApexOne Security Agent’s logic that provides control over access to the Misc folder and could result in an attacker being able to execute code in the context of SYSTEM.
On Wednesday, the Japan CERT Coordination Center published an alert on the exploitation of this vulnerability, shortly after Trend Micro Japan started alerting customers of these attacks.
In an updated advisory, Trend Micro urges customers to apply the available security patch and informs them that all three affected products (Apex One, Apex One as a Service, and OfficeScan) are being targeted in live attacks.
Japan CERT CC makes the same recommendation, underlining that successful exploitation of the flaw could allow attackers to disable security products, escalate privileges, or exploit specific Windows features.
“Since the vulnerability is already being exploited in the wild, the users of the affected products are recommended to update the affected system to the latest version as soon as possible. Please refer to the information provided by Trend Micro,” Japan CERT CC notes.
Trend Micro points out that the latest versions of the affected products should contain all of the necessary fixes for these bugs and customers should consider updating to them as soon as possible, or at least applying the available patches to ensure attacks are thwarted.
=================================================================
Using a better anti-malware solution would be a great idea... Wave Endpoint Monitor!!! Wave's observation of anti-virus software under the Wave Alternative is:
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
Please read the links below for great insights and clarity on Wave Endpoint Monitor. Wave Endpoint Monitor really shines amongst other AV products.
==================================================================
http://www.wavesys.com/malware-protection
http://www.wavesys.com/products/wave-endpoint-monitor
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Asian buyers set for security spending spree to catch up on shabby strategies
https://www.theregister.com/2021/04/22/idc_semiannual_security_spending_guide_apac_2021/
China already growing even faster than 13% regional acceleration
==================================================================
The not shabby security below!!!
http://www.wavesys.com/wave-alternative
Choose data protection that actually works.
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
Better security at less than half the cost!!!
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Japan says Chinese military likely behind cyberattacks
https://apnews.com/article/world-news-technology-business-tokyo-japan-f35854b6acb5ebd27a1a54d2417d2929
==================================================================
Another example where Wave software solutions, and activated TPMs could really be helping Japan and the rest of the World. Please see posts 246573 and 246574 for information that could help with Japan's cybersecurity along with the information on Wave's website below. Wave contact information below could help organizations see why they would be WISE TO USE WAVE SYSTEMS to DEFEND THEIR ORGANIZATIONS FROM CYBERATTACKS!!!
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
For more than 20 years, Trusted Platform Module (TPMs) have been used in the #cybersecurity community to boost #security posture!
Twitter - Trusted Computing
=================================================================
Turn on TPMs everywhere and enable device authentication in organizations across the world, and this keeps the bad guys (unknown devices) off your network with the help of Wave software (Please see excerpt below)!!! Better security at less than half the cost!!!
=================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Are we winning the cyber security war?
https://www.networkworld.com/article/2221522/are-we-winning-the-cyber-security-war-.html
================================================================
After almost 10 years, the answer to this question is again, NO!!
(please see post #246568 for 330 million people who were victims of cybercrime!!!)
Do we want another 10 years of this cybersecurity like the last 10??
If the market had listened to Steven Sprague with more attention, things in the cybersecurity world could be much better now!!!
Invest in the Wave Alternative!!! Invest in security by Wave Systems!!!
==================================================================
http://www.wavesys.com/wave-alternative
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Wave Systems Corp. Acquired by ESW Capital
https://www.prweb.com/releases/2016/08/prweb13639211.htm
Austin, TX (PRWEB) September 01, 2016
ESW Capital, LLC. announced today the acquisition of Massachusetts-based Wave Systems Corporation, a developer of enterprise security software solutions.
Wave's approach to data protection starts with the device, or endpoint. It gives organizations—especially in security-sensitive sectors such as healthcare, government, finance, and higher education—unprecedented yet straightforward control over exactly who has access to their data, with what devices, over what networks. It’s the simple, cost-effective solution to an increasingly mobile workforce, ever more sophisticated cyber threats, and a growing set of compliance issues.
Wave joins the ESW Capital group of companies through a Chapter 11 plan of reorganization. ESW will operate Wave under its Versata Enterprises affiliate as a stand-alone entity with a dedicated product and customer support team. Wave will be part of a corporate family of over 40 enterprise software companies acquired over the past seven years. Integration will begin with implementation of ESW's Customer Success program, a proven method for driving successful customer relationships and alignment of product development investments with customer priorities.
"The Wave Systems assets will be complemented by an international team that can deliver superior value to Wave customers through increased resources, world-class engineering, and exceptional support," said Greg Kazmierczak, Chief Technical Officer of Wave. “I am confident that this transition will be a positive one for Wave customers.”
Leela Kaza, a Versata veteran will take on the role of President for Wave. “The technology that Wave has built is incredibly innovative and has proven itself to be highly valuable to their customers," Kaza said. "We are excited and ready to take Wave into the future with enhanced support and a rigorous focus on customer success."
Global Attacker Dwell Time Drops to Just 24 Days
https://www.infosecurity-magazine.com/news/global-attacker-dwell-time-drops/
Organizations are spotting attackers inside their networks faster than ever before, although the figure for “dwell time” may have been influenced by a surge in ransomware attacks, according to Mandiant.
The FireEye-owned forensic specialist’s M-Trends 2021 report was compiled from investigations of targeted attack activity between October 1, 2019 and September 30, 2020.
It revealed that 59% of organizations detected attackers within their own environments over the period, a 12-percentage point increase on the previous year.
The speed at which they did so also increased: dwell time for attackers inside corporate networks fell below a month for the first time in the report’s history, with the median global figure now at 24 days.
This is in stark contrast to the 416 days it took firms when the report was first published in 2011. It's also more than twice as fast as the previous year (56 days), and shows that detection and response is moving in the right direction.
For incidents notified to firms externally, the figure was slightly higher (73 days) and for internally detected attacks it was lower (12 days).
In the Americas, dwell time dropped from 60 days in 2019 to just 17 days last year, while in APAC (76 days) and EMEA (66 days) the figure increased slightly.
However, a major contributing factor to the global reduction in dwell time may be the proliferation of ransomware attacks, which usually take place over a shorter time frame than traditional cyber-espionage or data theft operations.
“A major factor contributing to the increased proportion of incidents with dwell times of 30 days or fewer is the continued surge in the proportion of investigations that involved ransomware, which rose to 25% in 2020 from 14% in 2019,” the report noted.
“Of these ransomware intrusions, 78% had dwell times of 30 days or fewer compared to 44% of non-ransomware intrusions.”
Mandiant explained that ransomware actors are using an increasingly wide range of tactics to force payment from their victims. These include data theft and exposure on “name and shame” websites, harassment of employees and business partners, persuading journalists to write stories about affected companies and even launching denial of service attacks.
=================================================================
I would think that a zero day dwell time by attackers that Wave could offer companies would be shockingly refreshing vs. 24 days currently!!! Please see the bolded excerpt below which helps explain what a zero day dwell time means by Wave.
=================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpts:
Secure device & user authentication
Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.
Here’s how it works:
Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication
Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.
Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
330 million people across 10 countries were victims of cybercrime in 2020
https://www.helpnetsecurity.com/2021/04/14/victims-of-cybercrime/
Over the past year, 65% of people around the world report spending more time online than ever before, likely a result of the COVID-19 pandemic. As we connected to the internet for everything from work and school to entertainment, social connection and even groceries, cybercriminals took advantage and launched coordinated attacks and convincing scams.
NortonLifeLock revealed that in the past year nearly 330 million people across 10 countries were victims of cybercrime and more than 55 million people were victims of identity theft. Cybercrime victims collectively spent nearly 2.7 billion hours trying to resolve their issues.
Losing time to cybercrime
The report, conducted online by The Harris Poll among over 10,000 adults in 10 countries including 1,000 in the United States, also found 25% of Americans detected unauthorized access to an account or device in the past 12 months.
Of the nearly 108 million Americans who experienced cybercrime in the past 12 months (41%), an average of 6.7 hours was spent trying to resolve the issues created, for an estimated over 719 million hours of Americans’ time lost to cybercrime. With the rise in online criminal activity, 47% of Americans feel more vulnerable to cybercrime than they did before the COVID-19 pandemic began.
“This past year has been incredibly challenging as we’ve navigated the emotional and physical effects of a global pandemic. What’s more, there is the added concern for the online health and safety of our families as we spend more time online,” says Paige Hanson, chief of cyber safety education, NortonLifeLock. “Cybercriminals have taken advantage of our changing behaviors and increased digital footprint.”
Key drivers of cybercrime insecurity
Americans’ increased time online and inability to tell fact from fiction may be key drivers of their cybercrime insecurity. Seventy-three percent of Americans say they are spending more time online than ever before, with 59% saying they are more worried than ever before about becoming a victim of cybercrime and 56% admitting it’s difficult for them to determine if information they see online is from a credible source. Further, 76% believe remote work has made it much easier for hackers and cybercriminals to take advantage of people.
“Despite vulnerability and confusion this year, we are starting to see a silver lining with consumers fighting back and taking a more active role in protecting their digital lives,” said Hanson.
As a result of cybercrime concerns, 77% of Americans say they have taken more precautions online. Further, 99% of Americans who detected unauthorized access to an account or device in the past 12 months took some action to better their cyber safety, including creating stronger password(s) (66%) or contacting the company the account was hacked from (51%).
33% turned to family member(s) or the internet (31%) for help, while 18% invested more in security software through first-time purchases or doubled down on pre-existing subscriptions.
Victims of cybercrime
•Data privacy a top concern: 88% of Americans are concerned about data privacy and 86% have actively taken steps to hide their online footprint (i.e., to protect their online activities and personal information), including creating stronger passwords (55%) and limiting information shared on social media (40%).
•While precautions have increased, 40% of Americans admit they don’t know how to protect themselves from cybercrime. 46% of Americans would have no idea what to do if their identity was stolen and 77% wish they had more information on what to do if it were.
•Younger generations feel less confident about resolving identity theft: those under 40 are much more likely to say they would have no idea what to do if their identity was stolen (62% vs. 37%) and that they wish they had more information on what to do if their identity were stolen (87% vs. 70%).
==================================================================
Steven Sprague many years ago was part of a comparison with Norton on the benefits Wave security vs. Norton security. Look at the above statistics of where we are now!!!
The status quo continues to not be working!!!
If the market only listened to Mr. Sprague back then, things could be a lot different now!!!
Time for a change. Time for a change that works. Time for Wave Systems!!!
Better security at less than half the cost!!!
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
The FBI is remotely hacking hundreds of computers to protect them from Hafnium
https://www.theverge.com/2021/4/13/22382821/fbi-doj-hafnium-remote-access-removal-hack
They went inside unprotected computers to remove the threat
==================================================================
http://www.wavesys.com/products/wave-virtual-smart-card
Excerpts:
The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
When we say “secure”…
…we mean it. Our solution starts with a proven hardware root-of-trust. Multi-factor authentication is an established best-practice for strong authentication: the TPM-based virtual smart card is one factor (something you have) and the user PIN is a second factor (something you know).
==================================================================
It would be a great time to activate TPMs, and use Wave VSC 2.0 to protect organizations!!!
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
UK Sports Teams Boycott Social Media
https://www.infosecurity-magazine.com/news/uk-sports-teams-boycott-social/
Professional sports teams in the United Kingdom have stopped posting on social media in a bid to raise awareness of online abuse.
Soccer clubs including Birmingham City, Swansea City, and Rangers are taking part in a week-long boycott of all their social media platforms.
Swansea led the way, with the club's official social media accounts falling silent at 17:00 on April 8. The club's boycott has been supported and echoed by its staff and by the men and women who make up its teams.
With Swansea City's silence, captain of the first men's team, Matt Grimes, said that the club hoped to encourage the operators of social media companies to take action against the discrimination and abuse taking place on their platforms.
"We wanted to take this stance as we again call on those at the forefront of social media companies to implement the change that is needed now and in the future," said Grimes.
Shortly after Swansea went dark on social media, soccer club Birmingham City posted that they stood "in solidarity with Swansea in the fight against abuse and discrimination of all forms across social media."
Rangers, whose midfielder Glen Kamara and strikers Alfredo Morelos and Kemar Roofe have been subject to racist abuse online, joined the boycott soon after. The club said it wants social media platforms to make users verify their identity before being allowed to post content.
Liverpool Football Club captain Jordan Henderson gave anti-cyberbullying charity The Cybersmile Foundation control of his social media accounts in the hope of "raising awareness of how seriously online abuse can affect people."
In March, former French international footballer and Arsenal star Thierry Henry quit social media altogether, stating that the volume of racism was "too toxic to ignore."
English cricket team pacer Stuart Broad has said that the team management are prepared to boycott social media over the online abuse leveled at players. England cricketer Jofra Archer has been the target of racist comments on social media platforms including Instagram.
“It beggars my belief that someone could write some of the messages to my teammates that they have to Jofra," Broad told PA Media.
"If you said some of the stuff people say on social media on the street, it wouldn’t end well, would it?"
==================================================================
The use of the Trusted Platform Module (TPM) could be helpful here because users who abuse and discriminate could be kept from social media networks. It would create a strong incentive for those wanting to post abusive and discriminatory content to not do so or risk the user and his/her device from participating on social media!!!
This combined with Wave Knowd, Scrambls, and the Facebook and Twitter experience could be much better!!!
Scrambls Wins 2012 National Child Safety Award
http://www.wavesys.com/buzz/pr/scrambls-wins-2012-national-child-safety-award
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Brits Still Confused by Multi-Factor Authentication
https://www.infosecurity-magazine.com/news/brits-still-confused-by/
The British public are still woefully underinformed and unaware of the security benefits of multi-factor authentication (MFA), a new study from the FIDO Alliance has revealed.
The industry association, founded in 2012 to promote authentication standards and reduce global reliance on passwords, recently polled over 4000 consumers in the UK, France, Germany and the US.
It revealed that half (49%) UK consumers have had their social media accounts compromised or know a friend or family member who has.
However, despite a continued number of high-profile account takeovers, 43% said this doesn’t make them enhance security on their accounts, even though they “feel like” they should.
Part of the problem seems to be a general lack of understanding about the benefits of MFA in protecting account holders from phishing, as well as credential stuffing and other brute force attack types.
Although such features are offered by all social media companies today, over a quarter (26%) of respondents said they weren’t using or didn’t know about them.
A further 15% said they would like to increase the security of their accounts but don’t know how, and two-fifths (39%) admitted they were unable to make a judgement either way as to whether their accounts are vulnerable or not.
Of those that had taken action to improve account security, the most popular option (56%) was to create a stronger password, even though this still exposes them to the risks mentioned above.
Andrew Shikiar, executive director of the FIDO Alliance, warned that social media accounts are an attractive target for attackers as they contain plenty of personally identifiable information (PII).
“The research is showing us that there’s a general lack of awareness among consumers about how to assess their own risk of falling victim to social media hacks. They are also unsure as to what steps should be taken to best protect their accounts,” Shikiar continued.
“Social media platforms like Twitter and Facebook have made much stronger security options available. Consumers just need to know what they are, how easy they are to use and how to turn them on.”
If consumers are non-plussed over use of MFA for social media accounts, there’s also a strong possibility that their other online accounts will be similarly under-protected.
==================================================================
Organizations that use Wave VSC 2.0 (MFA) make MFA simpler, better security (Wave uses hardware security), and at less than half the cost!!! Using Wave VSC 2.0 would convert British organizations, and confused users into happy Wave customers!!!
==================================================================
http://www.wavesys.com/products/wave-virtual-smart-card
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Fed Chair Says Cyberattacks Main Risk to US Economy
https://www.securityweek.com/fed-chair-says-cyberattacks-main-risk-us-economy
Federal Reserve chairman Jerome Powell said he was more worried about the risk of a large-scale cyberattack than another financial crisis like that of 2008.
The risks of a 2008-like crisis with a need for government bailouts of banks were "very, very low," the head of the US central bank said during an interview aired Sunday on CBS's "60 minutes."
"The world changes. The world evolves. And the risks change as well. And I would say that the risk that we keep our eyes on the most now is cyber risk," he said, adding that that concern was shared by multiple governments and private businesses, particularly in finance.
Additionally, those organizations invest the most against cyberattacks, he noted.
Powell stressed that the Federal Reserve was considering different types of scenarios: "There are scenarios in which a large payment utility, for example, breaks down and the payment system can't work. Payments can't be completed. There are scenarios in which a large financial institution would lose the ability to track the payments that it's making and things like that," he said.
The Fed was also looking at the possibility that part or even a large part of the financial system could shut down.
"We spend so much time and energy and money guarding against these things," he said, noting that cyberattacks on major organizations happen "every day."
- Digital dollar -
Powell was also asked about the possibility of creating a digital dollar, as China last month became the first global economic power to unveil a cryptocurrency.
He said that for now, the Fed was evaluating the possibility.
"We feel it's our obligation to understand it. How would it work? What would the features of it be?" Powell said.
He also said the Fed was developing software and even designing the look of a digital US dollar, but the final decision on whether to make it public would only be made once its impact was fully understood.
The dollar is "the world's reserve currency. The dollar is so important... We do not need to be the first ones to do this. We want to get it right. And that's what we're going to do," he said.
Last October, Powell had already indicated that the United States was thinking about issuing its own cryptocurrency, but he warned then that a full assessment of the benefits and risks would take time.
But the creation of a digital dollar could benefit the US economy, Treasury Secretary Janet Yellen said in a New York Times interview published February 22.
She highlighted the need for central banks to properly assess the associated issues, particularly consumer protection.
Regarding the US economy, Powell said it was "at an inflection point": growth and employment would accelerate in the coming months, he predicted.
But he once again insisted that the Covid-19 pandemic continued to present a risk.
=================================================================
Please read prior post #246561. Wave could save a lot of organizations from cyberattacks!!!
==================================================================
http://www.wavesys.com/products/wave-virtual-smart-card
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Financial industry preps for proposal that would require 36-hour breach notification
https://www.cyberscoop.com/cyber-incident-notification-rule-financial-services-fdic-treasury-fed/
==================================================================
To prevent breaches from happening, be prepared with Wave VSC 2.0!!!
Wave Announces 5-Year Master License Agreement for Virtual Smart Card 2.0 with Leading Global Financial Services Company
Wins competitive evaluation against market leader in two-factor authentication tokens
http://www.wavesys.com/buzz/pr/wave-announces-5-year-master-license-agreement-virtual-smart-card-20-leading-global
Lee, MA -
December 17, 2015 -
Wave Systems Corp. (NASDAQ: WAVX) announces a five-year master licensing agreement (MLA) with a leading global corporation (as determined by the 2015 Fortune Global 500 List) for its Virtual Smart Card 2.0 solution. This MLA sets the terms and pricing for licenses and maintenance across the customer’s global organization and establishes it as their preferred two-factor authentication solution. Instead of one large license purchase for the entire organization, each of the customer’s subordinate divisions will make separate orders in accordance with the terms of this MLA.
The first purchase of 2,000 VSC 2.0 licenses under this agreement, when added to a previous purchase, completes the requirement for the customer’s global IT division. That division will now lead the internal effort to standardize the remaining 150,000+ endpoints within their organization with the new Wave VSC 2.0 solution. While there are no minimum order requirements under the agreement, discussions for additional orders are underway.
“Our five-year agreement with this customer is the first very large scale contract for VSC 2.0 and is an important milestone for Wave,” said Bill Solms, President and CEO of Wave Systems. “This customer is a major global financial services company and their standards for protecting their systems from unauthorized access and the integrity of their data are of the highest order. Wave had to pass a very rigorous technical and business review to win the competition. We believe that this client’s decision to choose Wave Virtual Smart Card 2.0 over their incumbent solution gives us tremendous credibility in the two-factor authentication market. We will remain engaged with this company in order to complete the additional sales and deployments in the months ahead.”
Wave Virtual Smart Card 2.0 is a tokenless, hardware-based, two-factor authentication solution that offers superior security at less than half the cost of comparable solutions. It is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7, 8 and 10. It also provides management support for the Microsoft Virtual Smart Card on Windows 8 and 10. Wave’s VSC solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, significantly lower total cost of ownership, and a greatly reduced risk of unauthorized access.
Wave Virtual Smart Card 2.0 gives IT the ability to:
• Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure Passphrase and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with both TPM 1.2 and TPM 2.0 security chips
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Hunter Biden calls laptop ‘red herring’ during ‘Jimmy Kimmel’ appearance
https://nypost.com/2021/04/09/hunter-biden-calls-laptop-red-herring-on-jimmy-kimmel/
==================================================================
Hunter Biden falsely claims US intelligence found laptop controversy was 'Russian disinformation'
https://www.foxnews.com/politics/hunter-biden-laptop-russian-disinformation
Excerpt:
"Of course certainly," he responded. "It, it, there could be a laptop out there that was stolen from me. It could be that I was hacked. It could be that it was the — that it was Russian intelligence. It could be that it was stolen from me."
==================================================================
http://www.wavesys.com/products/wave-cloud
No infrastructure, no software …
no more excuses
You know you should be encrypting data on every device in your organization, especially your laptops. Self-encrypting drives (SEDs) are the fastest, easiest and most secure way to do that. But setting up to support and manage SEDs can seem daunting. Even to test them, you need server infrastructure and management software. Right?
Not with Wave Cloud. The world’s first cloud-based service for managing SEDs, Microsoft Bitlocker and OS X FileVault 2, Wave Cloud lets users take advantage of the benefits of SEDs without jumping through the hoops traditionally associated with SED management. Whether you’re doing a small proof-of-concept or full-blown production deployment, Wave Cloud is the fastest way to get there.
Contact Wave Sales and you’re on your way - no servers or software or big capital expenditures.
Manage the entire range of endpoint encryption technologies
Wave Cloud is the world’s only cloud service that manages SEDs and software encryption in a single console. Its hybrid management approach is the best way to secure your legacy endpoints today with OS-native full disk encryption, while phasing in self-encrypting drives on your latest-generation assets.
Key Features:
Flexibility
• Compatible with Windows 8.1, 8, 7 and Vista operating systems; and OS X 10.8 and 10.9 (for OS X FileVault 2)
• Manage mixed environments from one console
Easy security compliance
• Active monitoring, logging, and reporting of all user and device events associated with SEDs
• No infrastructure to buy or set up - fast, easy compliance
Data protection
• The only cloud-based management solution that gives you drive initialization, user management, drive locking, and user recovery for all Opal-based, proprietary, and solid-state SEDs
• Secure user recovery using challenge/response
• User-based SSO after recovery
• Control for external SEDs
• S3 sleep support
Simplicity
• Fast deployment of SEDs and OS-native software encryption—no need to buy, build, and test (or maintain) server infrastructure
• Easy-to-use web interface
• Deploy many drives at once with policy-based management
• Windows password synchronization and single sign-on (SSO)
• Features and maintenance patches are continually updated, so you’re always running the best, most secure version of the service
• One-click initialization/provisioning
• Your subscription covers everything—no up-front charges, no support charges
No compromises
• Wave Cloud is every bit as secure as our on-premise SED management product
• All the same monitoring, logging, and reporting you need for compliance
=================================================================
http://www.wavesys.com/products/wave-self-encrypting-drive-management
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Armed Conflict Draws Closer as State-Backed Cyber-Attacks Intensify
https://www.infosecurity-magazine.com/news/armed-conflict-closer-state/
The world is coming perilously close to nation states retaliating against cyber-attacks with conventional weapons, according to a new HP report.
The study, Nation States, Cyberconflict and the Web of Profit, was compiled by University of Surrey senior lecturer in criminology, Mike McGuire, from publicly available reports into state-sponsored attacks and interviews with scores of experts.
It claimed there has been a 100% increase in “significant” state-backed attacks between 2017-20, and an average of over 10 publicly attributed attacks per month in 2020 alone.
Although the largest number (50%) featured surveillance tools, a worrying 14% were focused on damage or destruction, while more than 40% had a physical and digital component.
Most (64%) of the experts McGuire consulted during his research claimed the escalation in tensions last year were “worrying” or “very worrying.”
Factors such as increased weaponization and the readiness of governments to define network attacks as “acts of war” are moving the world into a “dangerous stage” — closer to what the report dubs “advanced cyber-conflict” than at any time since the digital age began.
This phase is defined by nations engaging in repeated digital attacks, an increased focus on physical assets and “potential use of conventional weapons” to strike back after cyber-attacks, the report noted.
The research also revealed how the lines between nation state and cybercrime attacks are increasingly blurring.
It claimed that 10-15% of dark web vendor sales now go to “atypical” purchasers including state actors looking to stockpile zero-day exploits. In addition, half (50%) of nation state attacks now feature low-grade tools bought from the cybercrime underground, while just 20% involve custom malware and exploits built in-house.
What’s more, a majority (58%) of experts consulted for the report claimed it’s becoming more common for governments to recruit cyber-criminals to carry out attacks, and even more (65%) said some nation states launch attacks to generate revenue.
McGuire argued that cybercrime economies are shaping the character of nation state threats.
“There is also a ‘second generation’ of cyber-weaponry in development that draws upon enhanced capabilities in computing power, AI and cyber/physical integrations. One such example is ‘Boomerang’ malware, which is ‘captured’ malware that can be turned inward to operate against its owners,” he explained.
“Nation states are also developing weaponized chatbots to deliver more persuasive phishing messages, react to new events and send messages via social media sites. In the future, we can also expect to see the use of deep fakes on the digital battlefield, drone swarms capable of disrupting communications or engaging in surveillance, and quantum computing devices with the ability to break almost any encrypted system.”
While most experts (70%) argued that an international treaty is needed to prevent further escalation in cyber-conflict, the majority said this would take years to achieve, and a third (30%) claimed it would never happen.
=================================================================
Things are getting even more scary; use superior solutions (hardware-based -Wave solutions) to avoid situations like those in the above article, use Wave solutions!!! Please read about Wave solutions, and utilize the Wave Alternative in the links below!!!
=================================================================
http://www.wavesys.com/wave-alternative
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Data scraped from 500 million LinkedIn users found for sale online
https://www.techrepublic.com/article/data-scraped-from-500-million-linkedin-users-found-for-sale-online/
==================================================================
What if this data was safely put inside the Trusted Platform Module (TPM) for better protection?! The users of LinkedIn (Microsoft) sensitive data could be better protected!!!
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Conti ransomware gang hits Broward County Schools with $40M demand
https://www.scmagazine.com/home/security-news/conti-ransomware-gang-hits-broward-county-schools-with-40m-demand/
==================================================================
How do you keep the bad guys (ransomware attackers) from accessing the network, and thus from getting sensitive information? Use Wave solutions and read and utilize this Wave solution below:
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
==================================================================
Better security at less than half the cost!!!
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Computer giant Acer hit by $50 million ransomware attack
March 19, 2021
https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/
Excerpt:
Yesterday, the ransomware gang announced on their data leak site that they had breached Acer and shared some images of allegedly stolen files as proof.
These leaked images are for documents that include financial spreadsheets, bank balances, and bank communications.
==================================================================
Time for a change. Time for Wave Systems!!
==================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
Better security at less than half the cost!!!
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Facebook data on 533 million users posted online
https://www.zdnet.com/article/facebook-data-on-533-million-users-posted-online/
==================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Microsoft is supplying 120,000 HoloLens-based headsets to the US Army
https://www.theverge.com/2021/3/31/22360786/microsoft-hololens-headset-us-army-contract
The contract could be worth up to $21.88 billion over 10 years
==================================================================
Microsoft has won multi-billion dollar contracts with the U.S. government. However, a little company like Wave with critical technology that the government could be massively benefiting from has won what in the way of government contracts in the last 10 years? Bill Solms tried with Diux and what was the result there? Microsoft had a commercial months ago and the message was something like, when we all play together we win (even with the little guy)!!!
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Canalys: More data breaches in 2020 than previous 15 years despite 10% growth in cybersecurity spending
https://venturebeat.com/2021/03/29/canalys-more-data-breaches-in-2020-than-previous-15-years-despite-10-growth-in-cybersecurity-spending/
==================================================================
Time for cybersecurity that works, time for cybersecurity that effectively protects against data breaches, time for a change, time for WAVE SYSTEMS!!!
Better security at less than half the cost!!!
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Cybersecurity risk - increased by the pandemic - redefines the workplace
https://www.securitymagazine.com/blogs/14-security-blog/post/94568-cybersecurity-risk---increased-by-the-pandemic---redefines-the-workplace
Excerpts:
As with pre-COVID security threats, well-proven cybersecurity strategies based on user and device authentication remain effective, and they now are more important than ever.
One prevalent method today for VPN authentication involves a TPM (Trusted Platform Module), which is a dedicated, hardened security processor based on standard-compliant or standards-ready specifications.
Author: Steve Hanna, Infineon Technologies
=================================================================
Wave activates/manages the different TPMs (for MFA) and Infineon TPMs too, and this could be helpful in a mixed organization's computer/TPM environment!!! Wave can also activate/manage the different SEDs (data encryption) as well!!! Wave has invaluable experience with large organizations with regard to Wave MFA (Wave VSC 2.0 - utilizes the TPM) and managing and activating SEDs!!! Please see post #246541 for more information on device authentication.
Better security at less than half the cost!!!
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
More reasons for using Wave MFA (Wave VSC 2.0)
PwC lauds Trusted Platform Module for strong authentication
Firm migrating 150,000 users to TPM-based storage of private keys
Author:
Ellen Messmer
networkworld.com -
Wednesday, September 15, 2010 -
Auditing and business-services firm PricewaterhouseCoopers (PwC) today said it's built its next-generation authentication system by swapping out employees' older software-based private-key certificates for hardware-based storage of new certificates using the Trusted Platform Module (TPM).
What is TPM?
TPM is a small chip embedded in laptops, says Boudewijn Kiljan, solution architect for global information technology, infrastructure portfolio, at PwC, which is migrating 150,000 users to TPM-based storage of private keys. The vast majority of computers on the market ship with TPM inside, and by adding TPM-based software from Wave Systems, it was fairly easy for PwC, which already had a public-key infrastructure (PKI) in place, to switch to hardware-based storage of private keys, the foundation for employee desktop authentication.
In contrast, "private keys protected by TPM are not exportable," Kiljan said. The Microsoft-based software-only method that PwC had been using to store private keys does appear to be far more vulnerable to an attacker intent on stealing private keys, he noted.
TPM, developed as a specification by the Trusted Computing Group (TCG), is an open standard so there's less worry about vendor lock-in than if a more proprietary method were selected, Kiljan pointed out. One thing to note about TPM is that it's a restricted technology in the countries of China, Russia, Kazakhstan and Belarus, he noted.
But while making the conversion to TPM has been fairly easy by adding TPM-supporting software from Wave Systems, there were a number of processes that the IT department at PwC had to follow to make it all work.
These included issuing new certificates for TPM, installing TPM drivers, and a process called enabling and clearing the TPM in the BIOS.
Technically, the TPM specification doesn't yet have a specification that details a way to do this other than manually. But several vendors, including Wave Systems, now have toolkits to do this remotely and build management around it. That's what PwC used to activate TPM via administrator-controlled passwords.
PwC has already migrated about 35,000 employees to TPM, and expects to have all 150,000 over to TPM over the course of about a year or so. TPM works transparent to the user. Kiljan says estimates are that TPM is less than half the cost of going with a smartcard-based PKI device and a third of going with a USB PCI device.
================================================================
Wave Systems Announces First U.S. Federal Government Customer for Wave Virtual Smart Card 2.0
http://www.wavesys.com/buzz/pr/wave-systems-announces-first-us-federal-government-customer-wave-virtual-smart-card-2.0
Lee, MA -
October 2, 2014 -
Wave Systems Corp. (NASDAQ: WAVX) marked an important sales milestone by announcing the first U.S. federal government customer for its Virtual Smart Card 2.0.
Since the Virtual Smart Card 2.0 became commercially available in late July 2014, Wave has entered into dozens of pilot deployments in multiple sectors, including healthcare, financial services, automotive, energy and utilities. However, today’s announcement marks the product’s first sale in the government sector.
“This is an important milestone for Wave,” said Bill Solms, CEO of Wave. “Wave Virtual Smart Card 2.0 has been purchased by a government agency with significant security requirements and one that requires redundant means of system authentication due to national security interests. This initial sale is modest compared to the addressable market within the Federal Government sector, but it is important to our strategy for marketing the Virtual Smart Card to address critical government infrastructure defense.”
“We believe that this sale, which was completed on a shorter sales cycle than we had anticipated, supports our view that customers are interested in the type of cyber security solution that Wave’s Virtual Smart Card 2.0 provides,” Solms added.
Wave Virtual Smart Card 2.0 is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7. It also supports Windows 8 and 8.1. Wave’s new solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, lower total cost of ownership, and a reduced risk of unauthorized use.
Wave Virtual Smart Card 2.0 gives IT the ability to:
• Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure PIN and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with TPM 1.2 or TPM 2.0
=================================================================
Wave Announces 5-Year Master License Agreement for Virtual Smart Card 2.0 with Leading Global Financial Services Company
Wins competitive evaluation against market leader in two-factor authentication tokens
http://www.wavesys.com/buzz/pr/wave-announces-5-year-master-license-agreement-virtual-smart-card-20-leading-global
Lee, MA -
December 17, 2015 -
Wave Systems Corp. (NASDAQ: WAVX) announces a five-year master licensing agreement (MLA) with a leading global corporation (as determined by the 2015 Fortune Global 500 List) for its Virtual Smart Card 2.0 solution. This MLA sets the terms and pricing for licenses and maintenance across the customer’s global organization and establishes it as their preferred two-factor authentication solution. Instead of one large license purchase for the entire organization, each of the customer’s subordinate divisions will make separate orders in accordance with the terms of this MLA.
The first purchase of 2,000 VSC 2.0 licenses under this agreement, when added to a previous purchase, completes the requirement for the customer’s global IT division. That division will now lead the internal effort to standardize the remaining 150,000+ endpoints within their organization with the new Wave VSC 2.0 solution. While there are no minimum order requirements under the agreement, discussions for additional orders are underway.
“Our five-year agreement with this customer is the first very large scale contract for VSC 2.0 and is an important milestone for Wave,” said Bill Solms, President and CEO of Wave Systems. “This customer is a major global financial services company and their standards for protecting their systems from unauthorized access and the integrity of their data are of the highest order. Wave had to pass a very rigorous technical and business review to win the competition. We believe that this client’s decision to choose Wave Virtual Smart Card 2.0 over their incumbent solution gives us tremendous credibility in the two-factor authentication market. We will remain engaged with this company in order to complete the additional sales and deployments in the months ahead.”
Wave Virtual Smart Card 2.0 is a tokenless, hardware-based, two-factor authentication solution that offers superior security at less than half the cost of comparable solutions. It is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7, 8 and 10. It also provides management support for the Microsoft Virtual Smart Card on Windows 8 and 10. Wave’s VSC solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, significantly lower total cost of ownership, and a greatly reduced risk of unauthorized access.
Wave Virtual Smart Card 2.0 gives IT the ability to:
• Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure Passphrase and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with both TPM 1.2 and TPM 2.0 security chips
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Executive Order Would Strengthen Cybersecurity Requirements for Federal Agencies
https://threatpost.com/executive-order-cybersecurity-federal-agencies/165056/
Excerpt:
And it would mandate the use of MFA and data encryption for federal agencies.
==================================================================
Device authentication is so key, and being able to manage/activate all the different TPMs and SEDs is also key, and what Wave can uniquely do well. Wave should be the go to company for MFA and data encryption given its unique and outstanding abilities in combination.
Better security at less than half the cost!!!
==================================================================
http://www.wavesys.com/wave-alternative
Excerpts:
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
==================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
http://www.wavesys.com/products/wave-virtual-smart-card
http://www.wavesys.com/products/wave-self-encrypting-drive-management
http://www.wavesys.com/products/wave-cloud
The fast, risk-free way to deploy SEDs.
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
In Secure Silicon We Trust
https://www.darkreading.com/edge/theedge/in-secure-silicon-we-trust/b/d-id/1340507
Building upon a hardware root of trust is becoming a more achievable goal for the masses and the roots are digging deeper. Here's what you need to know.
One thing that makes cybersecurity so difficult is that computing frameworks rely on multiple layers of abstraction — applications and accessories and more applications all running on an operating system balanced on firmware sitting on hardware.
"Everything depends on the trust and resilience of the layers below it," states Neil MacDonald, distinguished research vice president at Gartner. If someone tampers with or replaces the BIOS firmware, for example, the entire system is at risk after boot.
The concept of a "hardware-based root of trust" takes aim at issues like this; it ensures that a computer always boots with legitimate code. As Doug Hascall, senior manager of security and open firmware futures at Hewlett Packard Enterprise (HPE) explains, "A root of trust is ideally based on a hardware-validated boot process that ensures the system can only be started using code from an immutable source."
It's not a new concept. The Trusted Platform Module (TPM), for example — probably sitting inside your laptop computer right now — is one of several things that might be considered the foundation of a hardware root of trust. A TPM is, more accurately, firmware — firmware that is supported by ARM, AMD, and Intel hardware (among others).
However, efforts in the industry are underway to dig the root of trust even deeper into the chipset. Major firmware vulnerabilities like TPM-Fail, Meltdown and Spectre revealed in recent years have pushed them forward.
The DARPA "Secure Silicon" initiative is aiming to make processors even more inherently secure. And a growing number of hardware, infrastructure, and cloud companies — including HPE, Dell, AWS, Microsoft and Google — are engineering more secure systems from deeper roots of trust. The technology is even beginning to appear in some Internet of Things (IoT) devices and industrial control systems.
Beyond the Boot
With RoT technology, "It's possible to gain a high degree of assurance that what's expected to be running is actually running," MacDonald explains.
The technology achieves this level of protection using an encrypted instruction set that is etched into the chip at the time it is manufactured. When the system boots, the chip checks this immutable signature to validate the BIOS. If everything checks out the computer loads the software stack. If there's a problem, it simply won't boot.
Secure silicon doesn't directly protect against all types of threats, but it does ensure that a system is secure at the foundational level. This is critical because attackers who gain access to the BIOS or firmware can potentially bypass the operating system and tamper with encryption and antivirus software, notes Rick Martinez, senior distinguished engineer in the Client Solutions Group Office of the CTO at Dell Technologies.
"It provides a reliable trust anchor for supply chain security for the platform or device," Martinez notes.
Gaining Momentum
Intel has introduced the SGX chip, which bypasses a system's OS and virtual machine (VM) layers while altering the way the system accesses memory. SGX also supports verification of the application and the hardware it is running. As a result, the SGX chip can provide protection from software-based attacks, such as side-channel attacks like Meltdown and Spectre (but not against load value injection attacks). Intel's new vPro processors aim to help defend against ransomware.
Dell's PowerEdge line of servers and HPE's Proliant Gen 10 servers and Greenlake on-premises cloud offering now have silicon roots of trust built inside.
Cloud providers such as AWS, Microsoft, and Google are also getting into the act. For instance, Google's platform, OpenTitan, introduces a secure, low-power open source chip design to boost security within datacenters. Intel's Ice Lake also enhances CPU security specifically for cloud workloads.
In November, Microsoft, AMD, Intel, and Qualcomm Technologies released the Microsoft Pluton security processor. This "chip-to-cloud" technology was pioneered in Microsoft's Azure Sphere environment, which supports a silicon root of trust for IoT and cloud frameworks.
Building Greater Trust
Although secure silicon isn't required for every device and every situation, it makes sense for organizations to migrate to devices enabled with a hardware root of trust, MacDonald says. He suggests asking hardware manufacturers and cloud providers where secure silicon chips were engineered and produced. For example, HPE produces its own chips in the US.
"You want to know that they came from a trusted area of the world and that they haven't been subjected to tampering," he says.
Over the next few years, it's likely that the building blocks of silicon RoT will converge and mature further.
For instance, some systems, including HPE's, are now using the Unified Extensible Firmware Interface (UEFI), which replaces a BIOS and introduces a more modern security framework that supports RoT.
In addition, Intel has announced it will produce secure silicon that supports fully homomorphic encryption.
Martinez predicts that RoT will soon intersect with areas such as asymmetric cryptography, signed firmware, authentication of firmware at boot, attestation, trust chaining, and the use of component identities.
"This will drive alignment across vendors and allow specific implementation to differentiate themselves, but also create some compatibility expectations up the stack," he says.
In fact, HPE and Dell are now collaborating with industry partners — including Intel, AMD, Broadcom, and Qualcomm — to develop the Security Protocol and Data Model (SPDM). This would help overcome a current roadblock involving incompatible RoT technology across vendors. The standard would enable secure chips to exchange messages with an option card to validate the authenticity of the option card firmware. This feature would allow a chip to validate the firmware on storage, network, and accelerator adapters.
To be sure, it's not a question of whether computing devices will transition to secure silicon, but rather when. What's more, the technology will spread to industrial control systems and a wider range of IoT devices over the coming years.
"Security at the silicon level is appealing," MacDonald says. "As security concerns and data privacy requirements grow, the technology is one way to boost system integrity and assurance."
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
CISA Will Use New Authority Over Internet Service Providers to Fight Ransomware, Official Says
https://www.nextgov.com/cybersecurity/2021/03/cisa-will-use-new-authority-over-internet-service-providers-fight-ransomware-official-says/172833/
Acting CISA Director Brandon Wales praised the government’s coordination absent a national cyber director.
In just about two more months the Cybersecurity and Infrastructure Security Agency plans to activate its newly minted power to force internet service providers to supply the identity of their customers, so officials can warn them about vulnerabilities in their systems.
“It's an important new authority, one that the agency has been pushing for for a couple of years, and we're actually getting ready to bring it live, as we've finished up some of our procedures and training, in the next 60 days or so,” said Brandon Wales, CISA’s acting director.
Wales spoke with Auburn University’s Frank Cillufo during an event on the ransomware threat Monday. Cillufo, who is a member of the congressionally mandated Cyberspace Solarium Commission as well as the Homeland Security Department’s Advisory Council, asked how the operational technology of industrial control systems, in particular, is faring under rolling waves of ransomware attacks targeting state and local critical infrastructure.
The risk ransomware presents to the industrial control systems is increasing, Wales said, noting that another water facility was recently targeted. In this case, the facility was used for monitoring not treatment, so the impacts were minimal, he said, but he used the example to describe the vulnerability of the sector.
“We've now seen ransomware targeting OT systems, targeting control networks, which, a few years ago we had never seen that, really, you know before,” he said. “Now it is, it is more common. We had an incident in the past week, where we had a water facility that had its OT network compromised.”
In the last National Defense Authorization Act, Congress gave CISA the authority to subpoena ISPs to hand over the contact information of entities where the agency observes an opening for exploitation.
“We're not gonna be regulating that company,” Wales said. “But we want to be able to talk directly to the owner and say you know you've got a vulnerable system, it's out on the internet, and we found it today but tomorrow, a malicious actor could have found that, exploited it, and your system could have been down, or worse.”
The new ability fits with plans Anne Neuberger, deputy national security adviser for cyber and emerging technology, recently announced that center on the need for greater visibility across public and private networks to protect industrial control systems.
Asked about how the lack of a national cyber director—another component of the NDAA—has affected his work, Wales praised Neuberger’s coordination of federal efforts.
"I think we've been, we've been very lucky to have a supporter of this agency and an extremely capable, knowledgeable, cyber professional with Anne Neuberger at the White House,” he said.
=================================================================
Ideally after being notified by the CISA if they haven't already, the customers should get Wave solutions to identify those zero day APT threats (on unpatched software), and also only allow known and approved devices on your network. That could help protect these customers from ransomware threats, and being pro active by getting Wave solutions in advance is a better idea.
Better security at less than half the cost!!!
=================================================================
http://www.wavesys.com/products/wave-endpoint-monitor
Key Features:
Easy security compliance
• Comports with NIST guidelines for BIOS integrity
Data protection
• Ensures that you can trust the integrity of your measurements for central analysis
• Real-time alerts for zero-day detection of APTs
• Get Windows 8 Malware protection now—WEM covers previous versions of Windows
Simplicity
• Uses standards-based security that’s in every PC you own
• Measurement notifications and reports can be customized for your processes and work flows
• Centralized, remote activation and management of your TPMs
• E-discover which PCs in your organization are enabled for endpoint monitoring
No compromises
• Ensure host integrity—without expensive hardware or excessive administrative overhead
=================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
CNA insurance firm hit by a cyberattack, operations impacted
https://www.bleepingcomputer.com/news/security/cna-insurance-firm-hit-by-a-cyberattack-operations-impacted/
==================================================================
High-availability server maker Stratus hit by ransomware
https://www.bleepingcomputer.com/news/security/high-availability-server-maker-stratus-hit-by-ransomware/
==================================================================
Ransomware attack shuts down Sierra Wireless IoT maker
https://www.bleepingcomputer.com/news/security/ransomware-attack-shuts-down-sierra-wireless-iot-maker/
==================================================================
Invest in the Wave Alternative!!!
Better security at less than half the cost!!!
==================================================================
http://www.wavesys.com/wave-alternative
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
UK Govt Department Loses 306 Mobiles and Laptops in Two Years
https://www.infosecurity-magazine.com/news/government-loss-mobiles-laptops/
A UK government department has lost a total of 306 mobile and laptop devices since 2019, according to official figures.
The data, obtained under a Freedom of Information (FoI) request by Parliament Street Think Tank, revealed that the Department for Business, Energy and Industrial Strategy had 234 mobiles and 72 laptops lost or stolen during the calendar years of 2019 and 2020.
In 2019, 26 laptops were reported stolen and 17 lost. This fell to 19 laptops stolen and 10 laptops lost in 2020. In regard to mobiles, 126 were reported lost and 30 stolen in 2019, while the figures were 65 and 13, respectively, in 2020.
The large number of lost or stolen devices raises concerns about highly sensitive government data falling into the hands of malicious actors.
Commenting on the figures, Edward Blake, area vice-president, Absolute Software UK&I, said: “Amidst the chaos caused by COVID-19, managing a large, distributed workforce is no easy task, and keeping tabs on valuable devices like laptops is growing increasingly difficult.
“However, if one of these lost devices ends up in the wrong hands, the organization in question could be facing a far more costly predicament than first anticipated. For example, sophisticated cyber-criminals can steal the data contained on these devices, access more businesses files or intercept emails between colleagues, all with relative ease once a device has been compromised.
“Therefore, it is more critical than ever to have a permanent digital connection to every endpoint, as well as the ability to lock, freeze or wipe the device if it is at risk of being compromised.”
There have been numerous examples of device loss in the UK government in recent years. Last year, for instance, it was reported that over 2000 mobile devices used by UK government employees went missing in the space of a year, a significant number of which were unencrypted.
==================================================================
With the experience that Wave has had managing SEDs in large companies, and this article, it seems crazy that they wouldn't be assisting MANY more organizations with their SED management and activation. The Wave Cloud could also be a big help here!!!
Ingram-Micro, Synnex and Wave's other partners could get the market the cybersecurity solutions (Wave) it really needs!!!
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Why data privacy will be the catalyst for digital identity adoption
https://www.helpnetsecurity.com/2021/03/15/digital-identity-adoption/
Most of us probably don’t think of buying a bottle of wine as a security risk. However, we inadvertently give away our address, surname, nationality and signature – unnecessarily – every time we buy alcohol. In proving our age, which only requires our date of birth and photograph, we give away lots more personal information than we need to.
Digital identity adoption
In the online world, we see the same pattern. In 2020, 75% of large companies in the UK reported a data breach in the last 12 months – and the numbers show no signs of slowing down. As a direct consequence of this, identity fraud is rising, even more so since the COVID-19 pandemic took hold, buoyed by the sheer volume of personal information out there.
While this example is by no means a prominent threat of identity fraud, it begs the question: in a world of constant data breaches and rising fraud, why aren’t we being more careful?
With so much data available on all of us, it’s no wonder that people are hesitant to adopt digital identities. It would be much easier to simply flash a digital ID when buying alcohol or onboarding at a new job. What’s not so easy is willingly handing over a potential minefield of data time and time again.
However, digital identities could actually be a way of withholding unnecessary data and protecting ourselves from fraud, not opening ourselves up to it. The UK government recognizes this as a priority, recently publishing a draft framework outlining its future governance of digital identities. To get it right, consumers need to trust that their data is safe and secure. This all comes down to how we build these digital identities, and who looks after them.
Putting privacy first
Firstly, the story around digital identities needs to change. What they won’t be is a one-stop-shop to access every piece of personal information about you at the touch of a button, shareable and stealable. What digital identities could be, if we put data privacy at their core, is selective. We have the opportunity to create a technology, which means people only need to share the specific data they need at any one time, withholding as much data as they can to get the job done.
This doesn’t seem too big of an ask, either. Mastercard recently partnered with Deakin University and Australia Post to test out a digital ID solution enabling students to register for their exams digitally. This removed the need for tiresome paperwork and trips to campus, but also reduced the amount of data shared about each student. Students created a digital identity with Australia Post, using this to gain access to their university exam portal. With each registration, only specific personal information was required to allow students’ entry to the exam portal – nothing was shared than didn’t need to be.
Now imagine this in our banks, shops, and workplaces. Rather than revealing most of your ‘identity’ with every purchase of alcohol, you only show your ID documents when you first create the identity – to verify that you are who you say you are. Then, each time it’s needed, your digital identity only reveals what needs to be revealed at that time and keeps the rest of your data safely hidden.
Who can we trust?
While putting data privacy at the core of digital identities is critical, it’s not the only step to take to increase trust. Often, who is holding your data is just as worrying as what data they have to hold.
For example, a digital identity card trial in Taiwan was recently delayed indefinitely until stronger privacy regulations are introduced. The digital ID system would have brought their physical identity cards together with a citizen digital certificate, and their health and driving license data. As the plans were made, citizens raised privacy safeguarding concerns, questioning how their personal data could be protected from potential cyber-attacks.
The issue here isn’t the mechanics, or whether or not digital IDs are the right move – it’s simply about ensuring there is enough trust in those who hold the data. In this case, regulation will likely be the answer or allow individuals to hold their own data on their own device like they do a physical document.
Establishing trust with the organizations who will collect our personal data is key. Regulation is one thing, but perception is another. Of all the sectors who have their hat in the ring to create and own digital identities, many are already under intense scrutiny when it comes to data. Big tech firms have a poor track record of putting user privacy first (two words: Cambridge Analytica), and governments too have come under fire for data privacy issues – most recently in Denmark, which exposed tax ID numbers for millions of citizens. That’s why many industry insiders are betting on third parties, like established payments providers or even new entrants to the market such as the Post Office, to win the trust of weary consumers.
Whoever emerges the victor in the race to create digital identities needs to remember one thing: being transparent with data collection and privacy will be critical to getting people onboard.
The future is secure
While we won’t be waving goodbye to our physical ID documents anytime soon, adopting digital identities seems to be looming on the horizon. Beyond simply creating digital identities that are selective in the information they share, it is also entirely possible to have our identities verified one day with our irises or fingerprints alone.
Digital IDs not only promise us fast and seamless user experiences, regulatory compliance, and an easier way to do business – they’ll also offer us privacy and protection that we can’t get from an identity system stymied by rising data breaches. To make this a reality, the rollout must put trust first from the very start. Ultimately, digital identities will only work if we get enough consumers on board. For this, trust will be non-negotiable.
=================================================================
When you take Wave's protection record with PwC in the few years Wave was helping protect PwC with 2FA and TPMs, why would you want to be protected by others given the 75% statistic bolded in the article above?? Invest in the Wave Alternative!!!
=================================================================
http://www.wavesys.com/wave-alternative
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
UK’s CEOs Commit to Cyber Spending After Pandemic
https://www.infosecurity-magazine.com/news/uks-ceos-commit-to-cyber-spending/
Over two-thirds of UK-based CEOs plan to increase long-term cybersecurity budgets, with many expressing increasing concerns over the risk of online threats to the business, according to PwC.
The global consulting giant interviewed nearly 1800 business leaders in the UK as part of a global survey of CEOs.
Its 24th annual UK CEO Survey revealed the major impact the pandemic has had on decision-making at the apex of the country’s private sector organizations.
The number reporting concerns over cyber-threats increased from 80% last year to 91%, while almost half (48%) said they were “extremely concerned” about the threat posed by cyber-risk to business growth.
PwC claimed these changing responses were influenced heavily by the rapid shift to support remote working and push more services online in the early days of the crisis. These efforts enabled attackers to find new gaps in protection which allowed them to flourish.
Trend Micro claimed to have blocked 20% more threats last year — an average of 119,000 per minute globally. Threat actors targeted distracted home workers using unsecured devices and networks, as well as vulnerabilities in remote working infrastructure such as VPNs, and RDP endpoints whose passwords were previously breached or easy to crack.
“As the criticality of technology has increased over the past year, so have UK CEOs’ fears of cyber security threats. This heightened concern is understandable as the stakes are so much higher than they were 12 months ago,” argued PwC cybersecurity leader, Chris Gaines.
“Businesses have become more aware of how reliant on technology they are for their very survival, and as such the risk of cybersecurity attacks naturally weighs more heavily on their minds.”
The criticality of cybersecurity is clear from the study: respondents selected cyber as the number one threat which is factored into their strategic risk management activities, above “pandemics and other health crises” and “uncertain economic growth."
As a result, a majority of the UK’s CEOs are responding to these challenges by committing more investment to cyber and data privacy over the coming three years.
“Securing an enterprise is far more than ensuring the CIO builds the right technical controls. It is about simplifying the organization to be securable. It is about assessing, understanding and managing the cyber risk impact of every business decision,” concluded Gaines.
“It is also about recognizing that much of cybersecurity risk originates from vulnerabilities outside their organization.”
=================================================================
PwC is a professional services (accounting/consulting) firm with approximately 200,000 employees.
Wave had PwC as a customer for a few years for 2FA with TPMs activated!! Were there any cyber attacks or data breaches during that time?? Think about the Wave Alternative for your organization, and wisely invest in it!!!
=================================================================
http://www.wavesys.com/wave-alternative
Choose data protection that actually works.
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
More than $4 billion in cybercrime losses reported to FBI in 2020
https://www.cyberscoop.com/fbi-ic3-cybercrime-4-billion-fraud/
Excerpt:
That's just insane.
==================================================================
Think about the Wave Alternative!!! If a lot more organizations were using it, these statistics wouldn't be so INSANE!! The Wave Alternative should be a must have for every organization in the World (except for a few countries)!! Please read the Wave Alternative below.
==================================================================
http://www.wavesys.com/wave-alternative
Choose data protection that actually works.
The IT perimeter is gone
With tablets, smartphones, and cloud applications, your employees can access sensitive data anytime, from anywhere. Indeed, around 70 percent of security breaches and data thefts are inside jobs. Meanwhile, the hackers only get better: advanced persistent threats (APTs) appear as normal traffic, and malware can go unnoticed for weeks.
It’s a new world, one without borders. Yet most organizations are still trying to protect their data with the same old firewalls and antivirus software. It’s not working. We refer you to the headline-making breach of the week.
You have to start with the device
Wave has an alternative: security that’s built into each and every device.
We’re talking about hardware: self-encrypting drives (SEDs), which protect data when a device is stolen or lost, and trusted platform modules (TPMs), or embedded security chips. Both go in at the factory, and increasingly, both are standard. They make it possible for you to monitor and control each individual device and its data, no matter where it is. But you need software to turn on and manage your SEDs and TPMs. Wave makes that software.
We’ve been refining comprehensive, centralized management of hardware-based security longer than anyone else. More than that, we’ve shaped the field as a founding member of the Trusted Computing Group, the not-for-profit that develops and promotes industry standards for the hardware.
Security that’s confirmed, not assumed
With Wave, you’ll know that you’re secure. Because we start with the individual devices, you get a broad, deep view of your network. You can see exactly who’s on it, with what devices and what apps, at any given time. Just for example, if Bob goes home and tries to log onto Facebook with the company laptop, Wave can stop him.
A big piece of this heightened security is device authentication. Traditional two-factor authentication requires what amounts to two user IDs. But by using the TPMs inside your devices, Wave can confirm the identity of not only users, but also the devices they’re on. Combine that with fast, enforced encryption of sensitive data via your SEDs—all easily managed with Wave software—and your data is protected from the full range of modern risks: device theft, missent emails, flash drives, portable hot spots … even (and no one else can say this) hardware keyloggers. Not to mention Bob.
Do we need to say that with Wave, compliance is no problem?
Start closing your security gaps today, with what you’ve got
You might be surprised to hear that 90 percent or more of your computers probably already have TPMs. Mobile devices are catching up fast. SEDs are newer, but you probably have a bunch of those too. Machines that don’t have them can often be outfitted at little to no extra cost. So you’ve got some or all of the hardware. All you need to do is turn it on with Wave.
It’s almost as easy as it sounds. TPMs and SEDs are built to open, vendor-neutral industry standards, and so are Wave solutions. That means Wave works on your existing mix of hardware, across platforms, and will evolve with you. It’s part of what makes the Wave alternative not only more secure, but also simpler and cheaper. Total cost of ownership for Wave data protection can be almost half that of a traditional software-based system.
Questions? Read on, or contact our sales department.
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Does a company need to report a lost or stolen laptop under the GDPR?
https://www.natlawreview.com/article/does-company-need-to-report-lost-or-stolen-laptop-under-gdpr
Possibly. The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries). In instances of a lost or stolen laptop, whether notification will be required depends on whether the data was encrypted or password-protected and on the sensitivity of the data contained on the device. The EDPB states that strong encryption would permit a controller to avoid notification, although the event should be internally documented pursuant to Article 34.
In contrast, notification to both the supervisory authority and the individuals would be required if large amounts of unencrypted personal information were contained on the lost or stolen device, even if the personal data itself was not sensitive.
The guidance is not clear about whether use of a strong password alone, but not encryption, would be sufficient to avoid notification. If the data protected by the password is highly sensitive, then a supervisory authority may find that notification is required, notwithstanding the use of a password.
=================================================================
Why would any (ie. multinational) company risk not having self-encrypting drives (SEDs) activated in their computer fleet, and therefore risk having to report a laptop with missing data to GDPR (and face steep fines)? There are still companies probably unknowingly doing that, and Wave could help them immensely with Wave SED management and the Wave Cloud!!! Please read the content in the links below!
==================================================================
http://www.wavesys.com/products/wave-self-encrypting-drive-management
http://www.wavesys.com/products/wave-cloud
=================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Why traditional malware detection can't stop the latest security threats
https://www.techrepublic.com/article/why-traditional-malware-detection-cant-stop-the-latest-security-threats/
Excerpts:
Relying on detection alone will only result in an unsatisfactory outcome for the organization, so a more architecturally robust approach to security is required; one that builds protection from the hardware up," Pratt said.
"By having security built in at the hardware level, endpoint devices can help defend users and recover from attacks automatically, improving business resiliency."
==================================================================
Another case where Wave has been ahead of its time with security based on hardware (TPM) or by providing Wave Endpoint Monitor!!! Wave Endpoint Monitor and malware protection are at the links below and are excellent reading for those interested in better anti-malware protection!
==================================================================
http://www.wavesys.com/malware-protection
http://www.wavesys.com/products/wave-endpoint-monitor
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Proving who you are online is still a mess. And it's not getting better
https://www.zdnet.com/article/proving-who-you-are-online-is-still-a-mess-and-its-not-getting-better/
The UK government wants citizens to have digital identities. Whether the public will be on board is another question.
==================================================================
WOW, what Wave did with Drummond Reed (OneName) many years ago could give Wave a big leg up in helping the UK government with digital identities. SO MANY things the TPM, SED and Wave could do to make a tremendously positive difference in people's lives!!
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Alert overload still plagues cybersecurity industry
https://www.helpnetsecurity.com/2021/03/11/alert-overload-still-plagues-cybersecurity-industry/
Alert overload still plagues the cybersecurity industry, according to Critical Start. Forty-seven percent of respondents reported personally investigating 10 to 20 alerts each day, a 12% increase from 2019. Moreover, 25% of respondents said they investigate 21 to 40 alerts each day, up from 14% the year prior.
“Just like businesses and organizations from both the public and private sector are consistently under attack from malicious actors, security professionals are consistently being bombarded with alerts to investigate,” said Jordan Mauriello, Senior VP of Managed Services at Critical Start. “This is a problem that isn’t going away, so it is imperative that enterprises invest in the people, process, and technology that are needed to combat this alert overload.”
Reseachers surveyed 100 SOC professionals across enterprises, Managed Security Services Providers (MSSP) and Managed Detection & Response (MDR) providers to evaluate the state of incident response within SOCs from a variety of perspectives, including alert volume and management, business models, customer communications, and SOC analyst training and turnover.
Other key findings include:
•Positively false: Nearly 70% of respondents (68%) said that 25 to 75% of the alerts they investigate on a daily basis are false positives.
•Turning a blind eye: Almost half (49%) of all respondents said they turn off high volume alerting features when there are too many alerts for analysts to process, creating the potential for a legitimate and serious alert to be missed.
•Back to school: 95% of respondents now report receiving more than 10 hours of training each year.
Additionally, Critical Start used this year’s survey to examine the impact of COVID-19 on the cybersecurity industry during 2020. Key takeaways include:
•66% of survey takers reported seeing an increase in alerts since the known spread of COVID-19 began in mid-March of 2020.
•89% said they had been forced to work remotely as a result of COVID-19.
•80% reported taking steps to change the security posture of their organization because of COVID-19 induced remote work.
=================================================================
Only known and approved devices are accessing your network, and using Wave's other solutions to protect your network makes more sense than alerts!! Does the alert process really work?? The number of data breaches, ransomware and cyber attacks in the last year tell the story.
=================================================================
http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management
Excerpt:
With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
BETTER SECURITY AT LESS THAN HALF THE COST!!!
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
US Moves Closer to Retaliation Over Hacking as Cyber Woes Grow
https://www.securityweek.com/us-moves-closer-retaliation-over-hacking-cyber-woes-grow
A senior US official said Friday the Biden administration is close to a decision on retaliation for state-sponsored hacking as fears grew over the fallout from the latest of two major cyberattacks.
The official said the White House was working closely with the private sector to ramp up cyber defenses following the attacks which targeted Microsoft Exchange servers and SolarWinds security software, potentially compromising thousands of government and private computer networks.
US officials had previously hinted at moves against Russia, which has been linked to the massive SolarWinds hack that shook the government and corporate security last year. The latest comments suggested forthcoming actions.
"You can expect further announcements on that in weeks, not months," the senior official said, in reference to SolarWinds, in a briefing with reporters on the two hacking incidents.
The official, who asked not to be identified, said federal agencies had made progress in patching systems at nine federal agencies affected by the SolarWinds attack.
But an urgent effort is underway to remedy the Microsoft Exchange hack, which opened security holes that are actively being exploited by cybercriminals and others.
To help find solutions, "for the first time we've invited private sector companies to participate" in key national security meetings on the attacks, the official said.
The response "is still evolving," according to the official, who noted: "We really have a short window to get vulnerable servers patched, measured in hours, not days."
- New ransomware emerges -
The comments came as a new strain of ransomware has emerged which exploits a security flaw in Microsoft Exchange servers, signaling potentially damaging consequences from the high-profile hack.
Microsoft and other security researchers said the new ransomware dubbed "DearCry" was showing up in servers affected by the breach attributed to a Chinese hacker group.
"We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers," said a tweet from Microsoft Security Intelligence.
Other researchers including Michael Gillespie, founder of the ID Ransomware service, noted the new strain of malware on Thursday, which could lead to a new wave of attacks that encrypt computer systems and seek to extract payments from operators.
This is the latest sign that the security flaw which became public this month could open the door to a variety of hackers, cybercriminals and cyberespionage operators.
"While patching to prevent compromises will be easy, remediating any systems that have already been compromised will not," said Brett Callow of the security firm Emsisoft.
"At this point, it's absolutely critical that governments quickly come up with a strategy to help organizations secure their Exchange servers and remediate any compromises before an already bad situation becomes even worse."
Earlier this week the FBI and Department of Homeland Security warned that the Exchange server vulnerability may be exploited for nefarious purposes.
A joint statement by the agencies said that "adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for ransom, or even execute a destructive attack."
The DHS Cybersecurity and Infrastructure Security Agency has been pressing for patches to be applied to networks in both government and the private sector.
The potentially devastating hack is believed to have affected at least 30,000 Microsoft email servers in government and private networks and has prompted calls for a firm response to state-sponsored attacks which could involve "hacking back" or other measures.
==================================================================
Are we prepared defensively at endpoints (ie. computers), and organizations' networks?? Wave could help big time!!!
==================================================================
Better security at less than half the cost!!!
==================================================================
http://www.wavesys.com/
http://www.wavesys.com/contact-information
Contact Wave
Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com
Gold Customer Support:
goldsupport@wavesys.com
1-800-928-3638
Support:
support@wavesys.com
1-844-250-7077
Sales:
1-877-228-WAVE
Why your Employees are the Most Important Part of your Business
https://www.businessblogshub.com/2018/03/why-your-employees-are-the-most-important-part-of-your-business/
It’s no big surprise that companies that take an active interest in the wellbeing and happiness of their employees find it easier to attract the best talent. After all, we all enjoy feeling that we are valued and appreciated, and are willing to work a lot harder for a business that has demonstrated this to us.
That said, it’s not always easy for management, especially in a very large corporate entity, to make time for each of their employees, or even to know how to begin investing in their human capital. But it truly is an investment, as your company is virtually guaranteed to become more profitable when the staff feel empowered and acknowledged.
Losing key employees costs your business
Sadly, it’s often only after an employee has left the company that you realize just how much they contributed. When someone pursues a better salary offer, or just a more favorable working environment, they take all of the skills, insider knowledge and know-how they gained with them – and quite often, it’s your competition that’s going to acquire them.
Aside from the costs of hiring and training someone to replace them, projects they were working on can grind to a halt, and other projects might suffer while your remaining employees are forced to try and pick up the slack. All of this directly affects your business’s bottom line.
So how do you prevent this from happening? Here are a few examples of how to go about investing in your company’s most valuable asset:
Train from the bottom up:
When you hire a new employee in a junior position, have a career path in mind for them. If there’s no chance of moving up the ranks and improving themselves, there’s very little motivation for them to say with you in the long run. Whether it’s the receptionist, the admin clerk or the junior manager, chat to them about the direction they’d like to go in. Maybe they’d like to pursue accounting, payroll, marketing or even HR? You’ll find that sending a junior employee for training in their chosen field not only makes them a more valuable asset, it makes financial sense too, as the cost of the training is offset by not having to hire a new employee with a degree or tertiary training of their own already under their belt. And most importantly of all, it shows that you care about them and are willing to help them grow in the company.
Throw in a few perks that your competitors aren’t offering:
Working for a company that has a ‘cool’ image can be a big selling point for employees, so get your thinking cap on and let them have a say too. There are loads of ways you can go the extra mile, from allowing casual Fridays with after-work snacks, to offering flexi time working hours for people with kids or who commute from a distance, or implementing a work shuttle from the nearest bus or train station. Allowing people who don’t have to be onsite to perform their duties to work from home can be a massive selling and retention point too.
If your company has a very corporate image, then teaming up with a provider that specializes in tailored corporate wear can be a great help for staff who don’t find that the look comes to them easily! Not everyone is a natural snazzy dresser, but if you have a partnership with a company that offers just the look you’re going for, it takes a lot of pressure off everyone!
Invest in your managers, but realize when it’s just not working
Even if you love your work, having a rude or unapproachable supervisor or direct manager can make all the staff underneath them miserable. Be open to the fact that some people just don’t do well in such a position, and keep your eyes and ears open for signs that you might not have the right person in that role. Explore areas where they could make a better contribution (and probably be happier themselves too).
Have a fair performance review system in place and reward top achievers
Every employee should know exactly what their responsibilities are, and you should have a fair system in place to measure how well they’re doing. Remember that not every reward needs to be financial – many people would prefer the option of going home early on a Friday if all their tasks are complete to a small financial incentive – but put the ball in their court and let them decide what’s going to motivate them. Make sure that someone who is making a noticeable effort to improve receives praise and incentive to keep trying too.
=================================================================
http://www.wavesys.com/