Wave Systems Corp. (fka WAVXQ)

[Genz2]

Nation state actors, affiliates behind increasing amount of data breaches

https://www.zdnet.com/article/nation-state-actors-affiliates-behind-increasing-amount-of-data-breaches/?ftag=COS-05-10aaa0g&utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5cd315b6df4239000111e3cd&utm_medium=trueAnthem&utm_source=twitter

Verizon's 2019 Data Breach Investigations Report highlights how nation states and espionage are becoming a worry for businesses and their data.

Cyberattacks by nation states and parties affiliated with them represented 23% of data breaches, up from 12% in 2018 and 19% in 2017, according to Verizon's Data Breach Investigations Report (DBIR).

The 12th annual data breach report were based on 41,000 cybersecurity incidents and more than 2,000 data breaches. At a high level, the DBIR report outlined the following:
•A quarter of all breaches were associated with espionage;
•C-level executives were 12x more likely to be the target of social incidents and 9x more likely to be a target of social breaches;
•Ransomware is the No. 2 ranked malware type and accounts for 24% of cases;
•Cybercriminals were targeting cloud-based email accounts and leveraging stolen credentials.

The nation-state actors and espionage takeaways highlight how the security threat game is changing in many respects. Espionage was an issue across most of the industries in the DBIR. Gabe Bassett, co-author of the Verizon DBIR, said companies need to plan for what happens after a data breach.

Bassett said companies are being targeted for intellectual property and secret theft by cybercriminals looking to leverage credentials instead of mapping a network and gaining access over time. "The theft of personal information and credentials is a primary vehicle is a different approach. The target is the same," said Bassett. Log-in information, social attacks and pretexting are primary techniques used to gain access to IP.

Educational institutions are also good targets, but the motives are more spread out. Yes, nation-state actors are interested in research, but databases full of student information also have profit potential. Cybercriminals are also targeting web applications and email to steal credentials.

Among other key trends:

Please see link for the rest of the article.
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card

Excerpt:

The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.
=================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management

Excerpts:

Token-free, password-free user authentication

We know you’ve dreamt about shredding your list of passwords. Go on and do it.

Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.
=================================================================
https://www.wavesys.com/virtual-smart-card-2.0-from-wave

Cyber-threats are everywhere, but with Wave Virtual Smart Card 2.0 (Wave VSC 2.0) enterprises have a hardware-based, tokenless, two-factor authentication security solution with the security of a hardware token solution and the convenience and cost savings of a software token solution.

Wave VSC 2.0 delivers strong two-factor authentication using the Trusted Platform Module (TPM), the embedded security chip built into enterprise PCs. Wave empowers IT with management of the TPM and VSC 2.0. Companies successfully use Wave VSC 2.0 to secure VPN access, web applications and other certificate-based applications, like Wi-Fi with 802.1x, remote desktop, or Windows-user login. Use the security that’s already been deployed and save money with Wave VSC 2.0.

Every month we see headlines highlighting mammoth breaches (i.e. EBay, JP Morgan Chase, Sony, Target, etc…). In each case, millions of records were stolen, corporate images were tarnished, and enormous costs were incurred as a result. And equally disturbing, more often than not the attacks go undetected and as a result important information is stolen.

Please see the above link for the white paper on the Wave Virtual Smart Card 2.0.