KuppingerCole Blog

Blog

Ransomware in 2022

Cybercriminals continue to cause disruption for organizations in 2022. Depending on the cyberattack type, those disruptions lead to various consequences, such as reputational/brand damage, financial losses, and monetary penalties. One of the most prevalent types of cyberattacks is ransomware, accounting for approximately 10% of all cyberattacks in 2021. Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption keys. Palo Alto Networks states...

Blog

Zero Trust vs SASE

As discussed in the last edition of KC Navigator, public sector organizations are increasingly early adopters in digital identity, digital transformation, and cybersecurity, providing the opportunity for private sector organizations to learn from public sector implementations and follow their lead. Within cybersecurity, government adoption of a Zero Trust approach to security, particularly in the US, is a prime example of where the public sector is providing a lead for the private sector to follow because both sectors are potential targets of the same cyber threats. Zero Trust is not...

Blog

Will users and organizations have trust in keys roaming via the cloud?

The need for authentication standards In the cybersecurity industry, many new technologies–particularly those related to identity management and authentication–are constantly driving change and innovation. Yet one thing remains the same: the use of passwords continues to pose a threat to an organization’s IT security. As long as passwords continue to be used, users and organizations will remain vulnerable to attacks. Fortunately, due to the development of new solutions and authentication standards, replacing passwords as the dominant form of authentication on the...

Blog

Government and Technology

Although there are some differences, in many ways the business IT and cybersecurity requirements of government are very similar to those of private sector organizations, and therefore public sector initiatives can often offer insights on tackling common challenges. Public and private organizations both have to ensure the services are agile and innovative to remain cost effective and provide good user experiences, both have to ensure privacy for users of their services, both have to manage user access based on identity, and both have to face similar cyber security threats against...

Blog

In the Midst of Change, Somethings Remain the Same

Industry 4.0 is the fourth revolution in manufacturing. I won't bore you with the details of the prior iteration or versions and how we got where we are today, only that Industry 4.0 promises to take the interconnectedness of devices and machines to a new level. Smart or intelligent computing and autonomous systems using analytics and AI/ML techniques supported by big data are integral parts of the industry 4.0 paradigm. Industry 4.0, in short, is a significant change and will impact a manufacturing organization's digital transformation. A Bow Wave of Devices and Machines Since the...

Blog

Ever-Growing Attack Surface

The era we are living in has transformed the Internet and IT from being a convenience for people and organizations into a cyber liability. In an IT infrastructure, almost any system is now an integrated system that has internet connectivity. With assets, devices, resources, hardware, and software, being changed, patched, or updated continuously, it is critical to have an approach that continuously collects and classifies the inventory, discovers the risks, and monitors the organization’s IT infrastructure. Classifying, protecting, and identifying digital assets have always been a...

Blog

Digital Transformation - Multi-Cloud and Multi-Complex

Organizations are going through a digital journey to exploit the digital systems to create new services, get closer to their customers and to improve efficiency. This process has been accelerated by the COVID pandemic where survival depended upon being able to change. This has led to a fragmented IT environment using multiple cloud services as well as on premises and edge. The challenge is now how to manage the complexity this has created. There are now many solutions on the market with acronyms like CSPM, CNAPP, CIEM, CWPP. What are these solutions, and do they really help? Digital...

Blog

Staying Ahead in the Innovation Race

Machine Learning, Edge, and Decentralization to Drive Your Investment Decisions Challenges to the business operating environment are mounting – a survey of over 200 executives conducted in 2021 revealed the resilience dimensions most important to their strategy and operations. Digital and technological resilience is rising to the top, just behind financial resilience and operational resilience as being most important to the business across a variety of sectors. Unfortunately, it is not just a matter of threats and vulnerabilities to enterprise systems – although these are...

Blog

Log4j vulnerability: It is still a threat

The Log4j vulnerability, was first detected in December 2021. Log4j is an open-source Java library that is widely used by developers to monitor apps and captures logs. Cybersecurity experts classified it as a critical severity due to its vulnerability to remote code execution (RCE) attacks, local code execution (LCE) attacks, and information leakage. Millions of attack attempts exploiting this vulnerability were reported . Microsoft identified a group of attackers from China that used this weakness as a back door to inflict organizations with Nightsky ransomware. Due to being...

Blog

Privacy and Data Protection

As the world becomes more digital, and the right to privacy becomes enshrined in a growing number of laws and regulations around the world, organizations increasingly have to pay attention to protecting the privacy of individuals in all their data handling and processing. In the digital era, privacy guarantees need to be taken into account when designing any interactions with individuals that involve personal information, not only to avoid the risk of sanctions for failing to comply with privacy regulations, but also to gain consumer loyalty through winning their trust. Since the...