Latest Posts:
TheTechAgents
Tag

Report

Browsing
Internet

Report calls for action on advertising by Digital Pill Mills By Techagents

A loophole in the rules governing the advertising of stimulant drugs must be closed, according to a report released on Monday by an international think tank.

Many telehealth companies aggressively market stimulant drugs to users on social media without the typical disclosures found in pharmaceutical ads, according to a 39-page report from the Center for Data Innovation, which data , studies the intersection of technology and technology. public policy.

It clarified that telehealth companies can post advertisements for prescription drugs without including any warnings or information about side effects due to technicalities in drug advertising laws and regulations.

Many ads on social media for stimulant medication target audiences concerned with attention deficit and hyperactivity disorder. The Center for Data Innovation report referenced this November 2021 tweet from Clarity ADHD:

Klarity ADHD Tweet Ad Gets Adderall Prescribed Online for ADHD

Image Source: Clarity ADHD Twitter Feed

“The majority of medical providers who offer treatment for ADHD act in the best interests of their patients and prescribe stimulant medications when medically necessary,” said Morgan Stevens, author of the report.

“But some newer telehealth companies, such as Cerebral and Done, have abused the advertising loophole to market stimulant drugs,” she told TechNewsWorld.

Cerebral declined to comment for this story. Kiya did not respond to a request for comment.

bullets in front of people

The report notes that the consumption of stimulant drugs has increased over the past few decades, following a pattern similar to the opioid epidemic.

Stimulant drug consumption continued to rise during the COVID-19 pandemic, with some telehealth companies taking advantage of lax regulations to offer prescriptions for stimulants with little medical supervision or appropriate care.

However, despite the increased consumption and availability of stimulant drugs, stimulant abuse, and more prescriptions, face less scrutiny than other Schedule II controlled substances, such as opioids, it added.

The report noted that several regulatory changes designed to promote the use of telehealth during the pandemic allowed more remote services to be delivered than ever before, including prescribing stimulant drugs.

In pursuit of rapid growth, it continued, some telehealth companies prioritize customer retention and satisfaction over ensuring that patients receive appropriate, high-quality care.

The report notes that some companies operating in the telehealth space do not meet the standards for in-person psychiatric care.

The diagnostic process for ADHD usually involves a lengthy evaluation in which a medical provider will review the patient’s clinical history, discuss reported symptoms, and ask for information from the patient’s friends and family. Could Instead, some companies evaluate patients during 30-minute appointments before reaching a diagnosis and prescribing stimulant medications.

‘Assisted Ads’

Companies advertising ADHD drugs were able to avoid more stringent regulations by not mentioning specific drugs by name.

Unlike ads that name specific drugs, the report noted that these ads—classified by the FDA as “help-seeking ads”—discuss a condition or disease but do not refer to a specific medical treatment for it. Let’s give

Instead, these ads would list the symptoms caused by ADHD and encourage viewers to seek treatment from a medical professional if they experience symptoms.

Google Ads search result for Buy Adderall online from ADHD treatment provider turned up

December 5, 2022 — A Google search for “buy Adderall online” brings up the first result which is an ad for Done.

However, the report notes that many of the symptoms listed in the ads are general to the human condition and may not indicate that a person has ADHD.

In disseminating information about ADHD symptoms without providing additional context, these ads run the risk of misleading viewers into thinking they have ADHD and should take medications to treat the condition without understanding the risks.

It states that viewers may identify with one or more of the common symptoms presented in the ad and seek medical treatment for the condition. This may result in some viewers receiving a misdiagnosis and medically unnecessary treatment.

Law enforcement audits of telehealth platforms

Although some telehealth providers offering mental health services may have played a role in a sharp increase in stimulant drug prescriptions during the COVID-19 pandemic, the report urged policymakers to focus on improving oversight of those providers. is — and rather than punishing those who violate the law — seeking retribution for the telehealth industry as a whole.

Among the actions recommended in the report are policy makers having law enforcement agencies regularly audit telehealth platforms to identify bad or negligent actors responsible for unnecessary prescriptions.

However, Dr. Jeffrey Singer, a surgeon and senior fellow at the Washington, DC think tank Keto Institute, sees some problems with law enforcement playing a role in regulating the medical profession.

“I don’t know many law enforcement people who have medical or pharmacological degrees, but they decide what is excessive and what is not,” he told TechNewsWorld.

“Whether doctors are overprescribing, underprescribing or prescribing inappropriately is a medical decision, not a decision for the criminal legal system,” he said.

In a white paper published in November, Singer and Cato Research Fellow Trevor Burruss argued that medical mismanagement of pain, which causes harm to patients, is best addressed through the civil tort system.

,[S]States establish professional licensing boards specifically to enforce the ‘standard of care’ provided by those professionals,” he wrote. “Law enforcement has no medical expertise and no knowledge of narcotics and psychoactive They should have no role in classifying substances.”

doctor crossing the state line

Stevens countered that the Drug Enforcement Administration, Department of Health and Human Services, and state law enforcement agencies are already investigating physicians and organizations in the health care industry, in addition to the regular audits the DEA conducts for controlled substances.

“The DEA, HHS and states have the ability to expand these operations to ensure compliance with more controlled substances,” he added.

The report also recommended that doctors be allowed to treat patients across state lines. She suggested that policy makers increase the number of providers patients can see to receive mental health services. With telehealth, patients can receive remote medical care from providers in various locations.

It states that state policymakers should join licensing compacts that enable medical providers to practice across state lines.

In testimony before Congress, Singer suggested lawmakers go even further. He told the Senate Subcommittee on Communications, Media and Broadband, “Congress should define ‘place of care’ as the state in which the practitioner is located as opposed to the state in which the consumer of the service resides.”

“This change will increase access to care and allow patients to access expertise that may exist in areas of the country that are otherwise beyond their reach,” he explained. “It would also remove protections from out-of-state competitors that health care providers otherwise enjoy. The increased competition would again be to the benefit of patients.”

Keep a Watchful Eye on Telehealth Providers

The report states that the telehealth startup economy grew due to regulatory changes from the COVID-19 pandemic. These new companies enabled patients to receive medical care from the comfort of their homes and provided medical benefits that would otherwise be unavailable. Still, some telehealth providers have taken advantage of these changes to the detriment of patients.

Given the benefits of telehealth and the ease of access, it continued, policymakers should continue to drive regulatory changes that have helped the companies flourish. However, they must work to ensure that remote patients receive the same level of care as they would during an in-person appointment.

Read More
By
Internet

CEO fired from employee oversight: 2023 predictions report By Techagents

A C-level executive will be fired in 2023 for using employee monitoring by his firm. This is one of the security, privacy and risk predictions aired by Forrester on Monday.

In the coming year, lawmakers will pay more attention to workplace surveillance, and whistleblowers may also demand surveillance information to support complaints about labor law violations, according to predictions put together by 10 Forrester analysts .

Analysts advise companies to prioritize privacy rights and employee experience when implementing any monitoring technology, whether for productivity, return to office strategies, or insider risk management.

Joe Stanford, head of the C-Suite, said, “People in the C-Suite need to be aware of their surveillance and people’s privacy, and ideally they’ll have a third-party audit behind them to make sure they follow the applicable rules.” complying.” Global Security & Privacy for Platform.sh, a Global Platform as a Service Provider.

“We have a new generation of employees coming in that cares about privacy rights,” he told TechNewsWorld.

Timothy Twohey, a privacy attorney with Greenberg Glusker in Los Angeles, agreed that a breach of employee or customer privacy could bring down an executive in the future.

“In light of the FTC’s Drizzly decision, officials are very much in the crosshairs,” he told TechNewsWorld. “If there’s a case where there’s insufficient security, no protection plan, or there’s a prior violation that’s been overlooked, I can see someone from the C-suite being put on the chopping block.”

In the Drizly case, the Federal Trade Commission announced in October that it would impose a personal sanctions against the CEO of that alcohol delivery company for abuse of data privacy that allegedly resulted in the disclosure of the personal information of nearly 2.5 million customers.

security team burnt

Forrester also predicted that a Global 500 firm would be busted for burning its cybersecurity staff in 2023.

Analysts said security teams are already under-staffed. He cites a 2022 study that found that 66% of safety team members experience significant stress at work, and 64% reported the impact work stress had on their mental health.

He added that employees are expected to be available 24/7 through large events, to be on top of every risk, to deliver results in a limited time frame, and to face pushback when making budget requests.

“Today, every security team, including my own, has been burned,” Stanford said. “The reason we burn is because we don’t have enough money. Why don’t we have enough money? Because the protection is treated at the cost center.”

The rise in supply chain attacks and the need to monitor more third-party risk are also contributing to burnout, said Brad Hibbert, COO and CSO of Prevalent Networks, a third-party risk consulting company.

“Companies are trying to get more visibility into more third parties,” he told TechNewsWorld. “That means they have to do more third party assessments. To do that, the security teams need to do more work. We’re finding that the teams are hitting a wall. They can do their own thing without burning the security teams.” Cannot scale up programs effectively and efficiently.”

resetting expectations

Roger Grimes, a defense campaigner at KnowBe4, a security awareness training provider in Clearwater, Fla., observed that cybersecurity employee burnout is a real thing.

“I have been in the cyber security world for over 34 years now, and during that time I have had to mentor and mentor many people who were completely burned out in this area, mostly because they are working hard to prevent cybercrime. What they were doing was not working and is likely to never work,” he told TechNewsWorld.

He said, “I have left the cyber security field to work for artists, writers and even work that could be seen as ‘menial labour’, because they at least felt that their new Jobs are making a difference in people’s lives,” he said. ,

“I get it. Who wants to be at the high-speed hamster wheel and never move, never solve the problem you were hired to solve?” Grimes asked.

“I recommend cyber security professionals to get a police-like mindset for their work,” he continued. “Don’t think you’re ever going to be a complete problem solver. Be like a beat cop who knows his town is full of crime, most of it they can’t stop, and it’s all around them. And every cop keeps his head down, doing the best he can, and if they can do the best they can to the crime in front of him, they’ve done a great job.”

“If you don’t want to get burned out, reset your expectations, do the best you can within what you are able to control, and measure your success by what you can influence,” he advises.

ambitious prediction

Another Forrester prediction: More than 50% of chief risk officers will report directly to their organization’s CEO.

In 2022, risk became a major topic at security conferences such as Black Hat, analysts said. It has surpassed compliance as the primary driver for governance, risk and compliance technology investments as the level of risk for enterprises has increased.

He also noted that the risk preferences of firms are shifting from compliance to flexibility. Executives and boards are looking for a CRO to help identify new business opportunities.

ERM Initiative and AICPA’s 2022 The State of Risk Oversight study shows that 44% of firms have a CRO, of which 47% report to the CEO, he said. To ensure that ERMs receive the required level of executive visibility and support, more CROs will report to CEOs in 2023, he noted.

Jason Hicks, field CISO and executive advisor at Coalfire, a provider of cybersecurity advisory services in Westminster, Colo., found Forrester’s 50% prediction a bit ambitious.

“Safety and risk executives have been pushing for this change for years,” he told TechNewsWorld. “Internal company politics is a very significant constraint on this.”

“I expect to see more security executives reporting to the CEO, but not 50% next year,” he said. “I will expand the titles to include CISO and CSO, as the CRO title is most prevalent in financial services and may not exist in other verticals as a standalone role.”

Getting into MDR Business

Forrester also predicts that at least three cyber insurance underwriters will acquire a managed identification and response (MDR) provider in 2023.

While insurance providers began a more rigorous underwriting process in 2022, increased premiums and low coverage blind spots still exist, analysts explained.

They expect insurers to move aggressively into cybersecurity by acquiring MDR firms, many of which will be looking to exit a market that is too competitive.

Hicks agreed with Forrester’s forecasters. “This is a good way to add ARR . [Absolute Risk Reduction] in their revenue mix,” he said.

“We have already seen Aon and others buy out incident response firms, so this is another synergistic investment for insurers,” he continued. “It can also be a good way to manage staffing challenges, as many MDR firms also have incident response staff.”

Read More
By
Internet

Report finds threat to biometric data by social media By Techagents

Sharing high-resolution media online could inadvertently expose sensitive biometric data, according to a report released by a cyber security company on Tuesday.

This can be especially dangerous, said a 75-page report by Trend Micro, because people do not know they are exposing the information.

In the report, for example, the #EyeMakeup hashtag on Instagram, which has nearly 10 million posts, and the #EyeChallenge with more than two billion views, is enough to pass an iris scanner to uncover iris patterns.

“By publicly sharing certain types of content on social media, we give malicious actors the opportunity to source our biometrics,” the report states. “By posting our voice messages, we uncover voice patterns. By posting photo and video content, we highlight our face, retina, iris, ear-shaped patterns and, in some cases, palms and fingerprints. ,

“Since such data may be publicly available, we have limited control over its distribution,” it added. “Therefore we do not know who has already accessed the data, nor do we know for how long or for what purposes the data will be kept.”

not a panacea

The report covers what types of biometric data can be exposed on social media and outlines more than two dozen attack scenarios.

“The report suggests that biometric identification is not a panacea,” said Will Duffield, a policy analyst at the Cato Institute, a Washington, DC-based think tank.

“As we design detection systems, we need to be aware of technologies going down the pike and potential abuse in the real world,” he told TechNewsWorld.

“Trend Micro raises some valid concerns, but these concerns are not new to biometrics professionals,” Sami Alini, a biometrics specialist with Contrast Security, a maker of self-protection software solutions in Los Altos, Calif., told TechNewsWorld.

He said there are several ways to attack a biometric system, including a “presentation” attack described by the report, which substitutes a photo or other object for the biometric element.

To counter this, he continued, “viability” must be determined to ensure that the biometric presented is that of a living person and not a “replay” of a previously captured biometric.

Avi Turgman, CEO and co-founder of IronVest, an account and identity security company in New York City, agreed that “viability” is one key to thwarting attacks on biometric security.

“The Trend Micro report raises concerns about fraudulent biometrics created through social media content,” he told TechNewsWorld. “The real secret in fraud-proof biometrics is detecting liveliness, something that cannot be recreated through images and videos collected on social media.”

one factor not enough

Even when tested for liveability, biometrics can still be very easy to bypass, security awareness advocates at KnowBe4, a security awareness training provider in Clearwater, Fla., maintained.

“Holding the phone in front of a person’s face while sleeping can unlock the device, especially when they use it with the default settings, and collecting fingerprints is not a difficult task,” he told TechNewsWorld.

“What is even more worrying is that once the biometric factor is compromised, it cannot be changed like a password,” he said. “You can’t change your fingerprints or facial structure for a long time if you violate it.”

If the Trend Micro report shows anything, it’s that multi-factor authentication is a necessity, even if one of those factors is biometric.

“When used as a single factor for authentication, it is important to note that biometrics may be subject to failure or manipulation by a malicious user, particularly when that biometric data is publicly available on social media, Darren Guccione, CEO of Keeper Security, a password management and online storage company based in Chicago.

“As the capabilities of malicious actors using voice or facial biometric authentication continue to grow, it is imperative that all users implement multiple factors of authentication and use strong, unique passwords in their accounts to limit the blast radius. Apply if an authentication method is violated,” he told TechNewsWorld.

metaverse problems

“I don’t like to put all my eggs in one basket,” said Bill Malik, Trend Micro Vice President of Infrastructure Strategies. “Biometric is nice and useful, but having an additional factor of authentication gives me more confidence.”

“For most applications, a biometric and a PIN are fine,” he told TechNewsWorld. “When a biometric is used alone, it’s really easy to create.”

He stressed that the collection of biometric data will become an even greater problem when the metaverse becomes more popular.

“When you get into the metaverse, it’s going to get worse,” he said. “You’re putting on these $1,500 glasses that are designed to not only give you a realistic view of the world, but to find out what you like and don’t like about the world you see.” We are constantly monitoring your subtle expressions to find out.

However, he is not concerned that additional biometric data is being used by Digital Desperado to create deepfake clones. “Hackers are lazy, and they get everything they need with simple phishing attacks,” he declared. “So they’re not going to spend a lot of money for a supercomputer so they can clone someone.”

Device tied biometrics

Another way to secure biometric authentication is to tie it to a piece of hardware. With a biometric enrolled on a specific device, it can only be used to authenticate the user with that device.

Reed McGinley-Stempel, co-founder and CEO of Stitch, a passwordless authentication company in San Francisco, said, “This is the way Apple and Google’s biometric products work today — it’s not just the biometrics that you get when you use Face ID. Let’s check the time.”

“When you actually do a Face ID check on your iPhone, it checks that the current biometric check matches the biometric enrollment that’s stored in your device’s secure enclave,” he told TechNewsWorld.

“In this model,” he continued, “the threat of someone accessing your photos or fingerprinting yours doesn’t help them unless they have control over your physical device, which is something for attackers to climb into.” There is a very steep hill for the remote nature in which the cyber attackers operate.”

losing control of our data

The Trend Micro report states that as users, we are losing control over our data and its future uses, and the common user may not be well aware of the risks posed by the platforms we use every day. Is.

Data from social media networks is already being used by governments and even startups to extract biometrics and create identity models for surveillance cameras, it continued.

The fact that our biometric data cannot be changed means that in the future, such a wealth of data will be increasingly useful to criminals, it added.

Whether that future is five or 20 years ahead, the data is available now, it said. We are indebted to our future selves for taking precautions today to protect ourselves in tomorrow’s world.

trend micro report, Leaked Today, Exploited for Life: How social media biometric patterns affect your futureAvailable here in PDF format. No form is required to be filled at the time of this publication.

Read More
By
Internet

Forrester Report warnings about Web3 security By Techagents

The next generation of the Web – Web 3 – has been touted as more secure than the current incarnation of cyberspace, but a report released Tuesday warned that may not be the case.

According to a report by Forrester, a national technology research company, Web3 can be difficult to break into at the infrastructure level, but there are other points of attack that could provide threat actors with more opportunities for mischief than those found in legacy Web. can go.

Web3 applications, including NFTs, are not only vulnerable to attack; Forrester explained that they often offer a wider attack surface than traditional applications due to the distributed nature of blockchains.

Furthermore, it said, Web3 apps are desirable targets as tokens can be worth substantial amounts of money.

The openness of Web3, which is considered one of its main advantages, can also be a disadvantage. Martha Bennett, Vice President and Principal Analyst, Forrester, said, “The code that runs on a public blockchain is easily accessible by anyone with the necessary technical skills, from anywhere in the world – no need to enter corporate security to achieve this. Not there.” He is also a co-author of the report.

“Source code is generally readily available, because the focus is not on running closed source ‘smart contracts’. The Web3 ethos is, after all, ‘open code,'” she told TechNewsWorld.

unwanted complication

David Ricard, CTO of North America at Cipher, a division of Prosegur, a multinational security company, explained that Web3 is based on distributed control of data and identity by its users.

“This broadens the attack surface for individuals who may be unwilling or simply unable to handle the management of their own data and identities, bringing technical complexity to an area that is ‘above anything’ in use.” ‘easy’,” he told TechNewsWorld.

“Scrolling through personal, text messaging, email and social media and shopping apps is a real challenge for them,” he said.

He said the idea of ​​making Web3 code transparent and publicly available is unlikely to gain real traction. “There is a lot of money at stake between capital investors and users of blockchain financial systems and NFTs,” he said.

He further added that making the code transparent and public can also broaden the attack surface in a clear way. “Safe coding practices that predict how someone might abuse a system for nefarious gains are generally not practiced,” he explained. “It is not easy to predict how people might use the system for purposes other than those intended.”

“Most of the financial losses associated with blockchain and NFTs do not exploit immutable objects themselves, but rather manipulate them by exploiting applications that can affect them,” he said.

Furthermore, while legacy systems may be outdated, they may also be robust. “What’s new is also the most vulnerable,” said Matt Chiodi, chief trust officer at Cerby, creator of a platform to manage Shadow IT in San Francisco.

“While time is not always a friend of security, it allows an application to become battle tested,” he told TechNewsWorld. “Web 3 is no different. It’s new and not much tested. Legacy applications have a time advantage. Web3 doesn’t.”

NFT becoming popular target

Even if the code is visible and accessible, the report said, attackers will find weak points. This makes it clear that while attacks on smart contracts and cryptocurrency wallets are confined to the Wild West of decentralized finance, increasingly, NFT projects have become a favorite target.

“Why go for more difficult hacks if there are easier ways to get what you want?” asked Bennett. “Like any other venue where value is traded, [NFT] Markets and communication tools attract people who want to steal or otherwise break the rules.”

“For anything to do with Web3, speed is of the essence, and many of the people involved do not have the necessary expertise to assess a potential security issue,” she said. “Sometimes, startups don’t even advertise for a security chief until something bad happens.”

One of the biggest breaches of the NFT marketplace occurred in June at OpenC, which exposed nearly 1.8 million email addresses. “There was an inside threat involved in that particular case, but the applications that handle the transactions can be quite vulnerable,” Ricard said.

“There may be hundreds of thousands of ways this can be abused, which coders have to try to account for, yet a hacker only needs to discover a vector, once for a breach to occur. ,” They said.

Hangout for Scammers

Forrester also pointed out that social media network Discord has become a major weak point in NFTs and other public blockchain projects. Successful phishing attacks on Discord are at the root of many, if not most, NFT thefts, it continued.

It clarified that attacks are usually targeted at community managers and administrators. Once an administrator account is successfully taken over, attackers have the opportunity to steal extensively, as users rely on messages from community administrators.

Bennett noted that Discord was primarily designed as a communication platform for gamers, not for holding and exchanging value, and that it has mechanisms to mitigate risk. “But these mechanisms can only help if they are implemented, and it is clear that often, they are not,” she said.

“Furthermore,” she said, “Discord attracts a similar share of phishing attacks and scam messages, being the preferred communication mechanism for token projects.”

Ricard said the Discord communities provide a rich source of information for scammers, as well as investors. “The harvesting of participants’ contact information leads to phishing,” he said. “Hacks in digital wallets are not uncommon.”

“The Discord bot has been hacked, so threatening actors can post fake mining offers, resulting in the theft of cryptocurrencies,” he said.

Better security than legacy web?

Forrester’s report notes that in a fast-moving Web 3 world, it’s tempting to ignore security in favor of innovating quickly, but public safety issues can easily derail a major launch or product team. to analyze and mitigate critical security flaws.

Firms can identify risks and protect both the decentralized and centralized components of their Web3 applications by engaging their security teams not only in the software development lifecycle but throughout the product lifecycle.

“Web3 needs to shift its focus to the left, which means getting as much security as possible for developers and making prevention the ultimate goal,” Chiodi said. “Without this focus, Web3 would be indistinguishable from Web2. It would be a shame given its tremendous potential, especially around decentralized identity.”

“Web3’s distributed approach provides a variety of security capabilities, but the fundamental problems remain the same,” said Mark Bower, vice president of product at Anjuna, a confidential computing company in Palo Alto, Calif.

“If an attacker gains credentials, root-level privileges or access to keys — especially private keys that run throughout the ecosystem,” he told TechNewsWorld, “then it’s game over, as if this one in a centralized platform.”

Read More
By
Internet

IT security professionals push for consolidated standards, vendor products [Report] By Techagents

Cyber ​​security professionals want the computer industry to emphasize vendor consolidation and open standards.

This major change in the security networks of IT professionals is long overdue, according to new research from the Information Systems Security Association (ISSA) International and the independent industry analyst firm Enterprise Strategy Group (ESG), a division of TechTarget.

Seller consolidation and the push toward open standards is driven by buyers themselves, who are challenged by increasing complexity, cost, and the promotion of best-of-breed technology “equipment sprawl”.

Nearly half (46%) organizations consolidate or plan to consolidate the number of vendors they do business with. Concerned by the growing complexities of security operations, 77% of InfoSec professionals would like to see greater industry collaboration and support for open standards that promote interoperability.

Thousands of cyber security technology vendors compete against each other in multiple security product categories. Organizations want to optimize all the security technologies in their stack at once.

According to the research report, vendors supporting open standards for technology integration will be best positioned to meet this shift in the industry.

“Given that nearly three-quarters (73%) of cybersecurity professionals feel that vendors are engaging in promotions on substance, vendors who demonstrate a genuine commitment to supporting open standards are more likely to engage industry-wide. would be in the best position to avoid consolidation,” he said. Candy Alexander, Board President, ISSA International.

He said CISO vendors have become so burdened with noise and security “equipment dispersion” that for many, the wave of vendor consolidation is like a breath of fresh air.

Shift to security platform

ESG studied 280 cyber security professionals, most of whom are ISSA members. The results, released last month, focused on security processes and technologies, and show that 83% of security professionals believe the technology interoperability of the future depends on setting industry standards.

The report’s details demonstrate a cybersecurity landscape that looks favorably toward a security product suite (or platform) as it moves away from a defense-intensive strategy based on deploying best-of-breed cybersecurity products. This approach is based on historical precedent that has consistently increased organizational complexity and contributed to substantial operations.

“The report shows that massive changes are taking place within the industry in what many believe is a long time to come,” said John Oltsik, Senior Principal Analyst and ESG Fellow.

“The fact that 36% of organizations may be willing to purchase most security technologies from a single vendor speaks volumes for a change in buying behavior as CISOs are openly considering security platforms in lieu of best-of-breed point of view devices. are,” he said.

Why Jump from Best-of-Breed

The number of competing security suites has skyrocketed with many organizations managing 25 or more independent security tools. It follows that security professionals are now stressing the need to juggle so many independent security products to do their job.

Managing an assortment of security products from different vendors has increased training requirements, makes it difficult to get an overall picture of safety, and requires manual intervention to fill in the gaps between products. As a result, 21% of organizations are consolidating the number of cybersecurity vendors they do business with, and another 25% are considering consolidating.

“In general, buying, implementing, configuring and operating too many different tools has become very difficult, let alone ongoing support relationships with vendors. Consolidation management/operations makes sense,” says Oltsik told TechNewsWorld.

This ongoing complication is prompting 53% of cybersecurity professionals to purchase security technology platforms instead of best-of-breed products. The study showed that 84% of respondents believe a product’s integration capabilities are important, and 86% consider it important or important that integration with other products create best-of-breed products.

According to 60% of IT teams, strict integration between already separate security controls is a primary requirement rather than a best buy. Improved threat detection efficiency such as accurate high-fidelity alerts and improved cyber-threat detection were on the wish list for 51%.

generalized government mandate

Cybersecurity products cover the basics, noted Oltsik. This includes antivirus software, firewalls, some sort of identity management system, and a range of products for endpoint encryption.

“In many cases, these technologies are mandated by government and industry regulations,” he said. “The biggest influencer in cybersecurity protections is the US federal government which can and does mandate certain standards.

For example, the Security Content Automation Protocol (SCAP) is a synthesis of interoperable specifications derived from community considerations. The In-Process Cyber ​​Security Maturity Model Certification (CMMC) standard mandates certain security certifications for DoD vendors.

“We have also seen standards from industry, such as the activity of the Organization for the Advancement of Structured Information Standards (OASIS) and other OASIS standards. This week, we introduced the Open Cyber ​​Security Framework (OCSF), a standard data schema for security data. Saw the beginning. There are also many identity management standards,” he said.

Finding a shared security base

After reviewing this data, ESG and ISSA recommend that organizations encourage their security vendors to adopt open industry standards, possibly in collaboration with the Industry Information Sharing and Analysis Center (ISAC). In addition, there are some established security standards available from MITER, OASIS and Open Cyber ​​Security Alliance (OCA).

Many vendors speak in favor of open standards, but most do not actively participate or contribute to them. However, this lukewarm behavior can change quickly.

For this to happen, cybersecurity professionals – especially large organizations big enough to send signals to the market – establish best practices for vendor qualification.

In addition, they need to emphasize process requirements that include adoption and development of open standards for technology integration as part of a broader process for all security technology procurement, according to the report.

expected result

Cyber ​​security standards and vendor integration will strengthen the cyber security landscape against the continuing increase in cyber threats by easing product development and integration. Oltsik explained that this will allow industry and security teams to focus more on innovation and security fundamentals and less on building connectors for interoperability.

He sees an opportunity within the industry to support these efforts.

“It seems that some industry leaders are collaborating. I point to OCSF where 18 vendors agreed to support it,” he said.

This group includes a number of leaders – AWS, CrowdStrike, IBM, Okta and Splunk, for starters. He said another potential driver would be the support of large security technology customers.

Oltsik concluded, “If Goldman Sachs, GM, Walmart and the US federal government said they would only buy from vendors that support OCSF, it would really hit the industry.”

The full ESG-ISSA report titled “Technology Perspectives from Cyber ​​Security Professionals” is available here. No form filling is required.

Read More
By
Internet

Rapid EV adoption by low-income drivers needed to curb climate change: Report By Techagents

Low-income drivers behind the wheel of electric vehicles are expected to reduce greenhouse gases in the coming years, according to a report released Monday by the Information Technology and Innovation Foundation (ITIF), a science and technology think tank in Washington, DC. necessary to obtain.

Given the lack of low-carbon alternatives to internal combustion engines (ICEs) and the urgency of emissions reduction requirements for EVs to be market success, report authors Madeline Yozwiak, Sanya Carly and David M. Koninsky.

Because of the stakes involved, he continued, the technology maturity path for EVs needs to move faster than an emerging technology.

There is a need for rapid adoption of this young technology if local and global policy goals are to be met, he added. This implies that a wider range of consumers should buy an EV earlier in the adoption process than similar technologies

Since traditional approaches to incentivizing the purchase of EVs may fail to reach low-income and disadvantaged communities, the authors argue that innovation should help address the disparities in EV adoption and assist the broader goal of mass adoption. would be an important strategy.

They believe that by intentionally involving a diverse range of users in the adoption process, technology providers can more effectively identify issues and modify technology to successfully appeal to the mass market.

barriers to adoption

Rob Enderle, president and principal analyst at Enderle Group, an advisory services firm in Bend, Ore., agreed that low-income and disadvantaged people who drive cars are critical to the decarbonization of the environment. “That’s where most non-compliant gas cars live, which makes it an important milestone in reducing automotive-based pollutants,” he told TechNewsWorld.

“Be aware, however,” he warned, “that most areas still do not yet have sufficient power generation and distribution capacity for these clusters.”

The ITIF report said the top three barriers to EV adoption – range, price and charge time – affect low-income and disadvantaged drivers more than others.

“Standard barriers may be experienced more acutely for low-income individuals than for middle-income individuals,” Yozwick said.

For example, when it comes to low-income drivers, incentives designed to encourage the purchase of EVs can leave their mark.

“The upfront cost is higher than for internal combustion vehicles, yet the primary form of government-created incentive is a tax credit of $7,500,” Yozwiak told TechNewsWorld. “But to benefit from that policy, you must have at least $7,500 in tax liability.”

“If you make $30,000 a year, you won’t have that much in tax liability, so you won’t get the full benefit of that credit to lower the cost of the vehicle compared to higher-income buyers,” she explained.

rich man with garage

Charging an EV can be even more challenging for low-income and disadvantaged drivers. David M. Hart, director of ITIF’s Center for Clean Energy Innovation, told TechNewsWorld, “Low-income people are more likely to live in multi-family dwellings and less likely to have a place to directly charge a car “

Anderle said that because of constraints like price, range and charging time, EVs are often the second car in the family. “Low-income groups likely only have one car that they primarily use, and that is the car that needs to be replaced,” he said.

The report also noted that strategies to accelerate EV adoption among low-income and disadvantaged communities include prioritizing communication and marketing, revisiting perceptions and biases about early adopters, and increasing demand and universal benefits. should be involved in designing government programs to maximize

“Perceptions about who is using this technology inform a variety of decisions,” Yozwick said. “Those decisions result from what defines the types of incentives and policies the technology has made to encourage its adoption.”

“If those decisions are based on misconceptions about who is buying the technology or who can buy it,” she continued, “you perpetuate a bias that could further impact access.”

“When car sellers think of early adopters, they think of wealthy men with garages,” Hart said. “If they focus solely on that group, they will be slow to adopt these vehicles because they will be seen as the province of the rich. We need these vehicles to perform the mobility tasks that all of us need. People need it.”

Enderle notes that EVs were initially offered at the premium end of the market and that public chargers are positioned to serve that segment of the buyer. “Low-income households may not have the power to power a Level 2 charger or the location to install it,” he said.

“Public charging will need to be installed that is more convenient for those populations,” he continued, “such as street inductive charging – which requires less maintenance and is less prone to vandalism – that is available on the ground from companies such as Witricity. achieving.”

Tesla Witricity with Wireless Charger

WiTricity Halo wireless charging for EVs was announced in February.

incentive work

Another takeaway from the report was that the federal government could help increase benefits to the low-income and disadvantaged by modifying the federal tax credit for EV purchases to make it eligible for a refundable, or carry-forward, charging infrastructure. To expand access to and help. Upgrades to older homes.

If the tax credit was refundable, for example, a person who only paid $3,000 in taxes would receive a $3,000 tax credit and a $4,500 refund check from Uncle Sam, or with a carry-forward, they would get a $4,500 tax credit. 3,000 and will be able to carry the remaining credit to subsequent tax years.

Incentives like tax credits can boost sales, said Edward Sanchez, senior analyst at Strategy Analytics, a global research, advisory and analysis firm. “Norway recently removed some incentives because they exceeded the 50% threshold for EVs in the form of new car sales, and soon after removing that credit, they saw a drop in EV sales,” he told TechNewsWorld. Told.

“The long goal for manufacturers is to bring the price up to the point where subsidies and credits are no longer needed, but we are not quite there yet,” he said.

move in mass transit

Since most Americans buy used cars, the best thing to do to accelerate EV purchases by low-income and disadvantaged drivers is to accelerate sales of new vehicles, according to E-Mobility Insights in Detroit. Sam Abuelsamid, a leading analyst, said. “As they filter into the used vehicle fleet, they may become more economical,” he told TechNewsWorld.

“The only other thing we can do is encourage people to get out of old vehicles and use mass transportation,” he said.

“As long as Americans want to continue driving their vehicles,” he said, “it’s going to be at least 2040 before you significantly reduce the existing vehicle fleet.”

Read More
By