Security

DDoS attacks have surged by 106%, data reveals

Zayo Group, a global communications infrastructure provider, has released its latest bi-annual Distributed Denial of Service (DDoS) Insights Report, which includes details of a 106% increase in attack frequency from H2 2023. The report also found that an average DDoS attack now lasts 45 minutes - an 18% increase from this time last year - costing unprotected organisations approximately $270,000 (£210,000) per attack at an average rate of $6,000 (£4,700) per minute. It takes very little time, expertise or investment to run a DDoS attack, and with the AI boom, bot-based attacks have made it even easier to attack more often, in a more sustained manner, and with more requests per second. Beyond intensifying frequency and duration, AI is also driving the increased pervasiveness of DDoS attacks across many industries. In fact, for the first time in this report’s history, HR and staffing, legal and consulting, and transportation firms surfaced as victims of the top 10% of the largest DDoS attacks seen. Tema Hassan, Senior Product Manager at Zayo Europe, says, “Recent trends in Distributed Denial-of-Service (DDoS) attacks in Europe reveal a significant escalation in both frequency and sophistication. The number of attacks has surged, driven largely by geopolitical conflicts. This has led to an increase in attacks on critical sectors like financial services, telecommunications, and internet service providers, which are vital to national infrastructure. “New attack techniques, such as those exploiting vulnerabilities in modern web protocols like HTTP/2, have emerged, adding complexity to the threat landscape. Traditional methods like DNS-based attacks also remain prevalent and have grown in scale. In response, countries within Europe are implementing stricter cybersecurity regulations to bolster defence mechanisms against these evolving threats.” Max Clauson, SVP of Network Connectivity at Zayo, adds, “As we predicted last year, DDoS attacks in the age of AI have become more persistent and frequent across all industries, and our latest report confirms this heightened level as the new norm. What’s worse, if this trend continues, we expect attacks could increase another 24% by the end of the year. The only way to fight back is to add protection to your tech stack. When your business is protected, attackers have no other option but to move on to find an easier target.” Key findings by industry: • Telecommunications companies are still the most-targeted industry, making up 57% of all attacks. Other familiar industries experiencing the most frequent attacks include education (19%), manufacturing (5%), and cloud/SaaS (5%).• Manufacturing has replaced retail as the industry facing the largest DDoS attacks, followed by healthcare (up 128.5% compared to H1 2023). Not only did this industry experience a 308% increase in attack duration from 2023 to 2024, these companies also suffered a 200% increase in DDoS attack size.• Government entities continued to be the victims of the longest duration attacks, with an average attack time of over six hours. This is up 41% from the H1 2023. For nearly 30 years, DDoS attacks have been effective and the introduction of AI to deploy and elevate these attacks is only allowing them to evolve, growing more powerful, subversive, and frequent. Zayo says that every business must understand that it is a target, regardless of industry or size. The financial and reputational damage caused by DDoS attacks can be devastating, leading to significant revenue losses and long-term harm to brand trust. Additionally, the cost of mitigating attacks and restoring services is substantial, draining resources that could be better spent on growth and innovation. The only fighting chance businesses have is to implement a proper network protection strategy, Zayo tells us. To view the full report and learn more about how Zayo can help protect your business from cyber attacks, click here. For more from Zayo, click here.

Keepit platform named winner at the 2024 SaaS Awards

Keepit, a global provider of a comprehensive cloud backup and recovery platform, has announced its success in the 2024 Cloud SaaS Awards programme by being named a winner in the 'Best Use of SaaS in a Cloud Ecosystem' category. The company was also a finalist in the 'Best Security Innovation in a SaaS Product (SME)' and 'Best Security Innovation in a SaaS Product (Enterprise)' categories. A long-established awards programme spanning 56 categories, The SaaS Awards recognises the leading innovations and applications of software-as-a-service solutions across a wide range of use cases and sectors. The programme received entries from organisations worldwide, including North America, across Europe, and APAC. Michele Hayes, CMO at Keepit, comments, “The Keepit platform is a must for companies looking to ensure cyber resiliency. We are honoured to have been named as a winner at the 2024 SaaS Awards. This, alongside the slew of other recent accolades, underscores our cloud native roots and commitment to providing our customers with best-in-class data protection.” James Williams, CEO of The Cloud Awards, adds, “We’re thrilled to reveal the winners of the 2024 SaaS Awards after three intense rounds of judging. It’s been an outstanding edition of the awards this year, and the team and I would like to thank all those organisations that entered. “Keepit has demonstrated an unwavering commitment to innovation and excellence and is a more than deserving winner of Best Use of SaaS in a Cloud Ecosystem. The calibre of the finalists this year was particularly high, which is a testament to this wonderful achievement. “A huge congratulations to Keepit, and to all of 2024’s winners. We are extremely excited to see how they continue to drive the industry forwards in the coming years.” Secure by design, the Keepit cloud is owned and run by Keepit. Customer data is kept in a separate, dedicated infrastructure, with the backed-up data stored fully isolated from the SaaS vendor’s cloud. With a user-friendly interface, robust data security, and the ability to adapt to the user's cloud environment, Keepit ensures data is always accessible and protected. For more from Keepit, click here.

Veeam brings data resilience to Microsoft 365 users

Veeam Software, the data resilience specialist, has announced the next generation of Veeam Data Cloud for Microsoft 365 with the new capabilities offered by Microsoft 365 Backup Storage. Veeam Data Cloud, which is built on Microsoft Azure, provides backup-as-a-service (BaaS) for Microsoft 365, enabling data resilience and leveraging powerful data protection and security technology within a simple, seamless user experience. As a launch partner for Microsoft 365 Backup Storage, Veeam is leveraging the latest Microsoft technology with Veeam Data Cloud for Microsoft 365 to deliver lightning-fast backup and recovery capabilities for large Microsoft 365 environments, ensuring organisations protect critical data against cyberattacks and data loss scenarios, further enabling complete data resiliency. This solution further strengthens Veeam’s position in protecting Microsoft 365 users, with over 21 million users already under Veeam's protection. John Jester, Chief Revenue Officer (CRO) at Veeam, comments, “One of the benefits of our multi-year strategic partnership with Microsoft is rapidly bringing new advances to our joint customers and partners. This new release combines the benefits of Veeam’s industry-leading technology – in both data protection and ransomware recovery – with the latest Microsoft 365 data resilience capabilities introduced by Microsoft, and extends them to even more customers using Microsoft 365. “In addition, we’re making great progress in our joint innovation bringing the power and insights of Microsoft Copilot to the Veeam product family. As the leader in Microsoft 365 protection with over 21 million users protected, Veeam together with Microsoft provides the ultimate Microsoft 365 backup and recovery solution and sets the standard for how enterprises manage data protection.” Microsoft's new backup technology is seamlessly embedded inside Veeam's backup service for Microsoft 365, combining the new high-speed backup and recovery capabilities with Veeam's established and unmatched restore and eDiscovery options tailored to meet any potential data loss and compliance scenario. This powerful fusion, where speed and scale meet control and flexibility, empowers organisations with the best of both worlds. Zach Rosenfield, Director of PM for Collaborative Apps and Platforms at Microsoft, comments, "The collaboration with Veeam is an advancement in assisting our shared clients with quick recovery after cyber incidents. We look forward to deepening our collaboration to improve data protection for users." Veeam Data Cloud for Microsoft 365 with Microsoft 365 Backup Storage delivers: • Speed and scale: This latest offering from Veeam and Microsoft is designed to manage large volumes of data seamlessly, with the ability to protect and restore 100+ TBs of data or 10,000-plus objects. With this advanced solution, what used to take weeks or months is now accomplished within hours. • Disaster recovery: This new solution offers bulk restores at scale, ensuring increased resilience to ransomware or malware attacks and minimising downtime. Veeam Data Cloud for Microsoft 365 with Microsoft 365 Backup Storage empowers organisations to bounce back quickly from any data loss scenario. Organisations no longer have to choose between paying a ransom or enduring weeks or months of data restoration. • Future readiness: As part of a new five-year strategic partnership, Veeam is developing future solutions with Microsoft integrating Microsoft Copilot and Azure AI services to enhance data protection for Microsoft 365 and Azure. These solutions will simplify operations, automate administrative tasks, and allow organisations to allocate resources to business-critical initiatives, ensuring they stay ahead in a rapidly changing digital landscape. “As adoption of Microsoft 365 increases, the volume and criticality of their associated data sets is also growing,” says Krista Macomber, Research Director at The Futurum Group. “Without the proper data protection solution, this can lead to highly time-consuming, cumbersome backup processes - ultimately resulting in delayed, missed, or incomplete backups. Equally an issue, it can also lead to slow and incomplete recovery processes. This cannot be afforded, especially given the need for resiliency against the onslaught of cyberattacks. Veeam is directly addressing these challenges with the most recent update to its Microsoft 365 backup capabilities.” Veeam Data Cloud for Microsoft 365 with Microsoft 365 Backup Storage will be available in early August. Three packaging options (Express, Flex, and Premium) are available to accommodate Veeam and Microsoft customers. For more from Veeam, click here.

The US States most at risk of cyberattacks

Global cybercrime costs are projected to soar from $9.22 trillion (£7.14 trillion) in 2024 to $13.82 trillion (£10.7 trillion) by 2028, research has revealed. In the United States alone, these costs are forecasted to exceed $452 billion in 2024. Alarmingly, in 2023, three in four companies in the United States were at risk of a material cyberattack, according to chief information security officers (CISO). With this in mind, cybersecurity and compliance expert, Kiteworks, sought to identify the US states where businesses are most at risk of cyberattacks. To do so, the company created a points-based index which analysed a variety of factors such as annual victim counts, financial losses from cyberattacks, increases in both victims and losses, and the types of cyberattacks experienced. Key findings: Colorado is the state where businesses are most at risk of cyberattacks, with a risk score of 7.96. Colorado has seen a 58.7% increase in victim losses since 2017 With the highest population of 38 million, California’s annual cyberattack losses amount to over $656 million The state of Missouri has the biggest four-year moving increase in financial losses attributed to cyberattacks, with a 136% increase since 2017 Virginia is the only state to see a decrease in cyberattack victims since 2017, with a decrease of 10.8% Colorado is the state where businesses are most at risk of cyberattacks, with a risk score of 7.96 out of 10. Despite its mid-sized population of 5,877,610, Colorado experienced the highest rate of cyberattacks since 2017 and has reported 10,776 annual victims from 2020. Despite Colorado only seeing a moving increase of 3.8% in victims since 2017, the state has faced significant financial losses due to cyberattacks, with a 58.7% increase in losses since 2017, amounting to $104,476,603. This is 65% higher than in the neighbouring state of Utah ($53,047,234). This could be due to Colorado’s aging population, as reports show people over the age of 75 are most likely to report repeat cybercrime victimisation. New York is in second place, with a risk score of 7.84 out of 10. As the fourth most populous state with 19,571,216 residents, New York reported 27,205 annual victims between 2020-2023. By contrast, Massachusetts reported one third the number of victims (8,749) over the same period as New York. New York has seen a 14.4% increase in victims over four years, with reports showing cyberattack complaints up 53% since 2022. The financial losses from cyberattacks in the state have also surged by 75.7%, totalling a staggering $440,673,485 lost. Nevada ranks third with a risk score of 7.62 out of 10, reflecting the state's growing vulnerability to cyberattacks. With a population of 3,194,176, Nevada reported 10,551 annual victims from 2020 to 2023. The state has experienced a significant 27.6% increase in victim counts over four years, indicating a rapid rise in cybercrime incidents. Just earlier this year, the state's Gaming Control Board’s website was hit with a cyberattack, resulting in the site being offline for several days. The financial losses from cyberattacks have risen in Nevada by 25.2% since 2017, totalling to $44,994,168, 72% more than the neighbouring state of Idaho ($12,427,049). Business Email Compromise (BEC) is the cyberattack in the US with the highest financial impact, with losses exceeding $1 billion ($1,747,924,931) since 2020 and an average loss of $88,350 per incident. BEC attacks involve fraudsters impersonating business executives or employees to deceive victims into transferring funds or revealing sensitive information. Credit card and check fraud rank second, causing $516,046,155 in total losses and an average loss of $27,039 per incident. This fraud typically involves unauthorised use of payment information. Malware attacks, in third place, have resulted in losses of $237,469,021 with an average loss of $83,235 per incident. Non-payment/non-delivery attacks are the most common US cyber threat since 2020 with 60,113 incidents, which involves fraudsters tricking victims into paying for undelivered goods or services. The second most prevalent is personal data breaches, with 40,523 incidents, which can involve unauthorised access to sensitive information often leading to identity theft and fraud. Patrick Spencer, a spokesperson at Kiteworks, comments, “Our study reveals a concerning trend: cyberattacks are on the rise, both in frequency and financial impact. As cyber threats continue to evolve, proactive investment in advanced security technologies and employee training can significantly enhance a company's resilience against cybercrime, as well as a greater focus on data security. “Businesses should adopt a content-defined zero trust approach to secure their sensitive communications. By consolidating email, file sharing, SFTP, managed file transfer, and web forms into a private content network protected by a hardened virtual appliance, organisations can ensure that sensitive content is only accessed by authorised users. This approach provides advanced security, comprehensive governance, and regulatory compliance, ensuring the protection of sensitive content.” For more from Kiteworks, click here.

New bill protecting public services from cyberattacks

In yesterday's King’s Speech (17 July 2024), the new Labour government pledged to strengthen the UK’s cybersecurity and resilience, promising to introduce new legislation designed to protect critical infrastructure and the digital services businesses rely on from highly damaging cyberattacks. The Cyber Security and Resilience Bill will expand the remit of existing regulation to cover a broader range of digital services and supply chains, put regulators in a better position to ensure best practices are implemented, and mandate increased reporting so that better data on cyberattacks, and their impact, is available. This comes following a series of cyberattacks against public bodies throughout the year, including attacks targeting the NHS and MoD. Darren Anstee, Chief Technology Officer for Security at NETSCOUT, comments on the new Cyber Security and Resilience Bill, and the best practices for organisations to implement to improve their cyber resilience: “The existing regulations in the UK, introduced in 2018, have helped to ensure that critical national infrastructure and the services it delivers are defended from cyberattacks. As we’ve seen recently though, attackers are targeting these services indirectly by going after elements of their supply chain. We’re also seeing the nature of the threats we all face evolve, with more sophistication and broader, as well as increasingly persistent, activity from nation-state affiliated actors. Given this, broadening the scope of regulation, and giving the regulators more powers to ensure best practices are followed, can only be a good thing. “Equally important is the ability to mandate increased incident reporting. A broader, deeper and more timely view into the nature of the incidents that organisations experience can help to both refine best practices and ensure that companies can move quickly to prevent attackers repeating their success. Bad actors share tools and techniques – organisations delivering critical services, and those involved in their supply chains, should follow suit, working with one another, or via industry and government institutions that can aid communications. “What’s key in delivering better reporting capability, from a technology perspective, is that organisations have consistent visibility across their increasingly diverse infrastructures, without blind spots at internal or external technology borders. Consistent broad and deep visibility helps to ensure comprehensive threat detection, but also speeds up investigation and delivers the forensic capability required.” For more from NETSCOUT, click here.

Verkada launches AI-powered search

Verkada, a provider of cloud-based physical security solutions, has announced it will offer customers a new AI-powered search in Beta. Leveraging a large language and large vision model, Verkada’s AI-powered search will enable customers to use everyday language to search their video security camera footage for people and vehicles, making their investigations even more intuitive and efficient. “Our new AI-powered search is an exciting expansion of the way that Verkada leverages the latest AI and computer vision models to keep people safe,” says Brandon Davito, Senior Vice President of Product at Verkada. “We are eager to continue improving and expanding our capabilities as we make Verkada’s platform the operating system of buildings of the future.” With the ability to search for people and vehicles across a much wider – and more granular – range of descriptive features, Verkada customers can now search through footage faster than ever. AI-powered search also enables customers to address industry-specific operational concerns – everything from retailers looking to identify shoplifters to manufacturing customers looking to ensure workplace safety. Verkada customers already beta testing its AI-powered search have been able to reduce the amount of time spent on investigations. Retail customers, for example, are saving time by searching for specific objects on a person like, “person wearing a striped sweater” or “person with a red purse near front door.” Verkada also announced a range of additional features and updates across its platform, including: an integration with ASSA ABLOY WiFi locks, a new Door Unlock API, four additional FIPS-validated Bullet cameras, and more. Designed with simplicity in mind, Verkada's six product lines – video security cameras, access control, environmental sensors, alarms, workplace, and intercoms – provide building security through an integrated, secure cloud-based software platform. Over 24,000 organisations across 85 countries worldwide trust Verkada as their physical security layer for easier management, intelligent control, and scalable deployments. For more from Verkada, click here.

Organisations struggling to control sensitive content, study finds

Kiteworks, which delivers data privacy and compliance for sensitive content communications through its Private Content Network, has unveiled its 2024 Sensitive Content Communications Privacy and Compliance Report, offering critical insights into the current state of sensitive content communications. The report, based on a comprehensive survey of 572 IT, security, risk management, and compliance leaders, reveals significant vulnerabilities and challenges faced by organisations in managing and securing their sensitive information. Among the key findings, the report highlights significant global challenges in managing sensitive content communications. When data is sent or shared externally, 57% of global respondents said they cannot track, control, and report on these activities. Not surprisingly, compliance reporting is a major challenge, with 34% of respondents generating audit log reports over eight times per month to satisfy internal and external compliance requests. This frequent reporting requirement reflects the ongoing struggle to meet stringent regulatory demands. Tim Freestone, Chief Strategy and Marketing Officer at Kiteworks, emphasises the urgency of addressing these vulnerabilities: “Our report uncovers significant gaps that organisations must address to protect their sensitive content and comply with increasingly stringent regulations. The insights provided are a call to action for businesses to re-evaluate their content communication strategies and invest in robust security solutions.” Proliferation of content communication tools leads to risks The 2024 Kiteworks report highlights significant shifts and ongoing challenges in the use of content communication tools. Nearly one-third of respondents said their organisations rely on six or more content communication tools. In addition to ratcheting up risks, managing this tool soup decreases operational efficiency and makes it difficult to generate consolidated audit logs. Preventing leaks of intellectual property (IP) and sensitive secrets is a top priority for 56% of respondents, underscoring the critical importance of protecting valuable information assets. In contrast, fewer organisations prioritise the impact on brand reputation (15%) and cost savings (26%). This shift indicates a growing focus on the direct risks associated with data breaches and information leakage. Particular sectors express heightened concerns over IP leakage. In the legal sector, for example, 75% of respondents cite this as a significant risk, reflecting the industry's reliance on confidential information. Similarly, the oil and gas sector, with its proprietary technologies and sensitive data, shows considerable concern over IP leakage. These findings highlight the need for sector-specific strategies to address unique vulnerabilities and reinforce the importance of robust content communication practices across all industries. Impact of data breaches External malicious hacks of sensitive content communications remain a serious risk globally. 32% of organisations reported experiencing seven or more sensitive content communications breaches last year. This is a slight improvement from 2023, where 36% of organisations reported such breaches. However, 9% of respondents globally admitted they do not know if their sensitive content was breached, indicating a significant gap in advanced security detection and incident response capabilities. The federal government sector reported the highest incidence of breaches, with 17% indicating they had 10 or more breaches and another 10% reporting seven to nine breaches. Alarmingly, 42% of security and defence organisations admitted to having seven or more breaches, highlighting the critical need for enhanced security measures in these sectors. Geographically, APAC had the highest percentage of organisations reporting seven or more breaches, at 43%. This high number is concerning given the extensive third-party exchanges in the region. The legal costs associated with data breaches remain high, with 8% of organisations incurring over $7 million (£5.4m) in legal fees last year, and 26% reporting costs exceeding $5 million (£3.9m). Larger organisations, especially those with over 30,000 employees, faced even higher costs, with 24% reporting legal fees over $7 million. Higher education emerged as the most affected industry, with 49% of respondents indicating they paid over $5 million in legal fees last year. Geographically, the Americas topped the list, with 27% of organisations reporting legal costs over $5 million, while 12% of EMEA respondents were unsure of the financial impact. Organisations struggle to manage third-party risk Managing third-party risk continues to be a significant challenge for organisations worldwide. The report reveals that 66% of organisations exchange sensitive content with 1,000 or more third parties, although this is a decrease from 84% in 2023. This reduction suggests that organisations are increasingly recognising the risks associated with extensive third-party interactions and are implementing measures to control access more effectively. The APAC region has the highest volume of third-party connections, with 77% of organisations exchanging sensitive content with 1,000 or more third parties. Within the professional services sector, 51% of organisations exchange sensitive content with 2,500 or more third parties, significantly higher than the next highest industry, higher education, at 47%. A concerning 39% of organisations globally are unable to track and control access to sensitive content once it leaves their domain. Surprisingly, compared to IT and risk and management professionals, cybersecurity professionals cited greater confidence in their organisations’ ability to track and control access to content once it leaves their domains (48% said they track and control three-quarters or more). This issue is particularly pronounced in the EMEA region, where 43% of organisations admit to losing the ability to track and control access to more than half of their sensitive content once it is shared externally. Local government organisations face the greatest challenge, with 54% unable to track and control sensitive content after it leaves their organisation, followed by pharmaceutical and life sciences companies at 50%. Sensitive content communications security needs improvement The report underscores the pressing need for improvements in managing sensitive content security. Only 11% of organisations believe no improvement is needed, a significant drop from 26% in 2023. This indicates a growing awareness of security risks and the necessity for enhanced security measures. The need for significant improvements is especially pronounced in the professional services sector, with 47% of firms acknowledging this need, and in large organisations where over half of respondents from companies with 20,001 to 30,000 employees reported a need for significant improvement. When it comes to using advanced security technology for internal sensitive content communications, only 59% of respondents indicate they do so all the time. The EMEA region lags, with only 53% consistently using advanced security measures, compared to 67% in the Americas and 57% in APAC. State governments are leading in this area, with 71% reporting consistent use of advanced security technologies, followed by higher education institutions at 65%. Organisations are also prioritising security certifications and validation, with ISO 27001, 27017, and 27018 topping the list as the most critical certifications. These were followed by NIST 800-171/CMMC 2.0. Notably, 59% of EMEA organisations prioritise ISO certifications, higher than other regions. In contrast, IRAP was more frequently selected by APAC organisations. The findings reflect a strong regional focus on different security standards based on local regulatory environments. File size limitations pose additional challenges, particularly in the energy and utilities sectors. About 34% of respondents implement over 50 workarounds monthly due to email file size restrictions. For managed file transfers and SFTP, 27% and 31% respectively face similar limitations. Energy and utility firms are significantly affected, with 29% encountering email file size issues 50 times or more monthly, and 36% facing managed file transfer limitations. Compliance challenges persist for sensitive communications This year, 56% of organisations indicated that they require some improvement in compliance management, a significant increase from 32% in 2023. This growing concern reflects the increasing complexity and stringency of regulatory requirements. Key compliance concerns for organisations include GDPR and US state privacy laws, with 41% of respondents citing each as their primary compliance focus. This aligns with regional priorities, as a higher percentage of EMEA organisations emphasise GDPR compliance, while US organisations focus more on state privacy laws. Risk and compliance leaders pinpointed GDPR as their biggest compliance area (52%). IT leaders, in contrast, listed US State data privacy laws as their top priority (52%). The frequency and burden of generating audit log reports remain substantial. About 34% of organisations report that they must generate audit logs more than eight times per month to satisfy internal and external compliance requests. This task consumes significant resources, with 31% of respondents spending over 2,000 staff hours annually compiling these reports. Larger organisations face an even greater burden, with 32% of those with over 30,000 employees spending more than 2,500 hours annually on compliance reporting. Notable compliance gaps persist across various industries. For example, only 38% of security and defence contractors prioritise CMMC compliance, which poses a significant risk given the impending enforcement of CMMC 2.0. Failure to comply with these standards could result in the loss of Department of Defense contracts. These gaps highlight the critical need for organisations to prioritise and invest in robust compliance strategies to address evolving regulatory demands and mitigate associated risks. Organisations struggle to classify data and assess risk Organisations continue to face challenges in effectively classifying data and assessing associated risks. More than half (51%) of organisations report that less than 50% of their unstructured data is tagged and classified. This lack of comprehensive data classification poses significant risks as unstructured data often contains sensitive information that needs protection. Additionally, 40% of organisations indicate that 60% or more of their unstructured data requires tagging and classification. This highlights the growing recognition of the importance of data management practices in mitigating security and compliance risks. Sector-specific risks are also prominent. For instance, energy and utilities firms are particularly concerned about the integration of generative AI (GenAI) technologies, with 50% citing this as a significant risk. Higher education institutions focus on protecting personally identifiable information (PII), with 50% highlighting this concern. In the healthcare sector, 58% of organisations prioritise the protection of protected health information (PHI). When it comes to data types that are the biggest risk, IT as well as risk and compliance leaders ranked financial documents (56% and 61% respectively) at the top of their lists. Cybersecurity leaders, in contrast, listed IP at the top of their risk priorities (51%) followed by financial documents (46%). These findings underscore the critical need for organisations to enhance their data classification efforts and adopt tailored risk management strategies to address the unique challenges of their respective industries. Actionable Kiteworks report outcomes The 2024 Kiteworks report highlights an urgent need for organisations to address gaps in sensitive content communications security and compliance. As the threat landscape evolves, it is imperative for businesses to implement robust strategies to protect their sensitive information. Patrick Spencer, VP of Corporate Marketing and Research at Kiteworks, emphasises the importance of sensitive content communications privacy and compliance: “The 2024 report exposes critical gaps in how organisations manage and secure their sensitive data. With a significant number of organisations experiencing multiple data breaches and struggling to meet compliance requirements, it is imperative that businesses take proactive steps to fortify their sensitive content communication strategies. The report’s findings underscore the need for organisations to adopt comprehensive solutions that incorporate next-generation digital rights management (DRM) capabilities. By maintaining control over sensitive content even after it has been shared externally, businesses can effectively mitigate risks and ensure the privacy and compliance of their most valuable information assets.” Kiteworks addresses these challenges by providing a comprehensive Private Content Network for managing sensitive content communications. The platform offers advanced encryption, secure file sharing, and compliance management tools, all integrated into a single platform to enhance security and operational efficiency. Recent next-gen DRM additions to the Kiteworks platform, SafeEDIT and SafeVIEW, further enhance the protection of sensitive content. SafeEDIT enables secure editing and collaboration on sensitive documents, tracked and controlled. SafeVIEW provides a secure environment for viewing sensitive content, preventing unauthorised copying, printing, or sharing. To read the full report, click here.

Avaneidi secures funding to advance data security

Avaneidi, an innovative Italian start-up specialising in security enterprise storage systems, has announced an €8 million (£6.7m) Series A funding round by United Ventures. The investment underscores a shared commitment to advancing solid-state storage technologies, enhancing data security, and promoting a sustainable digital transition. Avaneidi develops comprehensive enterprise storage systems based on a rigorous 360-degree, multi-level 'security by design' approach, enabling an unprecedented degree of cyber security, protection and data reliability for enterprise-grade applications. Avaneidi’s storage technology advancements boost performance, security and reduce energy consumption. This allows electronic devices and data centres to increase their operating efficiency and limit their carbon footprint, addressing key sustainable development goals such as clean energy and sustainable industry innovation. Avaneidi’s Enterprise Solid State Drives (ESSDs) utilise tailor-made chips and advanced algorithms, providing a bespoke solution optimised for performance and cyber security applications. Designed for on-premise data centres, their storage appliances offer a cost-effective, highly efficient alternative to traditional storage solutions, featuring extended drive lifetime, improved security and significant energy savings. “Our mission at Avaneidi is to pave the way for more secure, efficient, and sustainable data storage solutions,” says Dr. Rino Micheloni, CEO of Avaneidi. “This funding will keep us at the forefront of the market, enabling us to accelerate the development of our enterprise ESSDs and all-inclusive storage appliances. Unlike off-the-shelf products, our solutions address cyber security and data governance issues by leveraging a tight hardware-software co-design while offering extensive customisation options.” Avaneidi targets organisations and industries that are highly sensitive to data governance and security, particularly within the rapidly evolving field of AI applications, where these issues are of paramount importance, such as finance, defence, automotive and healthcare. By prioritising data integrity and protection, Avaneidi empowers entire industries to better leverage AI technology safely and effectively when it comes to storage solutions. Avaneidi’s technology’s potential has attracted the attention of major industry players, the company states. Negotiations and preliminary agreements are in place to validate and expand the market reach of its innovative products. “United Ventures invests in technologies that have a tangible positive impact,” states Massimiliano Magrini, Managing Partner at United Ventures. “Avaneidi's vision and mission to enable organisations to make better and more sustainable storage decisions, focusing on governance and data security, align with our investment philosophy. By channeling resources into AI infrastructure like Avaneidi’s, we aim to facilitate the development of technologies that will redefine industries and transform tomorrow's society.” As the AI sector rapidly expands, robust infrastructure for advanced AI applications is paramount. According to recent estimates, the AI infrastructure market is projected to grow from $25.8 billion (£20.3bn) in 2022 to $195 billion (£153.9bn) by 2027, reflecting a compound annual growth rate (CAGR) of 50%. This surge is driven by significant advancements in AI computing, which is expected to escalate from $15.8 billion (£12.4bn) in 2022 to $165 billion (£130.2bn) in 2027, achieving a 60% CAGR.

Acronis expands security portfolio with new XDR offering

Acronis, a global leader in cybersecurity and data protection, has introduced Acronis XDR, the newest addition to the company’s security solution portfolio. Designed to be easy to deploy, manage, and maintain, Acronis XDR expands on the current endpoint detection and response (EDR) offering and delivers complete natively integrated, highly efficient cybersecurity with data protection, endpoint management, and automated recovery specifically built for managed service providers (MSPs). Cyberattacks have become increasingly sophisticated due to cybercriminals deploying AI and attack surfaces expanding, allowing businesses to be more vulnerable to data breaches and malware. To protect their customers, MSPs who offer security services commonly only have a choice of complex tools with insufficient, incomplete protection that are expensive and time-consuming to deploy and maintain. As a direct response to these challenges, Acronis XDR seeks to provide complete protection without high costs and added complexity. “Acronis makes a compelling entrance into XDR,” notes Chris Kissel, Research Vice-President at IDC. “Acronis has provided an endpoint protection platform for the better part of a year. The company has extended its XDR stack mapping alerts to Mitre Attack and offer cloud correlation detections. Importantly, its platform supports multitenancy, and the dashboard provides intuitive visualisations.” Key features and benefits of Acronis XDR include: • Native integration across cybersecurity, data protection, and endpoint management. The product is designed to protect vulnerable attack surfaces, enabling business continuity.• High efficiency, with the ability to easily launch, manage, scale, and deliver security services. It also includes AI-based incident analysis and single-click response for swift investigation and response.• Built for MSPs, including a single agent and console for all services, and a customisable platform to integrate additional tools into a unified technology stack. “It is imperative that MSPs provide reliable cybersecurity to customers with diverse IT environments and constrained budgets,” says Gaidar Magdanurov, President at Acronis. “Acronis XDR enables MSPs to offer top-notch security without the complexity and significant overhead of traditional non-integrated tools. This is achieved in several ways, including AI-assisted capabilities within the Acronis solution that helps MSPs provide the utmost cybersecurity - even if an MSP only has limited cybersecurity expertise.” Earlier this year, the company released Acronis MDR powered by Novacoast, a simple, effective, and advanced endpoint security service built for MSPs with native integration of data protection to deliver business resilience. Acronis MDR is a service offering used with the Acronis EDR solution focused on endpoint protection platform (EPP) to provide passive endpoint protection. The addition of Acronis MDR amplifies MSP’s security capabilities without the need for large security resources or added investments. The introduction of Acronis MDR and XDR follows a string of security-related offerings and solutions from Acronis, building on the company's EDR offering released in May 2023. Acronis security solutions leverage AI-based innovations and native integrations, which lower complexity and provide complete security in the easiest and most efficient way. With a comprehensive security portfolio from Acronis, MSPs can now offer complete cybersecurity to their customers and scale operations to grow their business. For more from Acronis, click here.

Veeam launches cyber resilience education programmes

Veeam Software, a provider of data protection and ransomware recovery products, has announced that new technical training and certification programmes are available through Veeam University, a service which delivers Veeam technical training to IT professionals on-demand anytime, anywhere. The new online offering is the result of a global partnership with Tsunati, a Veeam-accredited service partner, which is helping to provide on-demand, technical certification training for partners and customers worldwide. Veeam University says that it offers maximum flexibility and an immersive, engaging learning experience in a self-paced format. Its approach includes clickable labs that can be accessed 24/7, video-based demos, and technical deep dives which allow students to effectively absorb concepts and prepare for real-world cybersecurity and disaster recovery scenarios. Completion of on-demand courses offered through Veeam University qualify learners for Veeam certification exams, including Veeam Certified Engineer (VMCE). “Knowledge is critical in a world where every organisation is facing cyberthreats,” explains Mike Blanchette, Vice President, Global Sales Acceleration at Veeam. “Cyber resilience is the marriage of the right technology to protect and recover your systems and data should the worst happen, with the skills and knowledge to configure, build, and run that technology safely. “Through these new investments in Veeam University, we are preparing people to tackle any cybersecurity challenge they face and enabling cyber resiliency. Our partnership with Tsunati enables us to provide innovative technical training and certification programmes in a flexible format that best suits the learner." Tsunati is a professional services and integration company specialising in data protection, Cloud computing, and multi-tenant virtualisation. Recognised as Veeam Accredited Service Partner of the Year for 2022, Veeam believes that Tsunati has changed the world of product training, education and certification. Through its proprietary Solution Education Enablement (SEETM) framework, customers receive practical training and the critical knowledge transfer required to effectively implement and maintain cutting-edge data protection solutions powered by Veeam. "We are thrilled to join forces with Veeam in revolutionising technical certification training for data protection," says Stoney Hall, CEO of Tsunati. "This partnership represents a synergy of our expertise in Solution Enablement Education (SEETM) and Veeam’s industry-leading data protection and ransomware recovery solutions. Together, we aim to empower professionals with the knowledge and skills required to navigate the evolving landscape of data security effectively." New technical professional training for Veeam partners is available through the Veeam ProPartner portal, while newly updated customer technical education and certification programmes are available separately through Veeam Technical Education Services. More details on Veeam University can be found at veeamuniversity.com. For more from Veeam, click here.