This week, Miles hands the news baton to our Technology Recruiter, Allison. She has set her sights on cybersecurity this week, and has sourced some great stories for Our Week in Digital’s Cybersecurity edition.

The cybersecurity highlights….

Google caught a bug and Travelex are still offline, not to mention some big-name raises and acquisitions too.

Read on for more!

By 2024, the global cybersecurity market is anticipated to be worth $120 billion. Its potential is not surprising. Juniper Research has suggested that the number of digital records that will be stolen in 2023 will total 33 billion. To put this in context, in 2018, this number was ‘just’ 12 billion. Elsewhere, analysts estimate that the cybercrime economy has grown to $1.5 trillion in annual profits and that by 2021, damages will reach $6 trillion.

Google Photos bug sent private videos to the wrong people.

This week, Google has revealed it has been subject to a security and privacy bug which has affected Google Photos users.

Over this time, private videos could be downloaded by unrelated users.
The bug happened through Google Takeout, a service that allows you to download archives of your Google Data.

Between the dates of 21-25 November last year, it became apparent that the wrong videos were being included in these user-generated archives. This resulted in the users getting local copies of others’ videos.

Google has been forced to send emails to the affected Takeout users. The email states;

“Some videos in Google Photos were incorrectly exported to unrelated user’s archives. One or more videos in your Google Photos account was affected by this issue. If you downloaded your data, it may be incomplete, and it may contain videos that are not yours.”

This email was directed toward those Google Takeout users who tried to download their data and accidentally got someone else’s. Yet to be seen is an apology directed toward the “unrelated users” whose videos ended up in the archive.

At this time, there doesn’t seem to be any plans to do so.

Google claims that this issue has now been remedied. It recommends that users delete and re-export any data created during this time. Google has stated that
“We fixed the underlying issue and have conducted an in-depth analysis to help prevent this from ever happening again”. They also have issued an apology and are “very sorry this happened.”

Addressing the scale of the issue, Google has confirmed that “less than 0.01% of Photos users attempting Takeouts were affected, and no other product was affected.”

Travelex; Bank currency services still offline.

2020 did not get off to a great start for Travelex.

At the very start of January, foreign currency seller, Travelex was subject to a well documented cyber attack. Subsequently, Travelex was forced to take its site offline to “contain the virus and protect data”.

The attack affected some notable names in banking; Sainsbury’s Bank, HSBC, Barclays and Lloyds among others. At that early stage, there was no indication as to when ‘normal service’ would resume.

A gang called Sodinokibi claim to have accessed reams of sensitive customer data before demanding the firm pay a $6m (£4.6m) ransom to retrieve it.

At bureau de changes in airports and on high streets, tellers were forced to resort to pen and paper transactions to keep money moving. All online orders were suspended, however. Banks were forced to apologise to customers as they had to report that their supply of notes from Travelex had dried up.

Travelex have suffered a huge breach of cybersecurity

Fast forward 4 weeks and the affected banks are still unable to offer online currency services. Customers can buy in branch, but still cannot order money online or over the phone.

On Monday this week, RBS confirmed it was still not offering foreign currency services online but declined to comment on when its services would be restored. A spokesperson for Sainsbury’s bank too has stated that;
“We’re continuing to work closely with Travelex in order to resume our online money ordering service soon.”

Meanwhile, Travelex has declined to comment but has stated that there is no evidence that any customer data was compromised following the attack.

Hewlett Packard acquires cloud-native security startup, Scytale

No acquisition price has been disclosed, but this week Hewlett Packard has announced it has acquired Scytale. Founded in 2017, Scytale is a cloud-native security startup, built on the open-source Secure Production Identity Framework for Everyone (SPIFFE) protocol.

As more transactions take place between applications without any human intervention, Scytale’s product becomes more relevant than ever before. Scytale tackles application-to-application identity and access management; each application must know it is OK to share information between them.

This emerging tech is something that Hewlett Packard wishes to grow into;

“As HPE progresses into this next chapter, delivering on our differentiated, edge to cloud platform as-a-service strategy, security will continue to play a fundamental role. We recognize that every organization that operates in a hybrid, multi-cloud environment requires 100% secure, zero trust systems, that can dynamically identify and authenticate data and applications in real-time”

-Dave Husak, HPE fellow and GM of HPE’s cloudless initiative.

Scytale co-founder Sunil James has commented in his blog that remaining true to the startup’s opensource roots is still the company’s main priority, in spite of the big-name acquisition. He details it was, and is, imperative that the tech giant respects the principle upon which Scytale was founded. He writes;
“Scytale’s DNA is security, distributed systems, and open-source…We’ll toil to maintain this transparent and vendor-neutral project, which will be fundamental in HPE’s plans to deliver a dynamic, open, and secure edge-to-cloud platform”.

In support, HPE representative Husak has confirmed that HPE would continue to be good stewards of the SPIFFE and SPIRE (the SPIFFE Runtime Environment) projects, both of which are under the auspices of the Cloud Native Computing Foundation.

Automox raises $30 million.

Automox is developing a platform that automates endpoint configuration, patching, management, and inventory; a crucial product when it is considered that the average data breach costs companies an average of $4million. Despite this hefty financial cost, 74% of companies say they can’t patch vulnerabilities quickly enough because they lack the necessary staff.

Former HP senior business manager and national account director, Jay Prassl founded Automox in 2015 to address these very issues.

It emerged from stealth in 2015 and went on to raise $12.6 million in a series of funding rounds. This week again, Automox has announced it has raised another $30 million in a Series B round led by Koch Disruptive Technologies. CRV and CrowdStrike’s Falcon Fund in partnership with Accel also participated.

CEO Prassl has revealed that the added capital will be used to accelerate R&D along with expanding Automox’s sales and marketing teams.

How does it work?

The Automox suite works across operating systems, servers and remote laptops. It lets admins and security team members automate and conduct actions through policies. From within a dashboard, users can conduct checks to ensure patch compliance of assets and perform both technical and top-level reporting. Automox also enables critical patches and software updates throughout enterprise computing environments, plus security configurations and custom scripting.

A spokesperson from Koch Disruptive Technologies has stated that it is “out of date, unpatched and misconfigured software” that epitomises the pervasive security gap that has plagued corporations for so long. He goes on to say that Automox was such a sound investment opportunity due to the work it is doing in addressing these shortfalls. He describes Automox as having “proven itself as a disruptive leader in the cybersecurity industry”.

A lock is shown with some code to represent cybersecurity

The cybersecurity space is rife with acquisition and investment. In the last couple of years alone, Tel Aviv- and Boston-based Cybereason have raised $200 million in for its enterprise endpoint protection platform, while SentinelOne nabbed $120 million. Alongside this, Crowdstrike an AI-powered cybersecurity platform specialising in endpoint protection and threat intelligence raised $200 million. Cylance too bagged $120 million in June 2018 to expand its platform globally.

Cybersecurity is widely reputed to be a debate which will dominate 2020. It is a growing market; one which will need to continue to evolve as hackers, and the tech, they use get smarter and more advanced. The need for cybersecurity professionals is also on the up. The number of cybersecurity jobs is growing three times more rapidly than any other tech job. However, many have commented that there is a significant skills gap and we are falling short. It has been well documented that we will have 3.5 million unfilled cybersecurity jobs by 2021.

Ignite Digital Talent can help with this! Are you a job seeker looking for your next cybersecurity opportunity? Maybe you are a hiring manager seeking a team to protect your business against the threat of cyber attack.

Get in touch today!

About the author:

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

Scroll To Top