At a glance.
- Cisco acquires Armorblox.
- Galvanick raises $10 million in seed funding.
- Executive moves.
- Labor markets.
- Disconnects between cybersecurity and the legal profession?
- Executives and board members are easy targets for threat actors trolling for sensitive information, study finds.
Mergers and acquisitions.
Southern California-based networking giant, Cisco, has acquired predictive and generative AI based cyber security firm Armorblox, GovInfoSecurity reports. The company intends to use Armorblox’s capabilities to “help customers better understand and interact with security control points,” says Raj Chopra, chief of product at Cisco.
Snyk, a Boston-based firm specializing in developer security, has agreed to the acquisition of Enso Security, the first provider of an Application Security Posture Management (ASPM) solution. The acquisition is anticipated for closure in the second quarter of this year.
Maryland-based software development cybersecurity provider iNovex has acquired Secure Innovations, a cybersecurity business focused on serving the greater government and intelligence community. iNovex says that this acquisition will advance their standing as a leading technology solutions company for the intelligence and government communities.
Investments and exits.
California-based Galvanick, an XDR platform provider for intelligence augmentation, has raised $10 million in seed funding, seeing significant investments from MaC Venture Capital, Founders Fund, Village Global, Countdown Capital, Hanover Technology Investment Management, Shrug Capital, 8090 Industries, and a multitude of angel investors. The firm intends to use the funding for hiring and expansion upon its initial platform for use in manufacturing and critical infrastructure.
CyberArk has seen an investment of 1,581 shares of their stock, or around $202,000, from M&T Bank, MarketBeat reports. This follows recent investments from other investors that include Achmea Investment Management BV, Pacer Advisors, and Covestor Ltd.
Cloud security firm Dig Security has seen an investment from Samsung Ventures this past week, the company shares. Samsung’s investment will aid the Israeli company in product development and go-to-market efforts, with hopes for worldwide enterprise expansion.
Executive moves.
Code42 has welcomed Wayne Jackson to the company’s board of directors.
Amanda Cody has rejoined the Booz Allen Hamilton team as chief information security officer.
Matt Edwards and Keith Joseph have joined the DefenseStorm team as chief customer officer and senior vice president of sales, respectively.
Twitter’s now-former head of trust and safety, Ella Irwin, is no longer with the social media giant.
Resecurity has welcomed Shawn Loveland as the company’s new chief operating officer.
Former deputy chief of NSA’s Office of Security and Counterintelligence, Amy Davis, has joined Leidos as chief security officer.
ECI has tapped Jeff Schmidt as the company’s new chief executive.
Chris Kramer has been named chief of finance at Axonius.
Bishop Fox has welcomed Kevin Tonkin as the company’s first chief product officer.
Labor markets.
This week, IBM announced plans to cut 30% of its workforce in non-customer facing roles in the next five years, with goals of replacing a total of around 8,000 positions, Zacks reports. Finance, accounting, and HR are the departments most likely to see an impact. Meta is also reportedly slashing its employee base once again, with plans of cuts to at least 1,100 jobs in California’s Bay Area, the Silicon Valley Business Journal reports. Employees in Menlo Park, Sunnyvale, Fremont, and San Francisco are going to be affected. Cybersecurity firm SentinelOne is lowering its headcount by around 5%, or around 105 members of their 2,100-person staff, GovInfoSecurity writes.
Despite these cuts, data from CyberSeek, a joint initiative of the National Institute of Standards and Technology (NIST) and CompTIA, shows that the need for cybersecurity practitioners is outpacing the demand for their skills. The data shows that for every 100 job postings, there are approximately 69 workers to fill the spaces. “The gap between the number of cybersecurity jobs currently demanded and the number of workers available to fill those jobs stands at an estimated 466,225,” the company’s release shares.
Disconnects between cybersecurity and the legal profession?
The International Legal Technology Association (ILTA) in partnership with the Conversant Group has released a joint research report detailing the disconnects between cybersecurity and legal personnel and practices. The survey benchmarks the cyber practices of law firms worldwide. Law firms are said to be an ideal target for malicious actors, between the storage of extremely sensitive business, civil or criminal, and personal data of clients, and the potential financial payoff for the hackers. Due to the sensitive nature of the data that can be lifted, law firms are said to be significantly more inclined to give in to the demands of a threat actor. As of the end of 2021, the report shares that almost a third of law firms saw a breach, and 36% reported the past presence of malware.
A surprisingly low number of law firms (15.5%) saw gaps in their cybersecurity protections, despite being a common target (and the research showing a significantly more elevated number than that). About three quarters of those surveyed believed they had a leg up on others in their industry in terms of cyber protections, though the researchers have found this to be unlikely. 65% of respondents also note the presence of lateral movement defenses, though the researchers have found the presence of only two offerings in the market that include later movement defenses, meaning that the understanding by the firms of what true “lateral movement defenses” are may be murky at best. (There may be some overconfidence here, counselors.)
Executives and board members are easy targets for threat actors trolling for sensitive information, study finds.
Companies spend millions on cybersecurity to protect their corporate infrastructure, but what are the cybersecurity mitigations in place to protect the devices of the executives of the company when not at work? This is the question posed in a study by BlackCloak in their report titled “Understanding the Serious Risk to Executives’ Personal Cybersecurity and Digital Lives.”
“Organizations are allocating millions of dollars to protect their information assets and employees but are neglecting to take steps to safeguard the very vulnerable digital assets and lives of key executives and board members. Sponsored by BlackCloak, the Ponemon Institute surveyed five-hundred-fifty-three IT and IT security practitioners familiar with programs and policies used to prevent cybersecurity threats against executives and their digital assets,” write researchers. Apparently most companies don’t protect the personal devices of their executives and board members. 58% of companies polled didn’t incorporate the risk of key executive member’s personal devices into their cyber security risk portfolio, and 62% of the companies had no dedicated services to respond to attacks on the high ranking members. For more on the risk to leaders' digital safety, see CyberWire Pro.