Internet Society says security collaboration is key for a free and neutral internet
<p>Since Friday, at least 200,000 computers in 150 countries have been compromised by ransomware malware which has gone by multiple names, including WannaCry, WannaDecryptor, and WannaCrypt - which exploits a flaw in Microsoft Windows, for which there is a patch.</p>
<p>Incidents like these emphasize how important it is to keep software up to date, to have contingency plans for when an attack occurs, and to back-up data securely. Ransomware is not new, but the scale of these attacks, combined with the targets, shows just how vital system and device security is.</p>
<p>The Internet Society has been closely monitoring the ransomware cyber-attacks that have been occurring over the last couple of days and the impact they will have on user trust in the Internet. With critical infrastructure like hospitals, power plants, dams, and transportation systems being targeted in nation state cyber offensives, the threat increases exponentially.</p>
<p>In light of the scale of the attack we have just witnessed, the question should not be if the cyberspace should be governed, but how? What do we need to do to prevent attacks like these, and if they do happen, how do we ensure that criminals are brought to justice and persons affected receive the help and remedies they need? There is no silver bullet. It will require effort from all of us and a willingness to take action not only for our benefit, but also to protect others who connect to the Internet.</p>
<p>People are what ultimately hold the Internet together. The Internet’s development has been based on voluntary cooperation and collaboration. Cooperation and collaboration remain the essential factors for the Internet’s prosperity and potential.</p>
<p>We have a shared responsibility to get these attacks and other cyber threats under control and to work <a href="https://www.internetsociety.org/collaborativesecurity">collaboratively<…;, not just to keep ourselves and our vital systems and services protected, but to reverse the erosion of trust in the Internet. Just over the week-end, finance ministers of the <a href="http://www.politico.eu/article/g7-countries-call-for-joint-fight-agains… for joint action against cyber attacks. This is a positive step. </p>
<p>To be successful, we should make better use of the governance systems we already have for criminal activity in cyberspace as well as think carefully about how they could be improved and be creative about new solutions. Any international consensus or agreement should focus on practices that prevent or discourage intrusions, rather than abstract principles that will be difficult to enforce. </p>
<p><em>Constance Bommelaer is Senior Director of Global Internet Policy at the <a href="//www.internetsociety.org">Internet Society</a>, a global non-profit organisation focused on Internet technology, policy and development.</em></p>
Ivanti Acquires RiskSense to Combat Cyber Attacks
Ivanti, an IT asset and service management software solutions provider, has acquired RiskSense, a company that works in risk-based vulnerability management and prioritisation, to drive the next evolution of patch management.
This combination of the two companies will enable organisations to ‘shrink their attack surface, prioritise vulnerabilities to remediate, and reduce their exposure to cyber threats and ransomware attacks by taking a proactive, risk-based approach to patch management’. The terms of the RiskSense transaction were not disclosed.
“Over the past two years, cyberattacks such as ransomware have crossed the line from being a nuisance to truly disrupting society,” said Srinivas Mukkamala, CEO of RiskSense. “And unpatched vulnerabilities remain one of the common points of infiltration into organisations’ ecosystems. I’m committed to the global fight against ransomware. And I truly believe that the combination of risk-based vulnerability prioritisation and automated patch intelligence can help organisations reduce their exposure and make a major impact in global cyberspace. Together, RiskSense and Ivanti will help customers drive operational efficiencies and defend against the next wave of sophisticated cyber threats, including ransomware attacks.”
Providing IT teams with the tools to tackle cyber issues
Solutions from the combined companies are expected to reduce the meantime to detect, discover, remediate, and respond to cyber threats, particularly critical vulnerabilities linked to or associated with ransomware. Together, Ivanti and RiskSense will provide security and IT teams with context and adaptive intelligence regarding what their organisation’s exposures are to vulnerabilities that are being actively exploited, including whether those vulnerabilities are tied to ransomware, and then enable them to quickly remediate those threats.
Ivanti has already integrated the RiskSense Vulnerability Intelligence and Vulnerability Risk Rating, which prioritises and quantifies adversarial risk based on factors such as threat intelligence, in-the-wild exploit trends, and security analyst validation, into Ivanti Neurons for Patch Intelligence.
“This combination will allow us to provide our customers with a holistic view of vulnerabilities and exposures, and then enable them to take fast action through Ivanti Neurons for Patch Intelligence. Customers will be able to greatly reduce their attack surface and risk of breach because of the vulnerability intelligence and the resulting remediation prioritisation based on actively trending exploits and ransomware attacks,” said Jim Schaper, Ivanti Chairman and CEO.