About Us

Immersive Labs Acquires Snap Labs To Improve Cyber Simulations With New Depth And Realism

Immersive Labs, the firm empowering enterprises to constantly monitor and optimise their whole workforce’s cyber capabilities, announced the acquisition of Snap Labs. The deal gives enterprises seeking to enhance their cyber knowledge, skills, and decisions, allowing them to create multi-player simulations tailored to certain situations and roles.

The acquisition emphasizes the importance of developing human capabilities that represent the unique characteristics of each firm, from executive to technical teams. Cyber risk is effectively mitigated by gaining cyber knowledge, skills, and judgement customized to individual elements such as technical environments and regulatory requirements.

Clients will be able to run labs and cyber crisis practices in a cloud-based replica of their own business with specific vendors using the newly integrated platform. This also gives technical teams the chance to collaborate in a large virtual environment as part of larger exercises including executive decision-makers.

When combined with the rest of the Immersive Labs platform, enterprises will be able to build a continuous cycle of human cyber capacity improvement. The cyber knowledge, skills, and judgement of the entire staff can keep pace with risk, empowering them to be employed strategically for the first time, with frequent exercising and evidencing against internal and anonymised peer benchmark data.

“From day one we have believed in the power of immersive experiences. Whether you are a CEO wrestling with the wicked problems of a cyber crisis exercise or a malware analyst decompiling the latest APT, nothing is better for building and evidencing cyber knowledge, skills and judgement,” said James Hadley, CEO of Immersive Labs.   

“The acquisition of Snap Labs doubles down on this, allowing customers to build better cyber workforces with richly detailed realistic experiences pinpointed to the risk they face. We welcome the team to Immersive Labs and look forward to building on our joint vision together.”  

Chris Myers, Co-Founder, said, “Snap Labs has always strived to provide the most realistic environments and training experiences for cybersecurity teams. Immersive Labs’ vision to build cyber knowledge, skills, and judgement across the entire workforce is remarkably aligned with our own, and we’re extremely excited to bring our technology into their platform. The two platforms are a natural fit, and by combining them we hope to help our customers build even more resilience against cyber threats.” 

Managing Insider Threat in the era of Work From Home Policy

The COVID-19 pandemic forced organization to work remotely. By allowing employees to work remotely, they put themselves at greater risk of being exposed to insider threats. Staff could be distracted by personal online activities and mix them with work-related ones due to today’s global state of affairs. Because of this, tailored phishing campaigns and other cybercrime attacks are more effective. While working away from the office, employees are more likely to neglect cybersecurity protocols, exposing remote devices to cyber attacks. Working remotely increases the risk of being a target for cyber criminals because of the additional technical vulnerabilities it introduces, such as insecure network connections. However, security professionals must encounter threats or attacks from the insiders. Dissatisfied or angry staff members are exploiting the fact that many companies do not provide secure access to off-site networks. They are also taking advantage of their co-workers who may unknowingly cause damage.

New methods of prioritizing and reducing cyber risk are needed because of the insider threat phenomenon. A process improvement plan is needed for security teams to resolve deliberate or accidental misuse of resources. They should be equipped with better and specific solutions like insider threats to deal with threats and gain insight into attacks.

Malicious insider activity poses the following risks to firms:

Data loss or corruption — Insider activities can include making changes to or deleting confidential information. Trying to recover deleted or corrupted files can be time consuming and frustrating.

Financial loss — This includes costs for cleaning up after an attack like system upgrade and making restitution to those who were harmed like clients and vendors. The more damage an attack causes, the more money a company has to spend to fix the damage it causes.

Brand Image loss — Customers’ confidence in a firm will be disturbed if it fails to protect their data, and that trust is difficult to restore.

Employee Monitoring

As part of an insider threat risk mitigation program, companies should limit and control user access. Organisations should restrict and minimize access by only authorizing employees the level of privilege required for them to do their tasks. Likewise, businesses should reassess staff members’ access rights on a regular basis and remove access that are not required for staff to fulfil their work roles. 

Employee Access Restrictions and Control

It is important for companies to incorporate controls for restricting staff access and managing insider threat risks into their overall risk mitigation strategies. Businesses should restrict and minimize access by only authorizing staff members the access required for them to do their functions and carry out responsibilities. The implementation of the Zero-Trust model can benefit the organisation. Likewise, organisations should reassess staff members’ access rights on a frequent basis and remove any access that are not required for staff members to fulfil their work tasks.

Teleworking Policy

Businesses should begin by creating a proper teleworking policy that outlines network and data security issues. Developing a strong teleworking policy is an effective way to prevent insider threats, especially those that arise from negligence. It is essential for teleworking policies to include several key elements. Teleworking policy must tackle the problem of remote access. Employees working from home should be able to connect to business networks using company-owned systems as long as they follow remote access rules that define permitted BYOD practices like the use of multi-factor authentication (MFA) passwords.

Employee education and training

Staff members must be extensively trained and educated about using, organisational resources securely as part of their work. Staff members must also be equipped with knowledge of the latest cyberattack techniques, like phishing and social engineering. They should be taught the best practices to avoid cyberattacks.

To detect insider threats effectively, companies must have centralised security visibility and management to monitor their remote and distributed staff.  The crux of detecting an insider threat lies in the ability to clearly define “normal” in the new scenario of work from home policy. User behaviour analysis can help a company better mitigate insider threats and protect its key resources when used with zero-trust access.

Nightdragon Partners With Diversity And Inclusion Companies To Advance Industry Talent

NightDragon, a specialized cybersecurity, security, safety, and privacy investment and consulting company has partnered with leading diversity and talent development organizations, including the Athena Alliance, Cyber Future Foundation (CFF) and Cybersecurity Gatebreakers Foundation (CGF) to expand talent and develop diversity and inclusion initiatives across its portfolio companies and the industry.

NightDragon will partner with the Athena Alliance, CFF, CGF, and other organizations to expand diversity and inclusion activities in its portfolio companies, such as talent acquisition, executive education, career training, and mentorship. It will continue to cooperate with these organizations on industry regulation to boost diversity and inclusion initiatives more widely.

Dave DeWalt, Founder and Managing Director, NightDragon said, “Improving diversity and inclusion is one of the most critical issues facing our industry today. By working together with organizations like the Athena Alliance, the Cyber Future Foundation and the Cybersecurity Gatebreakers Foundation, we hope to help build more diverse companies, leading to stronger cultures, increased company growth and better technology development to combat today’s biggest threats.”

Coco Brown, CEO and Founder, the Athena Alliance said, “Our industry has made progress around improvement of diversity and inclusion, but there is still much more work to be done. We look forward to working closely with NightDragon and its portfolio companies to further these efforts across the industry, as well as help them tap into the full potential that a diverse and vibrant company culture can provide.”

Val Mukherjee, Chairman and Founder of Cyber Future Foundation said “At CFF, we recognize that a global and comprehensive approach is needed to solve the cybersecurity workforce challenges and remove barriers to career entry, while helping leaders find new approaches to staff and up-skill their teams. We are proud to work with venture capital firms like NightDragon, as well as commercial, public and private sector, other nonprofits and academic organizations to build stronger company cultures and businesses with the ultimate goal of reducing cybercrime threats.”

“Closing the cybersecurity skills gap requires our industry to break down the traditional gates in cybersecurity – the years of experience, the computer science degrees, and the litany of security certifications that we for years have thought necessary to begin a career in cybersecurity. We need to teach people how to discover the untapped talent that is everywhere around us; people just need a chance. The Cybersecurity Gatebreakers Foundation looks forward to working closely with NightDragon and its portfolio companies to close the cybersecurity talent gap while helping CISOs and hiring managers find, train and retain great cybersecurity talent,” said Naomi Buckwalter, Founder and Executive Director of Cybersecurity Gatebreakers Foundation.

These partnerships are the newest additions to the NightDragon Network’s ND Talent program, which aims to provide value and advantages to portfolio firms while also addressing high-priority areas including talent hiring, diversity, and retention. These advantages will be available only to portfolio businesses, and NightDragon intends to expand its resources as needed.

Degreed and Cybrary formed partnership to provide integrated cybersecurity learning experiences

Cybrary, a cybersecurity employee development platform, and Degreed, the upskilling platform that connects learning to opportunities, formed a strategic partnership to produce a more comprehensive integrated learning process for cybersecurity experts devoted to cyber skill development.

The partnership will offer a smooth integration across the Cybrary and Degreed platforms, as well as give cybersecurity experts access to the most extensive and comprehensive collection of cybersecurity learning content presently available.

By making Cybrary’s entire library of Learning Paths available through Degreed Plans, learners can build their cybersecurity competencies through a balance of expert-led training and experiential learning. Cybrary will provide Degreed clients with a personalised consultation to assess each company’s unique training requirements as part of the deal.

Degreed clients can collaborate with Cybrary to develop a strategy that matches to organization’s strategic learning goals with precise knowledge, skills and abilities that are required for each job function, as well as identify workforce gaps.

“Partnering with a growing company like Degreed is a fantastic opportunity not only for us at Cybrary, but also our collective global community. The recent major breaches only adds fuel to the fire in meeting the demands for cybersecurity skills growth to combat ongoing threats. This partnership is another step in the right direction in supporting the frontline cybersecurity professional,” said Wesley Samuel III, Senior Vice President of Global Sales at Cybrary.

“The Degreed team is excited to partner with Cybrary to help solve the issues plaguing security training and cyber skill development. As more of our lives are digitized, cyber security skills have become increasingly sought after and this partnership provides Degreed clients and users with the resources they need to meet new demands,” said Rob Wellington, Head of Experience Partnerships at Degreed.

OMNICOMMANDER introduced a Solution to Assist Credit Unions Defend Against Cyber Threats and Ransomware Attacks

OMNICOMMANDER, the industry leader in credit union marketing services with over 400 clients in 47 states, is introducing a free cybersecurity information session and live training program to assist credit unions in protecting their assets and members from hackers.

The NCUA released a press statement on April 22, 2021, alerting federally insured credit unions and financial services of rising cybersecurity vulnerabilities. Ransomware, malware, and phishing cyberattacks, denial of service, ATM skimming, identity theft, pandemic-themed attacks, and supply chain attacks are among the most common dangers to credit unions.

Eric Isham, Founder & CEO of OMNICOMMANDER said, “It was at the beginning of the pandemic that I really started to take notice of all the ransomware, security breaches, and cybersecurity issues happening in the world. As a partner to over 400 credit unions, I wanted to help our clients protect themselves from cyber-attacks, so I decided to invest into building a smart cybersecurity solution that small, mid-sized, and even larger credit unions could implement throughout their organizations.”

Human error is said to be the cause of 95% of cybersecurity breaches, according to industry research. Credit union executives will learn critical checkpoints to properly protect their assets and members from cyber threats caused by human mistakes during OMNICOMMANDER’s one-hour cybersecurity training.

Elliott Franklin, OMNICOMMANDER’s Chief Information Security Officer, will host the live training and convey the information in a straightforward manner. Franklin has designed and maintained international, multi-million-dollar security program for firms ranging from 250 to over 20,000 people for over 20 years.

“I’m excited to offer this cybersecurity training to credit unions. Not only does it fulfill the National Credit Union Administration requirements for the Rules and Regulations of Part 748, but it could help protect the assets of thousands of credit union members. After the live training, each attendee will receive a digital certificate of completion that is good for one year,” said Franklin.

On July 16, 2021, at 11 a.m. (CT), the first cybersecurity information session and live training will be delivered through Zoom. The program is intended to assist credit union staff in identifying and evaluating risks to their IT infrastructure, as well as developing plans to reduce such risks so that member data and information is protected.

Ransomware – Everything You Need Know

Ransomware is a cryptographic malware that threatens to release or permanently block access to the victim’s data until a ransom is paid. Ransomware encrypts information and documents on any device, including servers, from a single computer to an entire organization’s network. Ransomwares are part of cryptovirology. Cryptovirology is the study of the creation of effective harmful malware using encryption. 

Ransomwares encrypt the victim’s files making them unusable and demand a ransom to unlock them. Recovery of documents without the decryption key is an unsolvable problem in a properly executed cryptoviral extortion attack. The payment of ransoms is demanded in Bitcoin or other cryptocurrencies, making it impossible to track down and prosecute the culprits. 

Recent Ransomware attacks  

The WannaCry ransomware attack swept across the Internet in May 2017, employing the EternalBlue vulnerability vector. The ransomware attack, which was unparalleled in scope, infected over 230,000 devices in over 150 countries and demanded money from customers using the Bitcoin cryptocurrency in 20 different languages. At least 16 hospitals in the United Kingdom’s National Health Service (NHS) had to turn away patients or cancel scheduled surgeries. The US Colonial Pipeline was the target of a cyberattack on May 7, 2021. DarkSide was recognised by the Federal Bureau of Investigation as the culprit of the Colonial Pipeline ransomware assault, which resulted in the voluntary shutdown of the primary pipeline carrying 45 percent of petroleum to the US East Coast. 

How Attackers Attack? 
  • Ransomware comes as an email attachment – Invoice, attached document, etc. It may include a real vendor’s name or even your organization’s name. 
  • Employees’ computers are usually connected to the company’s network, shared cloud services, and so on. Without any human involvement or indication, ransomware begins encrypting all of the files it can as soon as it is launched. 
  • It then notifies the user and gives payment instructions. 
  • Some other ways are – Compromised webpages, infected removable drives, malicious software bundles.
  • Payment is mostly in Bitcoins 
 Key choices: 

– Pay the ransom and get data 

– Restore from backup 

– Lose Data 

Paying the Ransom increases Risk of Future Attacks 

The majority of cybersecurity experts don’t recommend paying a ransom in the event of a ransomware attack. Paying won’t guarantee that a company will get their data and it will encourage hackers behind ransomware attacks to keep doing what they’re doing, maintaining the illegal industry. The targets of a ransomware attacks are mostly given a time limit with the threat of deleting a particular amount of data every hour until the ransom is paid. This can be extremely stressful and unpleasant for the key management people in an organization, leading them to believe that they have no other option except to pay. The best suggestion is to be properly prepared for an attack so that enterprise firms can defend themselves. 

Ransomware and Cryptocurrency  

Bitcoins are a type of cryptocurrency, which means they don’t have a physical form. They are kept in anonymous digital wallets. They can be sent to any location. They can be paid with complete anonymity from anywhere to anywhere. Aside from the advantages, they are an excellent method of payment for illegal operations. One may claim that cryptocurrency is one of the ransomware’s enablers. After all, the software would be worthless if the hackers couldn’t safely take cash. The emergence of Bitcoin has coincided with an increase in ransomware attacks.

Security Awareness Training  

It is advised that effective security awareness training is required. Employees do not come to work with the goal of clicking on phishing emails and infecting their machines. As many IT professionals can confirm, knowing what red flags or threat is, can make all the difference in an employee’s ability to distinguish malicious links/software from legitimate traffic. 

Protection  

Investing in a renowned security solution and putting in a strong firewall is a terrific approach to protect an organization’s network. There are various security solutions like Zero-Trust Security, Web Application Firewall and Cloud Security. Keeping the security system up to date will assist security teams in detecting a ransomware infection in the early phase. 

Backup of Data 

The most important piece of advice given by anti-ransomware experts is to back up all data outside of your organization’s network. Create an isolated network or buy a service to keep the company’s backup safe from infection. It’s necessary for an enterprise firm to restore the whole system. 

Ransomwares have grown into malware that disables entire infrastructure. It won’t be surprising if ransomwares evolve in the next few years. Hence, necessary steps to secure an organization should be taken into consideration. 

Securonix, a Cybersecurity firm, has formed a Strategic Partnership with Alonos to Invest in Global Leadership Development

Securonix, Inc., a leader in Next-Gen SIEM, declared a new investment in its team’s development through a collaboration with consulting company Alonos® to deploy the “Leadership & Executive Accelerated Development Program – L.E.A.D. Core.” Securonix is boosting the skills and knowledge of its leaders around the world with this investment, which will cover a wide range of areas within the organization, including Sales, Marketing, Product Development and Management, Customer Success, Cloud Infrastructure, Architecture, Content and Threat, Quality Assurance, and Corporate Functions.

“Securonix has reached a critical point in our growth as we expand globally at an unprecedented rate. As we scale, our CEO, Sachin Nayyar, is very committed to people growth. When you invest in people who lead other people, there’s an immediate multiplier effect. To reach our expansion goals, we are deploying high end leadership development through the L.E.A.D. Program and building the muscle that will propel us forward,” said Dilshan Ratnayake, Executive Vice President & Chief People Officer, Securonix.

Securonix developed a three-month L.E.A.D. Core Program in collaboration with Alonos’ doctoral-level leadership training practitioners to establish and refine core capabilities. Building high-performing teams, communication, feedback, and coaching, performance management, driving team commitment, delivering and measuring results, understanding leadership styles, leadership decision-making, and harnessing the power of a diverse and inclusive workforce are just a few of the topics covered.

Executives had to complete various learning modules, actively participate in group discussions, attain minimum scores on weekly knowledge examinations, and present an application-based capstone case analysis to graduate from the program’s Core level. Graduates received a validated digital micro-credential through Alonos because this required a high degree of commitment and engagement.

“Investments like these are like oxygen to an organization. If you want to multiply a company’s capabilities, leadership development is a critical component of that growth,” said Ratnayake.

Riphean Investments invests in RapidAscent Advanced Cyber Academy

Riphean Investments, a new investment company located in Fredericksburg, Virginia announced its investment in RapidAscent, located in Fredericksburg, Virginia. The terms of the transaction are not disclosed to the public.

Founded in 2020 by experienced startup executives with cybersecurity expertise, RapidAscent is committed to providing real on-the-job training for cybersecurity employees which will solve the biggest recruitment crisis in American companies – the cybersecurity workforce. Its eye-catching technical solutions of the course adapt to the needs of each student’s demands and directly address the company’s cybersecurity role and the expectations of employers.

“This is the perfect opportunity for Riphean Investments to partner with a mission-focused company proving national impact. RapidAscent has all the fundamentals we look for in a venture capital investment,” said Brian DeMuth, Partner at Riphean Investments. “We’re excited about the impact and look forward to accelerating their growth.”

The Cyber Academy’s adaptive learning curriculum is developed in collaboration with industry leaders in finance, retail, utilities and energy, and aerospace and defense. Students will get live and asynchronous group instruction, hands-on apprenticeships, and live fire training as part of the program, allowing them to learn role-based skills and become a great resource for their future company quickly after they graduate.

“Global cyber-disruption has become a first-order economic and security threat increasing risk-of-loss for both G-2000 companies and Governments world-wide. Reducing these losses requires access to a new class of trained experts who have the skills honed by training in the latest cyber conflict environments, and who can provide robust solutions on production tools, systems, and controls. Training students and learners to dramatically increase corporate access to such experts is the mission of RapidAscent Academy and Workforce programs,” said RapidAscent CEO Mike Lyons.

RapidAscent is currently working on its first customized curriculum for students interested in working in cybersecurity in the aerospace industry. Within the next two quarters, they want to expand to two more industries.