government

now browsing by tag

 
 

#nationalcybersecuritymonth | Ways government, industry can overcome a perpetual challenge

Source: National Cyber Security – Produced By Gregory Evans

A congressional report recommended that the federal government takes several measures to improve its intelligence sharing relationship with industry through policy reviews and joint collaboration platforms.

The report, created by the Cyberspace Solarium Commission (made up of government and nongovernment cyber experts), presented 75 cyber policy recommendations, including the recognition that information sharing is a perpetual challenge both between feds and private industry and agencies within the federal government.

The report suggests that Congress direct the executive branch to undergo a six-month review of intelligence policies, procedures and resources to identify pieces that inhibit the intelligence community to effectively share information.

“It needs to be done better in terms of higher level of collaboration [at] more senior levels between and among the government and private sector,” said Tom Gann, chief public policy officer at McAfee.

To start, the report calls on the federal government to create a “systemically important critical infrastructure” designation that would allow operators of that infrastructure to receive special assistance from the government to secure their systems.

The information sharing relationship between the government and industry needs to include more contextualized information, Gann said, which provides greater insight into the overall threat environment. Industry doesn’t need to know just that there’s new malware and who sent it, but also what organizations and senior leaders of actors might be involved, as well as motivations.

“It’s building as complete of a picture as you can of a threat environment on a day-to-day basis … which is so important,” Gann said.

There are some efforts within the federal government focusing on improving intelligence sharing with private industry. The Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security works with private and public sector partners to protect critical infrastructure. Another effort at the NSA’s Cybersecurity Directorate is focusing on intelligence sharing with the Defense Industrial Base.

To further those efforts, the report also suggests Congress fund the creation of a “Joint Collaborative Environment,” which would host both classified and unclassified cyberthreat information, malware forensics and network data. The platform would share information with other federal agencies and owners of “important” critical infrastructure, and eventually expanding to intelligence sharing and analysis centers, and a larger swath of critical infrastructure operators. The commission also proposed a Joint Cyber Planning Cell to coordinate cybersecurity planning efforts with the private sector.

The report also recognizes that U.S. government doesn’t know how to best serve the private sector with intelligence collection. In order to mitigate that, the report recommends that the Congress mandate a “formal process to solicit and compile private-sector input to inform national intelligence priorities, collection requirements, and more focused U.S intelligence support to private-sector cybersecurity operations.”

The private sector was a critical piece of the commission’s three-pronged, layered deterrence strategy it recommended. Strengthening the feds’ relationship with the critical infrastructure operators was a key aspect of the report, as demonstrated by the participation of Tom Fanning, CEO of Southern Company, a utility company.

To further that relationship, the federal government and different cybersecurity providers, such as telecom and end-point security companies, may want to explore what it would look like to partner with the federal government and allow it to actively block malicious activity, said Michael Daly, chief technology officer for cybersecurity and special missions at Raytheon.

“I think there would be a benefit to us at least investigating that as an option — how could we use public-private partnerships to do more active blocking?” Daly said.

Daly added, “If we know that’s a malicious site, let’s not let our citizens go to it.”

Source link

The post #nationalcybersecuritymonth | Ways government, industry can overcome a perpetual challenge appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Malaysia warns of Chinese hacking campaign targeting government projects

Source: National Cyber Security – Produced By Gregory Evans


Image:Azlan Baharudin

Special feature


Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

A Chinese state-sponsored hacking group has been targeting Malaysian government officials, computer experts with the Malaysian government said on Wednesday.

The purpose of the attacks has been to infect computers of government officials with malware and then steal confidential documents from government networks, Malaysia’s Computer Emergency Response Team (MyCERT) said in a security advisory.

Attacks pattern

The attacks against government officials consist of highly-targeted spear-phishing emails.

MyCERT says the attackers have been pretending to be a journalist, an individual from a trade publication, and representatives for a military organization and non-governmental organization (NGO).

The emails contained links to documents stored on Google Drive. The documents, when opened, asked recipients to enable macros.

The malicious macros used two Office exploits (CVE-2014-6352 and CVE-2017-0199) to execute malicious code on the victim’s system to download and install malware.

“The group’s operations tend to target government-sponsored projects and take large amounts of information specific to such projects, including proposals, meetings, financial data, shipping information, plans and drawings, and raw data,” MyCERT said.

MyCERT officials didn’t say if government officials were compromised in these attacks.

Indirectly pointing the finger at China

However, while MyCERT didn’t accuse the Chinese government directly, their advisory included links to research from the cyber-security community.

The write-ups [1, 2, 3, 4] describe the hacking tools and modus operandi of a cyber-espionage group known as APT40, known for its hacking activity alligned with the interests of the Chinese government.

In an exposé published last month, an online group of cyber-security analysts calling themselves Intrusion Truth have claimed that APT40 are contractors hired and operating under the supervision of the Hainan department of the Chinese Ministry of State Security.

According to FireEye, besides Malaysia, the group has also targeted Cambodia, Belgium, Germany, Hong Kong, Philippines, Norway, Saudi Arabia, Switzerland, the United States, and the United Kingdom.

The group has been primarily focused on “engineering, transportation, and the defense industry, especially where these sectors overlap with maritime technologies.”

The APT40 group is also tracked by other security firms, but under other names, such as TEMP.Periscope, TEMP.Jumper, Leviathan, BRONZE MOHAWK, GADOLINIUM. The group has been active since 2014, according to multiple reports.

Source link

The post #hacking | Malaysia warns of Chinese hacking campaign targeting government projects appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | NSW shoots for the Holy Grail of government websites

Source: National Cyber Security – Produced By Gregory Evans

It is being modelled on the UK’s gov.uk, which under then minister Frances Maude crashed through deep resistance from the big departments to force a consolidation of content. Gov.uk is designed broadly around user life-cycle needs, such as the birth of a child.

In Australia, several states and the Commonwealth have been operating consolidated portals for several years, under their top-level domains, but NSW is the first jurisdiction, backed at cabinet level, to close down websites of smaller and mid-size agencies.

Not every NSW government website will be closed, with high-visibility web brands like the Opera House and agencies that need to be seen to be separate from government not within the project scope.

The first beta version will go live in about a month with content from within Mr Dominello’s customer service and regulation portfolio, including birth death and marriages and fire relief packages. It will use the Drupal content management system, consolidating its hold on the public sector, where Drupal’s purpose-built Gov CMS (and versions thereof) has emerged as the open-source publishing system of choice.

Shrinking pains

The federal government in 2015 launched a beta version of gov.au modelled on the UK using a series of exemplars, but it was shut when then CEO Paul Shetler left. He met deep resistance from the big departments, which thwarted any attempt to cull the Commonwealth’s estimated 900 websites.

The NSW move heralds a broader system redesign that would see government delivered through highly automated centralised service and publishing sites, making potentially redundant many of the smaller and mid-size agencies that have supported these services.

The newly formed Australia Data and Digital Council (ADDC) of digital ministers has prioritised work around life-cycle events, opening the opportunity for state and federal governments to begin creating common Australia-wide content across all governments.

The move to a consolidated easy-to-use web presence for users has challenged all governments, with a mix of governance, technical, design, content and maintenance issues thwarting moves to try and create integrated, easy to understand information for users in an ever-changing world.

The Victoria Government has been building out its single presence site around the services offered through the Department of Premier and Cabinet, but has not mandated its use by bigger agencies.

Produced after a long period of research around citizen user needs, it is built on a sophisticated open-source publishing stack that integrates into the front end of other websites – so-called “headless CMS” – enabling agencies to share development and maintenance costs.

This enables multiple agencies to use common publishing elements and functionality. Treasury and Finance, Victoria Police, and some divisions of Education and Health have moved to the platform.

Embracing commonalities

This approach also promotes a common look-and-feel, information menus and web architecture, so citizen users do not have to relearn how to navigate every new agency’s web site.

Rather than build a whole new tech system, it exploits the use of common technical interfaces (APIs) to easily connect agencies services and content into a single front end.

Importantly, this approach has been adopted by the ADDC, with the council late last year adopting national API design standards that will allow “all levels of government and trusted third parties to securely share, re-use and enhance data in real time”.

The bigger challenge is the curation and maintenance of content around user needs. This includes the management of a federated publishing model that enables agencies to distribute and maintain their content across multiple channels and web sites.

Gov.uk invested heavily in well-written content, curated around common citizen problems and concerns – a process that has taken several years to complete.

Research has suggested users use search for one-off questions about government, but typically browse government web sites, using the navigation to find what they think may be the solution. By ensuring this information is in one place, citizens will no longer be unsure if they have the latest or best information.

A working group from around Australia and NZ will meet in Melbourne this month to consolidate learnings from the various research and work around the development of life-cycle content and services.

Source link
——————————————————————————————————

The post #deepweb | <p> NSW shoots for the Holy Grail of government websites <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Indian Government Emails Found Wandering on the Dark Web

Source: National Cyber Security – Produced By Gregory Evans

  • Hundreds of email IDs and plaintext passwords belonging to Indian organizations are available on the dark web.
  • The emails may have been shared among crooks for quite some time, but this has just been discovered.
  • It is time for crucial government entities to use 2FA, and even better, 2SV physical security keys.

Researcher Sai Krishna Kothapalli has found 3202 email IDs on the dark web, belonging to people working on the Indian government and various organizations of the state. The infosec expert has been collecting data from dumps on the dark web for the past four years, creating a humongous database of 1.8 billion email IDs and passwords. According to him, approximately 85% of the passwords he holds are in plain text form, while others have been dehashed by hackers throughout the years. After analyzing this trove of data, Kothapalli recently found some ending with “.gov.in”.

The 365 email IDs belong to employees of the ‘Indira Gandhi Centre for Atomic Research’. Trailing just behind is the ‘Bhabha Atomic Research Centre’ with 325 email IDs. In third place, there is the ‘Securities and Exchange Board of India’ with 157 emails. In total, the 3202 emails belonging to 12 entities, as shown in the graph below.


india_graph

The researcher tried to correlate his findings with the “Have I Been Pwned” service and found no entries there, so this was a fresh discovery. The conclusion that he drew was that this data must be the product of a targeted phishing campaign since there were no recorded breaches. This means that the employees who have had their IDs and passwords stolen could be at risk of having their accounts taken over. The employees could have changed their passwords in the meantime, but the chances of stuffing attacks against other accounts belonging to the same people remain high.

The researcher is still investigating the data and is in the process of contacting the governmental organizations to alert them about his findings. He points out that when he started investigating this, he was approached by someone who posed as an NDTV reporter. After additional research, he discovered that the email accounts used to contact him had been compromised in the previous months and that the news from back in the time attributed this to North Korean hackers.

So, could this all be the work of state-supported actors from North Korea? It’s quite possible, but nothing can be said with certainty until the investigation is concluded. Right now, the important part is to secure the email accounts by resetting the credentials as soon as possible. Also, and as the researcher points out in his report, it is high time for the government and its organizations to adopt two-factor authentication for the email accounts of their employees, or even better, physical security keys.

Source link
——————————————————————————————————

The post #deepweb | <p> Indian Government Emails Found Wandering on the Dark Web <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | 3,000 government emails leaked, Ministry of Information’s data also became public

Source: National Cyber Security – Produced By Gregory Evans Cybersecurity researchers claim 3,2020 government emails have been leaked. The report claimed that the email IDs of 11 departments, including the Bhabha Atomic Research Center and the Ministry of Information, exist on the dark web. Sai Krishna Kothapalli, an IIT-Guwahati alumnus and founder of the cybersecurity […] View full post on AmIHackerProof.com

#hacking | Daily Inter Lake – Politics & Government, The big lesson from the Bezos hack: Anyone can be a target

Source: National Cyber Security – Produced By Gregory Evans

PROVIDENCE, R.I. (AP) — You may not think you’re in the same league as Jeff Bezos when it comes to being a hacking target. Probably not, but you — and just about anyone else, potentially including senior U.S. government figures — could still be vulnerable to an attack similar to one the Amazon founder and Washington Post owner apparently experienced.

Two U.N. experts this week called for the U.S. to investigate a likely hack of Bezos’ phone that could have involved Saudi Arabian Crown Prince Mohammed bin Salman. A commissioned forensic report found with “medium to high confidence” that Bezos’ iPhone X was compromised by a video MP4 file he received from the prince in May 2018.

Bezos later went public about the hack after the National Enquirer tabloid threatened to publish Bezos’ private photos if he didn’t call off a private investigation into the hacking of his phone. It’s not clear if those two events are related. The Saudis have denied any involvement in the purported hack.

The events could potentially affect U.S.-Saudi relations. On Friday, Sen. Ron Wyden, an Oregon Democrat, said he is asking the National Security Agency to look into the security of White House officials who may have messaged the crown prince, particularly on personal devices. Jared Kushner, a White House aide and President Donald Trump’s son-in-law, is known to have done so using WhatsApp.

Wyden called reports of the Bezos hack “extraordinarily ominous” and said they may have “startling repercussions for national security.”

But they could resonate at the personal level as well. As the cost of hacking falls while opportunities to dig into peoples’ online lives multiply, more and more people are likely to end up as targets, even if they’re not the richest individuals in the world.

Ultimately, that boils down to a simple lesson: Be careful who you talk to — and what you’re using to chat with them.

“People need to get out of the mindset that nobody would hack them,” said Katie Moussouris, founder and CEO of Luta Security. “You don’t have to be a specific target or a big fish to find yourself at the mercy of an opportunistic attacker.”

WhatsApp, owned by Facebook, is generally considered a secure way of trading private online messages due to the fact that it scrambles messages and calls with encryption so that only senders and recipients can understand them. What many people may not have realized is that it, like almost any messaging service, can act as a conduit for malware.

That encryption, however, is no help if a trusted contact finds a way to use that connection to break into the phone’s operating system. In fact, an infected attachment can’t be detected by security software while it’s encrypted, and apps like WhatsApp don’t scan for malware even once files are decrypted.

WhatsApp users can disable the automatic downloading of photos, videos and other media, which happens by default unless the user takes action.

Other messaging apps are likely also vulnerable. “It just so happens that this one was a vulnerability in WhatsApp,” said JT Keating, of Texas-based security firm Zimperium. “It could have been in any one of any number of apps.”

Prince Mohammed exchanged numbers with Bezos during a U.S. trip in spring 2018. On the same visit, the prince also met with other tech executives, including the CEOs of Google, Apple and Palantir, as well as sports and entertainment celebrities and academic leaders. Virgin Group founder Richard Branson gave the Saudi delegation a tour of the Mojave Air and Space Port in the desert north of Los Angeles.

Google and Apple didn’t respond to emailed requests for comment this week on whether their executives shared personal contacts after that trip. Palantir Technologies confirmed that its CEO Alex Karp met with the prince but said they never shared personal messages. Virgin Group said it was looking into it.

UC Berkeley cybersecurity researcher Bill Marczak cautioned that there’s still no conclusive evidence that the Saudi video was malicious, adding that it might be premature to jump to broader conclusions about it. Many other security experts have also questioned the forensics report upon which U.N. officials are basing their conclusions.

But Marczak said it is generally good advice to “always be on the lookout for suspicious links or messages that sound too good to be true.”

Even caution about avoiding suspicious links might not be good enough to ward off spyware — especially for high-profile targets like dissidents, journalists and wealthy executives. Hackers-for-hire last year took advantage of a WhatsApp bug to remotely hijack dozens of phones and take control of their cameras and microphones without the user having to click anything to let them in.

In such cases, said Marczak, “there doesn’t need to be any interaction on the part of the person being targeted.”

  

Source link

The post #hacking | Daily Inter Lake – Politics & Government, The big lesson from the Bezos hack: Anyone can be a target appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Turkish hackers target Greek government websites, stock exchange

Source: National Cyber Security – Produced By Gregory Evans Turkish hackers claimed on Friday to have hijacked for more than 90 minutes the official websites of the Greek parliament, the foreign affairs and economy ministries, as well as the country’s stock exchange. On their Facebook page, the hackers group, Anka Neferler Tim, justified their actions […] View full post on AmIHackerProof.com

#hacking | Iranian hackers breach US government website in retaliation for airstrike 

Source: National Cyber Security – Produced By Gregory Evans

A website operated by the U.S. government has been hacked by a group claiming to represent the government of Iran.

The website operated by the little-known Federal Depository Library Program, fdlp.gov, was hacked and defaced on Saturday, and has been taken offline.

A message from the hackers left on the website read: ‘in the name of god. >>>>> Hacked By Iran Cyber Security Group HackerS … ;)<<<<<. This is only small part of Iran’s cyber ability ! We’re always ready.’

The FDLP is a program created to make federal government publications available to the public at no cost. 

The image above appeared on fdlp.gov on Saturday before the website was taken offline

The hackers in their message made reference to the death of Qassem Soleimani, and depicted President Donald Trump being beaten by a fist with the Revolutionary Guard insignia

The hackers in their message made reference to the death of Qassem Soleimani, and depicted President Donald Trump being beaten by a fist with the Revolutionary Guard insignia

Current Google results show the defaced page title text of the fdlp.gov website

Current Google results show the defaced page title text of the fdlp.gov website

It followed the similar hacking of websites for a number of obscure, non-governmental entities, including the Sierra Leone Commercial Bank, the Taiwan Lung Meng Technology Company, and the Human Rights Protection Association of India.

The website for a British company called Bigways was also struck in the cyber attacks.

Security experts have already warned that cyber attacks could be part of Iran’s retaliation for the U.S. airstrike on Friday that killed Revolutionary Guard General Qassem Soleimani, a top official in Iran and beloved there. 

Iran’s state-backed hackers are already among the world’s most aggressive and could inject malware that triggers major disruptions to the U.S. public and private sector.

Potential targets include manufacturing facilities, oil and gas plants and transit systems. A top U.S. cybersecurity official is warning businesses and government agencies to be extra vigilant.

The websites of several obscure, non-government entities were also defaced on Saturday

The websites of several obscure, non-government entities were also defaced on Saturday

In 2012 and 2013, in response to U.S. sanctions, Iranian state-backed hackers carried out a series of disruptive denial-of-service attacks that knocked offline the websites of major U.S. banks including Bank of America as well as the New York Stock Exchange and NASDAQ. 

Two years later, they wiped servers at the Sands Casino in Las Vegas, crippling hotel and gambling operations.

The destructive attacks on U.S. targets ebbed when Tehran reached a nuclear deal with the Obama administration in 2015. 

The killing early Friday in Iraq of Quds Force commander Soleimani – long after Trump scrapped the nuclear deal – completely alters the equation.

‘Our concern is essentially that things are going to go back to the way they were before the agreement,’ said John Hultquist, director of intelligence analysis at the cybersecurity firm FireEye. ‘There are opportunities for them to cause real disruption and destruction.’

Iran has been doing a lot of probing of critical U.S. industrial systems in recent years – trying to gain access – but has limited its destructive attacks to targets in the Middle East, experts say.

It’s not known whether Iranian cyberagents have planted destructive payloads in U.S. infrastructure that could now be triggered.

‘It’s certainly possible,’ Hultquist said. ‘But we haven´t actually seen it.’

Member of the Iranian Basij paramilitary militia, affiliated to the Revolutionary Guard, mourn Gen. Qassem Soleimani, in Tehran, Iran on Saturday

Member of the Iranian Basij paramilitary militia, affiliated to the Revolutionary Guard, mourn Gen. Qassem Soleimani, in Tehran, Iran on Saturday

Iranians take part in an anti-US rally in Tehran, Iran on Saturday

Iranians take part in an anti-US rally in Tehran, Iran on Saturday

Robert M. Lee, chief executive of Dragos Inc., which specializes in industrial control system security, said Iranian hackers have been very aggressive in trying to gain access to utilities, factories, and oil and gas facilities. 

That doesn’t mean they’ve succeeded, however. In one case in 2013 where they did break into the control system of a U.S. dam – garnering significant media attention – Lee said they probably didn’t know the compromised target was a small flood control structure 20 miles north of New York City.

Iran has been increasing its cyber capabilities but is not in the same league as China or Russia – which have proved most adept at sabotaging critical infrastructure, witnessed in attacks on Ukraine´s power grid and elections, experts agree.

And while the U.S. power grid is among the most secure and resilient in the world, plenty of private companies and local governments haven’t made adequate investments in cybersecurity and are highly vulnerable, experts say.

‘My worst-case scenario is a municipality or a cooperative-type attack where power is lost to a city or a couple of neighborhoods,’ Lee said.

Consider the havoc an epidemic of ransomware attacks has caused U.S. local governments, crippling services as vital as tax collection. While there´s no evidence of coordinated Iranian involvement, imagine if the aggressor – instead of scrambling data and demanding ransoms – simply wiped hard drives clean, said Hultquist.

‘You could see many cities and hospitals targeted at once with ransomware that encrypts data to make it unusable, but there is no way to decrypt it by paying a ransom,’ said cybersecurity veteran Chris Wysopal, the chief technical officer of Veracode.

Members of Iran-backed Iraqi Shiite armed groups popular mobilization forces carry the coffin of slain Abu Mahdi al-Muhandis during a funeral procession in Karbala city, southern Baghdad

Members of Iran-backed Iraqi Shiite armed groups popular mobilization forces carry the coffin of slain Abu Mahdi al-Muhandis during a funeral procession in Karbala city, southern Baghdad

The only known cybersecurity survey of U.S. local governments, county and municipal, found that the networks of 28% were being attacked at least hourly – and that nearly the same percentage said they didn´t even know how frequently they were being attacked. Although the study was done in 2016, the authors at the University of Maryland-Baltimore County don´t believe the situation has improved since.

The top cybersecurity official at the Department of Homeland Security, Christopher Krebs, urged companies and government agencies to refresh their knowledge of Iranian state-backed hackers’ past exploits and methods after Soleimani’s death was announced. ‘Pay close attention to your critical systems,’ he tweeted.

In June, Krebs warned of a rise in malicious Iranian cyberactivity, particularly attacks using common methods like spear-phishing that could erase entire networks: ‘What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you´ve lost your whole network.’

Wysopal said the Iranians are apt to have learned a lot from the 2017 NotPetya attack, which the U.S. and Britain have attributed to state-backed Russian hackers and which caused at least $10 billion in damage globally. The worst cyberattack to date, it exploited unpatched software after being delivered through an unwitting Ukrainian tax software provider and spread on networks without human intervention.

When then-Director of National Intelligence James Clapper blamed Iran for the Sands Casino attack, it was one of the first cases of American intelligence agencies identifying a specific country as hacking for political reasons: The casino´s owner, Sheldon Adelson, is a big Israel backer. Clapper also noted the value of hacking for collecting intelligence. North Korea´s hack of Sony Pictures in retaliation for a movie that mocked its leader followed.

The vast majority of the nearly 100 Iranian targets leaked online last year by a person or group known as Lab Dookhtegan – a defector, perhaps – were in the Middle East, said Charity Wright, a former National Security Agency analyst at the threat intelligence firm InSights. She said it´s highly likely Iran will focus its retaliation on U.S. targets in the region as well as in Israel and the U.S.

Iran is widely believed to have been behind a devastating 2012 attack on Aramco, the Saudi oil company, that wiped the data from more than 30,000 computers. It was also a victim of the Stuxnet computer virus. First uncovered in 2010, it destroyed thousands of centrifuges involved in Iran’s contested nuclear program and is widely reported to have been a U.S.-Israeli invention. 

Source link

The post #hacking | Iranian hackers breach US government website in retaliation for airstrike  appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Idaptive Brings Next-Gen Access to Government Agencies with GSA Designation

Source: National Cyber Security – Produced By Gregory Evans

To cap off an incredible first year for Idaptive’s sales and channel program, we’re proud to announce that Idaptive is now on the  U.S. General Services Administration (GSA) Schedule, so we are now able to offer GSA government agencies and state and local governments the identity and access management services they need to benefit from true Zero Trust security. With this designation, Idaptive can bring the future of identity and access to the public service sector, empowering government agencies to enable seamless and secure access to public servants and citizens alike through our Next-Gen Access Cloud. 

The GSA is the purchasing arm of the U.S. Government, and lists contracts or schedules available for vendors to bid on. To become eligible to bid on a GSA schedule, Idaptive had to complete a series of steps that included obtaining a DUNS number, registering in the government’s SAM (System for Award Management), and providing previous customer contact information as a means for the GSA to perform a past performance evaluation. 

GSA status is a non-industry specific designation, and Idaptive was able to earn its GSA approval through the help of our strategic channel partner ImmixGroup. This partnership marks the next chapter for Idaptive’s blossoming channel program, which we launched from scratch earlier this year. Since then, it has grown to include a total of 152 incredible solution providers and technology integrators and accounts for nearly 80 percent of our sales to date. All while racking up a number of channel-based awards wins and accolades along the way (check those out below). 

Brian Krause, Idaptive’s Director of Worldwide Channels, explains that GSA is an important next step for both Idaptive and for Federal, state and local governments when it comes to bringing much-needed innovation and security to the country’s most important public service agencies. 

“There’s no one more at risk to data breaches than government agencies, and the stakes are often far higher,” said Krause. “With GSA designation, we’re proud to deliver Next-Gen Access identity technology to help more government organizations implement a Zero Trust security posture while also improving employee productivity, enhancing citizen and partner experiences, and reducing the risk of data breaches.” 

2019 was a huge year for Idaptive and our channel program, and we look forward to seeing what next year has in store! Stay tuned in 2020 for more updates on the future of identity from Idaptive. 

 

Check out all of Idaptive’s channel program news and recognitions this year here: 

Source link

The post #cybersecurity | #hackerspace |<p> Idaptive Brings Next-Gen Access to Government Agencies with GSA Designation <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Singapore government pledges to improve data security with new measures

Source: National Cyber Security – Produced By Gregory Evans The Singapore government has pledged to adopt new measures to bolster its cybersecurity posture and improve the way it safeguards public data. The move comes after a series of security breaches involving agencies from the public sector, including one just this week, that compromised personal data […] View full post on AmIHackerProof.com