Avery Dennison, a Fortune 500 company specialising in the design and manufacture of labelling and functional materials, has been rated by GlobalData as the best-performing packaging company in the cybersecurity theme, and is poised for excellent future performance.

With an estimated ICT spend of $371.2m in 2022, the label and adhesive behemoth has made several strategic advances towards becoming a digital-first company over the years, having launched atma.io cloud-based platform in 2021 a platform that assigns unique digital IDs to products, enabling improved tracking, storage and management.

Other major IT investments over recent years include $230m in Williots Internet of Things and Cloud technologies, $38.9m in RoadRunner Recyclings AI/ML-based technology, and a $1.45bn acquisition of Vestcom, the provider of data-integrated, shelf-edge labelling and pricing solutions for consumer-packaged goods companies.

The increased digitisation of supply chains and cloud-based environments, however, poses new cybersecurity threats to companies, as more and more data is stored virtually. And, if cloud data is compromised, companies risk multiple losses, including loss of revenue, reputation and business continuity. According to IBM, manufacturing has felt the brunt of cyberattacks over the past few years, receiving 23% of attacks in 2021, ahead of finance and insurance.

A notable cybersecurity breach took place in January 2021, when WestRock Company, the paper and packaging solutions provider, was subject to a ransomware attack that disrupted its IT and operational technology systems. The company said that the impact on net sales in the second quarter of 2021 was $189m, whilst $20m was incurred in ransomware recovery costs.

All this comes as the Allianz Risk Barometer 2023 survey finds that cyber incidents and business interruption rank as the most pressing company concerns for the second year running.

Avery Dennison has a presence across multiple cloud platforms, including Kubernetes, Azure, Amazon Web Services, Google Cloud and Oracle Cloud. However, cloud computing brings its own unique set of risks: for example, cloud services rely on APIs which are particularly prone to cyberattacks, and the easy accessibility and data migration capabilities of the cloud also makes it vulnerable to data loss and malware attacks.

Our cloud journey is revolutionising the company, so its critical were able to secure it, explains Jeremy Smith, Avery Dennisons information security officer.

This commitment to greater cybersecurity has been borne out in the companys estimated 2022 ICT budget, with $4.59m allocated to security software, $2.07m to security equipment hardware, $3.13m to security consulting, and $2.31m to security and privacy services, according to GlobalData.

As part of its cloud-specific cybersecurity strategy, Avery Dennison has partnered with Wiz, which provides a singular view of its multi-cloud environment, allowing for easy identification of misconfigurations and providing context on vulnerabilities.

Smith said that prior to the Avery Dennison-Wiz partnership, it was difficult to piece together solutions from different cloud providers to come up with a good cloud security posture even understanding misconfiguration was hard within these tools.

Researchers from Stanford University and a top cybersecurity organisation found that approximately 88% of all data breaches are caused by human error.

Recognising this human factor as a significant aspect of cybersecurity, Avery Dennison launched its DataSafe initiative in 2019, which enlists all employees in an enterprise-wide effort to protect company data. Prior to this, the packaging powerhouse had adopted a more conventional approach to data loss prevention, with a focus on specialists implementing firewalls and constraining policies.

However, the company soon realised that increased reliance on cloud resources made its data more vulnerable, especially given the potential for human error. It was often thought that security was securitys problem. But enabling your employees to act as security partners to protect their own data is as critical as any security tool you may have, Smith says.

In consultation with cybersecurity experts, Avery Dennison therefore developed and adopted a three-pronged initiative. The first component was to identify and inventory the most critical business data and assets (namely, intellectual property and customer order information), while the second component was to measure and plan for success.

The third component involved selecting and deploying technologies to prevent data loss and ensure regulatory compliance. For this, the company chose Sekure, a cloud-native data governance solution that automatically identifies, classifies, monitors and protects sensitive business data. Additionally, it provides employees with the necessary tools to protect data effectively.

Indeed, DataSafe now requires employees to classify files at the time of creation according to the companys four-point system for data security. It forced people to think about whether the data was important, and if distributed too permissively whether it would cause risk to the organisation. It got people thinking about the data itself and to be more careful about how they handle it, Smith says.

In terms of endpoint security, the company has also adopted fingerprint, facial and biometric recognition technologies that have eliminated the need for passwords to log into workplace applications.

The result has been a robust data protection programme that empowers employees and incorporates customised technologies, specifically designed to protect the companys most critical business data and assets.

Original post:
Avery Dennison takes leading role in cybersecurity - Packaging Gateway

By James Sillars, Business reporter @SkyNewsBiz

Monday 5 June 2023 22:01, UK

The BBC, British Airways , Boots and Aer Lingus have been caught up in a cyber incident that has exposed employee personal data, including bank and contact details, to hackers.

A ransomware group named Clop has claimed responsibility for the breaches centred around the MOVEit file transfer software.

In an email to Reuters on Monday, the hackers said "it was our attack" and that victims who refused to pay a ransom would be named and shamed on the group's website.

Work by Microsoft had earlier suggested that the Russian-speaking ransomware gang was behind the attack.

It emerged last week that a so-called zero-day vulnerability - a flaw - in the file transfer system MOVEit, produced by Progress Software, had been exploited by cyber criminals.

It had allowed the hackers to access information on a range of global companies using MOVEit Transfer.

Thousands of firms are understood to be affected.

UK-based payroll provider Zellis confirmed on Monday that eight of its clients were among them.

It did not name the organisations.

BA, however, confirmed it had been caught up in the affair.

The airline employs 34,000 people in the UK.

The BBC and Boots, which has 50,000 staff, said they had been affected too.

The broadcaster did not believe its employees' bank details had been exposed though company ID and national insurance numbers were compromised.

Current and former staff at Aer Lingus have also been affected, the airline said, but no financial or bank details nor phone numbers were compromised in the incident.

Analysis: Origins 'appear to have Russian links'

Experts said corporate victims could expect the group responsible to make contact with a list of demands within weeks.

In this instance, the compromised information included contact details, national insurance numbers and bank details.

BA told Sky News: "We have been informed that we are one of the companies impacted by Zellis's cybersecurity incident which occurred via one of their third-party suppliers called MOVEit.

"Zellis provides payroll support services to hundreds of companies in the UK, of which we are one.

"This incident happened because of a new and previously unknown vulnerability in a widely used MOVEit file transfer tool. We have notified those colleagues whose personal information has been compromised to provide support and advice."

A Boots spokesperson said: "A global data vulnerability, which affected a third-party software used by one of our payroll providers, included some of our team members' personal details.

"Our provider assured us that immediate steps were taken to disable the server, and as a priority we have made our team members aware."

Read more from business:New business group launched to rival CBI Six Nations backer CVC plots 4bn takeover of Center Parcs

Zellis said in its own statement: "A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software's MOVEit Transfer product.

"We can confirm that a small number of our customers have been impacted by this global issue and we are actively working to support them.

This is a limited version of the story so unfortunately this content is not available. Open the full version

"All Zellis-owned software is unaffected and there are no associated incidents or compromises to any other part of our IT estate.

"Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring."

Charles Carmakal, chief technology officer at Google cyber security specialist Mandiant Consulting, said: "At this stage it is critical for victim organisations to prepare for potential extortion, publication of stolen data, and victim shaming.

"It is likely that the threat actor will soon begin to make contact with extortion demands and begin to work through their list of victims.

"Mandiant's investigations into prior campaigns from the suspected threat actor show that extortion demands are usually in the 7- or 8-figure range, including a few demands for more than $35m.

"Any organisation that had the MOVEit web interface exposed to the internet should perform a forensic analysis of the system, irrespective of when the software was patched," he warned.

Click to subscribe to The Ian King Business Podcast

"Watch out for scammers too. Some of our clients impacted by the MOVEit exploitation received extortion emails over the weekend.

"The extortion emails were unrelated to the MOVEit exploitation and were just scams, but organisations could easily confuse them as being authentic."

A MOVEit spokesperson said: "Our customers have been, and will always be, our top priority. When we discovered the vulnerability, we promptly launched an investigation, alerted MOVEit customers about the issue and provided immediate mitigation steps."

"We disabled web access to MOVEit Cloud to protect our cloud customers, developed a security patch to address the vulnerability, made it available to our MOVEit Transfer customers, and patched and re-enabled MOVEit cloud, all within 48 hours. We have also implemented a series of third-party validations to ensure the patch has corrected the exploit."

"We are continuing to work with industry-leading cybersecurity experts to investigate the issue and ensure we take all appropriate response measures. We have engaged with federal law enforcement and other agencies with respect to the vulnerability."

"We are also committed to playing a leading and collaborative role in the industry-wide effort to combat increasingly sophisticated and persistent cybercriminals intent on maliciously exploiting vulnerabilities in widely used software products."

See the rest here:
BA, BBC and Boots hit by cyber security breach with contact and bank details exposed - Sky News

Zscaler Inc, a leading cloud-based internet security platform provider, saw its price objective increase from $130.00 to $145.00 by Piper Sandler analysts in their latest research note issued last Friday. However, Piper Sandlers price target also indicates a potential downside of 2.57% from the companys current price.

The latest earnings data for Zscaler was released on Thursday, June 1st, which reported an EPS of $0.48 per share for the quarter beating consensus estimates of $0.42 by $0.06 and generating revenue of $418.80 million compared to expectations of $411.55 million.

Despite facing tough competition in the cloud-based security industry, Zscaler continues to innovate and diversify its offerings that include; Zero Trust Exchange, Zscaler Client Connector, Zscaler Internet Access, Zscaler Private Access, Zscaler B2B, Zscaler Cloud Protection and Zscaler Digital Experience.

It is no secret that cyber threats have increased exponentially during the pandemic as businesses transitioned to remote work- it is therefore commendable for any company within the cloud-based security industry who has managed to succeed in these unprecedented times.

In conclusion, while there may be some challenges ahead for Zscaler given its current market valuation and position alongside stronger competitors like CyberArk Software (NASDAQ: CYBR) and Palo Alto Networks (NYSE:PANW), the companys ability to adapt in todays fast-paced digital transformation landscape should not be understated with sell-side analysts predicting expected gains or even holding steady depending on adjustments made over this years trading period.

Current $150.84

Concensus $232.83

Low $125.00

Median $210.00

High $415.00

Social SentimentsWe did not find social sentiment data for this stock

Zscaler, Inc is a prominent cloud-based internet security platform provider. Recently, the NASDAQ-listed stock opened at $148.82. Its 50-day moving average is $113.69, while its 200-day moving average stands at $118.19. Despite this growth, the firm has witnessed a market capitalization of $21.60 billion with PE ratio of -78.74 and a beta of 0.84, being recently labeled as Moderate Buy. The companys leading product portfolio includes Zero Trust Exchange, Zscaler Client Connector, Zscaler Internet Access, Zscaler Private Access, Zscaler B2B, Zscaler Cloud Protection and Zscaler Digital Experience.

The stock has attracted significantly high ratings from several equities analysts who are keen on the growth potential of the company. Needham & Company LLC and Loop Capital have reaffirmed their positive rating for Zsacaler by raising their price objectives to $210.00 and $135 respectively in an effort to capitalize on investors confidence in the companys future growth prospects.

Oppenheimer started coverage on Zscaler by giving it an outperform rating with a target price set at $180 per share along Rosenblatt Securities that assumed coverage of the stock at a buy rating with a price target set at $135.

In addition to good news from analysts about investment potential and positive trajectory for growth driven by investors confidence after buying shares into getting a piece ownership stake in such promising technology progress made possible through cloud computing evolution- insiders Robert Schlossman (the companys insider) sold 3,645 shares worth over US$389k while CFO Remo Canessa also sold 6,229 shares worth US$665k from which each made gains totaling millions since they both own lots more stock options than what would be required under SEC rules indicating lengthy management loyalty commitment toward growth as a primary goal. Several hedge funds and institutional investors, such as Vanguard Group Inc., Artisan Partners Limited Partnership, WestBridge Capital Management LLC, First Trust Advisors LP, and Champlain Investment Partners LLC have increased their position in the company.

To sum it up, Zscalers position in the cybersecurity industry has been strengthened by some of these recent developments. The firms stock remains an attractive option for investors who are keen on betting on a reliable long-term tech partner that promises to deliver value through cloud-based internet security solutions. With a 12-month high of $194.21 per share and several favourable ratings from equity analysts, Zscaler looks promising regarding future wealth accumulation opportunities for prospective long term investors.

See original here:
Zscaler Inc's Price Target Increased by Piper Sandler Analysts ... - Best Stocks

Washington, D.C. Subcommittee on Innovation, Data, and Commerce Chair Gus Bilirakis (R-FL) delivered opening remarks at todays Innovation, Data, and Commerce Subcommittee hearing titled Building Blockchains: Exploring Web3 and Other Applications for Distributed Ledger Technologies.

Excerpts and highlights below:

THE IMPORTANCE OF BLOCKCHAIN TECHNOLOGIES

Cryptocurrencies and certain financial aspects of blockchains have hijacked the publics attention when it comes to this emerging technology.

Todays hearing will highlight that blockchains are not just impacting Wall Street but are also changing Silicon Valley, and the internet as a whole.

It is essential that Congress accurately understand what it is regulating before it does so.

This is a complicated topic, which is why Im looking forward to the superb panel of experts educating us here today.

The core issue is about how data is organized, preserved, and protected, which is the jurisdiction of this subcommittee.

As I understand it, a blockchain is a linked list, or ledger, of transactions stored on a network of computers.

Blockchains are composed of building blocks of data chained together cryptographically.

We will walk through these technical components today and discuss what it means for blockchains to be decentralized, immutable, and open.

But to step back from these terms, what we are really discussing here is a new, foundational technology that can provide individuals and businesses new ways to access, record, and validate digital activity online.

BLOCKCHAINS PROVIDE NEW OPPORTUNITIES

Web 1.0, the original World Wide Web, lasted from roughly 1993 to 2004, and was characterized by dial up and AOL.

It was replaced by Web 2, which is the current internet we know well, and has been characterized by smartphones and Big Tech platforms.

Web3, which encompasses nonfungible tokens (NFTs) and other use cases, is the emerging internet built on top of blockchains and is characterized by increased user control, decentralization, and transparency.

Using these technologies, developers are building new decentralized social media, new messaging apps, new ways to stream music, and new privacy enhancing technologies just to name a few.

Blockchains are not a crypto casino.In fact, according to one report, despite crypto prices falling roughly $2 trilliona 70 percent declineblockchain developers have only declined 10 percent.

There are respected developers who arent trying to make a fast buck, but rather theyre building a new evolution of the internet.

But this technology goes beyond just Silicon Valley. Blockchains, Web3, and other distributed ledger technologies are just tools.

Like the internet, blockchains will impact many areas of our jurisdiction and can help address challenges with our current internet ecosystem, bolster supply chains, verify information, and increase efficiency for businesses.

THE FTC SHOULD LEAD AGAINST BAD ACTORS

However, we shouldnt treat this technology as a cure-all.

There are still technical challenges such as scaling, data availability, and cybersecurity. There are also human challenges such as fraudsters and compliance with law enforcement.

As with any new technology, scams do existin the blockchain ecosystem.

As this committee knows well, the number one federal regulator of scams and fraud is the Federal Trade Commission (FTC), and thats where we want its focus.

Instead of diverting resources to fight legal battles over possible competition theories, the FTC should focus on protecting Americans from fraudsters, as these bad actors migrate from older technologies to these new technologies.

Last Congress, my bill the RANSOMWARE Act was signed into law. This legislation requires the FTC to increase cooperation with foreign law enforcement and report on Ransomware and other cyber-security-related attacks.

When international hackers target Americans using blockchains, the FTC should take a lead role in ensuring they are made whole.

Blockchains present an incredible opportunity, but also come with unique challenges.

Regardless, the United States must lead on the international stage so our adversaries do not have an opportunity to set the rules of the road.

We must lead with our values for freedom, human rights, and human dignity.

I look forward to working with members on both sides of the aisle to ensure these technologies are anchored here in the U.S. and we are central to that discussion.

Read the rest here:
IDC Chair Bilirakis Opening Statement on Strengthening American ... - Energy and Commerce Committee