Ian Barker

This year has seen twice as many software supply chain attacks as 2019-2022 combined and one in eight open source downloads today pose known and avoidable risks.

The latest State of the Software Supply Chain Report from Sonatype, which logged 245,032 malicious packages in 2023, also shows that 96 percent of vulnerabilities are still avoidable.

Continue reading →

A new report into hidden threats from Ivanti finds that one in three employees believe their actions do not impact their organization's security.

The research also shows that Millennial and Gen Z office workers are more likely to have unsafe cybersecurity habits when compared to Gen X and older (those above 40 years of age).

Continue reading →

UK businesses have experienced on average 30 cyber incidents over the last twelve months, marking a 25 percent increase compared to last year.

But a new report from iomart and Oxford Economics finds that 27 percent of organizations think their cyber security budget is inadequate to fully protect them from growing threats. This is despite spending more than £40,000 ($48,000) a year on cyber protection such as vulnerability assessments, penetration testing, and red team engagements.

Continue reading →

The latest Phishing Threat Trends Report from Egress, based on data from its Egress Defend email security tool, reveals that nearly three-quarters of AI detectors can't tell if a phishing email has been written by a chatbot.

Because they utilize large language models (LLMs), the accuracy of most detector tools increases with longer sample sizes, often requiring a minimum of 250 characters to work. With 44.9 percent of phishing emails not meeting the 250-character limit, and a further 26.5 percent falling below 500, currently AI detectors either won't work reliably or won't work at all on 71.4 percent of attacks.

Continue reading →

Thanks to remote working, businesses have become reliant on tools like Slack and Teams for workplace communication. But this new, unstructured data set introduces risk caused by the everyday conversations in which proprietary, harmful, or sensitive information is shared or deleted.

AI data platform Aware has released a new report based on proprietary research conducted using the AI-powered platform AwareIQ. It finds collaboration platforms are moving beyond chat and are now at the center of a new enterprise workflow, with 15.4 percent of messages originating from integrated third-party applications.

Continue reading →

Artificial intelligence (AI) has been an evolving trend at the very center of cybersecurity in recent years. However, the release of a wave of new tools such as ChatGPT and Microsoft's Jasper chatbot have sparked fresh concerns about the potential for cybercriminals to leverage increasingly sophisticated technologies for nefarious purposes.

We spoke to Zach Fleming, principal architect at Integrity360, to explore whether AI can be used to create sophisticated malware and hacking tools capable of bringing down entire networks. We'll consider which concerns are valid by highlighting the current state of AI, and we'll explore how security teams can best combat the use of AI in cybercrime.

Continue reading →

Environmental social and governance (ESG) policy sees businesses seek to implement ethical practices to safeguard, not just the business, but its ecosystem of partners and customers and the wider world.

We spoke to Tim Wallen, regional director for the UK, US and emerging markets at Logpoint, to discuss the reasons why cybersecurity needs to be incorporated into ESG reporting, and how this can be achieved.

Continue reading →

The shift to remote and hybrid working models has magnified IT operational challenges for 75 percent of organizations.

A new study by Forrester Consulting for HP surveyed over 300 IT and security decision makers and finds the main challenges companies face when managing remote endpoints are ensuring data security (60 percent), keeping software on remote devices up to date (55 percent), and maximizing the accuracy of asset databases (55 percent).

Continue reading →

Senior executives are 60 percent more likely to click on malicious links than their employees, making them a vulnerable target for hackers, according to a new report.

However, data from SoSafe also reveals that senior managers are more likely to report a suspicious email (20 percent) than employees (eight percent) are, which shows that security awareness among top management is rising.

Continue reading →

A new survey looks at how organizations find business value from machine learning (ML), how they plan to invest in the near term, and the challenges they expect to face in achieving their ambitious goals for getting new ML initiatives into production.

The study, conducted by NewtonX for Wallaroo.AI, asked asked chief data officers, chief analytics officers and leaders responsible for AI business outcomes in US private enterprises how they plan to invest in the near term and the challenges they expect to face in achieving their goals for getting new ML initiatives into production.

Continue reading →

Account takeover (ATO) attacks jumped a massive 354 percent year-on-year in Q2 2023 according to the latest quarterly Digital Trust and Safety Index from Sift.

Analysis across Sift's global network shows the fintech and food and beverage categories experienced especially large increases. ATO spiked 808 percent across fintech, hitting loyalty sites and crypto, and opening the gate to downstream payment fraud, while the food and beverage industry saw a 485 percent increase in ATO.

Continue reading →

We all know that bad bots are, well… Bad. But open banking is supposed to be good, giving consumers more control over their finances. Combine open banking and bad bots though and you have opened up a world of new threats to banks, customers, and their data.

We spoke to Alan Ryan, AVP for UK and Ireland at Imperva, about how open banking has created new opportunities for cybercriminals, and why the traditional siloed approach to security needs re-appraising.

Continue reading →

The ongoing shift to hybrid and remote work environments has resulted in key changes to the roles and priorities of network administrators in order to address new connectivity challenges and prioritize and preserve a secure, productive end-user experience.

New research by Enterprise Management Associates (EMA) and Auvik shows 73 percent of network professionals reported an increase in workloads, either slightly or significantly, following the shift from traditional to hybrid work environments.

Continue reading →

As we reported three months ago, there are some significant changes coming to the PKI marketplace, not least being Google's move to reduce the lifespan of SSL/TLS certificates.

A new report from GlobalSign, based on 110 responses, finds 30 percent of respondents say the increased administrative work and complexity of the changes is their biggest concern.

Continue reading →

Investments in DevOps automation are delivering significant benefits, including a 61 percent improvement in software quality, a 57 percent reduction in deployment failures, and a 55 percent decrease in IT costs.

However, a new survey from Dynatrace shows that just 38 percent of organizations have a clearly defined DevOps automation strategy.

Continue reading →