According to a new survey from Arxan, only 25 percent of respondents say their organization is making a significant investment in solutions to prevent application attacks.

This is despite awareness of the negative impact of malicious activity. A worrying 65 percent of companies say they would be spurred to increase application protection measures only after an end user or customer was negatively affected.

Continue reading →

The number of data breaches disclosed in the first three months of this year fell to 686 compared to 1,444 breaches reported in the same period of 2017, according to a new report.

This still represents the exposure of some 1.4 billion records, although this figure too is down from 3.4 billion in the same quarter last year.

Continue reading →

It's been accepted wisdom for some time that an injection of extra talent is needed to solve the cybersecurity skills shortage.

Further confirmation of this comes in the form of a report from ProtectWise looking at the survey responses of 524 technology-savvy millennials and post-millennials in the US, conducted by Enterprise Strategy Group (ESG), to see if there were potential answers to the security skills shortage.

Continue reading →

With GDPR implementation now only weeks away many businesses are still not fully prepared for the impact of the new legislation.

We spoke to Matt Klassen VP of cloud marketing at IT service management specialist Cherwell Software to find out how managed services can help companies to comply with GDPR by the may 25th deadline and to manage the additional workload it's likely to create.

Continue reading →

A future enabled by the Industrial Internet of Things (IIoT) is not so far off, with the integration of IoT devices rising across industrial settings from oil and gas to building security.

The potential to leverage big data and analytics to optimize operations and efficiencies is driving industrial companies to move to IIoT-enabled devices, but these companies are now faced with the challenge of modernizing their legacy production systems.

Continue reading →

The industrial control systems (ICS) used to run equipment in manufacturing, energy, and other sectors are secured differently from office networks. Vulnerabilities often go unpatched, because organizations are afraid to make changes that might cause downtime.

To minimize the chances of exploitation of vulnerabilities, measures put in place include placing ICS components on a separate network, isolating them, or air-gapping them entirely from Internet-connected corporate systems. However, penetration testing performed by Positive Technologies has shown that such measures often fall short in practice, leaving attackers plenty of opportunity to access critical equipment.

Continue reading →

It's World Password Day and we've already looked at tips for safe password use, but a new survey from identity management company SailPoint reveals that IT professionals aren't practising what they preach when it comes to password use.

In partnership with research company Vanson Bourne, SailPoint surveyed 400 IT decision makers about their password habits and came up with some worrying results.

Continue reading →

Ransomware attacks grew by 400 percent last year, largely down to the success of the WannaCry attack. It’s perhaps not surprising that other variants slowed down, but this signals a shift in the way ransomware is being used.

A new report from F-Secure shows WannaCry accounted for nine out of every 10 ransomware detection reports by the end of the year.

Continue reading →

We're constantly being told that the password's days are numbered. No less a figure than Bill Gates predicted the end of the password as far back as 2004. Yet we still rely on them to protect many of our day-to-day activities.

To mark today’s World Password Day, Raj Samani, chief scientist and fellow at McAfee, has produced a set of tips that people can follow to make the best use of passwords.

Continue reading →

A new study of password and account security on 55 of the world's most popular travel-related sites reveals that 89 percent leave their users' accounts potentially exposed to hackers due to unsafe password practices.

The research by password management company Dashlane tested each website on five critical password and account security criteria. A site received a point for each criterion it met, for a maximum score of 5/5. Any score below 4/5 was considered failing and not meeting the minimum threshold for good password security.

Continue reading →

Workload automation specialist Turbonomic has released a major update to its software, delivering application-aware infrastructure and making any type of workload -- virtual, cloud and container -- self-managing.

Turbonomic's AI-powered decision engine analyzes performance, cost and compliance data across the entire IT stack and generates trustworthy decisions at scale faster than before.

Continue reading →

A critical remote code execution vulnerability has been discovered in two Schneider Electric applications heavily used in manufacturing, oil and gas, water, automation and wind and solar power facilities.

The vulnerability, discovered by cyber exposure company Tenable, could, if exploited, give cyber criminals complete control of the underlying system.

Continue reading →

The most common infection vectors are still email phishing and drive-by downloads according to the latest threat report from AI security specialist Cylance.

The report provides a real-world glimpse into major cyber threats that affected Cylance’s customer base in 2017. Along with industry trends and analysis, and data from thousands of government entities and organizations of all sizes across 160 countries that have adopted a prevention-first approach to security.

Continue reading →

With a name like 'SiliVaccine' you could be forgiven it's something your doctor would give you if you were worried about turning into a clown. But in fact this is North Korea's home grown antivirus product.

Check Point Software has obtained and analyzed a rare copy of the software and discovered key components of its source code to be identical to a 10-year old copy of Trend Micro's AV software.

Continue reading →

A few weeks ago we spoke to ThinkMarble about the impending arrival of GDPR and the company's virtual data protection office service.

As the May 25th deadline draws closer, the company has released some research data that shows almost three-quarters of UK businesses are unaware of the lawful basis for processing data and a quarter still don't know, or are unsure of, where the personal data they are responsible for is currently held.

Continue reading →