Ian Barker

A new report finds that 85 percent of executives surveyed believe computing innovation is
increasing risk.

The report from LevelBlue also shows 74 percent think the opportunity of computing innovation outweighs the corresponding increase in cybersecurity risk -- making cyber resilience nearly impossible to achieve.

Continue reading →

Data management language SQL (originally published as SEQUEL) first appeared in May 1974, so this month marks its 50th anniversary.

We spoke to Peter Zaitsev, founder at Percona, to find out why SQL has survived for the last 50 years, and is still the third most used language for programmers and software developers according to Stack Overflow.

Continue reading →

A new report based on data gathered from over 40 million exposures presenting high-impact risks to millions of critical business entities, finds that identity and credential misconfigurations represent 80 percent of security exposures across organizations.

The report, from exposure management specialist XM Cyber based on data analyzed by the Cyentia Institute, shows a third of these exposures put critical assets at direct risk of breach -- an attack vector actively being exploited by adversaries.

Continue reading →

A new report from threat intelligence company Intel 471 shows a global rise in ransomware and hacktivism.

The report notes 4,429 ransomware attacks in 2023, almost double the 2,344 observed in 2022, with the most prominent variants being LockBit 3.0, ALPHV, CLOP, Play and 8BASE. North America saw a notable 125.3 percent increase in ransomware, followed by Europe with 67.7 percent, Asia with 46.8 percent, South America with 40.9 percent.

Continue reading →

Using CI/CD (continuous integration and continuous deployment) is supposed to streamline and speed up application development.

However, outdated cloud-based approaches negate many of the benefits. Buildkite's co-founder and CEO, Keith Pitt helped pioneer the hybrid CI/CD approach, which combines elements of both managed and self-hosted CI/CD. With hybrid, users control the build environment and can customize their needs. We spoke to Keith to learn more

Continue reading →

Google's proposal to cut TLS certificate lifespans to 90 days -- down from the current 398 -- was aired last year and has caused something of a stir in security circles.

According to a recent Venafi study, 83 percent of organizations have been hit by certificate-related outages in the past 12 months, and 57 percent of organizations have experienced security incidents involving compromised TLS certificates. Shortening certificate lifespans will therefore help businesses reduce the risk of compromise.

Continue reading →

Yesterday's coverage of World Password Day sparked some discussion among the BetaNews team about passkeys and how they work.

We figured that if we're confused about them then some of you probably are too, so here's a FAQ look at passkeys, how they work and why you should consider using them.

Continue reading →

The average organization has roughly 1,400 permissions for every employee, according to a new report from Veza.

The findings also show that identity teams face a daunting number of groups and roles to manage. With organizations averaging nearly 700 groups for every 1,000 users, it is difficult for admins to choose the least-privilege groups and roles that will meet the needs of any given employee, contractor, or service account.

Continue reading →

The cybersecurity world is a fast changing one with a constant arms race between attackers and defenders.

New entrants are always coming to the market with innovative technologies to solve particular problems. We spoke to Justin Somaini, a partner at cybersecurity venture capital firm YL Ventures, to find out more about up and coming security trends and shaping the future of cybersecurity.

Continue reading →

A new report shows that CISOs find it difficult to communicate threats to the C-suite, which is leaving gaps in the organization’s understanding of cyberrisk.

The study from Dynatrace reveals that 87 percent of CISOs say application security is a blind spot at the CEO and board level.

Continue reading →

Google launched its passkeys initiative on 2022's World Password Day and this year it's marking the day with some new updates.

It’s expanding Cross-Account Protection, an initiative where Google will share security notifications about suspicious events on your Google Account with the non-Google apps and services you use. Doing this will allow the other apps and services connected to your Google Account to use the security information to better protect your other accounts.

Continue reading →

Last year we asked the question whether it was time to make World Password Day a thing of the past. But despite the rollout of passkey technology from giants like Google, passwords are still here a year on.

There's no doubt that the use of passwords is in decline, but they are proving more tenacious than many people predicted. Here are some expert views on the role of passwords in the wider digital security landscape.

Continue reading →

A new report shows 246 percent boost in privacy requests since 2021 as consumers seek to clear personal data online.

The report from DataGrail shows Data Subject Requests (DSRs) -- formal requests made to a company by a person to access, delete or request not to sell/share the personal data that the company holds on them -- increased by 32 percent from 2022 to 2023.

Continue reading →

As numbers and severity of third-party breaches grow, companies are scrutinizing not just how they handle data, but how their vendors do as well. Trust management platform Vanta is launching a new addition to its Trust Center to allow enterprises to automate security questionnaires

Questionnaire Automation in Trust Centers uses Vanta AI to save time by generating suggested responses for security teams to review and approve, rather than starting from scratch each time. This will make it easier for enterprises to proactively and reactively demonstrate their security and compliance.

Continue reading →

Since the launch of ChatGPT there has been a surge in the number of phishing emails as AI makes it easier to create convincing lures.

Email security specialist SlashNext is fighting AI with AI thanks to the launch of a new generative AI large language model (LLM) to deliver accuracy and precision in spam detection, with claimed near-zero false positive rates.

Continue reading →