Ian Barker

We tend to think of the internet as being something that's the same all over the world, but with nations like China, India and Russia increasingly closing off the wider web to their citizens, is the global nature of the internet under threat?

We spoke to Ruoting Sun, VP of Product at Secureframe about the phenomenon of 'internet fracturing' and what it means for businesses.

Continue reading →

The amount of corporate data workers put into AI tools increased 485 percent from March 2023 to March 2024, and is increasing exponentially. The trend is highest among tech workers with 23.6 percent putting corporate data into an AI tool.

A new report from Cyberhaven looks at AI adoption trends and their link to heightened risk. A worrying finding is that 73.8 percent of ChatGPT usage at work is through non-corporate accounts, that unlike enterprise versions incorporate whatever you share in public models.

Continue reading →

According to a new survey, 77 percent of organizations have suffered from instances of cyberattacks or data breaches in the past 12 months due to improper access or over-privileged users.

The study from ConductorOne, based on a survey of 523 US-based IT security leaders at companies with 250 to 10,000 employees, also finds 41 percent of respondents say there had been multiple instances of cyberattacks or data breaches due to the same improper access issues.

Continue reading →

More than half of respondents (53 percent) to a new survey say their existing cybersecurity solutions do not effectively address website impersonation attacks, and 41 percent say their existing solutions only partially protect them and their customers.

The study from Memcyco, based on research from Global Surveyz, finds just six percent of brands claim to have a solution that effectively addresses these attacks despite 87 percent of companies recognizing website impersonation as a major issue and 69 percent admitting to having had these attacks carried out against their own website.

Continue reading →

A new Dark Side of GenAI report from Immersive Labs looks at 'prompt injection' attacks, in which individuals input specific instructions to trick chatbots into revealing sensitive information, potentially exposing organizations to data leaks.

Using data gathered from a public prompt injection challenge the report finds a worrying 88 percent of participants successfully tricked the GenAI bot into giving away sensitive information in at least one level of an increasingly difficult challenge.

Continue reading →

Last year saw more mass compromise events arising from zero-day vulnerabilities (53 percent) than from older vulnerabilities for the first time since 2021.

The latest Attack Intelligence Report from Rapid7 also shows mass compromise events stemming from exploitation of network edge devices have almost doubled since the start of 2023, with 36 percent of widely exploited vulnerabilities occurring in network perimeter technologies. More than 60 percent of the vulnerabilities Rapid7 analyzed in network and security appliances in 2023 were exploited as zero-days.

Continue reading →

The financial sector in the UK is under constant attack and that it is grappling to keep pace with ever-evolving cyber threats, according to a new report from security awareness training company KnowBe4.

The frequency of ransomware attacks on the financial sector in the UK doubled in 2023, showcasing an alarming escalation. Phishing and Business Email Compromise (BEC) remain the top threats to organizations including financial institutions.

Continue reading →

Concern around deepfakes has been growing for some time and new research released by ISMS.online shows deepfakes now rank as the second most common information security incident for UK businesses and have been experienced by over a third of organizations.

The report, based on a survey of over 500 information security professionals across the UK, shows that nearly 32 percent of UK businesses have experienced a deepfake security incident in the last 12 months.

Continue reading →

The job of the CISO is becoming increasingly complex, with new rules around security and compliance, disclosure requirements following incidents, and more.

We spoke to John Morello, CTO of Gutsy, a company which was the first to apply process mining to security, to find out how things are changing and how CISOs should respond.

Continue reading →

For banks, know-your-customer (KYC) measures amount to 40 percent of all anti money laundering (AML) compliance costs, totaling $5.7 million each year. This sum is tiny, however, compared to what is paid for non-compliance. In 2022, global fines for inadequate AML grew by 50 percent, almost reaching $5 billion.

We spoke to Vaidotas Šedys, head of risk management at web intelligence platform Oxylabs, to discover that KYC-related challenges are not just faced by banks but are an issue for proxy and web scraping service providers too.

Continue reading →

If you have an Android phone you'll no doubt be aware of the risk that unwanted trackers can access your data while you're using third-party apps or browsing the web.

If you're worried about being tracked though there is an alternative in the form of /e/OS which has a focus on privacy and can be can be flashed on numerous Android devices to replace Google's ubiquitous OS. Today sees the release of V2 of /e/OS which offers further privacy controls, tools and improved user interface.

Continue reading →

It can seem like securing systems is all about new threats and zero-day issues. But research from exposure management platform CyCognito shows that older issues can still be a problem.

It shows two percent of organizations have assets still vulnerable to Log4j. What's more over 50 percent of attempted patches require multiple rounds of validation before the patch is successful, often because of incomplete or inaccurately followed remediation instructions -- effectively prolonging the exposure window.

Continue reading →

Over half of CISOs believe generative AI is a force for good and a security enabler, whereas only 25 percent think it presents a risk to their organizational security according to a new survey.

The survey of the ClubCISO community, in collaboration with Telstra Purple, highlights CISOs' confidence in generative AI in their organizations.

Continue reading →

Platform-as-a-Service (PaaS) provider Rafay Systems is launching new capabilities for its enterprise PaaS for modern infrastructure to support graphics processing unit- (GPU-) based workloads.

This makes compute resources for AI instantly usale by developers and data scientists but still with the enterprise-grade protections.

Continue reading →

New research from Tenable reveals that 95 percent of 600 organizations surveyed suffered a cloud-related breach in the previous 18 months.

An additional 29 percent reported the breach caused 'significant' harm, which is defined as any adverse consequences to someone or an organization if the confidentiality of PII were breached.

Continue reading →