Enterprises could be exposing themselves to by increasingly relying on single sign-on (SSO) according to a new report from Doyensec, in collaboration with Teleport.

Although sold by identity providers (IdPs) for their convenience and security, SSO solutions can amplify the impact of breaches. The research shows these impacts can be significantly mitigated once additional layers of security are placed between the IdP and the linked applications and services.

Continue reading →

A new report from security testing platform Synack shows a rise in critical-severity vulnerabilities in 2023 compared to 2022.

On a positive note though, despite mounting pressures on security teams, organizations have reduced their mean time to remediation for critical-severity vulnerabilities by 24 days and high-severity vulnerabilities by 18 days, down to 56 and 74 days, respectively.

Continue reading →

New research from Ivalua finds that 31 percent of UK businesses have been the victim of invoice fraud in the past 12 months.

Of these, just 39 percent managed to stop the fraudulent transactions before the money was paid out.

Continue reading →

New global research from secure storage maker Apricorn into the security and storage of data finds corporate information is knowingly put at risk by 55 percent of mobile workers.

The research, carried out by Censuswide among 604 UK and US IT security decision makers, also finds that 63 percent expect their mobile/remote workers to expose their organization to the risk of a data breach. 43 percent in the UK (40 percent in the UK and US combined) say their mobile/remote workers don't care about security.

Continue reading →

The cybersecurity workforce grew in 2023 to a record high of 5.5 million people, but the demand for skills is still outpacing growth.

A new guide from the UK's Chartered Institute of Information Security (CIISec) and ISC2 shows that globally, the cyber skills gap grew by 12.6 percent last year, with four million additional workers needed to fill the void, making recruitment more important than ever.

Continue reading →

Although governments are issuing new guidelines for businesses to toughen up their cyber protection, cyberattacks remain a major risk, only growing in sophistication with advancements in AI.

With the continued integration of AI into systems, recognizing the threat that dataset poisoning presents is also an emerging concern. We spoke to Andy Swift, cyber security assurance technical director at Six Degrees to discuss the latest threats and how businesses can respond.

Continue reading →

Enterprise IT and operations leaders are planning to significantly increase their AI investments over the next 18 months, according to an independent global survey announced today by Celigo.

The survey of 1,200 people finds businesses are realizing positive results from early AI deployments, including greater productivity and efficiency, enhanced customer experience and reduced costs. Consequently 97 percent say they will increase their AI expenditure through 2025 to accelerate AI transformations across corporate departments.

Continue reading →

Almost 87 percent of respondents to a new survey report an increase in online fraud in the year to April 2024. Just 1.19 percent of respondents saying they experience zero fraudulent IDV (identity and verification) attempts in a month.

The report from Veriff also finds that more than 86 percent of decision-makers say their customers are now more demanding of robust fraud prevention capabilities. This reflects the findings in Veriff's 2024 Fraud Index which found more than 75 percent of consumers consider a company's record on fraud prevention before signing up for a service.

Continue reading →

A new study reveals that 95 percent of respondents have experienced security problems in production APIs, with 23 percent suffering breaches as a result of API security inadequacies.

API security incidents have more than doubled within the past 12 months, with 37 percent of respondents experiencing an incident, compared to just 17 percent in 2023.

Continue reading →

macOS and iOS have showed an increased exploitation rate of seven percent and eight percent, respectively. Although macOS reduced its total vulnerability by 29 percent from 2023 to 2022, exploited vulnerabilities have increased by over 30 percent.

This is among the findings of the Software Vulnerability Ratings Report from Action1 Corporation which offers insights into vulnerability trends within commonly used enterprise software categories, focusing on exploitation rate and Remote Code Execution (RCE) vulnerabilities.

Continue reading →

A new survey of over 1,000 Security and IT leaders across Australia, France, Germany, Singapore, UK, and the USA, shows a decline in detection and response capabilities year-on-year.

The Hybrid Cloud Security Report from Gigamon shows that as hybrid cloud environments grow in complexity and threat actors launch a barrage of concealed attacks, 65 percent of respondents believe their existing security tooling cannot effectively detect breaches.

Continue reading →

Cloud security company Sysdig is launching a new, enhanced cloud-native investigation process designed to cut incident analysis time to just five minutes.

By visualizing a given incident in the Sysdig Cloud Attack Graph, security analysts can gain a dynamic view of the relationships between resources for a better understanding of the killchain and potential lateral movement across a cloud environment.

Continue reading →

As more companies look to embrace AI technology, professional services and consultancy providers must make sure they're ready to help their customers respond to the opportunities that it presents. Indeed, professional services teams also need to look at how using AI in their own organizations can help them to adapt as well.

But how can they ensure that they take full advantage of what is on offer, and not just fall foul of the latest hyped technology trend? We spoke to Andy Campbell, director, solutions marketing at Certinia, to find out.

Continue reading →

Artificial intelligence is supposed to make things easier, right? Not for developers it seems as AI-generated code is set to triple developer work within the next 12 months according to software delivery platform Harness.

This could also mean that organizations are exposed to a bigger 'blast radius' from software flaws that escape to production systems.

Continue reading →

Given the quality of many politicians at the moment you might be forgiven for thinking that sometimes a deepfake would be an improvement.

But to be serious, a new study from Jumio of over 2,000 adults from across the UK finds that 60 percent are worried about the potential for AI and deepfakes to influence upcoming elections, and only 33 percent think they could easily spot a deepfake of a politician.

Continue reading →