New research by Keeper Security shows nearly half of security professionals (48 percent) say they favor standalone security solutions for specific issues.

But, this has resulted in security pros grappling with an average of 32 different security solutions in their tech stacks, and some managing hundreds of different security tools.

Continue reading →

Artificial intelligence is changing the way that we work with computers and in particular collaborative learning (CL) and conversational intelligence (CI) are set to reshape AI-powered operations.

We talked to Dr. Maitreya Natu, chief data scientist at Digitate, to discover more about what this means both for businesses and for the role of operations professionals.

Continue reading →

The latest GRIT Ransomware Report from GuidePoint Security shows that May this year resulted in a 33 percent increase overall in ransomware activity compared to April 2024, indicating a degree of seasonality given a similar increase month-on-month in May 2023 relative to April 2023.

May 2024 closed with an increase in overall victim volume. However, a deep review reveals that the rise was driven disproportionately by LockBit's 175 posted victims, accounting for 37 percent of the month’s total publicly posted ransomware victims.

Continue reading →

Security information and event management (SIEM) systems used by enterprises only have detections for 38 (19 percent) of the 201 techniques covered in the MITRE ATT&CK v14 framework according to a new report.

CardinalOps analyzed more than 3,000 detection rules, 1.2 million log sources and hundreds of unique log source types from real-world SIEM instances across Splunk, Microsoft Sentinel, IBM QRadar, and Sumo Logic.

Continue reading →

New research shows that nearly 30 percent of enterprise IT assets are missing at least one critical security control, such as endpoint security or patch management.

The study from Sevco Security also shows more than six percent of all IT assets have reached the end-of-life stage, creating instances of known-but-unpatched vulnerabilities.

Continue reading →

Aging, monolithic systems, and a lack of technological understanding at the executive level are limiting organizational agility and responsiveness to disruptions according to a new report.

The IDC InfoBrief, sponsored by IFS and Boomi polled over 1,000 C-level respondents across 12 countries and finds that legacy technology platforms and unfamiliarity with the essential role APIs and composability play in unlocking business data are combining to hamper insights and transformation.

Continue reading →

The proliferation of APIs in the financial services industry has created a vast and complex attack surface that traditional security measures cannot adequately protect.

API security specialist Traceable AI surveyed over 150 cybersecurity professionals in the US, uncovering critical vulnerabilities, concerns, and current API security practices in the financial sector.

Continue reading →

New research from WithSecure looks at the trend of mass exploitation of edge services and infrastructure by attackers.

The number of edge service and infrastructure Common Vulnerabilities and Exposures (CVEs) added to the Known Exploited Vulnerability Catalogue (KEV) per month in 2024 is 22 percent higher than in 2023, while the number of other CVEs added to the KEV per month has dropped 56 percent compared to 2023.

Continue reading →

A new report into IT asset management (ITAM) shows that 53 percent of IT teams report challenges gaining or maintaining complete visibility of their technology investments.

The study from Flexera also finds nearly a quarter (22 percent) of the global IT leaders surveyed say they have paid more than $5 million in audit costs over the past three years, up from 15 percent in 2023.

Continue reading →

Organizations face significant challenges with open source security, primarily due to the rapid pace at which open source vulnerabilities are identified compared to the slower pace of remediation efforts.

This discrepancy creates a scenario where security teams are constantly trying to catch up, struggling against an ever-growing list of vulnerabilities that pose serious threats to their systems.

Continue reading →

A new report shows that 87 percent of enterprise decision-makers are a little or a lot less confident in the network investment decisions that they make.

The study from Arelion reveals that confidence levels have been significantly impacted for 40 percent of US decision-makers. 44 percent of enterprise network decision-makers cite technological change as the most disruptive force on networking decisions, followed closely by rising costs (41 percent) and climate change (37 percent).

Continue reading →

The rapid rise of AI across industries has created a critical data blind spot, a lack of insight into the data powering these systems. Training data for AI models can harbor hidden risks, including leaking sensitive information, personal data, and intellectual property.

A new survey of 168 members of the CISO Society carried out by BigID and Lorem Advisory Group looks at the challenges CISOs face in governing, securing, and safeguarding data in today's AI-driven landscape.

Continue reading →

Alongside yesterday's raft of operating system announcements, Apple also unveiled a suite of new tools and features for developers to help them create more powerful and efficient apps.

With Xcode 16, developers can save time in their development process and get more done thanks to features like Swift Assist and predictive code completion. New and expanded APIs also give developers the tools to advance their apps and introduce new features.

Continue reading →

A new survey of 1,000 finance and engineering professionals in the US reveals that 58 percent of respondents say their cloud costs are too high.

The study from CloudZero also shows that 75 percent of employees say they fear losing their jobs if cloud costs abruptly surge by 50 percent or more. This unease is particularly heightened among employees at larger companies, with 100 percent of those at organizations with over 9,000 personnel believing their positions are vulnerable.

Continue reading →

Active Directory (AD) was introduced in the late 90's when corporate networking barely had virtualization and remote work, not to mention cloud services.

AD controls authentication and authorization to most of an organization's on-premises applications and data, and through synchronization and federation with Entra ID, Okta or other cloud identity provider (IDP) provides these same controls to cloud applications and resources.

Continue reading →