Ian Barker

The average organization has roughly 1,400 permissions for every employee, according to a new report from Veza.

The findings also show that identity teams face a daunting number of groups and roles to manage. With organizations averaging nearly 700 groups for every 1,000 users, it is difficult for admins to choose the least-privilege groups and roles that will meet the needs of any given employee, contractor, or service account.

Continue reading →

The cybersecurity world is a fast changing one with a constant arms race between attackers and defenders.

New entrants are always coming to the market with innovative technologies to solve particular problems. We spoke to Justin Somaini, a partner at cybersecurity venture capital firm YL Ventures, to find out more about up and coming security trends and shaping the future of cybersecurity.

Continue reading →

A new report shows that CISOs find it difficult to communicate threats to the C-suite, which is leaving gaps in the organization’s understanding of cyberrisk.

The study from Dynatrace reveals that 87 percent of CISOs say application security is a blind spot at the CEO and board level.

Continue reading →

Google launched its passkeys initiative on 2022's World Password Day and this year it's marking the day with some new updates.

It’s expanding Cross-Account Protection, an initiative where Google will share security notifications about suspicious events on your Google Account with the non-Google apps and services you use. Doing this will allow the other apps and services connected to your Google Account to use the security information to better protect your other accounts.

Continue reading →

Last year we asked the question whether it was time to make World Password Day a thing of the past. But despite the rollout of passkey technology from giants like Google, passwords are still here a year on.

There's no doubt that the use of passwords is in decline, but they are proving more tenacious than many people predicted. Here are some expert views on the role of passwords in the wider digital security landscape.

Continue reading →

A new report shows 246 percent boost in privacy requests since 2021 as consumers seek to clear personal data online.

The report from DataGrail shows Data Subject Requests (DSRs) -- formal requests made to a company by a person to access, delete or request not to sell/share the personal data that the company holds on them -- increased by 32 percent from 2022 to 2023.

Continue reading →

As numbers and severity of third-party breaches grow, companies are scrutinizing not just how they handle data, but how their vendors do as well. Trust management platform Vanta is launching a new addition to its Trust Center to allow enterprises to automate security questionnaires

Questionnaire Automation in Trust Centers uses Vanta AI to save time by generating suggested responses for security teams to review and approve, rather than starting from scratch each time. This will make it easier for enterprises to proactively and reactively demonstrate their security and compliance.

Continue reading →

Since the launch of ChatGPT there has been a surge in the number of phishing emails as AI makes it easier to create convincing lures.

Email security specialist SlashNext is fighting AI with AI thanks to the launch of a new generative AI large language model (LLM) to deliver accuracy and precision in spam detection, with claimed near-zero false positive rates.

Continue reading →

Virtual Network Computing (VNC) is the remote desktop tool most targeted by attacks, accounting for 98 percent of the traffic across all remote desktop-specific ports.

This finding comes from Barracuda which has released a new Threat Spotlight report looking at the most common tools, associated ports, and the ways in which attackers can, and do, gain access.

Continue reading →

Most security teams experience some level of alert overload, struggling to prioritize the issues demanding immediate attention from those that are less pressing. This can lead to a backlog of problems to be dealt with and consequent stress on team members.

We talked to Yoav Nathaniel, CEO and co-founder of Silk Security, about why alert backlog is a people problem rather than a technological problem and how IT and security teams can overcome this challenge.

Continue reading →

A new study from Comparitech finds that around a fifth of ransomware attacks in the US led to a lawsuit in 2023.

It shows that 355 lawsuits were filed following 3,002 ransomware attacks. Of these 228 have been completed and 134 were successful -- that is they led to a data breach settlement, resulted in the company being fined for failing to safeguard systems and/or data, or were settled out of court.

Continue reading →

Everyone is keen to embrace AI, but turning an idea into a workable application isn't that easy. B2B commerce platform AppDirect is launching a new marketplace and creation studio that boosts organizations’ ability to create, adopt, and benefit from AI apps.

AppDirect AI allows users to easily transform AI app ideas into reality without needing any coding skills, while also giving them the freedom to choose the most suitable large language model (LLM) provider for their business needs.

Continue reading →

According to a new report, 93 percent of security leaders say public gen AI is in use across their respective organizations, and 91 percent report using gen AI specifically for cybersecurity operations.

But the study of more than 1,600 security leaders, from Splunk and Enterprise Strategy Group, shows that despite this high adoption 34 percent of surveyed organizations say they don't have a gen AI policy in place, and 65 percent of respondents admit to not fully understanding the implications of the tech.

Continue reading →

A new report from LogRhythm, based on a survey from Dimensional Research, reveals that 95 percent of enterprises have changed their cybersecurity strategies in the last 12 months.

Drivers of this change include keeping pace with the shifting regulatory landscape (98 percent), the need to meet customer expectations for data protection and privacy (89 percent) and the rise of AI-driven threats and solutions (65 percent).

Continue reading →

Human factors, including lack of awareness, training and inconsistent policy adherence, are getting in the way of cybersecurity for smaller businesses.

A new survey of more than 600 business and IT security managers conducted by LastPass and survey research firm InnovateMR shows that cyberattacks targeting smaller organizations have increased significantly in recent years, as cyber criminals have learned these organizations are relatively easy targets.

Continue reading →