Ian Barker

According to 800 developer (DevOps) and application security (SecOps) leaders surveyed, 97 percent are using GenAI technology today, with 74 percent saying they feel pressured to use it despite identified security risks.

The research from software supply chain management company Sonatype shows 45 percent of SecOps leads have already implemented generative AI into the software development process, compared to only 31 percent for DevOps.

Continue reading →

It won't come as any surprise that there's a thriving market among threat actors for the latest vulnerability exploits. A new report from Flashpoint lifts the lid on this world and reveals the exact vulnerability exploits that were listed for sale, purchased, and/or traded in the first half of 2023.

One of the most expensive was a remote code execution exploit for Adobe Commerce -- the eCommerce platform formerly known as Magneto -- which was listed for sale at $30,000. A Citrix ShareFile exploit was priced at $25,000.

Continue reading →

Of over 200 IT security decision makers surveyed, data theft is cited as the biggest concern by 55 percent, followed by phishing (35 percent) with ransomware taking third place on 29 percent.

The study from Integrity360 shows that in terms of actual incidents phishing is the most common (46 percent), with data theft second on 27 percent. Ransomware, at only 15 percent, is ranked among the least common incidents being seen by businesses.

Continue reading →

Over half of the UK population (53 percent) would be supportive of the UK government and its allies breaking international cybersecurity law.

A new survey by Censuswide, on behalf of International Cyber Expo, also shows 45 percent have admitted they would be supportive of, or engage in online cybercriminal activity themselves, in the right circumstances.

Continue reading →

Most organizations have some level of legacy apps. These can be hard to maintain and inhibit initiatives like data sharing. But the modernization process is challenging due to staffing, tools, training, and other issues.

We spoke to EvolveWare CEO Miten Marfatia to find out how enterprise IT can ease this complex process and ensure they get it right.

Continue reading →

Security Information and Event Management (SIEM) platforms are the centerpiece of many organization's security controls, but if these products aren't configured correctly they will produce too many false positives to be useful, and can even make overall threat detection worse.

Security analysts need to trust that their SIEM is detecting threats accurately. We spoke to Sanjay Raja from security analytics company Gurucul to discuss how SIEMs can be configured to offer accurate detection.

Continue reading →

A new report from Team8 shows that 56 percent of CISOs have had budget increases since 2022 despite the economic slowdown, while 25 percent saw no change and 19 percent cuts.

However, larger security departments have been most affected by budget cuts with 67 percent of those with 51-100 people seeing budget reductions.

Continue reading →

It's crucial for organizations to have a complete and comprehensive view of all their cloud assets, but the process of discovery can be a difficult one, especially if multiple platforms are involved.

Cloud security platform Orca Security is launching a new AI-powered cloud asset search that is aimed at making the process more intuitive and available not only to security practitioners, but also developers, DevOps, cloud architects, and risk governance and compliance teams.

Continue reading →

Kubernetes management platform company D2iQ is launching new updates to its D2iQ Kubernetes Platform (DKP) that include DKP AI Navigator, an AI assistant that enables enterprise organizations to overcome the skills gap they face in adopting cloud-native technology.

DKP AI Navigator enables organizations to harness more than a decade of the D2iQ team’s experience. It's been trained on D2iQ's internal knowledge base, enabling customers to ask questions and receive real-time responses in a natural, intuitive way. This can reduce the duration and cost of system misconfigurations and downtime while helping organizations overcome the Kubernetes skills gap.

Continue reading →

The cybersecurity skills crisis has impacted 71 percent of organizations and left two-thirds of cybersecurity professionals saying that the job itself has become more difficult over the past two years.

New research carried out by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) finds 66 percent of respondents believe that working as a cybersecurity professional has become more difficult over the past two years, with close to a third (27 percent) stating that it is much more difficult.

Continue reading →

A new survey reveals that board members tend to feel good about their company's cybersecurity policy, but that many are still unprepared to face a cyberattack.

The study from Proofpoint surveyed over 650 board members across 12 countries and finds that 73 percent believe cybersecurity is a high priority for their board, 72 percent feel their boards understand the threats they face, and 70 percent agree they have adequately invested in resources.

Continue reading →

Adversaries are exploiting new vulnerabilities much faster than organizations are remediating them. As a result, prioritizing the wrong vulnerabilities will squander security teams' most critical resource -- time.

So, how can organizations prioritize the right threats? We spoke with Anthony Bettini, founder and CEO of VulnCheck, to find out.

Continue reading →

Attackers are always looking for routes that will offer them a way into organizations' networks. New research released today by Armis shows the devices that are most likely to pose a threat.

Interestingly the list includes various personal devices as well as business assets, suggesting attackers care more about their potential access to assets rather than the type and reinforcing the need for security teams to account for all physical and virtual assets as part of their security strategy.

Continue reading →

Of the 90 percent of UK enterprises that have been forced to turn to their backup system, only 27 percent were able to recover all of their information and documents -- down from 45 percent in 2022.

A survey from encrypted drive maker Apricorn finds 32 percent of the security decision makers in large enterprises surveyed attributed the unsuccessful recovery to a lack of robust backup processes, up from two percent in 2022.

Continue reading →

Generative AI tools like ChatGPT have been in the news a lot recently. While it offers many benefits it also brings risks which have led to some organizations banning its use by their staff.

However, the pace of development means that this is unlikely to be a viable approach in the long term. We talked to Randy Lariar, practice director of big data, AI and analytics at Optiv, to discover why he believes organizations need to embrace the new technology and shift their focus from preventing its use in the workplace to adopting it safely and securely.

Continue reading →