Ian Barker

The past few years have seen some major changes in the IT world. Accelerated by the pandemic we've seen a significant shift to the cloud and hybrid working models.

But this brings with it additional risks. We spoke to Matt Spitz, head of engineering at Vanta, to discuss the security challenges posed and how enterprises can adapt to cope with them.

Continue reading →

A new cloud threat findings report from Cado Security looks at the evolving cloud threat landscape, shedding light on the heightened risk of cyberattacks due to the rapid adoption of cloud-focused services.

The report shows SSH is the most commonly targeted service accounting for 68.2 percent of the samples seen, followed by Redis at 27.6 percent, and Log4Shell traffic at a mere 4.3 percent, indicating a shift in threat actor strategy no longer prioritizing the vulnerability as a means of initial access.

Continue reading →

On average, organizations' response time to cyber attacks improved by around a third -- from 29 to 19 days -- from 2021 to 2022.

The report from Immersive Labs suggests this improvement can be attributed to the urgency and need for fast response times amid the fallout of the Log4j crisis and other high-profile vulnerabilities over the past year.

Continue reading →

Comparison site Cable.co.uk has released its annual analysis of broadband speed tests around the globe.

As in last year's report Western Europe tops the regional charts with an average download speed of 118.69Mbps, with North America second on an average of 94.02Mbps.

Continue reading →

Cloud misconfiguration is a critical issue as it amplifies the risk of data breaches and unauthorized access. But new research from Qualys shows that many cloud deployments on major platforms are failing Center for Internet Security (CIS) benchmarks.

The report finds that on average, 50 percent of CIS Benchmarks are failing across the major providers. The average fail rate for each provider is 34 percent for AWS, 57 percent for Azure, and 60 percent for Google Cloud Platform (GCP).

Continue reading →

A new survey finds that nearly 80 percent of TLS certificates on the internet are vulnerable to man-in-the-middle (MiM) attacks, while as many as 25 percent of all certificates are expired at any given time.

The study, sponsored by automated machine identity management firm AppViewX and carried out by EEnterprise Management Associates (EMA), focuses on servers with SSL/TLS certificates on port 443.

Continue reading →

New research from Lookout finds that 40 percent of security pros have no clue about the UK Cyber Essentials framework -- the government backed program that aims to help UK organizations improve their cyber resiliency against the most common cyberattacks.

The research, carried out at Infosecurity Europe, surveyed 246 security professionals and finds only 28 percent of organizations had fully implemented Cyber Essentials. Of those that had not implemented the scheme, 58 percent say a lack of awareness or understanding is the reason why they hadn't.

Continue reading →

Over the past decade data modeling -- setting up data structures aligned to business requirements -- has tended to take something of a back seat as businesses have rushed to bring products to market.

But we're producing more data than ever and need ways to process it effectively. That's why Satish Jayanthi, CTO and co-founder at Coalesce, believes it's time for data modeling to make a comeback in enterprise strategy. We spoke to him to find out more.

Continue reading →

On Wednesday the US Securities and Exchange Commission (SEC) approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a 'material' impact on their finances.

This marks a major shift in how data breaches are disclosed and industry figures have been quick to give their views on the effect the new rules will have.

Continue reading →

The concept of 'shifting left' is often used in the cybersecurity industry to refer to addressing security earlier in the development process.

But it's something that can be applied to data management too. Shifting left in this sense means performing data reliability checks sooner. The ability to execute data reliability tests earlier in the data pipelines helps keep bad data out of production systems.

Continue reading →

A new study of 1,000 office workers across the US and UK shows half of us already use AI tools at work, one-third weekly and 12 percent daily.

But the report from Cybsafe finds 38 percent of users of generative AI in the US admit to sharing data they wouldn't casually reveal in a bar to a friend.

Continue reading →

As workers take time off for summer holidays it means greater risk that personal devices and public Wi-Fi will be used to access sensitive corporate data.

Vulnerability management specialist Hackuity warns that this is a time when organizations are at their most vulnerable and cybercriminals are well aware of the fact.

Continue reading →

As growing businesses rush to upgrade their hardware, many are simply throwing old computers, routers, and other IT assets into the trash, leading to security and environmental concerns.

A new study from Capterra of 500 IT professionals at US small and midsize businesses (SMBs) reveals that nearly a third (29 percent) indulge in improper IT hardware disposal practices.

Continue reading →

We've already seen how generative AI can be used in cyberattacks but now it seems there's an AI model aimed just a cybercriminals.

Every hero has a nemesis and it looks like ChatGPT's could be FraudGPT. Research from security and operations analytics company Netenrich shows recent activities on the Dark Web Forum reveal evidence of the emergence of FraudGPT, which has been circulating on Telegram Channels since July 22nd.

Continue reading →

Data centers are increasingly faced with more sophisticated attack techniques, putting the information they hold at risk.

Specific vulnerabilities such as misconfigurations may pass under the radar of traditional security scans. We spoke to Daniel dos Santos, head of security research at Forescout, to discuss the potential impact of these vulnerabilities and why data centers need to strengthen their risk management.

Continue reading →