Ian Barker

Between the rise of competition, the changing regulatory landscape, the evolution of AI and the rise of new threat actors, the role of the CTO can be a challenging one.

What characteristics are needed for the role and how can incumbents ensure that it remains relevant? We spoke to Ajay Keni, CTO at OneSpan, to find out.

Continue reading →

IT and business leaders are largely allowing employee use of generative AI but the majority (66 percent) are concerned about the data governance risks from AI, including privacy, security and the lack of data source transparency in vendor solutions.

The latest 2023 State of Unstructured Data Management survey from Komprise is based on responses from 300 global enterprise storage IT and business decision makers at companies with more than 1,000 employees in the US and UK, and finds 90 percent of organizations allow employee use of generative AI.

Continue reading →

According to 800 developer (DevOps) and application security (SecOps) leaders surveyed, 97 percent are using GenAI technology today, with 74 percent saying they feel pressured to use it despite identified security risks.

The research from software supply chain management company Sonatype shows 45 percent of SecOps leads have already implemented generative AI into the software development process, compared to only 31 percent for DevOps.

Continue reading →

It won't come as any surprise that there's a thriving market among threat actors for the latest vulnerability exploits. A new report from Flashpoint lifts the lid on this world and reveals the exact vulnerability exploits that were listed for sale, purchased, and/or traded in the first half of 2023.

One of the most expensive was a remote code execution exploit for Adobe Commerce -- the eCommerce platform formerly known as Magneto -- which was listed for sale at $30,000. A Citrix ShareFile exploit was priced at $25,000.

Continue reading →

Of over 200 IT security decision makers surveyed, data theft is cited as the biggest concern by 55 percent, followed by phishing (35 percent) with ransomware taking third place on 29 percent.

The study from Integrity360 shows that in terms of actual incidents phishing is the most common (46 percent), with data theft second on 27 percent. Ransomware, at only 15 percent, is ranked among the least common incidents being seen by businesses.

Continue reading →

Over half of the UK population (53 percent) would be supportive of the UK government and its allies breaking international cybersecurity law.

A new survey by Censuswide, on behalf of International Cyber Expo, also shows 45 percent have admitted they would be supportive of, or engage in online cybercriminal activity themselves, in the right circumstances.

Continue reading →

Most organizations have some level of legacy apps. These can be hard to maintain and inhibit initiatives like data sharing. But the modernization process is challenging due to staffing, tools, training, and other issues.

We spoke to EvolveWare CEO Miten Marfatia to find out how enterprise IT can ease this complex process and ensure they get it right.

Continue reading →

Security Information and Event Management (SIEM) platforms are the centerpiece of many organization's security controls, but if these products aren't configured correctly they will produce too many false positives to be useful, and can even make overall threat detection worse.

Security analysts need to trust that their SIEM is detecting threats accurately. We spoke to Sanjay Raja from security analytics company Gurucul to discuss how SIEMs can be configured to offer accurate detection.

Continue reading →

A new report from Team8 shows that 56 percent of CISOs have had budget increases since 2022 despite the economic slowdown, while 25 percent saw no change and 19 percent cuts.

However, larger security departments have been most affected by budget cuts with 67 percent of those with 51-100 people seeing budget reductions.

Continue reading →

It's crucial for organizations to have a complete and comprehensive view of all their cloud assets, but the process of discovery can be a difficult one, especially if multiple platforms are involved.

Cloud security platform Orca Security is launching a new AI-powered cloud asset search that is aimed at making the process more intuitive and available not only to security practitioners, but also developers, DevOps, cloud architects, and risk governance and compliance teams.

Continue reading →

Kubernetes management platform company D2iQ is launching new updates to its D2iQ Kubernetes Platform (DKP) that include DKP AI Navigator, an AI assistant that enables enterprise organizations to overcome the skills gap they face in adopting cloud-native technology.

DKP AI Navigator enables organizations to harness more than a decade of the D2iQ team’s experience. It's been trained on D2iQ's internal knowledge base, enabling customers to ask questions and receive real-time responses in a natural, intuitive way. This can reduce the duration and cost of system misconfigurations and downtime while helping organizations overcome the Kubernetes skills gap.

Continue reading →

The cybersecurity skills crisis has impacted 71 percent of organizations and left two-thirds of cybersecurity professionals saying that the job itself has become more difficult over the past two years.

New research carried out by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) finds 66 percent of respondents believe that working as a cybersecurity professional has become more difficult over the past two years, with close to a third (27 percent) stating that it is much more difficult.

Continue reading →

A new survey reveals that board members tend to feel good about their company's cybersecurity policy, but that many are still unprepared to face a cyberattack.

The study from Proofpoint surveyed over 650 board members across 12 countries and finds that 73 percent believe cybersecurity is a high priority for their board, 72 percent feel their boards understand the threats they face, and 70 percent agree they have adequately invested in resources.

Continue reading →

Adversaries are exploiting new vulnerabilities much faster than organizations are remediating them. As a result, prioritizing the wrong vulnerabilities will squander security teams' most critical resource -- time.

So, how can organizations prioritize the right threats? We spoke with Anthony Bettini, founder and CEO of VulnCheck, to find out.

Continue reading →

Attackers are always looking for routes that will offer them a way into organizations' networks. New research released today by Armis shows the devices that are most likely to pose a threat.

Interestingly the list includes various personal devices as well as business assets, suggesting attackers care more about their potential access to assets rather than the type and reinforcing the need for security teams to account for all physical and virtual assets as part of their security strategy.

Continue reading →