BetaNews Staff

The exposure of an organization's sensitive data or personal customer records can be detrimental to a company’s reputation. It may also result in severe financial implications due to regulatory fines and associated legal fees. Therefore, organizations must enhance their cybersecurity landscape as cybercrime and ransomware attacks increase exponentially.

This is supported by findings from the recent UK Cyber Security Breach Survey 2024, which states that 50 percent of UK businesses reported to have suffered a cyber-attack or breach in the last 12 months. Equally concerning is the global average cost of a breach which reached up to $4.45 million in 2023 according to Statista.

Continue reading →

The rise of artificial intelligence (AI) has brought immense opportunities and significant challenges. While AI promises to revolutionize various sectors, from healthcare to finance, the erosion of public trust in AI safety is becoming a critical concern.

This growing skepticism is fueled by factors such as a lack of transparency, ethical considerations, and high-profile failures. Addressing these issues cannot be overstated, as public trust is essential for the widespread acceptance and successful integration of AI technologies.

Continue reading →

People can make mistakes, well-intentioned or otherwise, in any walk of life or industry. It happens all the time.

Take the cybersecurity industry, for example. Just over two weeks ago, the well-publicized Microsoft outage caused by CrowdStrike's corrupted software update wreaked havoc across the world.

Continue reading →

July 19th 2024 will go down as a tough day for many IT teams, and the day started even worse for businesses using Microsoft Azure and its supported services. In addition to the widely publicized global outage caused by a CrowdStrike update, Microsoft Azure's Central US Region was down for five hours due to an unrelated failure, impacting millions of business users worldwide.

As if that wasn't enough, less than two weeks later, Microsoft Azure experienced another global outage lasting more than six hours. According to the company's service status page, it was Microsoft's 8th service status-related incident.

Continue reading →

In today's digital landscape, an organisation's C-suite and senior executives hold the most valuable corporate data and sign-off authorities, representing the highest potential risk over email. Whether it's inbound spear phishing attacks or outbound mistakes resulting in a damaging data breach, the C-suite are vulnerable.

But what do cybercriminals want from these individuals, are breaches always a result of external actors, and what can organisations do to protect their top decision-makers?

Continue reading →

Traditionally, the main concern security teams used to have about vulnerabilities was finding them. In the chaotic pre-cloud security years, identifying security issues on time was challenging, leading to gaps, blind spots, poor security hygiene and a growing attack surface. The introduction of cloud security posture management solutions that provide visibility and detection capabilities resolved these gaps but created new challenges -- an avalanche of alerts that overwhelmed security teams, frustrated engineers and created friction and noise, making remediation a costly, time-consuming task. Still today, many companies rely on these security posture management tools to indicate the existence of a vulnerability but react to these indications with a 'first come-first served' approach. Completely reactive, this approach means that teams are led by the events and alerts instead of controlling, managing and remediating them. Having a reactive approach means possibly missing the most critical alerts, lacking a proper organizational workflow to ensure the right people are addressing the right things, and ultimately negatively impacting your organization's security posture. It's time to get proactive about vulnerability remediation.

From following to leading

Continue reading →

The World Health Organization (The WHO) hosted a webinar on the 18 July to discuss the critical importance of cybersecurity in the healthcare sector, highlighting the severity of the situation the industry is currently facing. Healthcare organizations are increasingly relying on digital systems to facilitate their daily workflow, but the prevalence of outdated legacy technology in the sector is rendering it vulnerable to cyber-attacks with severe consequences.  

As has been demonstrated with recent high-profile attacks on healthcare organizations, such as the US’ Ascension and Change Healthcare incidents, and the UK’s NHS attack, the healthcare industry must review its priorities, the threats it faces, and its security measures, without delay. 

Continue reading →

Rate optimization is a cloud saving approach that involves paying the lowest rate possible for a given unit (hour, GB, etc.) of cloud usage via strategic use of commitment-based discounts, such as AWS Savings Plans/Reserved Instances and Google Cloud Platform Committed Use Discounts. To measure return on investment (ROI) from these discounts, organizations must understand and benchmark their Effective Savings Rate (ESR). ESR is the "North Star" rate optimization metric which incorporates utilization, coverage, and discount rates into a single, comprehensible figure that can be compared against industry peers.

According to the 2024 Effective Savings Rate Benchmarks and Insights Report by ProsperOps, the current Effective Savings Rate (ESR) results are generally poor. The median ESR for AWS compute services (Lambda, EC2, and Fargate) is 0 percent, indicating that many organizations are not leveraging commitment-based discounts and are paying on-demand rates. Even at the 75th percentile, the ESR is only 23 percent, suggesting significant room for improvement. These insights indicate that many organizations are not fully leveraging rate optimization as an approach to optimize cloud spend.

Continue reading →

AI is exploding, particularly as large language models (LLMs) have infiltrated everyday life. Almost every new mainstream product seems to promote some usage of AI, and industry after industry is being transformed by its capabilities. But despite AI’s potential, some sectors have been slow to adopt it. Risk management is one of them. Fortunately, that is starting to change.

According to a 2023 Deloitte study, only 1.33 percent of insurance companies had invested in AI. Data from this year indicates a shift is underway. In Conning’s 2024 survey, 77 percent of respondents indicated that they are in some stage of adopting AI somewhere within their value chain. This may sound a bit nebulous -- some stage, somewhere -- but it represents a sizable jump from the 61 percent of respondents the prior year. Additionally, 67 percent of insurance companies disclosed they are currently piloting LLMs.

Continue reading →

Operational technology (OT) systems have long been common in industries such as manufacturing, utilities, and healthcare. However, as these systems now increasingly integrate with IT networks, they are becoming the responsibility of the Chief Information Security Officer (CISO). As a result, CISOs in these sectors need to secure OT systems alongside traditional IT systems. This added responsibility has significantly increased the demands on security leaders.

Now, to safeguard both IT and OT systems, CISOs must possess the right knowledge and resources. Understanding the complexities of OT systems is necessary for the protection of vital operations and infrastructures, however it can be difficult to separate genuine expertise from sales hype. 

Continue reading →

In today’s cybersecurity landscape, identity has emerged as the prime target for threat actors, with compromised credentials involved in 49 percent of breaches. Attackers exploit misconfigurations, use generative AI for social engineering, and purchase stolen credentials, highlighting the need for robust identity security. While Identity and Access Management (IAM) has been crucial, evolving threats demand a more proactive and multifaceted approach that integrates threat intelligence tools and processes to protect identity systems effectively.

Implementing a robust Identity Threat Detection and Response (ITDR) strategy may be the solution. ITDR merges continuous monitoring and response with proactive measures, ensuring a resilient and adaptable security posture. A robust ITDR strategy not only prevents and detects threats but also investigates and coordinates responses to restore integrity after identity infractions.

Continue reading →

It’s not just you. The world’s software is feeling a little unstable lately. If it wasn’t the Crowdstrike outage that tipped you off, it was probably the many other outages this year, stopping burgers from being served, stranding passengers at Heathrow Airport, and delaying fresh food at the UK borders.

Did all those outages happen for the exact same reason? No, that wouldn’t be a fair assessment, but if there’s anything these outages tell us, it’s that something’s amiss in how our industry maintains software. You’d be forgiven if the headlines have you believing not enough maintenance goes into software. It’s actually the opposite. In an average developer work week of 41.1 hours, 42 percent of that time is dumped on maintenance, and over a third goes to dealing with technical debt.

Continue reading →

The global MedTech software market is projected to reach $598.90Bn by 2024 growing 5.3 percent annually due to increased R&D investments. As the market shifts towards tech-first patient care, MedTech software must meet quality and regulatory standards to ensure effective care and patient safety, making Quality Assurance (QA) critical throughout the Software Development Life Cycle (SDLC). QA ensures reliability, functionality, and adherence to industry standards with MedTech companies dedicating 31 percent of their software budget to QA and testing.

Artificial Intelligence (AI) tools have enhanced healthcare QA efficiency -- GenAI is notably reducing manual testing, improving software usability, and enhancing code quality. AI adoption is expected to make software testing more autonomous, boosting QA productivity by nearly 20 percent, with GenAI tools projected to write 70 percent of software tests by 2028.

Continue reading →

One way to understand the mind of hybrid attackers is to compare their behavior to the animal kingdom. They are predators using a relentless arsenal of tactics to hunt their prey across a large domain. Threat actors are the honey badger. A snake bite or a few bee stings might delay their attack for a moment, but they’ll find a way to take down the entire hive and satisfy their appetite.

But what is a hybrid attack? Today, all cyberattacks are hybrid. Every enterprise uses a mix of on-premises and cloud services, and the number of services used is rising. In fact, employees now use an average of 20 cloud and SaaS apps every month. Despite enterprises having every preventative measure in place, attackers are using this widening attack surface to their advantage. They can start with anyone or anything they can access, no matter how small, before moving at speed to extend their access and disrupt business operations at scale. Some of the most common traits that make stopping hybrid attacks difficult are how they bypass prevention, compromise identities, elevate and hide in privileges to move laterally across domains -- often at high speed.

Continue reading →

A recent article from Harvard Business Review explores the mindset of today’s cyber hackers and explains why effective cybersecurity has become so challenging by outlining the three traits shared by every successful hacker: creativity, speed, and resourcefulness. Hackers who can successfully leverage these traits are able to assault a company’s defenses with an ever-evolving barrage of novel and impactful attacks.

Thus, to remain secure, companies must be prepared for the unknown. Today’s threat landscape includes tried-and-true attacks -- phishing, social engineering, and DoS attacks -- as well as innovative strategies driven by creativity, speed, and resourcefulness. The latter are designed to exploit weaknesses before companies discover they exist. The following approaches to cybersecurity can help companies develop a future-proof framework that anticipates and addresses hidden threats.

Continue reading →