BetaNews Staff

Most people who keep relatively up to date on security lingo easily understand the concepts of the basics, such as "compliance," "edge security," and "incident response." But when you bring penetration testing into the conversation, you lose half your audience. A much smaller percentage of the population knows what it is, and even fewer understand how it is done or the significant value it adds to the security tool chest.

While some enterprises may contract a third party to conduct penetration testing because it is required for a variety of reasons (part of an industry framework such as PCI-DSS or FedRAMP, or a prospective customer demands it), many don’t understand the techniques involved or are surprised by the depth of the activity. The client may not actively engage in the "scoping" calls to review and set parameters around what will be done and then are surprised by the more rigorous techniques involved, especially if those techniques unsuspectingly bring down client systems temporarily. The testers themselves, shrouded in misperceptions, may evoke images of donning hoodies and barely skimming the line between criminality and service. Recent news of penetration testers being whisked off to jail during a client assignment in Iowa hasn’t helped. It’s time to set the record straight.

Continue reading →

As of January 14, 2020, Microsoft has discontinued Windows 7 support as planned for the operating system's End of Life (EOL). To some organizations, this operating system (OS) might seem like a distant memory. However, nearly 30 percent of the world’s computers -- or more than 400 million -- still run Windows 7 and are only now contemplating migration to Windows 10. Millions of users will be depending on an unsupported OS for some time after its retirement and IT teams will still be responsible for maintaining these systems.

While Microsoft will not be globally pushing out any more security patches for Windows 7 after Jan 14th, customers can pay for a security update service which will deliver patches until 2023. Failure to sign-up for and implement these patches will mean operating an OS that is vulnerable to malicious actors. IT teams will need to continue updating and patching Windows 7 as long as their company is using it -- even if they are in the process of migrating to Windows 10.

Continue reading →

Software-defined perimeters (SDP) use a combination of strong authentication, granular authorization and network segmentation to enable access from anywhere, creating a new kind of defense against a variety of cyberattacks. SDP is more secure than a firewall or a VPN and is more granular than a NAC. Compared to these alternative approaches, SDP offers improved security and operational simplicity for users and IT admins alike.

SDP employs multiple techniques in order to provide secure access. First, it leverages identity and access management (IAM) to authenticate every user that attempts to access a resource or application on the network. It then employs granular authorization to restrict the services that each user can access once logged in. Perhaps the most powerful aspect of the approach is its ability to provide "resource cloaking", ensuring that no DNS information or "visible" IP ports of protected resources are exposed to the Internet, which significantly reduces a network’s attack surface. This has the effect of creating a resilient defense against common attacks that hackers employ, such as the following:

Continue reading →

Chances are, you’ve seen the T-Mobile and Sprint merger headlines sweeping the wireless industry. The merger -- which has been caught up in court -- is the latest initiative of carriers large and small turning to corporate consolidations in order to compete in the race to 5G.

While the merger has been approved by the Federal Communications Commission (FCC) and the Justice Department (DOJ), a coalition of state officials say the merger is harmful to consumers because it significantly reduces competition within the industry and can increase prices. Despite the pushback, it appears the merger will likely follow through. So, what does this mean for the industry, the race to 5G, and -- most importantly -- wireless consumers?

Continue reading →

Information technology professionals know how to adapt to constant change. Yet our laser focus on immediate details means we can lose sight of the big picture and miss an opportunity to stay ahead of the curve. If you read the 2020 State of the Edge report, the very first line may cure that ill:

We stand on the precipice of a profound re-architecting of the Internet…

Continue reading →

From the lightbulb and telephone to smartphones, the advanced technology of the day has always been lauded as a way to make peoples’ lives easier. But while today’s technology makes it possible to pay that electricity bill from your phone, it has also opened up privacy concerns that were unimaginable even ten years ago. In that decade, it is reported that more than 4 billion records have been stolen and 15 of the largest data breaches in history have occurred. Has technology marketed as a consumer convenience contributed to these breaches?

While George Orwell presented a dire picture of "big brother," today’s society certainly seems willing to embrace technologies that are always watching, listening and capitalizing on personal data shared in our daily lives. But what’s the true cost of choosing convenience over privacy? Let’s look at how technology has driven privacy complacency for the sake of convenience and how it has changed the way people think about and safeguard their information.

Continue reading →

Throughout the 2010s, the UK has faced a thick fog of uncertainty. The decade has seen four general elections take place, as well as the momentous 2016 EU Referendum; such events have caused even the most experienced business leaders to feel less than confident.

However, the results of the December 2019 general election suggest that stability could be on the horizon. Regardless of one’s political leanings, many will view the Conservative Party’s overwhelming majority as a welcome break in Westminster’s political deadlock. Indeed, we are already seeing breaks in the deadlock, with the Brexit Bill finally being passed through the House of Commons on 9th January 2020. Whilst we now wait for the bill to be passed by the House of Lords, the fact it swiftly made its way through the Commons has already increased the likelihood of the UK leaving the EU by January 31st 2020. Such activities have enabled businesses to plan future activities with greater confidence. However, despite greater certainty, one industry in particular remains concerned about the impact of Brexit on its future growth; the tech industry. So, it is vital that we  get to the bottom of its concerns.

Continue reading →

We’ve all heard the scare stories -- it’s only a matter of time before artificial intelligence will destroy millions of professionals’ livelihoods. Given the media frenzy accompanying the rapid advancements of artificial intelligence (AI), it’s not surprising that many people hold such a view. And while there is some truth to these dystopian predictions, they’re not as apocalyptic as they’re often made out to be.

Let’s start with some concrete research to shed a light on what professionals can expect in the coming months and years. In 2018, the World Economic Forum released a report suggesting that 75 million jobs may be displaced globally by a shift in the division of labor between humans and machines in the next five years. It goes on to say that, at the same time, 133 million new roles may emerge that are more adapted to this division. This insinuates that we could see the creation of 58 million new jobs in just half a decade. What it also suggests is that, perhaps we’re asking the wrong questions. Instead of worrying about robots taking over our jobs, we should instead be considering how AI might reshape the workforce -- and how we can adapt. 

Continue reading →

Companies are increasingly leveraging digital solutions to their advantage. 44 percent of businesses have already adopted a digital-first strategy in their operations. As part of this widespread digital transformation, organizations have to reskill and upskill their employees and ensure that their staff are capable of maximizing their technology investments.

Companies are already spending significant sums on the necessary employee training. In 2018, large enterprises spent an average of $19.7 million for learning and development which included instructor-led classroom training, online training, and training-outsourcing.

Continue reading →

One of the most notable trends of the 2010s was an increase in data breaches. The Privacy Rights Clearinghouse maintains a chronological database of data breaches that stretches back to 2005. Hacks and cybersecurity threats were an issue for companies and organizations even in the 1980s and the 1990s, but a simple scroll through that database will show how much more frequent data breaches have become within the past ten years. Since 2009 or 2010, notable data breaches have occurred virtually every day.

Why are these threats on the rise? One factor is that people are living more of their lives online. Between social media, online shopping, and the growing segment of the workforce that conducts most or all of its business on the internet, there are more targets for hackers and cybercriminals than ever before. This infographic shows how dramatically the production of global data has grown even in the past five years. With so much data out there, it stands to reason that cybercrime is becoming a more significant enterprise. It’s easy to imagine the culprits behind data breaches as keyboard warriors sitting alone in dark rooms, wreaking havoc from afar. What many people don’t recognize: the threat could be coming from the cubicle next door.

Continue reading →

So far this century, one tech startup after another has reshaped the way that we live. Facebook transformed social interaction. Uber changed how we get around. Tinder changed how we date. While these companies have been highly forward-thinking, they have also persistently struggled to solve crucial challenges regarding background checks and user safety.

2019 brought many of these issues into the limelight. Here are four of the most surprising things we learned about startups and sexual offenses in 2019.

Continue reading →

There have been a lot of "media moves" in the mobile world recently, including the launch of Facebook News, Samsung’s "rebrand" of Bixby Home to Samsung Daily and more that demonstrate the battle for consumer attention on mobile devices is quickly heating up.

But Apple’s moves in both hardware, software, and media put them far ahead in making frictionless, seamless, and integrated media experiences. Apple’s hardware and software (already in the hands of millions) extends from the watch and the phone to the tablet and TV enabling cross-device media integrations (e.g., recommendations, control, etc.) that will transform the media landscape. Additionally, Apple already owns or has partnerships with streaming video, news publishers, game makers, and more, giving them the power, scale, and reach to dominate media.

Continue reading →

Many predictions that we saw around artificial intelligence (AI) for 2019 leaned towards one extreme or the other -- ranging from the notion that AI will no longer be a thing to the idea that it’ll realize its full potential and completely change how industries work at a fundamental level. Advancing AI is going to be an incremental process and it’s unrealistic to think that the world will suddenly abandon it completely or exponentially accelerate its development in that area.

But in the security industry, we have still seen progress surrounding AI, as we’ve gotten better at using machine learning technology to identify and recognize behaviors to identify security anomalies. In most cases, security technology can now correlate the anomalous behavior with threat intelligence and contextual data from other systems. It can also leverage automated investigative actions to provide an analyst with a strong picture of something being bad or not with minimal human intervention.

Continue reading →

Email is suffering an identity crisis. Email’s core protocols make no provisions for authenticating the identities of senders, which has resulted in a worldwide spearphishing and impersonation epidemic, leading to billions of dollars in monetary losses, security mitigation costs, and brand damage. As a result, email security will be a central theme in the new year, both as a source of threats as well as an increasingly urgent issue for cybersecurity professionals to address.

In 2020, we will see email security prove itself to be a weak link in election security as well as corporate security. At the same time, Domain-based Message Authentication, Reporting and Conformance (DMARC) will gain popularity across several industries, driven both by the need to eliminate domain spoofing, and by the desire for brands to take advantage of Brand Indicators for Message Identification (BIMI), a new standard that requires DMARC. Email authentication works -- but it’s up to domain owners to take advantage of it. Increasingly they will do so, as they realize that a failure to proactively defend their domains can leave them vulnerable to convincing exploits from cybercriminals.

Continue reading →

As we enter the new year, the criticality of securing sensitive data will continue to mold and transform the structure of security strategies across enterprises, resulting in a heightened focus on access control and data-centric investments. With numerous data privacy regulations on the horizon, the cost of data breaches will be more catastrophic for businesses. In 2020, enterprises must invest in proactive strategies that combat the dynamic threats targeting an organization’s most sensitive data.

Enterprises can expect the trend of increased data breaches in ERP (Enterprise resource planning) systems to continue to rise in 2020

Continue reading →