BetaNews Staff

Network management and security should go hand in hand. However, making these services work has become more complicated and riskier due to the growth of the public cloud, the use of software applications, and the need to integrate different solutions together.

This complex network security domain requires more skilled cybersecurity professionals. But as this need becomes obvious, so does the glaring skills gap. In the UK, half of all businesses face a fundamental shortfall in cybersecurity skills, and 30 percent grapple with more complex, advanced cybersecurity expertise deficiencies.

Continue reading →

Every organization in the 21st century understands that keeping proprietary data safe is crucial to its success. However, while business leaders tend to believe their current security products and policies are truly secure, breaches continue to climb. It is clear that despite an ever-increasing number of companies maintaining formalized security programs and annually increasing security budgets, there are gaps that continue to go unnoticed and unaddressed.

Through hundreds of assessments and breach analyses, we have concluded there are eight common weaknesses that most commonly enable threat actors to penetrate organizations’ security armor, move through networks to elevate privileges, and ultimately allow them to compromise defenses. These weaknesses are continuously probed by threat actors, and while they may seem secure at deployment, they often are not; and even if initially secure, they frequently become obsolete due to missed updates, upgrades, changes to the enterprise environment, and evolving threat tactics. A frequent misconception is that security products and processes can be set and then forgotten; but since threat actors’ tactics evolve at an alarming pace, security controls must also be continually adjusted to ensure that organizations’ security armor continues to envelop and protect. In the absence of continuous evolution, the armor and its contents become vulnerable and, often, more at risk due to a false sense of security.

Continue reading →

I’ve led security functions and established cybersecurity board reporting processes for over 25 years. The relationship between CEOs and CISOs has always held contradictions and the decisions around when to disclose a breach have always been hard. But the recent developments involving the SEC and SolarWinds is a regulatory game-changer for the CISO community. Still, I think we’ll all ultimately come out OK from this if we behave ethically.

New ethical lines are being drawn very quickly and publicly as teams figure out the lines between good judgment and fraud. I have no intention of moralizing here about the SEC’s allegations against SolarWinds and their CISO. Rather, I’d like to shine a light on the underlying principles of disclosure that have served as my own ethical compass, and which I think remain unchanged.

Continue reading →

Most digital transformations fail. As a global entrepreneur and former software implementation consultant for Fortune 500 companies, I know that a digital initiative doesn’t end after a platform goes live. Digital change has a huge impact on our employees, who interact with about 13 applications 30 times per day to be successful in their jobs.

When trying to get employees to embrace new technology and tools, leaders say their biggest challenge is hard-to-use applications with a high learning curve (68 percent). It is, therefore, not surprising that many employees’ responses to digital transformation follow a process similar to the Kubler-Ross Stages of Grief. In the context of software adoption, we can think of this in terms of the associated Kubler-Ross Change Curve.

Continue reading →

With the rapid proliferation of Generative AI (GenAI), developers are increasingly integrating tools like ChatGPT, Copilot, Bard, and Claude into their workflows. According to OpenAI, over 80 percent of Fortune 500 companies are already using GenAI tools to some extent, whilst a separate report shows that 83 percent of developers are using AI-tools to speed up coding.

However, this enthusiasm for GenAI needs to be balanced with a note of caution as it also brings a wave of security challenges that are easily overlooked. For many organizations, the rapid adoption of these tools has outpaced the enterprise's understanding of their inherent security vulnerabilities. This would yield a set of blocking policies for example, Italy had at one point this year completely blocked usage of GPT, which is never the answer.

This misalignment could not only compromise an organization’s data integrity but also impact its overall cyber resilience. So, how should AppSec teams, developers, and business leaders respond to the security challenges that accompany the widespread use of GenAI?

Continue reading →

Business intelligence (BI) was once heralded as a technology that would democratize data, enabling everyone to become more productive and make better decisions. Today, though, analysts in the BI space like to share the same (and possibly apocryphal) statistic: The global business intelligence adoption rate is only 26 percent.

If only 26 percent of potential users ever access BI, something is broken. Why is access so poor? What can developers and engineers do to make BI achieve its full potential?

Continue reading →

Modern security teams need a 360-degree perspective if they are to successfully deal with all the risks they face. As well as protecting networks and data from external threat actors, organizations must also look at the risks posed by insiders -- a major security problem that brings a unique set of challenges.

Indeed, the issues associated with insider threats are growing to near ubiquitous levels. According to recent industry research, three-quarters of organizations say insider attacks have become more frequent, with more than half experiencing an insider threat in the last year. A major part of the challenge is identifying where the threats are coming from, given that employees and contractors already have varying levels of permitted access to systems. While the motivation for insiders can be malicious, employee errors can also result in hugely damaging security breaches.

Continue reading →

New technologies debut almost every day. This constant barrage of novel tools creates a perpetual cycle of overshadowing -- someone is always introducing a new technology that eclipses the previous innovation, and then something even newer comes out, and the cycle repeats itself. However, OpenAI’s ChatGPT broke that cycle.

Since ChatGPT’s debut in late 2022, the generative AI tool has exploded in popularity. It took just two months for the platform to reach 100 million users, a speed that shattered the previous record for fastest-growing app. The creators of ChatGPT expect the tool to generate $200 million this year and project that number will grow to $1 billion next year. Other businesses, like Google and Grammarly, are taking note. Both of these organizations have developed their own generative AI tool to enhance their business operations.

Continue reading →

Data science and AI leaders are rushing to accelerate new technology adoption. According to Forrester, generative AI alone will see an average annual growth rate of 36 percent for the next seven years, taking 55 percent of the AI software market. The analyst firm also estimates that by 2030, $79 billion will be spent annually on specialized generative AI applications and $42 billion will be spent annually on generalized generative AI use cases. 

Even if Forrester is off by a few billion dollars, moving fast is still critical to achieving success, but so is having an optimal AI strategy. Leaders must ensure that practitioners have the technology they need to innovate. At the same time, they must ensure innovation does not exceed budgets or introduce new risks. 

Continue reading →

Financial market participants, including banks, insurance companies, pension funds, and hedge funds, are all actively exploring ways to leverage artificial intelligence (AI), and private equity (PE) firms are no exception.

Three areas that are showing a significant return on investment (ROI) for AI among PE firms are deal flow, investment pre-screening, and risk intelligence, because it’s these areas where AI is helping them shift their window to act earlier than their peers. The private companies that PE firms invest in are simply far less transparent than public ones: There’s just not as much information about them, and the information that exists is generally much harder to get.

Continue reading →

It’s well documented that the pandemic supercharged digital transformation speeds for countless organizations and disrupted how we work, live, and transact.

In the shift from ink to e-signatures across industries, I have witnessed three important yet somewhat under-the-radar adoption trends that support the recent IDC findings that 86 percent of IT decision-makers say that they have invested in e-signature software in the past year and 85 percent plan to do so in the next 12-18 months.

Continue reading →

Companies have massively increased their cloud infrastructure investment in the relentless pursuit of innovation. Cloud-native apps, hybrid clouds, microservices, and serverless all enable companies to serve their customers with greater agility -- and at greater scale -- than ever before.

But the rapid adoption of these technologies has also created distributed cloud environments that are immensely difficult to understand and monitor with conventional observability tools.

Continue reading →

Connected technology is everywhere and influences every part of our lives. On average, there are nine connected devices in every UK household, and according to the UK Department of Culture, Media, and Sport. This is estimated to grow to twenty-four billion connected devices by 2050.

While connected devices provide a range of benefits, there are now growing concerns around the data they are collecting, and the subsequent loss of consumer privacy. One very real example is the recent announcement from the California Privacy Protection Agency (CPPA), which advised that its enforcement division will review the data privacy practices of connected vehicle manufacturers, stating that they are "connected computers on wheels" and should be treated as such.

Continue reading →

As a Mac administrator, managing a fleet of Apple devices across your organization requires consistent practices and robust security measures. With numerous system services and background tasks to oversee, maintaining uniform configurations and safeguarding organizational data are formidable challenges.

Apple has introduced a powerful new Declarative Device Management (DDM) approach to address these challenges. This update to the Mobile Device Management (MDM) protocol represents a paradigm shift in device management, offering an efficient and secure means of administering macOS devices. DDM enables tamper-resistant configurations and facilitates simplified monitoring of system services and background tasks. Declarative status reports allow administrators to know about a device's current state.

Continue reading →

European lawmakers are plowing ahead with what could be one of the most important pieces of legislation in a generation. The EU AI Act will take a notably more proactive approach to regulation than current proposals in the US and UK. But experts have spotted a critical loophole introduced in amendments to the legislation that could expose rather than protect citizens and societies from AI risk.

In short, this loophole could undermine the entire purpose of the proposed law and it must be closed. To do this successfully, legislators need to take steps to prioritize machine identities as a way to enhance AI governance, accountability, security and trust. Time is running out.

Continue reading →