BetaNews Staff

In 2023, we saw the popular trend of asking "how many times a week do you think about the Roman Empire?", and as an avid Roman Empire fan, my answer was a lot. In fact, the fall of the Roman Empire can be easily compared to ransomware breaches.

In 410 AD, the impenetrable walls of Rome were breached by the Visigoths, signaling an end to the once-mighty empire. The reason for the defeat of the Romans was complacency -- the walls and other defenses were in a state of disrepair, and Rome lacked a substantial military presence.

Continue reading →

It’s been another busy year for cybersecurity regulations. We saw a new National Cybersecurity Strategy by the White House in March, and throughout the year, we’ve seen the National Cybersecurity Center (NCSC) launch several new initiatives to increase cyber resilience.

As mentioned by Joseph Carson, Chief Security Scientist & Advisory CISO at Delinea, the landscape of cybersecurity compliance is expected to "evolve significantly, driven by emerging technologies, evolving threat landscapes, and changing regulatory frameworks."

Continue reading →

In security, we are very used to talking about features and functions in the tools we use. When it comes to measuring the positive impact of what we spend on cyber, in terms of both people and equipment costs, we tend to be equally abstract -- for years, 'mean time to detection' and 'mean time to resolution' have probably been the two most widely-used metrics for cybersecurity progress, and measuring the number of security incidents handled is still probably how the CISO tracks his team’s contribution to the organization.

But no longer. Today we need to start thinking about measuring cyber’s impact in completely new ways -- or to be more accurate, concepts new to us in IT security but already very familiar to our colleagues in HR; with terms that seem very far from threat intelligence, such as wellbeing, inclusion and creating psychologically safe spaces.

Continue reading →

The advent of artificial intelligence (AI) and large language models (LLMs) marks a significant turning point for the legal sector. Recent studies suggest a dramatic change is on the horizon, with up to 44 percent of tasks in law firms potentially being automated by AI. This impending transformation necessitates a re-evaluation of legal roles, requiring professionals to adapt and collaborate with AI while also preparing for the emergence of new positions.

AI promises to greatly enhance the efficiency and effectiveness of legal services, from streamlining the creation of legal documents, contracts, and agreements to automating repetitive tasks, to ensure accuracy and uniformity. AI's capability extends beyond mere data extraction; it can rapidly summarize complex documents like depositions and complaints and transform text into actionable insights. This will empower legal professionals to better understand and manage legal obligations, which will significantly enhance client services.

Continue reading →

Today’s complicated threat landscape leaves security teams grappling with new challenges on a scale never seen. Threat actors are more organized and efficient, leveraging a vast ecosystem of tools and services that cater to experts and beginners alike. In early March, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory warning of the resurgence of Royal ransomware with new compromise and encryption tactics used to target specific industries, including critical infrastructure, healthcare and education.

Cyberattacks are only increasing and growing more destructive, targeting supply chains, third-party software, and operational technology (OT). Gartner predicts that by 2025, threat actors will weaponize OT environments successfully to cause human casualties. This is happening at a time of increased technology adoption led by accelerated digital transformation efforts, hybrid work and the Industrial Internet of Things (IoT) boom, leaving security teams to manage an evolving and growing attack surface and multiplying vulnerabilities.

Continue reading →

2023 rapidly became 'The Year of AI Panic' as governments and the press entered into an AI frenzy.

Progress in Generative AI, spearheaded by GPT4’s release in March, offered users incredible tools with a visible utility and practical benefit. Its impact could be felt across their personal and business lives. From that point there has been a buzz around AI with a snowball effect across the media fueled by sudden engagement from the most senior levels of government across the planet. 2023 has seen the AI train fly across our screens, and the pace of developments from a technical, policy and regulatory perspective has been almost impossible to keep up with. So too has the FUD -- fear, uncertainty and doubt that accompanies disruption.

Continue reading →

In a world where software defines the pace of innovation, organizations must excel at developing, securing, and deploying software. Companies must be experts in all three, or they will be disrupted by those who are. And in our current economic climate, they need to undergo these digital transformations while also cutting costs, being more efficient, and doing more with less.

Value stream management can be the antidote to these challenges, helping teams accelerate time to market, overcome obstacles such as handoffs and broken feedback loops, and improve visibility across the business to deliver high-quality customer experiences.

Continue reading →

The business landscape today includes a highly mobile workforce. A survey by Pew Research found that about a third (35 percent) of workers with jobs that can be done remotely are working from home all of the time and 41 percent of those with jobs that can be done remotely are working a hybrid schedule.

In the UK, according to the latest Chartered Institute of Personal Development (CIPD) report on flexible-hybrid working practices, 83 percent of organizations have a hybrid working approach in place. 45 percent of organizations have a formal policy, while 24 percent take an informal approach, and 13 percent are developing policies through learning and trialing. Overall, the number of people working from home some of the time has grown from 17 percent to 25 percent since the pandemic’s start, meaning a quarter of Brits are hybrid workers. Additionally, the UK Government’s proposal to make the right to request flexible working from day one, rather than after 26 weeks of employment, is likely to further escalate the amount of flexible working requests and likewise the number of employees working remotely.

Continue reading →

With the rollout of Copilot this fall, businesses everywhere are considering moving to Microsoft 365 to reap the benefits of its AI companion function in supporting business operations.

The first step in tackling this transition is for IT teams and Managed Service Providers (MSPs) to understand the new software, evaluate their existing systems and prepare for the intricate migration that lies ahead.

Continue reading →

Businesses are in the early stages of a new era of employee relations as both the workplace and the workforce undergo significant changes. The pandemic accelerated the shift to hybrid work environments, which has, in turn, accelerated the ongoing digital transformations that made hybrid work possible in the first place. Meanwhile, baby boomers are retiring, Millennials are moving into management, and the Gen Z cohorts are just starting their careers.

The digital natives now populating companies have discriminating expectations for how technology works for them. For example, Riverbed’s Global Digital Employee Experience (DEX) Survey found that 68 percent of employees would leave the company if they were unhappy with the DEX. Companies that fail to provide seamless DEX -- which covers the full range of how employees engage with technology at work, from an intranet to email and collaboration platforms to HR systems -- risk frustrating employees when things do not work as expected. This not only increases the chances employees may look for another employer, but a faulty DEX brings losses in productivity and potential damage to a company’s reputation.

Continue reading →

Never trust, verify everything! This is the premise on which the "Zero Trust" approach was founded. This model of cybersecurity involves implementing controls designed to ensure that only verified users can access company resources, and from similarly approved devices.

This strategy is increasingly being adopted in response to the challenges faced by small and medium-sized enterprises (SMEs), such as the continued evolution of hybrid working, the use of Bring Your Own Device (BYOD) and the increase and sophistication in cyber-attacks. Whereas previously SMEs thought they weren’t a target, now they are seen as the weaker link from a hackers’ perspective and increasingly they are falling victims to cyber attacks.

Continue reading →

2023 has been another wild year for cybercrime. In October, Boeing’s systems were breached through a zero-day vulnerability, with hacking group LockBit threatening to publicly release sensitive files if the ransom wasn’t paid in a week. One month prior, MGM Resorts was hit by a ALPHV/BlackCat social engineering attack estimated to impact the company’s third-quarter financial results by about $100 million. That same month, two major hospitals serving thousands of New York patients struggled to recover from a LockBit cyberattack that forced them to reschedule appointments and divert ambulances to other hospitals.

But what is in store for 2024? Let's look at some of these trends from 2023 in more detail to better understand what will be facing us next year.

Continue reading →

In 2023, we witnessed the beginnings of a global AI-driven revolution. With recent studies revealing that one in six UK organizations have already embraced artificial intelligence (AI), these technologies have solidified their position in driving the next wave of digital innovation.

However, until now, organizations have been largely focused on AI experimentation, which has limited the benefits they’ve unlocked. They are now seeking to mature their strategies and embrace AI in a more transformational manner, by embedding these technologies into their core business processes. The launch of solutions like the Open AI GPT Store towards the end of 2023 is set to accelerate this drive for AI maturity, making it easier for organizations to embed ready-built use cases into their operations.

Continue reading →

Web applications remain one of the most targeted areas for threat actors. According to Verizon’s Data Breach Investigations Report, web application attacks were behind 26 percent of all successful attacks during the twelve months covered. Yet while the methods for attacking web applications are well known and understood, as evidenced by the work that the Open Web Application Security Project (OWASP) has done on their Top Ten list over the years, many companies still find hardening their applications challenging.

Authorization and access control describe the biggest set of challenges identified by OWASP in their most recent Top 10 list (2021) -- three out of the top five issues were around broken authorization, while broken authentication and improper access to resources were also common problems. The OWASP Top 10 for 2021 also includes attacks that work on unrestricted access to sensitive business flows, which covers areas like creating fake accounts, and server side request forgery where APIs can send resources to the wrong locations.

Continue reading →

Open-source software (OSS) is now so widely used that it is incredibly difficult to find an organization that doesn’t incorporate OSS in some form or another -- whether that be in a standalone open-source product, or more commonly, in the form of OSS packages. Though its usefulness cannot be doubted, the prevalence of this software is exactly what makes it a major target for cyber-attacks.

A prime example of this is Log4j, a popular logging utility used by scores of organizations for recording events such as status reports and errors. In a situation which came to be known as 'Log4shell', a zero-day vulnerability allowed threat actors to compromise systems using malicious code and take control all while remaining undetected. At the time, its impact was described as "enormous" and the implications of its implementation into countless commercial products underlined the inherent vulnerabilities of some open-source technologies when weak points are exposed.

Continue reading →