BetaNews Staff

Remediating security issues and potential software vulnerabilities is one of the fastest ways to improve security and prevent attacks. It’s a standard process for security teams, and it should make the job easier for everyone involved. Yet many of the security issues that we see exploited remain known software vulnerabilities -- in Qualys' Top 20 Security Vulnerability Research this year, the top five most common exploits include a privilege escalation issue in the Zerologon protocol, remote code execution (RCE) problems in Microsoft Office and Wordpad from 2017 and even an RCE with Microsoft Windows Common Controls from 2012. These issues still exist, and have been targeted by threat actors this year.

So why are these old problems still present in production systems years after patches have been released, and why have they not been fixed? What is holding IT teams back around this backlog of vulnerabilities, and how can teams improve their processes to get ahead of these problems in future?

Continue reading →

As generative AI tools continue to expand, new doors are being opened for fraudsters to exploit weaknesses. Have you experimented with generative AI tools like ChatGPT yet? From beating writer’s block to composing ad copy, creating travel itineraries, and kickstarting code snippets, there’s something for everyone. Unfortunately, "everyone" includes criminals.

Cybercriminals are early adopters. If there’s a shiny new technology to try, you can bet that crooks will explore how to use it to commit crimes. The earlier they can exploit this technology, the better -- this will give them a head start on defenses being put in place to block their nefarious activities. If tech helps boost the scale or sophistication of criminal attacks, it’s extra attractive. It’s no wonder cybercriminals have been loving tools like ChatGPT.

Continue reading →

When it comes to data analytics, most organizations have historically focused primarily on descriptive and diagnostic capabilities. Descriptive analytics explains what is happening in an IT system and uses analysis levers including analyzing trends, mining patterns, and detecting changes and anomalies. Diagnostic analysis encompasses functions including critical path analysis, bottleneck analysis, fault propagation models, and root-cause analysis to explain why something is happening in the system.

With an increased focus on instrumentation and observability, allied to significant advances in AI, enterprises are now looking beyond simply what happened and why, and seeking to apply advanced intelligence to draw valuable predictive insights from data. IT leaders are looking for insights that can inform them about what is likely to happen in the future and how to prepare for it, for example:

Continue reading →

The cybersecurity landscape is no stranger to change. Security strategies must adapt to the onslaught of new threats and the increasing sophistication of cyber-attacks. The emergence of 5G as a primary WAN technology creates new opportunities and corresponding security challenges for businesses. As 5G technology delivers faster and more flexible connectivity capabilities, enterprises can expand their networks and provide additional connectivity in more places and for a broader range of devices. With this comes a need for comprehensive, customizable security to handle this growth.   

A major area that 5G technology will affect is the expansion of IoT devices, as many will be added to 5G networks. Ericsson predicts the number of IoT-connected devices will reach 34.7 billion by 2028, up from 13.2 billion in 2022. As the number of IoT devices continues to grow, the attack surface also grows, increasing the risk of attack from bad actors. This is why we have seen a rise in cyber-attacks targeting IoT devices, with Techmonitor identifying a 98 percent spike in cyber-attacks on IoT devices within the last quarter of 2022.

Continue reading →

Companies are committing to DevOps; in fact, according to a recent survey, three-quarters of leaders have adopted DevOps into their operations. DevOps delivers speed and agility to the development process. By cross-training operations and engineering, development teams can move faster through better collaboration, making continuous integration and continuous delivery (CI/CD) a reality for organizations.

The challenge some companies face, however, is change management, the process used to control any change related to a product in production. The process is there to ensure things don’t move too fast, and that production isn’t rushed. Companies that can align DevOps with their change management process see the greatest gains in getting products to market.

Continue reading →

Insider threats are far more commonplace than one would expect -- accounting for about 20 percent of all data breaches.

Though the term ‘insider threat’ conjures up images of disgruntled employees with malicious intentions or moles within an organization, the reality is that the majority of vulnerabilities of this nature are attributable to accidental, negligent insiders. As Okey Obudulu, CISO at Skillsoft, explains: "More often than not, insider threats are unintentional. Innocent acts -- such as sending an email to the wrong person or accidentally clicking on a phishing link -- can have devastating security consequences." Of course, what cybercriminals love more than anything is an unsuspecting and improperly trained employee to take advantage of…

Continue reading →

Artificial intelligence (AI) is set to be the next major technological advancement to dramatically impact modern society. From transforming the way we work, to increasing efficiency in outdated systems, the changes promised by AI have the potential to be utterly transformational. While this brings a huge range of opportunities, there are also some enormous challenges to overcome if humanity is to strike an effective balance between progress and risk.

History shows that society and the law do not always handle rapid innovation well. Take technologies such as the steam engine and automated loom, for instance, where progress was met with varying degrees of resistance and fear before the benefits were fully realized. In the case of AI, harnessing its potential while safeguarding against misuse means legislators must take a measured, risk-based approach to regulation that embraces change alongside effective safeguards.

Continue reading →

Cybersecurity can, at times, feel like a thankless and invisible task. The punishment for a mistake is immediate and ruthless, the reward for success next to non-existent, because how do you recognize the absence of a breach? But this isn’t a new scenario; the IT industry has dealt with this outlook for decades. The job of an IT department is to be invisible, but when something does go wrong all eyes are inevitably on them to fix it.

In a threat landscape where there exists a constant push to innovate, adapt and breach, there are only three possible outcomes for the IT industry: defeat, indefinite struggle, or complete structural collapse.

Continue reading →

Sustainable IT is no longer merely a good practice driven by customer demands; it has evolved into an imperative in response to shifting employee expectations and corporate responsibility around ecological consciousness. In today's digital workplace landscape, more than 80 percent of leaders are placing a heightened emphasis on environmental sustainability. Cloud providers, executives, software engineers, IT teams and even corporate boards of directors are increasingly thinking green because of the impact that adhering to environmental, social and governance (ESG) standards will have on our future and the next generation of leaders.  And on top of that, the business landscape is incentivizing green behavior. A recent survey by CloudBolt found that two-thirds of IT leaders say cloud provider’ sustainability initiatives are a key factor in determining with whom they do business.

Companies who drive sustainability transformation also enhance corporate reputation and performance, appealing to environmentally conscious customers. Firms adopting sustainable practices, like energy optimization, realize significant cost reductions. Integrating Sustainable IT into the digital employee experience is also a pivotal element of this transition, fostering a gratifying workplace for employees.

Continue reading →

Cloud transition plans have dominated the CISO agenda for the past decade, accelerated by the rapid shift to working remotely. Now, cloud infrastructure and strategies have moved far beyond the initial reactive approach of the last few years and into a revenue-generating, proactive investment for all modern businesses. Communications service providers (CSPs) are aligning their services and networks to support this trend and most are reporting a positive outcome related to the cloud transition of their enterprise customers.

As technology evolves and digital transformation plans continue to accelerate, enterprises that want to stay competitive are transitioning a portion of their infrastructure to the cloud, focusing on finding the right mix of cloud services to support their mix of applications as well as their current and future plans. These enterprises are looking to communications service providers to help them manage a complex multi-cloud environment as well as including CSP cloud services in that mix.

Continue reading →

2024 is fast approaching, and it seems likely that the new year heralds the same torrent of sophisticated malware, phishing, and ransomware attacks as 2023. Not only are these long-standing threats showing few signs of slowing down, but they're increasing by as much as 40 percent, with federal agencies and public sector services being the main targets.

Meanwhile, weak points like IoT and cloud vulnerabilities are making it tougher for cybersecurity pros to secure the wide attack surface that these edge devices create.

Continue reading →

Quite rightly, many businesses are excited about generative AI and the benefits it can bring. This year ChatGPT reported more than 100 million users, and the market value of generative AI is expected to grow year-on-year.

Currently, it makes sense that businesses want to get in on the act, but many are facing significant challenges navigating generative AI’s rapid emergence. There’s a risk of moving too quickly. It is difficult for businesses to confidently predict how beneficial generative AI will be. In some cases, it could even prove more of a hindrance than a help.

Continue reading →

Transatlantic data flows underpin more than $7 trillion in cross-border trade and investment per year, according to the U.S. Department of Commerce. The recently announced EU-US Data Privacy Framework (TADPF), in place as of July 10 2023, is expected to further promote opportunity and economic fruitfulness on both sides of the Atlantic.

However, many are rightfully questioning the staying power of this latest version of the TADPF. Will it be third-time lucky or Groundhog Day all over again? Against this backdrop of uncertainty, many companies must evaluate their short- and long-term regulatory resilience.

Continue reading →

In today’s digital era, operational visibility is a prerequisite for businesses across sectors such as manufacturing, transportation and retail. However, managing this massive influx of rapid, real-time data can be challenging -- especially for organizations that don’t have the infrastructure in place.

This data generally takes the form of events such as clicks, telemetry, logs and metrics, often collected as time series or machine data. In contrast to transactional data collected via batch ingestion, this data is collected via real-time streaming.

Continue reading →

Managing third-party cybersecurity risk across inter-connected supplier ecosystems is becoming increasingly more daunting. Software and systems that used to be managed in-house are now routinely delivered as hosted services by multiple vendors and contractors. Other third parties frequently get brought in at departmental level, often bypassing contracting procedures, and have access to applications that hold sensitive data and business critical information.

A single mistake anywhere in the supply chain could result in data breaches, compliance fines, as well as revenue losses, reputational damage, and a wide range of negative business consequences for months, or even years, down the line.

Continue reading →