BetaNews Staff

The danger facing critical infrastructure from DDoS attacks targeting telecoms networks

DDoS attacks

Denied Distribution of Service (DDoS) attacks are an established and now-typical part of the cybersecurity landscape. But, since their first arrival on the scene over 25 years ago, the core of the average DDoS attack hasn’t really changed. Sure, there have been advancements in technology but they still serve the same purpose as they did during that very first attack on a commercial internet provider -- bringing their victims offline.

The way in which an attack can do this using DDoS has changed over time, with a movement towards more targeted attacks, allowing for specific websites or servers to be attacked rather than the entire network having to be taken offline. DDoS attacks have also become wildly more popular and commonplace as they’ve become easier and more accessible to carry out. They’ve even become a market of their own, with some threat actors even offering them as a service online.

Continue reading

The era of democratized data needs to be led by DX2.0

digital-transformation

Over the last few years, we have witnessed process industries digitizing large amounts of their operations. However, despite this accelerated shift, execution remains uneven. In tandem, leaders have been contended with several business challenges such as disrupted markets, changing consumer behavior, data abundance, remote working and regulatory changes.

This has driven the uptake of further digital transformation (DX) initiatives to stay relevant, maintain market leadership, foster resilience and fuel scalable innovation. As the industry battles an increasingly complex operating environment, companies require more comprehensive DX solutions, or what is being referred to as DX2.0.

Continue reading

A technical overview of Cisco IoT part 3: Security essentials & industrial applications

Following the second installment of this Cisco IoT series regarding IoT networking and security supported by Cisco's innovative hardware offerings, this next discussion explores related key topics that are essential for understanding and implementing IoT solutions effectively.

This comprehensive overview will cover critical aspects such as IoT security, operational technology visibility, and industry-specific use cases. By examining these elements, readers will gain a clearer picture of how Cisco's advanced IoT solutions can enhance security, improve operational efficiency, and drive business innovation across various sectors.

Continue reading

The top challenge when implementing AI for business: Lack of high-quality data

AI growth and adoption in the UK are surging, with the market valued at more than £16.8 billion and expected to reach £801.6 billion in the next decade. Approximately 15 percent of UK businesses are already using AI technologies such as data management and analysis, natural language processing, machine learning, and computer vision. And across the pond in the US, AI is expected to contribute a significant 21 percent net increase to US GDP by 2030, showcasing its substantial impact on the economy.

Growth in any new technology is never without its challenges. For AI, these include ensuring data privacy, addressing ethical concerns, and navigating the complexity of integrating with existing IT infrastructure. Data quality is central to resolving these challenges. To be useful, the data used for AI must be high-quality, well-structured, and from trusted sources. These properties are the foundation for all AI models and determine their effectiveness and reliability.

Continue reading

The role of migration tools in IT integration

In the fast-paced world of corporate mergers and acquisitions (M&A) and divestitures, integrating tech infrastructures offers significant challenges and opportunities for growth. As companies seek to unify, separate, and streamline their operations, the role of reliable migration tools becomes crucial in ensuring seamless transitions and maintaining data integrity.

According to Deal Barometer, M&A activity is expected to rise by 20 percent this year, emphasizing the need for effective IT strategies during these transformations. Given the complexities of migrating data during a merger, acquisition, or divestiture, IT leaders should seek solutions to ensure a smooth, secure transition.

Continue reading

Source code: The source of truth for securing the API attack surface 

Most organizations find themselves in the midst of their API security journey, racing to keep pace with expanding API ecosystems in a colossal threat landscape. As a core enabler of modern applications, facilitating seamless connectivity and powering mobile and web applications, APIs are everywhere. The DevOps revolution has completely transformed the pace at which developers can design and build APIs faster than a security team can match. 

Large enterprises are operating with tens of thousands of APIs, and even small organizations have a surprising number, both internal and external. With applications and API portfolios becoming increasingly complex, maintaining a comprehensive understanding of all existing APIs has emerged as a significant hurdle. As APIs can quickly become obscured or forgotten, many organizations lack accurate context into the sheer scale and volume of APIs that persist across their infrastructure -- subsequently resulting in the absence of a full picture of their attack surface. As one cannot secure what they cannot see, the absence of discovery mechanisms opens organizations to a host of security risks.  That is why API discovery is now a crucial process for security teams, designed to identify, catalog, and assess APIs. 

Continue reading

Cloud security vendors with cloud cultures: Operating in sync with customers  

Cloud security

Cloud-native security companies understand that while digital transformation is the future for most, if not all, organizations across industries, it’s also introducing a host of new cybersecurity challenges that customers need support navigating. For example, as hybrid work and distributed workforces become more normalized, there’s a growing need for solutions and processes to ensure this anytime, anywhere collaboration happens securely. Moreover, as the number of cloud services in use across organizations increases, more sensitive data is being stored in the cloud, and companies continue to lack visibility and/or control over their cloud activities, cloud security is only becoming more critical with time.

However, to build security solutions that solve for these challenges and others, cloud-native security vendors need to first understand the exact nature of the issues their customers are facing. One way they typically approach this is by being deeply integrated into the market and relying on customer feedback to shape their product offerings. But there’s another, often-overlooked way for these companies to stay close to customers’ changing needs: fostering an internal cloud-centric culture themselves. By practicing what they preach, cloud vendors can best support customers and optimize their solutions.

Continue reading

The potential opportunities and challenges of decentralized identity in mitigating AI threats

In an age where cyber threats are becoming increasingly sophisticated, the management and verification of digital identities are at a critical juncture. As various sectors rapidly evolve, decentralized identity (DCI) systems emerge as a revolutionary approach to managing and verifying user identities. These autonomous systems promise to change how we access and use online services. However, many organizations need help with adopting this promising technology.

A recent survey by Ping Identity, which included responses from 700 IT decision-makers worldwide, highlights these challenges. In the UK, 82 percent of IT decision-makers see value in decentralized identities for their customers and employees, yet only about a third (34.5 percent) currently offer this option. A significant reason for this gap is the need for more clarity about the benefits, with 31 percent of respondents unsure what advantages decentralized IDs would bring.

Continue reading

Collective digital leadership: Why non-technical leaders should share tech ownership

In today's hyper-competitive, rapidly evolving market, the demand for seamless digital interactions has never been higher. The modern workforce expects seamless digital interactions, instant access to information, and intuitive tools that support both their work and personal growth. In this new paradigm, non-technical teams need the power to innovate without the confines of complex development environments. They also must bear more responsibility for the strategic deployment of technology.

This has led to forward-thinking organizations exploring leadership models that reflect the shared need for rapid, strategic deployment of technology. A recent Gartner survey found that 46 percent of CIOs are shifting to co-owning digital leadership. According to the firm’s report, “CIOs who co-own efforts with their CxO peers to place the design, management and delivery of digital capabilities with teams closest to the point where value is created, are most effective at maximizing digital investments.”

Continue reading

Self-service password reset: How the cure could introduce more security ills

Passwords certainly aren’t new -- they began in ancient civilizations so tribes and their militaries could identify their members and allies. But the management problems they present in a digital world so utterly dependent upon them are voluminous and costly. On average, business users have 87 passwords for their work-related accounts. Granting this complexity, users will inevitably need to turn to IT several times a year to resolve password lock outs. Forrester estimates that it costs an organization $70 per password reset and that large, U.S.-based enterprises allocate $1M annually for password-related support costs.

While Self-Service Password Reset (SSPR) tools -- web-based portals that enable users and administrators to reset their own passwords without IT interaction -- seem like the ideal solution, they come with risks. Today’s threat actors are exploiting every opportunity to gain credentials, and without the proper controls, SSPR solutions can be ripe for social engineering and exploitation. Artificial Intelligence is bolstering social engineering tactics while making them less detectable. Threat actors have increasingly been waging these sorts of attacks against SSPR solutions, in particular Microsoft SSPR, to gain both user and admin credentials. While it has become necessary for IT to streamline tasks in a world of burgeoning demands and complexity, any solutions deployed must be reviewed for vulnerabilities -- or the cure could be worse than the disease, leading to a catastrophic breach.

Continue reading

Understanding the threats lurking in Microsoft Office documents

Microsoft Office stands as a pillar in the landscape of modern productivity tools. Its suite of programs -- from Word for crafting documents to Excel for data analysis - allows for versatility in both personal and professional environments. Used from everything like notetaking, resumes, essays, and business reports, in today’s digital age, these documents are indispensable and trusted tools.

This versatility, however, presents a double-edged sword. While they enhance efficiency and functionality, they simultaneously create potential security risks. This duality makes Microsoft Office documents an attractive target for threat actors, who exploit their widespread use and familiar interface to deliver phishing and malware with alarming ease.

Continue reading

Anticipating tomorrow's threats: AI, evolving vulnerabilities, and the 'new normal'

Artificial-Intelligence-threat

Modern cybersecurity leaders are expected to balance an almost comical number of responsibilities. Threat intelligence, vulnerability management, asset tracking, identity management, budgeting, third-party risk -- and that’s just what the company is willing to put in the job description.

To be a cybersecurity expert is to spend your entire career deepening your well of knowledge in one or a few domains. To be a cybersecurity leader, on the other hand, is to spend your career attempting to drink an ocean through a straw. What makes this moment in cybersecurity so interesting is that generative artificial intelligence (AI) brought a fundamental change to both the ocean and the straw.

Continue reading

Six ways to future-proof your CMS, while elevating your tech teams

In today’s competitive business environment, delivering dynamic experiences across multiple digital channels is becoming increasingly important. In the past, a traditional monolithic CMS was the go-to solution for managing website content in bulk, offering a comprehensive approach with integrated front-end and back-end functionalities.

However, as the importance of web channels for media distribution grew, developers within larger enterprises recognized the limitations of monolithic solutions in managing complex, structured content or delivering unique frontend capabilities. This led to the rise of custom, internal CMS solutions. Performance and extensive customization were possible but at huge engineering costs and time pressure to plan, develop, and uphold these systems.

Continue reading

No, Linux isn't always best for IoT

Ask a connected device developer which operating system they prefer and most -- about three-quarters to be exact -- will reply with Linux. The open-source system is far and away the king of the Internet of Things (IoT) thanks to its flexibility and support for various architectures.

But there’s a problem. Simple, single-function devices like smart thermostats or connected bird feeders often don’t require the robust processing power of Linux. Loading these devices with multi-tasking capabilities can be inefficient and potentially risky. Recent reports of backdoor vulnerabilities in Linux, for example, raise concerns about its attack surface and open-source origins.

Continue reading

How the rush to regulate AI could bring new cyber security challenges

Artificial-intelligence, AI

Since the arrival of generative AI, its potential to increase challenges associated with privacy and cyber security has become a major concern. As a result, government bodies and industry experts are hotly debating how to regulate the AI industry.

So, where are we heading and how is the crossover between AI and cyber security likely to play out? Looking at the lessons learnt from previous efforts to regulate the cyber security market over the past few decades, achieving anything similar for AI is a daunting prospect. However, change is essential if we are to create a regulatory framework that guards against AI's negative potential without also blocking the positive uses that AI is already delivering.

Continue reading

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.