• Article

Supply chain attacks have dominated news headlines in 2021. From SolarWinds to JBS Foods, cybercriminals are actively targeting national and international supply chains, causing widespread disruption and financial impact. Attackers understand that organizations have less control over and visibility into the security controls of a supply chain -- controls that are typically limited to legal contracts rather than true and comprehensive security policies and procedures. Common cyber supply chain risks and threats include third-party access to IT systems and weak cybersecurity practices of smaller suppliers.

Now more than ever before, protecting every part of the supply chain must be a top priority for both public and private sector organizations globally. To do this effectively, it is important to remember that securing any supply chain cannot be successfully achieved through the work of only an IT department or team. While they do play a significant role, cyber supply chain risks touch upon many different areas. Therefore, a more comprehensive, shared responsibility approach is required.

Continue reading →

The seemingly never-ending stream of printer problems caused by Windows updates shows no sign of abating.

Following the Patch Tuesday releases a couple of weeks ago, Microsoft has added warnings of known issues to the support pages for the KB5006674 and KB5006670 updates. Printer-related errors including 0x000006e4 (RPC_S_CANNOT_SUPPORT), 0x0000007c (ERROR_INVALID_LEVEL), and  0x00000709 (ERROR_INVALID_PRINTER_NAME) are among those the company says users may experience.

Continue reading →

Across all industries developers are under pressure to deal with rapidly shifting requirements and faster turn around times.

But in highly regulated sectors like healthcare there are extra demands to ensure safety and compliance. We spoke to Roger Mazzella, senior product manager, medical at productivity platform The Qt Company to find out how developers can address these challenges while still meeting delivery times.

Continue reading →

Through evolving legacy modernization, a clear need for automation arose to bring actionable insights to IT and DevOps teams.

Unified monitoring, log management and event management vendors are finding ways to embrace Observability in their tech stacks. And while the overall functionality doesn’t change, these adjustments have led to confusion between IT and DevOps teams. IT Operations and Service Management (ITOSM) professionals are skeptical that Observability is a marketing ploy rather than a tool that actually implements technological change. DevOps professionals, on the other hand, are hesitant of the idea of repurposing legacy tools. So what should vendors do when transitioning standard monitoring technology to use Observability in a meaningful way?

Continue reading →

The world as we know it has changed significantly in the past couple of years, and so have managed services. While IT infrastructure and security continue to be more important than ever with large numbers of companies across the globe implementing remote and hybrid working policies, this situation has created the need for additional services that go beyond the standard managed services package. As the future of work continues to evolve, so too will the offering of experienced managed service providers (MSPs).

Prior to the global pandemic, MSPs were primarily focused on IT security and infrastructure. Companies would often outsource all or part of their IT in order to keep costs low and ensure that they had the crucial expertise and systems at hand without having to hire in-house specialists. Ensuring that their IT systems are secure and working at optimal capacity makes it possible to focus on other tasks that will help move the needle and big-picture goals. This is why MSPs are still very popular with businesses of all sizes. Despite large in-house IT teams, an estimated 90% of Fortune 1000 companies use MSPs for part of their IT management.

Continue reading →

Robotic process automation (RPA) is nothing new. In fact, it’s an automation toolkit that was first introduced back in the 1990’s. But in 2020, in the midst of a global pandemic and the all new remote work norm, RPA interest and adoption hit a new high. Why? Because with RPA, digital workers are able to take over repetitive, manual tasks traditionally performed by their human counterparts -- freeing up time, energy and critical human resources.

Gartner’s Fabrizio Biscotti, research vice president, put it best: "The key driver for RPA projects is their ability to improve process quality, speed and productivity, each of which is increasingly important as organizations try to meet the demands of cost reduction during COVID-19. Enterprises can quickly make headway on their digital optimization initiatives by investing in RPA software, and the trend isn’t going away anytime soon."

Continue reading →

The saying "too many cooks spoils the broth" could well be true in the case of how we currently approach vulnerability management (VM). The process around vulnerabilities has become increasingly complex, with high levels of pressure to ensure that it is done right.

Vulnerabilities have long been one of the most prominent attack vectors, yet so many are left unpatched by organizations of every size and across every vertical -- the root of catastrophic issues. The Ponemon Institute conducted a recent study that found almost half of respondents (48 percent) reported that their organizations had one or more data breaches in the past two years. In addition, the discovery of high-risk vulns in 2020 alone, has drastically increased by 65 percent -- ultimately alluding to the fact that breaches could potentially become increasingly impactful. The longer a vulnerability remains present, the higher the chance that it will be exploited by bad actors.

Continue reading →

Despite the significant shift and adoption of new technologies over the past few years, many businesses still rely on legacy infrastructure. Legacy servers are often still in operation because they are far too critical, complex, and expensive to replace. Famous examples include Oracle databases running on Solaris servers, applications using Linux RHEL4, or other industry-specific legacy technology. 

Although critical to the business, these legacy systems can increase a company's risk -- gaining access to just one unpatched legacy device can be relatively simple for cybercriminals. Once inside, said criminals will move laterally to gain a deeper foothold inside the network and deploy more significant attacks.

Continue reading →

Google Fi is the search giant's affordable MVNO cellular service, where it piggybacks off of the T-Mobile and U.S. Cellular networks. Despite being a Google service, it is actually compatible with Apple iPhone devices too. In other words, it is not an Android-only affair. While Google Fi is not wildly popular, many of its users speak favorably of the service -- it is apparently quite good.

And now, Google Fi is getting even better. You see, the search giant has introduced end-to-end encryption for phone calls -- a huge benefit for privacy. Unfortunately, there are some caveats here. For the calls to be encrypted, the speakers on the call must both be using Google Fi service -- that should be fairly obvious. However, there is one very big catch that might surprise you -- this feature is only compatible with Android devices. In other words, iPhone users with Google Fi are being left out of the encryption party.

Continue reading →

Linux users have been able to use Microsoft’s Chromium-based Edge browser for a while now, but in Dev Build and beta versions.

Today though the software giant has updated its Edge repository to add a new stable version of the browser, so if you’re running a Linux OS and want to try out Edge alongside your existing browser you can.

Continue reading →

The Tribe of Hackers series continues, sharing what CISSPs, CISOs, and other security leaders need to know to build solid cybersecurity teams and keep organizations secure. Dozens of experts and influential security specialists reveal their best strategies for building, leading, and managing information security within organizations.

Tribe of Hackers Security Leaders: Tribal Knowledge from the Best in Cybersecurity Leadership follows the same bestselling format as the original Tribe of Hackers, but with a detailed focus on how information security leaders impact organizational security.

Continue reading →

A new survey of over 4,000 global IT workers, carried out by Kaspersky shows that 54 percent of employees have reported an increased workload since switching to remote working.

While 37 percent of respondents didn't notice a change in volume, a lucky nine percent note a decrease in work due to new working conditions.

Continue reading →

The way businesses operate has changed significantly since the first national lockdown in March 2020. But arguably one of the biggest changes has been the way businesses use technology. Data from McKinsey shows that businesses accelerated their digitization by three to four years in the first four months of the pandemic.

This adoption of new technology has not come without its teething problems, however, and this is especially true for businesses with large office contingents. These workers promptly switched to remote working in March 2020 and had to adapt to these technologies while working from home. Google data shows that searches for terms on how to use tools like Zoom rose exponentially during the first few months of the pandemic, with "how to use Zoom" increasing by 7,016.74 percent.

Continue reading →

Would you be willing to have technology implanted in your body? A survey by marketing and communication tool Tidio reveals the extend to which people are open to 'biohacking'.

More than 75 percent of respondents say they are willing to implant a microchip for health monitoring, and 57 percent are eager to go further and transfer their consciousness to a machine or a different body and live forever as cyborgs.

Continue reading →

It's easy to pigeonhole cybersecurity as something for the IT or security team to look after. But a major cyberattack can have a devastating impact on the business as a whole.

It's important, therefore, that security be looked at in the context of the entire enterprise. This also means considering approaches like 'assumed breach' where you accept that sooner or later attackers will succeed in getting into your network.

Continue reading →