Articles about cybersecurity

New email rules from major providers mean that businesses need to adopt the DMARC standard in order to ensure that their emails get delivered.

But while the new rules have received a good deal of publicity there hasn't been much attention paid to those not running their own mail server and relying on a third-party mail services.

Continue reading →

One way to understand the mind of hybrid attackers is to compare their behavior to the animal kingdom. They are predators using a relentless arsenal of tactics to hunt their prey across a large domain. Threat actors are the honey badger. A snake bite or a few bee stings might delay their attack for a moment, but they’ll find a way to take down the entire hive and satisfy their appetite.

But what is a hybrid attack? Today, all cyberattacks are hybrid. Every enterprise uses a mix of on-premises and cloud services, and the number of services used is rising. In fact, employees now use an average of 20 cloud and SaaS apps every month. Despite enterprises having every preventative measure in place, attackers are using this widening attack surface to their advantage. They can start with anyone or anything they can access, no matter how small, before moving at speed to extend their access and disrupt business operations at scale. Some of the most common traits that make stopping hybrid attacks difficult are how they bypass prevention, compromise identities, elevate and hide in privileges to move laterally across domains -- often at high speed.

Continue reading →

A recent article from Harvard Business Review explores the mindset of today’s cyber hackers and explains why effective cybersecurity has become so challenging by outlining the three traits shared by every successful hacker: creativity, speed, and resourcefulness. Hackers who can successfully leverage these traits are able to assault a company’s defenses with an ever-evolving barrage of novel and impactful attacks.

Thus, to remain secure, companies must be prepared for the unknown. Today’s threat landscape includes tried-and-true attacks -- phishing, social engineering, and DoS attacks -- as well as innovative strategies driven by creativity, speed, and resourcefulness. The latter are designed to exploit weaknesses before companies discover they exist. The following approaches to cybersecurity can help companies develop a future-proof framework that anticipates and addresses hidden threats.

Continue reading →

This time last week businesses around the world were rocked by major disruption as a faulty update to the CrowdStrike security software brought down Windows systems.

The company has now issued a preliminary report into the incident which reveals that a 'Rapid Response Content' configuration update caused the problem.

Continue reading →

ChatGPT for Cybersecurity Cookbook takes you on a journey toward enhancing your cybersecurity skills, whether you’re a novice or a seasoned professional. By leveraging cutting-edge generative AI and large language models such as ChatGPT, you'll gain a competitive advantage in the ever-evolving cybersecurity landscape.

This book shows you how to automate and optimize various cybersecurity tasks, including penetration testing, vulnerability assessments, risk assessment, and threat detection.

Continue reading →

A new survey of over 200 CISOs across a wide range of industries in the United States reveals that many are unprepared for tough new regulations including the SEC's cybersecurity disclosure rules in the USA and the Digital Operational Resilience Act (DORA) in the EU.

The study from Onyxia Cyber shows 67 percent of CISOs report feeling unprepared for these new compliance regulations, while 52 percent admit to lacking sufficient knowledge about how to report cyberattacks to the government.

Continue reading →

A new study from Appsbroker CTS finds 79 percent of IT and cybersecurity leaders believe that emerging technologies like GenAI will 'change the game', leaving them unprepared.

In addition 90 percent say the risk and severity of cyberattacks has increased over the past year, while 61 percent believe the attack surface is now 'impossible to control'.

Continue reading →

Given the level of worry around the influence of deepfakes -- as we reported yesterday -- it's perhaps not surprising to learn that companies are developing their own deepfake response plans.

A new survey of over 2,600 global IT and cybersecurity professionals, from software recommendation engine GetApp, finds 73 percent of US respondents report that their organization has developed a deepfake response plan.

Continue reading →

Nation state-sponsored threat actors, organized cybercriminal cartels and hacktivists are expected to be active during the upcoming 2024 Paris Summer Olympics and Paralympics, which will be hosted against a fractured geopolitical landscape, including Russia's war in Ukraine and Israel's conflict with Hamas. There will likely be three types: 

Nation-state sabotage: Russian nation state-level cyber units will likely attempt to sabotage the 2024 Games, something that we have already observed in previous years during both the 2018 Winter Olympics as well as the 2020 Tokyo Summer Olympics in which Russia’s GRU military intelligence service engaged in cyber reconnaissance, targeting officials and organizations involved in the events. With Russia being suspended from participation as a sanction from the International Olympic Committee for its invasion of Ukraine, operations launched by Moscow-aligned cyber forces, such as Sandworm (a group that attacked previous events with the “Olympic Destroyer” malware), will likely surge in retaliation. Motivation for these efforts would likely include retaliation, damaging the reputation of the Paris Olympics to promote its own 2024 World Friendship Games in September, and to counter French President Emmanuel Macron’s pro-Ukraine position.  

Continue reading →

Now that we're beginning to overcome the obstacles to creating a commercially viable quantum computer it's important to consider the security threat that these vastly more powerful machines will pose.

Not least of these is the threat to encryption which puts everyone's online security at risk. We spoke to Nils Gerhardt, chief technology officer and head of product for Utimaco, to explore what a post-quantum future may look like.

Continue reading →

New research from identity verification company Jumio finds growing concern among Americans about the political influence AI and deepfakes may have during upcoming elections and how they might influence trust in online media.

The study of over 8,000 adult consumers, split evenly across the UK, US, Singapore and Mexico, finds 72 percent of Americans are worried about the potential for AI and deepfakes to influence upcoming elections in their country.

Continue reading →

In recent years, mobile devices have taken center stage and we've become mobile-first users, where mobile devices are our first choice for how we communicate, navigate, work, bank, take photos, shop and stay informed about the world around us. Our increased reliance on mobile phones is not without its risks.

According to Zimperium's Global Mobile Threat Report 2023, 43 percent of all compromised devices were fully exploited (not jailbroken or rooted), an increase of 187 percent year-over-year, a shocking number.

Continue reading →

Research released by KnowBe4 shows that 75 percent of security professionals have witnessed employees displaying risky security behaviors at work and 62 percent admit to risky behavior themselves.

Top risky things that cybersecurity pros admit to include using entertainment or streaming services (33 percent), using GenAI within the organization (31 percent), sharing personal information (14 percent), using gaming or gambling websites at work (10 percent) and using adult entertainment websites (two percent).

Continue reading →

You'll doubtless be aware already of the major outages of Microsoft systems today causing problems for airports, rail operators, banks, retailers, broadcasters and more.

Among the disruption stores found themselves unable to accept payments and in the UK Sky News’s breakfast show was taken off air. Some airports were forced to use whiteboards to show flight departure information.

Continue reading →

It's essential for businesses to get security, privacy and governance right -- not only to prevent breaches, but also comply with increasing numbers of regulations.

DevOps Research and Assessment (DORA) best practices are the gold standard for spotting vulnerabilities across both cloud and mainframe environments and improving development efficiency.

Continue reading →