Articles about cybersecurity

Despite cybersecurity threats being on the rise, many small and medium businesses (SMBs) still lack basic security measures, according to AI security company Cyber Upgrade.

It's no secret that hackers target smaller businesses due to inadequate cybersecurity safeguards, as most underestimate the associated risks as well as lacking the resources of larger enterprises.

Continue reading →

A new report from Thales reveals that 43 percent of enterprises failed a compliance audit last year, with those companies 10 times more likely to suffer a data breach.

Based on a survey of almost 3,000 IT and security professionals it also finds that 93 percent of IT professionals believe security threats are increasing in volume or severity, a significant rise from 47 percent last year.

Continue reading →

Today's IT security teams face several key challenges. Tasked with combating the rising volume and frequency of sophisticated cyber threats, they are bombarded with a tsunami of alerts generated by countless security tools that deliver little context or value-add insight.

Effectively processing and analyzing all this data to identify actionable threat intelligence requires considerable time and effort.

Continue reading →

A new study from Proofpoint shows that 85 percent of organizations polled experienced at least one data loss incident in the past year. Even the country with the lowest percentage -- the UK -- still had 73 percent of respondents reporting at least one incident in the past 12 months.

What's particularly interesting though is that careless users, accounting for 70.6 percent, are much more likely to cause these incidents than compromised (48.1 percent) or misconfigured systems (45.3 percent).

Continue reading →

Organizations are putting their critical operations at risk by enabling the widespread continuation of a 'blame game' culture between their IT teams and third-party service providers, according to a new report.

The survey from Dynatrace finds that 91 percent of organisations are still playing the blame game with IT service providers when problems occur. This increases the reliance on war-room-style meetings to identify and resolve the cause of problems, which extends the duration of incidents and creates tense workplace environments that heighten the risk of losing skilled talent.

Continue reading →

The number of new posts on dark web forums about elections surged by 394 percent in 2023 compared to 2022, research released this week by cybersecurity firm NordVPN reveals. And in the first two months of 2024 alone, users have already published almost half as many posts.

With more than 60 countries holding national elections in 2024, representing over half of the world's population, this is a significant year in history for global democracy so it's unsurprising that there's an increase in interest.

Continue reading →

Ensuring observability has always involved three pillars: logs, metrics and traces. However, the reality is that most organizations simply store this information in silos which are incapable of communicating with one another.

Jeremy Burton, CEO of Observe, believes organizations need to go beyond the three pillars of past failed solutions and instead view observability as purely a data problem. We talked to him to learn more.

Continue reading →

Google has announced significant updates to its Chrome web browser aimed at bolstering cybersecurity for its users. In response to the ever-evolving nature of cyber threats, Chrome will now feature real-time Safe Browsing protections and enhanced password security measures, particularly for desktop and iOS users.

Traditionally, Chrome’s Safe Browsing feature relied on a periodically updated list to check if websites or files posed a potential danger. However, with malicious sites often fleeting, existing for less than 10 minutes on average, this method had its limitations. To address this, Chrome’s Standard protection mode will now verify sites against a real-time, server-side list of known malicious URLs. This shift is expected to increase the efficacy of phishing attack prevention by 25 percent.

Continue reading →

As the volume of data continues to increase and the threat landscape continues to evolve, it is increasingly important for organizations to protect backup data from unwanted deletion. Threats today can take the form of a malicious insider deleting backup data or a targeted cyberattack on the backups themselves. Modern ransomware attacks often first seek out and destroy backups before moving on to encrypting production data. However, companies will benefit from implementing immutability, the act of making data writable but noneditable for a defined period of time, as part of their data protection arsenal to help avoid or recover from a loss of production data situation.

The rise in cyber incidents, which according to the Veeam Data Protection Trends Report 2023 is the leading cause of outages over the past three years, is bringing the need for immutability to the fore, particularly as most organizations reported having fallen victim to cyber incidents, on average, twice a year.

Continue reading →

Business email compromise (BEC) is one of the most common and expensive threats to organizations so they need to respond to attacks quickly and effectively.

To allow companies to investigate and respond to Microsoft 365 compromises such as BEC, account takeover (ATO) and insider threats, Cado Security is introducing a new feature to its platform so customers can automatically import the Microsoft 365 Unified Audit Log (UAL) by timeframe, user, IP, or workload.

Continue reading →

A new report from DoControl finds that companies are generating approximately 286,000 new SaaS assets, such as files or recordings, each week. However, it also found the public exposure of 35,000 sensitive assets at the average company, a significant lapse in data management and access controls.

The report finds a 182 percent increase in employees sharing company-owned assets via their personal email too. In 2023, findings show that the average company had one out of six employees share data with their personal email account (1.3 million assets).

Continue reading →

Detections for malicious email forwarding rules have risen by nearly 600 percent in 2023, as adversaries compromised email accounts, redirected sensitive communications to archive folders and other places users are unlikely to look, and attempted to modify payroll or wire transfer destinations, re-routing money into the criminal’s account.

This is one of the findings in the latest Threat Detection Report from Red Canary. Half of the threats in top 10 leverage malvertising and/or SEO poisoning, occasionally leading to more serious payloads like ransomware precursors that could lead to a serious attack if not detected.

Continue reading →

New threat research from Salt Labs has uncovered critical security flaws within ChatGPT plugins, highlighting a new risk for enterprises.

Plugins provide AI chatbots like ChatGPT with access and permissions to perform tasks on behalf of users within third party websites. For example, committing code to GitHub repositories or retrieving data from an organization's Google Drives.

Continue reading →

According to a new report, 74 percent of all cyber breaches are caused by human factors, including errors, stolen credentials, misuse of access privileges, or social engineering.

More than two-thirds believe employees are putting the organization at risk through the misuse of email, oversharing company information on social media, and careless web browsing. This highlights the need for staff to receive better training on the risks.

Continue reading →

Friction and lack of communication between development and security teams can lead to problems in software development and testing.

How can we bridge the gap between developer and security teams and help them see that they have common goals? We spoke to Scott Gerlach, CSO and co-founder of StackHawk, the company making web application and API security testing part of software delivery, to find out.

Continue reading →