Articles about cybersecurity

IT security breaches are becoming more frequent and costly. According to IBM Security’s Cost of a Data Breach Report 2023 UK organizations shell out an average of £3.4m for data breach incidents. There isn't a CISO around that doesn't wish they had that kind of budget to spend on IT security. The tools to help security teams do their job more effectively are out there, but getting them approved in the annual budget is not guaranteed and investment can sometimes be too late.

So what can UK IT leaders do to make sure they continue to improve their IT security without blowing their budget? Here are eight ways to bolster cybersecurity resources: 

Continue reading →

As QR codes have become popular, they're used for all kinds of things from mobile payments to access control and even document sharing. The problem is that they can also hide risks so it's no surprise that they're becoming a popular vehicle for phishing.

New analysis from Hoxhunt finds the use of QR codes in 22 percent of attacks on its 'global human risk network' in the first weeks of October 2023.

Continue reading →

A new report from GuidePoint Security's Research and Intelligence Team (GRIT) shows a total of 3,385 publicly posted ransomware victims in the first three quarters of this year, claimed by 57 different threat groups, representing an 83 percent year-on-year increase.

Attacks directed against US-based organizations decreased, but there has been a marked increase in attacks impacting other nations. Other countries consistently affected, like the UK, saw an approximate 41 percent increase in attacks in Q3.

Continue reading →

The power that quantum computing makes available offers benefits in many areas, but it also means cracking encryption becomes much easier, which poses an enormous threat to data and user security.

At its annual Trust Summit conference, DigiCert has released the results of a global study exploring how organizations are addressing the post-quantum computing threat and preparing for a safe post-quantum computing future.

Continue reading →

A new survey of 900 full-time security decision-makers and practitioners around the world finds that 55 percent of respondents say they're likely to switch jobs in the next year.

The Voice of the SOC report, from secure workflow specialist Tines, shows that 63 percent of the security decision-makers and practitioners surveyed are experiencing burnout amid relentless cyberattacks, internal pressures, and limited resources.

Continue reading →

Bad bots are designed perform various malicious activities. These range from basic scrapers that try to get some data off an application -- and are easily blocked -- to more advanced persistent bots that try to evade detection.

Barracuda researchers have been tracking bots for several years and have identified some interesting recent trends not least that, like King Louie in The Jungle Book, they 'wanna be like you'.

Continue reading →

Governments and data make for a complex relationship. In some cases, agencies are obligated to make information publicly accessible. In others, sensitive data is highly regulated and therefore needs to be protected to keep it out of the public domain.

With key information changing hands internally via various departments and externally via third parties, it's vital that government agencies can access systems and share data securely -- particularly given increases in cyberattacks.

Continue reading →

In the third quarter of this year, phishing attacks soared by 173 percent compared with the previous three months, and malware was up 110 percent over the same period.

Email security company Vade has released its quarterly Phishing and Malware Report which shows Q3 2023's malware volumes almost set a record for the highest total of any quarter, trailing only Q4 2016's mark of 126.8 million.

Continue reading →

Identity management company AU10TIX has released its latest Global Identity Fraud Report, based on insights from millions of transactions processed in 249 countries from April to June 2023.

It finds there has been a 44 percent increase in organized ID fraud in North America compared to preceding quarters. This upsurge is believed to be driven by the ongoing economic recovery and inflationary pressures, particularly in the US market, which are emboldening professional ID fraud syndicates.

Continue reading →

A new report from Netskope looks at the activities of cybercriminals based on the techniques and motivators that were most commonly detected among its customers in the first three quarters of 2023.

In news that will come as a surprise to precisely nobody it shows that the highest percentage of cybercriminal activity comes from Russia, while China accounts for most politically-motivated attacks.

Continue reading →

A new survey of over 500 security and IT operations leaders worldwide shows that 61 percent believe that data loss within the next 12 months due to increasingly sophisticated attacks is ‘likely’ or ‘very likely’.

The study from Commvault, with research carried out by IDC, reveals that in many cases, senior executives/line-of-business leaders are minimally engaged in their company's cyber preparedness initiatives -- just 33 percent of CEOs or managing directors and 21 percent of other senior leaders are heavily involved.

Continue reading →

With the increasing reliance on APIs, detecting suspicious API traffic has become crucial to ensure the security and integrity of these interactions. Suspicious API traffic poses a huge threat to the overall system and its data, the traffic can indicate malicious intent such as unauthorized access attempts, data breaches, or even potential attacks targeting vulnerabilities in the API infrastructure.

API traffic refers to the data and requests that are transmitted between different applications or systems using APIs. This allows software programs to communicate and exchange information, enabling seamless integration and interaction between various platforms. API traffic also involves the transfer of data, such as requests for data retrieval or updates, between the client application and the server hosting the API. 

Continue reading →

Application Programming Interfaces (APIs), which act as the glue connecting systems and applications together, are now the number one attack target for cyber criminals. Attack methods have changed over recent years, however, prompting the OWASP API Security Project to revise its API Security Top 10 of attack types for 2023.

But do the tactics, techniques and procedures (TTPs) it covers still serve as a blueprint for defense? We spoke to Jason Kent, hacker in residence at Cequence Security, to find out if the top 10 is liable to see defenders take too narrow an approach.

Continue reading →

The modern workforce is more distributed and dependent on devices than ever before. In this hybrid work environment, digital employee experiences are siloed. IT teams are on the hook to ensure end-user productivity despite strained financial resources and the IT talent war.

Despite their technical expertise, IT service teams are limited in their ability to be in multiple locations at once. Distributed workforces further cause significant blind spots and open up businesses to vulnerabilities hiding in the dark estate. That’s where hidden issues live, yet IT teams can’t see them. The potential for unknown risks is nothing new in IT. So why should businesses care about the dark estate, especially now when IT departments are already burdened by lengthy lists of service requests, putting out fires, and keeping up with security challenges?

Continue reading →

A new report from business software company Sage shows that 48 percent of SMBs have experienced a cyber security incident in the past year.

In addition the study of over 2,000 SMB decision makers around the world finds 51 percent say keeping on top of new threats is their biggest challenge and 44 percent say economic uncertainty and the cost of living has reduced cybersecurity budgets.

Continue reading →