Articles about cybersecurity

Industrial control system and operational technology environments are becoming increasingly interconnected and complex, offering efficiency and innovation. However, this also exposes organizations to heightened vulnerabilities from relentless cyber threats.

The latest SANS 2023 ICS/OT Cybersecurity Survey, sponsored by critical infrastructure protection specialist OPSWAT, shows the three items of utmost importance for ICS security programs in 2023 have been identified as network visibility, risk assessments, and transient device threat detection.

Continue reading →

According to a new survey from Censuswide for Veeam Software, UK business leaders rate ransomware as a more significant threat to their organization (43 percent) than the economic crisis (41 percent), skills shortages (34 percent), political uncertainty (31 percent), and Brexit (30 percent).

The survey 100 directors of UK companies with over 500 employees who had suffered a ransomware attack in the past 18 months finds 61 percent are anxious about the prospect of another attack.

Continue reading →

A new report from cyber insurance provider Coalition shows a 12 percent increase in cyber claims over the first six months of this year, driven by the notable spikes in ransomware and funds transfer fraud (FTF).

Companies with over $100 million in revenue saw the largest increase (20 percent) in the number of claims as well as more substantial losses from attacks -- with a 72 percent increase in claims severity from the second half of 2022.

Continue reading →

In 2023, the total average annual cost of an insider risk increased to $16.2 million, a 40 percent increase over a four-year period.

This is among the findings of a new insider risks report from DTEX Systems, based on research from the Ponemon Institute. The study also shows that the average number of days taken to contain an insider incident has increased to 86 days.

Continue reading →

New research shows that if an attacker has compromised an email account they can use inbox rules to hide in plain sight while they quietly move information out of your network via your inbox and hide security warnings.

The report from Barracuda reveals techniques including setting a rule to forward to an external address all emails containing sensitive and potentially lucrative key words such as 'payment' or 'confidential' to steal information or money.

Continue reading →

A new report from SpyCloud shows that while 79 percent of organizations say they are confident in their ransomware defenses, 81 percent were affected at least once in the past 12 months.

The study also shows that infostealer infections preceded 22 percent of ransomware events for North American and European ransomware victim companies in 2023. 76 percent of infections that preceded these ransomware events involved the Raccoon infostealer malware.

Continue reading →

Lots of apps are potentially transmitting and saving user data without express permission and this has led some administrations to consider bans.

In May, Montana passed the first bill to ban TikTok statewide due to data concerns, and India has banned 60 apps, including TikTok, claiming they were transmitting user data back to China.

Continue reading →

The death of the password has been predicted for a long time, yet despite increased adoption of biometrics, passkeys and other newer technologies, passwords still underpin much of our day-to-day security.

We spoke to Darren James, senior product manager at Specops Software, to discuss passwords, whether they still have a future and where authentication is heading.

Continue reading →

Recent research carried out by IBM found that organizations with regularly tested incident response plans had a $2.66 million lower data breach cost than organizations without them.

We spoke to Adam Scamihorn, product director at InterVision, to find out why every enterprise needs to have a strong incident response plan in order to face up to growing security threats.

Continue reading →

New research shows that only 14 percent of businesses get back 100 percent of their data following a ransomware attack -- even if they agree to the ransom demand.

The study sponsored by Zerto and conducted by Enterprise Strategy Group also reveals that nearly 60 percent of organizations reported an impact to regulated data, such as personally identifiable information, in successful ransomware attacks.

Continue reading →

Cybersecurity can, at times, feel like a thankless and invisible task. The punishment for a mistake is immediate and ruthless, the reward for success next to non-existent, because how do you recognize the absence of a breach? But this isn’t a new scenario; the IT industry has dealt with this outlook for decades. The job of an IT department is to be invisible, but when something does go wrong all eyes are inevitably on them to fix it.

In a threat landscape where there exists a constant push to innovate, adapt and breach, there are only three possible outcomes for the IT industry: defeat, indefinite struggle, or complete structural collapse.

Continue reading →

Emails from supposedly wronged and robbed Nigerian nobility asking for help in exchange for a payout of millions were one of the very earliest email scams.

For a while 'Nigerian prince' emails, also known as '419 scams' in reference to part of the Nigerian Criminal Code relating to fraud, were a regular feature in most people's inboxes.

Continue reading →

Machine learning in security is harder than other domains because of the changing nature and abilities of adversaries, high stakes, and a lack of ground-truth data.

This book will prepare machine learning practitioners to effectively handle tasks in the challenging yet exciting cybersecurity space. It begins by helping you understand how advanced ML algorithms work and shows you practical examples of how they can be applied to security-specific problems with Python -- by using open source datasets or instructing you to create your own.

Continue reading →

Between the rise of competition, the changing regulatory landscape, the evolution of AI and the rise of new threat actors, the role of the CTO can be a challenging one.

What characteristics are needed for the role and how can incumbents ensure that it remains relevant? We spoke to Ajay Keni, CTO at OneSpan, to find out.

Continue reading →

It won't come as any surprise that there's a thriving market among threat actors for the latest vulnerability exploits. A new report from Flashpoint lifts the lid on this world and reveals the exact vulnerability exploits that were listed for sale, purchased, and/or traded in the first half of 2023.

One of the most expensive was a remote code execution exploit for Adobe Commerce -- the eCommerce platform formerly known as Magneto -- which was listed for sale at $30,000. A Citrix ShareFile exploit was priced at $25,000.

Continue reading →