Articles about cybersecurity

Of over 200 IT security decision makers surveyed, data theft is cited as the biggest concern by 55 percent, followed by phishing (35 percent) with ransomware taking third place on 29 percent.

The study from Integrity360 shows that in terms of actual incidents phishing is the most common (46 percent), with data theft second on 27 percent. Ransomware, at only 15 percent, is ranked among the least common incidents being seen by businesses.

Continue reading →

2024 is fast approaching, and it seems likely that the new year heralds the same torrent of sophisticated malware, phishing, and ransomware attacks as 2023. Not only are these long-standing threats showing few signs of slowing down, but they're increasing by as much as 40 percent, with federal agencies and public sector services being the main targets.

Meanwhile, weak points like IoT and cloud vulnerabilities are making it tougher for cybersecurity pros to secure the wide attack surface that these edge devices create.

Continue reading →

Over half of the UK population (53 percent) would be supportive of the UK government and its allies breaking international cybersecurity law.

A new survey by Censuswide, on behalf of International Cyber Expo, also shows 45 percent have admitted they would be supportive of, or engage in online cybercriminal activity themselves, in the right circumstances.

Continue reading →

Managing third-party cybersecurity risk across inter-connected supplier ecosystems is becoming increasingly more daunting. Software and systems that used to be managed in-house are now routinely delivered as hosted services by multiple vendors and contractors. Other third parties frequently get brought in at departmental level, often bypassing contracting procedures, and have access to applications that hold sensitive data and business critical information.

A single mistake anywhere in the supply chain could result in data breaches, compliance fines, as well as revenue losses, reputational damage, and a wide range of negative business consequences for months, or even years, down the line.

Continue reading →

Security Information and Event Management (SIEM) platforms are the centerpiece of many organization's security controls, but if these products aren't configured correctly they will produce too many false positives to be useful, and can even make overall threat detection worse.

Security analysts need to trust that their SIEM is detecting threats accurately. We spoke to Sanjay Raja from security analytics company Gurucul to discuss how SIEMs can be configured to offer accurate detection.

Continue reading →

A new report from Team8 shows that 56 percent of CISOs have had budget increases since 2022 despite the economic slowdown, while 25 percent saw no change and 19 percent cuts.

However, larger security departments have been most affected by budget cuts with 67 percent of those with 51-100 people seeing budget reductions.

Continue reading →

It's crucial for organizations to have a complete and comprehensive view of all their cloud assets, but the process of discovery can be a difficult one, especially if multiple platforms are involved.

Cloud security platform Orca Security is launching a new AI-powered cloud asset search that is aimed at making the process more intuitive and available not only to security practitioners, but also developers, DevOps, cloud architects, and risk governance and compliance teams.

Continue reading →

The cybersecurity skills crisis has impacted 71 percent of organizations and left two-thirds of cybersecurity professionals saying that the job itself has become more difficult over the past two years.

New research carried out by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) finds 66 percent of respondents believe that working as a cybersecurity professional has become more difficult over the past two years, with close to a third (27 percent) stating that it is much more difficult.

Continue reading →

A new survey reveals that board members tend to feel good about their company's cybersecurity policy, but that many are still unprepared to face a cyberattack.

The study from Proofpoint surveyed over 650 board members across 12 countries and finds that 73 percent believe cybersecurity is a high priority for their board, 72 percent feel their boards understand the threats they face, and 70 percent agree they have adequately invested in resources.

Continue reading →

Adversaries are exploiting new vulnerabilities much faster than organizations are remediating them. As a result, prioritizing the wrong vulnerabilities will squander security teams' most critical resource -- time.

So, how can organizations prioritize the right threats? We spoke with Anthony Bettini, founder and CEO of VulnCheck, to find out.

Continue reading →

Attackers are always looking for routes that will offer them a way into organizations' networks. New research released today by Armis shows the devices that are most likely to pose a threat.

Interestingly the list includes various personal devices as well as business assets, suggesting attackers care more about their potential access to assets rather than the type and reinforcing the need for security teams to account for all physical and virtual assets as part of their security strategy.

Continue reading →

Of the 90 percent of UK enterprises that have been forced to turn to their backup system, only 27 percent were able to recover all of their information and documents -- down from 45 percent in 2022.

A survey from encrypted drive maker Apricorn finds 32 percent of the security decision makers in large enterprises surveyed attributed the unsuccessful recovery to a lack of robust backup processes, up from two percent in 2022.

Continue reading →

Cybersecurity can, at times, feel like a thankless and invisible task. The punishment for a mistake is immediate and ruthless, the reward for success next to non-existent, because how do you recognize the absence of a breach? But this isn’t a new scenario; the IT industry has dealt with this outlook for decades. The job of an IT department is to be invisible, but when something does go wrong all eyes are inevitably on them to fix it.

In a threat landscape where there exists a constant push to innovate, adapt and breach, there are only three possible outcomes for the IT industry: defeat, indefinite struggle, or complete structural collapse.

Continue reading →

As students at schools and colleges in the UK begin to return after the summer break, new research shows that 96 percent of the top 50 state secondary schools, 92 percent of the top 50 sixth-form colleges and 80 percent of the top 50 universities in the UK are lagging behind on basic cybersecurity measures, leaving students, staff and partners at risk of email-based impersonation attacks.

The research from cybersecurity company Proofpoint is based on an analysis of DMARC adoption and reveals that 70 percent of UK schools are currently taking no steps to protect themselves from domain impersonation by having no published DMARC record.

Continue reading →

The shift to remote and hybrid working has led to many more people using their personal devices for work purposes.

Yet a new survey, from Apple device management specialist Jamf, reveals that 49 percent of enterprises across Europe currently have no formal Bring-Your-Own-Device (BYOD) policy in place, meaning they have no visibility into or control over if and how employees are connecting personal devices to corporate resources.

Continue reading →