A new report shows that 79 percent of public sector organizations have started to use AI in production (compared to 83 percent in the private sector) but that trust remains a major concern.

The study, from enterprise resilience platform Splunk, shows trust and reliability in AI-enabled systems -- particularly around cybersecurity tools that employ AI -- continue to be the main concerns for decision-makers (48 percent public, 36 percent private).

Continue reading →

As we enter the busiest period of the year for retail sales, there's less than cheery news that scraping, loyalty card fraud and payment card fraud have increased by a collective average of over 700 percent as attackers lay the groundwork for holiday sale attacks ahead of retailer security crackdowns.

A new report from Cequence Security finds threat actors are evolving their tactics, opting for a more nuanced approach that spreads attacks across a broader timeframe to blend in with legitimate traffic and evade detection ahead of peak holiday shopping times.

Continue reading →

As we approach the end of the year, a new report from Detectify shows that none of the top three vulnerabilities found across all industries in 2023 were covered by a CVE.

What's more, 75 percent of the total vulnerabilities regularly scanned by Detectify, primarily crowdsourced from its community of ethical hackers, don't have a CVE assigned. This suggests that over-reliance on frameworks like the CVE program can weaken an organization's security posture and give it an unrealistic sense of security.

Continue reading →

A new report from Axiad shows that 88 percent of IT professionals feel their company is prepared to defend against a password-based cyberattack, yet 52 percent say their business has fallen victim to one within the last year.

Based on over 200 responses from US IT pros, the study shows 39 percent think phishing is the most feared cyberattack, while 49 percent say it's the attack most likely to happen.

Continue reading →

As cloud-based enterprises continue to grow, the security threats in the cloud grow with them. Organizations operate in complex, multilayered environments that leave security teams scrambling to protect all of their organization's assets and resources. In fact, they may not even be aware of all of them.

What are the biggest risks they face today? And how can organizations mitigate their vulnerabilities?

Continue reading →

New research from Metomic finds that 40 percent of Google Drives hold sensitive data that could put an organization at risk of a data breach or cybersecurity attack.

The research scanned around 6.5 million Google Drive files and also shows that 34.2 percent of all the files scanned were shared with external contacts (email addresses outside of the company's domain) and more than 350,000 files (0.5 percent) had been shared publicly, giving access to anyone who had the document link.

Continue reading →

Ransomware attacks are influencing price inflation, according to a new UK survey by Censuswide, commissioned by Veeam Software.

The findings show that large organizations are having to increase costs to customers by an average of 17 percent following an attack. Nearly a quarter of companies (22 percent) say they increased prices by 21-30 percent, while six percent increased prices by 31-40 percent.

Continue reading →

A new survey of 500 full-time security decision-makers and practitioners finds that 84 percent indicate their organization combines security and data operations into a single analytics tool.

However, the study from Observe shows more than half of the security relevant data that goes into observability systems needs to be transformed before it can be used.

Continue reading →

New research into the manufacturing threat landscape from Trustwave finds that just 19 percent of manufacturing industry leaders are confident in their cyber defense mechanisms.

The research documents the attack flow utilized by threat groups, exposing their tactics, techniques, and procedures. From email-borne malware to the exploitation of SMB and DCOM protocols for lateral movement, these persistent threats pose significant risks to the manufacturing sector.

Continue reading →

As cyberattacks continue to evolve so defenses need to change to keep up. In many cases that means adopting AI.

Enterprise networking and security company Cisco is the latest to embrace this with launch of Cisco AI Assistant for Security.

Continue reading →

According to one analyst estimate, the market for network automation tools will grow nearly 23 percent annually from 2022-2030.

While many IT professionals are familiar with automation of business processes, they are likely less familiar with its applications in network operations (NetOps) and security. As automation technology is maturing, organizations are using network automation solutions to transform their core workflows, including troubleshooting, change management and network security, for more efficient and effective network operations.

Continue reading →

The use of automated security technology is growing rapidly according to the latest edition of the annual Building Security In Maturity Model (BSIMM) report from Synopsys.

The research also shows that there's a move towards a 'shift everywhere' culture -- which means performing security tests throughout the entire software development life cycle -- across more organizations.

Continue reading →

The demands of daily lives increasingly mean that we want to be connected wherever we are. Add in the shift to hybrid working and we’re likely to want to be in touch with the office all the time too.

That makes the lure of free public Wi-Fi, whether it's in a coffee shop, a hotel or an airport, hard to resist, especially if you have a limited data allowance on your mobile contract. But of course using public networks always comes with a side order of added risk.

Continue reading →

Starting from today, a new Google inactive account policy comes into effect which means that accounts that haven't been active for two years will be deleted.

So, what counts as 'activity'? Google provides a helpful list:

Continue reading →

Recent cyber attacks have seen not just the usual monetary motives but also the rise of espionage attempts with attacks on government officials.

So how can organizations, both public and private sector, protect their most valuable assets? We spoke to Glenn Luft, VP of engineering at Archive360, to find out.

Continue reading →