Articles about cybersecurity

We hear a lot about the cybersecurity skills gap, which the latest research puts at 3.4 million globally. There are lots of reasons why organizations find themselves dealing with a skills deficit -- from an actual dearth of qualified talent to internal factors including turnover, lack of budget/competitive wages, limited opportunities for growth and promotion, and lack of training. 

One aspect that is within a company’s control, but is often unremarked, is unrealistic hiring practices. While this can be a problem across all sectors -- after all, every business wants to be sure they get highly experienced people on board -- there seems to be a particular issue around cybersecurity hiring. 

Continue reading →

Cyberattacks are increasingly a feature of everyday life, yet many companies remain unaware of their teams' true readiness to defend against them.

Cyber defense specialist RangeForce is launching a new Defense Readiness Index (DRI), a pioneering scoring system which gauges an organization's readiness to effectively respond to the cyberattacks it is likely to face.

Continue reading →

There tends to be some confusion about where cyber risk ends and where IT risk starts and the terms are often used interchangeably.

We spoke to Gary Lynam, head of ERM advisory at risk management specialist Protecht, to find out more about understanding and managing the different types of risk that enterprises face.

Continue reading →

Email attacks in the US grew by five times between June 2022 and May 2023. However, Europe saw total attacks increase seven-fold during the same period -- to an average of 2,842 attacks per 1,000 mailboxes in May.

Data released today by Abnormal Security shows that where business email compromise (BEC) attacks are concerned, the disparity is even greater.

Continue reading →

Today’s digital-first economy has transformed the role of the modern CISO, increasing threats and changing security priorities. New research from Salt Security shows that 89 percent of CISOs report that the rapid deployment of digital services has generated unforeseen risks to securing critical business data.

The study of 300 CSOs and CISOs around the world reveals the top risk as being personal liability and litigation resulting from security breaches, with 48 percent of CISOs citing that challenge.

Continue reading →

Hybrid computing environments, which combine on-premises and cloud-based technologies, have become increasingly common in recent years. This shift has created new security challenges for IT leaders, particularly when it comes to managing the security of identity environments.

We spoke with Ran Harel, associate vice president of security products at Semperis, to find out more about the changing risk landscape and how it can be addressed.

Continue reading →

Cybersecurity concerns are likely to go out of the window during the summer months according to a new study which finds that 33 percent of employees in the US and UK are less likely to worry about following best practices while working in the summer.

The research, from API and application protection platform ThreatX, also shows IT teams are struggling to monitor and enforce BYOD policies during summer months when more employees are traveling or working remotely.

Continue reading →

New research into the password habits of over 8,000 individuals across the UK, France and Germany shows 75 percent of people don't adhere to widely accepted password best practices, putting themselves at risk.

The study from Keeper Security shows 64 percent are either using weak passwords or repeat variations of passwords to protect their online accounts. More than a third of people also admit to feeling overwhelmed when it comes to taking action to improve their cybersecurity.

Continue reading →

Certificate authority GlobalSign is warning that later this year, and into 2024, there will be significant changes within the Public Key Infrastructure (PKI) marketplace that they need to be aware of.

These changes involve several critical areas: Google's move to reduce the lifespan of SSL/TLS certificates to 90 days, new CA/Browser Forum Baseline Requirements for email security, and mandatory Root changes issued by Mozilla.

Continue reading →

Data volumes are growing exponentially year after year, this means huge amounts of log data that security teams are struggling to collect, analyze and act on in a timely manner.

As a result, security teams are inundated with data that is fragmented across locations and platforms. We spoke to CTO of MinIO Ugur Tigli to discuss how modern object storage can be used to build automated cybersecurity analytics pipelines to break down these barriers and enable security teams to quickly take action on the information stored in log files.

Continue reading →

The latest Security Maturity Report, published today by ClubCISO, shows 76 percent of CISOs reported no material breaches over the past year, up from 68 percent in 2022.

Despite the difficult economic climate, heightened global tensions and the onset of new technology making cybercrime easier, 60 percent of those surveyed say that no material cyber security incident had occurred in their organization over the past 12 months.

Continue reading →

It’s no secret that rapidly rising prices, spurred by Russia’s war in Ukraine, have inflicted damage on the reputations of energy companies. While the companies themselves may not have caused those rising prices, it’s their logos that consumers see on top of their energy bills every month.

It should hardly be surprising then that a survey by Populous found that just 16 percent of Britons view the energy sector positively. These are people, remember, who’ve found themselves in the midst of one of the worst cost-of-living crisis in decades. Millions of them have also, at some point in the past few months had to choose between heating their homes and eating.

Continue reading →

The annual Gartner Security and Risk Management Summit is always fertile ground for discovering the latest trends in cyber security, with this year being no exception. The 2023 event was held in early June, and central themes of this year's summit were the increasing complexity of managing cybersecurity adversaries, the increase in data breaches, and the heightened risk identity poses in an ever-evolving digital landscape.

One of the most significant takeaways from this year's summit is the role of Privileged Access Management (PAM) within the Cybersecurity Mesh.  The Cybersecurity Mesh distributed architectural approach to scalable, flexible, and reliable cybersecurity control. The Cybersecurity Mesh allows the security perimeter to be defined around the identity of a person or thing, highlighting the critical role PAM plays in modern cybersecurity strategies. The shift to remote work, accelerated by the global pandemic, and the subsequent rise in cloud-based infrastructures, have further emphasized the importance of the shift from infrastructure-based perimeters to identity perimeters.

Continue reading →

A new survey of UK small and medium enterprises shows that 47 percent believe they are at greater risk of a cyberattack since the cost-of-living crisis.

The study from CyberSmart reveals that 38 percent believe this is due to increased malicious insider threats such as disgruntled employees making decisions that are not in the best interest of the company. While 35 percent believe it is due to negligent insider threats such as overworked or distracted employees making mistakes.

Continue reading →

Two thirds of IT executives in the manufacturing sector believe that their enterprise will be targeted by a cyberattack within the next 12 months.

The study of 300 executives, carried out by CXO Priorities for Quest Software, shows that the most significant threats are seen as ransomware (22 percent), industrial espionage (21 percent), and state-sponsored threats (21 percent).

Continue reading →