Articles about cybersecurity

Application Programming Interfaces (APIs), which act as the glue connecting systems and applications together, are now the number one attack target for cyber criminals. Attack methods have changed over recent years, however, prompting the OWASP API Security Project to revise its API Security Top 10 of attack types for 2023.

But do the tactics, techniques and procedures (TTPs) it covers still serve as a blueprint for defense? We spoke to Jason Kent, hacker in residence at Cequence Security, to find out if the top 10 is liable to see defenders take too narrow an approach.

Continue reading →

The modern workforce is more distributed and dependent on devices than ever before. In this hybrid work environment, digital employee experiences are siloed. IT teams are on the hook to ensure end-user productivity despite strained financial resources and the IT talent war.

Despite their technical expertise, IT service teams are limited in their ability to be in multiple locations at once. Distributed workforces further cause significant blind spots and open up businesses to vulnerabilities hiding in the dark estate. That’s where hidden issues live, yet IT teams can’t see them. The potential for unknown risks is nothing new in IT. So why should businesses care about the dark estate, especially now when IT departments are already burdened by lengthy lists of service requests, putting out fires, and keeping up with security challenges?

Continue reading →

A new report from business software company Sage shows that 48 percent of SMBs have experienced a cyber security incident in the past year.

In addition the study of over 2,000 SMB decision makers around the world finds 51 percent say keeping on top of new threats is their biggest challenge and 44 percent say economic uncertainty and the cost of living has reduced cybersecurity budgets.

Continue reading →

According to a new survey of 302 security professionals, almost 80 percent say they have 'good' or 'excellent' career prospects, and more than 84 percent say the industry is 'growing' or 'booming'.

However, the report from The Chartered Institute of Information Security (CIISec) finds the industry is still plagued by issues including stress and overwork. 22 percent of respondents work more than the 48 hours per week mandated by the UK government, and eight percent work more than 55 hours which, according to the World Health Organization, marks the boundary between safe and unsafe working hours.

Continue reading →

The latest biannual Cyber Threat Intelligence Report from Critical Start reveals the top 10 cyber threats, including a rise in phishing attacks using QR codes are on the rise with bad actors masquerading as Microsoft security notifications.

Since May this year a major campaign has seen emails with a QR code embedded inside a PNG image or a PDF attachment. This has been aimed across industries with the energy sector being hardest hit -- one US energy company received 29 percent of all emails in the campaign.

Continue reading →

A new survey of 205 IT security decision makers highlights mounting concerns over the use of AI, and deepfakes in particular, as 68 percent of respondents express concerns about cybercriminals using deepfakes to target their organisations.

The study from Integrity360 finds 59 percent also agree that AI is increasing the number of cyber attacks, which aligns with the change in attacks that have been noticeable over the past year as 'offensive AI' is being used for tasks such as malware creation.

Continue reading →

The most recent average CISO total compensation increase was 11 percent, down from 14 percent the previous year. This year, 20 percent of CISOs did not receive a raise, double the number of a year ago.

Research released today from IANS Research and Artico Search finds that the share of CISOs with bigger retention bonuses and equity packages also declined to 12 percent (from 21 percent) and to eight percent (from 24 percent), respectively.

Continue reading →

We reported earlier today that businesses are struggling with IoT device connectivity, another report out today shows that securing these devices is a major problem too.

The study for Keyfactor, conducted by Vanson Bourne, finds 97 percent are struggling to secure their IoT and connected products to some degree.

Continue reading →

A new report finds 86 percent CISOs are turning to generative AI in order to alleviate skills gaps and talent shortages on the security team, filling labor-intensive and time-consuming security functions and freeing up security professionals to be more strategic.

The study from Splunk shows 35 percent are using generative AI for positive security applications and 61 percent say they will likely use it within the next 12 months. On the other side of the coin 70 percent believe that generative AI could give cyber adversaries more opportunities to commit attacks

Continue reading →

New research to coincide with Cybersecurity Awareness Month finds that 34 percent of Brits admit that they have given up following cybersecurity best practice because it feels like an impossible task.

The study from Thales surveyed over 2,000 UK citizens and finds an alarming level of consumer apathy when it comes to keeping themselves safe online.

Continue reading →

Today's application security landscape is complex and can lead to teams spending a lot of time hunting down vulnerabilities. Add in the move to cloud-based development and there's an even higher volume of code to deal with

We spoke to Shahar Man, CEO at Backslash Security, to learn more about what AppSec needs to look like in this world and how it ties in with greater use of the cloud.

Continue reading →

When CISOs think about cybersecurity for their companies, there are certain expectations. Password protection, firewalls, and continuously training employees on the latest phishing scams, to name a few. And to be sure, cyber risks like these are as relevant as ever. The persisting problem is, cybersecurity is like any defense contest: the burden (and therefore the disadvantage) is on the defender. You have to win every time, whereas an attacker only has to win once to cause major damage.

Frustratingly, cyber criminals have shown time and time again that they are actually quite gifted at creative approaches, thinking outside the box, and combining advanced tech with old school techniques. For instance, a suspicious-looking form letter email is easy to spot and delete. However, by purchasing even a small amount of personal data from the dark web, a smart criminal can craft a phishing email with just enough familiarity so that its target will most likely open it without hesitation. With enough patience and photoshopping, a malicious actor can send customers a message from their favorite store that leads them to a spoofed website solely created to steal their credit card information. Increasingly today, these attacks targeting customers are more prevalent.

Continue reading →

As Cybersecurity Awareness Month celebrates its 20th anniversary this year, it's the perfect time to reflect on the strides we've made in security education and awareness. It’s also a chance to look ahead, combining education with the right technology to protect people at scale.

Two decades is a very long time on the internet -- there was no Facebook or YouTube in 2003. Now there are more than 500 times as many secure websites. Phishing was just beginning to catch on. Now phishing is widely reported to be a multi-billion-dollar problem, with millions of attacks detected and taken down each year. As the internet has evolved, so have cybercriminals.

Continue reading →

October, as you might have noticed, is Cybersecurity Awareness Month. Now in its 20th year, this aims to bring the public and private sectors to work together to raise awareness about the importance of cybersecurity.

As always industry experts are keen to use the event to offer views on the security landscape, here we round up some of their comments.

Continue reading →

In today's increasingly digitally-centered organizations, the development of products, services, and solutions increasingly depends on the implementation of Application Programming Interfaces (APIs).

APIs have become the building blocks of modern business applications and are critical to digital transformation -- so much so that API security has become a boardroom issue.

Continue reading →