cybersecurity

Machine learning in security is harder than other domains because of the changing nature and abilities of adversaries, high stakes, and a lack of ground-truth data.

This book will prepare machine learning practitioners to effectively handle tasks in the challenging yet exciting cybersecurity space. It begins by helping you understand how advanced ML algorithms work and shows you practical examples of how they can be applied to security-specific problems with Python -- by using open source datasets or instructing you to create your own.

Between the rise of competition, the changing regulatory landscape, the evolution of AI and the rise of new threat actors, the role of the CTO can be a challenging one.

What characteristics are needed for the role and how can incumbents ensure that it remains relevant? We spoke to Ajay Keni, CTO at OneSpan, to find out.

It won't come as any surprise that there's a thriving market among threat actors for the latest vulnerability exploits. A new report from Flashpoint lifts the lid on this world and reveals the exact vulnerability exploits that were listed for sale, purchased, and/or traded in the first half of 2023.

One of the most expensive was a remote code execution exploit for Adobe Commerce -- the eCommerce platform formerly known as Magneto -- which was listed for sale at $30,000. A Citrix ShareFile exploit was priced at $25,000.

Of over 200 IT security decision makers surveyed, data theft is cited as the biggest concern by 55 percent, followed by phishing (35 percent) with ransomware taking third place on 29 percent.

The study from Integrity360 shows that in terms of actual incidents phishing is the most common (46 percent), with data theft second on 27 percent. Ransomware, at only 15 percent, is ranked among the least common incidents being seen by businesses.

2024 is fast approaching, and it seems likely that the new year heralds the same torrent of sophisticated malware, phishing, and ransomware attacks as 2023. Not only are these long-standing threats showing few signs of slowing down, but they're increasing by as much as 40 percent, with federal agencies and public sector services being the main targets.

Meanwhile, weak points like IoT and cloud vulnerabilities are making it tougher for cybersecurity pros to secure the wide attack surface that these edge devices create.

Over half of the UK population (53 percent) would be supportive of the UK government and its allies breaking international cybersecurity law.

A new survey by Censuswide, on behalf of International Cyber Expo, also shows 45 percent have admitted they would be supportive of, or engage in online cybercriminal activity themselves, in the right circumstances.

Managing third-party cybersecurity risk across inter-connected supplier ecosystems is becoming increasingly more daunting. Software and systems that used to be managed in-house are now routinely delivered as hosted services by multiple vendors and contractors. Other third parties frequently get brought in at departmental level, often bypassing contracting procedures, and have access to applications that hold sensitive data and business critical information.

A single mistake anywhere in the supply chain could result in data breaches, compliance fines, as well as revenue losses, reputational damage, and a wide range of negative business consequences for months, or even years, down the line.

Security Information and Event Management (SIEM) platforms are the centerpiece of many organization's security controls, but if these products aren't configured correctly they will produce too many false positives to be useful, and can even make overall threat detection worse.

Security analysts need to trust that their SIEM is detecting threats accurately. We spoke to Sanjay Raja from security analytics company Gurucul to discuss how SIEMs can be configured to offer accurate detection.

A new report from Team8 shows that 56 percent of CISOs have had budget increases since 2022 despite the economic slowdown, while 25 percent saw no change and 19 percent cuts.

However, larger security departments have been most affected by budget cuts with 67 percent of those with 51-100 people seeing budget reductions.

It's crucial for organizations to have a complete and comprehensive view of all their cloud assets, but the process of discovery can be a difficult one, especially if multiple platforms are involved.

Cloud security platform Orca Security is launching a new AI-powered cloud asset search that is aimed at making the process more intuitive and available not only to security practitioners, but also developers, DevOps, cloud architects, and risk governance and compliance teams.

The cybersecurity skills crisis has impacted 71 percent of organizations and left two-thirds of cybersecurity professionals saying that the job itself has become more difficult over the past two years.

New research carried out by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) finds 66 percent of respondents believe that working as a cybersecurity professional has become more difficult over the past two years, with close to a third (27 percent) stating that it is much more difficult.

A new survey reveals that board members tend to feel good about their company's cybersecurity policy, but that many are still unprepared to face a cyberattack.

The study from Proofpoint surveyed over 650 board members across 12 countries and finds that 73 percent believe cybersecurity is a high priority for their board, 72 percent feel their boards understand the threats they face, and 70 percent agree they have adequately invested in resources.

Adversaries are exploiting new vulnerabilities much faster than organizations are remediating them. As a result, prioritizing the wrong vulnerabilities will squander security teams' most critical resource -- time.

So, how can organizations prioritize the right threats? We spoke with Anthony Bettini, founder and CEO of VulnCheck, to find out.

Attackers are always looking for routes that will offer them a way into organizations' networks. New research released today by Armis shows the devices that are most likely to pose a threat.

Interestingly the list includes various personal devices as well as business assets, suggesting attackers care more about their potential access to assets rather than the type and reinforcing the need for security teams to account for all physical and virtual assets as part of their security strategy.

Of the 90 percent of UK enterprises that have been forced to turn to their backup system, only 27 percent were able to recover all of their information and documents -- down from 45 percent in 2022.

A survey from encrypted drive maker Apricorn finds 32 percent of the security decision makers in large enterprises surveyed attributed the unsuccessful recovery to a lack of robust backup processes, up from two percent in 2022.