Articles about cybersecurity

New research reveals that a small volume of security exposures can put more than 90 percent of an organization's critical assets at risk of compromise.

The analysis of more than 60 million exposures in over 10 million entities from XMCyber, in collaboration with the Cyentia Institute, finds just two percent of security exposures can actually lead to critical assets and most exposures (75 percent) along attack paths lead to 'dead ends'.

Continue reading →

Our tech-filled lives put us at daily risk of cybercrimes, as we spend the majority of our time interacting with devices that could give hackers access to our personal data. In fact, according to DataProt, nearly 60 Percent of Americans say they have experienced cybercrime or somehow fell victim to a hacker. As every aspect of our lives becomes more connected, the opportunities for bad actors rise.

Businesses are not immune to these persistent threats. Reports show that 70 Percent of small businesses are unprepared for a cyberattack, and almost 90 Percent of professional hackers can penetrate a company within 12 hours. It is no surprise that the Federal Bureau of Investigation (FBI) has officially ranked cybercrime as one of its agency’s most important interests.

Continue reading →

Since its inception, Microsoft Defender Antivirus (FKA Windows Defender) was considered somewhat of a joke by power users. They would assert that it provided you with the protection of an umbrella in a hurricane. While its deficiencies were often exaggerated, indeed, it didn’t give you the same depth and scope as high-quality third-party solutions. 

When Bitdefender retired its free antivirus solution in 2021 (only to release a new free antivirus in 2022), many turned back to Microsoft Defender. After all, Microsoft should ultimately know the best ways to secure its software. It's surprising it took so long for the company to expand the coverage of its Microsoft Defender line, especially, with the largest share of its revenue being made from intelligent cloud computing.

Continue reading →

A new survey from OTORIO and ServiceNow reveals that 58 percent of organizations identify their operational technology (OT) cybersecurity risk level as high or critical.

However, the survey of 200 IT and OT leaders shows only 47 percent of companies surveyed have an OT cybersecurity solution in place, and 81 percent of respondents still manage their OT risks manually rather than having an automated solution.

Continue reading →

Active Directory (AD) is used by 90 percent of enterprises as the primary source of trust for identity and access. But it can also be a weak link, exploited in many modern cyberattacks.

We spoke to Ran Harel, senior director of product management at Semperis, to explore the challenges in securing a hybrid AD environment and how organizations can best defend this expanded attack surface.

Continue reading →

Over half of organizations say they have suffered a data breach in the past two years, an increase from 49 percent in 2022 and 39 percent in 2021.

In addition, a new report from Splunk shows 62 percent of respondents report that their business-critical applications have suffered from unplanned downtime due to a cybersecurity incident on at least a monthly basis, an increase from 54 percent in 2022.

Continue reading →

As businesses get bigger they begin to gain extra layers of management and start to behave in different ways. A new report from Trend Micro reveals that the same is true for cybercrime groups.

A typical large cybercrime organization allocates 80 percent of its operating expenses to wages, with the figure similarly high (78 percent) for smaller criminal organizations, according to the report.

Continue reading →

New research from cybersecurity AI company Darktrace shows a 135 percent increase in social engineering attacks using sophisticated linguistic techniques, including increased text volume, punctuation, and sentence length, and with no links or attachments.

This trend suggests that generative AI tools, such as ChatGPT, are enabling threat actors to craft sophisticated and targeted attacks at speed and at scale.

Continue reading →

Cybersecurity threats are growing at an alarming rate across the globe while at the same time, cybercriminals are becoming even more sophisticated in their methods of attacks. Meanwhile, the shortage of cybersecurity talent is making it difficult for organizations and industries to meet these constantly shifting security demands.

As such, the cybersecurity landscape has become increasingly challenging. In fact, cybercrime is expected to cost the world $10.5 trillion annually by 2025 but organizations are struggling to build the specialized skills required to manage these growing threats. According to ISACA’s latest State of Cybersecurity Report, 63 percent of enterprises have unfilled cybersecurity positions while labor shortages in the UK have become particularly acute. In fact, while there are currently about 339,000 cyber professionals in the UK (up 13 percent year-on-year), there is still a shortfall of 56,811 workers (up 70 percent year-on-year).

Continue reading →

Cyber insurance has often been seen by business leaders as a monetary guarantee that even if hackers do break into their networks and steal their data, they can still escape financially unscathed.

Yet this premise was recently rocked after Lloyd's of London, the world's biggest insurance syndicate, redefined its policies to no longer cover for nation-state cyberattacks. There are other challenges facing the cyber insurance sector in the year ahead too.

Continue reading →

Our threat researchers at Lares encounter a broad range of security flaws and vulnerabilities when we conduct Purple Team exercises on behalf of our clients. Over time, the same unforced errors seem to come up so often that we warn security teams to develop standardized practices to defend against them.

The Lares Adversarial Collaboration Unit assists clients with defensive collaboration engagements and Purple Team assessments, which combine offensive and defensive techniques to strengthen security protections. Red Teams emulate external or insider attackers, while Blue Teams serve as internal security defenders. Purple Teams assist both sides by aligning the defensive tactics of the Blue Team with the threats attempted by the Red Team.

Continue reading →

Backups have been an essential part of IT since the days of paper tape and punched cards, but nobody ever said they were exciting.

Of all the things that now have a day devoted to them, backups probably deserve one more than most for being the unsung savior of many an information professional's career. On today's World Backup Day we've asked some experts to tell us their views on backups and why they are still vital.

Continue reading →

Enterprises are faced with a barrage of new threats and entry points and as a result need to deploy, scale, enforce and maintain zero trust security policies to keep pace.

Access control needs to be at the core of any successful zero trust model but this too presents challenges. We spoke to Denny LeCompte, CEO of Portnox, to discover how organizations can overcome zero trust barriers.

Continue reading →

Allowing people to use their own devices for work comes with risks. A new report from SlashNext shows that 43 percent of employees were found to have been the target of a work-related phishing attack on their personal devices.

When it comes to securing BYOD hardware, 90 percent of security leaders say that protecting employees' personal devices is a top priority, but only 63 percent say they definitely have the tools to do so adequately.

Continue reading →

Shadow data is named as the number one concern around protecting cloud data by 68 percent of data security professionals.

A new study from Laminar reveals that the number of respondents expressing concern over shadow data has increased to 93 percent compared to 82 percent the year before.

Continue reading →