cybersecurity

Despite an overall decline in the number of healthcare data breaches, the first half of this year has seen a record number of individuals have their information exposed.

The latest Healthcare Data Cyber Breach Report from security-as-a-service provider Critical Insight shows individual records compromised in data breaches increased by 31 percent in the first half of 2023 compared to the second half of 2022.

A new study reveals that 76 percent of enterprises don't have complete visibility into the access policies and applications across multiple cloud platforms, including which access policies exist, where applications are deployed, and who does and doesn't have access.

The report, from Strata Identity based on data from Osterman Research, shows the percentage of organizations using a single cloud identity provider (IDP) is down from 30 percent to 20 percent since last year. The other 80 percent are now using multiple IDPs to manage enterprise identity.

Earlier this year, AT&T's Cybersecurity Insights Report found that business and technology leaders are finally coming together not just to understand the new edge computing ecosystem, but to make more predictable, data-informed business decisions.

We spoke to head of cybersecurity evangelism at AT&T Business, Theresa Lanowitz, to find out more about the edge journey ahead and how it will affect businesses.

Both ransomware groups and APTs continue to exploit vulnerabilities in public-facing applications, particularly in security appliances, business email technologies and enterprise file transfer products.

The latest mid-year threat review from Rapid7, based on the company's threat analytics and underground intelligence data, shows almost 40 percent of incidents Rapid7 managed services teams saw in the first half of 2023 were the result of missing or lax enforcement of multi-factor authentication, particularly for VPNs and virtual desktop infrastructure.

New analysis of more than 13 billion files stored in public cloud environments reveals that more than 30 percent of cloud data assets contain sensitive information.

The study by Dig Security shows personal identifiable information (PII) is the most common sensitive data type that organizations save. In a sample data set of a billion records, more than 10 million social security numbers were found -- the sixth most common type of sensitive information -- followed by almost three million credit card numbers, the seventh most common type.

Data breaches and cyberattacks are seldom far from the news, and it's an area that seldom stands still for long.

We spoke to founder and CEO of White Knight Labs, Greg Hatcher, to discuss how threat tactics are evolving and what organizations can do to protect themselves.

We are moving nearer to a passwordless future according to a survey from Delinea carried out at at the 2023 Black Hat USA Conference.

A survey of 100 attendees finds 54 percent say that 'passwordless' is a viable concept while 79 percent agree that passwords are evolving or becoming obsolete.

Data is one of the biggest drivers of innovation in healthcare today. Almost everything in healthcare relies on having access to the right data from developing new drugs and medical equipment to allocating resources.

Making use of this data often requires sharing with other organizations and that presents challenges when it comes to keeping it secure. We spoke to Riddhiman Das, co-founder and CEO at TripleBlind, to learn how healthcare organizations are securing their data while still making it accessible.

Earlier this week we reported on a technique that could determine a password by listening to keystrokes. Just in case you weren't worried enough by that, today we learn of the risk of passwords being compromised by 'thermal attacks'.

These use heat-sensitive cameras to read the traces of fingerprints left on surfaces like smartphone screens, computer keyboards and PIN pads. Hackers can then use the relative intensity of heat traces across recently-touched surfaces to reconstruct users' passwords.

Ever keen to jump aboard a passing bandwagon, scammers are looking to make a quick buck by exploiting eager vacationers trying to save money when booking travel deals.

But new research from Bitdefender Antispam Lab finds that only 38 percent of analyzed travel-themed spam emails received during a three-month analysis were marketing lures, with the remaining 62 percent marked as scams.

New research from audio visual solutions and services provider Kinly, shows that 27 percent of AV professionals believe that customer trust in their organization has been weakened by remote work.

The research surveyed 150 UK-based AV professionals working across 'high trust' industries like banking, finance, healthcare, energy, and the public sector, and reveals that communication via open Wi-Fi networks (89 percent) is the top security concern with hybrid work.

Many organizations need help gaining visibility into the IP addresses across their whole environment in order to understand their attack surface.

New enhancements to the Detectify platform include an IP Addresses view, this lets users gain seamless access to a comprehensive list of all IPs associated with their domains.

Critical infrastructure protection specialist OPSWAT has released its latest Threat Intelligence Trends survey looking at organizations to manage the current threat landscape and how to prepare for future challenges.

It finds that 62 percent of organizations recognize the need for additional investments in tools and processes to enhance their threat intelligence capabilities. Only 22 percent have fully matured threat intelligence programs in place though, with most indicating that they are only in the early stages or need to make additional investments in tools and processes.

According to a new report, 84 percent of CISOs say that they are called into sales engagements related to closing sales of their company's products and services, highlighting the connection between AppSec and business growth.

The study from Checkmarx also reveals that 96 percent of CISOs say their prospects consider the level of application security of their organizations when making purchase decisions.

Systems at the Electoral Commission, the body which oversees elections in the UK, have suffered a breach exposing electoral registers which hold the data of anyone registered to vote between 2014 and 2022. The Commission’s email system was also exposed in the breach.

In a statement on its website the Commission says it identified the incident in October last year but that systems were accessed as long ago as August 2021.