Attacks on infrastructure and energy companies are increasing, but they are occurring inside enterprise IT networks, not directly in the critical infrastructure, according to a new report.

AI powered attack detection specialist Vectra finds attackers typically gain a foothold in energy and utilities networks by staging malware and spear-phishing to steal administrative credentials.

Continue reading →

The world of analytics is changing. Self-Service Analytical tools like Tableau, Qlik, and Power BI are enabling business users to perform reporting and analytics on their own with little to no support from the IT organization. This trend has evolved due to several factors including:

1)  Organizations are flooded with data and IT organizations are not able to keep up
2)  Easier to use Business Intelligence tools make it more efficient for business users to directly create their reports rather than go through IT for a project
3)  IT organizations analytical projects can take several months when a business needs this information in weeks

Continue reading →

While organizations are increasingly using the public cloud to create new digital experiences for their customers, the average enterprise experiences more than 2,200 misconfiguration incidents per month in their infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) instances.

This is among the findings of McAfee's latest Cloud Adoption and Risk Report which also finds that 21 percent of data in the cloud can now be classed as 'sensitive', putting the business at risk if it's stolen or leaked.

Continue reading →

Risk management specialist Focal Point Data Risk, has released its latest Cyber Balance Sheet Report showing that wider awareness of risks -- including third-party data breaches, ransomware and geopolitical conflicts -- spurs more security dialogue in the boardroom.

However, C-Suite and security leaders still struggle to frame risk in productive decision-making terms and keep an eye on whether companies are operating within an acceptable level of risk.

Continue reading →

Moving to digital transformation means that companies frequently have a host of vendors, suppliers, providers, and subsidiaries, all connected to their network or data and each with the potential to publicly expose customer information, intellectual property, or heavily regulated data.

Without continuous insight into these other networks third-party risks can be hard to assess, leaving businesses open to the possibility of data breaches.

Continue reading →

When many enterprises think of mainframes, they think of reliable, workhorse technology and legacy applications.

Mobile, windows-based applications are rarely top of mind. However, mainframes still power much of today's digital economy, from mobile banking to online ticket reservations, and still have a place in the enterprise IT stack.

Continue reading →

According to research from Kaspersky Lab, 86 percent of CISOs believe that breaches are inevitable, but too many are stuck in a vicious circle of risk.

Financially motivated criminal gangs (40 percent) and malicious insider attacks (29 percent) are the biggest risks to their businesses, and these are the threats that are extremely difficult to prevent, either because they are launched by 'professional' cybercriminals or because they are assisted by employees who are expected to be on the right side.

Continue reading →

According to a new report, 71.5 percent of violations on AWS occur around identity and access management (IAM).

The study from cloud security company Netskope analyzed the Center for Internet Security's Benchmarks for AWS. Many of the IAM violations found involve instance rules, role-based access controls, and access to resources or password policy requirements -- things that enterprises can easily address even without an external security solution.

Continue reading →

Endpoints make the enterprise run, whether they are laptops or desktops running macOS, Windows or Linux; smartphones or tablets running iOS or Android; virtual machines or IoT devices. They’re found driving business on local networks, in remote offices and in the hands of traveling users.

However, endpoints also make the enterprise vulnerable. They are a favorite target of criminals who launch cyberattacks via ransomware, spyware, phishing and other malicious software. Over the past year alone, critical endpoint vulnerabilities have been discovered in popular OSs and applications and then exploited by WannaCry, Meltdown, Spectre, Petya, Fireball, Bad Rabbit and other harmful code. The challenge facing enterprises, then, is how to minimize the vulnerability of their endpoints and simultaneously maximize their value. While endpoint management is already a widely adopted IT practice, now is the time for IT teams to expand their efforts to include endpoint security. As we’ll see below, combining endpoint management and security can solve some of your most pressing issues.

Continue reading →

Insecure and outdated web applications are a core source of high-profile data breaches among FT 500 global companies according to new research from web security company High-Tech Bridge.

The study reveals that abandoned, shadow and legacy web applications more or less nullify corporate cybersecurity spending and undermine compliance.

Continue reading →

It seems not a day goes by without a new cloud data breach making headlines. And though the victims change, the attack details remain the same. Why do organizations keep repeating the same cloud security mistakes? And how can we break free from this vicious cycle?

We spoke to Zach Malone, security engineer at security management specialist FireMon, who discusses these issues and tells us why, to identify the biggest threat to cloud security, we need to look in the mirror.

Continue reading →

During his keynote speech today at the Jamf User Nation Conference in Minneapolis, IBM CIO Fletcher Previn announced that IBM is going to open source its Mac@IBM code.

Designed to streamline the integration of corporate-owned or BYOD Apple Mac devices and applications into the enterprise while delivering a personalized experience, Mac@IBM has seen the number of IBMers using Macs increase from 30,000 in 2015 to 134,000 in 2018.

Continue reading →

Security gaps in key areas such as plain-text passwords, direct connections to the internet, and weak anti-virus protections are leaving industrial control systems vulnerable to attack according to a new report.

The study from ICS security company CyberX also shows that although the use of Windows XP has declined over the last year there are still older, unpatchable, Windows systems in slightly more than half of all industrial sites.

Continue reading →

IT operations is an area that often involves analyzing and reacting to a series of events and that makes it a strong candidate for automation.

Operations platform specialist OpsRamp has recognized this with the launch of OpsQ, an intelligent event management, alert correlation, and remediation solution for hybrid enterprises.

Continue reading →

Businesses are increasingly moving more of their operations to the cloud and this leads to a greater focus on securing these workloads.

Cloud infrastructure security company Threat Stack has released a new report created by Vanson Bourne which shows 54 percent of businesses are worried that they will soon outgrow their security solutions.

Continue reading →