Articles about Security

Last month we reported on public sector organizations suffering from cloud leakage. A new report out today shows that this is an issue in the private sector too.

The report from cloud governance platform CloudSphere reveals that 32 percent of enterprises have experienced unauthorized access to their cloud resources.

Continue reading →

Business ecosystems have expanded over the years owing to the many benefits of diverse, interconnected supply chains, prompting organizations to pursue close, collaborative relationships with their suppliers. However, this has led to increased cyber threats when organizations expose their networks to their supply chain and it only takes one supplier to have cybersecurity vulnerabilities to bring a business to its knees.

To this point governments around the world have highlighted supply chains as an area for urgent attention in tackling cyber risk in the coming years.

Continue reading →

Cyber criminals have thrived during this pandemic. In the first quarter of 2020, DDoS attacks rose by 278 percent compared to the corresponding quarter in the previous year. UK business alone are estimated to have lost over £6.2 million to cyber scams through social engineering. Globally, taking advantage of people’s vulnerabilities and the overnight pivot to 'working from home', fraudsters tricked people into clicking on links to download malware and collect confidential corporate information. Threats of ransomware increased as well.  

It’s no surprise then that to combat this situation, many enterprises, and especially professional services firms, who have long been targeted by cyber criminals, view adopting need-to-know security measures as a priority. It presents a sound way to restrict access to corporate data to those who need it or are authorized to view the information in today’s 'work from anywhere' business environment.

Continue reading →

The trend towards digital transformation and the sudden shift to remote working has seen the telecommunications industry become a prime target for both criminal and state-sponsored attacks.

Threat intelligence specialist IntSights has produced a new report focusing on the threats to the telecoms industry and we spoke to Paul Prudhomme, cyber threat intelligence advisor at the company to find out more.

Continue reading →

The Solarwinds case has cemented the role of enterprise security in protecting business risk and advancing resiliency. As security continues to elevate and garner a seat at the board-level, we need to rely less on articulating the Fear, Uncertainty and Doubt (FUD) and rely more on communicating in terms of clear operational metrics as a way of establishing a baseline and goals in language the board can understand.

In the last year, we’ve seen a step-change in adoption of Mean-time-to-Detect and Mean-time-to-Respond as the core metrics forward-thinking security leaders are adopting as the north star metrics for their organization.

Continue reading →

Zero trust and micro segmentation have gained in prominence in the past year as working patterns have shifted to a remote model. Illumio has announced that its micro-segmentation solution, Illumio Core, is to be made available as part of telecoms giant BT's portfolio of security solutions

Illumio Core provides application visibility, micro-segmentation, and control of all network communications across any data center, container, VM, or cloud environment. its micro-segmentation technology, delivered with BT Security’s support and services, enables a broad range of customers to prevent lateral movement and the spread of breaches within their networks.

Continue reading →

A new authentication service is completely password-free, needs no software or dedicated hardware on the customer's part and can be used across any channel or device.

Launched today by identity specialist Transmit Security, BindID allows users to authenticate and access their accounts using the embedded fingerprint or face scanner in their devices, or use their mobile device to securely and easily authenticate to other devices and channels that don't have an embedded biometric reader.

Continue reading →

The move to using SaaS applications has been accelerated by the pandemic, with many businesses turning to the cloud to enable their staff to work remotely.

But this raises new issues around keeping the business secure. We spoke to Shailesh Athalye, vice president of compliance at security and compliance platform Qualys to discover more about the issues and how to approach them.

Continue reading →

Google and the Linux Foundation are prioritizing funds to underwrite two full-time maintainers for Linux kernel security development.

Gustavo Silva and Nathan Chancellor will focus on maintaining and improving kernel security and associated initiatives in order to ensure the world's most pervasive open source software project is sustainable for decades to come.

Continue reading →

A new report from BlackBerry shows that as our digital habits have changed over the past year cybercriminals have become increasingly successful at finding and targeting vulnerable organizations.

The greater adoption of digital offerings has exposed companies to inadequate protections for employees and customers amongst an ever-growing and under-secured attack surface.

Continue reading →

Employees working from home on a company-provided computer are putting businesses at risk with one in four consumers admitting to using their work email or password to log in to consumer websites and apps such as food delivery, online shopping and even dating apps.

A new study from automation platform Ivanti surveyed 1,000 Americans working from home during the pandemic on a company-provided computer to examine how consumer and enterprise cybersecurity habits have changed.

Continue reading →

After a year full of unknowns and new normals, knowledge is power. The spike in cyber breaches in the past year, compounded by COVID-related attacks, has only increased the importance of cyber threat intelligence (CTI) in the past year. The 2021 SANS Cyber Threat Intelligence survey, sponsored by ThreatQuotient, explores the state of play in the global use of CTI and outlines why the difficulties of the past year have contributed to the continued growth and maturity of CTI. 

The 2021 survey saw the number of respondents reporting they produce or consume intelligence rise by 7 percent, more notably, this was the first time the number of respondents without plans to consume or produce intelligence was 0 percent, down from 5.5 percent in 2020. Analyzed CTI helps organizations understand the capabilities, opportunities, and intent of adversaries conducting malicious cyber activities. In turn, this paints a picture about how threat actors are targeting an organization’s systems, information, and people. It is this contextual information that helps organizations and individuals respond to threats, understand risks, design better cyber defenses, and protect their organization. 

Continue reading →

Ever tried explaining cybersecurity to someone who isn’t tech-savvy? Just last year, my 67-year-old mother came to me in a fluster because her laptop was hijacked by a full-screen pop-up that looked like ransomware.

Thank goodness I figured out the problem before it got worse. But when you can’t be there 24/7, how do you help those around you understand basic cybersecurity principles so they can stay safe online?

Continue reading →

Entrepreneurial cybercriminals are operating as middlemen by breaching as many companies as possible and then selling on access to the highest bidder rather than infiltrating systems themselves.

New research from Digital Shadows reveals that these 'Initial Access Brokers' are flourishing during the pandemic as employees increasingly log in to systems remotely.

Continue reading →

On average it takes 25 days for companies to fix cloud infrastructure misconfigurations, according to a new report from cyber resilience specialist Accurics.

The research highlights security risks identified in cloud native environments. It shows that even organizations that establish a secure baseline when infrastructure is provisioned will experience 'drift' over time, when configuration changes occur in runtime, and these take an average of eight days to fix.

Continue reading →