Security

In light of the recent explosion of cyber attacks and the changes brought about by the pandemic, there appears to be a compelling need for cybersecurity transformation. Businesses have to update their cyber defenses or risk the possibility of falling prey to persistently sophisticated attacks.

Transforming an organization’s security posture, however, is not as easy as it sounds. It takes time, expertise, and resources. One bad decision or an inadequacy in the technologies employed will render the transformation useless. Things can even become worse than the previous state. To make sure that it yields the expected benefits, organizations need to do it correctly.

The poor state of diversity in the cybersecurity industry is shown by a new report in which 57 percent of women working in the industry believe it will take at least a decade for them to be treated as equals to men, with 20 percent believing it will never happen.

The study from the UK's Chartered Institute of Information Security (CIISec), released in advance of Monday's International Women’s Day, shows women are struggling to progress both due to the status quo of the industry and also not getting the required support.

A new report from vArmour shows that 76 percent of employees have inappropriate access to a sensitive file, and 76 percent were granted inappropriate access to sensitive files within the past year.

IT leaders surveyed also expressed concern about inappropriate or malicious access to applications and data, with 47 percent concerned about malicious actors impersonating employees and 41 percent concerned about inappropriate access to sensitive information.

Business-related applications such as Zoom, Microsoft and DocuSign, now account for 45 percent of impersonation-related phishing attacks as cybercriminals seek to cash in on the vulnerabilities of remote work.

This is one of the findings of a new report from email security company GreatHorn which collected data from over 580 participants working across a diverse set of roles within the information technology security market.

Hot on the heels of yesterday's study revealing a lack of trust in online banking a report out today shows a 250 percent increase in attempted online banking fraud last year.

The research from Feedzai shows a 200 percent increase in mobile banking use, but both telephone and branch fraud rates dropping to lower levels than they had been before the pandemic.

Americans' online banking usage has reached 85 percent, with 25 percent using online banking exclusively. But trust is lagging behind.

A new report from NordVPN shows 40 percent of respondents report that they check their banking apps on a daily basis for compromises. 13 percent say they don't trust, and 27 percent have doubts about, their banking app.

Last month we reported on public sector organizations suffering from cloud leakage. A new report out today shows that this is an issue in the private sector too.

The report from cloud governance platform CloudSphere reveals that 32 percent of enterprises have experienced unauthorized access to their cloud resources.

Business ecosystems have expanded over the years owing to the many benefits of diverse, interconnected supply chains, prompting organizations to pursue close, collaborative relationships with their suppliers. However, this has led to increased cyber threats when organizations expose their networks to their supply chain and it only takes one supplier to have cybersecurity vulnerabilities to bring a business to its knees.

To this point governments around the world have highlighted supply chains as an area for urgent attention in tackling cyber risk in the coming years.

Cyber criminals have thrived during this pandemic. In the first quarter of 2020, DDoS attacks rose by 278 percent compared to the corresponding quarter in the previous year. UK business alone are estimated to have lost over £6.2 million to cyber scams through social engineering. Globally, taking advantage of people’s vulnerabilities and the overnight pivot to 'working from home', fraudsters tricked people into clicking on links to download malware and collect confidential corporate information. Threats of ransomware increased as well.  

It’s no surprise then that to combat this situation, many enterprises, and especially professional services firms, who have long been targeted by cyber criminals, view adopting need-to-know security measures as a priority. It presents a sound way to restrict access to corporate data to those who need it or are authorized to view the information in today’s 'work from anywhere' business environment.

The trend towards digital transformation and the sudden shift to remote working has seen the telecommunications industry become a prime target for both criminal and state-sponsored attacks.

Threat intelligence specialist IntSights has produced a new report focusing on the threats to the telecoms industry and we spoke to Paul Prudhomme, cyber threat intelligence advisor at the company to find out more.

The Solarwinds case has cemented the role of enterprise security in protecting business risk and advancing resiliency. As security continues to elevate and garner a seat at the board-level, we need to rely less on articulating the Fear, Uncertainty and Doubt (FUD) and rely more on communicating in terms of clear operational metrics as a way of establishing a baseline and goals in language the board can understand.

In the last year, we’ve seen a step-change in adoption of Mean-time-to-Detect and Mean-time-to-Respond as the core metrics forward-thinking security leaders are adopting as the north star metrics for their organization.

Zero trust and micro segmentation have gained in prominence in the past year as working patterns have shifted to a remote model. Illumio has announced that its micro-segmentation solution, Illumio Core, is to be made available as part of telecoms giant BT's portfolio of security solutions

Illumio Core provides application visibility, micro-segmentation, and control of all network communications across any data center, container, VM, or cloud environment. its micro-segmentation technology, delivered with BT Security’s support and services, enables a broad range of customers to prevent lateral movement and the spread of breaches within their networks.

A new authentication service is completely password-free, needs no software or dedicated hardware on the customer's part and can be used across any channel or device.

Launched today by identity specialist Transmit Security, BindID allows users to authenticate and access their accounts using the embedded fingerprint or face scanner in their devices, or use their mobile device to securely and easily authenticate to other devices and channels that don't have an embedded biometric reader.

The move to using SaaS applications has been accelerated by the pandemic, with many businesses turning to the cloud to enable their staff to work remotely.

But this raises new issues around keeping the business secure. We spoke to Shailesh Athalye, vice president of compliance at security and compliance platform Qualys to discover more about the issues and how to approach them.

Google and the Linux Foundation are prioritizing funds to underwrite two full-time maintainers for Linux kernel security development.

Gustavo Silva and Nathan Chancellor will focus on maintaining and improving kernel security and associated initiatives in order to ensure the world's most pervasive open source software project is sustainable for decades to come.