Articles about Security

We've already looked at the possible cybercrime landscape for 2021, but what about the other side of the coin? How are businesses going to set about ensuring they are properly protected next year?

Josh Bregman, COO of CyGlass thinks security needs to put people first, "2020 has been incredibly stressful. Organizations should therefore look to put people first in 2021. Cybersecurity teams are especially stressed. They've been tasked with securing a changing environment where more people than ever before are working remotely. They've also faced new threats as cyber criminals have looked to take advantage of the pandemic: whether through phishing attacks or exploiting weaknesses in corporate infrastructure. Being proactive, encouraging good cyber hygiene and executing a well thought out cyber program will go a long way towards promoting a peaceful and productive 2021, not least because it will build resiliency."

Continue reading →

Securing enterprise networks has always been a challenge, but 2020 and the shift to remote working has made it even more so.

Fortunately secure SD-WAN technology can help businesses to deal with the new landscape as well as reducing costs and making strong security accessible to more organizations. We spoke to Mike Wood CMO of Versa Networks to find out more.

Continue reading →

2020 has been a boom year for eCommerce, with average daily transaction volumes equal to 88 percent of the volume achieved during Black Friday weekend 2019 according to digital trust and safety specialist Sift.

It also finds the average attempted fraudulent purchase value has risen to over $700 from October through November 2020, a 70 percent year-on-year increase compared to the same period in 2019.

Continue reading →

The MITRE ATT&CK framework is now used by many organizations to help them understand and counter threats. Less well known is the latest addition, MITRE Shield.

We spoke to Carolyn Crandall, chief deception officer and CMO at Attivo Networks to find out more about how this can be used along with MITRE ATT&CK to better address adversaries.

Continue reading →

IBM Security is launching a new service that allows companies to experiment with fully homomorphic encryption (FHE) -- an emerging technology that allows data to remain encrypted while being processed or analyzed in cloud or third-party environments.

IBM Security Homomorphic Encryption Services provide companies with education, expert support, and a testing environment to develop prototype applications that can take advantage of FHE.

Continue reading →

For many organizations, the immediate shift to remote work meant IT pros had to manage a hyper-accelerated, mass cloud migration coupled with large-scale SaaS platform rollouts. Daily users of Microsoft Teams, for example, rose from 75 million to 115 million in less than six months. Now that the first tidal wave of digital transformation has passed, IT and security teams should recalibrate and reprioritize application security and data governance in 2021 and beyond.

And while the pandemic has underscored major SaaS platform security concerns, including a rise in sophisticated cyber threats, research indicates many organizations still struggle with the fundamental tasks needed to secure the workforce -- both remote and on-prem. Here are three common mistakes and how to avoid them.

Continue reading →

The move towards zero trust has been one of the big security stories of 2020, driven by a switch to remote work, but so far it has been largely the preserve of bigger organizations.

Now though JumpCloud has added Conditional Access policies to its Directory Platform, enabling IT admins to adopt zero trust security from the same cloud platform that they use to manage and securely connect users to IT resources.

Continue reading →

Researchers at mobile device security company Lookout have uncovered a new strain of spyware targeting iOS and Android users in multiple Asian countries.

Called Goontact, it targets users lured to illicit sites and steals personal information stored on their mobile devices in order to carry out sextortion scams.

Continue reading →

Paying off a bad actor for successfully implementing ransomware into an organization is the enterprise equivalent of rewarding a bad child who vandalized a home with candy -- but unfortunately, many organizations often have no choice but to pay… and pay a lot.

Technology has enabled asymmetric attacks. In other words, one attacker can federate an attack across many organizations. The attacker needs to get the attack right once -- while the defenders (corporations, governments, hospitals, etc.) need to get their defense right every… single… time!

Continue reading →

New account fraud based on ID verification declined by 23.2 percent worldwide, year-on-year in 2020 according to a new report from AI-powered identity verification specialist Jumio.

Although selfie-based fraud rates were five times higher than ID-based fraud, this shows the growing number of stolen ID documents available on the dark web and, more importantly, the growing need to determine if an ID is authentic and belongs to the user.

Continue reading →

Among the many things that have changed in 2020 it's proved to be a record year for crowdsourced cybersecurity adoption, according to Bugcrowd.

Enterprises across all industries have been implementing crowdsourced cybersecurity programs to keep up with the evolving threat landscape. Bugcrowd has seen a 50 percent increase in submissions on its platform in the last 12 months, including a 65 percent increase in Priority One (P1) submissions, which refer to the most critical security vulnerabilities.

Continue reading →

A lockdown increase in online gaming activity has inevitably attracted attention from attackers, resulting in nearly 77 percent of cyberattacks targeting the online gaming and gambling industries in Q3 of 2020.

The latest DDoS Threat Report from Nexusguard also reveals a huge 287 percent increase in total DDoS attacks in the third quarter compared to the same period last year.

Continue reading →

With many large enterprises using Active Directory (AD) and Azure Active Directory (AAD) to control user permissions and access, this has become one of first places attackers look for weakness.

Add to this an acceleration of digital transformation projects due to the pandemic and more and more companies are looking to implement zero trust to stay secure. But a new report from One Identity suggests this transition may prove challenging.

Continue reading →

The analyst team at digital risk protection firm CybelAngel has discovered that more than 45 million medical imaging files, including X-rays and CT scans, are freely accessible on unprotected servers.

The findings are the result of a six-month investigation into Network Attached Storage (NAS) and Digital Imaging and Communications in Medicine (DICOM), the de facto standard used by healthcare professionals to send and receive medical data.

Continue reading →

The Christmas shopping season is in full swing. This year, online retailers pushed the boundaries with "Black November" in the hopes of improving their online sales, thanks to the uncertainty around in-store shopping due to COVID-19, leading many customers to make their purchases from the safety of their own homes.

As a result, e-commerce merchants have witnessed a significant uptick in users and devices connecting to websites than in recent years.

Continue reading →