Articles about Security

The rise of remote working and the growing complexity of securely managing multiple types of end user devices has seen 77 percent of businesses intending to increase spending on identity and access management solutions.

A study by ESG Research, sponsored by directory platform JumpCloud, finds an additional 20 percent plan to keep their IAM spending at existing levels, and 49 percent of respondents say they plan to consolidate IAM controls, using fewer security vendors.

Continue reading →

BullGuard has announced its new 2021 security suite, featuring Dynamic Machine Learning, which continuously monitors all processes on a user's device, enabling real-time detection and blocking of potentially malicious behavior before it can do damage.

The new suite also offers Multi-Layered Protection which uses six layers -- Safe Browsing, Dynamic Machine Learning, Sentry Protection for Zero-Day Malware, an On-Access AV Engine, a Firewall and a Vulnerability Scanner -- to defend the user’s devices from malware, without the need for user interaction.

Continue reading →

The Information Security Forum (ISF) is releasing Becoming a Next Generation CISO, a digest which sets out the range of disciplines a next-generation Chief Information Security Officer can be expected to master.

CISOs are coming under pressure to secure organizations as they embark on ambitious digital transformation programs in an increasingly hostile and turbulent world. CISOs need to adapt to this evolving environment, master new skills and advance the discipline of information security.

Continue reading →

Surveyed during the lockdown period, 67 percent of security professionals report that they have caught employees engaging in unsafe or unproductive activity on the web.

The study of 300 cyber security professionals from cloud security company Censornet finds the most common bad behaviour is employees using streaming services at work such as Netflix or Amazon Prime (35 percent).

Continue reading →

Attempted account takeovers grew by 282 percent over the last year, while ATO rates for physical eCommerce businesses -- those that sell physical goods online -- have jumped 378 percent since the start of the COVID-19 pandemic.

The Q3 2020 Digital Trust and Safety Index released today by Sift finds that between Q2 2019 and Q2 2020, ATO attacks happened in discrete waves about a week apart, indicating that fraudsters are turning to bots and automation in order to overwhelm security.

Continue reading →

In order to meet short deployment cycles, 73 percent of security professionals and developers feel forced to compromise on security according to a new report.

The study into DevSecOps from open source security and license management specialist WhiteSource, based on responses from over 560 developers in the US and Europe, finds that 20 percent of respondents describe their organizations' DevSecOps practices as 'mature', while 62 percent say they are improving, with only 18 percent being classed as 'immature'.

Continue reading →

Cybercriminals have launched a record number attacks on online platforms and services this year, with more than 929,000 DDoS attacks occurring in May, the single largest number of attacks ever seen in a month.

The latest threat intelligence report from NETSCOUT also reveals that 4.83 million DDoS attacks occurred in the first half of 2020, a 15 percent increase, and attack frequency jumped 25 percent during the peak pandemic lockdown months of March through June.

Continue reading →

Between March and July 2020, almost half of companies experienced a data breach or security incident according to a new report, and half of these were caused by phishing attacks.

The study from Tessian also reveals that 82 percent of IT leaders think their company is at greater risk of phishing attacks when employees are working away from the office.

Continue reading →

It is just days since the CISA (Cybersecurity and Infrastructure Security Agency) issued an emergency warning about a critical Windows vulnerability. Now Microsoft has issued a warning that the vulnerability is being actively exploited and the company is "actively tracking threat actor activity".

The Netlogon EoP vulnerability (CVE-2020-1472) is concerning not just because of its severity, but because of the fact that it can be exploited in a matter of seconds. The security issue affects Windows Server 2008 and above, and enables an attacker to gain admin control of a domain.

Continue reading →

A large majority of enterprises are now using the cloud, but moving to cloud-based solutions inevitably presents challenges, not least in security.

We spoke to Sam Humphries, Security Strategist at SIEM (Security Information and Event Management) specialist Exabeam to get her views.

Continue reading →

A new survey of 1,000 US employees has found that boring security awareness training doesn't make them want to be secure.

The study conducted by Osterman Research for MediaPRO shows that employees get far more benefit out of interesting and engaging training, which shouldn't really surprise anybody.

Continue reading →

Today's 5G networks mostly rely on the infrastructure of previous-generation 4G LTE networks. The non-standalone architecture has proved a quick way to provide subscribers with 5G access, however, this also exposes both the next-generation network and 5G subscribers to the same threats as older networks.

A new white paper from Positive Technologies details how mobile network operators (MNOs) who have already begun upgrading to 5G networks can migrate from previous generation networks without exposing themselves and their subscribers to existing and new risks.

Continue reading →

Business Email Compromise (BEC) attacks are increasingly used by attackers as a way of targeting organizations. New research from Abnormal Security  indicates that these attacks have adapted to the pandemic, with Zoom becoming the most impersonated brand and COVID-themed attacks surging.

We spoke to Evan Reiser, CEO of Abnormal Security to find out more about what’s been happening and what trends we can expect to see as the year progresses.

Continue reading →

Organizations are suffering from a lack of visibility into their supply chain and 8 percent experienced a breach that originated from vulnerabilities in their vendor ecosystem in the past year.

A new report from cybersecurity services company BlueVoyant, based on research carried out by Opinion Matters, shows that only 22.5 percent of organizations monitor their entire supply chain and just 32 percent re-assess and report their vendor’s cyber risk position either six-monthly or annually.

Continue reading →

With cyberattacks increasing in volume and new types of incidents occurring, businesses need protection for everything from network intrusion to ransomware and all the things in between.

Many organizations are turning to cyber insurance to provide cover for dealing with incidents and their aftermath, but a recent report shows that many are put off by not understanding levels of exposure, amount of cover, and by cost.

Continue reading →