Articles about Security

Despite their weaknesses, many organizations continue to rely on a fundamentally flawed traditional security approach that exposes their systems, their data, their users, and their customers to significant risk. Yes, I’m talking here about passwords.

While password practices may have remained a security staple over the decades, the proliferation of digital services offers rich pickings for cybercriminals. Using various methods to gain access to digital accounts, cyber criminals typically target passwords to conduct an attack or account takeover. That’s because passwords are easy to steal and share.

Continue reading →

We can all agree that the effective detection and diagnosis of security threats is a fundamental component of cyber resilience. After all, you cannot protect yourself against what you can’t see, right? With organizations rapidly bolstering their security programs and allocating significant investments to advanced technologies to increase visibility into threats and exposures, many have made notable strides in their ability to expedite the detection of abnormal behavior within their environments. However, this hasn’t come without a cost.  

Monitoring and threat analysis capabilities are deployed widely across most modern organization's technical infrastructure. Everything ranging from firewalls to email filtering and credential scanning. And the laundry list is proliferating as attackers leverage other weaknesses to spy on and steal data. This is where we begin to encounter challenges. Wading through these alerts, diagnostic analysis and remediation insights has caused a great deal of strain on cyber efficiency and security teams.

Continue reading →

Google has announced that it will release security updates for Chrome on a weekly basis, doubling the speed with which fixes are delivered to the stable channel.

This will not change the release schedule for significant new versions of Chrome, but it means that users of the browser can enjoy greater security. Google's change in pace is designed to reduce the "patch gap", with the company saying that it treats "all critical and high severity bugs as if they will be exploited".

Continue reading →

Navigating the complexities of today’s digital landscape, it's clear that cyber security can no longer be the sole accountability and responsibility of one person -- the CISO. As cyber threats evolve, becoming more frequent and sophisticated, a single individual can't feasibly manage it all. As a result, and at some point in the future, we may dare to consider that the traditional CISO role might eventually become obsolete as business units become secure-by-design.

We need to pivot. Rather than placing the weight of managing an organization's entire security on the shoulders of one person, we need to integrate cyber security throughout every layer of our operations. This means moving towards a world where every business unit and every employee in an organization understands and owns their role in maintaining cyber security.

Continue reading →

Microsoft has released a large new cumulative update for Windows 11 in the form of the KB5029263 update.

As this release fixes a series of security issues in the operating system, everyone running Windows 11 22H2 should install it as soon as possible. KB5029263 is a mandatory update so it will be installed automatically -- eventually -- but it is important enough to justify taking manual action to ensure you have it immediately.

Continue reading →

Investigation of information security incidents is the last stage of enterprise protection and one of its most important parts, helping to minimize the damage caused by hackers and build defenses to prevent future incidents. The investigation assists in evaluating the security of the company's IT infrastructure and in formulating recommendations for its enhancement.

Incident investigation is a crucial component of any enterprise's information security framework. Merely monitoring the work of the security tools is not enough, as security incidents are happening all the time. Without a proper response to these incidents, the enterprise, in effect, lacks adequate information security protection.

Continue reading →

No one would dispute that communication is vital, if not the most critical factor, to the success of any organization. But in the now not-so-new remote and hybrid work environment, it is harder than ever before to maintain the same level of communication, collaboration, speed -- and therefore productivity -- that was once available in the office environment.  

As enterprises look to technology to navigate the challenges of remote and hybrid working, providing tools that help employees work in a safe and secure manner is now, more than ever, an enabler of business success. Equipping employees with full-featured mobile messaging and collaboration tools with built-in security, control, and compliance is essential for helping them safely succeed in the digital world of work. 

Continue reading →

In today’s fast-paced development environment, a comprehensive API security testing strategy is no longer a luxury, but a necessity. Testing your APIs for security gaps ensures that your APIs functions are reliable, secure, and perform as expected under different circumstances. It helps to identify issues such as incorrect data formats, missing or inaccurate data, and faults in authentication or authorization.  

Proper API testing can also help to minimize downtime, reduce the risk of errors, and improve the overall quality of the software system. However, it’s important to note that comprehensive API security testing is a discipline in and of itself.

Continue reading →

Privacy-centric firm Proton has announced that its password manager, Proton Pass, is now more than just open source. The company has had the code of its apps, browser extensions and APIs subjected to an independent security audit by German security specialists Cure53.

With passwords providing access to some of the most value and sensitive personal information imaginable, reliable security is essential. The auditors' assessment that Proton has a "commitment to maintaining a high-level of security" and that "the state of security across Proton's applications and platforms is commendable" will serve as helpful recommendations for anyone looking for a safe and secure password manager.

Continue reading →

Workplace modernization has emerged as an important trend impacting organizations of all sizes, in all industries, and across all geographies. The move by so many businesses to embrace modern end-user technologies is anticipated to help improve recruitment, enhance employee productivity, and may have a measurable impact on talent retention.

One of the main forces behind workplace modernization is a belief that employees will be happier and ultimately more productive if they’re able to choose the devices they use for work. Coupled with both technical and organizational support for anywhere work styles, employees are finding they have a much stronger voice in the selection of IT tooling and the accompanying workflows.

Continue reading →

Priorities have changed since 2021 when A10 Networks first surveyed communication service providers (CSPs) to better understand their priorities and requirements coming out of the pandemic. In 2023, the world is now a very altered place, and while the pandemic is largely over, this challenge has been superseded by geopolitical and economic uncertainty on an equally global scale.  

Undoubtedly, connectivity played a vital role in keeping the wheels of society and business turning during the pandemic - what would we have done without our video calls and the internet? But it is equally, if not more, essential in today’s uncertain world that CSPs continue to play an important role in keeping society connected. 

Continue reading →

The oil and gas sector remains a crucial pillar of the global economy, an industry that supports not only millions of jobs worldwide but also underpins essential energy provisions for homes, businesses, and transportation networks.

Yet, as digital technology continues to pervade this sector, oil and gas companies are increasingly being exposed to critical cyber threats. The industry's increasing dependence on digital systems has escalated the importance of robust cybersecurity strategies, presenting an array of unprecedented challenges.

Continue reading →

Recent Salesforce research shows 52 percent of consumers expect their offers to be personalized. To create these tailored offerings and drive a seamless customer experience, retailers gather vast amounts of personally identifiable information (PII) -- from addresses to purchasing history and payment information. This makes them an irresistible -- and relatively low risk -- target for cybercriminals. As a result, data breaches within retail are increasingly common, even for major retailers -- as we saw earlier this year with the JD Sports Data Breach, which exposed the PII of around 10 million people.

To help protect consumers, governing bodies are putting increased pressure on companies to comply with data protection rules -- including the UK’s upcoming Data Protection and Digital Information Bill. Consumer trust is key when it comes to retail too. So, companies unable to protect their customer data not only risk enormous fines, but significant damage to their brand reputation. So, following recent high-profile retail breaches, how can brands protect their customers’ personal data? 

Continue reading →

In recent months, the buzz surrounding AI technology has grown rapidly, due in large part to the release -- and subsequent zeitgeist moment -- of ChatGPT. A chatbot fueled by language modeling AI technology that is free to the public, ChatGPT has been the subject of seemingly endless discourse regarding its implications since its launch last November.

This type of AI technology is convincing and well… intelligent. It’s almost like a contemporary iteration on the concept of a search engine -- you can type in a prompt, and within moments you’ll receive a well-articulated, seemingly accurate response pulling from sources all over the web.

Continue reading →

While 75 percent of organizations have made significant strides to upgrade their infrastructure in the past year and 78 percent have increased their security budgets, only two percent of industry experts are confident in their security strategies, according to a new report.

The study, from critical infrastructure protection specialist OPSWAT, also finds most organizations have embraced public cloud hosting for their web applications, with an overwhelming 97 percent already employing or planning to implement containerization.

Continue reading →