Security

Poor privileged access management practices that lead to people having too much access continue to be a critical challenge for many organizations despite significant risks of data breaches and security incidents.

A new report from technology consulting company Sila and the Ponemon Institute surveyed more than 650 North American respondents and finds 70 percent think it likely that privileged users within their organizations are accessing sensitive or confidential data for no discernible business need.

Nearly a quarter of malicious URLs are being hosted on trusted domains, as hackers know trusted domain URLs raise less suspicion among users and are more difficult for security measures to block.

This is one of the findings of the latest Webroot threat report which also shows 29 percent of detected phishing web pages use HTTPS as a method to trick users into believing they're on a trusted site via the padlock symbol.

Despite the rise of cloud storage, 87 percent of organizations still use USB drives but they are struggling to manage their usage according to a new report.

The study from encrypted drive manufacturer Apricorn reveals that 58 percent don't use port control or whitelisting software to manage USB device usage and 26 percent don't use software-based encryption.

Although most security professionals use key performance indicators to measure their efforts they struggle to reconcile these with business goals, according to a new report from Thycotic.

It finds that while 84 percent of respondents have KPIs, and an even higher proportion (92 percent) say they review security in terms of its impact on the business, nearly half (44 percent) say their organization struggles to align security initiatives with the business’s overall goals, while more 35 percent aren't clear what the business goals are.

Email is now the preferred communication method for businesses, but this brings with it greater risk of employees leaking data due to errors or deliberate activity.

A survey from data security company Egress shows that of employees who had accidentally shared data almost half (48 percent) say they had been rushing, 30 percent blamed a high-pressure working environment and 29 percent said it happened because they were tired.

Ransomware is a pervasive problem, and for victims it can be difficult to know whether paying up will help them to regain access to their maliciously encrypted files. So when ransomware decryption keys are released free of charge, it's always good news -- and this is exactly what has happened for HildaCrypt.

The developer of this particular strain of ransomware has released the decryption keys after a security researcher shared detailed of what was initially thought to be a new type of ransomware.

Insider threats, caused by current and departing employees, expose companies to breaches and put corporate data at risk, but security solutions may not be effectively preventing them.

A new study from data loss solution company Code42 finds that 69 percent of organizations say they were breached due to an insider threat and confirm they had a prevention solution in place at the time of the breach.

Yesterday marked the start of not just Cybersecurity Awareness Month but also Domestic Violence Awareness Month.

Domestic abusers often make use of stalkerware (commercial spyware used as a tool for domestic espionage) to leverage their partner's digital footprint for physical control.

With nearly 151 million users worldwide, Netflix is the #1 streaming service in the world. It also has the distinction of being the most impersonated by hackers. For cybercriminals, Netflix phishing is a lucrative business. While other streaming services, including HBO NOW and Spotify, are also on the receiving end of phishing attacks, none comes close to Netflix.

Netflix’s 155 million subscriber base offers a lucrative supply of personal information, contributing to its favorability with phishers. In Vade Secure's quarterly Phisher’s Favorites report for Q2 2019, Netflix was the 4th most impersonated brand in phishing attacks, with 8.2 percent quarter-over-quarter growth in Q2 2019.

According to a Harris Poll carried out for Google, 75 percent of Americans get frustrated trying to manage all their passwords.

This results in unsafe practices as 24 percent have used the following common passwords, or some variation: like 'abc123', 'Password', or '123456'. 59 percent of US adults have incorporated a name (their own, a family member's, a partner's, or a pet’s) into their password to an online account, 22 percent have used their own name and a third have used their pet's name or a variation as their password.

New research from Kaspersky finds that the cost of enterprise data breaches has risen from $1.23 million last year to $1.41 million in 2019.

At the same time enterprise organizations have invested more in cybersecurity, with IT security budgets averaging $18.9 million compared to $8.9 million in 2018.

Consumer VPN specialist ExpressVPN has announced a tie up with HP to have its software pre-installed on the company's consumer PCs.

As part of the deal selected machines will come with ExpressVPN's Windows app pre-installed to help protect customers' privacy and security on public Wi-Fi networks. HP consumer customers will also receive an exclusive free 30-day trial of the VPN service.

A new report from secure collaboration platform Wire, produced in collaboration with a global poker champion, looks at the risks businesses run with cyber security and comparing them to other everyday occurrences, with some startling findings.

Among them are that an employee is three times more likely to infect a colleague with a malicious email than they are to spread the flu to their partner, and that an employee's chances of spotting a phishing email are as slim as hitting a specific number on the roulette wheel.

Around two thirds of businesses have experienced a data breach in the last year and seemingly innocent workplace mistakes could be one of the main causes.

A new report produced by the Ponemon Institute for document security specialist Shred-it reveals that 71 percent of managers have seen or picked up confidential documents left on a printer.

One year ago this week Facebook suffered a massive data breach that prompted the company to reset access for around 90 million accounts.

A year on from this event what has been done to make users' data more secure and are people becoming more aware of the risks to their privacy from using social networks and other sites? We spoke to Fouad Khalil VP of compliance at SecurityScorecard to discuss these things and more.