Articles about Security

It used to be the case that all you had to worry about with ransomware was encrypted data, but the latest Cyberthreat Defense Report (CDR) from CyberEdge Group reveals that last year 78 percent of ransomware victims faced the consequences of one, two or three additional threats unless they paid the ransom.

Additional threats include launching distributed denial of service (DDoS) attacks (42 percent), notifying customers or the media of the data breach (42 percent), and publicly releasing exfiltrated data (40 percent).

Continue reading →

When asked to select the most significant cyber threats to their organizations, browsing Threats topped the list, with 43 percent of CISOs ranking it as a top concern.

A new report from RedAccess, based on responses from 300 chief information security officers across the US and UK, looks at the impact of hybrid working on security posture and the new threats that it introduces. Insecure browsing is ranked as the #1 hybrid/remote work security concern that puts organizations at the most risk.

Continue reading →

Business Email Compromise attacks increased dramatically last year with a 72 percent rise year-on-year over 2021.

The 2023 Email Security Threat Report from Armorblox shows high volumes of language-based and socially engineered attacks targeting organizations of all sizes and across industries.

Continue reading →

Our tech-filled lives put us at daily risk of cybercrimes, as we spend the majority of our time interacting with devices that could give hackers access to our personal data. In fact, according to DataProt, nearly 60 Percent of Americans say they have experienced cybercrime or somehow fell victim to a hacker. As every aspect of our lives becomes more connected, the opportunities for bad actors rise.

Businesses are not immune to these persistent threats. Reports show that 70 Percent of small businesses are unprepared for a cyberattack, and almost 90 Percent of professional hackers can penetrate a company within 12 hours. It is no surprise that the Federal Bureau of Investigation (FBI) has officially ranked cybercrime as one of its agency’s most important interests.

Continue reading →

HP has issued a security warning about a vulnerability which affects numerous HP Enterprise LaserJet and HP LaserJet Managed printers. The flaw is tracked as CVE-2023-1707 is described as "critical" having been assigned a CVSS rating of 9.1.

Despite the severity of the bug -- which HP says could lead to "information disclosure when IPsec is enabled with FutureSmart version 5.6" -- it could take up to 90 days to issue a fix. However, the company has provided a temporary firmware mitigation.

Continue reading →

Since its inception, Microsoft Defender Antivirus (FKA Windows Defender) was considered somewhat of a joke by power users. They would assert that it provided you with the protection of an umbrella in a hurricane. While its deficiencies were often exaggerated, indeed, it didn’t give you the same depth and scope as high-quality third-party solutions. 

When Bitdefender retired its free antivirus solution in 2021 (only to release a new free antivirus in 2022), many turned back to Microsoft Defender. After all, Microsoft should ultimately know the best ways to secure its software. It's surprising it took so long for the company to expand the coverage of its Microsoft Defender line, especially, with the largest share of its revenue being made from intelligent cloud computing.

Continue reading →

A new survey from OTORIO and ServiceNow reveals that 58 percent of organizations identify their operational technology (OT) cybersecurity risk level as high or critical.

However, the survey of 200 IT and OT leaders shows only 47 percent of companies surveyed have an OT cybersecurity solution in place, and 81 percent of respondents still manage their OT risks manually rather than having an automated solution.

Continue reading →

Active Directory (AD) is used by 90 percent of enterprises as the primary source of trust for identity and access. But it can also be a weak link, exploited in many modern cyberattacks.

We spoke to Ran Harel, senior director of product management at Semperis, to explore the challenges in securing a hybrid AD environment and how organizations can best defend this expanded attack surface.

Continue reading →

Over half of organizations say they have suffered a data breach in the past two years, an increase from 49 percent in 2022 and 39 percent in 2021.

In addition, a new report from Splunk shows 62 percent of respondents report that their business-critical applications have suffered from unplanned downtime due to a cybersecurity incident on at least a monthly basis, an increase from 54 percent in 2022.

Continue reading →

As businesses get bigger they begin to gain extra layers of management and start to behave in different ways. A new report from Trend Micro reveals that the same is true for cybercrime groups.

A typical large cybercrime organization allocates 80 percent of its operating expenses to wages, with the figure similarly high (78 percent) for smaller criminal organizations, according to the report.

Continue reading →

Cybersecurity threats are growing at an alarming rate across the globe while at the same time, cybercriminals are becoming even more sophisticated in their methods of attacks. Meanwhile, the shortage of cybersecurity talent is making it difficult for organizations and industries to meet these constantly shifting security demands.

As such, the cybersecurity landscape has become increasingly challenging. In fact, cybercrime is expected to cost the world $10.5 trillion annually by 2025 but organizations are struggling to build the specialized skills required to manage these growing threats. According to ISACA’s latest State of Cybersecurity Report, 63 percent of enterprises have unfilled cybersecurity positions while labor shortages in the UK have become particularly acute. In fact, while there are currently about 339,000 cyber professionals in the UK (up 13 percent year-on-year), there is still a shortfall of 56,811 workers (up 70 percent year-on-year).

Continue reading →

Remote working poses a number of risks from an IT security point of view. A new report from Lookout finds that 32 percent of remote and hybrid workers use apps or software not approved by IT and 92 percent of remote employees perform work tasks on their personal tablet or smartphone devices.

Remote workers are also less likely to follow best practices for security. 90 percent access corporate networks from areas other than their home, with an average of five different locations -- introducing security risks as company data could be exposed across multiple networks not monitored by IT. 45 percent use the same password for work and personal accounts too.

Continue reading →

Cyber insurance has often been seen by business leaders as a monetary guarantee that even if hackers do break into their networks and steal their data, they can still escape financially unscathed.

Yet this premise was recently rocked after Lloyd's of London, the world's biggest insurance syndicate, redefined its policies to no longer cover for nation-state cyberattacks. There are other challenges facing the cyber insurance sector in the year ahead too.

Continue reading →

Our threat researchers at Lares encounter a broad range of security flaws and vulnerabilities when we conduct Purple Team exercises on behalf of our clients. Over time, the same unforced errors seem to come up so often that we warn security teams to develop standardized practices to defend against them.

The Lares Adversarial Collaboration Unit assists clients with defensive collaboration engagements and Purple Team assessments, which combine offensive and defensive techniques to strengthen security protections. Red Teams emulate external or insider attackers, while Blue Teams serve as internal security defenders. Purple Teams assist both sides by aligning the defensive tactics of the Blue Team with the threats attempted by the Red Team.

Continue reading →

Enterprises are faced with a barrage of new threats and entry points and as a result need to deploy, scale, enforce and maintain zero trust security policies to keep pace.

Access control needs to be at the core of any successful zero trust model but this too presents challenges. We spoke to Denny LeCompte, CEO of Portnox, to discover how organizations can overcome zero trust barriers.

Continue reading →