Articles about Security

Like any new innovation, the metaverse is currently at the center of a 'risk versus reward' debate. Unsurprisingly, the 3D virtual world has received a lot of attention, with McKinsey confirming that more than $120 billion was invested in building out metaverse technology and infrastructure in the first five months of 2022.

Promises of extraordinary use cases, from teaching virtualized university lectures to performing surgeries for patients in other countries -- not to mention the potential cost saving and accessibility benefits -- have garnered curiosity. But while it could be some time until we see mass adoption of the metaverse, the security community is already apprehensive of the evolving security risks.

Continue reading →

A new survey from Delinea of over 2,000 IT security decision makers (ITSDMs) reveals that only 39 percent of respondents think their company's leadership has a sound understanding of cybersecurity's role as a business enabler.

In addition, over a third (36 percent) believe that it is considered important only in terms of compliance and regulatory demands, while 17 percent say it isn't seen as a business priority.

Continue reading →

More than eight in 10 data breaches globally can be attributed to human error.

People are the weakest link in cybersecurity. And this weakness comes from a lack of awareness about our cyber risk and the behaviors that influence it. Many people see cybersecurity as an IT concern. In truth, cybersecurity concerns everyone. When our hospitals get infected with ransomware, we can’t receive care. When our organizations experience a cyberattack, we lose our jobs. Still, we tend to underestimate the importance of cybersecurity to our society and economy.

Continue reading →

Following numerous complaints from users concerned that the Circles feature of Twitter was broken, the company has conceded that tweets that were supposed to be visible to only a select number of people were in fact accessible by anyone.

The idea of Twitter Circles is that messages can be seen only by people who have been added to a Circle. But Twitter has now revealed "a security incident that occurred earlier this year" that ignored privacy settings.

Continue reading →

Improving your organization’s cyber security posture is essential to maintain brand trust. The challenge for the C-suite is to look at both the big picture and the finite details, translating your overall strategy for managing risk into actionable processes and priorities that will, over time, lower your risk exposure.

Qualys’ Threat Research Unit (TRU) looked at trillions of anonymized data points gathered from across our customer base to analyze where the biggest risk areas were for businesses. Based on this data, we can see specific areas where you can help your team increase their performance effectiveness, as well as how these changes add up to a significant improvement in security results overall. Building on these details will  improve how you manage risk, reduce your attack surface and maintain trust with your customers.

Continue reading →

A study from Immersive Labs finds that while businesses have high confidence in their overall resilience, teams are insufficiently prepared for threats.

The study, carried out by Forrester, surveyed 316 global cybersecurity training strategy decision-makers in the UK, US, Canada, Germany, and Sweden, finds that 82 percent agree they could have mitigated some to all of the damage of their most significant cyber incident in the last year if they were better prepared.

Continue reading →

Honeypots have been around for years and are a tried and tested cybersecurity mechanism. By creating a fake environment with attractive assets, organizations use honeypots to lure attackers into a trap where their actions can be studied and learned from to improve cybersecurity measures. Simultaneously, they are protecting the business’ real assets by preoccupying the attacker with the decoys.

However, honeypots have a narrow field of view as the only activity that they detect is those that target them directly. If an attacker gains access to a network, but not through the honeypot, the business would be none the wiser. It is, therefore, crucial to have more than one honeypot -- a honeynet -- to make it effective. Yet, honeypots are very time-consuming to apply as they need to be installed in networks and systems in data centers. It can take as long as an hour to install just one and it lacks any level of scalability.

Continue reading →

Security teams today are contending with an ever-increasing attack surface and an exponentially growing volume of vulnerabilities. Yet most teams are still equipped with the cybersec equivalent of a bucket to shovel out an ocean of CVEs. Buying them another shiny new bucket pales in comparison to plugging the actual leak in your ship (or enterprise).

Vulnerabilities can’t all be patched, so prioritizing these based on business risk is the most grounded approach. While leading security teams have begun to implement more advanced vulnerability management (VM) programs, others are struggling with outdated, manually intensive and less effective ways of managing vulnerabilities without context or insights on the true risk they pose. This can only work for so long, as it requires the continuous process of monitoring, discovering, analyzing, and remediating vulnerabilities across all potential attack vectors. Even then, good old human error sneaks its way in.

Continue reading →

Google has released an important update for its Authenticator app. The latest versions of Google Authenticator for iOS and Android can now synchronize one-time codes to the cloud.

In offering Google Account synchronization, the 2FA tool is now easier to use across multiple devices. This is something Google points out as being useful in the case of a lost or stolen device.

Continue reading →

Proton, the company behind the security- and privacy-focused Proton Mail and Proton VPN, has launched a beta version of its new password manager.

Going under the unsurprising moniker of Proton Pass, the software is described as "perhaps the first one built by a dedicated encryption and privacy company". What this means in practice is that security is greater than in other password managers, with end-to-end encryption on all fields of forms.

Continue reading →

Many security professionals have been misled into believing in the overhyped promise of agentless security. But it looks like the long-lasting 'agentless vs. agent' debate is finally over and the result is finally in -- if you want great cloud workload security, you need an agent.

This noteworthy outcome arose when two of the leading agentless-only vendors finally gave in and announced partnerships with agent-based runtime security and CWPP (cloud workload protection platform) vendors. This is big news, because both of these companies had previously, and persistently proclaimed, that agents are 'old school' and that 'agent-based security is dead'.

Continue reading →

Enterprise browser specialist Talon Cyber Security has announced that it has integrated its secure enterprise browser with the Microsoft Azure OpenAI Service to provide enterprise-grade ChatGPT access to customers.

This allows organizations to maintain data protection, keeping data put into ChatGPT within their perimeter and preventing it from transferring to third-party services. When using ChatGPT in Azure OpenAI Service, the organization uses its own Azure resources, so sensitive data is not delivered to other locations, improving data security and reducing risk.

Continue reading →

As information technology and operational technology increasingly converge it presents new challenges for organizations needing to keep their systems secure.

There's also been something of a shift in the focus of attacks with more emphasis on causing business disruption and damaging reputations.

Continue reading →

As enterprises move to cloud and hybrid models they face a range of new challenges in protecting their data.

A new study from Enterprise Strategy Group (ESG), released by Commvault and Microsoft, finds that 53 percent of respondents say their IT environment was more complex than it was two years ago.

Continue reading →

In the 12 months from April 2022 to March 2023 the US and UK were the countries that suffered the most ransomware attacks.

However, the latest Malwarebytes ransomware report shows that the USA suffered a little over seven times more attacks in the last twelve months than the UK. It's perhaps not a coincidence that the USA's economic output, measured by gross domestic product (GDP), is also about seven times larger than the UK's.

Continue reading →