Articles about Security

The "Global DataSphere" is exploding in size. IDC predicts that by 2026, the amount of data in the world will have doubled again. While most enterprises have digitized their operations, they continue to add more strategic workloads and create more and more data. So, as the amount of data enterprises have to deal with grows exponentially, moving to the cloud based on an elaborated strategy offers significant benefits like scalability, flexibility and cost-effective storage.

But can this go on forever? Gartner expects total worldwide end-user spending on public cloud services will reach a record $592 billion this year, a 21 percent increase from 2022. This rapid level of growth and migration raises some concerns at an enterprise level, with fast "lift and shift" migrations meaning best-practices for modern data protection aren’t followed. The Cloud security alliance (CSA) reported that 96 percent of companies say they have insufficient security for sensitive cloud data -- so across the board we have a long way to go on this journey. Here are three best practices for enterprises to protect their data in the cloud. 

Continue reading →

A new report on the antivirus market from Security.org reveals that almost three-quarters of Americans still strongly believe computers need antivirus to protect their devices and 61 percent are relying on free options like Microsoft Defender.

The number relying on free solutions has held steady, down only one point since 2021. Interestingly, only eight percent of free antivirus users have experienced a breakthrough virus in the past year, compared to 10 percent of paid users.

Continue reading →

In recent years, the software bill of materials (SBOM) has become a key element of software security and software supply chain risk management.

We spoke to Tim Mackey, head of software supply chain risk strategy at Synopsys to find out more about the benefits and challenges of SBOMs.

Continue reading →

Being a government agency concerned with security, it is perhaps not particularly surprising that the NSA has some advice for locking down networks. The National Security Agency has issued a series of tips designed to help secure home networks, and while home workers and remote workers are mentioned, the tips apply to just about everyone.

While much of the advice is fairly obvious, the list of "best practices" serves as a helpful reminder about the steps that need to be taken to avoid cyber-attacks. Some advice, however, suggests a level of paranoia that is not necessarily appropriate for most people.

Continue reading →

Sharing is caring, as the saying goes, but when it comes to business data oversharing is a big problem. A new report from Concentric AI shows the number of overshared files rose 60 percent in 2022 compared to 2021.

Largely this is down to the impact of hybrid remote work, cloud migration and information sprawl across on-premises and cloud data, as well as email and messaging environments on data security.

Continue reading →

Ransomware attacks continue to plague organizations and can have an effect beyond the financial, damaging reputations and customer trust.

Now though WithSecure has developed a new technology called Activity Monitor that can essentially undo the damage malware can cause.

Continue reading →

For anyone who struggles to remember the growing list of endlessly complicated passwords needed to gain access to the plethora of online accounts we all now have, a password manager is near-essential. Chrome, like many of the web browsers, has long-featured a tool for storing and automatically entering passwords, and now Google is giving it a much-needed upgrade.

Until now, Chrome's password manager has been functional, but far from being adorned with bells and whistles. Now Google is giving it a new user interface as well as an important injection of new features.

Continue reading →

Defenders have become more successful at detecting and preventing ransomware, but even so its share of incidents declined only four percentage points from 2021 to 2022.

The latest X-Force Threat Intelligence Index from IBM Security also finds that attackers continue to innovate, with the average time to complete a ransomware attack dropping from two months down to less than four days.

Continue reading →

According to a new report, 98.6 percent of organizations have concerning misconfigurations in their cloud environments that can cause critical risks to their data and infrastructure.

The research from Zscaler finds cloud misconfiguration errors related to public access to storage buckets, account permissions, password storage and management, and more, have led to the exposure of billions of records.

Continue reading →

A new report finds that even as internet users spend around a third of their lives online, most feel risks are increasing, and cybersecurity is too complex.

The report from F-Secure finds three out of four internet users worry about their safety online, while almost seven out of ten (69 percent) of those surveyed said they don't know who to trust online.

Continue reading →

The past twelve months have been tough for a lot of organizations. From inflationary pressures to fears of a global recession, many economists have made pessimistic predictions about the year ahead. As a result, controlling and reducing costs is likely to be the focus for many companies in 2023. 

Yet despite these economic stresses, IT spending has continued to rise. Gartner has estimated businesses spent around $4.5 trillion in 2022, up 3 percent year-on-year. While part of this spend is driven by digital transformation and the adoption of new technologies, a good part comes from unexpected expenses - especially when it comes to cloud where businesses can easily incur heavy costs without realizing it. Research finds that 80 percent of organizations lack awareness of how best to manage cloud computing, leading to overspending of between 20-50 percent. 

Continue reading →

Two-factor authentication (2FA) is an important means of securing accounts, making it significantly harder for hackers to gain unauthorized access. So it is perhaps a little surprising that Twitter has announced that it is locking one of the most popular 2FA methods behind a paywall.

The company has announced that SMS-based two-factor authentication will only be available to paying Twitter Blue subscribers. The change will take effect on March 20, and after this date non-paying Twitter users will be limited to securing their account with either an authentication app or a physical security key.

Continue reading →

Spam in your calendar? It’s not something that most of us think about -- the word brings to mind email and phone calls and even just old-fashioned snail mail. But your online calendar is also a very real target and it may be growing worse. 

It’s actually fairly ingenious; a spammer sends an invite to an event and, even if the email invitation goes to your spam folder, the event still goes to your Google Calendar. When you click on the event in your calendar it contains a malicious link. Even if you click 'decline' it can still take you to possible NSFW content, or worse. Plus, declining will simply cross out the appointment and leave the reminder behind.  

Continue reading →

A 'work device' isn’t what it used to be. Employees are no longer restricted to a single, company-issued device. Instead, they move between devices based on task, time of day, and location. One minute, they might be working at a desk on a Mac, while the next they are on the move, staying productive from an iPhone.

Research has shown that employees highly value the ability to choose which device(s) they use. In fact, 87 percent of respondents in an independent global survey, conducted by Vanson Bourne in 2021 said choosing their work device was important to them, and 89 percent said they’d even be willing to sacrifice part of their salary to be empowered to choose their own technology.

Continue reading →

As security professionals assess the cloud security challenges that lie ahead for the coming year, one thing is certain. Threat actors will continue to double down on their efforts, utilizing new techniques and refining pre-existing methods as they extend their ever-growing toolbox.

To help enterprises stay ahead of the game, our security research team has highlighted some of the top trends and attack vectors cloud security teams can expect to encounter in 2023.

Continue reading →