Articles about Security

Known vulnerabilities for which patches have already been made available are the primary vehicle for cyberattacks, according to a report released today by Tenable.

The Tenable Research team analyzed cybersecurity events, vulnerabilities and trends throughout 2022, including 1,335 data breach incidents publicly disclosed between November 2021 and October 2022.

Continue reading →

A new survey of 300 CIOs, CISOs, and security executives from enterprises across Europe and the USA shows that 88 percent of organizations admit to being compromised by a cyber incident over the past two years.

The study from Pentera reveals that this is despite organizations having an average of almost 44 security solutions in place.

Continue reading →

On the 25th of May, 2018, the General Data Protection Regulation (GDPR) was passed, bringing into law a number of privacy and data protection regulations for those within the EU. Any business that operated within the EU had to immediately begin to respect the regulations laid out by this law.

Yet, even businesses outside of the EU are impacted, due to the fact that anyone that does business with someone within the EU area still must fall under these regulations. This meant that the vast majority of international companies, stretching from Asia and South America to North America and beyond, all had to start abiding by these laws.

Continue reading →

The "Global DataSphere" is exploding in size. IDC predicts that by 2026, the amount of data in the world will have doubled again. While most enterprises have digitized their operations, they continue to add more strategic workloads and create more and more data. So, as the amount of data enterprises have to deal with grows exponentially, moving to the cloud based on an elaborated strategy offers significant benefits like scalability, flexibility and cost-effective storage.

But can this go on forever? Gartner expects total worldwide end-user spending on public cloud services will reach a record $592 billion this year, a 21 percent increase from 2022. This rapid level of growth and migration raises some concerns at an enterprise level, with fast "lift and shift" migrations meaning best-practices for modern data protection aren’t followed. The Cloud security alliance (CSA) reported that 96 percent of companies say they have insufficient security for sensitive cloud data -- so across the board we have a long way to go on this journey. Here are three best practices for enterprises to protect their data in the cloud. 

Continue reading →

A new report on the antivirus market from Security.org reveals that almost three-quarters of Americans still strongly believe computers need antivirus to protect their devices and 61 percent are relying on free options like Microsoft Defender.

The number relying on free solutions has held steady, down only one point since 2021. Interestingly, only eight percent of free antivirus users have experienced a breakthrough virus in the past year, compared to 10 percent of paid users.

Continue reading →

In recent years, the software bill of materials (SBOM) has become a key element of software security and software supply chain risk management.

We spoke to Tim Mackey, head of software supply chain risk strategy at Synopsys to find out more about the benefits and challenges of SBOMs.

Continue reading →

Being a government agency concerned with security, it is perhaps not particularly surprising that the NSA has some advice for locking down networks. The National Security Agency has issued a series of tips designed to help secure home networks, and while home workers and remote workers are mentioned, the tips apply to just about everyone.

While much of the advice is fairly obvious, the list of "best practices" serves as a helpful reminder about the steps that need to be taken to avoid cyber-attacks. Some advice, however, suggests a level of paranoia that is not necessarily appropriate for most people.

Continue reading →

Sharing is caring, as the saying goes, but when it comes to business data oversharing is a big problem. A new report from Concentric AI shows the number of overshared files rose 60 percent in 2022 compared to 2021.

Largely this is down to the impact of hybrid remote work, cloud migration and information sprawl across on-premises and cloud data, as well as email and messaging environments on data security.

Continue reading →

Ransomware attacks continue to plague organizations and can have an effect beyond the financial, damaging reputations and customer trust.

Now though WithSecure has developed a new technology called Activity Monitor that can essentially undo the damage malware can cause.

Continue reading →

For anyone who struggles to remember the growing list of endlessly complicated passwords needed to gain access to the plethora of online accounts we all now have, a password manager is near-essential. Chrome, like many of the web browsers, has long-featured a tool for storing and automatically entering passwords, and now Google is giving it a much-needed upgrade.

Until now, Chrome's password manager has been functional, but far from being adorned with bells and whistles. Now Google is giving it a new user interface as well as an important injection of new features.

Continue reading →

Defenders have become more successful at detecting and preventing ransomware, but even so its share of incidents declined only four percentage points from 2021 to 2022.

The latest X-Force Threat Intelligence Index from IBM Security also finds that attackers continue to innovate, with the average time to complete a ransomware attack dropping from two months down to less than four days.

Continue reading →

According to a new report, 98.6 percent of organizations have concerning misconfigurations in their cloud environments that can cause critical risks to their data and infrastructure.

The research from Zscaler finds cloud misconfiguration errors related to public access to storage buckets, account permissions, password storage and management, and more, have led to the exposure of billions of records.

Continue reading →

A new report finds that even as internet users spend around a third of their lives online, most feel risks are increasing, and cybersecurity is too complex.

The report from F-Secure finds three out of four internet users worry about their safety online, while almost seven out of ten (69 percent) of those surveyed said they don't know who to trust online.

Continue reading →

The past twelve months have been tough for a lot of organizations. From inflationary pressures to fears of a global recession, many economists have made pessimistic predictions about the year ahead. As a result, controlling and reducing costs is likely to be the focus for many companies in 2023. 

Yet despite these economic stresses, IT spending has continued to rise. Gartner has estimated businesses spent around $4.5 trillion in 2022, up 3 percent year-on-year. While part of this spend is driven by digital transformation and the adoption of new technologies, a good part comes from unexpected expenses - especially when it comes to cloud where businesses can easily incur heavy costs without realizing it. Research finds that 80 percent of organizations lack awareness of how best to manage cloud computing, leading to overspending of between 20-50 percent. 

Continue reading →

Two-factor authentication (2FA) is an important means of securing accounts, making it significantly harder for hackers to gain unauthorized access. So it is perhaps a little surprising that Twitter has announced that it is locking one of the most popular 2FA methods behind a paywall.

The company has announced that SMS-based two-factor authentication will only be available to paying Twitter Blue subscribers. The change will take effect on March 20, and after this date non-paying Twitter users will be limited to securing their account with either an authentication app or a physical security key.

Continue reading →