A new survey of information security professionals carried out at last month's Black Hat conference suggests that the majority think encryption backdoors are ineffective and potentially dangerous.

The study carried out by machine identity protection company Venafi finds that 72 percent of respondents don't believe encryption backdoors would make their nations safer from terrorists.

Continue reading →

Malware threats have reached dangerously high levels, according to a new report that highlights the sheer scale of threats facing businesses today.

The latest Kaspersky Lab Malware report, covering the three months of Q2 2017, claims that Kaspersky Lab's products blocked more than five million attacks involving exploits in this time period.

Continue reading →

Amazon Web Services has launched a new machine learning service aimed at helping organizations protect their sensitive data in the cloud.

Macie's general premise is quite simple: it analyzes data on the S3 storage service, and is capable of identifying names, addresses, credit card numbers, driver licenses or social security numbers, stuff like that.

Continue reading →

According to a new survey, workloads run on in-house systems suffer 51 percent more security incidents than those on public cloud services.

The study from cloud security and compliance company Alert Logic analyzed more 2 million security incidents captured by its intrusion detection systems over 18 months.

Continue reading →

Passwords and their effectiveness is a subject that continues to come under the spotlight, particularly with the publication of a recent United States National Institute for Standards and Technology (NIST) document recommending a move to passphrases.

Security awareness training specialist KnowBe4 has carried out a survey of 2,600 IT professionals to look at how organizations are managing passwords and determine how the proposed passphrase concept stacks up against methods currently in use.

Continue reading →

Security researchers have managed to infect a computer with malware embedded in a strand of human DNA.

The news sounds like a science-fiction writer's dream, but when biologists want to handle large amounts of DNA samples, they need to digitize them and process them on their computers. But the software that they use to process these samples is usually open-source and often doesn't follow security best practices.

Continue reading →

Today our lives are inextricably tied to our mobile devices. We use them just like mini-computers, handling sensitive personal and work-related matters throughout the day. This trend is concerning because mobile devices were not designed with security in mind and are now arguably the biggest threat to both consumer and enterprise security.

Just like we have seen with the evolution of computer threats, cybercriminals are catching onto the new opportunities mobile presents. This past year, we have witnessed a dramatic spike in mobile-first cyberattacks like social media and SMS phishing, malicious apps and even robocalls. These attacks are also only going to increase with the bring your own device workplace.

Continue reading →

IT systems at the Scottish Parliament have been struck by a "brute force cyber-attack" from an unknown source. Staff have been advised to change passwords as a result of the attack.

Paul Grice, Chief Executive at Holyrood, says that the attack is similar to the one Westminster suffered back in June. The hackers have attempted to crack passwords as well as trying to access parliamentary emails.

Continue reading →

As the internet of things spreads into more and more areas, increasing numbers of medical devices are now connected, making them vulnerable to cyber attacks that could shut down medical processes, expose critical hospital and patient data, and ultimately put patient safety at risk.

Many medical devices are not built with cybersecurity in mind, yet a survey by Deloitte Cyber Risk Services of over 370 professionals organizations operating in the medical device/IoT arena shows that 36.5 percent have suffered a cyber security incident in the past year.

Continue reading →

Businesses are struggling to keep pace against the rising level of cyber security threats, according to a new study.

The Threat Monitoring, Detection and Response Report from Crowd Research Partners -- produced in partnership with a number of leading cyber security vendors -- finds that the biggest concern is dealing with advanced threats in three key areas, ransomware (48 percent), phishing attacks (48 percent) and attendant data loss (47 percent).

Continue reading →

Accessing privileged accounts is the hacker's number one choice of the easiest and fastest way to get access to critical data according to a new study.

Privileged account solutions specialist Thycotic carried out a survey of more than 250 hackers at 2017's Black Hat conference and found that 32 percent of respondents see privileged accounts as the best way of getting hold of sensitive data, with 27 percent preferring access to user email accounts.

Continue reading →

There’s a penchant by many to measure the quality of IPS (Intrusion Prevention System) solutions by the number of threat signatures supported by the vendor. Checkpoint points to how it delivers "1,000s of signature, behavioral and preemptive protections." Fortinet claims its FortiGuard IPS service inspects "over 8,000 signatures consisting of 15,649 rules." Cisco IOS Inline IPS "supports more than 7000 signatures."

Presumably, the more signatures the more thorough the IPS. But is that really the right measure for today’s defending against today’s threat landscape?

Continue reading →

The moment a cybercriminal targets an organization, the victim enters a race against time. Every minute that the attacker is able to operate undetected is more time for them to compromise systems, steal data, and cause more harm to their target. The ability to detect an attack and shut it down quickly can make the difference between a minor security incident and a huge breach that costs millions of pounds, or even brings an end to the company itself.

The good news is that organizations seem to be making great strides in detecting security breaches, according to our 2017 Trustwave Global Security Report, which examines the results of thousands of our investigations into security incidents. Across the incidents we investigated in 2016, the median time from intrusion to detection of a compromise had fallen to 49 days, down from 80.5 days in 2015.

Continue reading →

When we think of a cyberthreat, we often imagine a nation state hacking group, or a virus trying to work its way into our company network. After all the media is full of depictions of incidents of this very nature -- how many times has North Korea or Russia been blamed for hacking the West?

The funny thing is, the cyberthreat that we should be worrying about actually resides in a place that’s a lot closer home, often found within the company building. What I’m talking about is the insider threat. And it’s about time we paid closer attention to it.

Continue reading →

When enterprises have a range of different IT systems and integrated supply chains it can lead to gaps in security coverage which are easily overlooked.

Fortress Information Security is launching a new Emerging Security Risk Management platform to provide an enterprise-wide visualization capability allowing organizations to spot and address gaps.

Continue reading →