Articles about Security

This week marks the first anniversary of the Log4j/Log4Shell vulnerability affecting the Java logging library and as we noted recently many organizations are still vulnerable even though patched versions were quickly available.

Sonatype has produced a resource center to show the current state of the vulnerability, along with a tool to help businesses scan their open source code to see if it's affected.

Continue reading →

With the UK government reporting that nearly 40 percent of UK businesses were hit by cyber attacks last year, keeping on top of cyber security has become a mission critical need.

Of those UK businesses and charities that were impacted, 83 percent identified phishing as being the most common attack vector. The government is urging these organizations to strengthen against phishing attacks such as business email compromise as they continue to grow in volume and frequency.

Continue reading →

A new report reveals that 'less sophisticated' fraud -- in which doctored identity documents are readily spotted -- has jumped 37 percent in 2022.

The report from Onfido also shows that while in 2019 fraudsters tended to keep regular office hours, in 2022, fraud levels were consistent across 24 hours, seven days a week. Thanks to technology, fraudsters are more connected across the globe and are able to traverse regions and time zones, and can easily take advantage of businesses’ closed hours when staff are likely offline.

Continue reading →

The classic way of preventing critical systems, such as industrial controls, from attack is to air-gap them. That is to say ensure they don't have a connection to the internet.

But while they may not have a web connection they still often require DNS services in order to resolve a company's internal DNS records. New research from Pentera shows that this can provide a weak point to be exploited by attackers.

Continue reading →

New research from LogRhythm shows 67 percent of respondents say their company had lost a business deal due to the customer's lack of confidence in their security strategy.

The survey of 1,175 security professionals and executives across five continents, conducted by Dimensional Research, finds 91 percent report that their company's security strategy and practices must now align to customers' security policies and standards.

Continue reading →

Cybersecurity resilience is a top priority for companies as they look to defend against a rapidly evolving threat landscape, according to the latest annual Security Outcomes Report from Cisco.

The report reveals that 62 percent of organizations surveyed say they have experienced a security event that impacted business in the past two years. The leading types of incidents are network or data breaches (51.5 percent), network or system outages (51.1 percent), ransomware events (46.7 percent) and distributed denial of service attacks (46.4 percent).

Continue reading →

Ransomware accounts for 23 percent of cyber insurance claims, while while fraudulent funds transfer (FFT) accounts for 28 percent according to insurance specialist Corvus, which has released its latest Risk Insights Index.

The impact and consistency of FFT is growing, accounting for 36 percent of all claims in the last quarter (Q3 2022), an all-time high. Indeed this metric has not dropped below 25 percent for the past six quarters.

Continue reading →

More than half (54 percent) of respondents to a new survey say securing data with appropriate access rights is one of their biggest hurdles. While almost 60 percent believe their organizations should be placing extra emphasis on data security.

The third annual State of Data Engineering Survey from Immuta also finds that that 89 percent of organizations report missing business opportunities because of data access bottlenecks.

Continue reading →

Data is more plentiful, valuable and interconnected than ever before. Unfortunately, this has led to a cyber threat landscape that is increasingly dynamic and costly to business. 

Cybercrime inflicted approximately $6 trillion in damages globally in 2021, an annual figure that is set to reach $10.5 trillion by 2025. This is equivalent to the world’s third-largest GDP after the U.S. and China. It is a threat that requires a comprehensive approach to defending, protecting, and recovering data, avoiding vulnerabilities and maintaining business continuity.

Continue reading →

As organizations move more of their systems to the cloud they face a new range of threats. This combined with a shortage of cybersecurity skills makes securing SaaS systems a challenge.

Galit Lubetzky Sharon, co-founder and CTO of Wing Security, believes that a new more holistic approach, involving employees across the organization, is needed. We spoke to her to learn more.

Continue reading →

More than 90 percent of organizations migrating to the cloud have implemented, are implementing, or are in the process to implement a zero trust architecture.

But a new study from Zscaler shows only 22 percent of global IT decision-makers claim to be 'fully confident' that their organization is leveraging the potential of their cloud infrastructure, presenting an opportunity for zero trust.

Continue reading →

According to research, 50 percent of over 400 IT security decision makers in the US and UK have been prevented from adopting a new cybersecurity solution due to integration issues or challenges with legacy infrastructure.

The study for BlackFog, conducted by Sapio Research, also reveals that 32 percent say a lack of skills within their team to support a new product would also be a factor preventing them from deploying new solutions.

Continue reading →

The widespread use of digital platforms allows businesses to expand, but at the same time a growing internet presence can put organizations at risk in ways they cannot plan for.

We talked to Censys' data scientist, Emily Austin about the company's recent State of the Internet report and about how businesses can proactively fight against unknown domains and risks.

Continue reading →

The COVID-19 pandemic ushered in a new era of remote and hybrid work that many of us knew was possible, but felt was years away from being realized. Now, we can work anywhere in the world asynchronously, with access to the documents and tech stack required to do our jobs as we would in an office setting.

While this has helped create a better work/life balance for many employees, this corporate culture shift has created a host of new challenges for cybersecurity teams. The increase in endpoints, with an increasing number of devices accessed remotely, requires a higher level of security to tackle growing online threats. How can IT teams champion hybrid workflows in an untrustworthy digital landscape? Fortunately, there is a solution to this problem -- a zero-trust architecture.

Continue reading →

Companies spend a lot on IT security, and that trend does not look like it’s stopping, despite the current economic headwinds. Gartner estimates that spending on information security and risk management will grow by 11.3 percent to reach more than $188.3 billion in 2023. Yet, in the face of mounting economic pressure, many companies are afraid they will have to cut their spending. According to our own research, around 44 percent of small and mid-sized enterprise (SME) companies think they will have to reduce their IT budgets in 2023.

Of these, around three quarters think this reduction will lead to increased risk to the business. When this happens stress and overtime increase dramatically -- already, we found that all IT professionals work more hours than they are paid for with 26 percent saying they average ten hours a week in overtime. In order to solve these problems, we have to think again about the role of IT security, and why the size of the company you support affects how you can achieve your goals.

Continue reading →