If you don't know what you're exposing, how can you protect it? [Q&A]


The move to the cloud has meant the days of external exposure being defined by the set of IP ranges in your firewall are gone. Today's attack surface is made up of many internet-facing assets with exposure being controlled at the domain level.
This means web applications have fast become an attractive target for attackers, particularly unknown and forgotten assets -- which are plentiful in modern environments. So how can businesses defend themselves?
LastPass accused of lying in security breach announcements


The reputation of LastPass has taken quite a battering over the past year, with the handling of security incidents doing nothing to improve things. Just last week the company gave an update about a security breach that took place back in August, revealing that it had been more serious than first suggested.
But now the updated announcement from LastPass has been ripped to shreds by security experts with one denouncing it as being "full of omissions, half-truths and outright lies".
More machine IDs, attacks on providers and AI verification -- identity management predictions for 2023


Although the death of the password has been predicted for many years, older technology still clings on when it comes to verifying identities.
But that's changing, particularly with the massive growth in the numbers of machine IDs. Here is what some industry experts think we'll see from the identity world in 2023.
Geopolitical threats, supply chain issues and phishing scams -- cybersecurity predictions for 2023


The cybersecurity world never stands still, with threats and the technology to combat them constantly evolving.
That makes predicting what might happen difficult, but we can still extrapolate current trends to get an indication of where things might be headed. Here are some expert predictions for cybersecurity in 2023.
Rebuilding trust between developers and security [Q&A]


The demands of modern business IT environments can often lead to friction between developers and security teams which can hamper the successful rollout of cloud security.
Developers want to deliver features as fast as possible and security teams want things to be as secure as possible, so there is constant conflict of interest. We spoke to David Hendri, CTO and co-founder of cloud security startup Solvo, to discover how to rebuild the trust between developers and security by creating a common language.
The missing piece in the MSP data security puzzle


In the dynamic world of Managed Service Providers (MSPs), it has become quite evident that the time has come for next generation Data Security Solutions, and that such a solution should be added to your technology stack.
For some time and becoming ever more frequent today, organizations and MSPs are facing major data security challenges that are likely to increase exponentially over the coming decade.
Look back and look forward when walking into a new MDR relationship


The managed services market is bringing more and more providers into the mix, as an increasing number of organizations decide it makes fiscal and operational sense to outsource key functions, even those which traditionally have been considered especially critical, such as certain information security-oriented tasks. Perhaps the fastest-growing segment of service providers in this space is MDR -- managed detection and response.
The MDR concept is relatively young in the service provider space. MDR offerings are typically designed to augment your SOC (security operations center) function by providing detective and reactive tools and expertise. In some cases, it may even replace your tier one, or triage-level, security analysts, who are focused on reviewing and confirming the sometimes overwhelming flood of incoming security alerts.
Service mesh and the CISO [Q&A]


The number of use cases for Kubernetes is expanding as an increasing number of enterprises across a wide array of industries are adopting it as their platform of choice. However, this also expands the enterprise attack surface and business risk as a result.
We spoke to William, Morgan CEO of Buoyant, about how CISOs are coming face-to-face with the insecurity that can arise from managing Kubernetes platforms. They are beginning to see the risks that can unfold as well as how a service mesh can support a security stack.
LastPass data breach is worse than first thought; user data and password vaults grabbed by hackers


Password management firm LastPass has issued an update about a security breach that was first revealed back in August. The news is not good; the data breach is significantly worse than initial reports suggested.
LastPass says that its investigations into the incident now show that the hackers were able to obtain customer vault data. The company points out that these vaults are home to both encrypted and unencrypted data, and tries to play down the significance of a threat actor gaining access to unencrypted data.
Cyberattacks, standards and the 'door dash' -- eCommerce predictions for 2023


The past couple of years have seen a boom in eCommerce as more people have worked -- and shopped -- from home.
But as the industry's profile has grown so has the risk of cyberattacks. What’s also been thrown into sharp focus is that delivery systems sometimes don't live up to the buying experience. So how will the eCommerce sector address these things in 2023? Here's what some industry experts think.
How our outlook on cybersecurity will change in 2023


It’s fair to say over the last year cybersecurity has become one of the hottest topics to discuss. We have seen the issue affect every possible area of life from healthcare and energy to multinational corporations, and even conflicts such as the Russia/Ukraine War.
As a result, cybersecurity (in some shape or form) is in the minds of nearly all major stakeholders, board members and leadership teams across the world. Research by IDC highlighted that European IT security spending will surpass $66 billion in 2026.
Security teams expect higher costs and greater workloads next year


New research from Deepwatch shows 78 percent of security professionals expect breach and incident reporting requirements to create more work for their teams, and 77 percent expect increased work arising from privacy requirements.
The SecOps pulse survey shows digital transformation initiatives and regulatory requirements are the top two cost drivers expected for next year.
More automation, zero trust and complex attacks -- enterprise security predictions for 2023

Why proactive protection is key to effective cybersecurity


Compared to many industries, cybersecurity operates in a highly adversarial environment, with organizations investing huge levels of time, money and resources into defeating a range of determined threat actors. If that weren't enough, security teams are pitted against highly motivated, well-organized criminal and nation-state groups who constantly shift tactics to gain the upper hand.
The result is that security teams are frequently inundated with alerts, false positives and negatives, which nevertheless, they are compelled to address rather than being allowed to concentrate on proactively securing their networks.
Is your cybersecurity wrapped up for the holidays?


New research published in November revealed that the severity of inbound cyberthreats increased during holiday months.
The findings, from our Barracuda XDR team' Global Security Operations Center, suggest that cyberattackers may take advantage of IT security professionals being away from the workplace to launch more complex, higher risk attacks -- possibly in the hope that understaffed security departments are less likely to be monitoring the network for threats or equipped to deal with any crisis.
Recent Headlines
© 1998-2025 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.