Businesses are increasingly recognizing that passwords are no longer an adequate way of protecting systems. But users still need a means of access that is easy to use, secure and doesn't get in the way.

Cloud-based access provider Duo Security is today announcing that it's combined its flagship two-factor authentication and device insight with single sign-on (SSO) capabilities to create a trusted access platform.

Continue reading →

Hackers are increasingly targeting healthcare institutions with malware because of their poor cyber-security posture, reliance on legacy IT systems, third-party services and the need to access information as soon as possible in order to deliver great patient care. These are the conclusions released in a new report entitled McAfee Labs Threats Report: September 2016.

It says that hospitals paid almost $100,000 (£75,500) to a specific bitcoin account. In the first half of 2016, one "actor" (it could be a single hacker, but more likely a group) apparently received $121 million in ransomware (189,813 bitcoin), targeting various industries. This actor, according to the report, has had profits of $94 million in the first six months of this year.

Continue reading →

Hackers are using social media to gather information about their next victim. They use that information to form sophisticated strategies and deliver advanced threats into networks.

These are the results of a new Blue Coat Systems report, based on a poll of 3,130 workers in various industries in Great Britain, France and Germany. Key takeaway from the report is that user behavior has not improved much since last year. This year, 42 percent of respondents say they only accept friend requests from people they know.

Continue reading →

Because it allows only the essential elements of the Windows operating system to run, Safe Mode is a useful tool for diagnosing and fixing problems. But according to researchers at CyberArk Labs it could also be exposing you to risk.

Safe Mode stops a lot of third-party software from running at startup and that can include many security solutions. Attackers who have gained remote access to a machine may therefore be able to reboot it into Safe Mode to launch attacks.

Continue reading →

When it comes to corporate IT security, one of the biggest pain points is the mobile device. With almost every employee having one, and many bringing their own, the cyber-attack surface increases dramatically, putting corporate data at huge amounts of risk. Now, IBM is stepping into the game with a service of its own, which aims to protects mobile devices, via IBM Cloud.

The mobile-security-as-a-service, called IBM MaaS360, aims to help IBM’s clients address local data protection standards. It is currently in operation in the US, Germany and Singapore, with France and India already in the works. They will be followed by an "additional eight countries" planned for the next two years. IBM didn’t go into further detail, but we’re hoping the UK will be among them.

Continue reading →

If your company counts 50 people, at least one of them might be a malicious insider, according to new studies. Imperva has released a report which says that 36 percent of surveyed companies suffered a security incident involving malicious insiders in the past year. One in every 50 employees is considered to be a malicious insider.

Another interesting finding is that not all malicious insiders are disgruntled former employees looking to inflict some damage as they close the door on their way out. There are people who are using their position to transform confidential data into a second stream of income. The ramifications of such behavior can be dire -- in one example, a company has had to shut down operations for three weeks, after an attack, and another had its banking system hacked.

Continue reading →

We are coming closer to the point where a cyber-attack will cost every large business more than $1 million. According to a new Kaspersky Lab report, a single cyber-security incident now costs a large business, on average, $861,000.

Small and medium-sized enterprises (SME) pay ten times less, on average -- $86,500. The new report also stresses, once again, how costs go up the longer the threat remains unseen. For an SME, it will have to pay 44 percent more to recover from a week-old attack, compared to the one spotted on the first day. Among large companies, the percentage sits at 27.

Continue reading →

As students head back to university, a survey by Intel Security reveals that, in the UK at least, half of them are failing to protect their phones, tablets and laptops from online threats.

The survey of more than 1,000 UK-based students carried out in conjunction with The National Student finds that despite a quarter of teenagers reporting that they are 'almost constantly' online, only 50 percent of students ensure they have the necessary security software installed to keep their devices and data safe.

Continue reading →

UK businesses’ number one technology priority is security, according to a new survey by EACS. The IT solutions and managed services provider polled CIOs, IT directors and IT managers, and released the results in a whitepaper entitled Business & Technology Priorities 2016 survey.

Among the top priorities for them are better efficiency, operating results, increased productivity and cutting costs. The study also found one interesting thing -- all IT decision makers agree that no company can be 100 percent safe. That is why disaster recovery is in second place on the list of tech priorities.

Continue reading →

Whilst the popular view of hackers tends to be of outsiders, there's been increasing emphasis in recent years on the threat to enterprise data posed by those inside the organization.

Behavior analytics company RedOwl carried out a survey at last month's Black Hat conference, asking almost 300 security professionals for their views on insider threats, and the results are released today.

Continue reading →

Many large enterprises use Azure Active Directory (Azure AD) as their identity platform for managing users and providing secure access to thousands of cloud SaaS and on-premises applications.

Secure access company Ping Identity is announcing a collaboration with Microsoft to deliver integrations that will expand secure remote access and single sign-on (SSO) from any device to more on-premises web applications for Microsoft Azure AD customers.

Continue reading →

The UK's cyber intelligence agency GCHQ is planning what has been labelled a 'Great British Firewall' to protect individuals and companies against cyber attacks.

The idea emerged in a speech delivered by the head of GCHQ's national cybersecurity centre, Ciaran Martin, at the Billington Cyber Security Summit in Washington DC.

Continue reading →

In a rather ironic twist on traditional phishing attacks, customers of American Express are being targeted by a campaign promising them an identity theft and phishing prevention tool.

The phishing emails offer SafeKey use as bait. This is a legitimate program that Amex offers its customers as an additional layer of security to guard against ID theft and phishing.

Continue reading →

Many businesses don't carry out frequent security testing despite believing that it's critically important to securing their systems and data, according to a new survey.

The study from managed security services company Trustwave and Osterman Research finds that one in five businesses surveyed don't do any security testing, despite the fact that 95 percent of respondents reported encountering common security issues associated with security vulnerabilities.

Continue reading →

The problem with many security solutions is that the number of alerts they generate leads to a good deal of time in investigations, some of which will turn out to be false positives.

Real-time analytics company Corvil is partnering with endpoint security specialist Carbon Black to offer customers unified cyber threat detection, analysis, and response.

Continue reading →