Data protection has historically been viewed as a function owned by a few individuals, or the domain of the IT department. However, it is vital that all employees share the responsibility of preventing and mitigating information security breaches.

When an organization creates a corporate culture dedicated to data protection, it provides more disciplined operations, increased customer and stakeholder trust, and minimized risk.

Yahoo users who have not changed their passwords for a while are being advised to do so. The company has confirmed that it suffered a major security breach back in 2014 and information relating to 500 million accounts was stolen.

Yahoo says that the attack was carried out by a "state-sponsored actor" but does not elaborate on who it might be. The data accessed includes "names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers".

Attacks on websites are a daily occurrence so to get any real attention an attack needs to be something special. Starting on Tuesday, Brian Krebs' security blog, KrebsOnSecurity.com, was hit with what is being described as "the largest DDoS the internet has ever seen".

Despite being clobbered with a colossal 665 Gbps of traffic, Krebs' site remained online thanks to the anti-DDoS efforts of security firm Akamai. It is thought that Krebs was targeted for his exposés of hackers, and the attack was delivered via a huge number of hacked IoT devices.

A new study reveals that 53 percent of IT professionals use common, but ineffective, methods to erase data on corporate computers, external drives and servers.

The survey by Blancco Technology Group of over 400 professionals worldwide found that 31 percent report dragging individual files to the Recycle Bin and 22 percent reformat the entire drive.

A majority of enterprises (79 percent) say they have taken action to improve their security in response to major cyber attacks. However, 40 percent of organizations still store privileged and admin passwords in a Word document or spreadsheet, while 28 percent use a shared server or USB stick.

This is among the findings of the 10th annual Global Advanced Threat Landscape Survey from cyber security company CyberArk which looks at whether organizations are learning lessons from cyber attacks.

The number of breaches and their severity are both growing, a new report by digital security company Gemalto is saying.  Titled Breach Level Index, it says there has been 15 percent more data breaches in the first half of 2016, compared to the last six months of 2015.

A total of 974 data breaches were reported worldwide, amassing 554 million compromised data records, in the first half of 2016. It is also interesting that in more than half of cases (52 percent), the number of compromised records were not disclosed at the time of reporting. Looking specifically at the UK, there have been 61 breaches, most of which happened at the government sector (14). Finance and healthcare sectors were close second and third.

In the first six months of 2016 users were twenty percent less likely to encounter malware than in the same period last year. But although attacks are decreasing they’re getting more sophisticated and often disappear within hours having achieved their aims.

These are the key findings of the latest Webroot Quarterly Threat Report, based on information collected from millions of endpoints, released today.

The highest rates of ransomware are now found in the education and government sectors according to the findings of a new report from BitSight.

The report looks at how ransomware is impacting almost 20,000 companies in six major industries: finance, retail, healthcare, energy/utilities, government and education. The findings show that the rate of new ransomware strains, such as Locky and Cryptowall, has spiked over the last couple of years, and numerous industries are beginning to fall victim to these ransomware attacks.

Oracle has announced that it will purchase the cloud access security broker (CASB) Palerra, making this the company's eight acquisition in 2016.

The deal was announced at the beginning of Oracle OpenWorld in San Francisco and the amount which the company is paying for Palerra has yet to be disclosed. Oracle made the decision to purchase the company for its Loric software product as it "protects and assures compliance of applications, workloads and sensitive data stored across cloud services".

Traditional approaches to deploying security controls don't always provide appropriate or sufficient protection for mission-critical information assets.

Aiming to support enterprises in guarding this information, the Information Security Forum (ISF) is launching 'Protecting the Crown Jewels', a series of reports based on the ISF Protection Process, to help organizations formulate a structured, methodical process to deliver comprehensive, balanced protection.

A company is rarely attacked by a DDoS (distributed denial of service) just once. If it happens once, it will probably happen again, which is why constant preventive measures are required, if a company wants to keep their online services operational.

These are the results of a new report by Kaspersky Lab. Entitled Corporate IT Security Risks 2016, it says that one in six companies were victims of DDoS attacks in the past 12 months. The majority of those attacks were aimed against construction, IT and telecommunications companies.

The potential for data loss is there for all businesses, but smaller organizations often don’t have the resources to guard against it as effectively as larger ones.

Safetica, an established European data loss prevention company, is launching in North America and aiming its software at small and medium businesses. It's easy to use, helps businesses of all sizes comply with regulations, and Safetica provides support before and after deployment at no charge.

Businesses are increasingly recognizing that passwords are no longer an adequate way of protecting systems. But users still need a means of access that is easy to use, secure and doesn't get in the way.

Cloud-based access provider Duo Security is today announcing that it's combined its flagship two-factor authentication and device insight with single sign-on (SSO) capabilities to create a trusted access platform.

Hackers are increasingly targeting healthcare institutions with malware because of their poor cyber-security posture, reliance on legacy IT systems, third-party services and the need to access information as soon as possible in order to deliver great patient care. These are the conclusions released in a new report entitled McAfee Labs Threats Report: September 2016.

It says that hospitals paid almost $100,000 (£75,500) to a specific bitcoin account. In the first half of 2016, one "actor" (it could be a single hacker, but more likely a group) apparently received $121 million in ransomware (189,813 bitcoin), targeting various industries. This actor, according to the report, has had profits of $94 million in the first six months of this year.

Hackers are using social media to gather information about their next victim. They use that information to form sophisticated strategies and deliver advanced threats into networks.

These are the results of a new Blue Coat Systems report, based on a poll of 3,130 workers in various industries in Great Britain, France and Germany. Key takeaway from the report is that user behavior has not improved much since last year. This year, 42 percent of respondents say they only accept friend requests from people they know.