Articles about Security

APIs allow products and services to communicate with each other and have become essential to digital transformation projects as they make it easy to open up application data and functionality to third-party developers and business partners, or to departments within the enterprise.

Where legacy systems are involved though it's often necessary to modernize the API infrastructure to ensure things work smoothly and this can lead to serious challenges, especially where security is concerned.

Continue reading →

With reports showing that 90 percent of organizations were impacted by ransomware over the past twelve months, policies ensuring that data is both safeguarded and recoverable have become a necessity rather than an option.

However, changes to the data security landscape in the intervening years since methods such as the 3-2-1 backup rule were first adopted means these approaches may no longer be fit for purpose when it comes to mitigating against data loss.

Continue reading →

Organizations are paying $1,197 per employee each year to address successful cyber incidents across email services, cloud collaboration apps or services, and web browsers.

This means that a 500-employee company spends on average $600,000 an year, according to a new survey for Perception Point, carried out by Osterman Research.

Continue reading →

There have been complaints recently about Microsoft using the Start menu to promote its own OneDrive service as well as suggesting websites, but another upcoming addition to Windows 11 is likely be rather better received.

Hidden among the numerous new features of Windows 11 build 25247, is an update to the network connectivity icon that appears in the notification area of the taskbar. It provides at-a-glance information about whether your VPN is active.

Continue reading →

Application development can be linked closely to Newton’s Third Law of Motion: For every action there is an equal and opposite reaction. Developers simply want to develop, but seemingly whenever they want to develop, application security (AppSec) teams fire back with concerns ensuring the safety of the application, breeding tension and slowing development. In the wake of this tension, we must ask ourselves how we can go about ensuring security while maintaining a streamlined development process -- enter the rise of "security champions."

A security champion program is the process of spreading awareness around best security practices for organizational behavior in order to reduce overall security risk. Security champions are individuals who otherwise would not be involved in security, but receive additional training and incentives to represent security on their teams. The rise of security champions truly developed as a trend from the concern that the average developer is not being measured on security, and therefore is not focused on maintaining it. There is a popular belief, particularly in the use of open-source code, that security is not a part of the development process because it is not the responsibility of the developer to ensure the code is secure -- thus banking on the assumption that the code used is reliable. In fact, security teams, while necessary, are often viewed as bottlenecks in the process, preventing developers from constantly churning out code.

Continue reading →

Data centers around the world are currently home to an estimated 1,327 exabytes of data. This information has a potentially huge value so it needs protecting.

But as more businesses choose to trust their information to external data centers how can they be sure that it's going to be properly secured? We spoke to Oliver Pinson-Roxburgh, CEO of Defense.com, to find out how organizations can choose the most secure data center possible?

Continue reading →

With Black Friday and the holiday shopping season this is always the peak time of year for scammers to try to fleece the unwary. But this year there's also the FIFA World Cup in Qatar to add to the mix.

Leaving aside the debate over whether the tournament should have been held in the Gulf state in the first place, researchers at Kaspersky have been looking at the scams aimed at stealing football (soccer for Americans) fans' identity and banking details.

Continue reading →

Data is increasingly one of the most valuable resources that businesses have, but extracting that value requires effective management of content.

A new survey from Rocket Software of more than 500 corporate IT professionals across multiple industries in the US, UK and APAC regions shows that business data is still vastly unstructured with 81 percent of respondents indicating that at least some of their data is considered 'dark'.

Continue reading →

Ransomware attackers are exploiting the fact that organizations have fewer security staff available at weekends and holiday times in order to launch more devastating attacks.

A new report from Cybereason shows 44 percent of companies reduce security staffing over holidays and weekends by as much as 70 percent compared to weekday levels. 21 percent reduce staff by as much as 90 percent.

Continue reading →

Cybersecurity issues are increasingly complex and that means that they are unlikely to be addressed by just a single vendor. And when an attack does happen it needs to be stopped fast, which needs close collaboration.

A new Data Security Alliance announced today by Cohesity aims to combine best-in-class solutions from industry leading cybersecurity and services companies with exceptional data security and management expertise.

Continue reading →

Cyber resilience has been a high-profile issue across industries, especially since the pandemic. As organizations were forced to adopt hybrid working, they had to reconsider infrastructural configuration. Facilitating remote working meant that businesses needed to consider a plethora of new endpoint devices connecting to the enterprise network. This increasing digital landscape is creating a wide range of complexities for businesses around network management and device visibility.

The ever-evolving IT estate is only a part of the cyber-security team’s challenges. It is almost impossible to 'solve' the complexity it brings with it because the requirements of dealing with and handling the technology keep changing. The security team's preparedness, ability to work under pressure, and people skills will determine how resilient an organization is, and how well it can detect, defend, and respond to a new or emerging attack. It is therefore vital to give teams the capabilities they need adapt to the ever-changing threat landscape. security teams.

Continue reading →

The change to hybrid work and increased adoption of cloud-based services has led to greater pressure on enterprises to get a grasp on their identity management.

Digital identity company ForgeRock is launching a new identity governance solution designed to address identity and compliance issues for large organizations.

Continue reading →

Two years ago when we reviewed the Firewalla Blue we remarked on how tiny it was relative to the level of protection it offers.

The recently launched Gold Plus version is a much bigger and more serious piece of kit aimed at small businesses and professional home users. It offers the same simple, plug-in protection as the Blue but can be used in a number of other ways too.

Continue reading →

Containers are meant to be immutable.Once the image is made, it is what it is, and all container instances spawned from it will be identical. The container is defined as code, so its contents, intents and dependencies are explicit. Because of this, if used carefully, containers can help reduce supply chain risks.

However, these benefits have not gone unnoticed by attackers. A number of threat actors have started to leverage containers to deploy malicious payloads and even scale up their own operations. For the Sysdig 2022 Cloud-Native Threat Report, the Sysdig Threat Research Team (Sysdig TRT) investigated what is really lurking in publicly available containers.

Continue reading →

When buying a smartphone, you have two real choices. You can opt for an iPhone, which runs iOS, or one of the many Android handsets available from the likes of Google, Samsung, Huawei, OnePlus and Sony.

If you value your privacy, then you might want a phone that truly does too. Volla Phone 22, from German firm Hallo Welt Systeme UG, is a good-looking device that is focused on keeping you safe and secure. It runs a choice of operating systems -- Volla OS, Ubuntu Touch, and the recently added Sailfish OS -- that can be selected on start-up. Support for additional mobile operating systems is coming soon.

Continue reading →