Articles about Security

The COVID-19 pandemic ushered in a new era of remote and hybrid work that many of us knew was possible, but felt was years away from being realized. Now, we can work anywhere in the world asynchronously, with access to the documents and tech stack required to do our jobs as we would in an office setting.

While this has helped create a better work/life balance for many employees, this corporate culture shift has created a host of new challenges for cybersecurity teams. The increase in endpoints, with an increasing number of devices accessed remotely, requires a higher level of security to tackle growing online threats. How can IT teams champion hybrid workflows in an untrustworthy digital landscape? Fortunately, there is a solution to this problem -- a zero-trust architecture.

Continue reading →

Companies spend a lot on IT security, and that trend does not look like it’s stopping, despite the current economic headwinds. Gartner estimates that spending on information security and risk management will grow by 11.3 percent to reach more than $188.3 billion in 2023. Yet, in the face of mounting economic pressure, many companies are afraid they will have to cut their spending. According to our own research, around 44 percent of small and mid-sized enterprise (SME) companies think they will have to reduce their IT budgets in 2023.

Of these, around three quarters think this reduction will lead to increased risk to the business. When this happens stress and overtime increase dramatically -- already, we found that all IT professionals work more hours than they are paid for with 26 percent saying they average ten hours a week in overtime. In order to solve these problems, we have to think again about the role of IT security, and why the size of the company you support affects how you can achieve your goals.

Continue reading →

The crypto and banking sectors both experienced a nearly two-fold increase in identity fraud in 2022, according to a new report from verification platform Sumsub.

The report also finds that over half of all fraud cases happened in just five countries: Bangladesh (22 percent), Pakistan (15.2 percent), Vietnam (8.1 percent), Nigeria (5.4 percent) and the USA (5.1 percent).

Continue reading →

Cyber extortion is impacting businesses of all sizes across the world, and 82 percent of observed are small businesses, an increase from 78 percent last year.

The latest Security Navigator report from Orange Cyberdefense shows a marked slow-down in cybercrime at the onset of the Ukraine war, but intensity soon increasing again.

Continue reading →

Dropbox has announced plans to acquire "key assets" from Boxcryptor in a move that will boost security for business users.

The acquisition will bring zero-knowledge end-to-end encryption to users signed up for business account. It is something that Dropbox undoubtedly hopes will help increase confidence in its cloud storage service.

Continue reading →

The Log4j or Log4Shell vulnerability first hit the news in December 2021 sending ripples through the cybersecurity world. So you might be forgiven for thinking that it's safe to assume it's no longer a threat. However, one year on it seems that this is a vulnerability that keeps on being, well… vulnerable.

New research from Tenable, based on data collected from over 500 million tests, shows that 72 percent of organizations remain vulnerable to Log4Shell as of October this year.

Continue reading →

New research from cloud platform Fastly shows that while enterprises are increasing their cybersecurity spending they're not making the most of their investments.

While 73 percent of organizations worldwide are increasing their cybersecurity spending to protect themselves against future risks, IT leaders are investing poorly with only 61 percent of their cybersecurity tools fully active or deployed.

Continue reading →

A new survey reveals that while CISOs are still experiencing challenges around visibility, intelligence and control, nearly half (47 percent) are proactively focused on digital transformation and cloud migration.

The study of 600 UK CISOs from BlueFort Security finds most have moved beyond the challenges of a widespread shift to remote working and are now focused on digital transformation and migration to the cloud, despite an uncertain world picture and bleak economic environment.

Continue reading →

The cybersecurity industry loves a good acronym and in recent times SASE and SSE have been among the ones to grab popular attention.

But in many cases a number of disparate technologies have been patched together to fulfill the promise of a unified solution for securing and accessing the service edge. Often this has occurred through company acquisitions.

Continue reading →

Regardless of how much money is spent on cybersecurity, the likelihood of getting hacked, is steadily increasing. The threat landscape is constantly evolving with new ransomware and extortion attacks being reported daily, in addition to adversarial nation states stealing personal information and intellectual property for nefarious purposes.

The reasons are manifold and complex. IT infrastructures are becoming increasingly more complicated, with new software development programs that introduce new vulnerabilities. Cyber criminals are becoming more sophisticated and better organized, with new advanced persistent threats (APTs) continually being discovered. Compounded by state-sponsored cyber espionage seeking anything that can be used for economic or political advantage.

Continue reading →

As one of the easiest attacks to launch and often devastatingly effective, a distributed denial of service (DDoS) attack is one of the most common threats in today’s cybersecurity landscape. In simple terms, a DDoS attack seeks to disrupt a target’s connectivity or user services by flooding its network with an overwhelming volume of fraudulent traffic, typically through a botnet.

The damage from a DDoS attack can be devastating. In one recent survey, 98 percent of respondents reported costs of more than $100,000 for each hour of downtime, while over one-third estimated costs in excess of $1 million. The average DDoS attack causes $218,000 in direct damage (around £179,601), in addition to any accompanying extortion, data theft, business disruption, or harm to the victim’s reputation and business and customer relationships. 

Continue reading →

New research from Vectra AI finds 70 percent of organizations have fallen victim to an attack that used encrypted traffic to avoid detection, and 45 percent admit they've been victims more than once.

It's concerning that 66 percent say they don't have visibility into all their encrypted traffic, leaving them highly vulnerable to further encrypted attacks.

Continue reading →

Building a security operations center (SOC) is a tall feat. With the global technology talent shortage estimated at 85 million workers by 2030, it is clear that talent is, and will continue to be, hard to find.

Organizations must learn to create a SOC in an adaptable way that makes scaling to meet varying demands of clients simple while addressing the cybersecurity talent shortage. Special considerations should be made regarding tool selection, proper staffing, organizational needs and performing a gap/risk analysis utilizing outside consultation when applicable. Let’s explore a few best practices.

Continue reading →

APIs allow products and services to communicate with each other and have become essential to digital transformation projects as they make it easy to open up application data and functionality to third-party developers and business partners, or to departments within the enterprise.

Where legacy systems are involved though it's often necessary to modernize the API infrastructure to ensure things work smoothly and this can lead to serious challenges, especially where security is concerned.

Continue reading →

With reports showing that 90 percent of organizations were impacted by ransomware over the past twelve months, policies ensuring that data is both safeguarded and recoverable have become a necessity rather than an option.

However, changes to the data security landscape in the intervening years since methods such as the 3-2-1 backup rule were first adopted means these approaches may no longer be fit for purpose when it comes to mitigating against data loss.

Continue reading →