Articles about Security

The cybersecurity industry loves a good acronym and in recent times SASE and SSE have been among the ones to grab popular attention.

But in many cases a number of disparate technologies have been patched together to fulfill the promise of a unified solution for securing and accessing the service edge. Often this has occurred through company acquisitions.

Continue reading →

Regardless of how much money is spent on cybersecurity, the likelihood of getting hacked, is steadily increasing. The threat landscape is constantly evolving with new ransomware and extortion attacks being reported daily, in addition to adversarial nation states stealing personal information and intellectual property for nefarious purposes.

The reasons are manifold and complex. IT infrastructures are becoming increasingly more complicated, with new software development programs that introduce new vulnerabilities. Cyber criminals are becoming more sophisticated and better organized, with new advanced persistent threats (APTs) continually being discovered. Compounded by state-sponsored cyber espionage seeking anything that can be used for economic or political advantage.

Continue reading →

As one of the easiest attacks to launch and often devastatingly effective, a distributed denial of service (DDoS) attack is one of the most common threats in today’s cybersecurity landscape. In simple terms, a DDoS attack seeks to disrupt a target’s connectivity or user services by flooding its network with an overwhelming volume of fraudulent traffic, typically through a botnet.

The damage from a DDoS attack can be devastating. In one recent survey, 98 percent of respondents reported costs of more than $100,000 for each hour of downtime, while over one-third estimated costs in excess of $1 million. The average DDoS attack causes $218,000 in direct damage (around £179,601), in addition to any accompanying extortion, data theft, business disruption, or harm to the victim’s reputation and business and customer relationships. 

Continue reading →

New research from Vectra AI finds 70 percent of organizations have fallen victim to an attack that used encrypted traffic to avoid detection, and 45 percent admit they've been victims more than once.

It's concerning that 66 percent say they don't have visibility into all their encrypted traffic, leaving them highly vulnerable to further encrypted attacks.

Continue reading →

Building a security operations center (SOC) is a tall feat. With the global technology talent shortage estimated at 85 million workers by 2030, it is clear that talent is, and will continue to be, hard to find.

Organizations must learn to create a SOC in an adaptable way that makes scaling to meet varying demands of clients simple while addressing the cybersecurity talent shortage. Special considerations should be made regarding tool selection, proper staffing, organizational needs and performing a gap/risk analysis utilizing outside consultation when applicable. Let’s explore a few best practices.

Continue reading →

APIs allow products and services to communicate with each other and have become essential to digital transformation projects as they make it easy to open up application data and functionality to third-party developers and business partners, or to departments within the enterprise.

Where legacy systems are involved though it's often necessary to modernize the API infrastructure to ensure things work smoothly and this can lead to serious challenges, especially where security is concerned.

Continue reading →

With reports showing that 90 percent of organizations were impacted by ransomware over the past twelve months, policies ensuring that data is both safeguarded and recoverable have become a necessity rather than an option.

However, changes to the data security landscape in the intervening years since methods such as the 3-2-1 backup rule were first adopted means these approaches may no longer be fit for purpose when it comes to mitigating against data loss.

Continue reading →

Organizations are paying $1,197 per employee each year to address successful cyber incidents across email services, cloud collaboration apps or services, and web browsers.

This means that a 500-employee company spends on average $600,000 an year, according to a new survey for Perception Point, carried out by Osterman Research.

Continue reading →

There have been complaints recently about Microsoft using the Start menu to promote its own OneDrive service as well as suggesting websites, but another upcoming addition to Windows 11 is likely be rather better received.

Hidden among the numerous new features of Windows 11 build 25247, is an update to the network connectivity icon that appears in the notification area of the taskbar. It provides at-a-glance information about whether your VPN is active.

Continue reading →

Application development can be linked closely to Newton’s Third Law of Motion: For every action there is an equal and opposite reaction. Developers simply want to develop, but seemingly whenever they want to develop, application security (AppSec) teams fire back with concerns ensuring the safety of the application, breeding tension and slowing development. In the wake of this tension, we must ask ourselves how we can go about ensuring security while maintaining a streamlined development process -- enter the rise of "security champions."

A security champion program is the process of spreading awareness around best security practices for organizational behavior in order to reduce overall security risk. Security champions are individuals who otherwise would not be involved in security, but receive additional training and incentives to represent security on their teams. The rise of security champions truly developed as a trend from the concern that the average developer is not being measured on security, and therefore is not focused on maintaining it. There is a popular belief, particularly in the use of open-source code, that security is not a part of the development process because it is not the responsibility of the developer to ensure the code is secure -- thus banking on the assumption that the code used is reliable. In fact, security teams, while necessary, are often viewed as bottlenecks in the process, preventing developers from constantly churning out code.

Continue reading →

Data centers around the world are currently home to an estimated 1,327 exabytes of data. This information has a potentially huge value so it needs protecting.

But as more businesses choose to trust their information to external data centers how can they be sure that it's going to be properly secured? We spoke to Oliver Pinson-Roxburgh, CEO of Defense.com, to find out how organizations can choose the most secure data center possible?

Continue reading →

With Black Friday and the holiday shopping season this is always the peak time of year for scammers to try to fleece the unwary. But this year there's also the FIFA World Cup in Qatar to add to the mix.

Leaving aside the debate over whether the tournament should have been held in the Gulf state in the first place, researchers at Kaspersky have been looking at the scams aimed at stealing football (soccer for Americans) fans' identity and banking details.

Continue reading →

Data is increasingly one of the most valuable resources that businesses have, but extracting that value requires effective management of content.

A new survey from Rocket Software of more than 500 corporate IT professionals across multiple industries in the US, UK and APAC regions shows that business data is still vastly unstructured with 81 percent of respondents indicating that at least some of their data is considered 'dark'.

Continue reading →

Ransomware attackers are exploiting the fact that organizations have fewer security staff available at weekends and holiday times in order to launch more devastating attacks.

A new report from Cybereason shows 44 percent of companies reduce security staffing over holidays and weekends by as much as 70 percent compared to weekday levels. 21 percent reduce staff by as much as 90 percent.

Continue reading →

Cybersecurity issues are increasingly complex and that means that they are unlikely to be addressed by just a single vendor. And when an attack does happen it needs to be stopped fast, which needs close collaboration.

A new Data Security Alliance announced today by Cohesity aims to combine best-in-class solutions from industry leading cybersecurity and services companies with exceptional data security and management expertise.

Continue reading →