Articles about Security

Businesses today face a wider and more dangerous array of cybersecurity threats than ever before. In the UK alone there were more than 400,000 reports of fraud and cybercrime in 2021. Those crimes come with significant costs too. In addition to the reputational damage that comes with cybersecurity incidents, data breaches cost UK companies an average of US$4.35 million.

That makes it critical that organizations have the best possible cyber defences in place, not just for the threats they face today but also for those of tomorrow. This is especially true for business-critical applications like ERP systems that need to be run continuously in order for the organization to keep operating smoothly and servicing its customers.

Continue reading →

Two-thirds (66 percent) of security and compliance leaders are worried that their employees are using unmonitored communications channels, according to a new report.

The study from Theta Lake finds 67 percent of respondents expect the usage of collaboration tools and popular platforms like Microsoft Teams, Zoom, Webex, Slack and RingCentral to increase.

Continue reading →

A new survey of UK IT decision makers from cybersecurity company WithSecure looks at global supply chain issues, with 67 percent of respondents believing that these issues will either remain the same (28 percent) or get worse (39 percent) within the next year.

As issues around inflation and supply shortages remain high in the news agenda, 43 percent believe they are very knowledgeable in their understanding of supply chain issues. However, few are confident of quick fixes to these global issues, and 60 percent of respondents believe that they will last for two years or more.

Continue reading →

Attacks on the software supply chain have become more common in recent years. Part of the key to tackling them lies in understanding what components are in your software and where they originate.

This is why the software bill of materials (SBOM) has become a vital tool for organizations seeking to secure their software. We spoke to Alex Rybak, senior director, product management at Revenera to learn more about SBOMs and what advantages they offer.

Continue reading →

With most enterprises leveraging at least one type of cloud deployment today, the question arises: is the cloud more or less secure than on-premise solutions?

The reality is that for on prem or even private cloud environments, the approach to security largely relies on a barrier defense. When organizations are compromised within this barrier, it can basically become open season for malicious actors, which we’ve seen in marquee incidents such as the Target data breach, the Home Depot hack in 2014, or the recent Uber breach, which exploited an unpatched security vulnerability.

Continue reading →

The IT world is littered with acronyms and one of the latest is CNAPP, standing for Cloud Native Application Protection Platform. If you haven't heard about it already you almost certainly will do soon.

We spoke to Stanimir Markov, CEO at Runecast, about CNAPP, what it is and how it can benefit modern enterprises and their cloud environments.

Continue reading →

Although we've been told for years that their days are numbered, passwords are still a major part of our security defenses.

New research from Rapid7 looks at two of the most popular protocols used for remote administration, SSH and RDP, to get a sense of how attackers are taking advantage of weaker password management to gain access to systems.

Continue reading →

The period from July to September this year has seen 27 ransomware variants used to conduct 455 attacks according to cybercrime intelligence company Intel 471's Spot Reports and Breach Alerts.

This represents a decrease of 38 attacks from the second quarter of 2022 and 134 from the first quarter of 2022.

Continue reading →

New research from identity verification company Socure looks at patterns surrounding how fraudsters construct synthetic identities to identify factors that may assist in identifying and thwarting this kind of crime.

The study shows that criminals employing synthetic identities do their best to blend them with the overall population. So in the majority of cases, synthetic identities fell into the most common demographics and consumer traits.

Continue reading →

Microsoft has admitted that the sensitive data of thousands of customers was exposed last month because of a "misconfigured Microsoft endpoint". The data includes names, email addresses, the content of emails and attachments related to business between a customer and Microsoft or an authorized Microsoft partner.

Security researchers from SOCRadar notified Microsoft about the server misconfiguration back on September 24. The data exposure is part of a series of leaks from public data buckets which the security firm has dubbed BlueBleed. It is described as "one of the largest B2B leaks in recent years" and affects thousands of individuals and companies across over 100 countries. Microsoft has addressed the misconfiguration, but the company is not happy with SOCRadar.

Continue reading →

A new survey of 150 federal cybersecurity leaders finds that 73 percent of respondents feel a lack of foundational data protection efforts puts their agency at risk.

In addition the research, from data protection provider Zettaset, shows 77 percent say that siloed systems that lack visibility make it difficult to properly protect critical assets. It's not surprising then that 57 percent report experiencing multiple data breaches over the past two years.

Continue reading →

Incident investigations in today's environments such as the cloud, containers and serverless environments can be a challenge. In particular collecting volatile data quickly following an incident to help security teams identify root causes and respond faster.

Cado Security is launching a new new volatile artifact collector tool that allows security analysts to collect a snapshot of volatile data, adding critical context to incident investigations.

Continue reading →

Geopolitical tensions are on the rise around the world and global economic structures continue to evolve as a result. Political disruption and unrest can have a far-reaching impact on the rest of the globe. This impact can be seen most clearly in the ripple effects that the current ongoing Ukraine-Russia war has had on the rest of the world in terms of economic volatility, food insecurity, and dramatic price increases.

Businesses are, of course, hyper-focused on ensuring their resilience to geopolitical risk, fragmentation, and uncertainty, which according to McKinsey’s latest Economic Conditions Outlook is at the top of the agenda for CEOs. But, if businesses want to safeguard their resilience during this disruptive time, organizations will need to prioritize their security.

Continue reading →

A new survey of over 300 IT professionals with responsibility for workforce identities and their security in large organizations shows that 87 percent expect passwordless solutions will become the leading approach to secure workforce identities within five years.

The study by Dimensional Research for Secret Double Octopus looks at perceptions and adoption of newer FIDO2-certified enterprise passwordless solutions, and the impact of single sign-on portal and endpoint biometric-based 'passwordless-like' experiences.

Continue reading →

As large-scale incidents like the Colonial Pipeline ransomware attack and CAM4 data breach have been increasing, security professionals need to integrate tools that fight fraud into their cyber protection plans. Anti-fraud systems have been protecting cyber environments from account hijacking, identity theft, and fraudulent transactions for many years. However, few people know that there are different types of products with specific characteristics. 

As its name suggests, a fraud prevention system is meant to detect and prevent fraudulent activities. Financial institutions were the first to use these systems at the beginning of the 2010s, following large-scale attacks that targeted e-banking systems. Later, other sectors, including e-commerce, client loyalty systems, gaming services, contextual ad platforms, and insurance, implemented anti-fraud solutions too. Fraud prevention systems are pivotal whenever online transactions and trade take place.

Continue reading →