Articles about Security

The latest quarterly report from NortonLifeLock's global research team, Norton Labs, looks at how cybercriminals are using social media phishing attacks to steal private information.

Based on analysis of a full year of phishing attacks on the top social media platforms, it finds plenty of fake login pages designed to trick victims into inputting their login credentials, but also a diversity and complexity of lures going far beyond that one technique.

Continue reading →

A new survey reveals that 60 percent of respondents believe their overall security strategy does not keep pace with the threat landscape, and that they are either lagging behind (20 percent), treading water (13 percent), or merely running to keep up (27 percent).

The study from privileged access management specialist Delinea also shows that 84 percent of organizations experienced an identity-related security breach in the last 18 months, despite 40 percent of respondents believing they have the right strategy in place.

Continue reading →

One in three employees doesn't understand the importance of cybersecurity at work according to new research from email security company Tessian.

In addition only 39 percent of employees say they're very likely to report a security incident, making investigation and remediation even more challenging and time-consuming for security teams. When asked why, 42 percent of employees say they wouldn't know if they had caused an incident in the first place, and 25 percent say they don't care enough about cybersecurity to mention it.

Continue reading →

Cyber threats are growing in volume and sophistication, but efforts to combat them are being hampered by a shortage of cybersecurity skills.

One way of meeting that shortage is to look at upskilling and retraining within the current workforce. We spoke to Apratim Purakayastha, chief technology officer at Skillsoft, to find out more about how using innovative learning solutions can deliver the skills businesses need.

Continue reading →

The threat landscape facing enterprises is changing constantly. In recent months, major vulnerabilities like Log4j and malware-based threats have demonstrated the need for organizations to move quickly in order to defend themselves.

Is the best way to stay on top of the most pressing threats to harness the power of the global cybersecurity community for defense in a sort of cyber NATO? We talked to SOC Prime CEO Andrii Bezverkhyi to find out.

Continue reading →

Microsoft has introduced a change to Windows 11 that makes it much harder to use brute force attacks to crack passwords. Starting with the latest Insider builds, there is a new account lockout policy in place by default.

The policy means that should an incorrect password be entered 10 times, the account will be locked for 10 minutes. While this does not make brute forcing impossible, by any means, it makes it much harder and more time consuming, boosting security in an important area.

Continue reading →

Much like the legitimate eCommerce world, trust and reputation have become essential parts of the cybercriminal trade. New research by HP Wolf Security finds 77 percent of cybercriminal marketplaces analyzed require a vendor bond -- a license to sell -- which can cost up to $3,000.

In other evidence of a professional approach, 85 percent of these sites use escrow payments, and 92 percent have a third-party dispute resolution service. Every marketplace provides vendor feedback scores too. Cybercriminals also try to stay a step ahead of law enforcement by transferring reputations between websites -- as the average lifespan of a dark net website is only 55 days.

Continue reading →

A new study from secure access specialist Appgate based on research by the Ponemon Institute finds 60 percent of IT and security leaders are not confident in their organization's ability to ensure secure cloud access.

The survey of nearly 1,500 IT decision makers and security professionals worldwide sets out to examine the pain points experienced in securing cloud environments and how zero trust security methods can enable digital transformation.

Continue reading →

A new survey shows that 47 percent of organizations have experienced a vishing (voice phishing) or social engineering attack via their voice networks in the past year.

The study by voice traffic protection specialist Mutare also finds most are unaware of the volume of unwanted phone calls traversing their network, or the significance of threats lurking in unwanted traffic, which includes robocalls, spoof calls, scam calls, spam calls, spam storms, vishing, smishing and social engineering.

Continue reading →

Quantum computing with its vastly improved processing capability offers the chance of many positive developments in research and science. But it also represents a potential threat to our current encryption models.

How big is quantum's threat to cybersecurity? And should we be taking action on this now? We talked to Skip Sanzeri, QuSecure co-founder and COO, to find out.

Continue reading →

Software supply chain risk has become mainstream, with 52 percent of respondents to a new survey being concerned about it.

The study from cybersecurity company Coalfire also finds 50 percent of boards of directors with software-buying companies are raising concerns, which means that responsibility for software supply chain risk is no longer confined to technical teams.

Continue reading →

New research from Specops Software finds major cybersecurity weaknesses in popular web services including Shopify, Zendesk, Trello, and Stack Overflow.

The study shows several popular business web applications have failed to implement critical password and authentication requirements to protect customers from cybercrime.

Continue reading →

A new report released today by ForgeRock shows the average cost of a breach in the US has increased by 16 percent to $9.5m, making the US the costliest place in the world to recover from a breach.

It also reveals a massive 297 percent surge in breaches caused primarily by security issues associated with supply chain and third-party suppliers and representing almost 25 percent of all breaches.

Continue reading →

Email security continues to be a top concern of organizations, with 94 percent of all cyber attacks being delivered through email. As the most frequently used communication channel across all industries -- no wonder threat actors love exploiting it!

The conventional approach to email security is failing. Our latest research found that an average of 75 malicious messages per 100 mailboxes slip past traditional email security filters every month. Consequently, organizations put employees through countless hours of security training with hopes they spot and report these threats to security operations centers. The so-called Human Firewall.

Continue reading →

"Automation" has become a buzzword in cybersecurity circles. That is not surprising in an environment where security specialists are in short supply and under intense pressure to defend the business against a huge variety of threats from innumerable different sources. Using technology to do at least some of the work seems like a no-brainer. Nevertheless, it seems that organizations are finding it hard to get the right approach to cybersecurity automation.

Threat Quotient conducted research last year that found resources, time and a lack of trust in outcomes are preventing companies from realizing the benefits of automation. In a recent webinar, myself, Nabil Adouani, CEO of Strange Bee and co-founder of The Hive Project, and our Global VP of Threat Intelligence Engineering Chris Jacobs discussed the current state of automation, the expectations around what automation can actually achieve, and what this means for implementation in the real world.

Continue reading →