Articles about Security

A new report from web application protection specialist Source Defense highlights the risk presented by the use of third and fourth party code on corporate websites.

The digital supply chain means that highly dynamic and unpredictable scripts and code from third parties and beyond, permeate every aspect of a business's web presence. This shadow code has led to some high profile breaches including the British Airways hack in 2018.

Continue reading →

New analysis of data breaches in the UK legal sector reveals that 68 percent were caused by insiders.

Analysis by secure cloud platform NetDocuments of data from the Information Commissioner's Office (ICO) reveals evidence of a 'Great Exfiltration' where employees are leaving their jobs and taking their company's data with them.

Continue reading →

Supply chains are fast becoming one of the top targets for cyber criminals, so when it comes to supply chain risk management, organizations in every industry need to start paying more attention.

While the vast majority of business leaders recognize that cybersecurity is now a key priority, the UK’s Department for Digital, Culture, Media and Sport (DCMS) recently noted that in too many instances, actions aren’t keeping up with intentions. In fact, nearly a third of UK companies admitted they aren’t currently taking any preventative action at all.  

Continue reading →

We're familiar with threats to data and data networks, but there's another part of corporate communication that's often overlooked yet represents an equally valid attack vector and equally high risks.

We spoke to Mutare CTO Roger Northrop to find out more about the risks voice networks present and why organizations need to take them seriously.

Continue reading →

In the past year, research indicates that nearly a third of organizations have accelerated their plans to automate key security and IR processes, whilst another 85 percent plan on automating them in the next 12 months.

Despite the positivity of these statistics, many organizations struggle to change to a more automated process. This was highlighted at a recent webinar we held with a panel of senior cybersecurity experts from a multitude of sectors. The discussion revealed that, while most organizations are exploring automation, few have made significant progress and they attributed this to a combination of factors including needing an improved understanding of automation, increased help from vendors and a lack of good IT foundations.

Continue reading →

In recent years cyberattacks have evolved from being the preserve of individual hackers to something much more serious, carried out by organized criminals and even nation states with the aim of espionage and financial gain.

This makes the process of investigating and defending against attacks more important than ever, but the sophistication of the methods used doesn't make the process any easier. This new book from security strategist Jon DiMaggio offers an investigator's guide to understanding the latest generation of threats.

Continue reading →

Thanks to increased use of computers and mobile phones almost every crime now has some form of digital element. This has put a strain on the police's ability to investigate effectively and inevitably led to delays.

West Midlands Police in the UK has become the first to deploy a new cloud-based digital forensic solution from Exterro which allows greater collaboration between officers and means cases can be worked on remotely and resolved at greater speed.

Continue reading →

OK, so there may not be a pension scheme and a company car, but rookie fraudsters are taking home approximately $18,700 (£15,000) a month with 'cybercriminal CEOs' making up to three times as much as their counterparts in legitimate businesses. According to a new report from Arkose Labs.

The return on investment for launching cyber attacks or committing online fraud is larger than ever before. Some of the highest earning fraudsters are known to be making around $7.5 million (£6 million) a year according to even the most conservative estimates. This is almost three times the amount that FTSE 100 chief executives were paid in 2020, when they earned an average $3.4m (£2.7m).

Continue reading →

We all know that quantum computing is going to offer a major boost in computing power. But that power also represents a threat to cryptographic systems, potentially putting the world's data at risk.

To address the issue QuSecure is launching an industry first end-to-end post-quantum cybersecurity (PQC) software-based solution designed to protect encrypted communications and data with quantum-resilience.

Continue reading →

The number of DDoS attacks dropped 13 percent in 2021 compared to 2020, but remained well above pre-pandemic levels.

Research from Nexusguard also shows that while the average attack size fell by 50 percent over 2021, the maximum attack size nearly tripled, growing by a whopping 297 percent over the same period.

Continue reading →

The infamous Equifax data breach dominated headlines in 2017. The social security numbers, driver's license numbers, names, dates of birth, addresses -- and in some cases credit card numbers -- of 148 million individuals were exposed. With over half of the U.S. population affected, the credit reporting giant spent $1.4 billion in damage control, including paying customers out up to $20,000 and providing them with ongoing fraud assistance and monitoring.

This wasn’t the first breach of its kind to occur, and it certainly won’t be the last: Uber, Facebook, and Google have also been hit, to name a few. But perhaps the most alarming part about attacks like the Equifax breach is that -- at just over four years post-breach -- we’re still not out of the woods yet. And we might never be full. Major breaches leave us vulnerable long after the dust has settled. With more people’s personal identifiable information now readily available to be exploited, it’s only a matter of time.

Continue reading →

The latest Bad Bot Report from Imperva shows that bots are an increasingly significant part of the web, accounting for over 42 percent of traffic overall.

More concerning still is that bad bots accounted for a record-setting 27.7 percent of all global website traffic in 2021, up from 25.6 percent in 2020. The three most common bot attacks are account takeover, content or price scraping, and scalping to obtain limited-availability items.

Continue reading →

The first quarter of 2022 has seen a 7.6 percent increase in the number of vulnerabilities tied to ransomware, with 22 new ones discovered.

The latest Ransomware Index from Ivanti, conducted with Cyber Security Works, shows that of those 22, 19 are connected to Conti -- a prolific ransomware group that pledged support for the Russian government following the invasion of Ukraine.

Continue reading →

Enterprise Security Information and Event Management (SIEM) tools are detecting fewer than five of the top 14 MITRE ATT&CK techniques employed by adversaries in the wild, according to a new report.

Analysis by AI-powered detection engineering company CardinalOps also shows SIEMs are missing detections for 80 percent of the complete list of 190+ ATT&CK techniques.

Continue reading →

Three out of five organizations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months, according to a new study.

Research from email security company Tessian and the Ponemon Institute shows 65 percent of over 600 IT security practitioners surveyed see email as the riskiest channel, followed by 62 percent for cloud file sharing and 57 percent for instant messaging.

Continue reading →