Security

Cyberattacks are something every organization fears. Perhaps those who should be most concerned, and which should scare us most, are the ones that control vital infrastructure -- nuclear power plants (recall Stuxnet in Iran?), banks, telephone carriers, healthcare and power grids. 

Today, security firm Trellix releases its latest report on the current state of affairs in the industry and, as expected, the news isn’t all rainbows and unicorns. 

A new Risk Insights Index released today by Corvus Insurance reveals that the rate of ransomware claims reached in the final quarter of last year was just half of the peak seen in Q1.

At the same time the average ransom paid was around $167k, 44.2 percent less than the Q3 figure. Fewer ransoms are being paid compared to those demanded too. The percentage for the last quarter of 2021 held steady in the low twenties, down significantly from figures that once were over 50 percent. As recently as Q3 2020, the ratio was 44 percent.

When the Log4Shell vulnerability first appeared at the end of last year it sent a shockwave through the cybersecurity community.

But just because it's no longer in the headlines doesn't mean it's gone away. There's still a lot that enterprises can learn from the vulnerability and the response to it. We spoke to Maninder Singh, corporate vice president and global head of cybersecurity and GRC services at HCL Technologies, to find out more.

Windows 11 users have an important update to install. The KB5012592 update takes the operating system up to build 22000.613 and not only includes a number of important security fixes, but also introduces several significant changes.

Like the previously released KB5011563 update, the new KB5012592 update makes it possible to display up to three high-priority toast notifications simultaneously as well as fixing issues with OneDrive. The update also introduces a simpler way to change the default web browser in Windows 11, although it is a change that has been met with disdain from like likes of Mozilla and Vivaldi.

A new survey finds 83 percent of 1,000 organizations surveyed experienced a certificate-related outage over the last year, with over a quarter (26 percent) saying critical systems were impacted.

The report from identity management firm Venafi shows that digital transformation is driving an average of 42 percent annual growth in the number of machine identities.

A new survey of more than 1,200 security leaders reveals they've seen an increase in cyberattacks while their teams are facing widening talent gaps.

According to the latest State of Security report from Splunk 65 percent of respondents say they have seen an increase in attempted cyberattacks. In addition, many have been directly impacted by data breaches and costly ransomware attacks, which have left security teams exhausted.

A new study reveals that 79 percent of cybersecurity professionals think that their organization prioritized maintaining business operations over ensuring robust cybersecurity in the last 12 months.

The CyberArk 2022 Identity Security Threat Landscape Report also points up how the rise of human and machine identities -- often running into the hundreds of thousands per organization -- has driven a build-up of identity-related cybersecurity 'debt', exposing organizations to greater risk.

Early ransomware campaigns relied on sending out large volumes of emails in so called 'spray-and-pray' attacks.

But a new report released today by Cybereason highlights the rise of sophisticated RansomOps attacks that are allowing ransomware syndicates to reap the benefits of record profits.

First held in 2021, Identity Management Day seeks to inform about the dangers of casually or improperly managing and securing digital identities by raising awareness and sharing best practices across the industry.

Today's second celebration of all things identity management -- you may have noticed the Identity Management Day eggs and bunnies in the shops (oh, they're for something else?) -- has sparked comment from many industry figures and we round up some of their thoughts below.

The ongoing struggle between good and bad actors in the cyber world has often been compared to a battle or warfare. More recently the threat of nation state attacks on critical infrastructure has led to more actual military interest in the cyber arena, as we've seen in Ukraine.

The Israel Defense Force's 8200 unit is often referred to the SEALs or SAS of cyber military units and its veterans are driving many of Israel's tech start ups.

Microsoft is putting the squeeze on anyone who is hanging doggedly on to an old version of Windows.

The company is ending support for Windows 10 version 20H2 in just a few short weeks, meaning that anyone who fails to upgrade will no longer receive security updates. Microsoft would, of course, like users to upgrade to Windows 11, but this is not the only option.

A new study from Netwrix reveals that 70 percent of organizations use a vulnerability assessment tool, but not always for the reasons you might think.

Rather than to ensure compliance, 70 percent say the primary reason for purchasing the tool is the need for proactive security measures. In addition 76 percent of those who don't yet own a vulnerability assessment tool and plan to acquire one in the near future for the same reason.

At its Windows Powers the Future of Hybrid Work event earlier this week, Microsoft revealed various new features that are coming to Windows 11. As well as additions such as tabs in File Explorer and folders in the Start menu, the company revealed a lot of upcoming security features.

One of the security highlights is Smart App Control, which works like an enhanced version of the SmartScreen filter already found in Windows. It will help to block malicious apps, but there is a serious downside that will put off a lot of people.

In today’s business environment, data is one of the most valuable assets any organization owns. Consequently, a great deal of time and money is spent trying to ensure that the most effective data security measures are in place to protect it. But with so many options available, knowing which approach to take is becoming increasingly difficult.

Escalating cybercrime, the adoption of cloud computing, an explosion in mobile device usage, and varying technology and applications means there’s so much to consider. No matter the industry, a data security breach is now an increasingly likely scenario that all businesses could face. Security teams should therefore consider a strategy that is focused on protecting actual data throughout its entire lifecycle, rather than just focusing on the infrastructure around it. 

New research from Vectra AI shows 94 percent of IT security leaders have felt increased pressure to keep their company safe from cyberattacks in the past year, while half say they feel burned out and ready to quit.

The survey of 200 UK IT security decision-makers finds 51 percent of respondents have experienced negative emotions such as depression, anger, or anxiety due to feeling overwhelmed by work.