Articles about Security

More than more than 75 percent of IT leaders surveyed for a new report cite the importance of zero trust in combating mounting security threats and two-thirds plan to increase their budgets for the technology.

The study, conducted by Forrester Consulting for Illumio, finds teams are still fighting to catch up with critical initiatives with over 60 percent of respondents saying they were unprepared for the rapid pace of cloud transformation and migration.

Continue reading →

New research from email security company Tessian finds that 40 percent of US employees have taken data with them when they've left a job.

This potentially exposes the business to a raft of cybersecurity concerns, from data breaches to regulatory fines. When asked why are they taking data 53 percent of employees say they worked on the document so therefore believe that it belongs to them.

Continue reading →

Skills shortages in the IT industry are nothing new, but the pandemic has added to the problem to the point where 76 percent of IT decision makers now say they face critical gaps in their departments.

New research released today by digital learning company Skillsoft shows gaps in technical knowledge and skills over the past year and a half have had a major impact on decision makers, 89 percent report a loss in revenue, 76 percent a loss of business to competitors, and 72 percent declining customer satisfaction as a result.

Continue reading →

Meta is adding a new warning to encrypted chats in Messenger so that users will know if another participant has taken a screenshot of the conversation.

The company formerly known as Facebook has already implemented this same feature into messages sent when the app's Vanish Mode is activated. While Messenger has not been updated to prevent screenshots from being taken in in E2E encrypted chats or Vanish Mode conversations, the appearance of the warning should serve as a deterrent against secret screen grabbing.

Continue reading →

Ransomware has become a top-of-mind security concern for many organizations. High-visibility ransomware attacks have disrupted supply chains and inspired an Executive Order on Cybersecurity in the United States.

This is not surprising given that ransomware is a such a common and costly threat costing organizations millions.

Continue reading →

Today is Data Privacy Day -- or Data Protection Day, depending on who you talk to -- a day dedicated to an international effort to raise awareness about how data is collected, used and stored.

So, what do the luminaries of the IT world have to say about the day and about data privacy/protection in general? We've rounded up some of their thoughts.

Continue reading →

There’s an inevitable spike in online security threats accompanying the surge in online shopping over the past couple of years, mainly driven by the recent pandemic. As more and more retailers embrace and adopt e-commerce sites to expand their customer base, increased cybersecurity levels are a must to ensure a safe and positive customer experience. 

As a business owner, the greatest threat that cyberattacks represent is loss of sales and unhappy customers, which can really make or break a business as a whole. Since many cyberattacks are executed in hidden and unsuspecting ways, identifying and battling them can become a challenge. Let’s take a look at the top four online shopping security threats and how to avoid them in 2022. 

Continue reading →

2021 saw supply chain and ransomware attacks dominate the security landscape. But will this pattern continue this year?

Managed detection and response provider Expel has launched a new report which provides insights on the biggest cybersecurity threats, practical recommendations on how to handle them, and predictions on what to expect in the year ahead.

Continue reading →

As the internet is increasingly accessed from mobile devices, mobile apps need to be considered as part of a company's security strategy.

A new report from BitSight finds that three out of four mobile applications evaluated contained at least one moderate vulnerability. It also finds material and severe vulnerabilities in some popular apps.

Continue reading →

Personnel working in IT or DevOps are more likely to click on phishing emails than those in other areas of an organization.

A new study by F-Secure looks at how over 80,000 people from different organizations responded to emails that simulated one of four commonly used phishing tactics.

Continue reading →

A new survey of 600 IT admins finds almost a third say that their biggest challenge is keeping users secure, while 67 percent say they are stuck in a daily grind of provisioning services and apps, managing user identities, dealing with employees who have ignored best IT practices, and helping onboard new staff.

The study from Remotely also finds 28 percent say ensuring the tools remote IT teams have access to are as good or better than the ones they have on site is the problem teams struggle with the most. Following closely are: remaining as productive as they were in the office, collaboration among the sysadmin / IT admin team, and tracking their own performance.

Continue reading →

Unpatched vulnerabilities remain the most prominent attack vectors exploited by ransomware groups, according to a new report.

The study by Ivanti, produced in conjunction with Cyber Security Works, shows 65 new vulnerabilities tied to ransomware last year, representing a 29 percent growth compared to the previous year and bringing the total number of vulnerabilities associated with ransomware to 288.

Continue reading →

A new report from container and cloud security company Sysdig finds that 75 percent of images contain patchable vulnerabilities of 'high' or 'critical' severity. In addition 85 percent of container images that run in production contain at least one patchable vulnerability.

Looking at the issues in more detail, 73 percent of cloud accounts contain exposed S3 buckets and 36 percent of all existing S3 buckets are open to public access.

Continue reading →

Linux-based operating systems are frequently touted as being far more secure than the likes of Windows or macOS. More secure they may be, but they are not completely infallible.

A great example of this is the recently discovered PwnKit vulnerability in the pkexec component of Polkit. The flaw can be exploited to gain root access to a system and it has been a security hole in pretty much all major Linux distros for over 12 years, including Debian, Fedora and Ubuntu.

Continue reading →

Risk professionals work with uncertainty every day. They need to identify and prioritize which risks to address now versus later, consider many moving parts and rely on judgment and data to make informed decisions.

But how do they communicate those risks to stakeholders? Using "low, medium or high" classifications doesn’t always express the consideration risk requires -- especially since those terms don’t mean the same thing to everyone. If you told key stakeholders "there’s a possibility of rain tomorrow" before a company barbecue, how would they know whether to reschedule or put a few tents up? Is "possibility" enough information to make that decision, especially since not everyone equates possibility with the same level of probability? 

Continue reading →