Articles about Security

Big retail businesses can have hundreds of TLS/SSL certificates identifying specific internet-connected devices, but many lack an organization-wide framework for managing them.

In the run up to the busiest shopping period of the year, new research from BitSight finds that 75 percent of the retail sector is at heightened risk of ransomware due to poor TLS/SSL configuration management.

Continue reading →

Ransomware is a particularly heartless -- though undeniably lucrative -- endeavor. Criminals target schools, vital infrastructure, and even patient records in attempts to cash in. As a result, many security professionals put defensive ransomware strategies at the top of their to-do list.

Understandably, most of these strategies start with measures that minimize the footholds attackers can find. Checking inbound emails for ransomware payloads, giving users training on safe internet usage, and monitoring the network for suspicious activity are essential elements of an effective anti-ransomware strategy.

Continue reading →

Mid-sized organizations are as much as 490 percent or more likely to experience a security breach by the end of 2021 as they were in 2019.

A report from security platform Coro shows that mid-size companies are largely unprotected due to the fact that they lack resources, expensive products and expertise needed to protect against increasing attacks.

Continue reading →

A new poll of 250 information technology, IT security, legal and risk/fraud/compliance professionals reveals that 83 percent say they have experienced a successful cyber attack in the past two years, with half saying the attackers managed to reach their critical IT assets.

No surprise then that 86 percent admit to having been kept awake at night by concerns about the protection of critical systems.

Continue reading →

A new report shows that 86 percent of organizations believe they follow best practices for security hygiene and posture management, though they may not actually be doing so.

The report, created for asset management and governance company JupiterOne by Enterprise Strategy Group (ESG), finds that 73 percent of security professionals admit that they still depend on spreadsheets to manage security hygiene and posture at their organizations.

Continue reading →

Two in five CISOs have missed holidays like Thanksgiving due to work demands and a quarter haven't taken time off work in the past 12 months.

A new report from Tessian based on a study of 300 CISOs also shows that they work, on average, 11 more hours than they're contracted to each week while one in 10 works 20 to 24 hours extra a week.

Continue reading →

Back in 2019, I wrote an article about the talent shortfall in technology and cybersecurity. Unfortunately, since the pandemic and because of Brexit, that gap, particularly here in the UK, has only widened. As of 2021, the global talent shortage already amounts to40 million skilled workers worldwide. By 2030, the global talent shortage is predicted to reach 85.2 million workers.

This means that companies worldwide risk losing $8.4 trillion in revenue because of the lack of skilled talent. This gap is keenly felt in security and again there is currently a shortage of 350,000+ cybersecurity specialists in Europe alone.

Continue reading →

A new survey of more than 200 IT leaders in the US finds that 95 percent of businesses are making multi-cloud a strategic priority in 2022 with security being top of mind.

However, only 54 percent feel highly confident that they have the tools or skills they need to execute the strategy. In fact, when it comes to multi-cloud operations in general, 76 percent of respondents believe it is 'under-invested' at their respective companies.

Continue reading →

New research from cloud services provider Navisite finds that 45 percent of companies do not employ a Chief Information Security Officer (CISO). However, of this group 58 percent think they should have one.

Only 40 percent of respondents say their cybersecurity strategy was developed by a CISO or member of the security team, with 60 percent relying on other parts of their organization, including IT, executive leadership and compliance.

Continue reading →

A lack of preparedness for ransomware attacks on weekends and holidays has a significant impact on victim organizations according to a new report.

The study from Cybereason shows 24 percent of companies have no security plan for holidays and weekends and 43 percent say that attacks at these times take longer to stop.

Continue reading →

Data from 3,900 tests conducted on 2,600 software or systems targets reveals that 97 percent had some form of vulnerability, 30 percent of the targets had high-risk vulnerabilities, and six percent had critical-risk vulnerabilities.

In the research from Synopsys 83 percent of the tested targets were web applications or systems, 12 percent mobile applications, and the remainder either source code or network systems/applications. Industries represented in the tests include software and internet, financial services, business services, manufacturing, media and entertainment, and healthcare.

Continue reading →

New research carried out by ESG for digital forensics platform Cado Security finds that 89 percent of companies have experienced a negative outcome in the time between detection and investigation of a cyber-attack on their cloud environments.

When asked about the challenges involved in dealing with incidents, 74 percent of security professionals say their organizations need additional data and context to conduct forensics investigations in cloud environments.

Continue reading →

We've been told for a long time that passwords are on the way out. Indeed no less a figure than Bill Gates predicted the death of the password at 2004's RSA conference, yet we still rely on them for managing much of our day-to-day access.

But things are starting to change. Patrick McBride, CMO at Beyond Identity, believes that the technology to eliminate passwords and replace them with something more secure is starting to take off. We talked to him to discover more.

Continue reading →

The use of SaaS-based applications and systems has taken off in recent years, but that surge has highlighted a problem in the form of a lack of standardization for software descriptions across all types of systems.

This makes it much harder for IT teams to assess vulnerability levels across all the packages in an enterprise. But what risks does this pose and how can businesses tackle the problem? We spoke with Peter Lund, VP at operational technology cybersecurity company Industrial Defender, to discover more.

Continue reading →

Healthcare organizations and patients are facing greater risk as an increase in connected devices creates an expanded attack surface according to a new report.

The study from asset management and security platform Armis surveyed 2,000 patients and 400 healthcare IT professionals across the US and shows a disconnect between the concerns of the two groups.

Continue reading →