Articles about Security

A lack of preparedness for ransomware attacks on weekends and holidays has a significant impact on victim organizations according to a new report.

The study from Cybereason shows 24 percent of companies have no security plan for holidays and weekends and 43 percent say that attacks at these times take longer to stop.

Continue reading →

Data from 3,900 tests conducted on 2,600 software or systems targets reveals that 97 percent had some form of vulnerability, 30 percent of the targets had high-risk vulnerabilities, and six percent had critical-risk vulnerabilities.

In the research from Synopsys 83 percent of the tested targets were web applications or systems, 12 percent mobile applications, and the remainder either source code or network systems/applications. Industries represented in the tests include software and internet, financial services, business services, manufacturing, media and entertainment, and healthcare.

Continue reading →

New research carried out by ESG for digital forensics platform Cado Security finds that 89 percent of companies have experienced a negative outcome in the time between detection and investigation of a cyber-attack on their cloud environments.

When asked about the challenges involved in dealing with incidents, 74 percent of security professionals say their organizations need additional data and context to conduct forensics investigations in cloud environments.

Continue reading →

We've been told for a long time that passwords are on the way out. Indeed no less a figure than Bill Gates predicted the death of the password at 2004's RSA conference, yet we still rely on them for managing much of our day-to-day access.

But things are starting to change. Patrick McBride, CMO at Beyond Identity, believes that the technology to eliminate passwords and replace them with something more secure is starting to take off. We talked to him to discover more.

Continue reading →

The use of SaaS-based applications and systems has taken off in recent years, but that surge has highlighted a problem in the form of a lack of standardization for software descriptions across all types of systems.

This makes it much harder for IT teams to assess vulnerability levels across all the packages in an enterprise. But what risks does this pose and how can businesses tackle the problem? We spoke with Peter Lund, VP at operational technology cybersecurity company Industrial Defender, to discover more.

Continue reading →

Healthcare organizations and patients are facing greater risk as an increase in connected devices creates an expanded attack surface according to a new report.

The study from asset management and security platform Armis surveyed 2,000 patients and 400 healthcare IT professionals across the US and shows a disconnect between the concerns of the two groups.

Continue reading →

New research from SecureAge Technology finds that 85 percent of US and UK employers have been forced to adopt new cybersecurity measures as a result of the COVID-19 pandemic and the shift to remote work.

Of those that adopted new cybersecurity defenses, both US (41 percent) and UK (38 percent) businesses note that 'technical implementation challenges' are the primary hurdle in getting their new COVID-driven cybersecurity protocols and strategies in place.

Continue reading →

A cultural divide between IT and operational technology (OT) teams is preventing organizations from having a unified strategy to protect both environments.

A report from Dragos and the Ponemon Institute shows only 43 percent of organizations have cybersecurity policies and procedures that are aligned with their ICS and OT security objectives.

Continue reading →

With high profile cyber attacks and data breaches continuing to make the news, security is at the top of the priority list for businesses.

But how do you know that the resources you put into cybersecurity are providing a good return on the investment? We spoke with Oliver Rochford, security evangelist at Securonix to find out.

Continue reading →

Thanks to organizational changes brought about by digital transformation, enterprise use of Public Key Infrastructure (PKI) and digital certificates has never been higher, but the related skills to manage PKI are in historically short supply.

A new report from trusted identity company Entrust, based on research from the Ponemon Institute, finds cloud-based services remain the highest driver of PKI use at 51 percent, the Internet of Things (IoT) remains the second highest growing trend cited by 46 percent of respondents, and consumer mobile comes in third at 39 percent.

Continue reading →

Patch Tuesday has rolled round again, and Microsoft has released a cumulative update for Windows 11.

The KB5007215 update addresses security issues that have been found in the latest version of Microsoft’s operating system, and also fixes other problems. Among the issues patched are a screen rendering problem affecting various apps. Microsoft has also released a video including some Windows 11 tips.

Continue reading →

As digital transformation projects roll out, APIs are more critical than ever to build modern applications. But as we reported last week they also create security headaches.

Security testing specialist Veracode is addressing this with the launch of a new scanning tool that enables organizations to find and fix vulnerabilities in APIs.

Continue reading →

Phishing remains the dominant attack vector for bad actors, growing 31.5 percent over 2020 level, according to the latest quarterly trends report by PhishLabs.

Social media is now the attack target of choice, with attacks per target climbing steadily, up 82 percent year-to-date. The payment services industry continues to be the most targeted, but staffing and recruiting experienced the steepest increase in attacks compared to Q2.

Continue reading →

New research from security automation specialist Ivanti shows that ransomware groups are continuing to grow in sophistication, boldness, and volume, with numbers up across the board since the beginning of 2021.

The report, produced with Cyber Security Works and Cyware, reveals that the last quarter has seen a 4.5 percent increase in CVEs associated with ransomware.

Continue reading →

The idea of a 'common digital identity' (CDI), that would allow access to a range of services, offers huge benefits to financial institutions in delivering better, faster, and more reliable checks for consumers.

Consumers themselves, however, are less convinced. A survey conducted by RegTech Associates on behalf of PassFort finds only 17 percent of UK respondents say they are very much in favour of CDI.

Continue reading →