Articles about Security

The use of SaaS-based applications and systems has taken off in recent years, but that surge has highlighted a problem in the form of a lack of standardization for software descriptions across all types of systems.

This makes it much harder for IT teams to assess vulnerability levels across all the packages in an enterprise. But what risks does this pose and how can businesses tackle the problem? We spoke with Peter Lund, VP at operational technology cybersecurity company Industrial Defender, to discover more.

Continue reading →

Healthcare organizations and patients are facing greater risk as an increase in connected devices creates an expanded attack surface according to a new report.

The study from asset management and security platform Armis surveyed 2,000 patients and 400 healthcare IT professionals across the US and shows a disconnect between the concerns of the two groups.

Continue reading →

New research from SecureAge Technology finds that 85 percent of US and UK employers have been forced to adopt new cybersecurity measures as a result of the COVID-19 pandemic and the shift to remote work.

Of those that adopted new cybersecurity defenses, both US (41 percent) and UK (38 percent) businesses note that 'technical implementation challenges' are the primary hurdle in getting their new COVID-driven cybersecurity protocols and strategies in place.

Continue reading →

A cultural divide between IT and operational technology (OT) teams is preventing organizations from having a unified strategy to protect both environments.

A report from Dragos and the Ponemon Institute shows only 43 percent of organizations have cybersecurity policies and procedures that are aligned with their ICS and OT security objectives.

Continue reading →

With high profile cyber attacks and data breaches continuing to make the news, security is at the top of the priority list for businesses.

But how do you know that the resources you put into cybersecurity are providing a good return on the investment? We spoke with Oliver Rochford, security evangelist at Securonix to find out.

Continue reading →

Thanks to organizational changes brought about by digital transformation, enterprise use of Public Key Infrastructure (PKI) and digital certificates has never been higher, but the related skills to manage PKI are in historically short supply.

A new report from trusted identity company Entrust, based on research from the Ponemon Institute, finds cloud-based services remain the highest driver of PKI use at 51 percent, the Internet of Things (IoT) remains the second highest growing trend cited by 46 percent of respondents, and consumer mobile comes in third at 39 percent.

Continue reading →

Patch Tuesday has rolled round again, and Microsoft has released a cumulative update for Windows 11.

The KB5007215 update addresses security issues that have been found in the latest version of Microsoft’s operating system, and also fixes other problems. Among the issues patched are a screen rendering problem affecting various apps. Microsoft has also released a video including some Windows 11 tips.

Continue reading →

As digital transformation projects roll out, APIs are more critical than ever to build modern applications. But as we reported last week they also create security headaches.

Security testing specialist Veracode is addressing this with the launch of a new scanning tool that enables organizations to find and fix vulnerabilities in APIs.

Continue reading →

Phishing remains the dominant attack vector for bad actors, growing 31.5 percent over 2020 level, according to the latest quarterly trends report by PhishLabs.

Social media is now the attack target of choice, with attacks per target climbing steadily, up 82 percent year-to-date. The payment services industry continues to be the most targeted, but staffing and recruiting experienced the steepest increase in attacks compared to Q2.

Continue reading →

New research from security automation specialist Ivanti shows that ransomware groups are continuing to grow in sophistication, boldness, and volume, with numbers up across the board since the beginning of 2021.

The report, produced with Cyber Security Works and Cyware, reveals that the last quarter has seen a 4.5 percent increase in CVEs associated with ransomware.

Continue reading →

The idea of a 'common digital identity' (CDI), that would allow access to a range of services, offers huge benefits to financial institutions in delivering better, faster, and more reliable checks for consumers.

Consumers themselves, however, are less convinced. A survey conducted by RegTech Associates on behalf of PassFort finds only 17 percent of UK respondents say they are very much in favour of CDI.

Continue reading →

Only 45 percent of respondents to a recent survey believe it is currently possible to prevent all malware threats from infiltrating their organization's network.

The survey from Deep Instinct does show some longer term optimism though. 66 percent of respondents believe it may be possible to prevent all malware threats from infiltrating their organization's network in the next two to five years.

Continue reading →

According to commonly accepted truisms within the app development world, consumers care most about functionality, and they’re perfectly willing to give up strong security if it means they get better features faster.

Unfortunately, these bits of common knowledge about consumers’ attitudes towards mobile security are wrong, according to a recent Appdome survey of 10,000 mobile consumers from around the world. Far from accepting a "buyer beware" approach to mobile app security, consumers place a high priority on security and possess a sophisticated understanding of mobile security. In fact, 74 percent of all consumers would stop using an app if they learned it had been breached or hacked, and nearly half (46 percent) would tell their friends to do the same.

Continue reading →

Microsoft's Active Directory is used by many businesses as a way of managing identity services and controlling access.

But if it's not configured correctly it can lead to security risks. But how dangerous is this and what can enterprises do to keep themselves safe? We spoke to Andy Robbins, technical product architect at SpecterOps to find out.

Continue reading →

Open banking, connecting banks, third parties and service providers, allowing them to exchange information quickly and securely, has been rolling out since 2018 and delivers a great deal of convenience for consumers.

However, while it doesn't introduce new fraud risks in itself, open banking does create opportunities for fraudsters to attempt account takeovers, for example, or to target banks' own PSD2 (Payment Services Directive 2) implementations for Payment Initiation Service Providers (PISP).

Continue reading →