New research from identity security specialist One Identity shows that 95 percent of companies report challenges managing identities.

In addition 84 percent say that the number of identities they're managing has more than doubled, which means they have too many identities and credentials to keep track of, leaving holes within their network, evidenced by only 12 percent of security professionals being fully confident they can prevent a credential-based attack.

Continue reading →

Energy organizations provide infrastructure that's essential for the safety and well being of society, but recent events like the Colonial Pipeline breach demonstrate that the industry is particularly vulnerable to cyberattacks.

A new report on energy industry threats finds that 20 percent of energy employees have been exposed to a mobile phishing attack in the first half of 2021, a 161 percent increase from the second half of 2020.

Continue reading →

It's easy to pigeonhole cybersecurity as something for the IT or security team to look after. But a major cyberattack can have a devastating impact on the business as a whole.

It's important, therefore, that security be looked at in the context of the entire enterprise. This also means considering approaches like 'assumed breach' where you accept that sooner or later attackers will succeed in getting into your network.

Continue reading →

Despite the rising popularity of other communication and collaboration methods like Zoom and Teams, email remains at the core of business correspondence. However, it also remains a popular vehicle for delivering cyberattacks and other unwelcome material.

Secure email company Avanan has produced an infographic looking at email safety.

Continue reading →

A new report from HP Wolf Security looks at how hybrid work is changing user behavior and creating a 'perfect storm' of cybersecurity challenges for IT departments.

The research shows that a growing number of users are buying and connecting unsanctioned devices without the IT team's approval. It also highlights that threat levels are rising, with attackers increasingly successful at bypassing defenses and tricking users into initiating attacks through phishing.

Continue reading →

APIs are designed to be fast and easy pipelines between different platforms. They offer convenience and user experience which makes APIs essential to many businesses, but it also makes them attractive targets for cybercriminals.

A new report from Akamai, produced in collaboration with Veracode, highlights the frustrating pattern of API vulnerabilities, despite improvements that have been made in software development life cycles (SDLCs) and testing tools.

Continue reading →

New research from cloud encryption specialist NordLocker looks at which industries are the most popular targets for ransomware, analyzing 1,200 companies hit by 10 infamous ransomware gangs in 2020 and 2021.

Perhaps surprisingly the construction sector tops the list with 93 attacks, followed by manufacturing on 86, finance on 69, healthcare on 65, and with education rounding out the top five on 63.

Continue reading →

The latest cloud security study from Thales shows that 83 percent of businesses are still failing to encrypt half of the sensitive data they store in the cloud.

This is despite the fact that 40 percent of organizations have experienced a cloud-based data breach in the past 12 months.

Continue reading →

Earlier this month, Yubico released the long-awaited biometric variant of its popular authentication dongle. Called "Yubikey Bio," it is offered with either USB-A or USB-C connectivity and features a fingerprint reader for enhanced security. Very cool.

While the Yubikey Bio looks like a great product, there is one big problem -- the price. You see, it starts at $80, making it too expensive for many consumers and businesses. Thankfully, today, Yubico launches a much more affordable product, albeit without the fancy biometrics.

Continue reading →

Enterprises are increasingly turning to the cloud to boost their digital transformation efforts. But they need to address the security needs of this environment to avoid problems caused by breaches, misconfigurations and more.

Zero trust specialist Illumio is launching a new CloudSecure solution to offer organizations agentless visibility and enable teams to build and manage dynamic cloud workload policies using native controls in their public, hybrid, and multi-cloud environments.

Continue reading →

A new study shows that 70 percent of respondents 'frequently' or 'always' complete projects without carrying out all security steps, due to tight timelines and pressure to innovate.

The report from Invicti Security also shows that 78 percent of development and security respondents have suffered increased stress levels this year and 73 percent have actually considered quitting their job because of it.

Continue reading →

A new study from the Application Security Division of NTT Ltd reveals that 52 percent of applications in the healthcare industry have at least one serious vulnerability -- rating 'high' or 'critical' on the CVSS scale -- open throughout the year.

However, healthcare has performed 14 percent better than the industry average on remediating critical risks in the past three months. This represents a positive trend for healthcare, which historically performs below average based on a rolling 12-month analysis.

Continue reading →

Data exfiltration remains a significant threat and despite large investments in security tools, organizations are not confident they can stop it according to a new report.

The survey of 255 cybersecurity professionals, conducted by Osterman for data privacy and security company BlackFog, finds 62 percent lack confidence in the ability of their security tools to prevent data exfiltration.

Continue reading →

Ransomware attacks have surged recently and the disruption they can cause to the operation of a business can cost many times more than the ransom.

Education website Cyber Security Degrees has produced an infographic looking at the impact of ransomware and at how businesses can protect themselves.

Continue reading →

Most web traffic is now associated with users who are mobile, so it's no surprise that hackers are using this to their advantage by crafting attacks specific to mobile platforms.

Clearly this is paying off with as many as one in 10 users clicking on mobile phishing messages according to Apple enterprise management company Jamf's latest Phishing Trends report based on information, statistics and analysis of 500,000 protected devices across 90 countries.

Continue reading →