Articles about Security

A new survey of 200 enterprise IT and security leaders appears to uncover a fundamental paradox. 96 percent of respondents called for an expansion of IT freedom, while 91 percent say that enterprises also need to put more IT restrictions in place.

The study from OS isolation company Hysolate finds that in the post-COVID world businesses face demands to press for changes to IT security policies to simultaneously increase employee productivity while also enhancing the organization’s ability to ward off ransomware and other attacks.

Continue reading →

Insider data breaches have been experienced by 94 percent of organizations in the past year, according to a new survey of 500 IT leaders and 3,000 employees in the US and UK, from email security company Egress.

Human error is the top cause of serious incidents, according to 84 percent of IT leaders surveyed. However, respondents are more concerned about malicious insiders, with 28 percent saying that intentionally malicious behavior is their biggest fear.

Continue reading →

The accidental revelation of the PrintNightmare security vulnerability in Windows set off a chain of workarounds, third-party patches, official patches and problems with patches. But even after two weeks of back and forth, there are still steps you need to take to ensure that you're fully protected.

Microsoft recently updated its security advisory notice about the vulnerability to include additional details that system administrators should check. A quick visit to the registry is all it takes to ensure complete security.

Continue reading →

Businesses are facing a wave of attacks using domains impersonating their company and brand names according to a new study.

The research from risk protection specialist Digital Shadows shows that in the last four months its clients experienced an average of 360 domain impersonations, amounting to over 1,100 per year.

Continue reading →

A number of on-premise identity systems from major suppliers including CA, Oracle and IBM are coming to the end of their lives and many businesses are looking to migrate to cloud alternatives.

But before migration can begin it's necessary to discover and catalog legacy identity systems. This is a largely manual process because there is no unified view of older environments that span multiple stakeholders, have evolved over a number of years, and can contain hidden complexities.

Continue reading →

A new study from risk protection platform SafeGuard Cyber shows cybersecurity leaders understand what is needed for successful digital risk protection, but they are still struggling to provide it.

Lack of visibility (39 percent) is the biggest challenge for security leaders who aim to maintain security and compliance across all business communications.

Continue reading →

Most cybersecurity focuses on keeping out threats, but there's an increasing view that everyone is going to get breached sooner or later and that protecting data is key to keeping a business safe.

We spoke to Kurt Mueffelmann, global chief operating officer of Nucleus Cyber -- which has recently been acquired by Australian access control company archTIS -- to find out more about how this approach works.

Continue reading →

New research finds that, if they haven't received security awareness training, one in three users will likely fall for a phishing or social engineering scam that could put their organization at risk.

The study from awareness training specialist KnowBe4 set out to measure organizations' phish-prone percentage (PPP) and found an initial baseline of 31.4 percent across all industries and sizes.

Continue reading →

Over the last couple of years the number of ransomware attacks has soared. While high profile attacks make the headlines organizations of all sizes are at risk.

One of the keys to stopping attacks is to prevent them from moving laterally through networks. We spoke to Amit Serper, area VP of security research for North America at microsegmentation specialist Guardicore to get his view on how businesses can protect themselves.

Continue reading →

Ransomware, and indeed malware generally, used to be something of a cottage industry, the preserve of individuals or small groups. But new research from threat intelligence company KELA shows that it's becoming a highly professionalized industry.

Many cybercriminals are now specializing in different areas, so that the coding, spreading, extracting and monetizing processes might all be carried out by different people.

Continue reading →

Data breaches from insiders can cost as much as 20 percent of annual revenue according to a new study from insider risk management company Code42.

Combine this with a recent Microsoft report showing that 40 percent of people are planning to switch jobs as we emerge from the pandemic, and clearly there's a risk as the very technologies that enable the free flow of data in an organization are also the ones that make it easy for insiders to exfiltrate data.

Continue reading →

Security teams need to be able to understand their company’s software assets and properly test them. This means the team needs to be familiar with the threats to its technology and choose the services and solutions that work best for its unique circumstances.

Application Security Posture Management (ASPM) solution, Enso Security is launching its new industry initiative, the AppSec Map. This is designed as an industry collaboration initiative by former security leaders at Wix.com, and offers a live map of vendors and community projects related to application security.

Continue reading →

A need for security means that many people rely on password managers to store their ever-growing collection of login credentials. And when the time comes to create a new user account, many such tools offer a password generator to help with the creation of something ultra-secure.

Or at least that's the idea. Security consultancy Donjon found that between March 2019 and October 2020 Kaspersky Password Manager was generating passwords that could be cracked in seconds. The tool was using a pseudo-random number generator (PRNG) that was singularly unsuitable for cryptographic purposes.

Continue reading →

Everyone knows that businesses systems are a target for a range of attackers. But it's easy to become complacent about security and finding vulnerabilities can be difficult.

Testing your security is therefore vital, and can uncover things that you might not otherwise be aware of.

Continue reading →

Microsoft has released a series of out of-band security patches for the PrintNightmare bug that was recently exposed. The remote code execution vulnerability exits in the Windows Print Spooler; it affects all versions of Windows, and the company is even offering patches for the unsupported Windows 7.

Previously, Microsoft had only been able to suggest workarounds to mitigate against the security problems, so it was left to 0patch to help out with a free bug-fix. But now patches are available for this serious security issue (CVE-2021-34527) that leaves systems at risk of attack.

Continue reading →