All about Virtualization and Cloud Security | Recent Articles:

If your organization has a healthy cybersecurity culture, consider yourself lucky — less than five percent of organizations do.

Phishing remains a key attack vector for bad actors to compromise not just individual user accounts, but also to establish a foothold in the entire infrastructure of a given organization. This is possible because attackers know one thing very well: a company’s first line of defense, its staff, is also its weakest security layer.

In May 2017, the WannaCry ransomware took copious amounts of data hostage and demanded hefty sums in exchange for the decryption keys. The contagion, allegedly the work of North Korean hackers, spread like wildfire, infecting countless systems worldwide and dealing billions of dollars in damages. Some victims ceded to the attackers’ demands, but few got their data back.

BYOD programs have had a mixed track record over the years. Some say they increase mobility, flexibility, efficiency and collaboration, leading to a more productive workforce overall. Other businesses still shun the practice outright.

Many organizations today are adopting a multi-cloud strategy, using services from several cloud providers and deploying offerings such as software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS) to meet a variety of business needs.

The lack of political leadership to face targeted attacks is contributing to the poor job the UK is doing on its national security strategy, says a UK government report discussing the cyber security of the nation’s critical national infrastructure.

The advanced attack targeting Pakistan described by Cylance mentions an evasion technique that incapacitates the security solutions provided by 8 vendors. Bitdefender products have been successfully blocking this threat since 2016. We conducted our own analysis of this malware and we have new findings to share.

EU data protection legislation aims to give users more control over their personal data, and threatens companies with fines for collecting data without user consent and for data breaches. Countless companies have been struggling to become GDPR compliant, but it seems major tech players may not have taken it seriously. After Facebook and Google drew criticism for violating EU’s data protection law, it is now Microsoft’s turn to take the heat.

Employees’ cybersecurity habits are bad and getting worse. New research illustrates a workforce less committed to security best practices, despite an increased focus on cybersecurity awareness in the workplace.

Small and medium-sized businesses are still a top target for ransomware attacks, and the number of attacks will most likely increase in 2019, according to a recent survey of MSPs. Over half of MSPs confirmed their clients experienced at least one ransomware attack in the first half of the year, while 35 percent said their clients were attacked more than once a day, regardless of their operating system. In fact, the number of ransomware attacks targeting Apple devices has increased five-fold in the past year, the survey found.

The threat of cyber attacks targeting businesses, specifically those breaches orchestrated by nation states and highly sophisticated hacking gangs, has never had a higher profile.

More than three-quarters of consumers would completely abandon a brand online if they heard the organization were breached by hackers, and around half would not sign up for a new online service that they heard was breached recently.

Enterprise software is drowning in vulnerabilities and even organizations highly motivated to fix security flaws in their applications struggle to do it in a timely fashion.

Many people might tend to associate security breaches and malware attacks with large enterprises. After all, the attacks that grab the big headlines generally occur against global companies or large governmental organizations.

Employer demand for cybersecurity professionals across the United States continues to soar, according to data sourced by Burning Glass Technologies. While the U.S. is home to hundreds of thousands of cybersecurity workers, plenty of seats are still vacant in IT departments across the nation.

As enterprises look toward the 2019 budget cycle, CISOs and other IT executives are increasingly pushing cloud security to the top of the cybersecurity budgetary priority list. 

In 2017, when the European Parliament announced plans to make the General Data Protection Regulation a reality, organizations sitting on large troves of customer data immediately took notice. They weren’t as quick, though, to take action to meet the regulation’s actual requirements.

While industry reports claim ransomware attacks have dropped, cybersecurity insurance company Beazley Breach Response (BBR) Services has reported otherwise. According to businesses benefiting from its insurance deals, there has been a surge in the number of reported ransomware attacks, especially in September, when incidents nearly doubled from a month earlier.

“Survival” is usually associated with stoically pushing on through harsh conditions, symbolized by people like this year’s Nutanix .NEXT keynote speakers -- Bear Grylls and Jane Goodall. But, as technology weaves ever more tightly into our daily lives to support mobility and improve life quality, the term “survival” is also starting to denote the ability to withstand a cyberattack. Bruce Schneider nails it in his security talks – if in the past, a cyberattack could crash your spreadsheet, today, it could crash your car.

Technology players know all too well the implications of having malware moving around on USB drives. A single autorun Trojan or ransomware strain can inflict massive disruption and loss of revenue, as cybercrooks increasingly take aim at big business. That’s why companies like IBM prefer to play it safe and ban the use of removable storage in their infrastructures altogether.

Even though Security Operation Centers (SOCs) are increasingly common, some 48 percent of organizations don’t have one, a recent survey shows. This creates many security challenges, such as: slower identification of intrusions, ad-hoc or no processes following a security breach, inability to efficiently protect the most valuable assets from advanced attacks, and delayed isolation of corrupted infrastructures.

DevOps has come a long way since it got underway in full force nearly ten years ago.  As was recently made clear at this year’s DevOps Enterprise Summit (DOES) in Las Vegas, DevOps organizations have been successful when it comes to knocking down organizational silos, optimizing the delivery of software services and functionality, and shortening the time it takes to deliver digital value to customers. DevOps organizations are delivering better business outcomes.

Healthcare lags behind most other industries in recognizing and reporting phishing attacks, new research shows. The resilience of healthcare providers to phishing emails is much lower than in other verticals, while its high turnover rate might have something to do with it.