It has long been accepted as truth that staff, an organization’s first and last line of defense, is the vulnerability that malicious actors most take advantage of to steal data or deploy malware. But newer studies show an increase in malicious insiders, and one survey indicates that most IT security leaders believe this to be the case in their organization.
The effectiveness of security incident investigation and resolution is key to the effectiveness of all defense efforts. But improving incident investigation and resolution does not come without challenges: Too many alerts to handle and poor correlation between alerts.
One of the biggest concerns and challenges in cyber security is knowing who has access to which data and applications within an enterprise at any given time. This has become all the more complex for IT and security management with the growth in cloud services and the increased use of mobile devices, which create many more points of access within organizations.
Countering internal threats remains one of the biggest challenges for businesses, with a rise in phishing and ransomware attacks, as well as negligent and malicious insiders, new research shows.
Companies with customers or employees in California have only 10 months to become compliant with the toughest privacy law so far in the United States. But only a small percentage of such organizations are ready for the upcoming legislation.
Recent attacks on MSPs have confirmed once again that both managed service providers and customers are increasingly targeted by cybercriminals, and the attacks often succeed.
In about two months, two years will have passed since the WannaCry ransomware attack, a large-scale, global security incident that spread through the EternalBlue exploit targeting computers operating on outdated Windows systems. It affected over 300,000 computers that were still using vulnerable software such as Windows Vista and Windows 7, which had already been obsolete for quite a while.
The Internet of Things (IoT) and Industrial IoT represent a massive new cyber security challenge for many organizations, vastly expanding the potential attack surface because of the greatly increased number of end point devices in use.
Cyber security breaches can come from a wide variety of sources: Hackers out to exploit vulnerabilities and make money or wreak havoc; nation states looking to gain an economic advantage; competitors aiming to steal intellectual property; and disgruntled employees plotting to cause damage at their companies—to name a few.
The Facebook data breach of 2018, probably the biggest of the year, illustrates better than any other example that no company, big or small, is immune to hackers. One would expect a company of Facebook’s size to sustain top-tier research and development for cybersecurity, but last year’s breaches prove it’s vulnerable anyway.
Since the rise of eCommerce in the late 1990s, enterprises have sought ways to improve the security of their software. Urgency to improve application security came when there was a wave of exploits and automated attacks in the form of worms and exploits started to hit.
Recently the ISACA (Information Systems Audit and Control Association) and the Digital Manufacturing and Design Innovation Institute (DMDII) together conducted a survey that aimed to pinpoint the current cybersecurity challenges faced by the manufacturing industry. According to the ISACA and the DMDII, the survey highlighted how manufacturers face real security concerns when it comes to finding adequate cybersecurity workers, funding the right level of cybersecurity budget, and securing the internet of things (IoT)-integrated devices.
Financial damage associated with cybercrime and insider threats jumped 12% globally in 2018 and accounted for a third of all cybersecurity costs, new research shows.
Phishing remained a preferred attack vector in 2018, with hackers ramping up their efforts by 250% between January and December. Phishing attack methods have also evolved in recent times, as bad actors are forced to bypass increasingly efficient anti-phishing tools and techniques.
In 2018, companies struggled to mitigate large-scale attacks and data breaches, but apparently too little action has been taken to improve defenses in 2019. Businesses are trying to be proactive. They have increased cybersecurity budgets and invested in resources, including in qualified IT staff. So why are they, financial services specifically, still falling for social engineering scams and malware attacks? What hampers efforts to safeguard their networks?
To say that modern-day IT infrastructure is diverse is an understatement. Today’s enterprise datacenter is a hodgepodge of legacy systems, software-defined on-premises infrastructure and a mix of clouds. In fact, organizations have an average of 4.8 clouds each, according to the RightScale® 2018 State of the Cloud Report. And according to Forrester¹, 36% of businesses use 6 clouds or more!
The healthcare industry has been a major target for bad actors in recent years, who have inflicted heavy financial losses, reputational damage and risking patient health. Administrators have responded by bolstering cybersecurity budgets, security solution deployments, and awareness training. But much more needs to be done to stay on top of this constant threat, experts believe.
