A new report published by KnowBe4 delves into the top security challenges and issues that IT professionals and UK-based organizations face, including attack types, security initiatives and organizational limits.
All about Virtualization and Cloud Security | Recent Articles:
A survey of some of the top IT security professionals who participated in the annual Black Hat USA conference underlined a key concern, with companies overwhelmingly believing that the COVID-19 pandemic increases cyberthreats.
As enterprises continue with their digital transformations by automating their manual workflows, moving existing applications to the cloud, and developing and deploying new applications at a record pace, they’re also rapidly increasing the complexity in their environments, and as a result security controls and processes that should be in place continue to slip.
An optimistic new report by the World Economic Forum predicts businesses will prioritize security in a bid to ensure longer-term success. The reason? A rapid increase in cyberattacks and pressures escalating from changes prompted by COVID-19.
The Internet of Things (IoT) ecosystems may be populated by all the latest and innovative devices, but it's also home to legacy devices, which in many cases, are points of entry for adept hackers looking for a way into the infrastructure.
Rapid changes to how businesses operate offer excellent opportunities for malicious actors to access corporate networks. Infosec professionals report that phishing and whaling attacks taking advantage of unwary employees have risen during the pandemic. At the same time, IT departments are deploying new technologies to support remote work without consulting those on the receiving end, potentially fueling bad actors’ malicious campaigns against businesses.
The self-assessed effectiveness of corporate security operations centers (SOCs) seems to be overestimated by the people working in those positions, a new study from Exabeam revealed.
Before the COVID-19 pandemic, more than 80% of Americans had worked from home either rarely or not at all. Now, more than half are doing so, with no new security policies to help guide them, according to an IBM survey conducted by Morning Consult.
Most people are confident they can keep personal identifiable information (PII) secure while working from home. That comes in stark contrast with the fact that more than 50% use their laptops for work, according to a study from IBM Security and Morning Consult.
Last year, one in six businesses met ransom demands of cybercriminals, according to the most recent Hiscox Cyber Readiness Report.
We get so deluged with news stories about data breaches that it’s easy to lose sight of the forest for the trees. Consider, according to a newly released report from ForgeRock, the ForgeRock Consumer Identity Breach Report, which found that more than 5 billion records were exposed last year. That’s a lot of information on a lot of information pertaining to a lot of people.
Most small and medium enterprises (SMEs) are planning to increase their cyber-insurance spending in the next couple of years, according to a new industry report.
Enterprises are putting the brakes temporarily on security spending amid the chaos of the global pandemic, but analysts believe that 2020 will still see growth in the market. A new worldwide security and risk management spending forecast released by Gartner this week updated numbers downward, with the firm projecting infosec spending to grow 2.4% this year compared to the more rosy 8.7% it predicted in December 2019. If the stats hold, the security market will hit $123.8 billion by year end.
Enterprise digital transformations are making the jobs of enterprise security teams to properly manage and secure their environments even more challenging. After all, as digital transformations have rapidly increased the complexity of environments as technology teams strain to maintain existing systems, deploy new cloud services, manage IoT devices, and constantly develop and deploy more applications.
Since the very beginnings of the novel coronavirus (COVID-19) pandemic, businesses of all sizes have struggled to adjust to the new occupational normal. IT teams have not been immune to the disruption. Neither have information security teams for that matter. While employment in the IT sector remains much more resilient than other segments of the economy, employment in the IT sector still declined by about 1% last month, even as businesses compete for technical talent and continue digital transformations.
Most Forbes Global 2000 organizations don’t have even basic domain security in place, leaving them open to attacks with potentially devastating consequences, according to a report from Digital Brand Services (DBS).
The vast majority of security operations centers (SOCs) are confident in their ability to counter cyber threats, yet few of their frontline workers can aptly track mean time to detection, while organizations still struggle with SOC staff shortages, new research shows.
Passwords are a huge hassle. We all must use them, and generally hate doing so. There’s no way to sugarcoat it. The typical user has hundreds of username and password combinations that they must remember and manage. We all forget and must reset passwords regularly. And, over time, many of these accounts, along with the associated passwords, will be abandoned. And over time, they will be compromised. Because so many people reuse their passwords, those credentials will lead to data breaches.
Customers will avoid businesses that compromise users’ data during the COVID-19 pandemic because of poor security practices, new research from PCI Pal has found.
Security has been a huge concern for both businesses and individuals as many employees continue to work from home, with many woefully under prepared for the impact that COVID-19 has had. In fact, new research by Bitdefender found half of infosec professionals (50%) didn’t have a contingency plan in place for COVID-19 or a similar scenario. These findings, and more, are revealed today in the first instalment of Bitdefender’s yet to be released global 10 in 10 Study. The section — The Indelible Impact of COVID-19 on Cybersecurity — details the pressures faced by infosec professionals during COVID-19.
Many companies accidentally leave their databases exposed on the web, and data breaches or security incidents occur daily. Unsecured and misconfigured servers often lead to data leaks that can become logistical and legal nightmares for companies, leaving the privacy and security of customers or company assets at risk.
On March 20th, the Claire's accessories retail chain beloved by young girls around the world made the sensible decision to close all of its physical stores in response to the Coronavirus Covid-19 pandemic.
- Managed detection and response programs vary widely so carefully evaluate service provider competencies
- Beware of buzzwords in MDR vendor claims that provide little insight into their true service capabilities
- Focus your MDR goals on achieving superior security outcomes, not just on managing the flow of alerts
- Effective MDR integrates people, processes, and technology to provide wide coverage at an affordable cost
Even though the number of DDoS attacks decreased over 2019, their complexity and size increased significantly, according to new research from the National Scrubbing Center against DDoS attacks.
- Linux Server security historically pales in comparison to what has long been available for Windows Servers
- Transient containers frequently run the most sensitive business workloads yet are blind to security teams
- Security often breaks when upgrading server OS or changing multi-distro Linux configurations
- Server Security for Linux and Containers Beta Evaluation Program enrolling now
A new vulnerability named 'CallStranger' is making the rounds in the IoT world, illustrating the dire security issues that users confront every day. The vulnerability is also a perfect example of why dedicated IoT security measures are needed to cover the gaps left by manufacturers.
The increasing number of sophisticated cyber threats is set to increase demand for Managed Detection and Response (MDR) solutions from the business sector, according to a new forecast by Frost & Sullivan.
Most small and medium-sized businesses (SMBs) believe they are prepared for a cyberattack or any informatic disaster, but few are actually ready to deal with the aftermath of such an incident, according to new research published by Infrascale.
The general public is becoming increasingly well-educated about cyber-attacks and ransomware in particular – so much so that consumers are becoming unforgiving of businesses that don't take security seriously. And when they look for someone to blame, they often point the finger at the highest ranks in the organization.
Cyber security teams are continuing to struggle with hiring and retention issues, and they have not achieved significant improvement in these areas over the past year, according to a global study released earlier this year by technology professional association ISACA.
Australian companies don’t trust their current cybersecurity solution and overwhelmingly think their investments in this critical business are failing, according to a new survey of executives in all major industries.
Organizations around the world consider innovation to be a top business priority and they are captivated by the potential of emerging technologies. At the same time, however, they’re concerned about their cyber security readiness and the struggle to hire enough workers who have the right skills to meet the organization’s needs.
Most IoT devices have vulnerabilities that leave them open to DDoS attacks, according to Bitdefender's telemetry. There's no easy fix to such a complex problem, but there are clever ways to prevent smart devices from serving the malicious intents of criminals.
The CISO role is rapidly evolving as organizations put more responsibility on the plates of their security and risk executives, particularly within large enterprises. In spite of that, a new survey report from security consulting firm Kudelski Security indicates that there is still "no well defined path to becoming a CISO or other senior security leader." The study shows that many organizations are still shooting from the hip when it comes to security succession planning, recruiting security specialists, and grooming senior security leaders with the skills and traits increasingly required by the business to run enterprise-class cybersecurity programs.
Eight in 10 companies across the United States have experienced a data breach made possible by cloud misconfigurations, according to new research by IDC.
The latest report from the White House's Office of Management and Budget (OMB) shows that the number of cybersecurity incidents dropped in 2019, partly due to better security programs and increased investments.
Global enterprises report greater efficiency and productivity, better product/service quality, and improved customer retention and experience, all thanks to recent deployments of Internet of Things (IoT) solutions. But business leaders are also concerned about their next steps. As IoT deployments greatly expand the attack surface for cybercriminals, half of businesses banking on IoT are doing so unprepared to combat cyber risks associated with these purchases.
The term “cyberattack” brings to mind malware, social engineering, network vulnerabilities or unpatched endpoints. But how do malicious actors manage to unleash their attack kill-chain in the first place? What is it that opens the gates to exploiting a weakness and breaching the infrastructure? With human error behind most successful attacks, perhaps we should look not beyond these culprits, but behind them.
The cost of cybersecurity compliance is rising to unsupportable levels and enterprises are going to need to act soon if they are to keep the situation from hindering innovation, according to a new report. Conducted jointly by analyst firm Omdia and security advisory consultancy Coalfire, the study shows that over half of firms across all the major verticals are spending 40% or more of their IT security budgets on compliance today.