- 624,000 U.S. security brokers recently targeted by FINRA spoofing attempts
- 50,000 fake login pages spoofing 200 brands tracked by researchers earlier this year
- 61% of Global 2000 firms do not use protections like DMARC authentication
All about Virtualization and Cloud Security | Recent Articles:
- DevOps teams with high levels of security integration are more than twice as likely to use self-service security and compliance validation
- Only 25% of orgs with low security integration can remediate security vulnerabilities in one day
- 76% of all applications have at least one vulnerability
- 1 in 5 organizations do not test their software for security flaws
- 80% of public exploits are published before CVEs are released
- BEC invoice and payment attacks rose by 150% in Q3 2020
- Wisconsin Republican Party loses $2.3 million from Trump re-election fund through BEC invoice fraud
- BEC scams now cause $26 billion in global losses annually
- Only 20% of organizations believe they've reached full DevSecOps maturity
- Nine in 10 DevOps organizations have experienced a security incident in their Kubernetes and cloud environments
- Approximately 60% of developers say they get little to no secure coding training
- 65% of IT and security managers say the cybersecurity skills gap has negatively impacted their team's performance
- Cost and lack of time are cited as the biggest impediments for security pros to improve their skills
- Most organizations had declining, stagnant, or non-existent security training budgets
Offensive security measures like penetration testing can help enterprises discover the common vulnerabilities and exploitable weaknesses that could put an them at risk of costly cybersecurity incidents. By pitting white hat hackers against an organization's deployed infrastructure, organizations can gain a better understanding of the flaws they should fix first—namely the ones most likely to be targeted by an everyday criminal.
Even in the COVID era, August can't officially start for the cybersecurity community without Black Hat USA researchers offering up some juicy exploit announcements and dropping useful security tools onto GitHub. This year's event is fully virtual, which means no rockin' Vegas parties—but still plenty of interesting research lined up.
Recent studies show that the modern SOC has evolved to become the lynchpin for most enterprise security strategies. Organizations spend a significant chunk of their security budget on SOC operations and many depend upon the SOC to help them detect and hunt for threats, respond to incidents, and maintain visibility into the organization's cyber risk posture. However, SOC effectiveness still varies greatly from organization to organization.
Enterprises are putting the brakes temporarily on security spending amid the chaos of the global pandemic, but analysts believe that 2020 will still see growth in the market. A new worldwide security and risk management spending forecast released by Gartner this week updated numbers downward, with the firm projecting infosec spending to grow 2.4% this year compared to the more rosy 8.7% it predicted in December 2019. If the stats hold, the security market will hit $123.8 billion by year end.
The CISO role is rapidly evolving as organizations put more responsibility on the plates of their security and risk executives, particularly within large enterprises. In spite of that, a new survey report from security consulting firm Kudelski Security indicates that there is still "no well defined path to becoming a CISO or other senior security leader." The study shows that many organizations are still shooting from the hip when it comes to security succession planning, recruiting security specialists, and grooming senior security leaders with the skills and traits increasingly required by the business to run enterprise-class cybersecurity programs.
The cost of cybersecurity compliance is rising to unsupportable levels and enterprises are going to need to act soon if they are to keep the situation from hindering innovation, according to a new report. Conducted jointly by analyst firm Omdia and security advisory consultancy Coalfire, the study shows that over half of firms across all the major verticals are spending 40% or more of their IT security budgets on compliance today.