Most enterprises are aware that business disruption carries heavy costs, but still they fail to prioritize the security of business-critical applications.
When it comes to managing cybersecurity risks, too many enterprises today remain focused on doing little more than making sure their baseline compliance and security controls are in place. They’ll check the boxes: Passwords more than 8 characters with two numbers and a special character? Check. Firewall? Check. VPN? Check. Antimalware? Check.
It has long been accepted as truth that staff, an organization’s first and last line of defense, is the vulnerability that malicious actors most take advantage of to steal data or deploy malware. But newer studies show an increase in malicious insiders, and one survey indicates that most IT security leaders believe this to be the case in their organization.
The effectiveness of security incident investigation and resolution is key to the effectiveness of all defense efforts. But improving incident investigation and resolution does not come without challenges: Too many alerts to handle and poor correlation between alerts.
One of the biggest concerns and challenges in cyber security is knowing who has access to which data and applications within an enterprise at any given time. This has become all the more complex for IT and security management with the growth in cloud services and the increased use of mobile devices, which create many more points of access within organizations.
Countering internal threats remains one of the biggest challenges for businesses, with a rise in phishing and ransomware attacks, as well as negligent and malicious insiders, new research shows.
Companies with customers or employees in California have only 10 months to become compliant with the toughest privacy law so far in the United States. But only a small percentage of such organizations are ready for the upcoming legislation.
Recent attacks on MSPs have confirmed once again that both managed service providers and customers are increasingly targeted by cybercriminals, and the attacks often succeed.
In about two months, two years will have passed since the WannaCry ransomware attack, a large-scale, global security incident that spread through the EternalBlue exploit targeting computers operating on outdated Windows systems. It affected over 300,000 computers that were still using vulnerable software such as Windows Vista and Windows 7, which had already been obsolete for quite a while.
The Internet of Things (IoT) and Industrial IoT represent a massive new cyber security challenge for many organizations, vastly expanding the potential attack surface because of the greatly increased number of end point devices in use.
Cyber security breaches can come from a wide variety of sources: Hackers out to exploit vulnerabilities and make money or wreak havoc; nation states looking to gain an economic advantage; competitors aiming to steal intellectual property; and disgruntled employees plotting to cause damage at their companies—to name a few.
The Facebook data breach of 2018, probably the biggest of the year, illustrates better than any other example that no company, big or small, is immune to hackers. One would expect a company of Facebook’s size to sustain top-tier research and development for cybersecurity, but last year’s breaches prove it’s vulnerable anyway.
