All about Virtualization and Cloud Security | Recent Articles:

• The main driver of the IoT market is not innovation and the final product suffers
• The IoT gold rush brings more and more unsecure devices because standards and regulations don’t really exit
• Security for IoT devices can still be achieved, even in these conditions, and the solution is in the ISPs’ hands

• Chief Information Security Officers are preparing for an average of 3.3 security compliance standard audits over the next six to 12 months
• Of the CISOs working for software companies, 77% said they were preparing for SOC-2 audits
• Security seniors are worried about their current resources facing upcoming audits and security compliance

• Simulated phishing campaign reveals recipients typically open the email 50% of the time, 32% click the malicious attachment or link, and 13% submit sensitive data
• Employees in Quality Management & Health, Purchasing / Administrative Affairs, Legal / Internal Control, Human Resources, and Research & Development have the highest rates opening and interacting with malicious emails
• Phishing attacks are winning because they target fundamental and typical human nature, researchers say

• The adoption of telehealth vendors has significantly expanded healthcare providers' attack surface
• Researchers find a noticeable increase in leaks from primary healthcare and telehealth companies on the dark web since February 2020
• Threat actors use strains of ransomware that are uniquely tailored to take down healthcare IT infrastructures
• Despite new risks from telehealth vendors, the healthcare sector has improved its security posture compared to 2019

• Ransomware retakes the lead (from business email compromise) as the top cyber insurance claim the first half of the year
• Analysts observed a 47% increase in the severity of ransomware attacks, on top of a 100% increase from 2019 to Q1 2020
• Ransomware (41%), funds transfer loss (27%), and business email compromise incidents (19%) were the most frequent types of loss

• More organizations are moving applications and data to the cloud, driven in part by changing work environment caused by the pandemic
• Ensuring data security is a key challenge in taking full advantage of public cloud resources

This year has seen a few dramatic trends that directly affect IT, in large part results of the global health crisis: the massive shift to a work-from-home model, a significant increase in e-commerce activity, and a big jump in the use of videoconferencing and other collaborative tools—to name a few.

• 94% of IT pros have experienced a data breach at some point in time
• 79% are worried their current employer could be next
• Employee data breaches most commonly occur through external email services such as Gmail and Outlook

• 88% of data breaches are caused by human error
• Employees between the ages of 18 and 30 are five times more likely to admit to errors that compromised cybersecurity
• IT reps can leverage integrated Risk Management and Analytics to address misconfigurations and vulnerabilities, including human-triggered ones

• 84% of companies say their vulnerability management is efficient
• Researchers find a significant disconnect between perception and reality
• Organizations must update and automate remediation processes

Most companies place a lot of trust in their vulnerability management programs, with 84% of IT leaders rating them as "mature." However, a deeper dive into the state of vulnerability management at various companies reveals a major disconnect between that perception and reality.

• Data storage, remote access and network administration are most prevalent services exposing sensitive data
• Unsafe services are linked to other security issues in the digital supply chain
• Ukraine, Indonesia, Bulgaria, Mexico and Poland are among countries with the highest rate of domestically hosted systems running unsafe services

A third of companies in the digital realm expose unsafe services to the internet and exhibit several other critical security lapses, according to an in-depth study on the prevalence of unsafe network services.

• Most security professionals have difficulty maintaining security configurations in the cloud
• 22% still assess their cloud security posture manually
• Security pros confess they need more automated enforcement

Organizations face shortcomings in monitoring and securing their cloud environments, according to a survey of 310 security professionals.

• Criminals look for higher BEC payments
• Gift card frauds are the most common BEC incidents
• One Russian BEC operation tries to hit companies with $1.27 million attack

The average payments made through Business Email Compromise (BEC) attacks are increasing significantly, according to a new report APWG Phishing Activity Trends Report.