Author Archives: Help Net Security

Streamlining cloud compliance through automation

As companies migrate to the cloud to take advantage of its scalability and flexibility, many don’t fully realize how this move will affect their compliance with cybersecurity and privacy requirements mandated by laws and standards such as SOX, CCPA, SOC 2, PCI DSS or ISO 27001. While the cloud offers significant freedom, it also creates new pain points around achieving compliance with these requirements, especially when first moving compliant workloads from on-premises data centers to … More

The post Streamlining cloud compliance through automation appeared first on Help Net Security.

Privacy is not a one-time, check the box activity

New research from ISACA reveals critical skills gaps and insufficient training. The survey report also explores past and future trends in privacy, offering insights into privacy workforce and skills, the use of privacy by design, and the organizational structure and composition of privacy teams. Privacy by design Survey findings—gathered in Q3 2020 from 1,873 professionals who work in data privacy or have knowledge of their organizations’ data privacy functions—show some positive trends for those enterprises … More

The post Privacy is not a one-time, check the box activity appeared first on Help Net Security.

The complexity of moving legacy apps remains a huge cloud migration challenge

85% of IT decision makers are planning to increase their IT budgets for 2021, with cloud migration as a priority, a Next Pathway survey reveals. 65% of companies indicate the initiative is a top three area of technology emphasis in 2021. Looking at specific applications, IT decision makers cited migrating their data warehouse to the cloud as the most important. The key themes revealed in the survey include: Cloud migration is a journey – Most … More

The post The complexity of moving legacy apps remains a huge cloud migration challenge appeared first on Help Net Security.

Isolation-based security technologies are gaining prominence

Cyberinc shared its insights into the key trends that will shape the cybersecurity industry in the coming year. With evolving tactics that increase the risk and impact of ransomware and phishing, combined with the new normal of remote workforces, Cyberinc CEO Samir Shah believes that remote browser isolation (RBI) will prove its value as a critical must-have enterprise technology in 2021. “As mass-scale ransomware and other malware attacks continue to make headlines, companies and IT … More

The post Isolation-based security technologies are gaining prominence appeared first on Help Net Security.

Most with in-house security teams are considering outsourcing security efforts

Syntax surveyed 500 IT decision-makers in the US on the impact of the COVID-19 pandemic on their businesses and strategic decisions they’ll make in 2021. 2020 was a year of unexpected and rapid digital transformation for IT leaders across industries. 89% of respondents report that the pandemic accelerated their enterprises’ digital transformation last year. As a result, IT teams are stretched even thinner implementing secure and collaborative work-from-home environments, onboarding new technologies, and managing their … More

The post Most with in-house security teams are considering outsourcing security efforts appeared first on Help Net Security.

eBook: 20 tips for secure cloud migration

Is your organization making a move to the cloud? Download the latest eBook from (ISC)² to get tips and insights for a secure and successful migration. Inside, Certified Cloud Security Professionals (CCSPs) share how to tackle risks and challenges as cybersecurity practices shift to a cloud-based paradigm. They offer actionable advice covering the migration process from initial planning stages to deployment and everyday operations. You’ll learn how to: Assess current infrastructure and readiness Establish a … More

The post eBook: 20 tips for secure cloud migration appeared first on Help Net Security.

The impact of COVID-19 on how CISOs make buying decisions

It’s no secret that the past year has resulted in organizations fast-tracking their digital transformation projects, making drastic changes to their operations while also attempting to prepare for a very uncertain future. To get a sense of the real impact of the pandemic on cyber security, we conducted a wide-ranging survey with UK IT decision makers on their expectations and priorities for the next 12 months. We found that COVID-19 has not only led to … More

The post The impact of COVID-19 on how CISOs make buying decisions appeared first on Help Net Security.

Small security teams overwhelmed by onslaught of cyber attacks

Companies with small security teams, generally SMEs, are facing a number of unique challenges, placing these organizations at greater risk than their larger enterprise counterparts, according to Cynet. These enhanced risks are moving 100% of these companies to outsource at least some aspects of security threat mitigation in order to safeguard IT assets. In this survey of 200 CISOs at SMEs with five or fewer security staff members and cybersecurity budgets of $1 million or … More

The post Small security teams overwhelmed by onslaught of cyber attacks appeared first on Help Net Security.

Tailored AI-generated advice may stop the spread of misinformation

Warnings about misinformation are now regularly posted on Twitter, Facebook, and other social media platforms, but not all of these cautions are created equal. A research from Rensselaer Polytechnic Institute shows that artificial intelligence can help form accurate news assessments – but only when a news story is first emerging. Ineffective with with stories on frequently covered topics Researchers found that AI-driven interventions are generally ineffective when used to flag issues with stories on frequently … More

The post Tailored AI-generated advice may stop the spread of misinformation appeared first on Help Net Security.

Cybersecurity investments will increase up to 10% in 2021

A Canalys forecast predicts cybersecurity investments will increase 10% worldwide in the best-case scenario in 2021. Information security will remain a high priority this year, as the range of threats broadens and new vulnerabilities emerge, while the frequency of attacks is unlikely to subside. Cybersecurity market global forecast assumes current investment trends will persist. The first half of the year will be affected by ongoing lockdown restrictions and furloughs in response to the pandemic. COVID-19 … More

The post Cybersecurity investments will increase up to 10% in 2021 appeared first on Help Net Security.

Internet regulation: Not a matter of freedom of speech, but freedom to conduct business

Since 1997 (Reno vs. American Civil Liberties Union), the Supreme Court has used the metaphor of the free market of ideas to define the internet, thus addressing the regulation of the net as a matter of freedom of speech. In law, metaphors have a constitutive value and, once established, affect the debate and the decisions of the Courts for a long time. In a paper, Oreste Pollicino (Bocconi University) and Alessandro Morelli (Università Magna Graecia, … More

The post Internet regulation: Not a matter of freedom of speech, but freedom to conduct business appeared first on Help Net Security.

How secure configurations meet consensus

Have you ever wondered how technology hardening guidelines are developed? Some are determined by a particular vendor or driven by a bottom-line perspective. But that’s not the case with CIS Benchmarks. They’re developed by the Center for Internet Security (CIS) and the only consensus-developed security configuration recommendations both created and trusted by a global community of IT security professionals from academia, government, and industry. There are currently more than 100 configuration guidelines for 25+ vendor … More

The post How secure configurations meet consensus appeared first on Help Net Security.

How do I select a data encryption solution for my business?

It is a mathematical certainty that data is more protected by communication products that provide end-to-end encryption (E2EE). Yet, many CISOs are required to prioritize regulatory requirements before data protection when considering the corporate use of E2EE communications. Most Fortune 1000 compliance and security teams have the ability to access employee accounts on their enterprise communications platform to monitor activity and investigate bad actors. This access is often required in highly regulated industries and E2EE … More

The post How do I select a data encryption solution for my business? appeared first on Help Net Security.

How much is a vulnerability worth?

As part of its crowdsourced security program, Zoom has recently increased the maximum payout for vulnerabilities to $50,000. Such figures make great headlines and attract new talent in search of the big bucks, but here is a question that begs to be answered: how much is a vulnerability worth? I have previously found several bugs in Zoom’s products, although these now date back several years, to when the company’s crowdsourced security program was a fledgling … More

The post How much is a vulnerability worth? appeared first on Help Net Security.

Automation and no-code are driving the future of business operations

More than 95% of respondents indicated that business operations has become a more important function in their organization in the past year, a Tonkean survey reveals. The survey of 500 IT and business operations professionals at large and mid-sized companies also showed growing frustrations with the status quo of resources and tools to perform operations work. Lack of technical resources delaying projects 86% of respondents said their projects at least occasionally get delayed because of … More

The post Automation and no-code are driving the future of business operations appeared first on Help Net Security.

SCM market to reach $2.2B in total web and email security revenues by 2024

The Secure Content Management (SCM) market is expected to achieve an 11.4% compound annual growth rate to reach $2.2 billion in total web and email security revenues by 2024, according to Frost & Sullivan. Cloud-based deployments are projected to lead growth as more enterprises move their emails to the cloud and rely on the internet, including remote working, especially during COVID-19. Malicious email and web links remain the most popular attack vectors Malicious email and … More

The post SCM market to reach $2.2B in total web and email security revenues by 2024 appeared first on Help Net Security.

Week in review: Active Directory security, Dnsmasq vulnerabilities, how to select a fraud detection solution

Here’s an overview of some of last week’s most interesting news and articles: Dnsmasq vulnerabilities open networking devices, Linux distros to DNS cache poisoning Seven vulnerabilities affecting Dnsmasq, a caching DNS and DHCP server used in a variety of networking devices and Linux distributions, could be leveraged to mount DNS cache poisoning attack and/or to compromise vulnerable devices. Vulnerability management isn’t working for cloud security: Here’s how to do it right Three things in life … More

The post Week in review: Active Directory security, Dnsmasq vulnerabilities, how to select a fraud detection solution appeared first on Help Net Security.

Bolstering healthcare IT against growing security threats

As the COVID-19 pandemic unfolds, healthcare organizations are scrambling to ensure the safety and support of patients and staff, while also integrating and learning new technologies to support telehealth practices. The constantly evolving healthcare environment has placed immense financial strain on hospitals and increased pressure on healthcare staff, which has been made worse by the influx of possible security threats. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently released an alert highlighting imminent … More

The post Bolstering healthcare IT against growing security threats appeared first on Help Net Security.

Retail and hospitality sector fixing software flaws at a faster rate than others

The retail and hospitality sector is fixing software flaws at a faster rate than five other sectors, a Veracode analysis of more than 130,000 applications reveals. The ability to find and fix potential security defects quickly is a necessity, particularly in an industry that requires rapid response to changing customer demands. Retail and hospitality also track a high volume of personal information about consumers through loyalty cards and membership accounts, tying into marketing data from … More

The post Retail and hospitality sector fixing software flaws at a faster rate than others appeared first on Help Net Security.

Organizations struggle to maintain application security across platforms

Global organizations are struggling to maintain consistent application security across multiple platforms, and they are also losing visibility with the emergence of new architectures and the adoption of APIs, Radware reveals. Working to maintain application security across platforms A major factor in these challenges was the need to adjust rapidly to a new remote working and customer engagement model that resulted from the pandemic, leaving decision makers little or no time to conduct adequate security … More

The post Organizations struggle to maintain application security across platforms appeared first on Help Net Security.

Financial institutions must prepare for increased risk of financial crime

LexisNexis Risk Solutions published survey results of U.S. and Canadian compliance professionals on the range of challenges that financial institutions have experienced during the COVID-19 pandemic. The survey outlines the issues that many financial institutions encounter today and finds that the pandemic continues to test the resilience and agility of businesses across every market. The top three issues that compliance departments within financial institutions have experienced during the pandemic are: 42% face difficulty accessing information … More

The post Financial institutions must prepare for increased risk of financial crime appeared first on Help Net Security.

Ransomware provides the perfect cover

Look at any list of security challenges that CISOs are most concerned about and you’ll consistently find ransomware on them. It’s no wonder: ransomware attacks cripple organizations due to the costs of downtime, recovery, regulatory penalties, and lost revenue. Unfortunately, cybercriminals have added an extra sting to these attacks: they are using ransomware as a smokescreen to divert security teams from other clandestine activities behind the scenes. Attackers are using the noise of ransomware to … More

The post Ransomware provides the perfect cover appeared first on Help Net Security.

Financial institutions can strengthen cybersecurity with SWIFT’s CSCF v2021

The Society for Worldwide Interbank Financial Telecommunications (SWIFT) has introduced an updated set of baseline customer security controls that all of its users must implement on their SWIFT-related infrastructure by mid-year 2021. SWIFT is the world’s largest provider of secure financial messaging services to banks and other financial institutions. SWIFT has more than 11,000 users in over 200 countries, which makes it an attractive target to cybercriminals looking for banking information to perpetuate their fraudulent … More

The post Financial institutions can strengthen cybersecurity with SWIFT’s CSCF v2021 appeared first on Help Net Security.

Most CISOs believe that human error is the biggest risk for their organization

53% of CISOs and CSOs in the UK&I reported that their organization suffered at least one significant cyberattack in 2020, with 14% experiencing multiple attacks, a Proofpoint survey reveals. This trend is not set to slow down, with 64% expressing concern that their organization is at risk of an attack in 2021. Those in larger organizations feel at greater threat, with this figure jumping to 89% amongst CSOs and CISOs from organizations over 2,500 employees … More

The post Most CISOs believe that human error is the biggest risk for their organization appeared first on Help Net Security.

IT leaders concerned about their ability to keep up with digital transformation

IT leaders have growing concerns about their ability to keep up with digital transformation, a Dynatrace survey of 700 CIOs reveals. Traditional IT operating models with siloed teams and multiple monitoring and management solutions are proving ineffective at keeping up with cloud-native architectures. As a result, teams waste time manually combining data from disparate solutions in a reactive effort to solve challenges instead of focusing on driving innovation. Key findings 89% of CIOs say digital … More

The post IT leaders concerned about their ability to keep up with digital transformation appeared first on Help Net Security.

Worldwide private LTE/5G infrastructure market to reach $5.7 billion in 2024

Private LTE/5G infrastructure is any 3GPP-based LTE and/or 5G network deployed for a specific enterprise/industrial customer that provides dedicated access. It includes networks that may utilize dedicated (licensed, unlicensed, or shared) spectrum, dedicated infrastructure, and private devices embedded with unique SIM identifiers. Private LTE/5G infrastructure carries traffic native to a specific organization, with no shared resources in use by any third-party entities. Worldwide revenue attributable to the sales of private LTE/5G infrastructure will grow from … More

The post Worldwide private LTE/5G infrastructure market to reach $5.7 billion in 2024 appeared first on Help Net Security.

Does your cloud stack move faster than your cloud security solutions?

According to Gartner, worldwide end-user spending on public cloud services is forecasted to grow by 18.4% in 2021 to a total of $304.9 billion, up from $257.5 billion in 2020. “The pandemic validated the cloud’s value proposition,” said Sid Nag, research vice president at Gartner. “The ability to use on-demand, scalable cloud models to achieve cost efficiency and business continuity is providing the impetus for organizations to rapidly accelerate their digital business transformation plans.” From … More

The post Does your cloud stack move faster than your cloud security solutions? appeared first on Help Net Security.

Protecting the remote workforce to be enterprises’ prime focus in 2021

Protecting the remote workforce will be enterprises’ prime focus in 2021, according to a Cato Networks survey of 2,376 IT leaders. IT teams struggled in the early days of the pandemic, rushing to meet the urgent need for widespread remote access. Connecting users often came at the expense of other factors, such as security, performance, and management. As 81% of respondents expect to continue working-from-home (WFH), 2021 will see enterprises address those other areas, evolving … More

The post Protecting the remote workforce to be enterprises’ prime focus in 2021 appeared first on Help Net Security.

Companies turning to MSPs as attack vectors get more sophisticated

Research from Infrascale reveals new information security insights important to MSPs in the new year. The research survey highlights business executive input, from a security perspective, on COVID-19, on cloud adoption, and on standards compliance. As 65% of those surveyed have seen an increase in information security breaches in their industry since the pandemic began, it’s not surprising that even more, 74% of all respondents, have chosen caution and implemented new infosec technology. A robust … More

The post Companies turning to MSPs as attack vectors get more sophisticated appeared first on Help Net Security.

Research team develops fast and affordable quantum random number generator

An international research team has developed a fast and affordable quantum random number generator. The device created by scientists from NUST MISIS, Russian Quantum Center, University of Oxford, Goldsmiths, University of London and Freie Universität Berlin produces randomness at a rate of 8.05 gigabits per second, which makes it the fastest random number generator of its kind. The study is a promising starting point for the development of commercial random number generators for cryptography and … More

The post Research team develops fast and affordable quantum random number generator appeared first on Help Net Security.

Rethinking Active Directory security

In the wake of a cyberattack, Active Directory is sometimes dismissed as just another service that needs to be recovered, and security is an afterthought. But the hard reality is that if Active Directory is compromised, so is your entire environment. 90% of organizations use Active Directory as their primary store for employee authentication, identity management, and access control. Today, it’s becoming more common for organizations to take a hybrid approach to identity and focus … More

The post Rethinking Active Directory security appeared first on Help Net Security.

Are you vetting your MSSPs?

Enterprises were already moving toward digital transformations at the start of 2020, but the COVID-19 pandemic suddenly threw everything into high gear. Telework, virtual meetings and a host of online transactions – from retail purchases and food ordering to interviewing and onboarding employees – went from being occasional occurrences to being the norm. With enterprises using the cloud for more and more of their operations, the adoption of “as-a-Service” offerings has grown swiftly in nearly … More

The post Are you vetting your MSSPs? appeared first on Help Net Security.

Product showcase: Pentest Robots

Security testing automation is not about building tech to replace humans. We don’t adhere to that limiting view because it fails to capture the complexity and depth of security testing. Instead, we believe automation should enhance uniquely human abilities such as critical thinking and subjective judgment. A good pentester can never be replaced by a robot. But a robot can make them exponentially more effective. Here’s what we mean. How Pentest Robots work Security pros … More

The post Product showcase: Pentest Robots appeared first on Help Net Security.

Visibility, control and governance holding back cloud transformation

While 91% of organizations were successful in increasing security as a result of adopting cloud services, it remains a top concern for many, a part two of an Aptum study reveals. The report identifies common security, compliance and governance challenges impacting organizations undergoing cloud transformation. The research reveals that 51% of survey respondents see security as the main driver behind cloud adoption. However, 38% cite security and data protection as the primary barrier to cloud … More

The post Visibility, control and governance holding back cloud transformation appeared first on Help Net Security.

Worldwide SD-WAN market to reach valuation of $53 billion by end of 2030

A software-defined wide area network is a type of computer network that allows the bounding of multiple internet access resources, such as cables, digital subscriber lines (DSL), and cellular or any other IP transport to provide high throughput data channels. WAN solutions improve application performance, reducing costs, increasing agility, and addressing various IT challenges. Enterprises are adopting SD-WAN solutions for threat protection, efficient offloading of expensive circuits, and simplification of WAN network management. IT infrastructure … More

The post Worldwide SD-WAN market to reach valuation of $53 billion by end of 2030 appeared first on Help Net Security.

How to defend against today’s top 5 cyber threats

Cyber threats are constantly evolving. As recently as 2016, Trojan malware accounted for nearly 50% of all breaches. Today, they are responsible for less than seven percent. That’s not to say that Trojans are any less harmful. According to the 2020 Verizon Data Breach Investigations Report (DBIR), their backdoor and remote-control capabilities are still used by advanced threat actors to conduct sophisticated attacks. Staying ahead of evolving threats is a challenge that keeps many IT … More

The post How to defend against today’s top 5 cyber threats appeared first on Help Net Security.

Vulnerability management isn’t working for cloud security: Here’s how to do it right

Three things in life are seemingly guaranteed: death, taxes and high-profile cloud security breaches. But there is no reason why public cloud or hybrid cloud breaches must remain so stubbornly persistent. The fact is that we understand why these incidents keep occurring: managing risk and vulnerabilities within dynamic cloud environments isn’t easy. The difficulty of this challenge is magnified by the competitive imperative to migrate to the public cloud quickly. It is further compounded by … More

The post Vulnerability management isn’t working for cloud security: Here’s how to do it right appeared first on Help Net Security.

How do I select a fraud detection solution for my business?

The rapid increase in digital use created a perfect storm for fraudsters to quickly find new ways to steal funds, capitalizing on consumers’ lack of familiarity with digital platforms and the resource constraints faced by many businesses. In fact, from January 2020 to early January 2021, the Federal Trade Commission released that consumers reported over 275,000 complaints resulting in more than $210 million in COVID-19-related fraud loss. Because of this, it’s critical for businesses to … More

The post How do I select a fraud detection solution for my business? appeared first on Help Net Security.

Enterprises move on from legacy approaches to software development

Application development and maintenance services in the U.S. are evolving to meet changing demands from enterprises that need dynamic applications with rich user interfaces, according to a report published by Information Services Group. The report for the U.S. finds the growing ranks of companies undergoing digital transformation want to modernize their software portfolios and continuously update their applications. Meeting requirements through next-generation ADM services Service providers are meeting these requirements through next-generation ADM services, which … More

The post Enterprises move on from legacy approaches to software development appeared first on Help Net Security.

Malware incidents on remote devices increase

52% of organizations experienced a malware incident on remote devices in 2020, up from 37% in 2019, a Wandera report reveals. Of devices compromised by malware in 2020, 37% continued accessing corporate emails after being compromised and 11% continued accessing cloud storage, highlighting a need for organizations to better determine how to configure business tools to ensure fast and safe connectivity for all users in 2021. Other findings In 2020, 28% of organizations were regularly … More

The post Malware incidents on remote devices increase appeared first on Help Net Security.

Public cloud IT infrastructure revenue increasing

Vendor revenue from sales of IT infrastructure products (server, enterprise storage, and Ethernet switch) for cloud environments, including public and private cloud, increased 9.4% year over year in the third quarter of 2020 (3Q20), according to IDC. Investments in traditional, non-cloud, IT infrastructure declined -8.3% year over year in 3Q20. These growth rates show the market response to major adjustments in business, educational, and societal activities caused by the COVID-19 pandemic and the role IT … More

The post Public cloud IT infrastructure revenue increasing appeared first on Help Net Security.

Week in review: Pen testing, Sunspot malware, Microsoft plugs Defender zero-day

Here’s an overview of some of last week’s most interesting news and articles: Top videoconferencing attacks and security best practices Videoconferencing has become a routine part of everyday life for remote workers, students, and families. Yet widespread adoption of this technology has also attracted nefarious characters whose motivations can range from simple disruption to full-out espionage. SolarWinds hack investigation reveals new Sunspot malware Crowdstrike researchers have documented Sunspot, a piece of malware used by the … More

The post Week in review: Pen testing, Sunspot malware, Microsoft plugs Defender zero-day appeared first on Help Net Security.

What analytics can unveil about bot mitigation tactics

25% of internet traffic on any given day is made up of bots, the Kasada Research Team has found. In fact, there is a synthetic counterpart for almost every human interaction online. Bot mitigation tactics These bots work to expose and take advantage of vulnerabilities at a rapid pace, stealing critical personal and financial data, scraping intellectual property, installing malware, contributing to DDoS attacks, distorting web analytics and damaging SEO. Luckily, tools, approaches, solutions and … More

The post What analytics can unveil about bot mitigation tactics appeared first on Help Net Security.

Understanding third-party hacks in the aftermath of the SolarWinds breach

In the aftermath of the SolarWinds hack, a better understanding of third-party hacks in any update that you provide to your colleagues, bosses, and even the board of directors may be warranted. Any such update that you provide on SolarWinds should certainly cover whether or not your organization is one of the 300,000 SolarWinds customers and whether or not you were one of the 18,000 or so that were using the specific version of Orion … More

The post Understanding third-party hacks in the aftermath of the SolarWinds breach appeared first on Help Net Security.

Fraudulent attempt purchase value decreased by $10 in 2020 compared to 2019

There has been a 24 percent increase in eCommerce transactions globally in December 2020 compared to December 2019, ACI Worldwide reveals. In particular, eCommerce transactions in the retail sector increased 31 percent and the gaming sector increased 90 percent, comparing December 2020 with December 2019. BOPIS fraud also seeing a significant increase While many merchants initially implemented the buy online, pick up in store (BOPIS) delivery channel during the pandemic, those that already had this … More

The post Fraudulent attempt purchase value decreased by $10 in 2020 compared to 2019 appeared first on Help Net Security.

Revenue for 5G enterprises in the Asia-Pacific region to reach $13.9B by 2024

Mega trends across the government and public sector, healthcare, manufacturing, and telecommunications are posing new challenges to end users in vertical industries in the Asia-Pacific region, Frost & Sullivan finds. These changes are pushing enterprises to transform and enable new use cases that are critical in supporting and optimizing enterprise business processes to improve business efficiency. In addition to impacting mega trends, the COVID-19 pandemic is driving the need for critical and vital broadband, remote … More

The post Revenue for 5G enterprises in the Asia-Pacific region to reach $13.9B by 2024 appeared first on Help Net Security.