May 25th is the second anniversary of the General Data Protection Regulation (GDPR) and data around compliance with the regulation shows a significant disconnect between perception and reality. Only 28% of firms comply with GDPR; however, before GDPR kicked off, 78% of companies felt they would be ready to fulfill data requirements. While their confidence was high, when push comes to shove, complying with GDPR and GDPR-like laws – like CCPA and PDPA – are … More
More than 88% percent of organizations use cloud infrastructure in one form or another, and 45% expect to migrate three quarters or more of their apps to the cloud over the next twelve months, according to the O’Reilly survey. The report surveyed 1,283 software engineers, technical leads, and decision-makers from around the globe. Of note, the report uncovered that 21% of organizations are hosting all applications in a cloud context. The report also found that … More
The post Organizations plan to migrate most apps to the cloud in the next year appeared first on Help Net Security.
Infoblox identified the challenges Communication Service Providers (CSPs) face in transitioning to distributed cloud models, as well as the use cases for multi-access edge computing (MEC), 5G New Radio (NR), and 5G Next Generation Core (NGC) networks. “Distributed cloud models such as 5G and multi-access edge computing networks have the potential to drastically change the CSP industry, delivering high-bandwidth, low latency services to network customers,” said Dilip Pillaipakam, Vice President and GM of Service Provider … More
Here’s an overview of some of last week’s most interesting news and articles: The dark web is flooded with offers to purchase corporate network access In Q1 2020, the number of postings advertising access to these networks increased by 69 percent compared to the previous quarter. This may pose a significant risk to corporate infrastructure, especially now that many employees are working remotely. EasyJet data breach: 9 million customers affected British low-cost airline group EasyJet … More
The post Week in review: EasyJet breach, shadow IT risks, phishers bypassing Office 365 MFA appeared first on Help Net Security.
“The customer comes first” started out as the secret to success in business. Now it’s the secret to 21st century cybersecurity and fraud prevention, too. The phrase always seemed more like an empty platitude, but a growing number of banks and other financial institutions now understand that optimizing convenient consumer experience with risk and safety across all their channels is a strategic differentiator. Dealing with fraudulent transactions Financial institutions have been on the lookout for … More
The post Create a safe haven for your customers to build loyalty appeared first on Help Net Security.
Security Information and Event Management (SIEM) systems combine two critical infosec abilities – information management and event management – to identify outliers and respond with appropriate measures. While information management deals with the collection of security data from across silos in the enterprise (firewalls, antivirus tools, intrusion detection, etc.), event management focuses on incidents that can pose a threat to the system – from benign human errors to malicious code trying to break in. Having … More
The post Integrating a SIEM solution in a large enterprise with disparate global centers appeared first on Help Net Security.
There is a flood of interest in accessing corporate networks on the dark web, according to Positive Technologies. In Q1 2020, the number of postings advertising access to these networks increased by 69 percent compared to the previous quarter. This may pose a significant risk to corporate infrastructure, especially now that many employees are working remotely. “Access for sale” on the dark web is a generic term, referring to software, exploits, credentials, or anything else … More
The post The dark web is flooded with offers to purchase corporate network access appeared first on Help Net Security.
Account Takeover (ATO) attacks happen when a bad actor gains access to a legitimate customer’s eCommerce store account and uses that account for fraud. The impact of ATO attacks A new Riskified survey shows that ATO attacks have a huge negative impact on customers and merchants, damaging brand reputation and hurting merchants’ bottom lines. Despite that, many merchants lack security measures, and 35% of merchants report that at least 10% of their accounts have been … More
The post What can merchants do to avoid falling victim to large-scale ATO attacks? appeared first on Help Net Security.
At the end of 2019 there were 7.6 billion active IoT devices, a figure which will grow to 24.1 billion in 2030, a CAGR of 11%, according to a research published by Transforma Insights. Short range technologies, such as Wi-Fi, Bluetooth and Zigbee, will dominate connections, accounting for 72% in 2030, largely unchanged compared to the 74% it accounts for today. Public networks growth Public networks, which are dominated by cellular networks, will grow from … More
The post Number of active IoT devices expected to reach 24.1 billion in 2030 appeared first on Help Net Security.
How confident are you that your security visibility covers every critical corner of your infrastructure? A good SIEM solution will pull data across firewalls, servers, routers, and endpoint devices. But what if there is even one gap—one piece of equipment that can’t be monitored but contains business critical data? That sounds like a glaring hole in the vision of your SOC, doesn’t it? Especially if it can be exploited by hackers, malicious insiders, or simply … More
The post The missing link in your SOC: Secure the mainframe appeared first on Help Net Security.
Fifteen years ago, there was a revolution in personal music players. The market had slowly evolved from the Walkman to the Discman, when a bolt of innovation brought the MP3 player. Finally, the solution to having all of one’s music anywhere was solved with a single device, not a device plus a bag full of whatever physical media was popular at that time. History clearly shows that the iPod and a few of its competitors … More
The post What do IGA solutions have in common with listening to music anywhere? appeared first on Help Net Security.
Seven in 10 applications have a security flaw in an open source library, highlighting how use of open source can introduce flaws, increase risk, and add to security debt, a Veracode research reveals. Nearly all modern applications, including those sold commercially, are built using some open source components. A single flaw in one library can cascade to all applications that leverage that code. According to Chris Eng, Chief Research Officer at Veracode, “Open source software … More
Greenbone Networks revealed the findings of a research assessing critical infrastructure providers’ ability to operate during or in the wake of a cyberattack. The cyber resilience of critical infrastructures The research investigated the cyber resilience of organizations operating in the energy, finance, health, telecommunications, transport and water industries, located in the world’s five largest economies: UK, US, Germany, France and Japan. Of the 370 companies surveyed, only 36 percent had achieved a high level of … More
The post Only 36% of critical infrastructures have a high level of cyber resilience appeared first on Help Net Security.
Technology executives, C-suite leaders and senior executives in areas such as IoT, DevOps, security, and embedded development—from both the U.S. and China are realigning their focus during the COVID-19 pandemic, Wind River reveals. Seismic events can disrupt our focus and thinking and force reassessment of drivers of future business success. The current pandemic is one of those major events producing a worldwide impact, especially given its reverberations on the two largest global economies, the U.S. … More
The post COVID-19 is driving diverging perspectives as enterprises decide which technologies to focus on appeared first on Help Net Security.
There are growing disparities in how CEOs and CISOs view the most effective cybersecurity path forward, according to Forcepoint. The global survey of 200 CEOs and CISOs from across industries including healthcare, finance and retail, among others, uncovered prominent cybersecurity stressors and areas of disconnect for business and security leaders, including the lack of an ongoing cybersecurity strategy for less than half of all CEO respondents. The research also identified disparities between geographic regions on … More
Despite efforts by organizations to layer up their cyber defenses, the threat landscape is changing, attackers are innovating and automating their attacks, NTT reveals. The threat landscape is changing Referencing the COVID-19 pandemic, the report highlights the challenges that businesses face as cyber criminals look to gain from the global crisis and the importance of secure-by-design and cyber-resilience. The attack data indicates that 55% of all attacks in 2019 were a combination of web-application and … More
The post With the threat landscape continuously changing, businesses must be ready for anything appeared first on Help Net Security.
Roles across software development teams have changed as more teams adopt DevOps, according to GitLab. The survey of over 3,650 respondents from 21 countries worldwide found that rising rates of DevOps adoption and implementation of new tools has led to sweeping changes in job functions, tool choices and organization charts within developer, security and operations teams. “This year’s Global DevSecOps Survey shows that there are more successful DevOps practitioners than ever before and they report … More
The post With increased DevOps adoption, roles in software development teams are changing appeared first on Help Net Security.
As breaches and hacks continue, and new vulnerabilities are uncovered, secure coding is being recognized as an increasingly important security concept — and not just for back-room techies anymore, Accurics reveals. Cloud stack risk “Our report clearly describes how current security practices are grossly inadequate for protecting transient cloud infrastructures, and why more than 30 billion records have been exposed through cloud breaches in just the past two years,” said Sachin Aggarwal, CEO at Accurics. … More
The post Technologies in all layers of the cloud stack are at risk appeared first on Help Net Security.
Senior security leaders within financial services companies are being challenged with a lack of trusted data to make effective security decisions and reduce their risk from cyber incidents, according to Panaseer. Results from a global external survey of over 400 security leaders that work in large financial services companies reveal concerns on security measurement and metrics that include data confidence, manual processes, resource wastage and request overload. Issues with processes, people and technologies The results … More
The post Over half of security leaders still rely on spreadsheets appeared first on Help Net Security.
Even before COVID-19 initiated an onslaught of additional cybersecurity risks, many chief information security officers (CISOs) were struggling. According to a 2019 survey of cybersecurity professionals, these critical data defenders were burned out. At the time, 64% were considering quitting their jobs, and nearly as many, 63%, were looking to leave the industry altogether. Of course, COVID-19 and the ensuing remote work requirements have made the problem worse. It’s clear that companies could be facing … More
The post CISOs are critical to thriving companies: Here’s how to support their efforts appeared first on Help Net Security.
Kill Chain is an HBO documentary made and produced by Simon Arizzone, Russell Michaels and Sarah Teale. Kill Chain: Inside the documentary Arizzone and Michaels already worked on a documentary in 2006 called Hacking Democracy, which was about uncovering voting machines vulnerabilities and about how votes were manipulated, leading to George W. Bush winning the elections (2004). And here we are again in 2020 talking about the same problem and uncovering the same old security … More
The post Review: Kill Chain: The Cyber War on America’s Elections appeared first on Help Net Security.
Have you ever done a jigsaw puzzle with pieces missing? Or tried to do a complicated one with only part of the picture showing on the box lid? If so, you will know how it feels to be the folks working to create secure, robust, and seamless enterprise IT systems. Enterprise IT has morphed into something that can feel complex and messy at best and out of control at worst. Each deployment can be convoluted, … More
The post How a good user experience brings the pieces of the enterprise IT jigsaw together appeared first on Help Net Security.
As most of the UK’s cybersecurity workforce now sits at home isolated while carrying out an already pressurised job, there is every possibility that this could be affecting their mental health. In light of Mental Health Awareness Week, and as the discussion around employee wellbeing becomes louder and louder amidst the COVID-19 pandemic, we spoke with five cybersecurity experts to get their thoughts on how organisations can minimise the negative mental and physical impacts on … More
The post Mental Health Awareness Week: Coping with cybersecurity pressures amidst a global pandemic appeared first on Help Net Security.
Organizations that put data at the center of their vision and strategy realize a differentiated competitive advantage by mitigating cost and risk, growing revenue and improving the customer experience, a Collibra survey of more than 900 global business analysts reveals. Orgs rarely use data to guide business decisions Despite a majority of companies saying they valued using data to drive decisions, many organizations are not consistently executing. While 84% of respondents said that it is … More
As cyber threats and remote working challenges linked to COVID-19 continue to rise, IT teams are increasingly pressured to keep organizations’ security posture intact. When it comes to remote working, one of the major issues facing enterprises is shadow IT. End users eager to adopt the newest cloud applications to support their remote work are bypassing IT administrators and in doing so, unknowingly opening both themselves and their organization up to new threats. You’ve probably … More
Organizations are under more pressure than ever before to rapidly produce both new apps and updates to existing apps, not only because it’s essentially the only way they can interact with their customers, but also because there will be a flood of new users who previously relied on physical locations to conduct their business. Continuous mobile development is now more critical than ever, and organizations must provide error-free, engaging user experiences. In the rush to … More
The post Security and the rapidly growing importance of mobile apps appeared first on Help Net Security.
Data security is creating fear and trust issues for IT professionals, according to a new Oracle and KPMG report. The study of 750 cybersecurity and IT professionals across the globe found that a patchwork approach to data security, misconfigured services and confusion around new cloud security models has created a crisis of confidence that will only be fixed by organizations making security part of the culture of their business. Data security is keeping IT professionals … More
The post Shifting responsibility is causing uncertainty and more security breaches appeared first on Help Net Security.
The number of workforce identities in the enterprise is growing dramatically, largely driven by DevOps, automation, and an increase in enterprise connected devices, which will only continue to accelerate identity growth, an IDSA survey of 502 IT security and identity decision makers reveals. At the same time, compromised identities remain one of the leading causes of a data breach. According to the study, the vast majority of IT security and identity professionals have experienced an … More
The post Identity-related breaches on the rise, prevention still a work in progress appeared first on Help Net Security.
A large percentage of Americans currently do not take the necessary steps to protect their passwords and logins online, FICO reveals. As consumers reliance on online services grows in response to COVID-19, the study examined the steps Americans are taking to protect their financial information online, as well as attitudes towards increased digital services and alternative security options such as behavioral biometrics. Do you use a password manager? The study found that a large percentage … More
The post Less than a quarter of Americans use a password manager appeared first on Help Net Security.
Here’s an overview of some of last week’s most interesting news, articles and podcasts: Have you patched these top 10 routinely exploited vulnerabilities? The US Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to patch a slew of old and new software vulnerabilities that are routinely exploited by foreign cyber actors and cyber criminals. Kali Linux 2020.2: New look, new packages, new installer options Offensive Security has released Kali Linux 2020.2, the latest iteration … More
The post Week in review: Kali Linux 2020.2, sensor-based ransomware detection, 10 most exploited vulns appeared first on Help Net Security.
Cyberthreats are a ubiquitous concern for organizations operating in the digital world. No company is immune — even large and high-profile organizations like Adobe, Yahoo, LinkedIn, Equifax and others have reported massive data breaches in recent years. Cyberattacks are only growing in frequency, affecting billions of people and threatening businesses. What’s being done to bolster information security as cyberattacks continue to happen? The National Institute of Standards and Technology (NIST), a non-regulatory agency of the … More
The post Modern crypto standards pave the way to stronger security appeared first on Help Net Security.
Engineers from SMU’s Darwin Deason Institute for Cybersecurity have developed software to detect ransomware attacks before attackers can inflict catastrophic damage. Ransomware is crippling cities and businesses all over the world, and the number of ransomware attacks have increased since the start of the coronavirus pandemic. Attackers are also threatening to publicly release sensitive data if ransom isn’t paid. The FBI estimates that ransomware victims have paid hackers more than $140 million in the last … More
The post New software enables existing sensors to detect ransomware appeared first on Help Net Security.
The telecommunications, retail and financial services industries have been increasingly impacted by COVID-19 online fraud, according to TransUnion. From a consumer perspective, Millennials have been most targeted by fraudsters using COVID-19 scams. Overall, the percent of suspected fraudulent digital transactions rose 5% from March 11 to April 28 when compared to Jan. 1 to March 10, 2020. More than 100 million risky transactions from March 11 to April 28 have been identified. “Given the billions … More
The post COVID-19 online fraud trends: Industries, schemes and targets appeared first on Help Net Security.
The majority of business decision makers are insured against traditional cyber risks, such as breaches of personal information, but most were vulnerable to emerging risks, such as malware and ransomware, revealing a potential insurance coverage gap, according to the Hanover Insurance Group. The report surveyed business decision makers about cyber vulnerabilities and risk mitigation efforts. Insurance purchasing decisions influenced by media coverage Most businesses surveyed indicated they had purchased cyber insurance, and more than 70% … More
The post Businesses vulnerable to emerging risks have a gap in their insurance coverage appeared first on Help Net Security.
Many educational organizations are at risk of data security incidents during the current period of working from home and virtual learning, a Netwrix report reveals. Weak data security controls According to the survey, even before the COVID-19 pandemic, the majority of educational organizations had weak data security controls. In particular, 54% of IT professionals in the educational sector confessed that employees put data at risk by sharing it via cloud apps outside of IT knowledge. … More
The post Educational organizations use cloud apps to share sensitive data outside of IT control appeared first on Help Net Security.