Category Archives: Expert Analysis

The impact of COVID-19 on how CISOs make buying decisions

It’s no secret that the past year has resulted in organizations fast-tracking their digital transformation projects, making drastic changes to their operations while also attempting to prepare for a very uncertain future. To get a sense of the real impact of the pandemic on cyber security, we conducted a wide-ranging survey with UK IT decision makers on their expectations and priorities for the next 12 months. We found that COVID-19 has not only led to … More

The post The impact of COVID-19 on how CISOs make buying decisions appeared first on Help Net Security.

How much is a vulnerability worth?

As part of its crowdsourced security program, Zoom has recently increased the maximum payout for vulnerabilities to $50,000. Such figures make great headlines and attract new talent in search of the big bucks, but here is a question that begs to be answered: how much is a vulnerability worth? I have previously found several bugs in Zoom’s products, although these now date back several years, to when the company’s crowdsourced security program was a fledgling … More

The post How much is a vulnerability worth? appeared first on Help Net Security.

Bolstering healthcare IT against growing security threats

As the COVID-19 pandemic unfolds, healthcare organizations are scrambling to ensure the safety and support of patients and staff, while also integrating and learning new technologies to support telehealth practices. The constantly evolving healthcare environment has placed immense financial strain on hospitals and increased pressure on healthcare staff, which has been made worse by the influx of possible security threats. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently released an alert highlighting imminent … More

The post Bolstering healthcare IT against growing security threats appeared first on Help Net Security.

Ransomware provides the perfect cover

Look at any list of security challenges that CISOs are most concerned about and you’ll consistently find ransomware on them. It’s no wonder: ransomware attacks cripple organizations due to the costs of downtime, recovery, regulatory penalties, and lost revenue. Unfortunately, cybercriminals have added an extra sting to these attacks: they are using ransomware as a smokescreen to divert security teams from other clandestine activities behind the scenes. Attackers are using the noise of ransomware to … More

The post Ransomware provides the perfect cover appeared first on Help Net Security.

Financial institutions can strengthen cybersecurity with SWIFT’s CSCF v2021

The Society for Worldwide Interbank Financial Telecommunications (SWIFT) has introduced an updated set of baseline customer security controls that all of its users must implement on their SWIFT-related infrastructure by mid-year 2021. SWIFT is the world’s largest provider of secure financial messaging services to banks and other financial institutions. SWIFT has more than 11,000 users in over 200 countries, which makes it an attractive target to cybercriminals looking for banking information to perpetuate their fraudulent … More

The post Financial institutions can strengthen cybersecurity with SWIFT’s CSCF v2021 appeared first on Help Net Security.

Does your cloud stack move faster than your cloud security solutions?

According to Gartner, worldwide end-user spending on public cloud services is forecasted to grow by 18.4% in 2021 to a total of $304.9 billion, up from $257.5 billion in 2020. “The pandemic validated the cloud’s value proposition,” said Sid Nag, research vice president at Gartner. “The ability to use on-demand, scalable cloud models to achieve cost efficiency and business continuity is providing the impetus for organizations to rapidly accelerate their digital business transformation plans.” From … More

The post Does your cloud stack move faster than your cloud security solutions? appeared first on Help Net Security.

Rethinking Active Directory security

In the wake of a cyberattack, Active Directory is sometimes dismissed as just another service that needs to be recovered, and security is an afterthought. But the hard reality is that if Active Directory is compromised, so is your entire environment. 90% of organizations use Active Directory as their primary store for employee authentication, identity management, and access control. Today, it’s becoming more common for organizations to take a hybrid approach to identity and focus … More

The post Rethinking Active Directory security appeared first on Help Net Security.

Are you vetting your MSSPs?

Enterprises were already moving toward digital transformations at the start of 2020, but the COVID-19 pandemic suddenly threw everything into high gear. Telework, virtual meetings and a host of online transactions – from retail purchases and food ordering to interviewing and onboarding employees – went from being occasional occurrences to being the norm. With enterprises using the cloud for more and more of their operations, the adoption of “as-a-Service” offerings has grown swiftly in nearly … More

The post Are you vetting your MSSPs? appeared first on Help Net Security.

Vulnerability management isn’t working for cloud security: Here’s how to do it right

Three things in life are seemingly guaranteed: death, taxes and high-profile cloud security breaches. But there is no reason why public cloud or hybrid cloud breaches must remain so stubbornly persistent. The fact is that we understand why these incidents keep occurring: managing risk and vulnerabilities within dynamic cloud environments isn’t easy. The difficulty of this challenge is magnified by the competitive imperative to migrate to the public cloud quickly. It is further compounded by … More

The post Vulnerability management isn’t working for cloud security: Here’s how to do it right appeared first on Help Net Security.

What analytics can unveil about bot mitigation tactics

25% of internet traffic on any given day is made up of bots, the Kasada Research Team has found. In fact, there is a synthetic counterpart for almost every human interaction online. Bot mitigation tactics These bots work to expose and take advantage of vulnerabilities at a rapid pace, stealing critical personal and financial data, scraping intellectual property, installing malware, contributing to DDoS attacks, distorting web analytics and damaging SEO. Luckily, tools, approaches, solutions and … More

The post What analytics can unveil about bot mitigation tactics appeared first on Help Net Security.

Understanding third-party hacks in the aftermath of the SolarWinds breach

In the aftermath of the SolarWinds hack, a better understanding of third-party hacks in any update that you provide to your colleagues, bosses, and even the board of directors may be warranted. Any such update that you provide on SolarWinds should certainly cover whether or not your organization is one of the 300,000 SolarWinds customers and whether or not you were one of the 18,000 or so that were using the specific version of Orion … More

The post Understanding third-party hacks in the aftermath of the SolarWinds breach appeared first on Help Net Security.