Category Archives: survey

Insight into the growing problem of highly sophisticated fraud

Sophisticated fraud campaigns are beginning to outwit machine learning solutions especially the ones that only detect known fraud patterns based on historic loss experience, according to DataVisor. The median lifetime of IP fraud signals is only 3.5 days As bad actors begin using modern technologies (even machine learning) in their attacks, enterprises must bolster detection efforts with a complete solution that can also detect new and emerging fraud patterns and detect them early, or risk … More

The post Insight into the growing problem of highly sophisticated fraud appeared first on Help Net Security.

Cybercrime gangs continue to innovate to hide their crimes

According to the APWG’s new Phishing Activity Trends Report, after spiking in the spring, phishing has been taking place at a steady pace — but phishers are using new techniques to carry out their attacks – and obfuscate their origins – to make the most of every phishing campaign. The total number of phish detected by APWG in Q3 2018 was 151,014. This was down from 233,040 in Q2 and 263,538 in Q1. There was … More

The post Cybercrime gangs continue to innovate to hide their crimes appeared first on Help Net Security.

Most concerning security controls for cyberattackers? Deception and IDS

Attivo Networks surveyed more than 450 cybersecurity professionals and executives globally to gain insights into detection trends, top threat concerns, attack surface concerns, and what’s on their 2019 security wish list. Overall, the survey highlighted that the battle to keep cyber attackers from successfully compromising networks is not working. Over 50% of respondents reported that 100 days of dwell time or more was representative of their organization, while nearly half of respondents indicated that their … More

The post Most concerning security controls for cyberattackers? Deception and IDS appeared first on Help Net Security.

Most organizations suffered a business-disrupting cyber event

A study conducted by Ponemon Institute found that 60 percent of organizations globally had suffered two or more business-disrupting cyber events — defined as cyber attacks causing data breaches or significant disruption and downtime to business operations, plant and operational equipment — in the last 24 months. Further, 91 percent of respondents had suffered at least one such cyber event in the same time period. Despite this documented history of damaging attacks, the study found … More

The post Most organizations suffered a business-disrupting cyber event appeared first on Help Net Security.

How students learn to code, evaluate job opportunities

New data from HackerRank reveals the technical skills, learning preferences and career motivators of collegiate software engineers. The findings provide a playbook for corporate recruiters and hiring managers looking to improve how they identify, attract and retain the upcoming generation of skilled developers. In the U.S. alone, there are nearly 580,000 open computing jobs with less than 50,000 computer science graduates entering the workforce — that’s over 11 job postings for every Computer Science (CS) … More

The post How students learn to code, evaluate job opportunities appeared first on Help Net Security.

Hacking democracy efforts continue with upticks in malware deployments

Comodo Cybersecurity released its Global Threat Report 2018 Q3, offering insights from Comodo Threat Research Lab experts into key cyberthreat trends and the impact of malware on elections and other geopolitical events. Hacking democracy and malware in conflict zones The Comodo Q3 report also reveals disturbing upticks in malware deployment leading up to major national elections. Comodo Cybersecurity researchers document the impact of malware on elections in Russia, Turkey, Mali, Sierra Leone, Azerbaijan and Columbia. … More

The post Hacking democracy efforts continue with upticks in malware deployments appeared first on Help Net Security.

Will sophisticated attacks dominate in 2019?

Trend Micro released its 2019 predictions report, warning that attackers will increase the effectiveness of proven attack methods by adding more sophisticated elements to take advantage of the changing technology landscape. “As we head into 2019, organizations must understand the security implications of greater cloud adoption, converging IT and OT, and increasing remote working,” said Greg Young, vice president of cybersecurity for Trend Micro. “Cybercriminals will continue to follow a winning formula – exploiting existing … More

The post Will sophisticated attacks dominate in 2019? appeared first on Help Net Security.

An integrated approach helps companies improve operational resilience

By taking a unified approach to managing critical events (i.e. extreme weather, violence, supply chain disruption), businesses can significantly reduce the impact on employee safety, organizational reputation, and revenue, according to a study conducted by Forrester Consulting for Everbridge. According to the study, companies are investing significant resources in sophisticated controls to protect their employees, brand and assets from critical events. These disruptive incidents (ranging from cyberattacks to terrorist activity) increasingly lead to business impacts … More

The post An integrated approach helps companies improve operational resilience appeared first on Help Net Security.

Consumers still put trust in big brands despite breaches

Janrain conducted a survey to better understand how consumers really feel about brands in the wake of so many breaches. The company polled 1,000 UK adults and found that most consumers are still willing to part with their personal information if it can somehow benefit them. While big internet companies like Google and Facebook remain among the least trusted businesses, a large number of respondents put the most faith in pharmaceutical and travel companies including … More

The post Consumers still put trust in big brands despite breaches appeared first on Help Net Security.

Measuring privacy operations: Use of technology on the rise

Critical privacy program activities such as creating data inventories, conducting data protection impact assessments (DPIA), and managing data subject access rights requests (DSAR) are now well established in large and small organizations in both Europe and the United States, according to TrustArc and the International Association of Privacy Professionals (IAPP). “Among our thousands of members, we know that privacy teams are now reporting on a regular basis to company leadership, and consequently they need to … More

The post Measuring privacy operations: Use of technology on the rise appeared first on Help Net Security.

Consumers believe social media sites pose greatest risk to data

A majority of consumers are willing to walk away from businesses entirely if they suffer a data breach, with retailers most at risk, according to Gemalto. Two-thirds (66%) are unlikely to shop or do business with an organisation that experiences a breach where their financial and sensitive information is stolen. Retailers (62%), banks (59%), and social media sites (58%) are the most at risk of suffering consequences with consumers prepared to use their feet. Surveying … More

The post Consumers believe social media sites pose greatest risk to data appeared first on Help Net Security.

Microservices becoming architectural style of choice for application development

Microservices – a software development technique where an application is created by combining numerous smaller services – have evolved from fad to trend, becoming an architectural style of choice for new application development and the migration target for many existing systems, according to O’Reilly. Microservices on the rise The report surveyed 866 software architecture practitioners across North America, Europe and Asia and found that microservices are used in over 50 percent of software projects, with … More

The post Microservices becoming architectural style of choice for application development appeared first on Help Net Security.

80% of enterprises struggle to protect machine identities

A study conducted by Forrester Consulting examined the views of 116 IT security professionals from financial services and insurance organizations in the U.S., U.K., Germany, France and Australia. A key finding from the study reveals that eighty percent of financial services respondents who are responsible for identity and access management (IAM) believe automated communications between machines on their organizations’ networks are mostly or completely secure. Seventy-one percent of respondents believe effective protection of machine identities … More

The post 80% of enterprises struggle to protect machine identities appeared first on Help Net Security.

Internal negligence to blame for most data breaches involving personal health information

Your personal identity may fall at the mercy of attackers on many websites, but when it comes to health data breaches, hospitals, doctors offices and even insurance companies are oftentimes the culprits. Internal dangers New research from Michigan State University and Johns Hopkins University found that more than half of the recent personal health information, or PHI, data breaches were because of internal issues with medical providers – not because of hackers or external parties. … More

The post Internal negligence to blame for most data breaches involving personal health information appeared first on Help Net Security.

Should government officials complete basic cyber security training?

Venafi announced the results of a survey of 515 IT security professionals’ views on the cyber security literacy of government officials. The survey was conducted August 4-9, 2018, at the Black Hat conference in Las Vegas. According to the survey, eighty-eight percent of respondents believe all government officials should be required to complete a basic cyber security training course. In addition, sixty-six percent believe governments should not be able to force technology companies to grant … More

The post Should government officials complete basic cyber security training? appeared first on Help Net Security.

The state of BYOD and mobile device security

Bitglass has released its 2018 BYOD Security Report. The analysis is based on a survey of nearly 400 enterprise IT experts who revealed the state of BYOD and mobile device security in their organizations. According to the study, 85 percent of organizations are embracing BYOD. Interestingly, many organizations are even allowing contractors, partners, customers, and suppliers to access corporate data on their personal devices. Amidst this BYOD frenzy, over half of the survey’s respondents believe … More

The post The state of BYOD and mobile device security appeared first on Help Net Security.

66.1% of vulnerabilities published through Q3 2018 have a documented solution

There have been 16,172 vulnerabilities disclosed through October 29th, which is a 7% decrease from the high record reported last year at this time. The 16,172 vulnerabilities cataloged through Q3 2018 by Risk Based Security’s research team eclipsed the total covered by the CVE and National Vulnerability Database (NVD) by over 4,800. It’s also worth noting that NVD is still significantly behind in vulnerability scoring and creating the automation component. Vulnerabilities with a CVSSv2 score … More

The post 66.1% of vulnerabilities published through Q3 2018 have a documented solution appeared first on Help Net Security.

Third parties: Fast-growing risk to an organization’s sensitive data

The Ponemon Institute surveyed more than 1,000 CISOs and other security and risk professionals across the US and UK to understand the challenges companies face in protecting sensitive and confidential information shared with third-party vendors and partners. According to the findings, 59 percent of companies said they have experienced a data breach caused by one of their vendors or third parties. In the U.S., that percentage is even higher at 61 percent — up 5 … More

The post Third parties: Fast-growing risk to an organization’s sensitive data appeared first on Help Net Security.

Only 14% have complete organizational awareness of IoT threats

86 percent of IT and security decision makers across the globe believe their organization needs to improve its awareness of IoT threats, according to Trend Micro. This significant lack of knowledge accompanies rising threat levels and security challenges related to connected devices, which leaves organizations at great risk. The poll of 1,150 IT and security leaders1 reveals a worrying lack of cybersecurity maturity in many organizations around the world as they deploy IoT projects to … More

The post Only 14% have complete organizational awareness of IoT threats appeared first on Help Net Security.

Remote working may boost productivity, but also leave you vulnerable to attack

New flexible working practices could pose a security risk to small businesses, with one in five of employees (21%) stating they are most productive when working in public spaces like a cafe or library, but only 18% concerned with the security implications this could have. SMBs therefore face the challenge of keeping their business secure, all the while adhering to the needs and expectations of the modern workforce, according to Avast. Concerns small business staff … More

The post Remote working may boost productivity, but also leave you vulnerable to attack appeared first on Help Net Security.

Worldwide digital transformation spending to reach $1.97 trillion in 2022

Worldwide spending on the technologies and services that enable the digital transformation (DX) of business practices, products, and organizations is forecast to reach $1.97 trillion in 2022, according to the IDC Worldwide Semiannual Digital Transformation Spending Guide. “IDC predicts that, by 2020, 30% of G2000 companies will have allocated capital budget equal to at least 10% of revenue to fuel their digital strategies,” said Shawn Fitzgerald, research director, Worldwide Digital Transformation Strategies. “This shift toward … More

The post Worldwide digital transformation spending to reach $1.97 trillion in 2022 appeared first on Help Net Security.

Vaporworms: New breed of self-propagating fileless malware to emerge in 2019

WatchGuard Technologies’ information security predictions for 2019 include the emergence of vaporworms, a new breed of fileless malware with wormlike properties to self-propagate through vulnerable systems, along with a takedown of the internet itself and ransomware targeting utilities and industrial control systems. “Cyber criminals are continuing to reshape the threat landscape as they update their tactics and escalate their attacks against businesses, governments and even the infrastructure of the internet itself,” said Corey Nachreiner, CTO … More

The post Vaporworms: New breed of self-propagating fileless malware to emerge in 2019 appeared first on Help Net Security.

Online shoppers continue to engage in risky behavior

Findings from a new McAfee survey reveal the risky habits of online shoppers, including using unsecured Wi-Fi for online shopping and purchasing items from online retailers they are not fully confident are genuine (51 percent). This highlights the need for consumers to slow down and consider the risks of unsafe purchasing behavior that could lead to identity theft or financial loss. Last year consumers spent $453.46 billion on the web for retail purchases, which was … More

The post Online shoppers continue to engage in risky behavior appeared first on Help Net Security.

Organizations unable to achieve business resilience against cyber threats

The Resilience Gap study, which surveyed over 4,000 business decision makers across the United States, United Kingdom, France, Germany and Japan found that while 96% of the global business decision makers believe that making technology resilient to business disruptions should be core to their firm’s wider business strategy, the reality is very different. In fact, only 54% of respondents claim that it definitely is. Barriers to achieving business resilience Despite 96% of respondents claiming that … More

The post Organizations unable to achieve business resilience against cyber threats appeared first on Help Net Security.

Law firms are increasingly investing in cybersecurity programs

Logicforce released the results of its most recent Law Firm Cybersecurity Scorecard, a periodic study designed to assess cybersecurity preparedness across the legal industry and educate law firms on data protection best practices. Results of the study indicate that law firms are increasingly investing in cybersecurity programs, but most law firms are not implementing many of the protocols that will comprehensively protect them and their clients over time. Many firms’ clients and potential clients are … More

The post Law firms are increasingly investing in cybersecurity programs appeared first on Help Net Security.

Online shopping fraud to surge during Black Friday and Cyber Monday

New benchmark data from ACI Worldwide revealed a projected 14 percent increase in fraud attempts during the upcoming 2018 peak holiday season. Based on hundreds of millions of merchant transactions, the data shows that fraud attempts are going to be at their highest across the Black Friday and Cyber Monday weekend. Principal findings from the data include: Fraud attempts expected to increase 14% during 2018 peak holiday season Cross Channel fraud continues to grow: In … More

The post Online shopping fraud to surge during Black Friday and Cyber Monday appeared first on Help Net Security.

IoT related security missteps cost enterprises millions

Enterprises have begun sustaining significant monetary losses stemming from the lack of good practices as they move forward with incorporating the IoT into their business models, according to a new study from DigiCert. Among companies surveyed that are struggling the most with IoT security, 25 percent reported IoT security-related losses of at least $34 million in the last two years. These findings come amid a ramping up of IoT focus within the typical organization. Eighty-three … More

The post IoT related security missteps cost enterprises millions appeared first on Help Net Security.

Container strategies don’t take security seriously enough

Most organizations do not feel prepared to adequately secure cloud-native applications, despite the surging adoption of containers and Kubernetes, according to StackRox. Notable findings: More than a third of organizations with concerns about their container strategy worry that their strategies don’t adequately address container security An additional 15 percent believe their strategies don’t take seriously enough the threat to containers and Kubernetes deployments More than one-third of respondents haven’t started or are just creating their … More

The post Container strategies don’t take security seriously enough appeared first on Help Net Security.

What’s keeping Europe’s top infosec pros awake at night?

As the world adapts to GDPR and puts more attention on personal privacy and security, Europe’s top information security professionals still have doubts about the industry’s ability to protect critical infrastructure, corporate networks, and personal information. Black Hat Europe’s new research report entitled, Europe’s Cybersecurity Challenges, details the thoughts that are keeping Europe’s top information security professionals awake at night. The report includes new insights directly from more than 130 survey respondents and spans topics … More

The post What’s keeping Europe’s top infosec pros awake at night? appeared first on Help Net Security.

60% of firms believe a major security event will hit in the next few years

Only 30 percent of 1,250 senior executives, management and security practitioners in the U.S., U.K. and Canada are confident their business will avoid a major security event in the coming two years and 60 percent believe an attack will hit in the next few years, according to eSentire. In terms of cyberattack preparedness in global organizations, the research also uncovered gaps between the C-suite, board and technical leaders. Among CEO and board members surveyed, 77 … More

The post 60% of firms believe a major security event will hit in the next few years appeared first on Help Net Security.

Employees aren’t taking the proper steps to keep information safe while traveling

Employees aren’t taking the proper steps to keep their organizations’ information safe while traveling. ObserveIT surveyed more than 1,000 U.S. employees ages 18 – 65+ who have traveled with corporate devices in the past year and found that the majority are putting connectivity and efficiency above security; using public Wi-Fi and unauthorized devices to access work email and/or files on the go. While they may not have malicious intent, the negligent actions of employees caused … More

The post Employees aren’t taking the proper steps to keep information safe while traveling appeared first on Help Net Security.

Survey: Attacks Find Insecure IoT Devices

A survey finds vast differences in security practices linked to IoT devices in the enterprise, with attacks concentrating on insecure IoT endpoints. 

The post Survey: Attacks Find Insecure IoT Devices appeared first on The Security Ledger.

Related Stories

Long Term Security Attitudes and Practices Study

What makes security practitioners tick? That’s a simple question with a lot of drivers underneath it. We want to find out; please help us by signing up for our study.

The Ask

We’re launching a long term study of security practitioners to understand how they approach security, please sign up for our Long Term Security Attitudes and Practices Study here: https://www.surveymonkey.com/r/CZTZY7M.

Background

A few years ago I was in a customer facing role answering questions about security practices of the SaaS company I worked at. My days were filled with answering questions about our security practices and we would give answers that were good and reasonable answers but not always what the other side was expecting. This discrepancies were based on differing risk tolerances, different contexts, varying approaches to security and technology.

This led to many conversations with our executive about changes to our security practices. Often the question would arise: “what’s good enough?” and outside of pointing to ISO27001/2 and HIPAA I didn’t have an answer. I couldn’t tell my executive what would reasonably satisfy our customer’s security expectations beyond pointing to the standards. Clearly though “standards compliance” wasn’t the minimum bar… it was something different. By outcome we could observe that organizations were willing to accept differing security practices but there was never a consistency of what would be accepted and what had to be argued (or changed) across the hundreds of different customers (even ones in the same industry).

Since then I’ve moved on from that company (and changed to an internal role) but those questions have raised for me a more fundamental set of questions: Do we actually understand how security professionals think? Are we all aiming for perfect compliance with PCI 3.X or are we driven by something else? Do we construct policies that are risk centric? Are we pragmatists or purists? Are we advisers or problem solvers?

These are questions that have stuck with me for a while and I’ve not found academic papers that answer these questions and so we’re starting a community based study. Knowing what makes us tick might help make us a stronger profession; at the very least it will be interesting.

Study Details

The study will consists of multiple surveys; once we get going we’ll start inviting you to a new survey every two weeks. Each survey will be a few questions in length and should not take more than a few minutes of your time. The study will run for as long as there is ongoing interest and sufficient participation. The study doesn’t expect you to participate in every survey although that would be nice; in fact some of the component surveys may not be relevant to you from time to time.

The study will be anonymous; we’ll still collect an email address and track your unique responses but we’ll never share your identity. Tracking you across multiple surveys will allow for correlation – connecting the dots between the many different responses which hopefully will allow us to generate insight.

The anonymized data will be released under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License to allow for reuse by the community. Analysis reports and papers will be released under a Creative Commons License as well and code used to perform the analysis (probably Jupyter Notebooks) will be GPL’ed.

Enrolment

Everyone is welcome – sign up here to participate: https://www.surveymonkey.com/r/CZTZY7M

 

 

The post Long Term Security Attitudes and Practices Study appeared first on Liquidmatrix Security Digest.