Category Archives: survey

Increased appetite for biometrics fueled by speed, security and convenience

The Biometric Consumer Sentiment Survey of more than 1,000 U.S. adults who have experience using biometrics to log into their accounts, reveals an increased appetite for the technology. 70 percent of respondents reported that they would like to expand the use of biometric authentication into the workplace, according to Veridium. Consumers cited speed (35 percent), security (31 percent) and not having to remember passwords (33 percent) as the primary reasons for liking biometric authentication. “The … More

The post Increased appetite for biometrics fueled by speed, security and convenience appeared first on Help Net Security.

SaaS spending increasing by 78 percent year-over-year

43% of the average company’s SaaS application stack changed in the last two years, according to the 2019 Annual SaaS Trends report. This is far greater than the typical employee churn rate. Meanwhile, spending has not slowed down – the average SaaS spend per company increased 78 percent year-over-year across organizations in Blissfully’s dataset. This rapid pace of technology change shows that organizations are willing to go to great lengths to increase their teams’ productivity … More

The post SaaS spending increasing by 78 percent year-over-year appeared first on Help Net Security.

How organizations handle disruptive data sources

In the 2018 Data Connectivity Survey by Progress, more than 1,400 business and IT professionals in various roles across industries and geographies shared their insights on the latest trends within the rapidly changing enterprise data market. The findings revealed five data-related areas of primary importance for organizations as they migrate to the cloud: data integration, real-time hybrid connectivity, data security, standards-based technology and open analytics. Significant findings from the survey include: Data integration has become … More

The post How organizations handle disruptive data sources appeared first on Help Net Security.

Most companies anticipate a critical breach in 2019, CISOs need to prioritize threats

80 percent of IT business leaders anticipate a critical breach or successful cyberattack over the coming year, according to the Cyber Risk Index (CRI), a Trend Micro survey of more than 1,000 IT security professionals in the United States. The CRI survey was conducted to measure business risk based on the difference between organizations’ current security posture and their likelihood of attack, with the goal of helping CISOs and their teams better assess, protect, detect, … More

The post Most companies anticipate a critical breach in 2019, CISOs need to prioritize threats appeared first on Help Net Security.

SMBs spending a day each week dealing with cybersecurity issues

Almost half of UK small to medium-sized businesses (SMBs) believe a cyberattack would put their business at risk of closure, and 48 per cent of businesses report they have had to deprioritise activities that would help grow their business to address cybersecurity, a new research from Webroot reveals. The report, titled “Size Does Matter,” details the challenging climate for UK SMBs in a time of rapid political, economic and social change. Second only to Brexit, … More

The post SMBs spending a day each week dealing with cybersecurity issues appeared first on Help Net Security.

Healthcare email fraud: Attack attempts jump 473% over two years

Proofpoint found that healthcare organisations were targeted in 96 email fraud attacks on average in Q4 2018 – a 473 percent jump from Q1 2017. More than half of these organisations (53 percent) were attacked more often, with incidents up between 200 and 600 percent during the two-year period. Researchers analysed more than 160 billion emails sent across 150 countries in both 2017 and 2018 to identify email fraud attack trends targeting more than 450 … More

The post Healthcare email fraud: Attack attempts jump 473% over two years appeared first on Help Net Security.

Nearly two-thirds of organizations say tech skills gap is impacting IT audits

Technologies such as AI are reshaping the future of IT auditors, but auditors are largely optimistic about the future, according to new research from ISACA. In the Future of IT Audit, the results of a survey of more than 2,400 IT auditors worldwide, 92 percent of IT auditors responded that they are optimistic about how technology will impact them professionally over the next five years. Nearly 8 in 10 say their IT audit team has … More

The post Nearly two-thirds of organizations say tech skills gap is impacting IT audits appeared first on Help Net Security.

Impersonation, sender forgery and corporate email spoofing top the charts

This Q4 of 2018 was a busy period for phishing scammers. INKY researchers saw a spike in email volume this time of year as people use email to gather their receipts from online shopping, shipping notifications, returns, and virtual holiday greetings. For its 2018 Q4 email security report, the company pulled out the highest volume attack types and broke down each one. The majority of attacks that were analyzed showed an increase in target personalization, … More

The post Impersonation, sender forgery and corporate email spoofing top the charts appeared first on Help Net Security.

88% of UK businesses breached during the last 12 months

The UK’s cyber threat environment is intensifying. Attacks are growing in volume, and the average number of breaches has increased, according to Carbon Black. Key survey research findings: 88% of UK organizations reported suffering a breach in the last 12 months The average number of breaches per organization over the past year was 3.67 87% of organizations have seen an increase in attack volumes 89% of organizations say attacks have become more sophisticated 93% of … More

The post 88% of UK businesses breached during the last 12 months appeared first on Help Net Security.

People still shocked by how easy it is to track someone online

Netflix’s hit series You, has got people discussing their online privacy and traceability. However, McAfee, the device-to-cloud cybersecurity company, discovered less than a fifth (17%) of Brits who lost or had their phone stolen (43%) made any attempt to prevent criminals from accessing data stored on the device or in the cloud. Only 17% said they remotely locked or changed passwords and a mere 12% remotely erased data from the lost or stolen device to … More

The post People still shocked by how easy it is to track someone online appeared first on Help Net Security.

There’s a growing disconnect between data privacy expectations and reality

There is a growing disconnect between how companies capitalize on customer data and how consumers expect their data to be used, according to a global online survey commissioned by RSA Security. Consumer backlash in response to the numerous high-profile data breaches in recent years has exposed one of the hidden risks of digital transformation: loss of customer trust. According to the study, which surveyed more than 6,000 adults across France, Germany, the United Kingdom and … More

The post There’s a growing disconnect between data privacy expectations and reality appeared first on Help Net Security.

Average DDoS attack volumes grew by 194% in 12 months

The volume and complexity of DDoS attacks continued to grow in Europe during the final quarter of 2018, according to Link11. While Link11’s Security Operations Center (LSOC) registered 13,910 attacks in Q4 (12.7% down compared to Q3), the average attack volume grew by 8.7% to 5Gbps, and 59% of attacks used multiple attack vectors. Key findings of Link11’s Q4 DDoS report include: Average attack volumes grew by 194% in 12 months: In Q4 2018, average … More

The post Average DDoS attack volumes grew by 194% in 12 months appeared first on Help Net Security.

Infosec pros believe data isn’t secure in the cloud, despite desire for mass adoption

65 percent of infosecurity professionals would like to store object data in the cloud, but 47 percent either don’t believe or are not sure if data in the cloud is as secure as in their own data center, according to a study by Ponemon Institute. The study looks at perceptions around on-premise and cloud-based data storage technologies across 483 IT and IT security professionals familiar with the benefits of object storage technology. The primary reasons … More

The post Infosec pros believe data isn’t secure in the cloud, despite desire for mass adoption appeared first on Help Net Security.

How today’s workforce stays secure and what apps it prefers

User-focused security apps KnowBe4, LastPass, and Proofpoint dominate the list of fastest growing apps within enterprises, according to Okta. “KnowBe4 in particular is fulfilling a clear market need: less than half of survey respondents have ever participated in cybersecurity training at work,” the company noted in its latest Businesses @ Work report, which is based on data collected between November 1, 2017 to October 31, 2018 from its Okta Integration Network. Most popular apps Microsoft … More

The post How today’s workforce stays secure and what apps it prefers appeared first on Help Net Security.

Evaluating the biggest cyber threats to the electric power sector

The network of power plants and lines connecting to homes and businesses is widely considered to be among the most critical infrastructure in the world. It’s also one of the most frequently attacked, with consequences that could potentially reach far beyond the power sector. A new Deloitte Global report, “Managing cyber risk in the electric power sector,” evaluates the biggest cyberthreats to the electric power sector and suggests how companies can manage these risks. The … More

The post Evaluating the biggest cyber threats to the electric power sector appeared first on Help Net Security.

Email authentication use growing steadily in every industry sector

U.S. federal government agencies and many major enterprises have made significant strides to thwart the spread of fake emails, a major cybersecurity attack vector. But many organizations remain susceptible because they’re still not using readily available open standards-based technologies that prevent these fakes from reaching end-user inboxes. Valimail’s “Email Fraud Landscape, Q4 2018” indicates that the fight against fake email is advancing around the world — but email fraud remains a widespread and pernicious problem. … More

The post Email authentication use growing steadily in every industry sector appeared first on Help Net Security.

Employees report 23,000 phishing incidents annually, costing $4.3 million to investigate

Account takeover-based (ATO) attacks now comprise 20 percent of advanced email attacks, according to Agari’s Q1 2019 Email Fraud & Identity Deception Trends report. ATO attacks are dangerous because they are more difficult to detect than traditional attacks – compromised accounts seem legitimate to email filters and end users alike because they are sent from a real sender’s email account. “Credential phishing was already a huge risk for organizations because of the potential for data … More

The post Employees report 23,000 phishing incidents annually, costing $4.3 million to investigate appeared first on Help Net Security.

eCommerce credit card fraud is nearly an inevitability

Riskified surveyed 5,000 US-based consumers aged 18 and older about their online shopping behaviors, experience with and prevalence of credit card fraud, repeat shopping likelihood and customer satisfaction to develop a full picture of how consumers react to a number of common shopping experiences. The results are worrisome for both consumers and merchants, as roughly half of respondents reported experience with credit card fraud and 30% had their purchase wrongly declined, with a corresponding negative … More

The post eCommerce credit card fraud is nearly an inevitability appeared first on Help Net Security.

Enterprises are struggling with cloud complexity and security

The rush to digital transformation is putting sensitive data at risk for organizations worldwide according to the 2019 Thales Data Threat Report – Global Edition with research and analysis from IDC. As organizations embrace new technologies, such as multi-cloud deployments, they are struggling to implement proper data security. Greatest data security threats “Our research shows that no organization is immune from data security threats and, in fact, we found that the most sophisticated organizations are … More

The post Enterprises are struggling with cloud complexity and security appeared first on Help Net Security.

The biggest cybersecurity challenge? Communicating threats internally

IT executives responsible for cybersecurity feel a lack of support from company leaders, and 33 percent feel completely isolated in their role, according to Trend Micro. IT teams are under significant pressure, with some of the challenges cited including prioritizing emerging threats (47 percent) and keeping track of a fractured security environment (43 percent). The survey showed that they are feeling the weight of this responsibility, with many (34 percent) stating that the burden they … More

The post The biggest cybersecurity challenge? Communicating threats internally appeared first on Help Net Security.

$1.7 billion in cryptocurrency was stolen and scammed in 2018

$1.7 billion in cryptocurrency was stolen and scammed in 2018 — a dramatic rise in criminal activity despite a slump in the market, according to CipherTrace. Criminals need to launder all these funds in order to cash out before a wave of regulations go into effect in 2019. Theft from cryptocurrency exchanges accounted for the majority of the criminal activity: more than $950 million was stolen in 2018, representing 3.6 times more than in 2017. … More

The post $1.7 billion in cryptocurrency was stolen and scammed in 2018 appeared first on Help Net Security.

How privacy and security concerns affect password practices

Yubico announced the results of the company’s 2019 State of Password and Authentication Security Behaviors Report, conducted by the Ponemon Institute, who surveyed 1,761 IT and IT security practitioners in the United States, United Kingdom, Germany and France. Understanding behavior The purpose of this study is to understand the beliefs and behaviors surrounding password management and authentication practices for individuals both in the workplace and at home. The goal was to understand if these beliefs … More

The post How privacy and security concerns affect password practices appeared first on Help Net Security.

Global IT spending to reach $3.8 trillion in 2019, up 3.2% from 2018

Worldwide IT spending is projected to total $3.76 trillion in 2019, an increase of 3.2 percent from 2018, according to the latest forecast by Gartner. Worldwide IT spending forecast (billions of U.S. dollars) “Despite uncertainty fueled by recession rumors, Brexit, and trade wars and tariffs, the likely scenario for IT spending in 2019 is growth,” said John-David Lovelock, research vice president at Gartner. “However, there are a lot of dynamic changes happening in regards to … More

The post Global IT spending to reach $3.8 trillion in 2019, up 3.2% from 2018 appeared first on Help Net Security.

GDPR-ready organizations see lowest incidence of data breaches

Organizations worldwide that invested in maturing their data privacy practices are now realizing tangible business benefits from these investments, according to Cisco’s 2019 Data Privacy Benchmark Study. The study validates the link between good privacy practice and business benefits as respondents report shorter sales delays as well as fewer and less costly data breaches. Business benefits of privacy investments The GDPR, which focused on increasing protection for EU residents’ privacy and personal data, became enforceable … More

The post GDPR-ready organizations see lowest incidence of data breaches appeared first on Help Net Security.

83% of global respondents experienced phishing attacks in 2018

Proofpoint analyzed data from tens of millions of simulated phishing attacks sent over a one-year period, along with nearly 15,000 cybersecurity professional survey responses, to provide an in-depth look at state of global phishing attacks. Overall, 83 percent of global infosecurity respondents experienced phishing attacks in 2018, up from 76 percent in 2017, and nearly 60 percent saw an increase in employee detection following security awareness training. In addition, more organizations were affected by all … More

The post 83% of global respondents experienced phishing attacks in 2018 appeared first on Help Net Security.

The most effective security strategies to guard sensitive information

Today’s enterprise IT infrastructures are not largely hosted in the public cloud, nor are they SaaS-based, with security being the single largest barrier when it comes to cloud and SaaS adoption. With the recent rise in breaches and privacy incidents, enterprises are prioritizing the protection of their customers’ personally identifiable information, according to Ping Identity. Most infrastructure is hybrid Less than one quarter (21%) of IT and security professionals say that more than one half … More

The post The most effective security strategies to guard sensitive information appeared first on Help Net Security.

Enterprises turn to MSPs to mitigate huge skills gap concerns

A huge skills gap coupled with security worries is driving IT decision makers to engage Managed Service Providers (MSPs) to handle their IT needs, according to NTT Com. Of the 417 IT decision makers in the US from large enterprises across all industries who participated in the research study, 26 percent put security risks as their biggest challenge in managing in-house IT. This was followed by infrastructure complexity (10 percent). In addition, 16.5 percent said … More

The post Enterprises turn to MSPs to mitigate huge skills gap concerns appeared first on Help Net Security.

Organizations waste money storing useless IT hardware

A survey of 600 data center experts from APAC, Europe and North America reveals that two in five organizations that store their data in-house spend more than $100,000 storing useless IT hardware that could pose a security or compliance risk. Astonishingly, 54 percent of these companies have been cited at least once or twice by regulators or governing bodies for noncompliance with international data protection laws. Fines of up to $1.5 million could be issued … More

The post Organizations waste money storing useless IT hardware appeared first on Help Net Security.

Reimagining risk management to mitigate looming economic dangers

In a volatile market environment and with the edict to “do more with less,” many financial institutions are beginning efforts to reengineer their risk management programs, according to a new survey by Deloitte Global, with emerging technologies in the driver’s seat. Seventy percent of the financial services executives surveyed said their institutions have either recently completed an update of their risk management program or have one in progress, while an additional 12 percent said they … More

The post Reimagining risk management to mitigate looming economic dangers appeared first on Help Net Security.

Cyberattacks fueled by geopolitical tension are increasing

Billions of personal records were stolen in 2018, unearthed in breaches that successfully targeted household names in government, technology, healthcare, travel and hospitality. Compounding the problem has been increased geopolitical tension between western democracies and countries like Russia, China and North Korea. Modern cyberattacks appear to increasingly be fueled by geopolitical tension and reveal how clever attackers have become in evolving to remain undetected — using techniques such as lateral movement, island hopping and counter … More

The post Cyberattacks fueled by geopolitical tension are increasing appeared first on Help Net Security.

Most out of date applications exposed: Shockwave, VLC and Skype top the list

More than half (55%) of PC applications installed worldwide are out-of-date, making PC users and their personal data vulnerable to security risks. Avast’s PC Trends Report 2019 found that users are making themselves vulnerable by not implementing security patches and keeping outdated versions of popular applications on their PCs. The applications where updates are most frequently neglected include Adobe Shockwave (96%), VLC Media Player (94%) and Skype (94%). The report, which uses anonymized and aggregated … More

The post Most out of date applications exposed: Shockwave, VLC and Skype top the list appeared first on Help Net Security.

SSDP amplification attacks rose 639%

The Nexusguard Q3 2018 Threat Report has revealed the emergence of an extremely stealthy DDoS attack pattern targeting communications service providers (CSPs). Comparison between normal attack traffic and attack traffic with legitimate traffic This new vector exploits the large attack surface of ASN-level (autonomous system number) CSPs by spreading tiny attack traffic across hundreds of IP addresses to evade detection. The ongoing evolution of DDoS methods suggests that CSPs need to enhance their network security … More

The post SSDP amplification attacks rose 639% appeared first on Help Net Security.

Cybercrime could cost companies trillions over the next five years

Companies globally could incur $5.2 trillion in additional costs and lost revenue over the next five years due to cyberattacks, as dependency on complex internet-enabled business models outpaces the ability to introduce adequate safeguards that protect critical assets, according to Accenture. Based on a survey of more than 1,700 CEOs and other C-suite executives around the globe, the report — Securing the Digital Economy: Reinventing the Internet for Trust — explores the complexities of the … More

The post Cybercrime could cost companies trillions over the next five years appeared first on Help Net Security.

Researchers analyze DDoS attacks as coordinated gang activities

In a new report, NSFOCUS introduced the IP Chain-Gang concept, in which each chain-gang is controlled by a single threat actor or a group of related threat actors and exhibit similar behavior among the various attacks conducted by the same gang. IP Gang attack-type classification against attack volume size Researchers analyzed attack types, volume, size of events, gang activities, and attack rates. By studying the historical behavior of the 80 gangs identified in the report, … More

The post Researchers analyze DDoS attacks as coordinated gang activities appeared first on Help Net Security.

Most Facebook users aren’t aware that Facebook tracks their interests

Too many Facebook users aren’t aware that the company uses the information provided by them and their actions on the platform and outside of it to create a list of their traits and interests, which is then used by to target them with relevant ads. The survey According to the results of a new Pew Research Center surveys, which polled a representative sample of US-based, adult Facebook users: 88% discovered that the site had generated … More

The post Most Facebook users aren’t aware that Facebook tracks their interests appeared first on Help Net Security.

Protecting privileged access in DevOps and cloud environments

While security strategies should address privileged access and the risk of unsecured secrets and credentials, they should also closely align with DevOps culture and methods to avoid negatively impacting developer velocity and slowing the release of new services. Example of tools in the DevOps pipeline Despite this, 73 percent of organizations surveyed for the 2018 CyberArk Global Advanced Threat Landscape report have no strategy to address privileged access security for DevOps. Key recommendations The report … More

The post Protecting privileged access in DevOps and cloud environments appeared first on Help Net Security.

Long Term Security Attitudes and Practices Study

What makes security practitioners tick? That’s a simple question with a lot of drivers underneath it. We want to find out; please help us by signing up for our study.

The Ask

We’re launching a long term study of security practitioners to understand how they approach security, please sign up for our Long Term Security Attitudes and Practices Study here: https://www.surveymonkey.com/r/CZTZY7M.

Background

A few years ago I was in a customer facing role answering questions about security practices of the SaaS company I worked at. My days were filled with answering questions about our security practices and we would give answers that were good and reasonable answers but not always what the other side was expecting. This discrepancies were based on differing risk tolerances, different contexts, varying approaches to security and technology.

This led to many conversations with our executive about changes to our security practices. Often the question would arise: “what’s good enough?” and outside of pointing to ISO27001/2 and HIPAA I didn’t have an answer. I couldn’t tell my executive what would reasonably satisfy our customer’s security expectations beyond pointing to the standards. Clearly though “standards compliance” wasn’t the minimum bar… it was something different. By outcome we could observe that organizations were willing to accept differing security practices but there was never a consistency of what would be accepted and what had to be argued (or changed) across the hundreds of different customers (even ones in the same industry).

Since then I’ve moved on from that company (and changed to an internal role) but those questions have raised for me a more fundamental set of questions: Do we actually understand how security professionals think? Are we all aiming for perfect compliance with PCI 3.X or are we driven by something else? Do we construct policies that are risk centric? Are we pragmatists or purists? Are we advisers or problem solvers?

These are questions that have stuck with me for a while and I’ve not found academic papers that answer these questions and so we’re starting a community based study. Knowing what makes us tick might help make us a stronger profession; at the very least it will be interesting.

Study Details

The study will consists of multiple surveys; once we get going we’ll start inviting you to a new survey every two weeks. Each survey will be a few questions in length and should not take more than a few minutes of your time. The study will run for as long as there is ongoing interest and sufficient participation. The study doesn’t expect you to participate in every survey although that would be nice; in fact some of the component surveys may not be relevant to you from time to time.

The study will be anonymous; we’ll still collect an email address and track your unique responses but we’ll never share your identity. Tracking you across multiple surveys will allow for correlation – connecting the dots between the many different responses which hopefully will allow us to generate insight.

The anonymized data will be released under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License to allow for reuse by the community. Analysis reports and papers will be released under a Creative Commons License as well and code used to perform the analysis (probably Jupyter Notebooks) will be GPL’ed.

Enrolment

Everyone is welcome – sign up here to participate: https://www.surveymonkey.com/r/CZTZY7M

 

 

The post Long Term Security Attitudes and Practices Study appeared first on Liquidmatrix Security Digest.