Category Archives: survey

IT workforce increasingly overworked and stressed out

45% of IT workers are feeling the pressure of strained technology operations and suffer regular stress in their jobs, according to Chess Cybersecurity. IT staff who said they were stressed out indicated the following: 59% work more than 45 hours a week, 20% more than the ONS’s stated national average of 37.1 hours, hinting at a chronic overworking problem in the sector Six out of 10 lack the resources to do their jobs well Almost … More

The post IT workforce increasingly overworked and stressed out appeared first on Help Net Security.

Energy security pros worry about catastrophic failure due to cyberattacks

70 percent of energy security professionals are concerned that a successful cyberattack could cause a catastrophic failure, such as an explosion, a recent survey has shown. Of the 151 IT and operational technology (OT) security pros at energy and oil and gas companies that were polled, 97 percent are concerned that attacks could cause operational shutdowns, and 96 percent believe they could impact the safety of their employees. Respondents were also asked about their organizations’ … More

The post Energy security pros worry about catastrophic failure due to cyberattacks appeared first on Help Net Security.

Organizations are becoming more resilient to focused cyber attacks

Accenture has polled 4,600 security decision makers at US$1B+ companies in 15 countries to understand the effectiveness of security efforts and the adequacy of existing investments. The survey has shown that, while the average number of focused cyberattacks per organization has more than doubled this year compared to the previous 12 months (232 vs 106), organizations are demonstrating far more success in detecting and blocking them. They are now preventing 87 percent of all focused … More

The post Organizations are becoming more resilient to focused cyber attacks appeared first on Help Net Security.

Tech-skilled cybersecurity pros in high demand and short supply

The worldwide cybersecurity skills gap continues to present a significant challenge, with 59 percent of information security professionals reporting unfilled cyber/information security positions within their organization, according to ISACA’s new cybersecurity workforce research. The research is the result of polling 2,300+ cybersecurity professionals who hold ISACA’s Certified Information Security Manager (CISM) and/or Cybersecurity Nexus Practitioner (CSXP). Among the concerning trends revealed in part 1 of the ISACA State of Cybersecurity 2018 Report, released today at … More

The post Tech-skilled cybersecurity pros in high demand and short supply appeared first on Help Net Security.

Most US consumers don’t trust companies to keep their data private

While a majority of the US public sees companies’ ability to keep data private as absolutely key, it has little trust in companies to do so. In fact, only 20 percent of them “completely trust” organizations they interact with to maintain the privacy of their data, the results of a recent survey have shown. They are also much more worried about hackers accessing their data than companies using it for purposes they have not agreed … More

The post Most US consumers don’t trust companies to keep their data private appeared first on Help Net Security.

Devs know application security is important, but have no time for it

Sonatype polled 2,076 IT professionals to discover practitioner perspectives on evolving DevSecOps practices, shifting investments, and changing perceptions, and the results of the survey showed that breaches related to open source components grew at a staggering 50% since 2017, and 121% since 2014. This follows on from Sonatype’s findings earlier in the year, which showed that 1 in 8 open source components downloaded by developers in the UK contained a known security vulnerability. Yet despite … More

The post Devs know application security is important, but have no time for it appeared first on Help Net Security.

1-in-4 orgs using public cloud has had data stolen

McAfee has polled 1,400 IT professionals across a broad set of countries (and continents), industries, and organization sizes and has concluded that lack of adequate visibility and control is the greatest challenge to cloud adoption in an organization. However, the business value of the cloud is so compelling that some organizations are plowing ahead. Cloud services nearly ubiquitous According to the survey, the results of which have been unveiled at RSA Conference 2018, 97 percent … More

The post 1-in-4 orgs using public cloud has had data stolen appeared first on Help Net Security.

2.6 billion records were stolen, lost or exposed worldwide in 2017

Gemalto released the latest findings of the Breach Level Index, revealing that 2.6 billion records were stolen, lost or exposed worldwide in 2017, an 88% increase from 2016. While data breach incidents decreased by 11%, 2017 was the first year publicly disclosed breaches surpassed more than two billion compromised data records since the Breach Level Index began tracking data breaches in 2013. Over the past five years, nearly 10 billion records have been lost, stolen … More

The post 2.6 billion records were stolen, lost or exposed worldwide in 2017 appeared first on Help Net Security.

Many businesses struggling to meet GDPR deadline

IT decision makers across the U.S., UK, France, and Germany are still missing an opportunity to transform their business through a holistic data management approach that reduces risk and improves business efficiency. For nearly two years, most organizations have lagged in addressing their GDPR compliance, and in some cases are ignoring the issue completely. In doing so, they are ignoring the benefits to be gained from the compliance effort, including developing a data-centric approach to … More

The post Many businesses struggling to meet GDPR deadline appeared first on Help Net Security.

How many can detect a major cybersecurity incident within an hour?

Less than half of all organizations were able to detect a major cybersecurity incident within one hour. Even more concerning, less than one-third said that even if they detected a major incident, they would be unable to contain it within an hour, according to LogRhythm. Average time to detect a major cybersecurity incident The study, conducted by Widmeyer, which surveyed 751 IT decision makers from the U.S., U.K. and Asia-Pacific, also revealed that a majority … More

The post How many can detect a major cybersecurity incident within an hour? appeared first on Help Net Security.

Organizations want to leverage the cloud but are held back by security misconceptions

iboss has published the findings of its 2018 Enterprise Cloud Trends report. The survey of IT decision makers and office workers in U.S. enterprises found that 64% of IT decision makers believe the pace of software as a service (SaaS) application adoption is outpacing their cybersecurity capabilities. Combined with growing pressures from shadow IT and mobile employees, 91% of IT decision makers agree they need to update security policies to operate in a cloud-first environment. … More

The post Organizations want to leverage the cloud but are held back by security misconceptions appeared first on Help Net Security.

Major uptick in mobile phishing URL click rate

In a study of Lookout users, more than half clicked mobile phishing URLs that bypassed existing security controls. Since 2011, Lookout has observed this mobile phishing URL click rate increase 85 percent year-over-year. “Mobile devices have eroded the corporate perimeter, limiting the effectiveness of traditional network security solutions like firewalls and secure web gateways,” said Aaron Cockerill, chief strategy officer at Lookout. “Operating outside the perimeter and freely accessing not just enterprise apps and SaaS, … More

The post Major uptick in mobile phishing URL click rate appeared first on Help Net Security.

Steps executives are taking to increase security while launching new ways to pay

More than 80 percent of organizations that have been impacted by a data breach have introduced a new security framework and 79 percent have reduced employee access to customer data, according to new benchmark data, “2018 Global Payments Insight Survey: Bill Pay Services,” from ACI Worldwide and Ovum. The benchmark, comprised of responses from executives at billing organizations such as consumer finance, healthcare and higher education, also revealed that over 70 percent of organizations that … More

The post Steps executives are taking to increase security while launching new ways to pay appeared first on Help Net Security.

Security teams are under resourced, overwhelmed by attackers

A new report conducted by the Ponemon Institute uncovered security’s “patching paradox” – hiring more people does not equal better security. While security teams plan to hire more staffing resources for vulnerability response – and may need to do so – they won’t improve their security posture if they don’t fix broken patching processes. Firms struggle with patching because they use manual processes and can’t prioritize what needs to be patched first. The study found … More

The post Security teams are under resourced, overwhelmed by attackers appeared first on Help Net Security.

IT audit best practices: Technological changes give rise to new risks

IT security and privacy, IT governance and risk management, regulatory compliance, emerging technology and cloud computing are the key issues impacting IT audit plans in 2018, according to a benchmarking study from Protiviti and ISACA. To whom within the organization does your IT audit director report? The seventh annual survey of more than 1,300 chief audit executives (CAE), internal audit professionals and IT audit vice presidents and directors worldwide found that most audit plans for … More

The post IT audit best practices: Technological changes give rise to new risks appeared first on Help Net Security.

Cyber attacks are becoming more organized and structured

Trustwave released the 2018 Trustwave Global Security Report which reveals the top security threats, breaches by industry, and cybercrime trends from 2017. The report is derived from the analysis of billions of logged security and compromise events worldwide, hundreds of hands-on data-beach investigations and internal research. Findings depict improvement in areas such as intrusion to detection however, also showed increased sophistication in malware obfuscation, social engineering tactics, and advanced persistent threats. North America and retail … More

The post Cyber attacks are becoming more organized and structured appeared first on Help Net Security.

Inbox placement improving, spam placement remains the same

The global trend of delivery data increased over the last eight quarters, with a growth of 4 percent inbox placement, according to 250ok. Missing emails saw a decrease of 5 percent, while spam folder placement remains rather stable with less than 1 percent change. Of the global seed accounts 250ok studied, Canada was the only country with a dip in email deliverability, as the 3-year transition period for Canada’s Anti-Spam Legislation (CASL) came to an … More

The post Inbox placement improving, spam placement remains the same appeared first on Help Net Security.

Fewer records breached: Cybercriminals focus on ransomware, destructive attacks

According to the 2018 IBM X-Force Threat Intelligence Index, the number of records breached dropped nearly 25 percent in 2017, as cybercriminals shifted their focus on launching ransomware and destructive attacks that lock or destruct data unless the victim pays a ransom. Last year, more than 2.9 billion records were reported breached, down from 4 billion disclosed in 2016. While the number of records breached was still significant, ransomware reigned in 2017 as attacks such … More

The post Fewer records breached: Cybercriminals focus on ransomware, destructive attacks appeared first on Help Net Security.

How critical infrastructure operators rate their security controls

Indegy revealed that nearly 60 percent of executives at critical infrastructure operators polled in a recent survey said they lack appropriate controls to protect their environments from security threats. As expected, nearly half of all respondents indicated their organizations plan to increase spending for industrial control system (ICS) security measures in the next 12-24 months. “We have been tracking the escalation in cyber threat activity specifically targeting critical infrastructures for some time,” says Barak Perelman, … More

The post How critical infrastructure operators rate their security controls appeared first on Help Net Security.

Would automation lead to improved cybersecurity?

Concerted efforts to increase job satisfaction, automation in the Security Operations Center (SOC) and gamification in the workplace are key to beating cybercriminals at their own game, according to McAfee. Which of the below areas of the cybersecurity process is your organization using automation in? The landscape for cyberthreats is growing, both in complexity and volume. According to the report, 46 percent of respondents believe that in the next year they will either struggle to … More

The post Would automation lead to improved cybersecurity? appeared first on Help Net Security.

How companies continue to expose sensitive data to threats

A new study from the Varonis Data Lab found that on average, 21% of a company’s folders were accessible to every employee, and 41% of companies had at least 1,000 sensitive files open to all employees. The report, based on analysis of data risk assessments conducted by Varonis in 2017 for customers and potential customers on their file systems, shines a spotlight on several issues that put organizations at risk from data breaches, insider threats … More

The post How companies continue to expose sensitive data to threats appeared first on Help Net Security.

Industry leaders struggle to balance digital innovation and security

Companies are struggling with the tug-of-war between advancing digital innovation and ensuring secure digital experiences that maintain user trust and mitigate risk. As part of a study of more than 350 global information technology leaders conducted by Forrester Consulting for Akamai, the results also show that the companies defined as being the most digitally mature – best balancing innovation and security – grow faster than their competitors. Digital innovation sits at the helm of today’s … More

The post Industry leaders struggle to balance digital innovation and security appeared first on Help Net Security.

How safe is your personal information?

Another day, another data breach. Recent news about cybercriminals obtaining more than 5 million credit card numbers from high-end U.S. retailers joined a series of major hacks and online data breaches. Unfortunately, the frequency of attacks on Americans’ personal information has fostered a feeling of inevitability. In fact, according to results released today from a telephone survey conducted by The Harris Poll for the American Institute of CPAs (AICPA) of 1,006 Americans adults in the … More

The post How safe is your personal information? appeared first on Help Net Security.

How to close the security update gap

Security patching is hard and patch fatigue is real. So what can be done to make the process more simple, less disruptive, and more likely to be performed in a timely manner? According to the results of a recent survey by ACROS Security, those responsable for it are asking for – among other things – the capability to quickly un-apply patches if they cause problems, security and functional patches to be decoupled, want to have … More

The post How to close the security update gap appeared first on Help Net Security.

Most healthcare pros believe their organizations adequately protect patient data

Most of the healthcare professionals polled remain confident regarding their own organization’s cyber security protocols despite apprehensions connected with their own healthcare information and general healthcare infrastructure, according to a Venafi survey querying 122 healthcare professionals at the HIMSS18 conference in Las Vegas. In fact, seventy-nine percent said they are concerned about the cyber security of their own healthcare information. At the same time, sixty-eight percent believe their organizations are doing enough to adequately protect … More

The post Most healthcare pros believe their organizations adequately protect patient data appeared first on Help Net Security.

Crypto mining runs rampant in higher education: Is it students?

The higher education sector exhibited a startling increase in potentially damaging cryptocurrency mining behaviors, according to Vectra. The Attacker Behavior Industry Report reveals cyberattack detections and trends from a sample of 246 opt-in enterprise customers using the Vectra Cognito platform, across 14 different industries. From September 2017 through January 2018, Vectra monitored traffic and collected metadata from more than 4.5 million devices and workloads from customer cloud, data center and enterprise environments. By analyzing this … More

The post Crypto mining runs rampant in higher education: Is it students? appeared first on Help Net Security.

Macro-less word document attacks on the rise

WatchGuard released its Internet Security Report for Q4 2017. Among the report’s most notable findings, threat intelligence showed that total malware attacks are up by 33 percent, and that cyber criminals are increasingly leveraging Microsoft Office documents to deliver malicious payloads. “After a full year of collecting and analyzing Firebox Feed data, we can clearly see that cyber criminals are continuing to leverage sophisticated, evasive attacks and resourceful malware delivery schemes to steal valuable data,” … More

The post Macro-less word document attacks on the rise appeared first on Help Net Security.

The current state of USB data protection

Data protection, whether related to personal customer or patient information, is critical across virtually all industries. So how can organizations best protect their most sensitive and confidential information? To answer this question, Apricorn surveyed more than 400 employees in September 2017, ranging in ages from 18 to 65 across numerous industries that included education, finance, government, healthcare, legal, retail and manufacturing. Among other things, the survey revealed that while USB drives are ubiquitous and widely … More

The post The current state of USB data protection appeared first on Help Net Security.

Worldwide spending on security solutions to reach $91 billion in 2018

Worldwide spending on security-related hardware, software, and services is forecast to reach $91.4 billion in 2018, an increase of 10.2% over the amount spent in 2017. This pace of growth is expected to continue for the next several years as industries invest heavily in security solutions to meet a wide range of threats and requirements. According to IDC, worldwide spending on security solutions will achieve a compound annual growth rate (CAGR) of 10.0% over the … More

The post Worldwide spending on security solutions to reach $91 billion in 2018 appeared first on Help Net Security.

Businesses suspect their mobile workers are being hacked

More than half (57%) of organisations suspect their mobile workers have been hacked or caused a mobile security issue in the last 12 months, according to the iPass Mobile Security Report 2018. Overall, 81% of respondents said they had seen Wi-Fi related security incidents in the last 12 months, with cafés and coffee shops (62%) ranked as the venues where such incidents had occurred most. That was closely followed by airports (60%) and hotels (52%), … More

The post Businesses suspect their mobile workers are being hacked appeared first on Help Net Security.

Consumers worry that small privacy invasions may lead to a loss of civil rights

A new report by The Economist Intelligence Unit (EIU) shows that consumers around the world perceive wide ranging risks in how their personal information is collected and shared with third parties. They want greater transparency and control, as well as commitments from government and industry to protect privacy. Large shares of the consumers surveyed indicate a host of concerns related to the collection and transmission of their personal information. These range from identity theft to … More

The post Consumers worry that small privacy invasions may lead to a loss of civil rights appeared first on Help Net Security.

Compliance functions make a turn towards innovation-fueled strategies

Faced with growing threats of ‘industry shocks’ such as cyber fraud, cryptocurrency, quantum computing and open banking, financial institutions expect to increase their compliance investments over the next two years as they seek new approaches to strengthening compliance capabilities, according to a new report from Accenture. Compliance investments increase Based on a survey of 150 compliance executives at financial services institutions, Accenture’s fifth annual compliance risk report, “Comply and Demand,” found that 89 percent of … More

The post Compliance functions make a turn towards innovation-fueled strategies appeared first on Help Net Security.

Organizations blame legacy antivirus protection for failed ransomware prevention

More than half (53 percent) of U.S. organizations that were infected with ransomware blamed legacy antivirus protection for failing to prevent the attack, according to SentinelOne. Nearly 7 out of 10 of these companies have replaced legacy AV with next-gen endpoint protection to prevent future ransomware infections. AV fails to foil ransomware Behind employee carelessness as the primary cause (56 percent blamed this), failed legacy AV protection is viewed as the leading factor in successful … More

The post Organizations blame legacy antivirus protection for failed ransomware prevention appeared first on Help Net Security.

Analysis of 560 incidents demonstrates need for cyber resilience

Many entities face the same types of security incidents – some are viewed as handling the incident well, and for some it’s a disruptive and costly lesson. The ones that fare better have prepared for an incident and use lessons-learned from prior incidents. Recognizing that entities need a source of reliable information on what actually happens during an incident, the BakerHostetler Privacy and Data Protection team published the 2018 edition of its Data Security Incident … More

The post Analysis of 560 incidents demonstrates need for cyber resilience appeared first on Help Net Security.

Bad bot traffic increases, gambling and airlines most targeted industries

Distil Networks analyzed hundreds of billions of bad bot requests at the application layer to provide insight and guidance on the nature and impact of automated threats in 2017. Bad bots are up from last year “This year bots took over public conversation, as the FBI continues its investigation into Russia’s involvement in the 2016 U.S. presidential election and new legislation made way for stricter regulations,” said Tiffany Olson Jones, CEO of Distil Networks. “Yet, … More

The post Bad bot traffic increases, gambling and airlines most targeted industries appeared first on Help Net Security.

IoT device management market size worth $5.1 billion by 2025

The global IoT device management market size is anticipated to reach USD 5.1 billion by 2025, according to a new report by Grand View Research, exhibiting a 28.3% CAGR during the forecast period. Growing demand for IoT services, need for digitalization, and increasing penetration of communication and networking technologies are expected to drive the market over the coming years. In the past few years, the industry has witnessed increasing investments in R&D activities for development … More

The post IoT device management market size worth $5.1 billion by 2025 appeared first on Help Net Security.

Third-party IoT risk management not a priority

With the proliferation of IoT devices used in organizations to support business, technology and operations innovation, respondents to an Ponemon Institute study were asked to evaluate their perception of IoT risks, the state of current third party risk management programs, and governance practices being employed to defend against IoT-related cyber attacks. Has your organization experienced a data breach or cyber attack caused by unsecured IoT devices or applications in the past 12 months? This year’s … More

The post Third-party IoT risk management not a priority appeared first on Help Net Security.

Digital innovation held back as IT teams firefight security threats

43% of IT executives at European financial institutions reveal that fears of a cyber-attack keep them awake at night – two months before the GDPR comes into force, according to figures published by financial services IT consultancy and service provider Excelian, Luxoft Financial Services. The survey of over 200 IT executives working in capital markets, wealth management and corporate banking reveals that although 89% agree implementing a cybersecurity strategy is a top priority, budget cuts … More

The post Digital innovation held back as IT teams firefight security threats appeared first on Help Net Security.

Like any threat, malware evolves: Discover new trends

Cofense released the 2018 Cofense Malware Review, detailing the trends that defined malware attacks in 2017 and the emerging trends for network defenders to prioritize in 2018. While a couple of high profile breaches stole the spotlight in 2017, Cofense’s global security team uncovered a number of less visible evolutions that dramatically changed the threat landscape and continue to pose threats. Malicious actors demonstrated how quickly they could exploit recently disclosed vulnerabilities, change how they … More

The post Like any threat, malware evolves: Discover new trends appeared first on Help Net Security.

Businesses know breaches are happening, but do they know how, why and when?

Nearly four in five companies (79%) were hit by a breach in the last year, according to Balabit. Their research also revealed that 68% businesses expect to be impacted by further breaches this year, with more than a quarter anticipating a breach to occur within the next six months. The Unknown Network Survey, deployed in the UK, France, Germany and the US, reveals the attitudes of 400 IT and security professionals surrounding their IT security … More

The post Businesses know breaches are happening, but do they know how, why and when? appeared first on Help Net Security.

Experiences and attitudes towards cloud-specific security capabilities

Dimensional research conducted a survey of IT professionals responsible for cloud environments. The survey, which is comprised of data collected from over 600 respondents from around the world, provides an overview of experiences and attitudes in regards to cloud security. In your opinion, how does the overall security posture for your company’s cloud services compare to your on-premises security? The cloud is redefining the role of the firewall An overwhelming 83 percent of respondents have … More

The post Experiences and attitudes towards cloud-specific security capabilities appeared first on Help Net Security.

Top cybersecurity evasion and exfiltration techniques used by attackers

SS8 released its 2018 Threat Rewind Report, which reveals the top cybersecurity evasion and exfiltration techniques used by attackers and malicious insiders. During the past year, SS8 sensors and analytics deployed globally within live production networks have detected a variety of techniques used to compromise and steal data (intellectual property) from organizations in key industries spanning critical infrastructure, enterprises and telecommunications. The networks SS8 assesses exhibit the presence of the following evasion and exfiltration activity: … More

The post Top cybersecurity evasion and exfiltration techniques used by attackers appeared first on Help Net Security.

Excessive alerts, outdated metrics, lead to over-taxed security operations centers

A new study, conducted by 360Velocity and Dr. Chenxi Wang, found that excessive alerts, outdated metrics, and limited integration lead to over-taxed security operations centers (SOCs). SOCs are overwhelmed The study was conducted over the span of three months, interviewing security practitioners from enterprise companies in a cross-section of industries: Software-as-a-Service (SaaS), retail, financial services, healthcare, consumer services, and high tech. As the threat landscape changes and enterprises move to adopt additional layers of defensive … More

The post Excessive alerts, outdated metrics, lead to over-taxed security operations centers appeared first on Help Net Security.