Category Archives: survey

Perceptions on the impact of data breaches and identity protection

4iQ recently completed research focusing on Americans’ attitudes about cybersecurity breaches and the efforts that organizations make to mitigate breaches’ effects on identity theft. Where’s the data? The findings indicate that a large proportion of Americans (44%) believe their personally identifiable information (PII) has been stolen as a result of a data breach. A strong majority (63%) are concerned that prior breaches could lead to future identity fraud, and a significant number (37%) believe they … More

The post Perceptions on the impact of data breaches and identity protection appeared first on Help Net Security.

How the under 30s expect new approaches to cybersecurity

In today’s multigenerational workforce, the over-30s are more likely to adopt cybersecurity good practice than their younger colleagues who have grown up with digital technology. This is according to a report on generational attitudes to cybersecurity from the security division of NTT. The report identified good and bad practice for organizations researched as part of its Risk:Value 2019 report, scored across 17 key criteria. This revealed that under-30s score 2.3 in terms of cybersecurity best … More

The post How the under 30s expect new approaches to cybersecurity appeared first on Help Net Security.

How much organizations are investing in analytics and why

Despite 94% of organizations believing data and analytics is important to their digital transformation and business growth, most are not enabling a data-driven culture, according to MicroStrategy. Data-deprived employees Compared to executives and management employees, front-line employees are data-deprived and have the least access to data and analytics. The contrast between the data-privileged and the data-deprived is most pronounced in the financial services industry, with just 11% of front-line employees getting access to analytics reports. … More

The post How much organizations are investing in analytics and why appeared first on Help Net Security.

AI and ML will become important for how organizations run their digital systems

Global organizations are making significant progress with digital transformation projects despite obstacles, however technology leaders are finding that running their digitally transformed organizations is challenging and they are under increased pressure to prove business value. New Relic and Vanson Bourne surveyed 750 global senior IT decision makers of enterprises with 500 to 5,000-plus employees in Australia, France, Germany, U.K., and the U.S. Key findings from the survey include: 1 in 2 tech leaders are challenged … More

The post AI and ML will become important for how organizations run their digital systems appeared first on Help Net Security.

Security still top priority as more enterprises scale IoT solutions company-wide

A record 61 percent of enterprises worldwide are on the path to becoming “intelligent,” compared to only 49 percent in 2018. The Zebra Technologies Corporation global survey analyzes the extent to which companies connect the physical and digital worlds to drive innovation through real-time guidance, data-powered environments and collaborative mobile workflows. Their “Intelligent Enterprise” Index scores are calculated using 11 criteria that include Internet of Things (IoT) vision, adoption, data management, intelligent analysis and more. … More

The post Security still top priority as more enterprises scale IoT solutions company-wide appeared first on Help Net Security.

Companies are shifting spending to support their critical IT initiatives

Increasing spend efficiency and cutting waste are challenging with respect to gaining visibility into costs and managing IT spend effectively, according to Flexera survey. Survey respondents are IT executives working in large enterprises with 2,000 or more employees, headquartered in North America and Europe, encompassing industries such as financial services, retail, e-commerce and industrial products. More than half are C-level executives. Managing IT spending The top challenge to managing spend effectively, cited by 86 percent … More

The post Companies are shifting spending to support their critical IT initiatives appeared first on Help Net Security.

Key challenges impacting IT audit pros navigating an evolving risk landscape

Protiviti and ISACA surveyed 2,252 chief audit executives (CAEs), internal audit professionals and IT audit vice presidents and directors worldwide. Asked to identify their biggest technology challenges, IT audit leaders and professionals noted the following as their top five: IT security and privacy/cybersecurity Data management and governance Emerging technology and infrastructure changes – transformation/innovation/disruption Staffing and skills challenges Third-party/vendor management “As much as organizations are focusing on cybersecurity and protecting their data, they’re still behind … More

The post Key challenges impacting IT audit pros navigating an evolving risk landscape appeared first on Help Net Security.

MSPs face increased risks and opportunities to rethink cybersecurity

Managed service providers (MSPs) and their small-and medium-sized business (SMB) customers lack the tools and resources needed to sufficiently defend against rising cyberattacks and threats, according to Continuum. Security shortcomings The report found significant shortcomings in how MSPs offer cybersecurity, emphasizing the need for both MSPs and their SMB customers to reevaluate their cybersecurity strategies and identify effective solutions to bridge the widening IT skills gap. Conducted by Vanson Bourne, the study surveyed 200 MSPs … More

The post MSPs face increased risks and opportunities to rethink cybersecurity appeared first on Help Net Security.

1 in 5 SMBs have fallen victim to a ransomware attack

Ransomware remains the most common cyber threat to SMBs, according to a Datto survey of more than 1,400 MSP decision makers that manage the IT systems for small-to-medium-sized businesses. SMBs are a prime target While it is used against businesses of all sizes, SMBs have become a prime target for attackers. The report uncovered a number of ransomware trends specifically impacting the SMB market: Ransomware attacks are pervasive. The number of ransomware attacks against SMBs … More

The post 1 in 5 SMBs have fallen victim to a ransomware attack appeared first on Help Net Security.

Executives are not actively engaged in ensuring the effectiveness of cybersecurity strategy

There’s a clear lack of accountability, especially on the board and among C-suite executives, and a lack of confidence in determining the efficacy of security technologies. AttackIQ and Ponemon Institute surveyed 577 IT and IT security practitioners in the United States who are knowledgeable about their organizations’ IT security strategy, tactics, and technology investments. “Enterprise culture is formed at the top. If enterprise leaders are not actively engaged in ensuring a strong cybersecurity posture, it … More

The post Executives are not actively engaged in ensuring the effectiveness of cybersecurity strategy appeared first on Help Net Security.

Do digital architects have the tools to make the most of transformative technologies?

Digital architects are struggling to satisfy their organizations’ digital transformation ambitions, research from Couchbase has found. In a survey of 450 heads of digital transformation responsible for managing data architecture at enterprises across the U.S., U.K., France and Germany, 85 percent of respondents were under pressure to deliver digital projects – with 41 percent experiencing “high” or “extremely high” pressure. This is not helped by the apparent scale of the challenge facing architects. Sixty eight … More

The post Do digital architects have the tools to make the most of transformative technologies? appeared first on Help Net Security.

When properly managed, shadow IT can benefit your organization

77 percent of IT professionals believe their organizations could earn an edge if company leaders were more collaborative with their businesses to find shadow IT solutions, according to a survey of 1000 US-based IT professionals by Entrust Datacard. As organizations adapt to changing technologies, employees are eager to use productivity solutions that help them function more efficiently — even if these solutions are outside the company’s IT rules and processes. This is the shadow IT … More

The post When properly managed, shadow IT can benefit your organization appeared first on Help Net Security.

How seriously are businesses taking their PKI security?

While most enterprises demonstrate a committed effort towards maintaining a well-rounded PKI setup, they still fall short in several key categories. The post-Black Hat survey report generated by AppViewX indicated that the primary reason for these shortfalls resided in the fact that most certificate- and PKI-processes were bound by silos, manual workflows, and a lack of synergy between systems. For instance, nearly 50% of the respondents admitted to still relying on passwords to safeguard private … More

The post How seriously are businesses taking their PKI security? appeared first on Help Net Security.

AI development has major security, privacy and ethical blind spots

Security, privacy and ethics are low-priority issues for developers when modeling their machine learning solutions, according to O’Reilly. Major issues Security is the most serious blind spot. Nearly three-quarters (73 per cent) of respondents indicated they don’t check for security vulnerabilities during model building. More than half (59 per cent) of organizations also don’t consider fairness, bias or ethical issues during ML development. Privacy is similarly neglected, with only 35 per cent checking for issues … More

The post AI development has major security, privacy and ethical blind spots appeared first on Help Net Security.

Most expect the risk of privileged user abuse to increase

Insufficient privileged access management (PAM) practices continue to be a critical challenge for many organizations despite significant risks of data breaches and security incidents, according to Sila and Ponemon Institute. According to more than 650 North American respondents, 70 percent think it likely that privileged users within their organizations are accessing sensitive or confidential data for no discernible business need and more than half expect privilege user abuse to increase in next 12-24 months. Interestingly, … More

The post Most expect the risk of privileged user abuse to increase appeared first on Help Net Security.

Consumers concerned about connected home privacy, still few implement safety practices

In order to understand what people are doing to protect themselves from the risk of compromised smart home devices, such as internet-connected TVs, smart thermostats, home assistants and more, ESET polled 4,000 consumers. Key findings include: Over a third of all respondents indicated they are concerned about unauthorized access of their home networks via connected home devices (smart TVs, smart thermostats etc.). 35% of Americans and 37% of Canadians indicated so in our survey. When … More

The post Consumers concerned about connected home privacy, still few implement safety practices appeared first on Help Net Security.

DevSecOps role expansion has changed how companies address their security posture

While organizations shift their applications to microservices environments, the responsibility for securing these environments shifts as well, Radware reveals. The rapid expansion of the Development Security Operations (DevSecOps) role has changed how companies address their security posture with approximately 70% of survey respondents stating that the CISO was not the top influencer in deciding on security software policy, tools and or implementation. This shift has likely exposed companies to a broader range of security risks … More

The post DevSecOps role expansion has changed how companies address their security posture appeared first on Help Net Security.

ICS cybersecurity investment should be a priority in protecting operations from disruption

93% of ICS security professionals are concerned about cyberattacks causing operational shutdown or customer-impacting downtime, according to a Tripwire survey. In an effort to prepare against such threats, 77% have made ICS cybersecurity investments over the past two years, but 50% still feel that current investments are not enough. The survey was conducted by Dimensional Research and its respondents included 263 ICS security professionals at energy, manufacturing, chemical, dam, nuclear, water, food, automotive and transportation … More

The post ICS cybersecurity investment should be a priority in protecting operations from disruption appeared first on Help Net Security.

2FA, HTTPS and private browsing still a mystery to most Americans

Most US adults know what phishing scams are and where they occur, what browser cookies do, and that advertising is the largest source of revenue for most social media platforms, a recent Pew Research Center survey aimed at testing American’s digital knowledge has revealed. But, sadly, it has also shown that most respondents don’t know what https:// means, what the private browsing option does, that WhatsApp and Instagram are owned by Facebook, and can’t identify … More

The post 2FA, HTTPS and private browsing still a mystery to most Americans appeared first on Help Net Security.

Does poor password hygiene still hamper your ability to achieve high security standards?

While more businesses are investing in security measures like multifactor authentication (MFA), employees still have poor password habits that weaken companies’ overall security posture, according to LastPass. Given that stolen and reused credentials are linked to 80 percent of hacking-related breaches, businesses must take more action to improve password and access security to make a big impact on risk reduction. “Securing employee access has never been more important and unfortunately, we see businesses ignore password … More

The post Does poor password hygiene still hamper your ability to achieve high security standards? appeared first on Help Net Security.

Impact and prevalence of cyberattacks that use stolen hashed administrator credentials

There’s a significant prevalence and impact of cyberattacks that use stolen hashed administrator credentials, also referred to as Pass the Hash (PtH) attacks, within businesses today, according to a survey from One Identity. Among the survey’s most noteworthy findings is that 95% of respondents say that PtH attacks have a direct business impact on their organizations. Conducted by Dimensional Research, the survey of more than 1,000 IT professionals reinforces the crucial need for organizations to … More

The post Impact and prevalence of cyberattacks that use stolen hashed administrator credentials appeared first on Help Net Security.

Digital transformation requires an aggressive approach to security

Organizations agree, building security into digital transformation initiatives is a priority, yet the recommended path to progress is unclear, according to a survey conducted by ZeroNorth. Companies of all sizes and in all industries are experiencing the pains of digital transformation, with 79% of survey respondents indicating their organization already has related initiatives underway. All participants indicate the importance of digital transformation to the future of their organization, even those who have not yet embarked … More

The post Digital transformation requires an aggressive approach to security appeared first on Help Net Security.

Phishing attempts increase 400%, many malicious URLs found on trusted domains

1 in 50 URLs are malicious, nearly one-third of phishing sites use HTTPS and Windows 7 exploits have grown 75% since January. A new Webroot report also highlights the importance of user education, as phishing lures have become more personalized as hackers use stolen data for more than just account takeover. Hackers are using trusted domains and HTTPS to trick victims Nearly a quarter (24%) of malicious URLs were found to be hosted on trusted … More

The post Phishing attempts increase 400%, many malicious URLs found on trusted domains appeared first on Help Net Security.

Majority of IT departments leave major holes in their USB drive security

For the second year in a row, the majority of employers are failing to equip their employees with the appropriate technologies, procedures and policies to ensure data security across the organization, according to Apricorn. The survey report, which polled nearly 300 employees across industries including education, finance, government, healthcare, legal, retail, manufacturing, and power and energy, examined year-over-year trends of USB drive usage, policies and business drivers. The report indicated that even though 87% of … More

The post Majority of IT departments leave major holes in their USB drive security appeared first on Help Net Security.

BEC explodes as attackers exploit email’s identity crisis

850,000 domains worldwide now have DMARC records, a 5x increase since 2016, according to Valimail. However, less than 17% of global DMARC records are at enforcement — meaning fake emails that appear to come from those domains are still arriving in recipients’ inboxes. Among large companies, only one in five enterprise DMARC records is at enforcement, a significant factor in the wild success of business email compromise (BEC) attacks, which has produced more than $26 … More

The post BEC explodes as attackers exploit email’s identity crisis appeared first on Help Net Security.

Survey: 93% of ICS Pros Fear Digital Attacks Will Affect Operations

Digital attackers are increasingly targeting industrial environments these days. Take manufacturing organizations, for instance. Back in late-August, FortiGuard Labs discovered a malspam campaign that had targeted a large U.S. manufacturing company with a variant of the LokiBot infostealer family. It wasn’t long thereafter when Bloomberg reported on the efforts of bad actors to target Airbus […]… Read More

The post Survey: 93% of ICS Pros Fear Digital Attacks Will Affect Operations appeared first on The State of Security.

Internal user mistakes create large percentage of cybersecurity incidents

Internal user mistakes created the largest percentage of cybersecurity incidents over the past twelve months (80%), followed by exposures caused by poor network system or application security (36%), and external threat actors infiltrating the organization’s network or systems (31%), SolarWinds research reveals. Poor password management ranked as the leading cause of concern for German IT professionals regarding insider threats. Forty-five percent of tech pros surveyed indicated poor password management or weak passwords as the most … More

The post Internal user mistakes create large percentage of cybersecurity incidents appeared first on Help Net Security.

Insider threats are security’s new reality: Prevention solutions aren’t working

Insider threats expose companies to breaches and put corporate data at risk. New research from Code42 questions whether the right data security solutions are being funded and deployed to stop insider threats and asserts that legacy data loss prevention solutions fall short in getting the job done. Today, 79% of information security leaders believe that employees are an effective frontline of defense against data breaches. However, this year’s report disputes that notion. Wake-up call: Insider … More

The post Insider threats are security’s new reality: Prevention solutions aren’t working appeared first on Help Net Security.

Consumers have concerns about cybersecurity, value education on best practices

Nearly three-quarters of consumers (74%) would be likely to participate in a cybersecurity awareness or education program from their financial institution if they offered it. The survey conducted by The Harris Poll on behalf of Computer Services also found that an overwhelming majority of consumers (92%) have concerns about the security of their personal confidential data online. The poll ran online July 1-3, 2019, and it represents feedback from more than 2,000 U.S. adults ages … More

The post Consumers have concerns about cybersecurity, value education on best practices appeared first on Help Net Security.

64% of IT decision makers have reported a breach in their ERP systems in the past 24 months

ERP applications are ‘critical’ to business operations, according to the IDC survey of 430 IT decision makers. ERP-related breach Sixty-four percent of the 191 decision makers surveyed whose organizations rely on SAP or Oracle E-Business Suite confirmed that their deployments have had an ERP-related breach in the last 24 months. “Enterprise Resource Planning (ERP) applications such as Oracle E-Business Suite and SAP (ECC) can be foundational for businesses. A breach of such critical ERP applications … More

The post 64% of IT decision makers have reported a breach in their ERP systems in the past 24 months appeared first on Help Net Security.

Educational organizations massively vulnerable to cyber attacks

The education sector is facing a crisis as schools grapple with high levels of risk exposure – driven in large part by complex IT environments and digitally savvy student populations – that have made them a prime target for cybercriminals and ransomware attackers, according to Absolute. The summer months of 2019 saw the number of publicly-disclosed security incidents in K-12 school districts in the U.S. reach 160, exceeding the total number incidents reported in 2018 … More

The post Educational organizations massively vulnerable to cyber attacks appeared first on Help Net Security.

Being compliant with laws and regulations is not a guarantee against data breaches

Compliance is not a guarantee against data breaches. These are the results of the Advisera survey carried out with 605 respondents, coming from countries on five continents, from various industries, mostly from smaller and medium-size companies, and acting predominantly in IT and security positions. Security and compliance are tightly related Nearly 85% of respondents consider security and compliance to be highly related and feel that they need to be implemented together. “This perception of respondents … More

The post Being compliant with laws and regulations is not a guarantee against data breaches appeared first on Help Net Security.

How security programs and breach history influence company valuations

96% of cybersecurity professionals indicated that cybersecurity readiness factors into the calculation when they are assessing the overall monetary value of a potential acquisition target, a (ISC)2 survey reveals. (ISC)2 surveyed 250 U.S.-based professionals with mergers and acquisitions (M&A) expertise. Survey respondents unanimously agreed that cybersecurity audits are not only commonplace but are actually standard practice during M&A transaction preparation. The research also found that the results of such due diligence can have a tangible … More

The post How security programs and breach history influence company valuations appeared first on Help Net Security.

Security and compliance gaps of ineffective employee onboarding and offboarding

There are significant gaps in the compliant management of employee resources throughout the employment lifecycle. Just 15% of employees have all the resources they require to be productive on day one, further, more than half (52%) of IT professionals know someone who still has access to a former employer’s applications and data, according to Ivanti. When it comes to employee onboarding, 38% of IT professionals report it takes between two and four days to get … More

The post Security and compliance gaps of ineffective employee onboarding and offboarding appeared first on Help Net Security.

49% of infosec pros are awake at night worrying about their organization’s cybersecurity

Six in every ten businesses have experienced a breach in either in the last three years. At least a third of infosec professionals (36%) whose employers had not recently been a victim of a cyber attack also believe that it is likely that they are currently facing one without knowing about it. This may be an indicator of a bumper year for breaches, as the total number of organizations reporting breaches in 2018 only came … More

The post 49% of infosec pros are awake at night worrying about their organization’s cybersecurity appeared first on Help Net Security.

Cyber risks are the top concern among businesses of all sizes

Cyber risks are the top concern among businesses of all sizes for the first time since the Travelers Companies’ survey began in 2014. Of the 1,200 business leaders who participated in the survey, 55% said they worry some or a great deal about cyber risks, ahead of medical cost inflation (54%), employee benefit costs (53%), the ability to attract and retain talent (46%) and legal liability (44%). As concerns about cyber threats have grown, a … More

The post Cyber risks are the top concern among businesses of all sizes appeared first on Help Net Security.

Email is an open door for malicious actors looking to exploit businesses

There’s an alarming scale of risks businesses are up against in a time when email is proving an open door for cybercriminals and malicious actors looking to disrupt, exploit and destroy businesses, according to Wire. The report is developed in collaboration with global poker champion and astrophysicist, Liv Boeree. P​oker is a game of making calculated, strategic decisions in high-stakes situations. As such, Liv is able to draw parallels between the poker table and the … More

The post Email is an open door for malicious actors looking to exploit businesses appeared first on Help Net Security.

Employee negligence can be a leading contributor to data breaches

Two thirds (68%) of businesses reported their organization has experienced at least one data breach in the past 12 months, and nearly three in four (69%) of those data breaches involved the loss or theft of paper documents or electronic devices containing sensitive information, according to the Shred-it report conducted by the Ponemon Institute. According to the report, typical workplace occurrences may be at the root of the problem as 65% of managers are concerned … More

The post Employee negligence can be a leading contributor to data breaches appeared first on Help Net Security.

A proactive approach to cybersecurity requires the right tools, not more tools

The key challenge facing security leaders and putting their organizations at risk of breach is misplaced confidence that the abundance of technology investments they have made has strengthened their security posture, according to a study conducted by Forrester Consulting. The study surveyed over 250 senior security decision-makers in North America and Europe. Participants included CISO, CIO, IT and security VPs from organizations ranging from 3,000 to over 25,000 employees. Currently, security leaders employ a variety … More

The post A proactive approach to cybersecurity requires the right tools, not more tools appeared first on Help Net Security.

Companies vastly overestimating their GDPR readiness, only 28% achieving compliance

Over a year on from the introduction of the General Data Protection Regulation (GDPR), the Capgemini Research Institute has found that companies vastly overestimated their readiness for the new regulation with just 28% having successfully achieved compliance. This is compared to a GDPR readiness survey last year which found that 78% expected to be prepared by the time the regulation came into effect in May 2018. However, organizations are realizing the benefits of being compliant: … More

The post Companies vastly overestimating their GDPR readiness, only 28% achieving compliance appeared first on Help Net Security.

DevSecOps is emerging as the main methodology for securing cloud-native applications

Only 8 percent of companies are securing 75 percent or more of their cloud-native applications with DevSecOps practices today, with that number jumping to 68 percent of companies securing 75 percent or more of their cloud-native applications with DevSecOps practices in two years, according to ESG. The study results also revealed that API-related vulnerabilities are the top threat concern (63 percent of respondents) when it comes to organizations use of serverless. Overall, the study analyzed … More

The post DevSecOps is emerging as the main methodology for securing cloud-native applications appeared first on Help Net Security.

Cybersecurity breach experience strengthens CVs

It is in businesses’ best interest to hire cybersecurity leaders who have suffered an avoidable breach, because of the way it changes how security professionals think, feel and behave, according to Symantec. The findings reveal that suffering a breach – and coming out the other side – significantly reduces security leaders’ future workplace stress levels, while improving their likelihood to share knowledge. “It might sound counter intuitive at first,” comments Darren Thomson, CTO, Symantec EMEA, … More

The post Cybersecurity breach experience strengthens CVs appeared first on Help Net Security.

Employees are mistakenly confident that they can spot phishing emails

While a majority (79%) of people say they are able to distinguish a phishing message from a genuine one, nearly half (49%) also admit to having clicked on a link from an unknown sender while at work, according to a Webroot survey. Further, nearly half (48%) of respondents said their personal or financial data had been compromised by a phishing message. However, of that group more than a third (35%) didn’t take the basic step … More

The post Employees are mistakenly confident that they can spot phishing emails appeared first on Help Net Security.

Adopting DevOps practices leads to improved security posture

A strong DevOps culture based on collaboration and sharing across teams, leads to an improved security posture, according to Puppet. Twenty-two percent of the firms at the highest level of security integration having reached an advanced stage of DevOps maturity compared to only six percent of the firms with no security integration. Additionally, the report found that Europe is pulling ahead of the US and the Asia Pacific regions when it comes to firms with … More

The post Adopting DevOps practices leads to improved security posture appeared first on Help Net Security.

Enterprises report IT teams’ cloud skill gaps have nearly doubled

Nearly two-thirds of organizations that currently use cloud also leverage some level of managed services; with 71% of large enterprise IT pros revealing that managed services will be a better use of their money in the future, and a strong majority saying it allows their teams to focus on more strategic and productive IT projects, according to 451 Research. The report examined the significance of managed services for cloud, driven by the increasing complexity of … More

The post Enterprises report IT teams’ cloud skill gaps have nearly doubled appeared first on Help Net Security.

99% of misconfiguration incidents in the cloud go unnoticed

IaaS is now the fastest growing area of the cloud due to the speed, cost and reliability with which organizations can create and deploy applications, according to McAfee. Cloud-Native Breach (CNB) attack chain The results of the survey demonstrate that 99 percent of IaaS misconfigurations go unnoticed—indicating awareness around the most common entry point to new “Cloud-Native Breaches” (CNB) is extremely low. “In the rush toward IaaS adoption, many organizations overlook the shared responsibility model … More

The post 99% of misconfiguration incidents in the cloud go unnoticed appeared first on Help Net Security.

Security capabilities are lagging behind cloud adoption

Security professionals regard their existing tools inadequate for securing critical cloud data, even as their organizations invest heavily, with increasing speed, in cloud applications, according to ESG. The report, based on surveys with responses ranging from approximately 392-600 senior IT decision makers and cyber security professionals, reveals that cloud-first strategies are becoming more common, with 39 percent of respondents from cloud-first organizations saying that they only consider on-premises if someone makes a compelling business case … More

The post Security capabilities are lagging behind cloud adoption appeared first on Help Net Security.

CISO role grows in stature, but challenges remain

In order to find out how CISOs perceive the state of their profession, Optiv Security interviewed 200 CISOs or senior security personnel with equivalent responsibilities in both the US and the UK. Perceiving cybersecurity Survey respondents indicated a fundamental change in how senior executives and board members perceive cybersecurity. Perhaps most surprising was the fact that 58% said experiencing a data breach makes them more attractive to potential employers. This stands in stark contrast to … More

The post CISO role grows in stature, but challenges remain appeared first on Help Net Security.

Disclosing vulnerabilities to improve software security is good for everyone

Today, software companies and security researchers are near universal in their belief that disclosing vulnerabilities to improve software security is good for everyone, according to a Veracode report. 451 Research conducted survey from December 2018 to January 2019 using a representative sample of 1,000 respondents across a range of industries and organization sizes in the US, Germany, France, Italy and the UK. Survey respondents reported enterprise roles such as application development, infrastructure and information security, … More

The post Disclosing vulnerabilities to improve software security is good for everyone appeared first on Help Net Security.

Top challenges for CIOs in a multi-cloud world

Lost revenue (49%) and reputational damage (52%) are among the biggest concerns as businesses transform into software businesses and move to the cloud, according to Dynatrace. As CIOs struggle to prevent these concerns from becoming reality, IT teams now spend 33% of their time dealing with digital performance problems, costing businesses an average of $3.3 million annually, compared to $2.5 million in 2018; an increase of 34%. To combat this, 88% of CIOs say AI … More

The post Top challenges for CIOs in a multi-cloud world appeared first on Help Net Security.

Organizations continue to struggle with privacy regulations

Many organizations’ privacy statements fail to meet common privacy principles outlined in GDPR, CCPA, PIPEDA, including the user’s right to request information, to understand how their data is being shared with third parties and the ability of that information to be deleted upon request, according to the Internet Society’s Online Trust Alliance (OTA). Organizations also have a duty to notify users of their rights in an easily understandable matter. OTA analyzed 29 variables in 1,200 … More

The post Organizations continue to struggle with privacy regulations appeared first on Help Net Security.

Key threats and trends SMB IT teams deal with

MSPs are significantly more concerned with internal data breaches and rapidly evolving technology practices, whereas internal IT teams are more concerned with employee behavior/habits, according to a Central by LogMeIn report. The global survey, which polled 500 IT professionals across North America and Europe, also showed that top security concerns remain consistent year over year with 54 percent of IT professionals ranking malware as their number one security concern, followed by ransomware (46 percent) and … More

The post Key threats and trends SMB IT teams deal with appeared first on Help Net Security.

Researchers analyzed 16.4 billion requests to see how bots affect e-commerce

The sophistication level of bots attacking e-commerce sites is on the rise, with nearly four-fifths (79.2 percent) classified as moderate or sophisticated, up from 75.8 percent in 2018, according to the Imperva report. The report analyzed 16.4 billion requests from 231 domains during the month of July 2019. E-commerce companies suffer from a continual barrage of bad bots that criminals, competitors, resellers and investment companies use to carry out unauthorized price scraping, inventory checking, denial … More

The post Researchers analyzed 16.4 billion requests to see how bots affect e-commerce appeared first on Help Net Security.

Some IT teams move to the cloud without business oversight or direction

27% of IT teams in the financial industry migrated data to the cloud for no specific reason, and none of them received financial support from management for their cloud initiatives, according to Netwrix. Moreover, every third organization that received no additional cloud security budget in 2019 experienced a data breach. Other findings revealed by the research include: 56% of financial organizations that had at least one security incident in the cloud last year couldn’t determine … More

The post Some IT teams move to the cloud without business oversight or direction appeared first on Help Net Security.

Businesses need to treat cybersecurity as something that crosses organizational boundaries

Companies are working to balance their desire for new innovations with their need for strong cyber-defenses, according to a new report from CompTIA. CompTIA’s “Cybersecurity for Digital Operations,” based on a survey of 500 U.S. businesses, also reveals that company executives, business staff and technology professionals have distinctly different views on where their organization stands when it comes to cyber-readiness. The stakes have never been higher for business operations, and public and private safety, according … More

The post Businesses need to treat cybersecurity as something that crosses organizational boundaries appeared first on Help Net Security.

The use of open source software in DevOps has become strategic for organizations of all sizes

A higher percentage of top performing teams in enterprise organizations are using open source software, according to a survey conducted by DevOps Research and Assessment (DORA) and Google Cloud. Additionally, the proportion of Elite performers (highest performing teams) nearly tripled from last year, showing that DevOps capabilities are driving performance. These findings reflect organizations’ increased willingness to embrace investments in technology to deliver value and the use of open source – even in highly regulated, … More

The post The use of open source software in DevOps has become strategic for organizations of all sizes appeared first on Help Net Security.

DNSSEC fueling new wave of DNS amplification attacks

DNS amplification attacks swelled in the second quarter of this year, with the amplified attacks spiking more than 1,000% compared with Q2 2018, according to Nexusguard. Researchers attributed Domain Name System Security Extensions (DNSSEC) with fueling the new wave of DNS amplification attacks, which accounted for more than 65% of the attacks last quarter according to the team’s evaluation of thousands of worldwide DDoS attacks. DNSSEC was designed to protect applications from using forged or … More

The post DNSSEC fueling new wave of DNS amplification attacks appeared first on Help Net Security.

Businesses facing post breach financial fallout by losing customer trust

44% of Americans, 38% of Brits, 33% of Australians, and 37% of Canadians have been the victim of a data breach, according to newly released research conducted by PCI Pal. The findings suggest that a combination of recent high-profile data breaches in each region, the development of assorted laws and regulations to protect consumer data privacy (e.g. the California Consumer Privacy Act, Europe’s General Data Protection Regulations, Canada’s Personal Information Protection and Electronic Documents Act, … More

The post Businesses facing post breach financial fallout by losing customer trust appeared first on Help Net Security.

Only 15% of organizations can recover from a severe data loss within an hour

There’s a global concern about the business impact and risk from rampant and unrestricted data growth, StorageCraft research reveals. It also shows that the IT infrastructures of many organizations are struggling, often failing, to deliver business continuity in the event of severe data outages. A total of 709 qualified individuals completed the research study. All participants had budget or technical decision-making responsibility for data management, data protection, and storage solutions at a company with 100-2,500 … More

The post Only 15% of organizations can recover from a severe data loss within an hour appeared first on Help Net Security.

Threat visibility is imperative, but it’s even more essential to act

Cyberthreats are escalating faster than many organizations can identify, block and mitigate them. Visibility into the expanding threat landscape is imperative, but according to a new threat report released by CenturyLink, it is even more essential to act. “As companies focus on digital innovation, they are entering a world of unprecedented threat and risk,” said Mike Benjamin, head of CenturyLink’s threat research and operations division, Black Lotus Labs. “Threats continue to evolve, as do bad … More

The post Threat visibility is imperative, but it’s even more essential to act appeared first on Help Net Security.

Exploitation of IoT devices and Windows SMB attacks continue to escalate

Cybercriminals upped the intensity of IoT and SMB-related attacks in the first half of 2019, according to a new F-Secure report. The report underscores the threats IoT devices face if not properly secured when online, as well as the continued popularity of Eternal Blue and related exploits two years after WannaCry. F-Secure’s honeypots – decoy servers that are set up to lure in attackers for the purpose of collecting information – measured a twelvefold increase … More

The post Exploitation of IoT devices and Windows SMB attacks continue to escalate appeared first on Help Net Security.

Only one quarter of retail banks have adopted an integrated approach to financial crime systems

Most banks plan to integrate their fraud and financial crime compliance systems and activities in response to new criminal threats and punishing fines, with the U.K. leading the pack, according to a survey by Ovum, on behalf of FICO. Responses show that U.S. systems are less integrated than Canada’s – only 25 percent of U.S. banks have a common reporting line for both fraud and compliance, versus 60 percent for Canada. The survey also found … More

The post Only one quarter of retail banks have adopted an integrated approach to financial crime systems appeared first on Help Net Security.

The rise of modern applications, DevSecOps and the intelligence economy

There has been a significant year-over-year growth in enterprise usage trends around multi-cloud adoption, open source technologies such as Kubernetes, and AWS cloud-native services adoption, Sumo Logic report reveals. The research also shows the increasing need for cloud-based security solutions such as cloud SIEM to help enterprises address today’s increasingly complex security landscape. The intelligence economy The report also provides a summary of three major trends shaping digital business today: the rise of modern applications, … More

The post The rise of modern applications, DevSecOps and the intelligence economy appeared first on Help Net Security.

Interacting with governments in the digital age: What do citizens think?

Most U.S. citizens acknowledge and accept that state and local government agencies share their personal data, even when it comes to personal information such as criminal records and income data, according to a new survey conducted by YouGov and sponsored by Unisys. However, the survey found they remain concerned about the security of the data. The survey of nearly 2,000 (1,986) U.S. citizens living in eight states found that more than three-quarters (77%) accept that … More

The post Interacting with governments in the digital age: What do citizens think? appeared first on Help Net Security.