Commoditising cybercrime: The rise of ransomware-as-a-service

Recent years have seen a growing number of high-profile ransomware attacks such as WannaCry hit the headlines for their ability to hijack a huge number of computers in a short space of time and extort victims into paying ransoms in order to get their information back. In the case of WannaCry, over 200,000 computers were infected across 150 countries in just four days, with the ransoms being demanded ranging from $300-$600 per computer. Estimates put the...

By Naaman Hart, 21 November 2018, 0 comments. Categories: Data Loss, Malware, Security.

The real deal on cybercrime, breach timelines, and mounting a proactive defence

Here’s something that may seem obvious but is more true today than ever: Organisations that take security breaches seriously (which should be all of them) can’t afford to sit back and take a reactive approach to their defensive strategy. Although a considerable amount of damage can be done in a shockingly short period of time, simple proactive steps can often thwart cybercriminals and defend organisations against a wide variety of attacks.

By Ted Ross, 19 November 2018, 0 comments. Categories: CIO, Data Loss, Malware, Security.

Get to grips with DevSecOps – and address security flaws much more quickly

The number of vulnerable applications in an organisation’s ecosystem remains at a ‘staggeringly high’ level according to new research – but putting DevSecOps practices into action appear to have some benefits.

That’s according to a report from CA Veracode. The latest State of Software Security report – CA Technologies having acquired Veracode last year – gives a ‘promising’...

By James Bourne, 26 October 2018, 0 comments. Categories: Data & Analytics, Data Loss, Productivity, Security.

Four cybersecurity challenges that critical infrastructures are facing

Earlier this year, Russia started a widespread cyber-attack targeting critical infrastructures around the world, including tens of thousands of devices in British homes. So back in April, the UK’s National Cyber Security Centre (NCSC), the FBI and the US Department of Homeland Security (DHS) released a joint alert, warning that the Russian Government had carried out an attack...

By Anthony Perridge, 16 October 2018, 0 comments. Categories: Data & Analytics, Data Loss, Security.

New research shows importance of visibility in mobile device strategy

A lack of visibility into devices and networks is putting businesses at risk of cyberattacks, according to a new report.

The study, put together by Enterprise Mobility Exchange and NetMotion Software and which polled more than 130 respondents at organisations with corporately owned mobile devices, explored employees' relationships with their devices and networks.

Almost half of mobile workers polled said they spent the majority of their working time connected to non-corporate public Wi-Fi and carrier...

By James Bourne, 15 October 2018, 0 comments. Categories: Data Loss, Employees, Enterprise Mobility, Research, Security.

Deflecting DDoS: Key tactics in the battle against IoT-powered attacks

What makes a DDoS successful? I asked myself that question at the end of August when the central bank of Spain, Banco d’Espana, was hit by a DDoS attack that took its website temporarily offline.

The bank issued a statement acknowledging the attack and stating that “no damage” had been done and its operations, as a central bank with no commercial arm, were not affected, implying that the attack was not successful. Meanwhile, the hacktivist group, Anonymous Catalonia, claimed responsibility...

By Ronald Sens, 03 October 2018, 0 comments. Categories: Data & Analytics, Data Loss, IoT, Mobile, Security.

Enterprises are finding open source so alluring that vulnerabilities are less important

The Equifax data breach of 2017 was a bad one. Just how bad it ended up being was only revealed in May this year. This isn’t for the faint of heart: 209,000 payment cards, 99 million addresses, and more than 146 million people affected.

Yet these revelations have had little effect on organisations using vulnerable open source software. According to the latest State of the Software Supply Chain report from Sonatype, the...

By James Bourne, 27 September 2018, 0 comments. Categories: Applications, Data & Analytics, Data Loss, Privacy.

Building trust in a ‘zero trust’ environment: A more dynamic security model

Today’s working environments are no longer governed by the perimeters and boundaries they once were.  As a result, security threats have multiplied and the pressure on IT teams to protect data has increased rapidly. Modern work happens in a mobile-cloud environment outside traditional security controls, and from the perspective of those controls it’s a zero trust environment.

As attacks become more sophisticated, security professionals are forced to reconsider the best practices on which...

By Ojas Rege, 17 September 2018, 0 comments. Categories: Data & Analytics, Data Loss, Enterprise Mobility, Security.

Enterprises waiting months for security updates may cause concern in ‘as a service’ future

Revamping an enterprise’s IT security is never going to be a simple flick of a switch. Yet for more than a quarter of organisations polled by enterprise software provider Kollective, it will take at least a month before vital updates are installed.

The study, which polled 260 IT managers, found that for almost two in five (37%), not installing updates is seen as the biggest security threat this year, with outdated...

By James Bourne, 22 August 2018, 0 comments. Categories: Data & Analytics, Data Loss, Enterprise Mobility, Security.

Employees who see compliance violations twice as likely to leave, says Gartner

Employees who see misconduct or a compliance violation at work are twice as likely to leave their organisations, according to a new study from Gartner.

The survey, which sampled more than 5,000 employees at various levels, found that 29% of employees saw at least one compliance breach at work in 2016 and 2017. Of these sampled employees, 59% were actively looking for another job due to a compliance violation. This was compared with...

By James Bourne, 13 August 2018, 0 comments. Categories: CIO, Data Loss, Employee Education, Employees, Security.