Commoditising cybercrime: The rise of ransomware-as-a-service

Recent years have seen a growing number of high-profile ransomware attacks such as WannaCry hit the headlines for their ability to hijack a huge number of computers in a short space of time and extort victims into paying ransoms in order to get their information back. In the case of WannaCry, over 200,000 computers were infected across 150 countries in just four days, with the ransoms being demanded ranging from $300-$600 per computer. Estimates put the...

By Naaman Hart, 21 November 2018, 0 comments. Categories: Data Loss, Malware, Security.

The real deal on cybercrime, breach timelines, and mounting a proactive defence

Here’s something that may seem obvious but is more true today than ever: Organisations that take security breaches seriously (which should be all of them) can’t afford to sit back and take a reactive approach to their defensive strategy. Although a considerable amount of damage can be done in a shockingly short period of time, simple proactive steps can often thwart cybercriminals and defend organisations against a wide variety of attacks.

By Ted Ross, 19 November 2018, 0 comments. Categories: CIO, Data Loss, Malware, Security.

Get to grips with DevSecOps – and address security flaws much more quickly

The number of vulnerable applications in an organisation’s ecosystem remains at a ‘staggeringly high’ level according to new research – but putting DevSecOps practices into action appear to have some benefits.

That’s according to a report from CA Veracode. The latest State of Software Security report – CA Technologies having acquired Veracode last year – gives a ‘promising’...

By James Bourne, 26 October 2018, 0 comments. Categories: Data & Analytics, Data Loss, Productivity, Security.

Four cybersecurity challenges that critical infrastructures are facing

Earlier this year, Russia started a widespread cyber-attack targeting critical infrastructures around the world, including tens of thousands of devices in British homes. So back in April, the UK’s National Cyber Security Centre (NCSC), the FBI and the US Department of Homeland Security (DHS) released a joint alert, warning that the Russian Government had carried out an attack...

By Anthony Perridge, 16 October 2018, 0 comments. Categories: Data & Analytics, Data Loss, Security.

New research shows importance of visibility in mobile device strategy

A lack of visibility into devices and networks is putting businesses at risk of cyberattacks, according to a new report.

The study, put together by Enterprise Mobility Exchange and NetMotion Software and which polled more than 130 respondents at organisations with corporately owned mobile devices, explored employees' relationships with their devices and networks.

Almost half of mobile workers polled said they spent the majority of their working time connected to non-corporate public Wi-Fi and carrier...

By James Bourne, 15 October 2018, 0 comments. Categories: Data Loss, Employees, Enterprise Mobility, Research, Security.

Deflecting DDoS: Key tactics in the battle against IoT-powered attacks

What makes a DDoS successful? I asked myself that question at the end of August when the central bank of Spain, Banco d’Espana, was hit by a DDoS attack that took its website temporarily offline.

The bank issued a statement acknowledging the attack and stating that “no damage” had been done and its operations, as a central bank with no commercial arm, were not affected, implying that the attack was not successful. Meanwhile, the hacktivist group, Anonymous Catalonia, claimed responsibility...

By Ronald Sens, 03 October 2018, 0 comments. Categories: Data & Analytics, Data Loss, IoT, Mobile, Security.

Enterprises are finding open source so alluring that vulnerabilities are less important

The Equifax data breach of 2017 was a bad one. Just how bad it ended up being was only revealed in May this year. This isn’t for the faint of heart: 209,000 payment cards, 99 million addresses, and more than 146 million people affected.

Yet these revelations have had little effect on organisations using vulnerable open source software. According to the latest State of the Software Supply Chain report from Sonatype, the...

By James Bourne, 27 September 2018, 0 comments. Categories: Applications, Data & Analytics, Data Loss, Privacy.

Building trust in a ‘zero trust’ environment: A more dynamic security model

Today’s working environments are no longer governed by the perimeters and boundaries they once were.  As a result, security threats have multiplied and the pressure on IT teams to protect data has increased rapidly. Modern work happens in a mobile-cloud environment outside traditional security controls, and from the perspective of those controls it’s a zero trust environment.

As attacks become more sophisticated, security professionals are forced to reconsider the best practices on which...

By Ojas Rege, 17 September 2018, 0 comments. Categories: Data & Analytics, Data Loss, Enterprise Mobility, Security.

Enterprises waiting months for security updates may cause concern in ‘as a service’ future

Revamping an enterprise’s IT security is never going to be a simple flick of a switch. Yet for more than a quarter of organisations polled by enterprise software provider Kollective, it will take at least a month before vital updates are installed.

The study, which polled 260 IT managers, found that for almost two in five (37%), not installing updates is seen as the biggest security threat this year, with outdated...

By James Bourne, 22 August 2018, 0 comments. Categories: Data & Analytics, Data Loss, Enterprise Mobility, Security.

Employees who see compliance violations twice as likely to leave, says Gartner

Employees who see misconduct or a compliance violation at work are twice as likely to leave their organisations, according to a new study from Gartner.

The survey, which sampled more than 5,000 employees at various levels, found that 29% of employees saw at least one compliance breach at work in 2016 and 2017. Of these sampled employees, 59% were actively looking for another job due to a compliance violation. This was compared with...

By James Bourne, 13 August 2018, 0 comments. Categories: CIO, Data Loss, Employee Education, Employees, Security.

How to combat daily security threats within the healthcare sector

Last year, we saw one of the most aggressive ransomware attacks on healthcare institutions around the world. WannaCry went viral on May 12, causing widespread disruption to global IT systems and raising serious questions about the preparedness of the National Health Service to deal with such incidents.

According to the NAO’s published report earlier this...

By Anthony Perridge, 07 August 2018, 0 comments. Categories: CIO, Data & Analytics, Data Loss, IoT, Security.

The risk of ransomware: How to avoid becoming a victim

Since it made more frequent waves in the headlines in waves in 2017, ransomware – which allows hackers to commandeer a company’s data and hold it under password protection until a ransom is paid – has become one of the most feared and profitable weapons in a cybercriminal’s arsenal. More and more hackers are turning to ransomware because it delivers them the best bang for their buck. Small and medium-sized businesses (SMBs) are particularly vulnerable to this...

By Mark Banfield, 02 August 2018, 0 comments. Categories: Data & Analytics, Data Loss, Employees, Security.

Industries still ‘in the middle’ when it comes to cybersecurity implementation, Gartner finds

Even though 95% of CIOs expect cyber threats to increase over the next three years, only two in three (65%) organisations currently have a cybersecurity expert.

That’s the key finding from analyst firm Gartner, who polled 3,160 CIO respondents across all major industries that represent approximately $13 trillion in revenue and public sector budgets and $277 billion in IT spending.

The survey also found that skills challenges continue to plague organisations that adopt digitalisation, with digital...

By Enterprise CIO, 23 July 2018, 0 comments. Categories: CIO, Data & Analytics, Data Loss, Enterprise Mobility, Security.

Why it’s time to wake up to critical infrastructure threats

“Without change, something sleeps inside us, and seldom awakens. The sleeper must awaken.”

This quote from Dune is a favourite of mine because it speaks to a phenomenon we see around cyberattacks, particularly those targeting critical infrastructure. In many instances, the industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems that run such infrastructure have been in place for years. Hesitant to make changes for fear of causing disruption, operators seldom...

By Anthony Perridge, 26 June 2018, 0 comments. Categories: Data & Analytics, Data Loss, Security.

How to counter the increasing volume of DDoS attacks

As attacks are getting more sophisticated, so must our defences.

The threat to corporate networks from DDoS attacks has never been greater. Despite some wins of recent, such as the takedown in April of Webstresser – an online DDoS-as-a-service website, organisations cannot take their guard down.

Such a service meant that criminals could flood servers with traffic for as little as...

By Ronald Sens, 25 June 2018, 0 comments. Categories: CIO, Data Loss, Employees, Enterprise Mobility, Security.

For enterprise cyber defence, there should be more than one solution

Enterprises face a dilemma when it comes to defence against today’s modern DDoS attacks: do they trust the surgical precision of an on-premise DDoS protection solution or go with a DDoS cloud scrubbing solution? It’s a tough decision for IT managers to make, as whichever option chosen will be the companies way of protecting themselves from cyberattacks. But, why even choose between the two? 

When it comes to defending from cyberattacks, enterprises need all the help they can get, so why not...

By Ronald Sens, 23 May 2018, 0 comments. Categories: Data & Analytics, Data Loss, Enterprise Mobility, Security.

Five secrets of successful CISOs: Communication, regulation, and more

Today’s CISO is bombarded by jargon. Vendors want them to believe that everything from artificial intelligence, machine learning to blockchain is the silver bullet that will solve all their problems. Far from all the marketing and hype the reality is very different. At the end of the day all CISOs really care about is getting the basics of security right.

More often than not they are caught between a rock and a hard place. Attacks and threats get ever more sophisticated yet senior management...

By Matt Middleton-Leal, 22 May 2018, 0 comments. Categories: CIO, Data & Analytics, Data Loss, Employee Education, Employees, Security.

Connecting IoT and personal devices to enterprise networks invites massive security risk, finds Infoblox

Research by network control company Infoblox found that connecting IoT and personal devices to enterprise networks expose the networks to massive security risk including malware injection, phishing and social engineering hacks.

In the research, 35% of enterprises in the US, UK and Germany stated that every day their networks see over 5,000 personal device connections. On the contrary, only 16% of enterprises in the UAE report to have over 500 personal devices connected to their networks. On a typical day,...

By Enterprise CIO, 14 May 2018, 0 comments. Categories: Data & Analytics, Data Loss, IoT, Malware, Security.

Cybersecurity: Four steps CIOs can take to minimise data loss

With cyber-attacks on the rise most IT professionals acknowledge it’s no longer a question of if their organisation will get hacked, but when.

Last year the cyber-attack toll hit an all-time high. According to research by Risk Based Security, 2017 saw a record-breaking 5,000 cyber breaches and resulted in a staggering 7.89 billion records being compromised. Big brand names like Verifone, Verizon, eBay, Uber and Equifax all fell victim to breaches that exposed the personal data of millions of...

By Jan van Vliet, 17 April 2018, 0 comments. Categories: CIO, Data & Analytics, Data Loss, Enterprise Mobility, Security.

Why C-suite expertise does not always translate to InfoSec awareness

Their experience and judgement has led C-suite executives to the head of their organisations – yet according to new research from Bitdefender, these employees are most likely to expose the company to a major cyberattack.

According to the study, which polled 250 CIOs, CISOs and CSOs, more than two in five (41%) perceive their C-suite colleagues as InfoSec averse. A similar number (42%) say they are most concerned with a loss of customer and stakeholder trust with data breaches, while more than a quarter...

By James Bourne, 20 March 2018, 0 comments. Categories: CIO, Data & Analytics, Data Loss, Employees, Security.