Soon, your password will expire permanently
Passwords have been around since ancient times and they now serve as the primary method for authenticating a user during the login process. Individuals are expected to use unique username and password combinations to access dozens of protected resources every day – their social media accounts, banking profile, government portals and business resources. Yet, to…
Exploring the impact that hybrid cloud is having on enterprise security and IT teams
While enterprises rapidly transition to the public cloud, complexity is increasing, but visibility and team sizes are decreasing while security budgets remain flat to pose a significant obstacle to preventing data breaches, according to FireMon’s 2020 State of Hybrid Cloud Security Report. “As companies around the world undergo digital transformations and migrate to the cloud,…
5 considerations for building a zero trust IT environment
Zero trust isn’t a product or service, and it’s certainly not just a buzzword. Rather, it’s a particular approach to cybersecurity. It means exactly what it says – not “verify, then trust” but “never trust and always verify.” Essentially, zero trust is about protecting data by limiting access to it. An organization will not automatically…
Only 38% of US govt workers received ransomware prevention training
73% of government employees are concerned about impending ransomware threats to cities across the country, and more employees fear of cyberattacks to their community than natural disasters and terrorist attacks, an IBM survey has revealed. More than 100 cities across the United States were hit with ransomware in 2019. Data in the new Harris Poll…
Modern malware is increasingly leveraging evasive behaviors
Modern malware is increasingly leveraging evasive behaviors, a new report by VMware Carbon Black released at RSA Conference 2020 has revealed. The report uncovers the top attack tactics, techniques, and procedures (TTPs) seen over the last year and provides specific guidance on ransomware, commodity malware, wipers, access mining and destructive attacks. Among some of the…
Shadow IoT: A growing threat to enterprise security
Zscaler released their second annual IoT report, compiled after analyzing their customers’ IoT transactions in the Zscaler cloud for two weeks. The company found 553 different IoT devices across 21 categories from 212 manufacturers. Organizations around the world are observing this Shadow IoT phenomenon, where employees are bringing unauthorized devices into the enterprise. With this…
Cybersecurity hiring challenges and retention issues demand new talent pipelines
Cybersecurity teams continue to struggle with hiring and retention, and very little improvement has been achieved in these areas since last year, according to ISACA. Understaffed and lacking diversity ISACA’s 2020 State of Cybersecurity survey report, unveiled at RSA Conference 2020, finds that enterprises are short-staffed, have difficulty identifying enough qualified talent and don’t believe…
Increased monetization means more ransomware attacks
Organizations are detecting and containing attacks faster as the global median dwell time, defined as the duration between the start of a cyber intrusion and it being identified, was 56 days. This is 28% lower than the 78-day median observed in the previous year, according to FireEye. Consultants attribute this trend to organizations improving their…
Users still engaging in risky password, authentication practices
IT security practitioners are aware of good habits when it comes to strong authentication and password management, yet often fail to implement them due to poor usability or inconvenience, according to Yubico and Ponemon Institute. The conclusion is that IT security practitioners and individuals are both engaging in risky password and authentication practices, yet expectation…
High-risk vulnerabilities and public cloud-based attacks on the rise
A sharp increase (57%) in high-risk vulnerabilities drove the threat index score up 8% from December 2019 to January 2020, according to the Imperva Cyber Threat Index. Following the release of Oracle’s Critical Patch Update – which included 19 MySQL vulnerabilities—there was an unusual increase in the vulnerabilities risk component within the Index. Specifically, there…