Yet, organisations still experience 30 cyber breaches per year, signalling need for more investment in innovative technologies to further improve cyber resilience With ransomware and distributed denial of service (DDoS) attacks on the rise, the average number of focused cyberattacks per organisation has more than doubled this year compared to the previous 12 months (232 through January 2018 versus 106 through January 2017). In the face of these growing cyber threats, organisations are demonstrating far more success in detecting and blocking them, according to a new study from Accenture (NYSE: ACN). Yet, despite making significant progress, only two out of…
ISBuzz Team
Bomgar has announced the findings of its 2018 Privileged Access Threat Report, a global survey that explores the visibility, control, and management that IT organisations in the U.S. and Europe have over employees, contractors, and third-party vendors with privileged access to their IT networks. This year’s report found that external threats are not the main concern for IT professionals, but rather breaches that are linked to vulnerabilities caused by staff or third-party vendors operating within an organisation’s own network. In fact, 43% of organisations claimed to have suffered a serious information security breach or expect to do so in the next six months,…
While application breaches jumped 55%, emerging DevSecOps practices grew 15% Sonatype, the leader in open source governance and DevSecOps automation, today published findings from its fifth annual DevSecOps Community Survey of 2,076 IT professionals. The survey shares practitioner perspectives on evolving DevSecOps practices, shifting investments, and changing perceptions. Survey respondents revealed that breaches related to open source components grew at a staggering 50% since 2017, and 121% since 2014. This follows on from Sonatype’s findings earlier in the year, which showed that 1 in 8 open source components downloaded by developers in the UK contained a known security vulnerability. Yet despite…
Russian hackers are targeting millions of devices around the world to spy, steal information and build networks for potentially devastating future cyberattacks. IT security experts commented below. Gavin Millard, Technical Director at Tenable: “Irrelevant of who the threat actors are or their motivations, the existence of an easily exploited vulnerability on critical infrastructure connected to the internet should be addressed immediately. As stated in the technical alert, if a threat actor can gain privileged access to a router, the options for further exploitation are endless. “It’s important to note, even though the recently disclosed Cisco Smart Install vulnerability doesn’t affect…
How Advanced WAF can bolster app security The boundary between data compliance and breaking the law is becoming increasingly fine. As the EU General Data Protection Regulation (GDPR) tears up the rulebook for how organisations digitally trade, how can you be sure both operations and customer data are safe and sound? The most rigorous regulation of its kind in the world, GDPR raises the bar for citizens’ data rights and significantly alters our collective attitudes to personal data. For example, citizens are now empowered with the right to anonymity and can force companies to relinquish their credentials upon request. Its impact…
Cloud Security Alliance Global Enterprise Advisory Board Publishes State of Cloud Security 2018 The report, authored by the CSA Global Enterprise Advisory Board, examines such areas as the adoption of cloud and related technologies, what both enterprises and cloud providers are doing to ensure security requirements are met, how to best work with regulators, the evolving threat landscape, and goes on to touch upon the industry skills gap. Explores case studies and potential use cases for blockchain, application containers, microservices and other technologies will be important to keep pace with market adoption and the creation of secure industry best practices. Full…
Today McAfee releases its annual report examining the current state of cloud adoption, with in-depth analysis exploring how organizations are using cloud services today, where they plan to take their services next, how quickly they think they can get there and their methods for dealing with critical obstacles. McAfee uncovered that the lack of trained cybersecurity professionals is causing forty percent of IT leaders to slow cloud adoption. To make up the difference, businesses and governments are partnering with consultants, managed service providers, and their cloud providers to augment and magnify in-house capabilities to better position themselves against attacks when…
While new security regulation for financial businesses in New York recognises that employees may be the weakest link, there should be a wider acceptance of the role played by new technologies such as file-regeneration, says Greg Sim, CEO at Glasswall Solutions. “Everyone is part of our cyber security team,” said the chief information security officer at a private trust company in New York. “It doesn’t matter what myself or my colleagues do from a technical perspective. If I have one user who clicks a bad link or answers a phisher’s question over the phone, it’s all for naught.” These are…
Gemalto released the latest findings of the Breach Level Index, revealing that 2.6 billion records were stolen, lost or exposed worldwide in 2017, an 88% increase from 2016. While data breach incidents decreased by 11%, 2017 was the first year publicly disclosed breaches surpassed more than two billion compromised data records since the Breach Level Index began tracking data breaches in 2013. Chris Doman, Security Researcher at AlienVault commented below. Chris Doman, Security Researcher at AlienVault: “I’d take the high level numbers in the report with a pinch of salt. The yearly trends depend primarily upon large breaches, like Yahoo,…
More interesting ideas emerged when the panel discussed data protection officers (DPOs). It was agreed that these shouldn’t take on the role of data police, but become a focal point for interpreting the regulations and answering questions. It was suggested that these should be complemented by ‘data stewards’ or ‘privacy champions’ with the task of spreading awareness of the need for compliance. It was stressed that this should be company-wide, including the call centre or help desk – as both are in the frontline if a customer calls to ask what the business is doing with their particular personal details.…
