Ian Barker

The threat of business email compromise (BEC) is growing year on year and is projected to be twice as high as the threat of phishing in general.

According to a new report from cloud email security platform IRONSCALES, over 93 percent of organizations have experienced one or more of the BEC attack variants in the previous 12 months, with 62 percent facing three or more attack variants.

Continue reading →

Secrets are not just login credentials and personal data; they securely hold together the components of the modern software supply chain, from code to the cloud. And because of the leverage they provide they are much sought-after by hackers.

However, many breaches that occurred in 2022 show how inadequate the protection of secrets is. Research from automated detection specialist GitGuardian finds that one in 10 code authors exposed a secret in 2022.

Continue reading →

Much of our modern communication relies on satellites, but the data sent between them and ground stations is vulnerable to theft, leaving satellite communications even more accessible than typical internet communications.

Post-quantum cybersecurity company QuSecure has announced that it's achieved an end-to-end quantum-resilient cryptographic communications satellite link.

Continue reading →

Password service 1Password is launching a new service that will allow enterprise customers to unlock their 1Password accounts using third-party identity services.

Unlock with Single Sign-On (SSO) automatically provisions and deprovisions employees, with streamlined deployment through the bridge connection for the 1Password SCIM (System for Cross-domain Identity Management).

Continue reading →

The UK's new Data Protection and Digital Information Bill is set to reduce costs and burdens for British businesses and charities, and remove barriers to international trade.

We know from when it was first brought before parliament last summer that it will also cut the number of repetitive data collection and cookie pop-ups online.

Continue reading →

This year marks the first time in more than a decade that managing cloud spend has overtaken security as the top challenge facing organizations, according to the latest State of the Cloud report from Flexera.

The report is based on responses of 750 respondents from a survey conducted in late 2022 and finds optimizing existing use of the cloud (cost savings) is the top initiative (reported by 62 percent of all respondents).

Continue reading →

A new study from Specops Software finds that 88 percent of passwords used in successful attacks consisted of 12 characters or less, with the most common being just eight characters (24 percent).

The research, largely compiled through analysis of 800 million breached passwords, finds the most common base terms used in passwords are depressingly familiar: 'password', 'admin', 'welcome' and 'p@ssw0rd'.

Continue reading →

Switching to the cloud has left organizations in heavily regulated industries like healthcare and financial services with a greater attack surface, according to a new report.

Research published today by Blancco Technology Group, based on responses from 1,800 IT professionals in healthcare and finance, shows 65 percent of respondents say that the switch has also increased the volume of redundant, obsolete or trivial (ROT) data they collect.

Continue reading →

It's become common for businesses to use more than one cloud, however, service providers have no incentive to offer unified management tools as they want to keep customers for themselves.

This means enterprises end up relying on multiple tools as their cloud footprint expands which is not only inefficient but can be costly. We spoke to Rod Stuhlmuller, VP of solutions marketing at Aviatrix, to find out how organizations can monitor and control their cloud usage and costs at a time when budgets are coming under increased pressure.

Continue reading →

As developers increasingly rely on open source components in their projects, knowing which have been used is a key part of being able to identify updates and potential threats. This is where a software bill of materials (SBOM) is essential.

Application security testing and software research services company GrammaTech is launching a no cost SBOM service, alongside a new version of its CodeSentry software composition analysis (SCA) tool.

Continue reading →

Threat protection company Vade has released its latest Phishers' Favorites report for 2022 which finds that financial services is the most impersonated industry, accounting for 34 percent of phishing pages as attackers continue to follow the money.

There are also seven finance brands in the top 20, with PayPal, MTB, Crédit Agricole, and La Banaque Postale all securing a spot in the top 10.

Continue reading →

The latest Annual Trends Report from Jamf, based on a sample of 500,000 devices protected by the company's technology, looks at the threats impacting devices used in the modern workplace and finds social engineering tops the list.

The combination of an increasingly distributed workforce with the relative ease with which bad actors can carry out phishing campaigns, leads to the leakage of user credentials. In 2022, 31 percent of organizations had at least one user fall victim to a phishing attack.

Continue reading →

One of the popular buzzwords in development circles in recent years has been 'deployment at scale'. Now, while it's nice to have a universally recognized term, opinions about what deployment at scale actually means tend to vary.

So what exactly does 'at scale' mean in the development community and how can companies define their own approach? We spoke to Adam Frank, VP, product and marketing at Armory.io, to find out.

Continue reading →

Generative AI has been getting attention recently for its novelty, unique applications and potential impact on the business world.

But, like any new invention, there's some confusion around what it actually is and what it can do. We spoke to Scott Varho, chief evangelist of 3Pillar Global, who argues that companies shouldn't be rushing to adopt generative AI without considering their needs and potential value.

Continue reading →

Enterprises need real-time access to lots of data, but it's important that access to that data is properly controlled.

Radiant Logic is launching a new data intelligence offering that offers identity observability and visualization capabilities, all built on an extensible API-layer and available as a SaaS offering.

Continue reading →