Ian Barker

Back in May, when World Password Day was once again in the news, we asked whether the days of the password were numbered.

Rishi Bhargava, co-founder of Descope, agrees that passwords belong to the past. We spoke to him to discover more and find out how new technologies like passkeys are driving the change.

Continue reading →

Smaller businesses are not immune from cyberattacks. In fact, because they lack the resources for the latest defenses and to train their staff to spot threats, they can be particularly vulnerable.

Education and training are key to protect any business and to help smaller companies stay up to date Avast -- now part of digital security and privacy brand Gen -- is launching a new Cybersecurity Training Quiz.

Continue reading →

Cyberattacks and data breaches come it many forms, but often at the root of them is a phishing scam.

Exploiting the fact that humans are the weakest link in the security chain, cybercriminals use phishing to trick employees into giving up credentials or other sensitive information that can be used to gain a foothold to carry out a later attack.

Continue reading →

Concerns around supply chain security, partly driven by President Biden's Executive Order on Improving the US' Cybersecurity, are leading to increased adoption of software bills of materials (SBOM).

Research from Sonatype surveyed over 200 IT directors in the US and UK at businesses with over $50 million revenue and finds 76 percent of enterprises have adopted SBOMs since the order's introduction.

Continue reading →

Avril Lavigne didn't quite sing that line but she might well have done if she'd worked in IT. More than two-thirds of IT managers (68 percent) say their current privileged access management (PAM) product is too complex or has too many features they don't use.

A new report from Keeper Security also finds that 87 percent of respondents would prefer a pared down form of PAM that is easier to deploy and use.

Continue reading →

New research from SynSaber, along with the ICS Advisory Project, into industrial control operational technology system vulnerabilities finds that 34 percent of the CVEs reported in the first half of 2023 currently have no patch or remediation available from the vendor.

This compares to the 35 percent that had no fixes in the second half of 2022 but is a significant increase from the 13 percent in the first half of last year.

Continue reading →

The past few years have seen some major changes in the IT world. Accelerated by the pandemic we've seen a significant shift to the cloud and hybrid working models.

But this brings with it additional risks. We spoke to Matt Spitz, head of engineering at Vanta, to discuss the security challenges posed and how enterprises can adapt to cope with them.

Continue reading →

A new cloud threat findings report from Cado Security looks at the evolving cloud threat landscape, shedding light on the heightened risk of cyberattacks due to the rapid adoption of cloud-focused services.

The report shows SSH is the most commonly targeted service accounting for 68.2 percent of the samples seen, followed by Redis at 27.6 percent, and Log4Shell traffic at a mere 4.3 percent, indicating a shift in threat actor strategy no longer prioritizing the vulnerability as a means of initial access.

Continue reading →

On average, organizations' response time to cyber attacks improved by around a third -- from 29 to 19 days -- from 2021 to 2022.

The report from Immersive Labs suggests this improvement can be attributed to the urgency and need for fast response times amid the fallout of the Log4j crisis and other high-profile vulnerabilities over the past year.

Continue reading →

Comparison site Cable.co.uk has released its annual analysis of broadband speed tests around the globe.

As in last year's report Western Europe tops the regional charts with an average download speed of 118.69Mbps, with North America second on an average of 94.02Mbps.

Continue reading →

Cloud misconfiguration is a critical issue as it amplifies the risk of data breaches and unauthorized access. But new research from Qualys shows that many cloud deployments on major platforms are failing Center for Internet Security (CIS) benchmarks.

The report finds that on average, 50 percent of CIS Benchmarks are failing across the major providers. The average fail rate for each provider is 34 percent for AWS, 57 percent for Azure, and 60 percent for Google Cloud Platform (GCP).

Continue reading →

A new survey finds that nearly 80 percent of TLS certificates on the internet are vulnerable to man-in-the-middle (MiM) attacks, while as many as 25 percent of all certificates are expired at any given time.

The study, sponsored by automated machine identity management firm AppViewX and carried out by EEnterprise Management Associates (EMA), focuses on servers with SSL/TLS certificates on port 443.

Continue reading →

New research from Lookout finds that 40 percent of security pros have no clue about the UK Cyber Essentials framework -- the government backed program that aims to help UK organizations improve their cyber resiliency against the most common cyberattacks.

The research, carried out at Infosecurity Europe, surveyed 246 security professionals and finds only 28 percent of organizations had fully implemented Cyber Essentials. Of those that had not implemented the scheme, 58 percent say a lack of awareness or understanding is the reason why they hadn't.

Continue reading →

Over the past decade data modeling -- setting up data structures aligned to business requirements -- has tended to take something of a back seat as businesses have rushed to bring products to market.

But we're producing more data than ever and need ways to process it effectively. That's why Satish Jayanthi, CTO and co-founder at Coalesce, believes it's time for data modeling to make a comeback in enterprise strategy. We spoke to him to find out more.

Continue reading →

On Wednesday the US Securities and Exchange Commission (SEC) approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a 'material' impact on their finances.

This marks a major shift in how data breaches are disclosed and industry figures have been quick to give their views on the effect the new rules will have.

Continue reading →