The top five impersonation techniques – and best practices to help reduce risk

Impersonation attacks are on the rise as attackers switch gears to target an increasingly remote and distracted workforce. Impersonation not only enables cybercriminals to gain trust and manipulate victims into disclosing sensitive data, but also significantly boosts their ability to successfully execute cybercrime. Such attacks are usually hard to detect and at times, leverage legitimate resources and channels for execution.

Impersonation attacks may not be new to the world of...

Enterprise plans for endpoint security in 2021: An interview with Christy Wyatt, Absolute, and Matthew Zielinski, Lenovo

Bottom line: Today’s largely distributed enterprises need to make sure they are putting endpoint security first in 2021– which includes closely managing every stage of the device lifecycle, from deployment to decommission, and ensuring all sensitive data remains protected.

There’s a looming paradox facing nearly every organisation today of how they’ll secure thousands of remote endpoints without having physical access to devices, and without disrupting worker productivity....

Cloud Security Alliance and ISACA come together for new cloud auditing certificate

The Cloud Security Alliance (CSA) and ISACA have announced the launch of a new cloud auditing and security certificate - aimed at being the first such 'global, vendor-neutral, technical credential' in the industry.

The Certificate of Cloud Auditing Knowledge (CCAK) aims to 'fill a gap in the industry for competent technical professionals who can help organisations mitigate risks and optimise ROI in the cloud', as the companies put it. The certification builds upon the...

Why Covid-19 is teaching enterprises how to mind the cybersecurity gap

30% of US and UK remote workers say their organisations don’t require them to use a secure access tool, including VPN, to log into corporate databases and systems, according to Ivanti’s 2021 Secure Consumer Cyber Report Plus, 25% of remote workers in the US and UK aren’t required to have specific security software running on their devices to access certain applications while working remotely And one in four US remote workers use their work email and passwords to log in to consumer...

How remote working demand continues to disrupt IT security norms

Enterprise IT security investment in critical infrastructure has been consistent over the last 12 months, regardless of huge disruptions from the global Covid-19 pandemic. The resulting effect has been mostly in increased demand for secure 'remote working' connectivity.

Cybersecurity spending announced by governments has not really changed significantly, with most maintaining similar funding planned in previous years, and an average year-on-year growth rate between 5% and...

A guide to privileged access management: The doorman for the cloud

After a year when digital transformation took a quantum leap at most enterprises and remote work exploded, it’s no surprise that the majority of enterprise workloads are now running in cloud-based infrastructure as a service (IaaS) and platform as a service (PaaS) offerings. 

This is creating a whole new set of security challenges around managing access to your organisation’s infrastructure across multiple cloud platforms—with all the various identities and configurations...

Cloud security fears continue: Managed services, messaging, FaaS at ‘perilous’ stage

As adoption of managed infrastructure services increases, new cloud attack areas arrive with them. According to a new report from Accurics, 23% of all security violations identified relate to poorly configured manage service offerings.

The study, Accurics' Cloud Cyber Resilience Report, assessed violations and drifts in real-world environments of Accurics users, as well as open source repositories and registries of infrastructure as code (IaC) components.

On average, the...

Why cybersecurity isn’t cybersecure without detection and recovery

Anyone responsible for data security who doesn’t get a shiver down their spine when they read the about yet another high-profile ransomware attack in the news is either doing something very right, or something very wrong.  

The danger of falling victim to a cybersecurity issue is getting greater as the volume of attacks continues to rise and bad actors become increasingly sophisticated. Interpol has highlighted how Covid-19 affected both the number and nature of...

Shadow IT is always going to be here – so learn how to harness it for your business goals

Many IT leaders expected that shadow IT usage would decrease as their organisations’ cloud strategies became more sophisticated. This was a good thing, they thought, because the ominously named practice of using unapproved applications posed a real threat to cybersecurity: Gartner predicted way back in 2016 that one third of successful enterprise attacks would be on shadow IT resources.

In fact, the opposite has happened. New waves of cloud technology have enabled new business...

Five tips for observability success amid cloud complexity

In 2020, the concept of observability in IT operations gained mindshare as IT leaders looked for new ways to rein in the complexity that’s grown organically with cloud computing and rapid digitisation.

Observability differs from IT monitoring in that it focuses on the development of the application and rich instrumentation so that operators can ask meaningful questions about how the software works or is working in production. The ability to ask new questions allows IT to gain...