The results of a global Infoblox survey on the state of network security at higher education institutions reveals that 81 percent of IT professionals believe securing campus networks has become more challenging in the last two years.
The report surveyed over 600 students, IT professionals and staff from higher education institutions in the U.S., U.K. and Germany, and found that networks at higher education institutions are incredibly complex, which can make them more vulnerable to attack. For example, the average student brings four or more devices with them on campus with 89 percent of IT professionals reporting an increase in the number of connected devices on campus networks.
In 2018, the average cost of a data breach is more than $3.75 million, and experts expect this number to rise in the coming years. This staggering—and potentially catastrophic—cost per incident is why implementing proper security practices is so important, so it is vital that enterprises both large and small understand how to secure their IT environments successfully.
So, what should you be measuring when it comes to your security program? As the old saying goes: If you can’t measure it, you can’t manage it.
Read about four Key Performance Indicators (KPIs) that can help enterprises navigate the murky waters of cybersecurity and reduce anxiety surrounding the possibility of cyber attacks, on Help Net Security.
A significant lack of visibility into devices and networks is putting businesses at risk for data leakage and phishing attacks, according to a study conducted by Enterprise Mobility Exchange.
The study showed that nearly 50 percent of mobile workers spend the majority of their worktime connected to non-corporate public Wi-Fi and carrier networks. Of that 50 percent, over 27 percent claim to connect to non-corporate owned networks more than 76 percent of the time. And, over 60 percent lack tools to audit when a device connects to a third-party network.
Worldwide spending on security-related hardware, software, and services is forecast to reach $133.7 billion in 2022, according to IDC. Although spending growth is expected to gradually slow over the 2017-2022 forecast period, the market will still deliver a compound annual growth rate (CAGR) of 9.9%. As a result, security spending in 2022 will be 45% greater than the $92.1 billion forecast for 2018.
Security-related services will be both the largest ($40.2 billion in 2018) and the fastest growing (11.9% CAGR) category of worldwide security spending. Managed security services will be the largest segment within the services category, delivering nearly 50% of the category total in 2022.
Radware released findings from its second annual web application security report, Radware 2018 State of Web Application Security. The report shares an in-depth view of the challenges organizations face in protecting web applications and how recent security breaches have affected them in the past year. In fact, it revealed that 67% of organizations believe hackers can still penetrate their network.
The research focused on global companies and showed a growing frequency and complexity of application-layer attacks. At least 89% of respondents have experienced attacks against web applications or web servers of the past 12 months.
When it comes to building a security operations center (SOC), it can be hard to know where to start. Even if you’re making sure the security operations team you already have in place has all the bases covered when it comes to protecting digital assets, ensuring you know exactly what’s going on throughout your environment can be a challenge.
To help you chart your course, Jorge Alago, cybersecurity architecture lead at Veristor, provides a quick rundown of essential components that should be core to your security efforts. Each one generates useful data and a unique perspective to help your team find out exactly what’s going on and determine how to best prevent, contain, and mitigate security threats.
In a new public service announcement, the FBI is warning companies about the dangers of leaving RDP endpoints exposed online.
RDP stands for the Remote Desktop Protocol, a proprietary technology that allows a user to log into a remote computer and interact with its OS via a visual interface that includes mouse and keyboard input. RDP access is often turned on for workstations in enterprise networks or for computers located in remote locations, where system administrators need access to, but can’t get to in person.
Read more about the FBI alert mentioning that millions of RDP endpoints remain exposed online and vulnerable to exploit, dictionary, and brute-force attacks, on ZDNet.
Getting senior managers to take computer security seriously is a struggle within many organisations, despite the frequency of high-profile data breaches and hacking incidents. Now the UK government’s computer security agency, the National Cyber Security Centre (NCSC), has put together a list of five questions aimed at starting ‘constructive’ discussions between executives and their computer security teams.
According to the NCSC, two-thirds of boards have received no training to help them deal with a cyber incident, and 10 percent have no plan in place to respond to one. These conversation-starters aim to bridge the gap between executives who don’t know about security issues and the IT department that may struggle to make its voice heard.
Read about the five questions that you should be able to answer on ZDNet.
Security trends come and go, but the sale of Remote Desktop Protocol (RDP) ports continues to thrive on the Dark Web as malicious hackers seek easier means of gaining access to corporate networks.
RDP is a Microsoft protocol and client interface used on several platforms. Most of the time, RDP is used for legitimate remote administration: when companies outsource IT, or remote admins have to access a colleague’s machine, they most commonly use RDP to connect to it. Unfortunately, RDP can also give hackers the keys they need to break into, move around, and steal data from enterprise targets.
Read more about how RDP ports are being sold on the Dark Web and learn how this puts your organization at risk, on DarkReading.
A group of researchers have proposed a new approach for keeping important documents safe: creating so many believable fakes that attackers are forced either to exfiltrate them all or to try to find the real one from within the system. Of course, both actions carry an increased risk of detection.
They’ve also demonstrated that creating and maintaining many fakes can be relatively inexpensive for the defenders, that the real document can be tracked among the fakes using secret sharing, while the knowledge of its nature is kept from the potentially compromised system.