Tag: Risk Management

Security analytics to reach $12 billion by 2024

Amid a maelstrom of cybersecurity threats and rampant hacking attempts that leverage the power of the IoT against itself, organizations are forced to realize that they are on the losing side of this war.

As such, market vendors have no choice but to enhance their cybersecurity arsenal with more sophisticated tools which allow a deeper understanding of their users, devices, and systems. This will drive the security analytics market toward an impressive revenue of $12 billion by 2024, according to ABI Research.

Read more about the prognosis by ABI Rresearch on Help Net Security.

AI in Security Carries as Many Questions as Answers

Nearly three-quarters of all organizations have implemented security projects that have some level of intelligence built in. And the more security alerts a company sees in a day, the more likely it is to look to machine intelligence in order to deal with the flood.

Those are just two of the conclusions reached in a new white paper, “The State of AI in Cybersecurity: The Benefits, Limitations and Evolving Questions,” published today by Osterman Research. The report, based on more than 400 surveys of organizations with more than 1,000 employees, asked questions about the use of AI and the results of that use.

Read more about the findings of the new report on Dark Reading.

The solution to dysfunctional cybersecurity and network teams

One might expect people on different teams of a company’s IT department to be on the same page and have a certain amount of work-related trust for each other. However, a BlueCat Networks sponsored International Data Group (IDG) survey found that this isn’t always the case.

Over 65% of respondents indicated their company has experienced two or more cybersecurity events, while only 38% of the survey participants believe their organization is capable of defending against a cybersecurity event. The report does not mince words as to why: “Business investments in network operations and cybersecurity may be shortchanged if the teams responsible for those areas aren’t collaborating.”

Read more about the report’s findings and implications on TechRepublic.

6 Ways to Anger Attackers on Your Network

When you see an attacker on your network, it’s understandable to want to give them a taste of their own medicine. But how can you effectively anger intruders when “hacking back” is illegal?

“There are times when I have really wanted to strike back, but you can’t and you don’t,” says Gene Fredriksen, chief information security strategy for PCSU. However, there are several steps you can take to anger attackers without actively targeting them in response. The idea is to get the bad guy to think twice, he explains, and let them know you’re serious.

Read about some of the most effective ways to frustrate, deceive, and annoy attackers without risking legal consequences, on DarkReading.

Doxxing: What It Is How You Can Avoid It

Doxxing means publishing private information about someone online to harass or intimidate them. It has ruined reputations and caused untold distress to hundreds of people. On occasion, doxxing has resulted in injury or even death. Being doxxed can have serious consequences for your safety and privacy. How can you prevent it?

Doxxing and cyberbullying often go hand in hand, although doxxing has also been used — controversially — by journalists in pursuit of public interest stories. It’s a relatively new phenomenon grown out of early internet subculture, but it’s gaining both popularity and efficacy, driven partly by social media.

Read more about Doxxing and learn how to avoid this threat on Tripwire.

Why you need to use a password manager

If you thought passwords will soon be dead, think again. They’re here to stay — for now. Passwords are cumbersome and hard to remember — and just when you did, you’re told to change it again. And sometimes passwords can be guessed and are easily hackable.

Nobody likes passwords but they’re a fact of life. And while some have tried to kill them off by replacing them with fingerprints and face-scanning technology, neither are perfect and many still resort back to the trusty (but frustrating) password. How do you make them better? You need a password manager.

Read more about why you may want to start using a password manager on TechCrunch.

Cyber security and small and medium-sized companies

The cybersecurity threat continues to worsen. In the first half of 2018, the number of cyber breaches soared over 140% from a year earlier, leading to 33 billion compromised data records worldwide, reports Gemalto, an international data security company.

Small and medium-sized businesses (SMBs) are increasingly targeted and many are realising that they are viewed as attractive a target as the larger companies. Cisco’s 2018 SMB Cybersecurity Report found that 53% of mid-market companies in 26 countries experienced a breach.

Read more about the growing cyber threat for SMBs and learn how small companies can protect themselves in 2019, on Information Age.

Lax Controls Leave Fortune 500 Overexposed On the Net

Large companies are leaving easy-to-exploit systems exposed on the public Internet, raising the risk of a serious future compromise, according to data from two cybersecurity firms.

Rapid7 found that the average Fortune 500 firm had approximately 500 servers and devices connected to the Internet, with five- to 10 systems exposing Windows file-sharing or Telnet services. Fifteen out of the 21 industry sectors on which Rapid7 collected data had at lease one member allowing public access to a Windows file-sharing service. Both Rapid7’s report and an earlier report by security monitoring firm BitSight found that larger firms were likely to have self-inflicted holes in their defenses.

Read more about the findings of the two reports on DarkReading.

Most organizations suffered a business-disrupting cyber event

A study conducted by Ponemon Institute found that 60 percent of organizations globally had suffered two or more business-disrupting cyber events — defined as cyber attacks causing data breaches or significant disruption and downtime to business operations, plant and operational equipment — in the last 24 months. Further, 91 percent of respondents had suffered at least one such cyber event in the same time period.

Despite this documented history of damaging attacks, the study found that 54 percent of organizations are not measuring, and therefore don’t understand, the business costs of cyber risk.

Read more about the findings of the new report on Help Net Security.

Cyberattacks Skyrocketed in 2018. Are You Ready for 2019?

Board directors continue to up their investment in cybersecurity. Seventy-three percent  now say their organization requires that third-party vendors meet certain cyber risk requirements—up 30 percentage points from 2016, according to the 2018 BDO Cyber Governance Survey.

This increase in requirements and investment is warranted. During 2018, we have seen a 350% increase in ransomware attacks, a 250% increase in spoofing or business email compromise (BEC) attacks and a 70% increase in spear-phishing attacks in companies overall.  Further, the average cost of a cyber-data breach has risen from $4.9 million in 2017 to $7.5 million in 2018, according to the U.S. Securities and Exchange Commission.

Read more about the increasing cyber risk requirements on IndustryWeek.