Security News > 2021

When it comes to the role that security plays as more enterprises shift left to protect applications from the beginning of development, implement DevOps processes and cultures, and accelerate workflow productivity, 76% of respondents report that container security is a clear priority at their organization. Questions over container security responsibilities within enterprises, how to balance security with performance, and how to respond to security incidents are far from settled.

Illumio released findings on visibility and security practices for remote endpoints, revealing how vulnerable organizations are to ransomware propagating throughout the network and the impact large-scale breaches have on a business - essentially grinding operations to a halt. Most organizations have a severe lack of visibility into remote endpoints, and few have a way to stop ransomware from spreading throughout their network after an initial breach.

Google this week published its Android security bulletin for February 2021, which includes information on more than 40 vulnerabilities, most of which could lead to elevation of privilege. Tracked as CVE-2021-0325, the issue is considered critical on Android 8.1 and 9 platform releases, but has only a high severity rating on Android 10 and 11, Google's advisory explains.

Tessian reveals just how much, and how often, people divulge about their lives online and how attackers take advantage of it. With insights from both professionals and hackers, the report explores how cybercriminals use an abundant and seemingly cheap resource - the personal information people share on social media and in out-of-office alerts - to craft social engineering attacks.

More than one-third of businesses have cloud budget overruns of up to 40 percent, and one in 12 companies exceed this number, a Pepperdata survey of 750 senior enterprise IT professionals in industries ranging from finance to healthcare, automotive, advertising and other data-intensive businesses reveals. In 2020, for one in three respondents, cloud spend was projected to be over budget by between 20 percent and 40 percent.

Delivering advanced detection capabilities powered by artificial intelligence, NICE Actimize's New Account Fraud solution takes a comprehensive and fully connected approach that directly addresses fraud loss manifested by stolen and synthetic identities as well as other fraud schemes associated with the act of opening an account. From account origination to both early and ongoing account monitoring, NICE Actimize's New Account Fraud solution detects and prevents fraud across the customer's lifecycle.

Ping Identity launched PingOne Verify, a new cloud service that helps enterprises make it easy for customers to verify their identity for rapid account onboarding, authentication and fraud prevention. PingOne Verify empowers enterprises to improve customer convenience and strengthen security by streamlining identity verification when customers create new accounts, enroll in new services and other scenarios where risk is elevated.

The dynamic nature of cybersecurity, the changes in the threat landscape, and the expansion of the attack surface lead organizations to add more security solutions-from different vendors-creating a layered security infrastructure that introduces new challenges to any team, with a much more significant impact on small ones. Sophisticated attacks continue to bypass these advanced security layers while FOMO compels security teams to evaluate every new solution that comes out.

HITRUST introduced the HITRUST Assurance Intelligence Engine, which uses a patent-pending approach to analyze assessment documentation for oversights, inconsistencies, and errors throughout the information security and privacy assessment process. Effective immediately, the HITRUST MyCSF SaaS information risk management and assessment platform will incorporate the AI Engine to measurably increase assurances delivered through HITRUST CSF Assessments.

Wickr announced the general availability of "Global Federation", a feature that will allow enterprise and government entities to securely communicate using end-to-end encryption with individual users and mission critical partners outside of their network. With Global Federation, all Wickr users across RAM, Enterprise and free Pro and Me offerings can now intercommunicate using state of the art end-to-end encryption while maintaining the highest level of security, administrative control, and compliance.