Security News

Digital content is a double-edged sword, providing vast benefits while simultaneously posing significant threats to organizations across the globe. The sharing of digital content has increased...

Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 59% of applications in the public sector, compared to the overall rate of 42%. The research analyzed public sector organizations in more than 25 countries across the globe. Veracode researchers found that while slightly fewer public sector organizations have security debt than other industries, they tend to accumulate more of it.

The NIST Cybersecurity Framework 2.0 underscored that metrics like these alone are insufficient and probably even improper when used as proxies for security outcomes. Combining effective use of metrics plus a deeper understanding of how security processes play out is the best way to build more security agility and enable teams to react more quickly and effectively.

Although the goals and challenges of IT and security professionals intersect, 72% report security data and IT data are siloed in their organization, which contributes to corporate misalignment and elevated security risk, according to Ivanti. "While data silos can be a technology issue, resolving them and gaining a comprehensive understanding of an organization's risk landscape requires leadership. However, CIOs and CISOs are at odds. They face a tug-of-war challenge between enabling employee productivity while ensuring data security, which can lead to an increase in cyberattacks. To foster a more secure workplace, collaboration is essential," said Jeff Abbott, CEO, Ivanti.

As digital transformation accelerates, understanding how businesses are preparing for and implementing digital ID technologies is crucial for staying ahead in security and efficiency, according to Regula. A digital ID is an online representation of an individual containing personal information, credentials, and attributes used to establish and authenticate identity in digital spaces.

The research reveals that 40% of cyber teams have not reported a cyber incident out of fear of losing their jobs - a disclosure that signifies a serious underreporting of cyber breaches globally. A rising skills gap between cyber teams and criminals.

With this map, the researchers can explore how neuron-like data points, called features, affect a generative AI's output. Some of these features are "Safety relevant," meaning that if people reliably identify those features, it could help tune generative AI to avoid potentially dangerous topics or actions.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing...

Conduct regular security training, especially with staff members who work with sensitive data and with executives who are often the targets of BEC. This should include live instruction, security awareness training videos and testing, and phishing simulation testing that use current, real-world attacks as examples. Finally, gamifying the cyber-aware culture by rewarding the employee with "Most reported emails" or the "Fastest reporter" promotes contributing to the overall security posture of the organization while keeping reporting engaging and fun.

Siloed approaches to securing human and machine identities are driving identity-based attacks across enterprises and their ecosystems, according to CyberArk. The CyberArk 2024 Identity Security Threat Landscape Report was conducted across private and public sector organizations of 500 employees and above. Machine identities often lack identity security controls.