Security News

A recent Imperva report found only 18 percent prioritized spend on a dedicated insider threat program compared to 25 percent focused on external threat intelligence. In addition to getting people onboard and policies in place, the business will need to inventory its data and locate data sources, determine how it will monitor behaviors, adapt the training program, and carry out investigations as well as how the ITP itself will be assessed on a regular basis.

Microsoft is rolling out its "Security Experts" managed service with an eye on stomping down threats and malware. Microsoft is planning to roll out three such managed services in 2022, one of which became available today.

A new report from Mandiant reveals details about an ongoing cyberespionage operation run by a threat actor dubbed UNC3524, monitored by Mandiant since December 2019. While such targeting may suggest financial motivations, Mandiant believes it's instead motivated by espionage, because the threat actor maintains its access and remains undetected for an order of magnitude longer than the average dwell time of 21 days.

The unsanctioned use of corporate IT systems, devices, and software - known as shadow IT - has increased significantly during the shift to remote work, and recent research found almost one in seven are concerned about information security because of employees following shadow IT practices. Shadow IT can be tough to mitigate, given the embedded culture of hybrid working in many organizations, in addition to a general lack of engagement from employees with their IT teams.

In this article, I'd like to explore some of the threat detection program challenges CISOs are facing and provide some tips on how they can improve their security operations. CISOs ensure the security operations program for threat detection, investigation and response is executing at peak performance.

"Kubernetes attacks are actually quite common, especially given how popular the container orchestration software is," said Trevor Morgan, product manager at comforte AG. "The array of threats to Kubernetes environments is quite broad.". As an example of how popular targeting vulnerable cloud infrastructure has become, Akamai security researcher Larry Cashdollar recently set up a simple Docker container honeypot, just to see what kind of notice it might attract from the wider web's cadre of cyberattackers.

Cyber attacks will continue to be a threat to businesses, but with Dell Technologies you can have peace of mind that your data and IT assets are secure, protected, and available. We stop at nothing to help thwart threats with intrinsically secure infrastructure and devices, comprehensive detection and response, data protection, and cyber-recovery.

According to the report, the global median dwell time-which is calculated as the median number of days an attacker is present in a target's environment before being detected-decreased from 24 days in 2020 to 21 days in 2021. Organizations' improved threat visibility and response as well as the pervasiveness of ransomware-which has a significantly lower median dwell time than non-ransomware intrusions-are likely driving factors behind reduced median dwell time, per the report.

Cybersecurity Advisory warns of Russian-backed cyber threats to infrastructure. The cybersecurity authorities of the U.S., Australia, Canada, New Zealand, and the U.K. released a joint Cybersecurity Advisory on April 20, warning organizations based in these countries that Russia's invasion of Ukraine could expose them to increased rates of malicious cyber activity.

The National Association of Corporate Directors, SecurityScorecard and the Cyber Threat Alliance released a report that examines the U.S. Securities and Exchange Commission's recently proposed rules and amendments on cybersecurity reporting requirements for public companies. The report concludes that the proposed rules, if enacted as currently drafted, would strengthen the ability of public companies, funds and advisors to combat cybersecurity threats and implement risk mitigation processes.