Security News

Enterprise security teams need to move from the consumption of crowdsourced threat intelligence to an additional mode of contribution. We are a community with grand ideas around the concept of crowdsourced threat intelligence, but with little history or previous successes that show CTI as a viable idea.

Half of US organizations are not effective at countering phishing and ransomware threats, Osterman Research research reveals. The study asked respondents to rate their effectiveness in 17 key best practice areas related to ransomware and phishing, ranging from protecting endpoints from malware infection to ensuring prompt patching of all systems.

While the increased need for flexibility, agility, and speed continues to drive the evolution of application development and increased deployment of microservice-based architectures, many organizations have not updated their security tooling and continue to rely on traditional web application and API security tools to protect their business. "One of the biggest security challenges we are seeing today is that technologies are rapidly evolving to better serve the growing demand for digital experiences, but the security offerings that protect those technologies are not experiencing that same level of transformation - and often erode the benefits of modern technology stacks," said Kelly Shortridge, Senior Principal Technologist at Fastly.

MI5's UK Annual Threat Update 2021 from director general Ken McCallum almost mirrors the threat warnings delivered by U.S. government agencies: ransomware and IP theft in cyber, and extreme right-wing terrorism amplified by online echo chambers. McCallum's view is, "For as long as it's cheap and easy for hostile actors to try to access UK data; or to cultivate initially-unwitting individuals here; or to spread false, divisive information - they are bound to keep doing so." The UK house also needs to be got in order - and in both cases the call is for new and stronger legislation.

As COVID-19 vaccinations continue, companies embrace hybrid work, employees return to the office and the U.S. opens up, violence and physical threats to businesses are occurring at an unsettling, record-high pace, according to the Ontic Center for Protective Intelligence. The study showcases the collective perspectives of physical security directors, physical security decision-makers, chief security officers, chief information officers, chief technology officers, chief information security officers and IT leaders at American companies on how physical security challenges and opportunities are unfolding in 2021 as the country emerges from the pandemic.

Perception Point announced its Advanced Threat Protection service for Amazon Web Services environments to protect joint customers' data and stop malicious content - files and URLs - from infiltrating their Amazon Simple Storage Service buckets. Enterprises and innovative SaaS vendors are increasingly storing their internal data as well files received from external sources in Amazon S3 buckets.

For decades, the cybersecurity industry has followed a defense-in-depth strategy, which allowed organizations to designate the battlefield against bad actors at their edge firewall. A fundamental rethink is needed by organizations to ensure they are set up to continuously adapt and evolve to meet the rapidly changing nature of threats.

Microsoft has flexed its muscles in the cybersecurity space, and will drop a reported $500 million in cash to acquire RiskIQ, a late stage startup in the threat intelligence and attack surface management business. Microsoft called out the value of RiskIQ's attack surface management capabilities as part of the impetus for the acquisition.

Today's reality is that security breaches are a given. Sophisticated attackers are too numerous and too determined to get caught by perimeter defenses.

Security Compass published the results of a report designed to provide a better understanding of the current state of threat modeling in mid-sized, $100M to $999M and large sized, $1B + enterprises, with a specific focus on the challenges organizations face in scaling threat modeling for the applications they build and deploy. Current performance on threat modeling approaches Only 25% of survey participants indicate their organizations conduct threat modeling during the early phases of software development requirements gathering and design, before proceeding with application development.