Palo Alto Cortex Xpanse research team spent the first three months of 2021 monitoring the activities of attackers to better understand how much of an edge adversaries have in detecting systems that are vulnerable to attack. They followed a benchmark that they call “mean time to inventory” (MTTI), which is simply how long it takes somebody to start scanning for a vulnerability after it’s announced.
Xpanse research found 79% of observed exposures occurred in the cloud.
In the aftermath of the Colonial Pipeline attack, global IT association and learning community ISACA polled more than 1,200 members in the United States and found that 84% of respondents believe ransomware attacks will become more prevalent in the second half of 2021. The Colonial Pipeline attack caused massive disruptions to gasoline distribution in parts of the US this month, resurfacing preparedness for ransomware attacks as a front-burner topic for enterprises around the world. Colonial reportedly authorized a ransom payment of US $4.4 million. In the ISACA survey, four out of five survey respondents say they do not think their organization would pay the ransom if a ransomware attack hit their organization. Only 22% say a critical infrastructure organization should pay the ransom if attacked.
One thing is clear: the hybrid model will be permanent. Occupier requirements are constantly evolving and they are driving new considerations for landlords and workspace providers. Let’s review the core considerations and components required to create a secure tech operating layer that reassures the integrity of the workspace, operation and infrastructure while delivering a great occupier experience.
Failure of imagination leads to most crises. As the pandemic persists, vaccinations and vaccine resistance increases, mass shootings rise, and racial and political unrest show few signs of ebbing, seemingly impossible "what if" scenarios are our everyday reality. But can we prevent and protect ourselves from the bad impossibilities? In my experience, if we believe it can happen, then we can look for that trouble, see around corners and potentially head off bad situations. This is why opportunities for protective intelligence analysts are growing and, as digital transformation continues, will be one of the most in-demand roles at corporations alongside cybersecurity experts.
Distributed denial of service (DDOS) attacks - when an attacker attempts to make it impossible for a service to be deliverable - are increasing in size, frequency and duration. Kaspersky Lab reported a doubling of DDoS attacks in the first quarter of 2020 compared with the fourth quarter of 2019, plus an 80% jump compared with the same quarter last year. To learn more about how these attacks have evolved over the years, we talk to Roy Horev, Co-Founder and CTO at Vulcan Cyber, a vulnerability remediation orchestration provider.
The National Association of School Psychologists (NASP), the National Association of School Resource Officers (NASRO), and Safe and Sound Schools (SASS) have partnered to release updated guidance on conducting armed assailant drills in schools. The author organizations represent key stakeholders in school safety and crisis planning, preparedness, and implementation. This includes school-employed mental health professionals, school security and law enforcement, school administrators, other educators, and families.
Researchers at Check Point Research analyzing Android apps have discovered serious cloud misconfigurations leading to the potential exposure of data belonging to more than 100 million users.
In a report published recently, the firm discusses how the misuse of real-time database, notification managers, and storage exposed over 100 million users’ personal data (email, passwords, names, etc.) and left corporate resources vulnerable to malicious actors.
The traditional approach to securing cloud access goes against everything that DevOps is about. Regardless of what providers of legacy IAM, PAM, and other security solutions claim about their ability to scale with cloud application dev cycles, they’re concealing the extensive time, effort, and resources required to manage their solutions – three things that are in short supply in DevOps teams. So, the challenge becomes: how can enterprises integrate world class technologies for securing identities and access to cloud environments without bringing DevOps to a grinding halt?
RSS
