Gartner recently published a report titled, 'Emerging Tech: CIEM Is Required for Cloud Security and IAM Providers to Compete,' and there are two overarching takeaways you'll want to note
Eric Kedrosky writes in Security Boulevard
""The first is that IAM vendors will need to incorporate CIEM capabilities to survive in the market; the second is that CIEM providers will only succeed in the market if they incorporate the trends that Gartner goes on to list. Sonrai Security was successfully noted as a 'Sample Provider' for CIEM, so we wanted to take a moment to review the significant findings in Gartner's report and offer advice on how to navigate picking a CIEM provider..."
How can your organization improve its Systems Applications and Products (SAP) risk posture?
"Aligning with the key principles of zero trust through tangible and specific measures is one way,"
writes Ryan Throop in SecurityIntelligence
"To begin, let's define the principles of zero trust. We've all seen the types and breadth of zero trust out there. Which are most relevant to SAP?..."
Ransomware has become a significant problem for enterprises and organization
Ransomware attacks have been steadily increasing since 2018, reaching 68.5% of attacks in 2021. Due to the danger it poses, organizations should know how to prevent ransomware and take steps to better protect their network.
What is a ransomware attack?
Ransomware is malware that locks access or encrypts files on a company network until a ransom is paid. While IT managers used to be most concerned with a ransomware attack's potential to shut down a company's entire computer network and negatively affect operations, they're increasingly becoming more afraid of data exfiltration - also known as Double Extortion Tactics.
Enterprise cybersecurity is under assault from unprecedented threats, exacerbated by the expanded attack surfaces brought about by remote work.
"For example," writes
Michael Rothschild in
"research from HP shows there was a 238% increase in cyberattack volume over the pandemic, with those numbers continuing to rise today.
A survey by the Ponemon Institute of IT and infosec leaders found credential theft (56%) and phishing (48%) to be the most common attack types experienced and Microsoft's Defense Report stated they'd found phishing attacks alone to be responsible for 70% of data breaches. The current situation makes clear the need for a more robust security posture, especially around authentication defense..."
Cumulative merchant losses to online payment fraud globally between 2023 and 2027 will exceed $343 billion, according to Juniper Research.
As a comparison, this equates to over 350% of Apple's reported net income in the 2021 fiscal year, showing the massive extent of these losses.
Online payment fraud includes losses across the sales of digital goods, physical goods, money transfer transactions and banking, as well as purchases like airline ticketing. Fraudster attacks can include phishing, business email compromise and socially engineered fraud.
Online payment fraud losses are partly being driven by fraudster innovation in areas such as account takeover fraud, where a user's account is hijacked. This is despite the wide employment of identity verification measures. - HelpNet Security
In the past, network security was implemented in such a way that assumed user accounts that already had access to a network were trustworthy.
writes William Elcock in ServerWatch
"the increasing popularity of cloud environments and remote work has created more opportunities for threat actors to gain unauthorized network access.
The problem with the traditional network segmentation model is that it only requires verification for users and systems outside of the network. This approach falls apart in today's world.
On the other hand, zero trust requires constant validation-even for internal network connections. This greatly reduces the chance of a cyber attack. Even if one does occur, this strategy greatly reduces the potential damage it may cause..."
From Heartbleed to Apache Struts to SolarWinds, these are the 10 watershed security incidents of the past 10 years.
Michael Hill writes in
"The last decade has seen its fair share of watershed moments that have had major implications on the cybersecurity landscape. Severe vulnerabilities, mass exploitations, and widespread cyberattacks have reshaped many aspects of modern security. To take stock of the past 10 years, cybersecurity vendor Trustwave has published the Decade Retrospective: The State of Vulnerabilities blog post featuring a list of what it considers to be the 10 most prominent and notable network security issues and breaches of the last 10 years..."
See all Archived IT News - Security articles
See all articles from this issue