Tag: Security Intelligence

3 Strategies to overcome data security challenges in 2024

There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030. This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need…

ICS CERT predictions for 2024: What you need to know

As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater…

How I got started: Ransomware negotiator

Specialized roles in cybersecurity are proliferating, which isn’t surprising given the evolving threat landscape and the devastating impact of ransomware on many businesses. Among these roles, ransomware negotiators are becoming more and more crucial. These negotiators operate on the front…

How AI can be hacked with prompt injection: NIST report

The National Institute of Standards and Technology (NIST) closely observes the AI lifecycle, and for good reason. As AI proliferates, so does the discovery and exploitation of AI cybersecurity vulnerabilities. Prompt injection is one such vulnerability that specifically attacks generative…

From federation to fabric: IAM’s evolution

In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in…

The compelling need for cloud-native data protection

Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches…

How I got started: Cyber AI/ML engineer

As generative AI goes mainstream, it highlights the increasing demand for AI cybersecurity professionals like Maria Pospelova. Pospelova is currently a senior data scientist, and data science team lead at OpenText Cybersecurity. She also worked at Interest, an AI cybersecurity…

Data residency: What is it and why it is important?

Data residency is a hot topic, especially for cloud data. The reason is multi-faceted, but the focus has been driven by the General Data Protection Regulation (GDPR), which governs information privacy in the European Union and the European Economic Area.…

Back to basics: Better security in the AI era

The rise of artificial intelligence (AI), large language models (LLM) and IoT solutions has created a new security landscape. From generative AI tools that can be taught to create malicious code to the exploitation of connected devices as a way…

Third-party breaches hit 90% of top global energy companies

A new report from SecurityScorecard reveals a startling trend among the world’s top energy companies, with 90% suffering from data breaches through third parties over the last year. This statistic is particularly concerning given the crucial function these companies serve…

Mapping attacks on generative AI to business impact

In recent months, we’ve seen government and business leaders put an increased focus on securing AI models. If generative AI is the next big platform to transform the services and functions on which society as a whole depends, ensuring that…

Ermac malware: The other side of the code

When the Cerberus code was leaked in late 2020, IBM Trusteer researchers projected that a new Cerberus mutation was just a matter of time. Multiple actors used the leaked Cerberus code but without significant changes to the malware. However, the…

PixPirate: The Brazilian financial malware you can’t see

Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that…

DORA and your quantum-safe cryptography migration

Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector. The Digital Operational Resilience Act (DORA) is a…

Beware of rogue chatbot hacking incidents

For years, chatbots have been a useful tool to help automate customer-facing applications. But what happens if the chatbot goes rogue? Recent reports have revealed that this may have happened to the Comcast / Xfinity chatbot. First, there were incidents…

Boardroom cyber expertise comes under scrutiny

Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to…

The CISO’s guide to accelerating quantum-safe readiness

Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure…

Cybersecurity trends: IBM’s predictions for 2024

From world events to the economy, 2023 was an unpredictable year. Cybersecurity didn’t stray far from this theme, delivering some unexpected twists. As organizations begin planning their security strategies for 2024, now is the time to look back on the…

IT and OT cybersecurity: A holistic approach

In the realm of cybersecurity, both information technology (IT) and operational technology (OT) present distinct challenges that organizations must navigate. Ensuring the security of these distinct domains is paramount to bolstering your overall cyber resilience. By following the best practices…

What the cybersecurity workforce can expect in 2024

For cybersecurity professionals, 2023 was a mixed bag of opportunities and concerns. The good news is that the number of people in cybersecurity jobs has reached its highest number ever: 5.5 million, according to the 2023 ISC2 Global Workforce Study.…

Accelerating security outcomes with a cloud-native SIEM

As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with…

Best practices for cloud configuration security

Cloud computing has become an integral part of IT infrastructure for businesses of all sizes, providing on-demand access to a wide range of services and resources. The evolution of cloud computing has been driven by the need for more efficient,…

What cybersecurity pros can learn from first responders

Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm,…

Unified endpoint management for purpose-based devices

As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and…

Pentesting vs. Pentesting as a Service: Which is better?

In today’s quickly evolving cybersecurity landscape, organizations constantly seek the most effective ways to secure their digital assets. Penetration testing (pentesting) has emerged as a leading solution for identifying potential system vulnerabilities while closing security gaps that can lead to…

The evolution of ransomware: Lessons for the future

Ransomware has been part of the cyber crime ecosystem since the late 1980s and remains a major threat in the cyber landscape today. Evolving ransomware attacks are becoming increasingly more sophisticated as threat actors leverage vulnerabilities, social engineering and insider…

Data security tools make data loss prevention more efficient

As businesses navigate the complexities of modern-day cybersecurity initiatives, data loss prevention (DLP) software is the frontline defense against potential data breaches and exfiltration. DLP solutions allow organizations to detect, react to and prevent data leakage or misuse of sensitive…

NIST’s security transformation: How to keep up

One thing that came out of the pandemic years was a stronger push toward an organization-wide digital transformation. Working remotely forced companies to integrate digital technologies, ranging from cloud computing services to AI/ML, across business operations to allow workers to…

What is data security posture management?

Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82%…

Could a threat actor socially engineer ChatGPT?

As the one-year anniversary of ChatGPT approaches, cybersecurity analysts are still exploring their options. One primary goal is to understand how generative AI can help solve security problems while also looking out for ways threat actors can use the technology.…

Virtual credit card fraud: An old scam reinvented

In today’s rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they…

The evolution of 20 years of cybersecurity awareness

Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved…

Vulnerability resolution enhanced by integrations

Why speed is of the essence in today’s cybersecurity landscape? How are you quickly achieving vulnerability resolution? Identifying vulnerabilities should be part of the daily process within an organization. It’s an important piece of maintaining an organization’s security posture. However,…

How I got started: SIEM engineer

As careers in cybersecurity become increasingly more specialized, Security Information and Event Management (SIEM) engineers are playing a more prominent role. These professionals are like forensic specialists but are also on the front lines protecting sensitive information from the relentless…

Cost of a data breach 2023: Geographical breakdowns

Data breaches can occur anywhere in the world, but they are historically more common in specific countries. Typically, countries with high internet usage and digital services are more prone to data breaches. To that end, IBM’s Cost of a Data…

The Growing Risks of Shadow IT and SaaS Sprawl

In today’s fast-paced digital landscape, there is no shortage of apps and Software-as-a-Service (SaaS) solutions tailored to meet the diverse needs of businesses across different industries. This incredible array of options has revolutionized how we work, providing cost-effective and user-friendly…

Are you ready to build your organization’s digital trust?

As organizations continue their digital transformation journey, they need to be able to trust that their digital assets are secure. That’s not easy in today’s environment, as the numbers and sophistication of cyberattacks increase and organizations face challenges from remote…

Why keep Cybercom and the NSA’s dual-hat arrangement?

The dual-hat arrangement, where one person leads both the National Security Agency (NSA) and U.S. Cyber Command (Cybercom), has been in place since Cybercom’s creation in 2010. What was once touted as temporary 13 years ago now seems established. Will…

Why consumer drones represent a special cybersecurity risk

Cybersecurity staff at an East Coast financial services company last summer detected unusual activity on its internal Atlassian Confluence page originating inside the company’s network. The MAC address used locally belonged to an employee known to be currently using the…

Machine learning operations can revolutionize cybersecurity

Machine learning operations (MLOps) refers to the practices and tools employed to streamline the deployment, management and monitoring of machine learning models in production environments. While MLOps is commonly associated with data science and machine learning workflows, its integration with…

Zero-day attacks are on the rise. Can patches keep up?

That latest cyberattack threatening your organization is likely coming from outside the corporate network. According to Mandiant’s M-Trends 2023 report, 63% of breaches came from an outside entity — a considerable rise from 47% the year before. When it comes…

Lessons learned from the Microsoft Cloud breach

In early July, the news broke that threat actors in China used a Microsoft security flaw to execute highly targeted and sophisticated espionage against dozens of entities. Victims included the U.S. Commerce Secretary, several U.S. State Department officials and other…

Remote access detection in 2023: Unmasking invisible fraud

In the ever-evolving fraud landscape, fraudsters have shifted their tactics from using third-party devices to on-device fraud. Now, users face the rising threat of fraud involving remote access tools (RATs), while banks and fraud detection vendors struggle with new challenges…

SIEM and SOAR in 2023: Key trends and new changes

Security information and event management (SIEM) systems remain a key component of security operations centers (SOCs). Security orchestration, automation, and response (SOAR) frameworks, meanwhile, have emerged to fill the gap in these capabilities left by many SIEM systems. But as…

The future of SIEM: Embracing predictive analytics

Security information and event management (SIEM) is a crucial tool that offers real-time monitoring and analysis of security-related events as well as tracking and logging of security data for compliance or auditing purposes. SIEM plays an important role in identifying…

The link between home, family and company security

It’s no surprise that cyber criminals target high-profile individuals or those with access privilege. Malicious actors often use social engineering and whale phishing attacks against these people to breach systems. But households and family members of company executives may also…

Threat hunting 101: How to outthink attackers

Threat hunting involves looking for threats and adversaries in an organization’s digital infrastructure that existing security tools don’t detect. It is proactively looking for threats in the environment by assuming that the adversary is in the process of compromising the…

How to prevent and prepare for a cyber catastrophe

Ransomware and data leaks are inconvenient and costly. But what about a cyber incident that leads to mass casualties?  The notion of “black swan” events — incidents that are so rare and unusual they cannot be predicted —  is a…

The evolution of security analyst experience

Cloud computing and IT modernization have created a more complex threat landscape, and security analysts are struggling to keep up. Security operations centers (SOC) are in need of an upgrade. The proliferation of cloud and hybrid environments simply creates more…

Was the digital transformation worth it, security-wise?

Not long ago, the corporate world was enthralled with the promise of digital transformation. But in the midst of the digital revolution, people were paying less attention to security than they probably should have. The business advantages of digital transformation…

Artificial intelligence threats in identity management

The 2023 Identity Security Threat Landscape Report from CyberArk identified some valuable insights. 2,300 security professionals surveyed responded with some sobering figures: 68% are concerned about insider threats from employee layoffs and churn 99% expect some type of identity compromise…

Spend to save: The CFO’s guide to cybersecurity investment

Attack volumes are up, and attackers are finding new ways to compromise corporate security. According to the HackerOne 6th Annual Hacker-Powered Security Report, ethical hackers found 65,000 vulnerabilities in 2022. What’s more, 92% of hackers said they could pinpoint weaknesses…

AI reduces data breach lifecycles and costs

The cybersecurity tools you implement can make a difference in the financial future of your business. According to the 2023 IBM Cost of a Data Breach report, organizations using security AI and automation incurred fewer data breach costs compared to…

The rise of malicious Chrome extensions targeting Latin America

In its latest research, IBM Security Lab has observed a noticeable increase in campaigns related to malicious Chrome extensions, targeting  Latin America with a focus on financial institutions, booking sites, and instant messaging. This trend is particularly concerning considering Chrome…

How credential stuffing works (and how to stop it)

In December 2022, Norton users were put on high alert after threat actors compromised the security application with a credential-stuffing attack. Norton’s security team locked down about 925,000 accounts after detecting a suspicious flurry of login attempts from Norton Password…

QRadar SIEM reduces incident investigation time by 90%

Rising risk, long incident remediation times and high security costs — these things keep security professionals up at night. But SIEM can make a positive difference in all three, according to a recent report. Security information and event management (SIEM)…

What’s new in the 2023 Cost of a Data Breach report

Data breach costs continue to grow, according to new research, reaching a record-high global average of $4.45 million, representing a 15% increase over three years. Costs in the healthcare industry continued to top the charts, as the most expensive industry…

What to do about the rise of financial fraud

As our lives become increasingly digital, threat actors gain even more avenues of attack. With the average person spending about 400 minutes online, many scammers enjoy a heyday. Old impersonation scams continue to deceive people every day, as con artists…

X-Force certified containment: Responding to AD CS attacks

This post was made possible through the contributions of Joseph Spero and Thanassis Diogos. In June 2023, IBM Security X-Force responded to an incident where a client had received alerts from their security tooling regarding potential malicious activity originating from…

Cloud security in the era of artificial intelligence

AI and machine learning (ML) have revolutionized cloud computing, enhancing efficiency, scalability and performance. They contribute to improved operations through predictive analytics, anomaly detection and automation. However, the growing ubiquity and accessibility of AI also expose cloud computing to a…

The top 10 API security risks OWASP list for 2023

As more organizations rely on the automation and scale that web applications and connected services provide, application programming interface (API) security has become imperative. In just the last year alone, unique attackers targeting customer APIs grew by 400%, proving that…