Week in review: The economics of security research, SOC teams battle with burnout

Here’s an overview of some of last week’s most interesting news and articles:

SOC team members battle with burnout, overload and chaos
While some organizations have increased security operations center (SOC) funding, the overall gains have been meager, and the most significant issues have not only persisted, but worsened, according to Devo Technology.

Most malware in Q1 2020 was delivered via encrypted HTTPS connections
67% of all malware in Q1 2020 was delivered via encrypted HTTPS connections and 72% of encrypted malware was classified as zero day, so would have evaded signature-based antivirus protection, according to WatchGuard.

Cybercriminals are using IM platforms as marketplaces
Cybercriminals are increasingly using IM platforms like Telegram, Discord, Jabber, WhatsApp, IRC and others to advertise and sell their goods and services, IntSight researchers have found.

Study of global hackers and the economics of security research
Human ingenuity supported by actionable intelligence were found to be critical ingredients to maintaining a resilient infrastructure, Bugcrowd reveals. In fact, 78% of hackers indicated AI-powered cybersecurity solutions alone aren’t enough to outmaneuver cyber attacks over the next decade.

How to establish a threat intelligence program”>How to establish a threat intelligence program
Threat intelligence information can only serve their organization to the extent that they are able to digest the information and rapidly operationalize and deploy countermeasures.

Microsoft releases Defender ATP for Android and Linux
Microsoft has added support for Linux and Android to Microsoft Defender ATP, its unified enterprise endpoint security platform.

How to secure software in a DevOps world
The COVID-19 pandemic and its impact on the world has made a growing number of people realize how many of our everyday activities depend on software.

Companies are rethinking their approach to privacy management
TrustArc announced the results of its survey on how organizations are protecting and leveraging data, their most valuable asset. The survey polled more than 1,500 respondents from around the world at all levels of the organization.

How attackers target and exploit Microsoft Exchange servers
Microsoft has witnessed lately a rise in attacks aimed at compromising Exchange servers by exploiting an unpatched flaw – more specifically CVE-2020-0688, a patch for which was released in February 2020.

Ransomware perspectives: The shape of things to come
In this interview with Help Net Security, Michael Hamilton, CISO of CI Security, discusses ransomware attacks and offers insight on how they will evolve in the near future.

How do I select a mobile security solution for my business?
In order to select a suitable mobile security solution for your business, you need to consider a lot of factors. We’ve talked to several industry professionals to get their insight on the topic.

Privacy and security concerns related to patient data in the cloud
The Cloud Security Alliance has released a report examining privacy and security of patient data in the cloud.

Employees are worried about cyber threats in their home office environments
IBM Security released findings from a study focused on the behaviors and security risks of those new to working from home (WFH) during the COVID-19 pandemic.

Duration of application DDoS attacks increasing, some go on for days
There were seven major application DDoS attacks over the previous month — two of which lasted 5-6 days, Imperva reveals.

Keep remote workers and their devices secure with one click
In this interview for Help Net Security, Shailesh Athalye, VP Compliance at Qualys, discusses cloud-based Remote Endpoint Protection and illustrates how security teams can leverage its numerous features.

5 cybersecurity considerations for getting back to work securely
The new work-from-home world has poked countless holes in security perimeters, so organizations must prioritize cybersecurity preparation as well.

Fixing all vulnerabilities is unrealistic, you need to zero in on what matters
As technology constantly advances, software development teams are bombarded with security alerts at an increasing rate. This has made it nearly impossible to remediate every vulnerability, rendering the ability to properly prioritize remediation all the more critical, according to WhiteSource and CYR3CON.

How to protect remote workers from phishing and other attacks
Whether mandatory or not, remote work can pose unwanted security concerns for an organization, so it’s important to know how to be equipped to mitigate risk appropriately.

With regard to industrial cyber, we can no longer hide our heads in the sand
The massive attack on national infrastructures in Australia, only recently publicized, as well as the attack on Israel’s water infrastructure, do well to illustrate the threats prevalent in the world.

Why identity-based, distributed controls are better suited to address cloud-era threats
With more and more IT resources moving to the cloud and remote work becoming a ubiquitous business practice due to COVID-19, perimeter-based security is undeniably becoming a weak link, especially since attackers have repeatedly demonstrated they can bypass firewalls and spread laterally within enterprise networks.

Marred by garbage: Striking a balance for security data
Security applications are subject to the age-old computing axiom of “garbage in, garbage out.” To work effectively, they need the right data. Too much irrelevant data may overwhelm the processing and analytics of solutions and the results they deliver. Too little, and they may miss something crucial. It’s mainly a question of relevance, volume and velocity.

Guide: How to assess your email vulnerability for free in 20 minutes
Attacks delivered via email are extremely common and the fact is that many popular security solutions are just not handling these attacks well enough, missing 20-40% of the new attacks emerging every day. What makes this issue even more urgent is that attacks are constantly evolving and evading security solutions.

More about

Don't miss