IT Security Leaders Engage in Risky Security, Password Habits

IT security practitioners routinely engage in risky password and authentication practices. And there’s a misalignment between expectations and reality when it comes to the implementation of usable security tools, according to a recent report from Yubico and conducted by the Ponemon Institute. Researchers surveyed 2,507 global IT and IT security leaders, as well as 563 individual users. They found that while most IT leaders have strong awareness of best practice authentication and password management, those tools and skills are often not put into action due to inconvenience or usability issues. In fact, individual users were found to have better security practices than the IT leaders. The report found that of the 35 percent of users who reported experiencing an account takeover, 76 percent changed how they managed their account passwords or protected their accounts.

Spotlight

Cyber attacks are increasing in volume, sophistication, and severity, and the federal government has taken notice. Now, they’re taking action — most recently in the form of new cybersecurity rules from the Securities and Exchange Commission. In “11 Ways to Streamline SEC Cybersecurity Compliance with Risk Cloud,” we explore a va

Spotlight

Cyber attacks are increasing in volume, sophistication, and severity, and the federal government has taken notice. Now, they’re taking action — most recently in the form of new cybersecurity rules from the Securities and Exchange Commission. In “11 Ways to Streamline SEC Cybersecurity Compliance with Risk Cloud,” we explore a va

Related News

Network Threat Detection

Fortinet Focuses on Business Growth to Drive Cybersecurity Innovation

Fortinet | November 06, 2023

Fortinet prioritizes secure networking, universal SASE, and security operations to expand globally and innovate in cybersecurity. Secure networking is estimated to reach $86 billion by 2027 and universal SASE $36 billion, aligning with the strategic change. Focusing on cybersecurity growth strengthens Fortinet's commitment to customer value and innovation. Fortinet, a global leader in cybersecurity, is focusing its business strategy on high-growth markets, emphasizing secure networking, universal secure access service edge (SASE), and security operations. This shift will drive innovation and reinforce its commitment to customers. Fortinet is reorganizing its research & development (R&D) and go-to-market (GTM) strategies around the three markets mentioned. They will develop integrated and advanced products to cater to these areas. Fortinet operates globally, serving hyperscale customers and promoting cybersecurity technologies. The three core markets Fortinet is concentrating on are secure networking, universal SASE, and security operations. These markets are expected to experience substantial growth, and Fortinet has a competitive advantage in them. This strategy aims to expand Fortinet's global business and provide value to its customers. The company is aligning with areas of high demand in the cybersecurity sector. Its current collection of organically developed and integrated products and services enjoys a notable competitive edge in the aforementioned three crucial markets: The market for secure networking is anticipated to reach $86 billion by 2027, expanding at a rate of nearly nine percent per year. 5G gateways, network firewalls, secure switches, and access points comprise the majority of its composition. With the expansion of its firewall business, Fortinet anticipates a corresponding increase in revenue for its FortiGuard Security Services, which are propelled by artificial intelligence (AI). Secure networking remains an integral component of Fortinet's strategy, given that it dominates both firewall revenues and units shipped in its greatest addressable market. Also, by 2027, the universal SASE market is anticipated to reach $36 billion, representing an annual expansion of nearly 20%. The system integrates various cloud-native networking and security technologies, including SD-WAN, secure web gateway (SWG), cloud access security broker (CASB), data loss prevention (DLP), zero-trust network access (ZTNA), SASE, and others. Its purpose is to streamline the process of implementing a zero-trust strategy. All functions of the SASE solution developed by Fortinet can be executed either in an appliance or in the cloud. This capability is facilitated by a unified management console, networking and security layer, and operating system. Recently, Fortinet was positioned in the inaugural Gartner Magic Quadrant for Single-Vendor SASE in 2023. Lastly, the security operations market is anticipated to reach $78 billion by 2027, expanding at slightly more than 14% per year. Fortinet's SecOps platform is the most comprehensive, integrated, and broad in the industry, enabling organizations to gain control and insight into their distributed operations through security orchestration, endpoint detection and response (EDR), automation and response (SOAR), security information and event management (SIEM), network detection and response (NDR), and additional integrated enterprise-grade cybersecurity technologies. Complementing Fortinet's R&D expenditures are strategic realignments in its GTM investments, concentrating on security operations, universal SASE, and secure networking. With the assistance of marketing support and training, sales will be structured in accordance with these three strategic areas in order to increase market penetration and consumer engagement.

Read More

Cloud Security

Cisco Secure Application to Provide Business Risk Observability

Cisco | September 15, 2023

Cisco Secure Application, new to the Cisco Full-Stack Observability Platform, brings application and security teams together to secure cloud-native application development and deployment. The platform integrates Cisco's industry-leading security products' security intelligence with application performance data to provide business context with security findings. Cisco-exclusive business risk observability enables IT professionals to identify, assess, and prioritize risk and fix application security concerns based on potential business impact. Cisco, a worldwide technology leader that offers innovative software-defined networking, cloud, and security solutions, has unveiled the availability of the Cisco Secure Application, formerly known as Security Insights for Cloud Native Application Observability, on the Cisco Full-Stack Observability platform. This integration empowers organizations to seamlessly unite their application and security teams, facilitating the secure development and deployment of modern applications. The latest release of Cisco Secure Application extends its capabilities to securely manage both cloud-native and hybrid applications. In an effort to assist organizations in bolstering their cloud-native applications security, Cisco has introduced the new Cisco Secure Application offering, which is available on Cisco's recently introduced Full-Stack Observability platform. This solution equips customers with enhanced visibility and intelligent insights regarding business risk in various cloud environments. As a result, businesses gain the ability to more effectively prioritize and respond to security risks that could impact revenue and reputation in real time, leading to a reduction in overall organizational risk profiles. As organizations strive to provide smooth digital experiences, IT teams have faced growing demands to transition to modern, distributed applications. According to a recent study by Cisco, 92% of global technologists acknowledge that the urgency to innovate and adapt to evolving customer needs has often resulted in compromised application security during software development. As a consequence, organizations have become susceptible to security vulnerabilities and threats. They face broader attack surfaces and gaps in their application security layer due to the isolation of teams. These teams face challenges in obtaining adequate visibility and the necessary business context for prioritizing vulnerabilities. Consequently, organizations are witnessing a surge in security incidents within the modern environment, thereby jeopardizing customer data and the reputation of their businesses. Mark Leary, Research Director, IDC, stated, Cisco's extensive domain experience across multi-cloud and hybrid environments and comprehensive full tech stack oversight positions the company well to assist customers bring business risk observability, application observability, and security intelligence data together. Combined, they give customers access to the critical information they need to make smarter decisions about their application security [Source – Cision PR Newswire] Senior VP and General Manager of Cisco Full-Stack Observability and AppDynamics, Ronak Desai, said, An organization's ability to swiftly assess risks based on potential business impact, align teams and triage threats is entirely dependent on understanding where vulnerabilities exist, the severity of those risks, the likelihood they’ll be exploited, and the risk to the business of each issue. This business risk observability can enable IT professionals understand and prioritize those risks and is uniquely delivered by Cisco. The availability of Cisco Secure Application on the Cisco Full-Stack Observability platform is a crucial next step in our commitment to providing customers with the tools they need to provide unmatched and secure digital experiences across multi-cloud and hybrid environments. [Source – Cision PR Newswire]

Read More

Software Security

Palo Alto Joins Telstra as the First Sole Cyber Security Vendor

Palo Alto | September 22, 2023

Palo Alto Networks has announced a strategic partnership with the largest telecommunications company in Australia, Telstra. This signifies Palo Alto Networks' commitment to delivering an expanded portfolio of cybersecurity solutions and services to meet the needs of Telstra's extensive business clientele. The partnership strengthens the existing 10-year relationship between Palo Alto Networks and Telstra. Palo Alto Networks, a global cybersecurity company, has announced teaming up with Telstra, Australia's largest telecommunications company, to offer an enhanced range of cybersecurity solutions and services to Telstra's business clients both in Australia and around the world. This collaboration marks a significant milestone, as Palo Alto Networks becomes the first dedicated cybersecurity company to be recognized as a technology alliance partner for Telstra's enterprise customer segment. Telstra serves customers in over 200 countries and territories. Telstra's technology alliance partners collaborate to create and provide comprehensive services encompassing connectivity, voice, and professional services. These services are designed to assist businesses of all sizes in addressing their challenges and capitalizing on opportunities. Regional Vice President for Australia and New Zealand of Palo Alto Networks, Steve Manley, stated, This new alliance with Telstra reinforces Palo Alto Networks’ position in the Australian market as the leading cyber security vendor to leading telecommunications carrier in Australia. It also reinforces our increased commitment to offering industry-leading joint solutions with one of the country’s most trusted managed service providers. Together, Palo Alto Networks and Telstra will collaborate to offer businesses with best-of-breed cyber security solutions to help keep them safe in a rapidly changing market landscape. [Source – Web Wire] This new partnership further solidifies the long-standing 10-year relationship between Palo Alto Networks and Telstra. It also builds upon previous agreements that expanded Telstra's SecureEdge portfolio with offerings like SecureEdge Cloud for business clients and Sovereign SecureEdge for the Australian government and agencies, both powered by Palo Alto Networks' advanced cloud-based security services. David Burns, Enterprise Group Executive at Telstra, said, Cyber security has become one of the top concerns among businesses worldwide, including here in Australia, and especially in the wake of a no. of high-profile cyber breaches. We’re now seeing the industrialization of cybercrime and the scale of threat continues to evolve and grow. As a result, we all need to be constantly changing, adapting, and looking at new technologies that can assist protect us and our customers’ data. As a leading provider of network, managed, and professional services, this new alliance between Telstra and Palo Alto Networks further boosts our capabilities to help customers protect their organizations and data from evolving cyber threats. [Source – Web Wire]

Read More