The week in security: Time to reconsider your security architecture?

cia triad security triangle glowing binary process by nolimit46 getty 2400x1600
nolimit46 / Getty Images

Security experts have warned about credential stuffing attacks for some time – but new research suggests that the APIs used by cloud-based services are becoming facilitators for those attacks, particularly in the increasingly-open financial services industry.

Ransomware, too, has been growing as hackers revive an old classic with new techniques.

Even shadow IT has become a major issue for businesses – but are you familiar with its dark side?

You should be, particularly as 5G tries to shake off the legacy of years of inconsistent security technologies.

Little wonder many companies are shifting to a full Zero Trust security model and broader models, such as Gartner’s Secure Access Service Edge (SASE) that keeps data traffic fully secure throughout its journey.

Yet with so many vulnerabilities out there, it’s worth considering how professional penetration-testing tools might help your business.

It’s also worth considering whether those tools can locate your HR department’s candidate data – a gold mine for cybercriminals that are targeting data more than ever before. So, if you’re not au fait with your Data loss prevention (DLP) techniques, be sure to touch up on your skills.

You may also want to follow the lead of electrical specialists Stowe Australia by looking at your network architecture to see whether design and configuration issues are causing you more grief than they should be.

Ditto on your home security system, which is likely part of the Internet of Things (IoT) revolution that is seeing more and more devices become sitting ducks for malicious cybercriminals.

No wonder artificial intelligence (AI) and machine learning (ML) technologies are becoming increasingly important for effective IT security – with parties on all sides of the cybersecurity ecosystem looking to the technologies to improve their defences (and offences).

Companies wanting to improve control of their cybersecurity activities may want to consider a Security Operations Centre model.

Meanwhile, Microsoft announced the next generation of its Microsoft Threat Protection cybersecurity services bundle, which integrates the fruit of the company’s investments in Israeli startups.

And Cisco, for its part, revealed a flaw in its Smart Software Manager On-Prem licensing management tool 

Related:

Copyright © 2020 IDG Communications, Inc.

The 10 most powerful cybersecurity companies