Cyber Security Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

Cyber Security

Public-private partnership launched to tackle UK cyber skills shortage

960 640 Stuart O'Brien

It’s hoped more people will soon be able to secure fulfilling, highly skilled jobs in the cyber security industry through a new scheme to address the shortage of cyber security experts launches its next iteration.   

HM Government and training provider SANS have partnered to launch the Upksill in Cyber training programme to help UK  professionals make a career change into cyber security. The programme, lasting 14 weeks, offers training, career advice and interview training to help workers change careers into cyber security roles.  

So far, it has trained over 200 students with non-cyber backgrounds. Many have gone on to secure guaranteed job interviews upon successful completion of the training programme. 

Andrea Csuri, a recent graduate of the Upskill in Cyber programme has successfully switched from the retail industry to a cyber security analyst role. She said “The programme was incredibly comprehensive, covering a vast array of topics related to cyber security. I was able to connect with mentors who work in the cyber security field, which was of great interest to me. Additionally, the live sessions with a recruiter were a fantastic resource, providing me with insights and advice on how to navigate the job market in this field. I now work as an Analyst for a company that helps organisations manage their IT and cyber security risks”. 

Recent research by SANS Institute found that 44% of the UK workforce have considered a career change in the last year. However, only 6% have taken an interest in pursuing a career in cyber security despite ranking better pay, career advancement opportunities, and flexible working as the top three benefits of pursuing a career in cyber security. This is due to a lack of understanding about the industry, roles available or the skills needed to even consider pursuing a career in cyber security   

To tackle this, SANS and HM Government are now launching the second iteration of the programme, to power stronger growth and better jobs by upskilling more individuals into cyber security.   

Minister for Science, Innovation, and Technology, Viscount Camrose, said, “The UK is rapidly establishing itself as a world leader in cyber security, and ensuring people have the skills they need to access jobs in the industry is key to cementing and expanding that reputation”. 

“The Upskill in Cyber programme lets us do exactly that – removing knowledge and skills barriers for aspiring cyber security professionals, and supporting them into the exciting new careers which fuel innovation, drive growth and protect our economy”.   

Stephen Jones, Managing Director of SANS Institute, added: “We have found that certain businesses lack the incident response and governance cyber security skills needed to face up to the realities of a challenging threat landscape. Our training programme helps to eradicate these skills gaps, breaking down barriers to facilitate the transition into a career in cyber. Individualised training equips candidates with both a solid theoretical foundation and hands-on practical skills, enabling them to tackle the most pressing security threats that organisations face today.” 

“The Upskill in Cyber programme opens up the dynamic world of cyber security to people from all walks of life,” said Ciaran Martin, Director of CISO (Chief Information Security Officers) Network at the SANS Institute. “Our training approach will equip and empower candidates with the skills and experiences they need to make them deployable in the cyber security workforce in just a matter of weeks. Throughout the programme, candidates will receive world-class training and support, gaining first-hand access to key industry representatives to better understand rising threats, roles, and responsibilities. In our 2022 programme, 100% of the candidates were provided with multiple opportunities to interact with hiring organisations. We are excited to witness the programme’s continued growth and success this year, as it unlocks new career opportunities in a diverse, dynamic, and forward-thinking industry brimming with potential.” 

Making the right hybrid choice when it comes to UC

960 640 Guest Post

As hybrid working strategies mature, companies are fast discovering that choice is vital. Employers need to offer a flexible approach to balance diverse home and office working preferences. But they must also provide a choice of technology options, especially in key unified communication (UC) tools. Consolidating onto a single UC platform may appear to be the best solution, but limiting every employee to a single solution can constrain productivity, undermine morale and encourage the use of Shadow IT, explains Jason Barker, SVP EMEA & APAC, IR.

Hybrid Flexibility

There is no one-size-fits-all approach to hybrid working. For every middle-aged parent revelling in the chance to do the school run, rather than sitting on a crowded train, there is a Gen Z desperate for the interaction – and warmth – of an office environment, rather than being stuck in a spartan shared flat. For every business leader bemoaning the lack of productivity, there is another embracing the impact on recruitment and ability to attract potential new talent.

Rigid hybrid strategies will never meet the needs of a diverse workforce, but a flexible attitude must extend beyond HR policies and include the UC tools used by employees. Wherever they choose to work, it is vital that employees are able to make meaningful connections, both with colleagues and business partners. They need to be confident in their ability to use a variety of tools, from video conferencing to collaboration.  But are they?

Over the past two years, IT teams have accelerated strategic UC deployments in a bid to wrestle back control over corporate infrastructure. A prime objective is to put an end to the costly and high-risk Shadow IT adopted in the early days of enforced WFH, when individuals made their own choice of video conferencing, file sharing and messaging solutions. Yet many of these ‘emergency’ solutions are an employee’s WFH comfort blanket. People have adapted to their preferred tools and, where possible, adapted the tools to work for them. Attempts to close down the UC environment and restrict users to the corporate platform can backfire spectacularly. The problem is that most businesses have absolutely no idea.

Trusted Communications

Today, 85% of businesses are using two or more meeting platforms and many companies are looking to reduce costs by consolidating onto one platform. Yet how can an IT team make the right decision when the business is completely blind to the reality of UC usage and adoption? While UC performance is routinely monitored, the information is collected on a system-by-system basis. There is no visibility of the entire operation, no understanding of the way 10,000s of employees are using the systems. Businesses don’t know when individuals or teams are ignoring the corporate UC tools and opting instead for their own preferred solutions.

Even this piecemeal UC information is fundamentally limited by covering only the office environments. Companies are not monitoring the tools individuals are using at home or their preferred out-of-office locations. From coffee shops to local hubs, employees are opting to use their favourite Shadow IT solutions and side-lining the corporate standards. The result is not only an unseen and unquantified operational security risk but also a missed opportunity to understand how employees are adapting to hybrid working and any signs of a lack of engagement with the business.

Guiding Strategies

End to end monitoring of the entire UC environment, including home working, can provide the business with invaluable insight to support the evolution of hybrid strategies. Are individuals increasing their use of a certain platform? If so, is that because people prefer that solution or simply due to performance problems with the alternative? Companies cannot blithely assume that growing usage equals preference; the IT team needs to also understand if there are any issues with the solution, the network, even frustration due to the lack of personalisation options.  Is there perhaps a change to mandate a single tool if staff can personalise it to suit the way they want to work?

Hybrid working will only succeed if staff are committed, engaged and able to collaborate effectively, wherever they are located. And that is far from inevitable if IT attempts to impose a solution that simply doesn’t work as well as their Shadow IT alternative. Clearly it is essential that everyone uses the UC solutions that are purchased, implemented and run by the corporate IT team – and that the infrastructure is secure, compliant and well managed. Choice is key. To offer employees the right choice, it is essential to understand how UC platforms are working at home and in the office, for both individuals and the business.

OPINION: Don’t let fatigue be the cause of MFA bypass

960 640 Guest Post

By Steven Hope (pictured) , Product Director MFA at Intercede

If names such as Conficker, Sasser and MyDoom send a shiver down your spine, you are not alone. In the not-too-distant past computer viruses, whether simple or sophisticated had the power to cripple organisations large and small, as cybercriminals sought to wreak havoc, and gain notoriety and wealth.

For security professional’s endpoint/perimeter protection was the name of the game, with firewalls and anti-virus software providing the first line of defence. Whilst this type of malware still exists it is no longer the main attack vector, however, the threat landscape is ever evolving and, with the growth of man-in-the-middle (session hijacking), SIM hacking and targeted phishing attacks, preying on vulnerable authentication, including Multi-Factor Authentication (MFA).

In the same way that anti-virus has never been able to protect systems from 100% of trojan, worms, botnets, ransomware etc, there is no such thing as a phishing-proof solution, bar hardware-based PKI & FIDO for now. However, there are ways to be more resistant to phishing attacks. Unfortunately, the weakest form of resistance is also the most commonplace – passwords. Guess, buy or socially engineer a password and you instantly have access to whatever it is ‘protecting’, be it a social media account, or a mission-critical system. If it was deemed important enough to have a password in front of it, then the chances are that it has a degree of value, financial, or otherwise to the organisation that can be exploited.

The obvious choice, therefore, is to add another layer of security, so if the password is breached then there is another obstacle to overcome. This is commonly known as multi-factor authentication (MFA), but this can be a misnomer, if, for example, one of those factors is a poorly managed password programme (not following NIST guidelines and failing to have a Password Security Management solution). Given the weakness of passwords, MFA of this type is typically only as secure as the second factor. So, whilst potentially more secure than a standalone password, it is far from being resistant to phishing and some might argue whether this really is MFA.

Brute force attacks to guess passwords are still used today, but many cybercriminals are far more likely to focus less on cracking the computer and more on engineering the employee through techniques such as spear phishing, BEC (Business Email Compromise) and consent phishing. The aim here is to encourage the identified target to unwittingly handover the information they need.

A perfect example of this is the exploitation of the complacency surrounding push notifications (commonly known as ‘push fatigue’). Push notifications are increasingly used as the second factor when logging on to a system, or making a purchase. A message asks the account owner to accept, enter a one-time-code (OTC), or use a biometric (via the fingerprint reader on a mobile device).

Cybercriminals have learnt that bombarding accountholders with push notifications, creating a fatigue, can than result in the owner complying with their request; after all if pressing decline a few times doesn’t make the popups stop, may pressing Accept will. If they already have the username and password (readily available and traded at very low cost on the dark web) they can do as they please, whether that be making a transaction, emptying an account, downloading or deleting data. If the term ‘trojan horse’ had not already been attributed in the world of cybersecurity it would be an apt description of what cybercriminals are doing with push notifications.

So, if poorly managed passwords are weak and 2FA easily bypassed, it is a valid question to ask where that leaves authentication, especially given the lack of recognised standards (although I would encourage anyone to look at FIPS 201, published by NIST). The reality is that a multi-faceted and multi-factor authentication (MFA) approach needs to be phishing resistant. The better staff are trained (CUJO AI reported in January that 56% of Internet users try to open at least one phishing link every month), the more factors there are, the more secure you are. How far you go on the scale from passwords (not phishing resistant) to PKI (the highest level of authentication assurance) will very much depend on where you sit in the food chain and whether the organisation could be perceived to be a high value target, whether of itself or for its role in a wider and richer supply chain.

The reality for most organisations of any size is that different people and tasks will require different assurance levels, so any MFA solution used needs to have the ability to scale how credentials are applied appropriately. Authlogics Push MFA has been built with the end user in mind, giving them useful information with which to make a more informed accept/decline decision. Furthermore, after declining a logon they can simply tap the reason why and push fatigue protection will automatically kick in.

In the third quarter of 2022, the Anti-Phishing Working Group (APWG) reported 1,270,883 phishing attacks, the worst ever recorded by the group. The reason is simple – phishing works. Every expectation is that 2023 will continue to see numbers rise. However, using the right MFA as part of an overall security strategy can provide the resistance needed to repel ever more sophisticated, persistent and persuasive attacks.

Employee burnout is cyber security professionals’ greatest fear amidst rising cyber threats  

960 640 Stuart O'Brien
35% of cyber security professionals surveyed have cited employee burnout as the most concerning issue amongst increasing cyber threats. This comes as cyber security teams are put under mounting pressure to tackle the complexity of the modern hybrid enterprise and the necessity to protect corporate data wherever it resides.

According to a poll carried out by  Integrity360 and Vectra, almost 63% of respondents highlighted security of data as being most important to their organisation when establishing the need for effective cyber security services. Of lesser concern was, securing reputation (19%), productivity (12%) and saving money (7%). 

The good news is that organisations are looking to implement critical security measures to ensure greater threat detection and response in 2023, with identity and access management (29.9%) and cloud security (29.7%) on top of the agenda, followed by network (19.6%) and endpoint security (20.6%).  

Richard Ford, CTO at Integrity360, said: “Analysts are facing severe burnout from alert fatigue and Security OperationsCentre (SOC) overwhelm, and organisations are lacking the experience, skills and bandwidth needed to detect and manage security incidents and data – quickly and effectively. The integration of Vectra into our MDR service is a game changer. It allows us to provide a full end to end capability to monitor and proactively hunt threats across the entire hybrid enterprise, delivering advanced Threat Detection and Threat Response services and relieving SOC teams overwhelmed by noise. 

When questioned on the best approaches to future-proof the security of their organisation, 52 % of respondents to the poll pointed to Artificial Intelligence (AI) and Machine Learning (ML) as the best means.  

Comprising of four question and answer options and drawing 1,483 responses, the Integrity360 Twitter poll was conducted between 1st-5th December 2022.

Cyber security in 2023: We polled some top experts on the trends to watch…

960 640 Stuart O'Brien
We’ve rounded up predictions from a clutch of cyber security experts, covering off everything from zero trust and the Open Security Schema Framework to the SMB threat and SecDevOps…
John Linford, The Open Group Security and Open Trusted Technology Forum (OTTF) Director
“Zero Trust has been a high-profile topic in cybersecurity for well over a decade now, but in recent years it has suddenly bloomed from being a promising future approach to being a fundamental component in enterprises’ security toolkits. According to one report, active Zero Trust implementation more than doubled in the year to August 2022, reaching more than half of businesses.
This growth has had two major consequences. First, information security for businesses has been considerably strengthened. We know that Zero Trust can reduce data breach incidents by 50%, and so its rapid widespread adoption is something to be celebrated.
The second, less encouraging consequence has been an accompanying growth of competing definitions around what it means to comply with the Zero Trust model, whether for an organisation to implement Zero Trust or for a product or service to aid in this. While the principle of Zero Trust might seem simple enough to state in theory, applying it in a production environment demands countless subtle decisions which affect the ultimate nature of the solution. This fact adds a layer of conceptual overhead to an undertaking which can already be daunting, requiring in-depth planning and cross-company collaboration in order to succeed.
This is not a new story in technology; in fact, the origins of thinking behind Zero Trust can be traced to the Jericho Forum® Commandments. Once the idea or approach has proliferated sufficiently, a period of blossoming innovation as ideas are brought to market is often followed by a period of rationalisation as new or additional standards are created to ensure holistic benefits. So it is with Zero Trust: initiatives like NIST® 800-207 and The Open Group Zero Trust Architecture Working Group will establish the clarity Zero Trust needs in order to grow from being present at the majority of businesses, to being at the heart of most business processes.” 
Allen Downs, Vice President Security and Resiliency Services, Kyndryl
“There is an easy prediction that we could make about cybersecurity this year. A few months ago, a group of major industry players announced the Open Security Schema Framework (OCSF), an initiative which aims to standardise cybersecurity information sharing around a common data standard. It’s a deeply promising move, and one that’s long overdue: the modern CISO can often be found grappling with how to transform a patchwork of hastily-implemented solutions into a cohesive security stance, and seamless data integration could be exactly what we need.
The truth is, though, that a fully-fledged standard will take longer to achieve than many enterprises have. Gaps between systems exist today and, despite economic headwinds, the drive for digital transformation is still there, creating an ongoing expansion of security needs. If we can’t wait for reinforcements to arrive to unpick this problem, we need to start now by auditing, rationalising, and streamlining what we’re buying for and how we’re using it security and resilience.
It can’t be overstated how chaotic structures across security solutions put organisations at risk. That’s why my real prediction is that, this year, we will see clearer evidence of a non-correlation between security investment and security performance. While global cybersecurity spending continues to skyrocket year-on-year, major organisations will still be caught out by mismatched systems, whereas those who achieve a holistic view of their security and resilience stance will fare far better.”
Anthony DiBello, Vice President, Strategic Development at OpenText 
“Cybersecurity challenges in 2023 will be driven by global recessions, cryptocurrency risks and fluctuations, workforce and supply chainchallenges, and international conflicts destabilising economic conditions in various geographies.
These conditions will lead to an uptick in financially motivated identity theft driven both by individual desperation, and isolated economies such as Russia and North Korea. With disruption in the cryptocurrency markets, expect to see a small decline in ransomware attacks as criminals pivot to more direct financial theft and fraud, such as tax and credit card fraud schemes. For organisations, expect to see investment focused on fraud and insider threat detection as a result.
As enterprises prepare for a recession, expect to see organisations look to consolidate the number of cybersecurity vendors they interact with and push to get more from the technology they already have in deployment. On the vendor side, expect to see consolidation through M&A, particularly as sigh-high valuations begin to drop to more consumable levels. As a result, there will likely be less cybersecurity startups entering the marketing in 2023 and existing vendors will focus more on practical solutions to near and present cybersecurity challenges.
Past concerns regarding fraud and insider theft, those challenges will be securing the supply chain (physical and digital), and critical infrastructure. Bolstering security in these areas will be a huge focus for security leaders within those industries in 2023. Expect to see entrenched security vendors extend existing technology to better secure and monitor manufacturing and critical infrastructure environments (IoT Security) and the software development supply chain (DevSecOps) for cyberattacks.”
Brett Beranek, General Manager, Security & Biometrics, Nuance
“Financial services organisations of all sizes have seen digital interactions and call volumes rise over the last two years. Like all brands, banks must offer great customer experiences to remain competitive. But the nature of their business means security must always be a top priority. Traditionally, adding security meant adding friction to the customer and agent experience, so financial institutions will prioritise investments in technologies that strengthen security and CX simultaneously.
“Traditional authentication methods – such as PINs and passwords – are archaic and no longer fit for purpose. Passwords are being sold on the dark web, exploited for fraudulent activity and have even cost unfortunate individuals vast sums of money in terms of recovery if lost or stolen.
“In 2023, an increasing number of banks will turn to modern technologies – such as biometrics – to robustly safeguard customers. We’re already seeing banks get immense value—including 92% reductions in fraud losses and 85% increases in customer satisfaction—from biometrics solutions that eliminate authentication effort for customers while making life very tough indeed for fraudsters. Over the next 12 months, I expect to see many more financial services organisations following in their footsteps.”
John Smith, EMEA CTO, Veracode
“Each year, software and applications are only becoming a bigger part of our lives. As this demand for better digital experiences continues to grow, it is imperative that businesses remember that the need for better security increases alongside it. To achieve success in 2023, businesses will need to set out on the right foot from the beginning and ensure their security strategy is considered from the first line of code.
If we have learnt anything from 2022, it is that no organisation is immune to cyber threats. Fortunately, however, we are seeing proactive new steps to help prevent risk, with the likes of the European Cyber Resilience Act (ECRA) and Digital Markets Act (DMA) both coming into play in the last year. This, coupled with the increased demand for better digital experiences, seems to have reenergised the investment and prioritisation of cybersecurity by businesses. Many professionals expect further laws to be introduced in the coming years and want to get ahead of anticipated mandates by investing in better security practices and emerging technologies, such as automated, machine learning-driven remediation.
While we are seeing positive steps in the right direction as we enter 2023, it would be naive to think that we can ease up and pat ourselves on the back. Security is neither a tick-box exercise nor an end goal, but rather an ever-evolving journey. Now, more than ever, we should be ensuring that security is pervasive not invasive. Then, hopefully we’ll be able to reach a place where businesses truly have an always-on understanding and active role in mitigating cyber risk before disruption can occur.”
Mark McClain, CEO and Founder at identity security firm SailPoint
“Identity spending will continue to rise, even as budgets tighten. In a tighter spending environment, CIOs and CISOs will de-prioritise various areas of IT spending, but security will remain at (or near) the top of their priority list. And within those security budgets, identity security will continue to rise in importance compared to other aspects of security. CXOs (especially CIOs and CISOs) now broadly recognise how critical it is to secure their enterprises through the lens of identity, and the consequences for failing to do so are increasingly clear. Moving forward, identity will be seen as a “business essential” rather than simply a security category.”

Nick Westall, CTO, CSI Ltd
“With progressively large sets of data and an ever-increasing growth in creative cyberattacks, IT teams are now dealing with operations and threats that go ‘beyond human scale’. Even moderate sized teams can no longer have the ‘eyes’, or visibility, they need to oversee all IT activity to keep their business secure. So, for 2023, as we move further into more complex IT worlds the application of AI and automation for cloud and security processes will become key to threat detection and prevention, as well as cloud optimisation and cost control. And all this at a time when businesses need to do more with less heads and while dropping into recession.

In terms of cyber security, things will only get worse before they improve. With dynamic, personalised attacks and working beyond human scale, hackers will have significantly more power to cause damage. Then there are the unknown threats. Given the pace of technological development, it’s likely we will be hit within the next few years by forms of cyber-attacks that are hardly conceivable today.

Within this scenario, I see AIOps and SecOps (and SecDevOps) becoming critical in 2023 to help protect against attack. However, despite their best efforts many businesses will still be attacked. So, having the right business continuity practices in place and cyber insurance will be critical to survival. Information Security Management Systems and Cyber Essentials Plus is no longer fit for purpose on their own. And with insurance companies stipulating that companies must have in place more rigorous technical controls, cyber security policies and toolsets before they will insure them, being able to meet these increasing demands will be key in 2023.

While CISOs have much to do in 2023 to add value and avoid risk (whilst not forgetting their ESG/CSR role or keeping their customers at the heart of what they do), they will not only need the commitment of the C-suite, they will also need their involvement.”

Tyler Moffitt, Senior Security Analyst, OpenText Security Solutions
“Small-Medium Sized Businesses (SMBs) will need to do more with less and cyber resiliency will be more important than ever. Cybercriminals will increase ransomware attacks on SMBs as prime targets in the wake of heightened geopolitical tensions, such as the War in Ukraine, and rising inflation in the UK and globally. This will force SMBs to do more with less, while already having smaller cybersecurity teams and budgets to defend against attacks, and it will make cyber resiliency more important than ever. Our recent SMB survey found that 46 percent of respondents felt more at risk of a ransomware attack due to heightened geopolitical tensions, and 53 percent were also concerned about their security budgets shrinking due to inflation.

“Search engines like Google and Bing try to make it as easy as possible for consumers to find the information they request, but it will become increasingly difficult to distinguish between safe and malicious search results. As search engines work to provide a more streamlined experience, they unintentionally open consumers to a greater possibility of being phished. Scammers will purchase top ranking search result ads and use them to drive people to malicious and fraudulent websites to steal their personal and financial information.”

Mark Molyneux, CTO of EMEA, Cohesity
“Companies in the UK will need to prepare for downtime and blackouts with solid disaster recovery plans for their data centres. The National Grid chief has warned about potential blackouts impacting major data centres amid the energy crisis, stating that it’s possible the UK may face blackouts in January and February in 2023.

Many companies will have solid Disaster Recovery plans for their data centres, but random or even structured blackouts over a prolonged period will have a very different requirement for operational resiliency compared to a typical outage.

Best practice involves organisations moving copies of their critical data to an alternative location to create more resiliency against potential blackouts. Alongside other operational challenges, and set in the context of reduced IT budgets, organisations will have to quickly develop procedures to keep services running and secure. This will mean leveraging automation and orchestration to make those procedures efficient and effective.”

Access Control

Security Information & Event Management (SIEM) spend to exceed $6.4bn by 2027

960 640 Stuart O'Brien

A new study from Juniper Research has found that the total business spend on SIEM (Security Identity & Event Management) will exceed $6.4 billion globally by 2027, from just over $4.4 billion in 2022.

It predicts that this growth of 45% will be driven by the transition from term licence (where businesses can use SIEM for specific licence lengths) to more flexible SaaS (Software-as-a-Service) models (where SIEM solutions are purchased via monthly subscription). This will enable small businesses to access previously unaffordable services.

A SIEM system is a combination of SIM (Security Information Management) & SEM (Security Event Management), which results in real-time automated analysis of security alerts generated by applications and network hardware; leading to improved corporate cybersecurity.

IBM Tops Juniper Research Competitor Leaderboard

The research identified the world’s leading SIEM providers by evaluating their offerings, and the key factors that have led to their respective success, such as the breadth and depth of their platforms.

The top 3 vendors are:
1.    IBM
2.    Rapid7
3.    Splunk

Research co-author Nick Maynard said: “Juniper Research has ranked IBM as leading in the global SIEM market, based on its highly successful analytics platform and its ease of integration. SIEM vendors aiming to compete must design scalable solutions that are accessible to smaller businesses, which can provide easy-to-understand, actionable insights for less experienced cybersecurity teams.”

Transition to SaaS Accelerating Rapidly

Additionally, the research found that SaaS business models within SIEM are gaining traction; accounting for almost 73% of global business spend on SIEM in 2027, from only 37% in 2022. This significant increase represents an opportunity for newer vendors to break into the market with appealing SaaS-based models, but SIEM vendors must be careful not to leave larger enterprises, which still prefer term licences, behind.

To find out more, see the new report: Security Information & Event Management: Key Trends, Competitor Leaderboard & Market Forecasts 2022-2027.

49% of UK organisations experience high-business-impact outages at least weekly

960 640 Stuart O'Brien

With cloud adoption, cloud-native application architectures, and cybersecurity threats on the rise, the biggest driver for observability in the UK was an increased focus on security, governance, risk and compliance.

That’s according to New Relic’s second annual study on the state of observability, which surveyed 1,600+ practitioners and IT decision-makers across 14 regions.

Nearly three-quarters of respondents said C-suite executives in their organisation are advocates of observability, and more than three-quarters of respondents (78%) saw observability as a key enabler for achieving core business goals, which implies that observability has become a board-level imperative.

he report also reveals the technologies they believe will drive further need for observability and the benefits of adopting an observability practice. For example, of those who had mature observability practices, 100% indicated that observability improves revenue retention by deepening their understanding of customer behaviors compared to the 34% whose practices were less mature.

According to the research, organizations today monitor their technology stacks with a patchwork of tools. At the same time, respondents indicated they longed for simplicity, integration, seamlessness, and more efficient ways to complete high-value projects. Moreover, as organizations race to embrace technologies like blockchain, edge computing, and 5G to deliver optimal customer experiences, observability supports more manageable deployment to help drive innovation, uptime, and reliability. The 2022 Observability Forecast found:

  • Only 27% had achieved full-stack observability by the report’s definition – the ability to see everything in the tech stack that could affect the customer experience. Just 5% had a mature observability practice by the report’s definition.
  • A third (33%) of respondents said they still primarily detect outages manually or from complaints, and most (82%) used four or more tools to monitor the health of their systems.
  • More than half (52%) of respondents said they experience high-business-impact outages once per week or more, and 29% said they take more than an hour to resolve those outages.
  • Just 7% said their telemetry data is entirely unified (in one place), and only 13% said the visualization or dashboarding of that data is entirely unified.
  • Almost half (47%) said they prefer a single, consolidated observability platform.
  • Respondents predicted their organizations will most need observability for artificial intelligence (AI), the Internet of Things (IoT), and business applications in the next three years.

“Today, many organizations make do with a patchwork of tools that require extensive manual effort to provide fragmented views of their technology stacks,” said Peter Pezaris, SVP, Strategy and User Experience at New Relic. “Now that full-stack observability has become mission critical to modern businesses, the Observability Forecast shows that teams are striving to achieve such a view so that they can build, deploy, and run great software that powers optimal digital experiences.”

Sail the digital transformation seas more securely with Zero Trust Access 

960 640 Guest Post

By Tim Boivin, PortSys (pictured) 

Security has long been the boat anchor that drags down innovation – a deadweight that prevents digital transformation efforts from sailing to success.  

With the pandemic, digital transformation efforts accelerated far beyond the horizon of what was thought possible. Those changing tides also gave cyber pirates the opportunity to hack away – torpedoing infrastructure to launch ransomware, phishing, and data exfiltration attacks. 

Unfortunately, too many IT security teams and lines of business still don’t sail in the same direction to find the calm seas that offer more secure digital transformation. As a result, the captains of business frequently consider security as merely sunk costs, instead of the transformative vessel it should be. 

Zero Trust Access (ZTA) sets a new course so your organization can discover greater market treasures. ZTA generates the strategic tailwinds you need for your digital transformation efforts to reach their ultimate destination – competitive advantage. It needs to be considered as a valuable strategic business asset – one that reduces cost, improves productivity, and ultimately drives revenue and profit. 

How? ZTA implements and scales quickly without disrupting your existing infrastructure. It allows users to more securely and seamlessly access local and cloud resources they need to do their jobs from anywhere, improving productivity.  

ZTA accomplishes all this while dramatically reducing threats against your infrastructure. Instead of saying “No!” to anyone who wants to work more productively but requires greater access to do so, the pilots in the IT boathouse say “Yes, but…” – relying on ZTA’s principles of “Never Trust, Always Verify.” That creates a safer journey as your users get closer to your customers, wherever they are. 

Ultimately, ZTA transforms that IT boat anchor that’s been dragging you down into a billowing business mainsail – so you can cruise to competitive advantage. 

Tim Boivin is the marketing director for PortSys, whose enterprise customers around the world use Total Access Control (TAC), its next-gen reverse proxy solution based on Zero Trust. 

Cybersecurity priorities: Why AI-powered threat detection should be in your plans

960 640 Guest Post

By Atech Cloud

The changed world we’ve found ourselves living in since the global pandemic struck in 2020 has been particularly helpful to cybercriminals. Nothing illustrates this so well as the SolarWinds hack, described by Microsoft president Brad Smith as the most sophisticated cyberattack of all time, the reverberations of which have been felt throughout 2021.

Homeworking, the ongoing digitalisation of society, and the increasingly online nature of our lives mean opportunities are about for phishers, hackers, scammers, and extortionists. As we head into 2022, there is, unfortunately, no sign of this letting up. This is why it’s essential for individuals and organisations to be aware of the ever-growing avenues of attack as well as what can be done to mitigate the risks.

So let’s take a look at the most important and significant trends affecting our online security in the next year and beyond while throwing in some practical steps we recommend taking to avoid becoming victims:

AI-powered cybersecurity

Similar to the way in which it is used in financial services for fraud detection, artificial intelligence (AI) can counteract cybercrime by identifying patterns of behaviour that signify something out-of-the-ordinary may be taking place. Crucially, AI means this can be done in systems that need to cope with thousands of events taking place every second, which is typically where cybercriminals will try to strike.

A product we recommend and work with is the Azure Sentinel Solution for all cloud security needs.

To find out why cloud-native security operations is the hot button topic for this year and how to deliver it, read the rest of this article on our blog.

WEBINAR REWIND: The next generation of secure digital communications – Why now and why it matters

960 640 Stuart O'Brien

Don’t worry if you missed December’s fantastic Zivver webinarThe next generation of secure digital communications – Why now and why it matters – You can now watch the entire session again online!

Regulatory reforms, digital transformation, hybrid working… The business landscape continues to evolve and the need for secure and compliant digital communications solutions is higher than ever. The current state of communications security cannot keep pace.

By watching the webinar you’ll get practical insights from Zivver’s panel of industry leaders, security experts and end-users as they discuss the impact and value of a new generation of digital communications security. There’s discussion around how new solutions can empower secure work with maximum effectiveness and minimal disruption, as well as:

  • The evolution of 3rd generation secure digital communications: Why now and why it matters
  • Creating an empowering ‘secure-first’ lifestyle: How to enable employees to succeed through smart technology, while alleviating pressure and reducing the need for training

The panel also investigates Zivver’s perspective on this and how it is shaping our innovation today and in the future.

Panel participants include:

  • Stephen Khan: Global Head of Tech & Cyber Security Risk (former security exec HSBC)
  • Vinood Mangroelal: Executive Vice President, KPN Health
  • Brenno de Winter: Chief Security and Privacy Operations, Ministry of Health, Welfare and Sport Netherlands
  • Sarah Judge: Digital operational lead & CCIO, West Suffolk NHS Foundation Trust
  • Wouter Klinkhamer: CEO and Co-founder, Zivver
  • Robert Fleming: CMO, Zivver
  • Kelly Hall: VP, Corporate Communications & Campaigns, Zivver

What you’ll take away

Find out how your organization can embed security into everyday workflows to empower effective working, and gain actionable insights on how to enable people to secure their digital communications with minimal disruption.

Watch Again Now