Why Mid-Market Enterprises are Becoming Top Targets for Cyber Criminals (and What They Can Do to Prevent It)

In the last few years, many large businesses have overhauled their approach to cyber security. The rise of remote working forced them to bring forward long-planned upgrades to both security technology and processes, resulting in far better data security across the board.
On paper it seems like very good news, but it isn’t necessarily for everyone. Why? Because the majority of cyber criminals are opportunists looking for the quickest and easiest way to make the maximum amount of money possible from victims. Consequently, they tend to target larger businesses that have more assets for exploitation. However, as these large businesses continue to shore up their cyber defences, cyber criminals have started looking elsewhere for easier targets, and many of them are turning their attention to lesser protected mid-market enterprises instead.

Read more

Attacks on Shadow APIs Loom Large

Shadow APIs (Application Programming Interfaces) are now the biggest threat facing API security today. Analysis of more than 20 billion transactions from the first half of 2022 found 16.7 billion of these were malicious in nature and the majority (5 billion) were against unknown, unmanaged and unprotected APIs, more commonly referred to as Shadow APIs.

Read more

IoT Regulation: The Carrot and the Stick

Security is a real concern among consumers when it comes to the Internet of Things (IoT) which have time and again succumbed to a litany of attacks due to poor protection mechanisms and vulnerabilities. Yet vendors remain slow to implement the 13 guidelines contained in the UK DCMS Secure by Design Code of Conduct published way back in 2018 and which aligns with the international standard ETSI EN 303-645.
To help boost uptake, the UK Department for Culture, Media and Sport put out a tender to the industry to devise a scheme that would incentivise manufacturers to demonstrate proactive security compliance to customers. The result was the IASME scheme which offers three levels of compliance – Basic, Silver and Gold – in a bid to encourage the industry to take action. Those meeting the criteria can then display the associated badge on their products, reassuring customers. It’s the carrot, if you will, ahead of the legislation expected to be brought in next year under the Product Security and Telecommunications Infrastructure (PSTI) Bill.

Read more