100,000 folders were open to all employees, 21 percent of all the folders in our investigation had no access controls at all. Worse yet, 41 percent of companies had at least 1,000 sensitive files open to all employees.
Critical national infrastructure organisations who cannot afford to let high value data or control of critical systems get into the wrong hands should be particularly wary of using outdated VPN remote access.
30,000 infrared dots called 'True Depth' build a map of an individual's face so Face ID can claim a 1 in 1,000,000 rate of error but its not infallible; biometric authentication should be used in combination with other forms of authentication.
The attackers who infected 2.27 million machines last year using a modified version of the computer maintenance app CCleaner gained unauthorised access to the developer's network using remote access program TeamViewer.
There is a tendency for companies to simply lose track of their privileged accounts; 70 percent of organisations failed to fully discover all of the privileged accounts on their systems.
Why GDPR may hold the key to ensuring the cyber-security of CCTV and access control technology.
Indian woman dies of starvation because of failures in system for biometric authentication for rations; her status is wrongly changed, unknown to victim who then receives reduced rations.
A society where identity authentication is allowed without users' volition would be a society where democracy is dead. The password as memorised secret is absolutely necessary says Hitoshi Kokumai.
Adopt dynamic authentication of customers for each interaction they perform, and do it as seamless and frictionless as possible: use the mobile devices we all carry. Too much is at stake to rely on shared secrets' as safeguards.
Some 26 percent of all accounts surveyed were of 'stale enabled users'; accounts - and 90 percent in one case.The risk is two-fold: ex-employee with unauthorised access, and the account can be hijacked by an external hacker.
Enforcing authorisation directly at the data level can be incredibly powerful as it could mean minimal or no changes to the applications that are accessing the data itself says Jonas Iggbom.
Rémy Cointreau faced a challenge to create a more agile organisation through its IT infrastructure, providing employees with the ability to securely access applications from any device at any time and from anywhere.
The password on its own is not enough to protect an organisation's data, even if you follow best practice says Kevin Timms, adding passwords that are easily entered and remembered are inherently weak and easily compromised.
Companies seem to be slow to realise that their Twitter, Facebook or LinkedIn accounts and passwords require exactly the same protection as any of their high-risk or high-value internal systems says Jackson Shaw.
Scientists use vision algorithms to sidestep security systems and machine-read CAPTCHA security words like a human.
Raz Rafaeli suggests perhaps it's time to rethink authentication altogether, and eliminate password-based "something you know," the Achilles' heel of authentication. That leaves "something you have" and "something you are."
Whether IBM or Microsoft's vision prevails, identity verification and device authentication are still a factor in security says Mike Lynch.
The Inspector General has said that the U.S. Department of the Interior has to beef up its access controls if it wants to meet current standards
What are organisations doing wrong when it comes to dealing with the insider threat? That was the topic of conversation when we sat down recently with Mark McClain.
The approaches to access control have varied over the decades, but today the challenges are greater than ever.
Your business needs to secure itself against the new wave of Summer Interns, says Chris Sullivan.
Compliance with PCI DSS 3.0 is primarily about enforcing everyday security best practices, but Stuart Facey notes that secure third party access is a key part of that approach.
The problem with passwords, is users says Francois Amigorena, and overcoming user-error can make passwords fit for purpose once again.
There are security vulnerabilities when using passwords, but Tyler Moffitt says that there are steps that you can and should take to make sure your data less easy to access.
Privilege controls can work, but cannot cater for all eventualities, says Quocirca analyst Rob Bamforth.
As the Heartbleed bug demonstrates, passwords - especially the way they are commonly used across sites - are inherently vulnerable suggests Chris Russell
Mark O'Neill suggests that his top ten potential vulnerabilities of the Internet of Things (IoT), need to be considered now, before mass deployment.
Is the introduction of new technologies adding to security, or undermining it, asks Toby Flaxman, Senior Technical Security Consultant, IRM plc