KuppingerCole Blog

Ransomware is a very easy and successful way of making money illicitly, so it is a proven business model unlikely to lose popularity with cyber criminals any time soon. Cybercriminals are also evolving the business model and may even be collaborating with competitors , say security researchers. Not only are tactics, techniques and procedures evolving, ransoms getting greater, demand for ransomware-as-a-service increasing, and double-dipping attacks that demand one payment to decrypt data and another to hold off publishing copies of sensitive data, but organizations are increasingly...

If there is one universally true statement about every organization regardless of size, location, or industry – it is that they all have too many security problems to deal with comfortably and in time. If you believe that you have your cybersecurity well under control, you probably simply don’t have full visibility into every corner of your IT… Unsurprisingly, the idea of replacing overworked (and increasingly scarce) humans with some kind of automation both for daily administrative routine and for responding to security incidents looks universally appealing to everyone...

Is the security sector served well by the standards, regulations, and frameworks we have? The security industry has been around for a good few years and we've understood the importance of standards. If you look at the way that standards, frameworks, and regulations work, it does take quite some time for them to come into place. In the early days, we had standards, which may have been around specific technologies, but they were quite general. So for example, we had the standards around wireless encryption. So, there are those sorts of standards. We have standards around...

Business IT and the way people work is changing. Trends towards digital transformation and remote working have only been accelerated by the global Covid pandemic. Therefore, the ways organizations manage Privileged Access must adapt and change accordingly to ensure the business remains competitive and secure. At the same time that hybrid working is becoming more common, as people take advantage of technologies that support working from home or on the road as well as the office, IT architecture is rapidly shifting to multi-cloud, multi hybrid environments in which identities of all kinds...

Operational Technology (OT) systems encompass Industrial Control Systems (ICS), Critical Infrastructure Systems (CIS), and Industrial Internet of Things (IIoT). OT environments face threats similar to those that traditional enterprise IT systems do, as well as threats unique to each type and implementation.  ICS environments are those found in manufacturing facilities and warehouses, and may involve dedicated Human-to-Machine Interfaces (HMIs), Programmable Logic Controllers (PLCs), sensors, valves, actuators, etc. Critical Infrastructure includes regional and municipal power...

There is no denying that modern IT environments are complex and are becoming even more so every day. Most organizations have a mix of on-prem and cloud-based applications in multiple clouds, as well as Edge computing systems. The challenge of managing infrastructure to keep pace with proliferation of entitlements across these complex and dynamic infrastructure is exacerbated by the increasing use of agile development and DevOps tools. Traditional access management platforms such as IGA, IAM and PAM are not able to meet the demands of modern enterprises because of the dynamic, agile,...

Zero Trust is undoubtedly one of the hottest buzzwords in the IT industry. The idea that just by following a set of simple principles an organization can dramatically reduce the complexity of its IT infrastructure and significantly improve its security posture and resilience to cyberattacks is, of course, extremely appealing to everyone. Unfortunately, even the companies highly motivated to adopt Zero Trust as their new strategy are often struggling even with the initial steps. If KuppingerCole analysts got a dollar every time we had to tell someone: “sorry, but you cannot buy...

In the wake of increased cyber-attacks on national critical infrastructure, authorities around the world are imposing stricter requirements on organizations that their populations rely on for a wide range of essential services, which includes a wide and growing number of private companies that should be preparing now to meet their new obligations. Notably the EU issued the Network and Information Systems (NIS) Directive in 2016 and the US saw the introduction of Executive Order 14028  on Improving the Nation's Cybersecurity in 2021. But European authorities are now seeking to go...

I am often asked “does using a cloud service alter risk?” I always reply to this question with “well it depends”. Every organization has its own set of circumstances, and the answer needs to take these into account. It is also important to think about how the responsibility for security is shared between the service provider and the customer. This blog outlines the core business risks and what organizations need to consider. Business Risks While much discussion focusses on the technical risks, at the business level there are three distinct cyber risks, and...

Undoubtedly, many technology companies enjoyed an outstanding success during and after the COVID-19 outbreak. Businesses changed in several fields and we saw situations that we would have rarely expected before: switching to online shopping, online education, remote working, minimizing trips and avoiding human contact, just to mention a few. Lockdown forced humanity to look for a shelter against the confinement, and people found it in technology, which became the main protagonist in our everyday life. This scenario made companies like Zoom, Google, Apple, Meta, and others grow explosively....