Ian Barker

Non-human identities (NHIs) outnumber human identities by between 10 and 50 times, but the industry lacks solutions to properly address this hole in the security perimeter.

Traditional IAM solutions and best practices aren't sufficient when it comes to managing NHIs, as evidenced by some recent breaches that have stemmed from exploitation of NHIs.

Continue reading →

Microsoft first announced its Pluton security processor as far back as 2020 and more recently has said it will be enabled by default on all Copilot+ PCs as part of the company's commitment to Secure by Design.

Today the company is releasing more details about Pluton and how it operates. Operating directly on dedicated hardware on the CPU system-on-chip (SoC), Pluton helps provide additional protection for sensitive assets like credentials and encryption keys, using a combination of hardware, firmware and software

Continue reading →

Half of businesses have reported a growth in deepfake and AI-generated fraud, alongside rising biometric spoofs and counterfeit ID fraud attempts, according to the 2025 State of Identity Fraud Report, released today by AuthenticID.

The report analyzes internal proprietary data anonymized from AuthenticID's identity verification and fraud detection technology. When paired with insights from annual fraud surveys of both fraud and technology professionals as well as consumers in North America, the report offers a comprehensive view of the fraud landscape.

Continue reading →

In findings that rather seem to contradict the wisdom of President Trump's return to office mandate for government employees, a new report from Cloudbrink shows that 'work from anywhere' employees actually put in longer hours than their nine to five counterparts.

Analysis of usage data from thousands of users of Cloudbrink's Personal SASE service shows heavy transfer of data on Fridays and heavy usage starting at 7:00 am and continuing to 7:00 pm. The report concludes that employees are working quite a bit outside the office, but could be even more productive if technical challenges could be reduced.

Continue reading →

One of the risks AI teams face is sensitive data lurking where it shouldn't be -- risks that are increasing as the volume unstructured data grows across all industries, a situation made worse still by GenAI.

Unstructured data management specialist Komprise is launching new sensitive data detection and mitigation capabilities to help organizations prevent the leakage of PII and other sensitive data to AI and reduce the risk of potentially ruinous data breaches.

Continue reading →

It's not exactly Big Brother, but a new analysis of Chrome extensions from Incogni reveals that 67 percent collect user data, and 41 percent collect personally identifiable information (PII), including sensitive details like credit card numbers, passwords, and location data.

Extensions like Grammarly, which make writing almost anything effortless, or Vetted, which act as online shopping assistants, are quickly becoming essentials of everyday life. But because many users trust Google's ecosystem, they also assume that third-party extensions vetted through the Chrome Web Store are equally safe.

Continue reading →

A new report reveals that APIs have emerged as the predominant attack surface over the past year, with AI being the biggest driver of API security risks.

The survey from Wallarm, of 200 US-based enterprise leaders on AI and API security, finds over 53 percent report engaging in multiple AI deployments. These deployments are primarily enabled by API technology, cementing APIs as the foundation of enterprise AI adoption. However, while AI integration drives rapid API adoption across industries, it also introduces unique risks.

Continue reading →

As AI reshapes business operations, companies are facing new challenges around cost uncertainty, security, and data integrity. The rise of hybrid cloud strategies -- combining private clouds with public infrastructure -- is becoming a key approach to addressing these concerns.

While enterprises focus on cost control, safeguarding sensitive corporate data, and preventing AI-driven data leakage, they are also trying to leverage LLMs to exploit data in the public cloud while retaining sensitive data in private clouds that they control.

Continue reading →

The percentage of organizations considering alternatives to Oracle Java has jumped significantly from 72 percent in 2023 to 88 percent today.

The Azul 2025 State of Java Survey and Report finds 99 percent of enterprises are using Java. The top reasons given for considering a migration away from Oracle Java include cost (42 percent), preference for open-source (40 percent), Oracle sales tactics (37 percent), uncertainty created by ongoing changes to pricing and licensing (36 percent), and restrictive Oracle policies (33 percent).

Continue reading →

While 51 percent of organizations rely on their security teams to manage AI risks, 33 percent say that they either lack a dedicated role or are unsure who holds responsibility for AI risk management.

A new report from Wing Security and the Cloud Security Alliance also highlights that only 44 percent of organizations prioritize protecting all their sanctioned applications, while a mere 17 percent include unsanctioned ones as a priority.

Continue reading →

The increased connectivity of business systems and devices is making it harder for organizations to defend against ransomware attacks according to a new report.

The study from Illumio, with research conducted by the Ponemon Institute, shows organizations perceive the cloud and endpoints as being the most vulnerable, and 34 percent say a lack of visibility across hybrid environments makes it difficult to respond to ransomware attacks.

Continue reading →

Fears of a data breach dominate consumer concerns, with 64 percent naming breaches as their top privacy worry.

A new report, based on responses from almost 2,500 people around the world, released by Acronis to mark this year's Data Privacy Day, shows that in spite of heightened awareness 25 percent of respondents have experienced data theft or loss and 12 percent remain unsure if they've been breached, underlining the hidden nature of many cyberattacks.

Continue reading →

Today has seen millions of dollars wiped off US market tech stocks by the launch of DeepSeek, the latest Chinese AI that threatens US dominance in the sector.

This is partly because DeepSeek can run on much less powerful hardware than rivals such as OpenAI's o1. DeepSeek also says that its v3 model, released in December, cost less than $6 million to train, less than a tenth of what Meta spent on its most recent system.

Continue reading →

Reported security incidents in critical infrastructure worldwide have grown by 668 percent since 2022 according to a new report from Forescout.

There have been 10 percent more incidents for critical infrastructure sectors than in 2023 and more than half of all incidents (57 percent) affected critical infrastructure sectors. Network infrastructure devices (routers, firewalls, VPNs, etc.) are the second largest category and increased from three percent (2022) to 11 percent (2023) and now 14 percent (2024).

Continue reading →

A new report from Obsidian Security reveals an unprecedented 300 percent year-on-year increase in SaaS breaches between September 2023 and 2024.

This surge comes as organizations increasingly rely on SaaS applications with current spend on SaaS in the hundreds of billions, or approximately $8,700 per employee for tools such as Workday, Google Workspace, ServiceNow, and Office 365.

Continue reading →