Ian Barker

New research from Orange Cyberdefense shows that 58 percent of large UK financial services firms suffered at least one third-party supply chain attack in 2024, with 23 percent being targeted three or more times.

The research suggests that firms must re-evaluate how they assess third-party risk. 44 percent of FS institutions only assess third-party risk during the initial supplier onboarding stage, while a similar proportion (41 percent) perform periodic risk assessments. Crucially, just 14 percent follow the gold standard of continuously assessing risk and using dedicated third-party risk management tools.

Continue reading →

A year on from Google and Yahoo implementing stricter requirements for bulk email senders, the rate of DMARC adoption has more than doubled.

A new study from Red Sift, based on the tracking of 72.85 million apex domains, shows the number of organizations adopting DMARC is up 2.32 million as of 18 December 2024.

Continue reading →

According to a new report, 60 percent of respondents claim that their organization is failing to keep pace with data changes resulting from AI demands.

In addition, the study from Immuta shows that traditional data architecture challenges persist, with nearly half of organizations identifying compliance and privacy as primary data concerns, and 64 percent citing significant challenges in providing timely and secure access to data for authorized users.

Continue reading →

A new report from LevelBlue reveals an increase in the use of Phishing-as-a-Service (PhaaS) kits, with business email compromise (BEC) remaining the most common form of
attack.

Because PhaaS kits are increasingly accessible, it's easier for threat actors to carry out advanced phishing attacks with minimal technical knowledge. According to the LevelBlue Threat Trends Report, there's a new PhaaS, known as RaccoonO365, on the block too. This kit uses methods that can intercept user credentials and multi-factor authentication (MFA) session cookies to bypass these common defensive measures.

Continue reading →

Analysis by NetDocuments of information collected by the UK Information Commissioner's Office (ICO) reveals a sharp increase in data breaches across the UK legal sector.

The report shows that in the period between Q3 2023 and Q2 2024, the number of identified data breaches in the UK legal sector rose by 39 percent (2,284 cases were reported to the ICO, compared to 1,633 the previous year).

Continue reading →

Analysis of close to one million operational technology (OT) devices by Claroty's Team82 research group finds that 12 percent contain known exploited vulnerabilities (KEVs), and 40 percent of the organizations analyzed have a subset of these assets insecurely connected to the internet.

The report uncovered over 111,000 KEVs in OT devices across manufacturing, logistics and transportation, and natural resources organizations, with 68 percent of these being linked to ransomware groups. The manufacturing industry was found to have the highest number of devices with confirmed KEVs (over 96,000).

Continue reading →

A new Cloud Risk Exposure Impact Report from ZEST Security shows that 62 percent of incidents are directly related to risks the security team had previously identified, researched fixes for, and had open tickets for remediation in the backlog.

The survey of over 150 security decision makers working in large US enterprises reveals that it takes 10 times longer to remediate vulnerabilities than it takes for attackers to exploit them, highlighting a significant advantage for attackers.

Continue reading →

A new report shows 90 percent of professionals surveyed report that complying with DORA, the NIS2 Directive, and/or the EU AI Act will impact their workload.

The study, from cloud-based risk and compliance platform AuditBoard, shows information security professionals feel the weight of compliance efforts most, with 38 percent expecting to be impacted to a great extent, compared to 29 percent of risk management professionals and 28 percent of IT professionals. Increased workloads could potentially lead to a greater risk of non-compliance as teams struggle to keep up with daily tasks.

Continue reading →

A new survey reveals that the financial industry has faced a surge in attacks, with 64 percent of respondents reporting cybersecurity incidents in the past 12 months.

The study from Contrast Security finds 71 percent of respondents reported zero-day attacks as the key concern to safeguarding applications and APIs, followed by dwell time (43 percent) and lack of visibility into the application layer (38 percent).

Continue reading →

It's an increasingly rare system these days that doesn't claim to have incorporated artificial intelligence in some form or another.

But when implementing AI it's important to look beyond the hype and ensure that it can deliver real value for the business. We spoke to Ajay Kumar, CEO of SLK Software, about the need for a holistic approach to allow enterprises to leverage AI for solving complex business challenges.

Continue reading →

Nearly 5,300 ransomware victims were reported last year, a 26 percent increase from the previous year, according to new analysis.

The Cybernews team looked at data from the Ransomlooker tool, which monitors the dark web and other hidden areas of the internet, and found that the number active ransomware gangs also grew over the previous year.

Continue reading →

Non-human identities (NHIs) outnumber human identities by between 10 and 50 times, but the industry lacks solutions to properly address this hole in the security perimeter.

Traditional IAM solutions and best practices aren't sufficient when it comes to managing NHIs, as evidenced by some recent breaches that have stemmed from exploitation of NHIs.

Continue reading →

Microsoft first announced its Pluton security processor as far back as 2020 and more recently has said it will be enabled by default on all Copilot+ PCs as part of the company's commitment to Secure by Design.

Today the company is releasing more details about Pluton and how it operates. Operating directly on dedicated hardware on the CPU system-on-chip (SoC), Pluton helps provide additional protection for sensitive assets like credentials and encryption keys, using a combination of hardware, firmware and software

Continue reading →

Half of businesses have reported a growth in deepfake and AI-generated fraud, alongside rising biometric spoofs and counterfeit ID fraud attempts, according to the 2025 State of Identity Fraud Report, released today by AuthenticID.

The report analyzes internal proprietary data anonymized from AuthenticID's identity verification and fraud detection technology. When paired with insights from annual fraud surveys of both fraud and technology professionals as well as consumers in North America, the report offers a comprehensive view of the fraud landscape.

Continue reading →

In findings that rather seem to contradict the wisdom of President Trump's return to office mandate for government employees, a new report from Cloudbrink shows that 'work from anywhere' employees actually put in longer hours than their nine to five counterparts.

Analysis of usage data from thousands of users of Cloudbrink's Personal SASE service shows heavy transfer of data on Fridays and heavy usage starting at 7:00 am and continuing to 7:00 pm. The report concludes that employees are working quite a bit outside the office, but could be even more productive if technical challenges could be reduced.

Continue reading →