Ian Barker

As we've already seen today AI systems are becoming increasingly popular targets for attack.

New research from Snyk and Lakera looks at the risks to AI agents and LLMs from prompt injection attacks.

Continue reading →

The UK government has announced the launch of a new scheme that will encourage the building of new generative AI tools to help teachers when they’re planning lessons or marking homework.

This will involve the creation of a 'data store' for education data including the national curriculum, guidance for teachers, lesson plans and more. The £3m ($3.96m) data store will help tech companies build AI tools that teachers can trust to help in their work by making this data machine readable.

Continue reading →

New research from Legit Security shows that widely available GenAI development services risk sensitive information exposure, or leakage of secrets.

Legit's analysis of unprotected vector databases finds that 30 servers investigated contained corporate or private data, including company email conversations, customer PII, product serial numbers, financial records, resumes, and contact information.

Continue reading →

As network boundaries can no longer be relied on to define the limits of cybersecurity, zero trust has become the overarching framework that now guides enterprise security strategies.

However, Zero Trust Network Access (ZTNA) has its limitations, especially in application security, and this can open up risk for organizations heavily reliant on SaaS systems.

Continue reading →

A new report reveals that 98 percent of organizations attacked by bots in the past year have lost revenue as a result.

The latest State of Bot Mitigation Report from Kasada, based on a survey of over 220 US tech professionals, also shows that despite investing heavily in bot defenses, most solutions are proving to be ineffective. Just one in five say that after initial deployment their bot mitigation solution retained effectiveness for more than 12 months.

Continue reading →

Swiss company Proton is known for its privacy focused solutions including secure mail, VPN and password manager. Today the company launches a new service, Proton Drive for Business.

This is a comprehensive solution designed to provide secure and private cloud storage, file sharing, and real-time document collaboration for organizations. In an era where data breaches and unauthorized use of company documents are common, this new service offers security and privacy to businesses of all sizes, with end-to-end encryption.

Continue reading →

Between January 2023 and January this year, critical infrastructure worldwide saw over 420 million attacks -- equivalent to 13 attacks per second -- marking a 30 percent increase from 2022.

A new report from security awareness specialist KnowBe4 shows cyberattacks targeting critical infrastructure have surged globally, posing significant risks to national security and economic stability.

Continue reading →

A new report from Normalyze shows that 89 percent of organizations expect to see a significant or moderate increase in data security budgets over the next 12 months, driven by the escalating threat landscape and stringent regulatory requirements like GDPR and HIPAA.

The report, based on research by Omdia, finds top security priorities include reducing the opportunity for threats to infiltrate data stores (59 percent), improving data security posture (53 percent), and demonstrating ROI through improved reporting and business communication (42 percent).

Continue reading →

So far this year, vulnerabilities have risen by 11 percent and the availability of publicly known exploits has increased by six percent.

The latest Cyber Threat Intelligence Index from Flashpoint reveals 17,518 newly disclosed vulnerabilities in the first half of the year. Also, over 45 percent of all vulnerabilities disclosed in H1 2024 are rated high to critical in CVSSv3.

Continue reading →

The IT world has always been a fast moving one and that means skills need to be kept up to date if you're not going to fall behind.

We spoke to Brett Shively, CEO of ACI Learning a provider of IT, cybersecurity and audit training for organizations around the world, about the importance of training and how a personalized approach can pay off.

Continue reading →

Although it dates back to the very early days of the internet, email remains a vital communications channel for businesses. But it also continues to present security challenges.

A new report from Abnormal Security reveals a 350 percent year-on-year growth in file-sharing phishing attacks, while business email compromise attacks (BEC) have grown over 50 percent from the second half of 2023 to the first half of 2024.

Continue reading →

Over the past few years, technology teams have split into smaller work groups with more focused tasks. The rise of the cloud has created the need for DevOps teams, and the gap has grown wider between teams that build products and teams that manage products.

At the same time, applications have become dramatically more complicated. This has given rise to specialized site reliability engineers who are well-versed in monitoring all application components, including APIs. However, focusing API resilience in one team has allowed organizations to treat the symptoms rather than the underlying problem.

Continue reading →

Manufacturing and industrial products remain the most targeted sectors by cyber threat actors in the first half of 2024, with 377 confirmed reports of ransomware and database leak hits in the first half of the year.

A new report from managed detection and response specialist Critical Start is based on analysis of 3,438 high and critical alerts generated by 20 supported Endpoint Detection and Response (EDR) solutions, as well as 4,602 reports detailing ransomware and database leak activities across 24 industries in 126 countries.

Continue reading →

According to a new report, ransomware productivity has shown signs of leveling off in 2024, however, the frequency of attacks and ransom payments collected remains higher in the first half of 2024 compared to the same periods in 2022 and 2023.

The report from WithSecure suggests law enforcement actions, notably the take down of the Lockbit ransomware group in February 2024, have played a critical role in disrupting major ransomware operations.

Continue reading →

Although enterprises are adopting GenAI in a big way, only five percent of the 1,000 cybersecurity experts responding to a new survey have confidence in the security measures protecting their GenAI applications even as 90 percent are actively using or exploring its use.

The research from Lakera shows attack methods specific to GenAI, or prompt attacks, are easily used by anyone to manipulate the applications, gain unauthorized access, steal confidential data and take unauthorized actions.

Continue reading →