Developers historically have not been all that security savvy, but as software supply chain security becomes a larger and larger problem every day, enterprises are going to need to secure packages before they are put into production environments.

We spoke to Phylum CEO, Aaron Bray, to learn more about 'secure by design' and how it can make sure developers are being taught security as part of their development and training process and are also being provided with the necessary resources to code securely from the beginning.

Continue reading →

The latest Enterprise Cloud Index (ECI) survey from Nutanix shows that that while 80 percent of organizations have already implemented a GenAI strategy, implementation targets vary significantly.

Organizations are eager to leverage GenAI for productivity, automation, and innovation, but they also face critical hurdles in the form of data security, compliance, and IT infrastructure modernization. 95 percent of respondents agree that GenAI is changing their organization’s priorities

Continue reading →

As cloud environments become complex, security teams face increasing challenges in detecting, prioritizing, and addressing risks.

While cloud security posture management (CSPM) tools were created to provide visibility into cloud configurations and cloud workload protection platforms (CWPP) to manage threats to cloud workloads, they created gaps in providing holistic context that enables efficient risk management and didn't extend across the full software development life cycle (SDLC).

Continue reading →

The latest Phishing Trends Report from Hoxhunt -- based on a global sample size of 2.5 million email users, 50 million phishing simulations, and millions of real phishing attacks -- shows a 49 percent increase in phishing since 2021, driven partly by the rise of blackhat AI.

Among the findings are that between 0.7 percent and 4.7 percent of reported phishing attempts are written by AI. This may seem low but to put it into context numbers of AI phishing attempts were negligible six months earlier. Highly targeted, AI-enabled spear phishing attacks with multiple links in the kill chain are on the rise.

Continue reading →

According to a new study of 750 business and tech leaders, 58 percent say key business decisions are based on inaccurate or inconsistent data most of the time, if not always.

The research from IT consulting and digital services provider SoftServe shows the majority don’t understand the value of their data with 65 percent of all respondents believing no one at their organization understands all the data collected and how to access it.

Continue reading →

With authoritarian governments increasingly turning to censorship to silence dissent, limit information, and manipulate public opinion, it's perhaps not surprising that more people are turning to VPNs.

A new report from Proton VPN finds 2024 saw spikes in signups in 119 countries, including six countries with at least one spike in signups of over 5,000 percent, and four countries with at least one spike in signups of over 10,000 percent.

Continue reading →

New research from Orange Cyberdefense shows that 58 percent of large UK financial services firms suffered at least one third-party supply chain attack in 2024, with 23 percent being targeted three or more times.

The research suggests that firms must re-evaluate how they assess third-party risk. 44 percent of FS institutions only assess third-party risk during the initial supplier onboarding stage, while a similar proportion (41 percent) perform periodic risk assessments. Crucially, just 14 percent follow the gold standard of continuously assessing risk and using dedicated third-party risk management tools.

Continue reading →

A year on from Google and Yahoo implementing stricter requirements for bulk email senders, the rate of DMARC adoption has more than doubled.

A new study from Red Sift, based on the tracking of 72.85 million apex domains, shows the number of organizations adopting DMARC is up 2.32 million as of 18 December 2024.

Continue reading →

According to a new report, 60 percent of respondents claim that their organization is failing to keep pace with data changes resulting from AI demands.

In addition, the study from Immuta shows that traditional data architecture challenges persist, with nearly half of organizations identifying compliance and privacy as primary data concerns, and 64 percent citing significant challenges in providing timely and secure access to data for authorized users.

Continue reading →

A new report from LevelBlue reveals an increase in the use of Phishing-as-a-Service (PhaaS) kits, with business email compromise (BEC) remaining the most common form of
attack.

Because PhaaS kits are increasingly accessible, it's easier for threat actors to carry out advanced phishing attacks with minimal technical knowledge. According to the LevelBlue Threat Trends Report, there's a new PhaaS, known as RaccoonO365, on the block too. This kit uses methods that can intercept user credentials and multi-factor authentication (MFA) session cookies to bypass these common defensive measures.

Continue reading →

Analysis by NetDocuments of information collected by the UK Information Commissioner's Office (ICO) reveals a sharp increase in data breaches across the UK legal sector.

The report shows that in the period between Q3 2023 and Q2 2024, the number of identified data breaches in the UK legal sector rose by 39 percent (2,284 cases were reported to the ICO, compared to 1,633 the previous year).

Continue reading →

Analysis of close to one million operational technology (OT) devices by Claroty's Team82 research group finds that 12 percent contain known exploited vulnerabilities (KEVs), and 40 percent of the organizations analyzed have a subset of these assets insecurely connected to the internet.

The report uncovered over 111,000 KEVs in OT devices across manufacturing, logistics and transportation, and natural resources organizations, with 68 percent of these being linked to ransomware groups. The manufacturing industry was found to have the highest number of devices with confirmed KEVs (over 96,000).

Continue reading →

A new Cloud Risk Exposure Impact Report from ZEST Security shows that 62 percent of incidents are directly related to risks the security team had previously identified, researched fixes for, and had open tickets for remediation in the backlog.

The survey of over 150 security decision makers working in large US enterprises reveals that it takes 10 times longer to remediate vulnerabilities than it takes for attackers to exploit them, highlighting a significant advantage for attackers.

Continue reading →

A new report shows 90 percent of professionals surveyed report that complying with DORA, the NIS2 Directive, and/or the EU AI Act will impact their workload.

The study, from cloud-based risk and compliance platform AuditBoard, shows information security professionals feel the weight of compliance efforts most, with 38 percent expecting to be impacted to a great extent, compared to 29 percent of risk management professionals and 28 percent of IT professionals. Increased workloads could potentially lead to a greater risk of non-compliance as teams struggle to keep up with daily tasks.

Continue reading →

A new survey reveals that the financial industry has faced a surge in attacks, with 64 percent of respondents reporting cybersecurity incidents in the past 12 months.

The study from Contrast Security finds 71 percent of respondents reported zero-day attacks as the key concern to safeguarding applications and APIs, followed by dwell time (43 percent) and lack of visibility into the application layer (38 percent).

Continue reading →