Ian Barker

Businesses could be forfeiting up to five percent or more of their revenue to fraud, considering the hidden costs of operational inefficiencies, compliance penalties and customer attrition, according to a new report.

Based on responses from almost 600 decision-makers and strategic leaders across financial services, fintech, payments, eCommerce and iGaming, the study from fraud prevention and compliance specialist SEON, finds budget allocations indicate that 86 percent of companies are spending over three percent of revenues on anti-fraud measures.

Advanced email attacks on non-profit organizations have surged 35 percent year-on-year according to a new report from Abnormal Security.

Credential phishing attacks on non-profit organizations have escalated by 50.4 percent over the past year too. By stealing login credentials, cybercriminals gain access to internal communications, donor databases, and financial records, allowing them to launch further attacks or sell sensitive information on the dark web.

For enterprises, making the right cyber security investment isn't just about selecting the most advanced technology. To truly get the best return, decision-makers must also consider the strategic and financial aspects of their choices.

We spoke to Ben Vaughan, chief commercial officer at Bridewell, to discuss how by engaging with the right teams, businesses can ensure their security solutions are not only technically sound but also aligned with their long-term financial goals and sustainable growth.

A new survey of 300 IT and security professionals, commissioned by Red Canary and conducted by Censuswide, finds that just 35 percent of data stored in legacy SIEMs delivers tangible value for threat detection.

In addition, only 13 percent of organizations separate out low value data for cheaper storage in a raw data repository. Due to SIEM storage costs, 68 percent of IT security decision makers say they discard low value data and have to hope they won't regret it.

Over the past year, more than 50 percent of organizations have experienced at least one security incident involving ICS/OT systems. Among the top vulnerabilities exploited are internet-accessible devices (33 percent) and transient devices (27 percent), often used to bypass traditional defenses.

A new report from the SANS Institute, in partnership with OPSWAT, shows that while 55 percent of organizations reported increased ICS/OT cybersecurity budgets over the past two years, much of that investment remains heavily skewed toward technology, with limited focus on operational resilience.

New research from Darktrace finds that 78 percent of CISOs say that AI-powered threats are having a significant impact on their organizations, a five percent increase from 2024.

There's more confidence about dealing with them though, more than 60 percent now say that they are adequately prepared to defend against these threats, an increase of nearly 15 percent year-on-year.

Inconsistent adoption of DMARC standards is leaving 60 percent of US healthcare organizations that have already reported breaches exposed to a second attack.

The study from Red Sift looks at breaches reported to the US Department of Health and Human Services (HHS) during 2023-2024 shows that of 101 companies analyzed, 61 percent remain unprotected, with 33 having no DMARC policy and 28 lacking any data on DMARC.

Certificates are an important part of security for organizations but they're not without risks. These include certificates with long lifespans (one in every 13 certificates have lifespans over two years), certificates without key usage (one in every 25 certificates), certificates with negative serial numbers (one in every 27 certificates), and unsanctioned domain usage.

Keyfactor is launching a Command Risk Intelligence which will visibility into every certificate in use and helps teams proactively identify and mitigate certificate-related risks before they disrupt business operations.

In DevOps and IT circles, the word 'observability' has been bandied about for the past few years. Observability is one of those hot and trendy terms which also means different things to different people.

Yet the goal is generally the same: how can we observe our environment and then proactively and even automatically make fixes to things that aren't working, are anomalous, suspicious and/or could potentially cause a disastrous outcome? Such outcomes could include a network failure, a security breach, a server reaching capacity, or in the unstructured data management world -- something else entirely.

Before VoIP communication turned mainstream, Skype was a pioneer of the technology. Launching back in 2003 it became the go to application for people wanting to make calls over the internet and contact phone numbers from their computer.

Since then it's had something of a checkered history. It was bought by eBay for $2.6 billion in 2005 before Microsoft snapped it up for $8.5 billion in 2011 as a replacement for Live Messenger.

A new report shows that 87 percent of companies in the US and UK have, or are in the process of, rolling out passkeys with goals tied to improved user experience, enhanced security, and compliance.

The research from the FIDO Alliance, along with underwriters Axiad, HID, and Thales, finds 47 percent report rolling out a mix of device-bound passkeys on physical security keys and/or cards and passkeys synced securely across the user's devices.

As the European Union updated the Network and Information Security (NIS 2) Directive in October last year, many companies were asking: what does it take to comply with this sweeping new regulation? Designed to tighten cybersecurity across critical industries, NIS 2 goes beyond the original directive’s framework, bringing strict rules, wider sectoral reach, and substantial penalties.

We spoke to Sam Peters, chief product officer at isms.online, to find out what businesses need to know to ensure compliance and understand the directive's impact on both operations and reputation.

Blockchain technology has often been touted as a game changer for the security of transactions in different fields.

However, many organizations still don't full appreciate its value or how to incorporate it into their applications. We spoke to Lee Jacobson, senior vice president business development Web3 at video game commerce company Xsolla to find out about how blockchain implementation can be made easier.

The rise of AI and increasing global regulations have raised the stakes for businesses, as they navigate complex requirements to protect sensitive data and ensure ethical practices.

A new survey from trust management platform Drata reveals that 48 percent of governance, risk, and compliance (GRC) professionals struggle to keep pace with updates to existing compliance frameworks and identifying areas needing attention.

Third-party risk has emerged as a dominant driver of cyber insurance claims and material losses in 2024, according to new data from leading cyber risk solutions company Resilience.

Cyber insurance claims data shows that third-party risk, including ransomware and outages affecting vendors, accounted for 31 percent of all claims in 2024. Even more startling, third-party risk led to claims with incurred losses for the first time ever, making up nearly a quarter (23 percent) of incurred claims in 2024 (compared to none in 2023).