Ian Barker

Non-human identities (NHIs) refer to things like API keys, service accounts, system accounts, OAuth tokens. You may not give them too much thought, but a new report from Silverfort looks at the impact they have on an organization's cybersecurity.

Active Directory service accounts -- used for machine-to-machine communication within Microsoft’s Active Directory's (AD) environments -- are the most common and regularly compromised NHIs.

Continue reading →

While 27 percent of security experts perceive AI and deepfakes to be the biggest cybersecurity threats to their organisations not all have a responsible use policy in place.

The third part of a survey of over 200 information security professionals carried out at Infosecurity Europe 2024 has been released today by KnowBe4 and it finds 31 percent of security professionals admit to not having a 'responsible use' policy on using generative AI within the company currently in place.

Continue reading →

A new report from phishing protection specialist Bolster identifies 24 separate nation-state threat actor groups attempting to exploit rising political tensions across the US to interfere with the 2024 presidential elections.

Attackers are leveraging AI to automate mass spam campaigns, and also to reply in real-time. This targeting and interactivity at scale increases their chances of gaining access to more sensitive data. The influx of election-themed spam is a significant cyber threat, causing widespread confusion among citizens and undermining trust in legitimate election communications.

Continue reading →

For some time now AI has been the go-to technology to enable informed decision making, accelerate innovation, and enhance experiences for both employees and customers.

A new report from Cloudera shows that 88 percent of enterprises are adopting AI in some capacity, but many are still lacking the necessary data infrastructure and employee skills to truly benefit from it.

Continue reading →

It's fair to say that no industry is truly safe from cyber attacks these days, the aviation sector is at particular risk due to the volume of customer data it handles and the potential to cause widespread disruption.

A new report from SecurityScorecard focuses on cybersecurity vulnerabilities across the airline industry and its various supply chains.

Continue reading →

Almost half (49 percent) of all detected spam emails are attributed to business email compromise (BEC) scams, with the CEO, followed by HR and IT, being the most common targets according to a new report.

The research from VIPRE Security Group puts a more sinister complexion on this trend, revealing that a full 40 percent of the BEC emails uncovered were AI-generated, and in some instances, AI likely created the entire message.

Continue reading →

Cybersecurity is a high priority for organizations, yet often they're unsure if they're focusing their effort in the right places, and spending too much or too little on protecting themselves.

Robin Oldham, CEO of Cydea, believes current methods of understanding cyber risk are outdated and misrepresent risk and lead to misunderstandings that only promote fear, uncertainty and doubt. We spoke to him to find out what can be done to change this mindset and approach.

Continue reading →

Almost half of financial services leaders had a positive view of AI in 2023. But despite this initial excitement, the implementation of planned initiatives this year has been sluggish.

A new report from Lucidworks finds only one in four AI projects have been deployed, similar to many of the other industries surveyed. In 2023, the most common expected impact of Gen AI for financial services was business operations improvement. The majority of deployed initiatives followed suit in 2024, however, the industry reports below average cost and revenue benefits.

Continue reading →

Take up of passkeys as a more secure means of accessing websites has been a little disappointing to date, but new research from Dashlane shows that passkeys are starting to gain traction with consumers.

It finds that early passkey adoption is largely being driven by the consumer space, with 'sticky' apps (those used frequently on a daily basis -- including Facebook and X) leading the way.

Continue reading →

A new survey of 800 security decision-makers across the US, UK, Germany and France reveals that 76 percent of security leaders recognize the pressing need to move to shorter certificate lifespans to improve security.

However, the study from machine identity specialist Venafi, also shows many feel unprepared to take action, with 77 percent saying the shift to 90-day certificates will mean more outages are inevitable.

Continue reading →

A new global ransomware study of nearly 1,000 organizations in a variety of industries finds most firms are facing a never-ending series of breaches, a serious epidemic that leaves them continuously in the crosshairs of ransomware gangs.

The study from Semperis also shows that 39 percent of attacked companies in the US, UK, France and Germany paid a ransom four times or more in the past 12 months.

Continue reading →

Of course all companies are vulnerable to email threats, but analysis by Barracuda of targeted email attacks over the past year, reveals that organizations are vulnerable in different ways, according to their size.

Lateral phishing -- where attacks are sent to mailboxes across the organization from an already compromised internal account -- makes up just under half (42 percent) of targeted email threats against organizations with 2,000 employees or more, but just two percent of attacks against companies with up to 100 employees.

Continue reading →

New email rules from major providers mean that businesses need to adopt the DMARC standard in order to ensure that their emails get delivered.

But while the new rules have received a good deal of publicity there hasn't been much attention paid to those not running their own mail server and relying on a third-party mail services.

Continue reading →

As we've become more reliant on tech devices we use them in more places that ever before, which in turn means more opportunities for them to suffer mishaps.

A new report from Secure Data Recovery UK looks at the common ways that people damage or lose their tech and at some of the weirder ones too.

Continue reading →

This time last week businesses around the world were rocked by major disruption as a faulty update to the CrowdStrike security software brought down Windows systems.

The company has now issued a preliminary report into the incident which reveals that a 'Rapid Response Content' configuration update caused the problem.

Continue reading →