Ian Barker

Recent cyberattacks like Volt Typhoon, BlackCat ransomware syndicate, and NuGet serve as stark reminders of the critical importance of monitoring cyber risks as these attacks could all have been prevented.

We spoke to Randy Watkins, chief technology officer at Critical Start, to discuss why organizations must know the difference between cyber risks and threats, and how those enterprises that fail to mitigate against cyber risk will remain reactive, and ultimately fall behind their competitors.

Continue reading →

Researchers at secure browser company Menlo Security have uncovered three new nation-state campaigns employing highly evasive and adaptive threat (HEAT) attack techniques.

In a 90-day period, the campaigns -- LegalQloud, Eqooqp, and Boomer -- compromised at least 40,000 high-value users, including C-suite executives from major banking institutions, financial powerhouses, insurance giants, legal firms, government agencies, and healthcare providers.

Continue reading →

AI is set to outpace security teams according to 91 percent of security leaders in a new Bugcrowd report.

AI is clearly seen as a double-edged sword. Despite plans to hire, 70 percent report that they plan to reduce the security team headcount within the next five years due to the adoption of AI technologies. Over 90 percent believe that AI already performs better than security professionals, or at least will in the near future. While 58 percent believe that the risks of AI are worse than its potential benefits.

Continue reading →

A new study from Checkmarx reveals that 63 percent of organizations surveyed have been victims of a supply chain attack in the last two years, while 18 percent have suffered an attack in the last year.

Even more worrying is that that 100 percent of the large enterprises represented by 900 AppSec professionals responding from the United States, Europe and Asia-Pacific have been the victims of a software supply chain attack at some point.

Continue reading →

Half of IT professionals believe there are devices connected to their network that they're unaware of, despite nearly 60 percent admitting that insecure devices pose a 'very high' or 'high' risk to their organization.

This is among the findings of a survey of 250 IT professionals by Advanced Cyber Defence Systems (ACDS) which also finds over two-thirds of organizations have experienced three or more data breaches in the past 24 months.

Continue reading →

Enterprise secrets could be inadvertently leaking via GitHub repositories, according to new research from Aqua Security.

By scanning the most popular 100 organizations on Github, which collectively includes more than 50,000 publicly accessible repositories, Aqua researchers found active secrets from open source organizations and enterprises such as Cisco and Mozilla providing access to sensitive data and software. The exposed secrets could lead to significant financial losses, reputational damage, and legal consequences.

Continue reading →

A new report shows that while 14 percent of organizations experienced an API attack in the last 12 months, only 38 percent say they have an API security solution in place.

The research from Traceable AI, based on a security of cybersecurity delegates at the RSA conference, finds that although 43 percent of organizations say they do not struggle with API sprawl, 33 percent are unsure if they are managing it effectively, and 24 percent acknowledge they are struggling.

Continue reading →

A new report reveals that organizations are suffering multiple ransomware infections, 18 percent have suffered a ransomware infection 10 or more times in a 24-month period, a further 18 percent were infected five to nine times, and 30 percent were infected between two and four times.

The study from anti-ransomware platform Halcyon also shows that data exfiltration occurs in nearly every major ransomware attack today, and nearly 60 percent of respondents say that sensitive or regulated data was exfiltrated from their organization, with 55 percent reporting the attackers issued an additional ransom demand to protect the exfiltrated data.

Continue reading →

A new study reveals growing anxiety among consumers that weaknesses in their banks' fraud-protection measures could leave them exposed to scammers, this would result in the vast majority (75 percent) switching providers.

For the report from Jumio sampled the views of more than 8,000 adult consumers, split evenly across the UK, US, Singapore, and Mexico, with research carried out by Censuswide.

Continue reading →

There's an abundance of apps and SaaS solutions readily available these days to make the lives of employees easier and perform many work-related tasks. And the list keeps growing, with the likes of ChatGPT and Gemini paving the way for more AI-driven virtual assistants.

This is all well and good, unless your organization doesn't sanction the use of the software in question, turning something seemingly innocuous into shadow SaaS -- and a security risk. We spoke to John Stringer, head of product at data loss prevention specialist Next DLP, to learn more.

Continue reading →

A new report finds that 76 percent of fraud and risk professionals believe their business has been targeted by AI-driven fraud, with over half reporting this type of fraud happening daily or weekly.

The study, from anti-fraud platform Sift, finds the emergence and increased adoption of AI tools, including publicly available chatbots, enables cybercriminals to conduct scalable fraud attacks against both individuals and businesses.

Continue reading →

Smaller businesses are often more at risk of cyberattack simply because they lack the resources of their larger counterparts.

WatchGuard Technologies is looking to change that with the launch of an open XDR solution that delivers levels of visibility into east/west and north/south network traffic previously only available to large enterprises with the resources to manage their own security operations center.

Continue reading →

Although many people fear that artificial intelligence could put their jobs at risk, a new study from Jitterbit shows that many see AI as offering new skills and personal growth opportunities.

Based on a survey by Censuswide of 1,022 full-time office workers in the UK and US, the study looks at how workers really feel about AI and the findings reveal a positive views of working with AI technology in professional settings.

Continue reading →

According to a new report, UK companies are prioritizing AI, with larger expected budget increases than in the US and Germany, and 90 percent considering AI a critical topic.

The report, from analytics database company Exasol, finds UK organizations expect to prioritize AI implementation through larger data and analytics budget increases over the next two to three years in the retail (+48 percent) and healthcare sectors (+100 percent).

Continue reading →

The cybersecurity landscape is a constantly changing one, with new threats emerging and old ones evolving. This makes it difficult for organizations to ensure their defenses are up to the task of properly protecting them.

We spoke to Balazs Greksza, threat response lead at Ontinue which recently published its first threat intelligence report, to find out about the latest threats and how organizations can address them.

Continue reading →