Articles about cybersecurity

A new study from RSAC finds most CISOs’ budgets increased between 2024 and 2025 and their top areas of investment for 2025-2026 are identity and data protection.

While 76 percent of CISOs report that their budgets for 2024-25 had increased, just 12 percent saw their budgets decrease.

Continue reading →

As we approach the busiest time of the year for online shopping, scammers and phisherfolk are also preparing for a seasonal bonanza. 1Password has surveyed 2,000 American adults to learn how people are protecting themselves -- or not -- from phishing scams.

It finds that 66 percent of respondents say they’ve noticed more 'scammy' messages, phone calls, and ads since AI became more prevalent. In addition 82 percent of respondents have been phished, or have come dangerously close to it.

Continue reading →

While AI adoption is now nearly universal, governance and visibility have failed to keep pace, according to a new report from Cycode.

The study shows that 97 percent of organizations are already using or piloting AI coding assistants, and all confirm having AI-generated code in their codebases. Yet, despite this near-total adoption, 81 percent lack visibility into AI usage and 65 percent report increased security risks associated with AI.

Continue reading →

A new report, based on a global survey of 250 decision makers at large financial services organizations of over 5,000 employees, shows that 82 percent have suffered a data breach via cyberattack, or a data leak, an unintentional exposure of sensitive data, in the past year.

The report from Blancco Technology Group finds 43 percent of breaches or leaks were attributed to stolen devices and drives.

Continue reading →

New research from Sophos into ransomware in the retail industry shows that among organizations that had data encrypted, 58 percent paid the ransom to get their data back -- the second highest payment rate in five years.

The survey, of 361 retail IT and cybersecurity leaders across 16 countries, also finds that 46 percent of attacks began with an unknown security gap, while 30 percent exploited known vulnerabilities. 58 percent of victims with encrypted data paid, however, only 48 percent of attacks resulted in encryption. The median ransom demand doubled to $2 million from 2024 and average payment increased five percent to $1 million.

Continue reading →

New research from Forescout Vedere Labs reveals that 65 percent of devices across organizations are no longer traditional IT. Of these 11 percent are network equipment, while 24 percent are part of the extended IoT, such as IoT, OT and IoMT.

Financial services (54 percent), healthcare (45 percent) and oil, gas and mining (40 percent) are the sectors that have the highest percentages of non-IT devices.

Continue reading →

It’s known as an ‘ohno-second’ that moment in time when you realize you’ve clicked send on something you shouldn’t have. But it’s no laughing matter, a new survey of more than 300 security and IT professionals from Abnormal AI highlights the growing threat and business impact of legitimate email messages sent to the wrong recipient.

These misdirected emails can result in data breaches, regulatory violations, remediation costs, and reputational damage. The research shows 98 percent percent of security leaders consider misdirected email as a significant risk when compared to other data loss risks like malware and insider threats.

Continue reading →

APIs were once treated as behind-the-scenes connectors. Today, they are the enterprise nervous system, linking cloud workloads, data platforms, SaaS tools, and increasingly, autonomous AI agents. This centrality makes them irresistible targets.

According to multiple industry reports, API-related vulnerabilities are among the fastest-growing classes of security incidents. The problem isn’t just exposure; it’s amplification. A single unprotected API can open the door to everything it touches, from sensitive customer records to critical operational systems.

Continue reading →

Cloud-native platforms are built for speed with ephemeral workloads, rapid deployments, and plenty of third-party app dependencies.

This poses a real challenge to the deployment of runtime security tools. We talked to Bob Tinker, founder and CEO of BlueRock.io, to discuss how organizations can protect their cloud systems effectively.

Continue reading →

A new report finds that while 73 percent of employees are encouraged to use AI 33 percent don’t always follow AI policies.

The study from 1Password, based on data from 5,200 desk-based knowledge workers across the US, Canada, the UK, Germany, France, and Singapore, also finds 52 percent of employees have downloaded apps without IT approval.

Continue reading →

Date breaches affecting businesses and online services are ever more frequent and can affect anyone who is unfortunate enough to be a customer or supplier.

Finding out the facts about a breach can be tricky, however, as information is heavily reliant on self-disclosure. Proton is launching its Data Breach Observatory, which delivers a truer picture of the risks by monitoring and reporting cyberattacks and data breaches based on data sourced directly from the dark web.

Continue reading →

Employees receive large numbers of emails every day and it’s estimated that 25 to 35 percent of these will be from people they haven’t communicated with before. Knowing whether or not a message has come from a legitimate new sender is almost impossible.

Until now that is. Email security specialist StrongestLayer is launching AI Advisor, a security assistant designed specifically to verify first-time senders and unknown contacts in real-time.

Continue reading →

The average household now contains 22 connected home devices and is subjected to nearly 29 attacks each day, almost triple the rate recorded last year.

This the key finding of a new joint report from Bitdefender and NETGEAR which highlights how the expanding Internet of Things ecosystem, spanning everything from smart TVs and streaming boxes to routers and cameras, has dramatically increased consumer exposure to automated cyberattacks and large-scale exploitation.

Continue reading →

A new report from digital trust provider DigiCert highlights an unprecedented surge in distributed denial-of-service (DDoS) attacks that reached ‘internet tsunami’ scale, with two events peaking at 2.4 Tbps (terabits per second) and 3.7 Tbps respectively.

Attack traffic increasingly originates from regions where digital infrastructure is outpacing regulation, with Vietnam, Russia, Colombia, and China ranking among the top five sources.

Continue reading →

A new report shows that organizations taking longer than nine hours to address an email security breach have a 79 percent chance of also being a victim of ransomware.

The study from Barracuda, based on a survey of 2,000 IT decision makers carried out by Vanson Bourne, also finds that most of the organizations surveyed (78 percent) experienced an email breach in the previous 12 months, with the average cost to recover reaching $217,068.

Continue reading →