If you’ve been in the cybersecurity field for a while, you’ve probably noticed that there’s less emphasis on formal disaster recovery and business continuity plans than there used to be. CISOs still create plans, but it’s not the centerpiece of cybersecurity operations in the same sense.  As security technology evolved, people started focusing more on technology solutions that they hoped could prevent problems altogether.

There’s some magical thinking involved in that, and ironically, one of the biggest struggles CISOs face now is how their organizations think about cybersecurity problems, i.e., that there shouldn’t be problems. That’s not the world we live in. Having difficulties is not the issue. Rather, thinking there are magic solutions that can eliminate every weakness is the problem. We need to rethink cybersecurity to accommodate this reality and create a holistic response for when problems inevitably arise.

The threat landscape is constantly evolving and the shift to hybrid has only widened the attack surface. Today, organizations continue to be in the firing line as cybercriminals exploit their most used application: emails. The proliferation of phishing and business email attacks have seen hackers targeting the biggest corporate security weakness; employees.

Threat actors target workers because they are seen as the weakest link. Cybercriminals are thriving by targeting and exploiting staff, especially those who haven’t received effective user education and training. As the attack surface expands and threats become more sophisticated, organizations must reinvent the wheel by changing their approach to cybersecurity. Where should they start? With training employees and providing omnipresent tools and technology to prevent, detect, and recover from even the most sophisticated of attacks.

Threats to your business come in many forms. For most organizations, the biggest threats to their survival are related to cybersecurity. An Allianz survey found this to be true, as "cyber incidents" ranked as the biggest risk to organizations, overtaking "business interruption". Whether those threats are external or internal, they are continuous and evolving because of the ever-increasing shift towards digital.

Over 98 percent of UK security professionals have reported an increase in cyber-attacks against their businesses in the past year. A further 96 percent say those attacks have become more sophisticated. This shows the need for constantly-evolving UK cybersecurity.

A new survey reveals that 60 percent of respondents believe their overall security strategy does not keep pace with the threat landscape, and that they are either lagging behind (20 percent), treading water (13 percent), or merely running to keep up (27 percent).

The study from privileged access management specialist Delinea also shows that 84 percent of organizations experienced an identity-related security breach in the last 18 months, despite 40 percent of respondents believing they have the right strategy in place.

One in three employees doesn't understand the importance of cybersecurity at work according to new research from email security company Tessian.

In addition only 39 percent of employees say they're very likely to report a security incident, making investigation and remediation even more challenging and time-consuming for security teams. When asked why, 42 percent of employees say they wouldn't know if they had caused an incident in the first place, and 25 percent say they don't care enough about cybersecurity to mention it.

Cyber threats are growing in volume and sophistication, but efforts to combat them are being hampered by a shortage of cybersecurity skills.

One way of meeting that shortage is to look at upskilling and retraining within the current workforce. We spoke to Apratim Purakayastha, chief technology officer at Skillsoft, to find out more about how using innovative learning solutions can deliver the skills businesses need.

Quantum computing with its vastly improved processing capability offers the chance of many positive developments in research and science. But it also represents a potential threat to our current encryption models.

How big is quantum's threat to cybersecurity? And should we be taking action on this now? We talked to Skip Sanzeri, QuSecure co-founder and COO, to find out.

"Automation" has become a buzzword in cybersecurity circles. That is not surprising in an environment where security specialists are in short supply and under intense pressure to defend the business against a huge variety of threats from innumerable different sources. Using technology to do at least some of the work seems like a no-brainer. Nevertheless, it seems that organizations are finding it hard to get the right approach to cybersecurity automation.

Threat Quotient conducted research last year that found resources, time and a lack of trust in outcomes are preventing companies from realizing the benefits of automation. In a recent webinar, myself, Nabil Adouani, CEO of Strange Bee and co-founder of The Hive Project, and our Global VP of Threat Intelligence Engineering Chris Jacobs discussed the current state of automation, the expectations around what automation can actually achieve, and what this means for implementation in the real world.

It's a rare cybersecurity product these days that doesn't claim to have some form of AI capability. But exactly what benefits does AI deliver? And is there a risk of an arms race as threat actors also turn to the technology?

We spoke to Corey Nachreiner, CSO at WatchGuard Technologies, to find out more about the role of AI in cybersecurity.

Risk-based strategies are most successful in preventing security breaches, according to a new study from Skybox Security.

Of companies taking a risk-based approach 48 percent suffered no breaches, 50 percent were top performers in time to mitigate issues, and 46 percent top performers in response time.

Companies with small security teams continue to face a number of unique challenges that place these organizations at greater risk than larger enterprises, according to a new study.

Research from Cynet, based on responses from 200 CISOs at small and medium businesses, finds 58 percent feel their risk of attack is higher compared to enterprises, despite the fact that enterprises are a bigger target.

It's reckoned that women make up only around a quarter of the cybersecurity workforce. And yet the women who do work in the sector are generally better qualified than their male counterparts.

Despite this there is still a clear divide across the technology sector generally, in both treatment and pay. So, is the cybersecurity sector under-utilizing female talent? And what advantages can a more gender diverse workforce deliver?

Organizational cybersecurity has significantly improved over the last year, following positive shifts in influence by CISOs and changing attitudes towards security culture, according to a new report.

The ninth annual Information Security Maturity report, published by ClubCISO in collaboration with Telstra Purple, surveyed more than 100 information security leaders around the world and finds 54 percent report that 'no material incident occurred', in the past year, compared to 27 percent in 2021.

Cybersecurity is one of the most pressing issues for businesses. For the first time, it has been identified by security professionals as the single biggest risk to an organization. Cybersecurity risks come in many forms but, while businesses need to protect against all threats, some are more urgent than others.

Prioritizing the levels of risk associated with cybersecurity incidents will help you protect your business from the most pressing threats first. For example, if you have an unsupported operating system (OS) on your PCs, they are very likely to get breached, whereas your up-to-date systems pose less risk. But how do you determine the biggest risks in your business? Read on to find out how.

In the past year, research indicates that nearly a third of organizations have accelerated their plans to automate key security and IR processes, whilst another 85 percent plan on automating them in the next 12 months.

Despite the positivity of these statistics, many organizations struggle to change to a more automated process. This was highlighted at a recent webinar we held with a panel of senior cybersecurity experts from a multitude of sectors. The discussion revealed that, while most organizations are exploring automation, few have made significant progress and they attributed this to a combination of factors including needing an improved understanding of automation, increased help from vendors and a lack of good IT foundations.