Articles about cybersecurity

A new survey of over 900 security decision makers across the US, Europe and Australia, finds 60 percent of security teams are small, with fewer than 10 members. But despite their size, 72 percent report taking on more work over the past year, and an impressive 88 percent are meeting or exceeding their goals.

The study, carried out by IDC for AI-powered workflow company Tines, also finds security leaders are bullish about AI with 98 percent embracing it and a mere five percent believing AI will replace their job outright.

Continue reading →

Are you ready to welcome our new machine overlords? Okay, that might be a bit drastic, but the latest report from Sysdig reveals that there are now 40,000x more machine identities than human identities.

This has led to a greatly expanded attack surface as machine IDs are 7.5 times more risky, a dangerous liability given that nearly 40 percent of breaches start with credential exploitation.

Continue reading →

The shift to hybrid working means that managing enterprise networks has become more complicated, but legacy remote access solutions fall short in meeting the needs of supporting both managed and unmanaged users and devices.

Unmanaged users don't want to install heavyweight clients designed for managed use, such as VPN or ZTNA clients. Plus, in the case of contractors or consultants who service multiple customers, it's just not possible or practical to install multiple clients.

Continue reading →

Protecting critical national infrastructure (CNI) against attack is a huge undertaking for governments and for those organizations that deliver CNI services.

New regulation in Europe -- the NIS2 Directive -- includes an increased focus on resilience for CNI, covering traditional critical services like banking, utilities, transport and public safety as well as new provisions for digital service providers. In 2025, the Digital Operational Resilience Act (DORA) will enforce more stringent resilience and security requirements on the financial sector. And in the UK, the forthcoming Cyber Security and Resilience Bill will demand more investment in security too.

Continue reading →

A new report shows 70 percent of secrets leaked in 2022 remain active today, creating an expanding attack surface that grows more dangerous with each passing day.

The study from GitGuardian also reveals a 25 percent increase in leaked secrets year-on-year, with 23.8 million new credentials detected on public GitHub in 2024 alone.

Continue reading →

You might not often feel sorry for executives and entrepreneurs but research from Deloitte shows that their 'family offices' are prime targets for cybercriminals looking to exploit their personal networks, private data, and home devices which represent a weak security link.

This is why BlackCloak is launching Digital Executive Protection, an enhanced family office cybersecurity bundle designed to protect high-net-worth individuals, and corporate leaders.

Continue reading →

A new report from cyber insurance provider Coalition shows 58 percent of ransomware claims in 2024 started with threat actors compromising perimeter security appliances like virtual private networks (VPNs) or firewalls.

Remote desktop products are the second-most exploited for ransomware attacks at 18 percent. The most common initial access vectors (IAVs) being stolen credentials (47 percent) and software exploits (29 percent). Vendors including Fortinet, Cisco, SonicWall, Palo Alto Networks, and Microsoft build the most commonly compromised products.

Continue reading →

While 86 percent of employees believe they can confidently identify phishing emails, nearly half have fallen for scams according to new research from security awareness training company KnowBe4.

The study, which surveyed professionals across the UK, USA, Germany, France, Netherlands, and South Africa, reveals a growing gap between confidence and competence in identifying cyber threats.

Continue reading →

As with other forms of 'off the books' shadow tech, used by employees without company approval, shadow AI is a double-edged sword.

Cyberhaven Labs recently reported a sharp 485 percent increase in corporate data flowing to AI systems, with much of it going to risky shadow AI apps.

Continue reading →

New research from governance, risk, and compliance (GRC) specialist MetricStream, in collaboration with GRC Report, looks at risk practitioners' priorities for 2025.

Navigating the complex regulatory landscape is among their top challenges this year, named by 51 percent, with new guidelines, evolving requirements, and unexpected policy shifts occurring almost weekly.

Continue reading →

It's that time again, as we approach the end of the tax year scammers are seeking to cash in with a raft of phishing emails, deepfake phone calls, and fake tax prep websites.

New research from McAfee shows 23 percent of Americans say they or someone they know has lost money to a tax scam and 61 percent of victims have lost more than $1,000.

Continue reading →

The latest threat report from Deep Instinct shows ransomware attacks increasing by 30 percent, driven by AI-powered phishing and Ransomware-as-a-Service offerings.

The findings reveal that AI-generated phishing campaigns have grown in efficacy with advancements in reconnaissance and video and voice generation tools.

Continue reading →

Businesses could be forfeiting up to five percent or more of their revenue to fraud, considering the hidden costs of operational inefficiencies, compliance penalties and customer attrition, according to a new report.

Based on responses from almost 600 decision-makers and strategic leaders across financial services, fintech, payments, eCommerce and iGaming, the study from fraud prevention and compliance specialist SEON, finds budget allocations indicate that 86 percent of companies are spending over three percent of revenues on anti-fraud measures.

Continue reading →

Advanced email attacks on non-profit organizations have surged 35 percent year-on-year according to a new report from Abnormal Security.

Credential phishing attacks on non-profit organizations have escalated by 50.4 percent over the past year too. By stealing login credentials, cybercriminals gain access to internal communications, donor databases, and financial records, allowing them to launch further attacks or sell sensitive information on the dark web.

Continue reading →

For enterprises, making the right cyber security investment isn't just about selecting the most advanced technology. To truly get the best return, decision-makers must also consider the strategic and financial aspects of their choices.

We spoke to Ben Vaughan, chief commercial officer at Bridewell, to discuss how by engaging with the right teams, businesses can ensure their security solutions are not only technically sound but also aligned with their long-term financial goals and sustainable growth.

Continue reading →