Articles about cybersecurity

New research reveals the top five industries most frequently targeted by specifically tailored phishing attacks using either the recipient's name, email address, phone number, or company name.

The study from Cofense using data drawn from the Cofense Intelligence product between Q3 2023 to Q3 2024 shows, unsurprisingly, that finance tops the list, accounting for 15.5 percent of all credential phishing emails where the product redacted information from the subject in order to safeguard the recipient.

Continue reading →

Just as shoppers heading online for Black Friday and Cyber Monday deals a new report from Bitdefender uncovers interesting parallels with behavior on dark web marketplaces.

Cybercriminals too, it seems, browse for the best deals on an assortment of unconventional goods and services. In a digital underground that mirrors traditional e-commerce in many ways, these markets cater to buyers with specific -- and often illegal needs.

Continue reading →

A new report finds that 35 percent of small business employees or owners report clicking on a phishing link via mobile.

The research, carried out by OnePoll for CyberSmart, among 250 small-medium enterprise business owners or leaders in the UK also finds 30 percent of respondents report losing or having had stolen a mobile phone containing sensitive corporate information, leaving their business more vulnerable to potential cybercriminal activity.

Continue reading →

Organizations are facing increasingly sophisticated threats to their identity infrastructure so it's not surprising that a new survey of over 370 IT professionals shows use of identity threat detection and response (ITDR) technology is growing, though many are running into roadblocks to unlocking its full potential.

The study from Quest Software shows 84 percent of organizations are reaping benefits from their ITDR efforts, even if it hasn’t been fully implemented. Over one in three (36 percent) say their expectations have been fully met or exceeded.

Continue reading →

A new report reveals that HR and IT-related phishing emails claim a significant 48.6 percent share of top-clicked phishing types globally.

The research from KnowBe4 also shows that among large companies -- 1,000+ employees -- the most targeted industries are healthcare and pharmaceuticals with a Phish-Prone Percentage (PPP) of 51.4 percent, insurance on 48.8 percent and energy and utilities on 47.8 percent.

Continue reading →

Almost two-thirds of office workers admit they've prioritized productivity over safe cybersecurity practices -- 63 percent also own up to using a corporate device to access social media, messaging or entertainment sites/applications.

Research from identity and access management company CyberArk also shows that 80 percent access work applications from personal devices, with C-suite executives being among the worst offenders.

Continue reading →

The open source software supply chain shows signs of 'AppSec exhaustion,' with organizations showing diminished engagement in security practices and struggling to meet vulnerability management goals, according to a new report.

The study from Snyk, based on a survey of 453 professionals across application development and security, shows that open-source security is more important than ever, as hackers have recognized the efficiency of targeting open-source software as a single entry point to multiple orgs.

Continue reading →

Cybersecurity is often frustratingly seen as a boardroom burden -- a compulsory cost to keep threats at bay. This “necessary evil” mindset is holding businesses back and leading to a critical opportunity to leverage security as a driver of success being missed.

It’s time we looked at cybersecurity investments differently. Rather than the board reluctantly seeing the investments solely as a necessity for threat prevention, organizations should see cybersecurity also as a powerful enabler of productivity and growth. As digital transformation accelerates across manufacturing, healthcare, and other critical infrastructure sectors where cyber-physical systems (CPS) underpin operations, security needs to keep up with the pace of innovation, supporting -- and even driving -- new efficiencies, customer trust, and competitive advantages which all come with improving cyber and operational resilience.

Continue reading →

Hack the Cybersecurity Interview, Second Edition, is the essential guide for anyone aiming to navigate this changing landscape. This edition, updated and expanded, addresses how to find cybersecurity jobs in tough job markets and expands upon the original cybersecurity career paths.

It offers invaluable insights into various cybersecurity roles, such as cybersecurity engineer, penetration tester, cybersecurity product manager, and cybersecurity project manager, focusing on succeeding in interviews.

Continue reading →

As a small business owner reading endless news stories about cyberattacks against well-known enterprise names, it can be easy to think it won’t happen to you. In reality, hackers don’t discriminate: businesses of all sizes can, and do, find themselves on the receiving end of data breaches, and the financial and reputational consequences that often accompany them.

According to the Cyber Security Breaches Survey 2024, half of all UK businesses, including many small and medium-sized businesses (SMBs), reported experiencing a cyberattack within the last year. Despite these high attack rates, only 22 percent of businesses have a formal incident response plan in place, leaving many SMBs vulnerable to serious financial, operational, and reputational damage. This cyber complacency can have serious repercussions if not urgently addressed.

Continue reading →

Cyber threats are becoming more complex and it can be difficult for defenders to see the big picture and make decisions accordingly.

Now though help is at hand as ImmuniWeb is launching a free online tool making historical data on the security of internet-accessible resources available to the global cybersecurity community, educational institutions, government agencies, and even individual researchers.

Continue reading →

The cybersecurity landscape is more complex than ever and that means enterprises need to have a real-time picture of their exposure.

We spoke to Nadir Izrael, CTO and co-founder of Armis, to learn what this should look like and how security teams can evaluate and evolve their security programs to achieve more control over their asset landscape.

Continue reading →

Thanksgiving, Black Friday, Cyber Monday, and Christmas bring millions of shoppers online with attractive discounts and limited time offers, but of course they also create ideal conditions for cybercriminals to exploit unwary bargain hunters.

A new report from Fortinet's FortiGuard Labs looks at the evolving threat surface of eCommerce, highlighting how cybercriminals are leveraging Remote Code Execution (RCE) exploits, Man-in-the-Middle (MITM) phishing kits, sniffers, and website cloning services to manipulate online transactions and gain access to steal sensitive data.

Continue reading →

Smaller businesses lack the tech resources of larger ones so it's common practice that they not only allow employees to use their personal mobile phones to complete work tasks but in many cases actively expect them to.

Research carried out by OnePoll for SME security solutions company CyberSmart finds that 60 percent of organizations expect their employees to use mobile devices to carry out work tasks despite not providing all of them with work phones.

Continue reading →

As we approach the peak holiday shopping season a new survey of nearly 400 IT security decision-makers and retail customers from identity specialist HYPR shows that 58 percent of retail organizations experienced at least one authentication-related breach and 65 percent were victims of identity fraud over the last 12 months.

Retailers have suffered losses of up to $6.27 million in the last year alone due to insecure authentication methods. By contrast financial institutions reported only $4.57 million lost during the same period.

Continue reading →