Articles about cybersecurity

New research shows institutions in the financial sector experience up to 300 times more cyberattacks than other sectors, with large banks reporting 45 percent of their employees susceptible to phishing attacks.

The study from KnowBe4 reveals almost all (97 percent) of major US banks experienced third-party breaches in 2024, while targeted intrusions against financial institutions increased by 109 percent year-on-year.

Continue reading →

Today's security operations center has to deal with a relentless flood of telemetry from IaaS, SaaS, identity providers, endpoints, and email providers. While AI can help many existing solution focus only on a small portion of SOC challenges.

Exaforce is launching its agentic security operations (SOC) platform, combining AI-native capabilities for the entire SOC lifecycle alongside a fully managed MDR service. It aims to employ agentic AI across the entire security operations lifecycle, spanning threat detection, alert triage, investigation, threat hunting, and response.

Continue reading →

As cyber threats become more frequent and complex, CISOs are increasingly concerned about their organization’s ability to withstand a material attack. 76 percent feel at risk of experiencing a material cyberattack in the next 12 months, yet 58 percent say they are unprepared to respond.

The latest Voice of the CISO report from Proofpoint surveyed 1,600 global CISOs across 16 countries and finds human behavior remains a critical vulnerability, with 92 percent attributing at least some data loss to departing employees.

Continue reading →

The UK’s Online Safety Act has already led to controversy in a number of areas, but it seems that, on a positive note, it may have helped drive a growing level of privacy awareness among internet users.

New research from AstrillVPN shows a surge in searches related to privacy tools. Data breach checker ‘Have I Been Pwned’ has topped the list of the UK’s most searched online privacy tools, receiving an average of 67,542 monthly searches.

Continue reading →

New research from Fortinet’s FortiGuard Labs highlights a recently identified phishing campaign that uses carefully crafted emails to deliver malicious URLs linked to convincing phishing pages.

These pages are designed to entice recipients into downloading JavaScript files that act as droppers for UpCrypter, malware that ultimately deploys various remote access tools (RATs).

Continue reading →

A new State of the Security Profession survey from The Chartered Institute of Information Security (CIISec) shows that 91 percent of the profession believe ultimate responsibility for cybersecurity lies with the board and not security managers or CISOs (just 31 percent).

The survey focused on regulation in the light of a wave of major regulations either recently passed or coming into force -- including the EU AI Act, DORA, NIS2 and the UK’s Data (Use and Access) Bill.

Continue reading →

Artificial intelligence is making insider threats more effective according to a new report which also shows that 53 percent of respondents have seen a measurable increase in insider incidents in the past year.

The survey, of over 1,000 cybersecurity professionals, from Exabeam finds 64 percent of respondents now view insiders, whether malicious or compromised, as a greater risk than external actors. Generative AI is a major driver of this, making attacks faster, stealthier, and more difficult to detect.

Continue reading →

A new survey from Gurucul in collaboration with Cybersecurity Insiders finds that 87 percent of respondents are deploying, piloting or evaluating AI-powered SOC tools, but only 31 percent are using them across core detection and response workflows.

The study, based on responses from over 700 cybersecurity leaders around the world, finds human and identity risks are still a major concern. 78 percent of security leaders identify social engineering and phishing as their top threat, followed closely by identity-based attacks (73 percent). However, 67 percent say they still lack visibility into access behavior and lateral movement.

Continue reading →

Cybersecurity professionals are sounding the alarm, not about increasingly sophisticated cyber threats, but about something far more human --  distraction.

New research from KnowBe4 shows distraction (43 percent) and lack of security awareness training (41 percent) are identified as the primary reasons employees fall victim to cyberattacks, rather than sophistication of the attacks themselves.

Continue reading →

Artificial intelligence is being used to streamline many business tasks, but at the same time it opens up new attack vectors and risks.

Secure AI specialist WitnessAI is announcing two new products aimed at securing enterprise LLMs and AI applications through automated red-teaming and behavioral runtime protection.

Continue reading →

On average, enterprises spend 11 hours of employee time investigating and remediating a single critical identity-related security alert.

A new study from Enterprise Strategy Group, of 370 IT and cybersecurity decision makers, shows this affects the capacity of security teams to manage alert volume, and this is only made worse in the age of AI.

Continue reading →

Threat researchers at Barracuda have uncovered two new techniques being used by cyber attackers to help malicious QR codes evade detection in ‘quishing’ attacks.

Quishing is a form of phishing that involves the use of QR codes embedded with malicious links that, when scanned, redirect victims to fake websites designed to steal their credentials or other sensitive information.

Continue reading →

There’s been some controversy around the use of VPNs recently, mostly centering on the UK’s Online Safety Act. But despite this August 19th is International VPN Day and NordVPN has issued a timely reminder of the importance of using one.

A VPN isn’t just for tech experts, it’s a first line of defense against surveillance, data theft, and invasive tracking. However, not all VPNs are created equal and free ones may offer weaker protection and end up with your data being sold rather than protected.

Continue reading →

New AI agents launched today by Druva, the company says, will fundamentally change the way customers secure, recover, and manage their data.

A major expansion to DruAI, the company’s suite of AI capabilities for customers, features intelligent agents that can interpret user intent, analyze data, and take meaningful action. This shift aims to move enterprises beyond traditional, query-based AI to agentic systems designed for action -- helping teams strengthen cyber resilience with greater speed, simplicity, and confidence.

Continue reading →

The radical shortening of SSL/TLS certificate lifespans from 398 days to 47 days by 2029 is shaking up the cybersecurity world. New research shows 96 percent of organizations are concerned about the impact of shorter SSL/TLS certificate lifespans on their business.

The study from Sectigo, developed in collaboration with global research firm Omdia, surveyed over 270 IT decision makers and finds fewer than one in five organizations feel very prepared to support the coming shift to 47-day certificate renewal cycles.

Continue reading →