Articles about cybersecurity

A new report from cyber insurance provider Coalition shows 58 percent of ransomware claims in 2024 started with threat actors compromising perimeter security appliances like virtual private networks (VPNs) or firewalls.

Remote desktop products are the second-most exploited for ransomware attacks at 18 percent. The most common initial access vectors (IAVs) being stolen credentials (47 percent) and software exploits (29 percent). Vendors including Fortinet, Cisco, SonicWall, Palo Alto Networks, and Microsoft build the most commonly compromised products.

Continue reading →

While 86 percent of employees believe they can confidently identify phishing emails, nearly half have fallen for scams according to new research from security awareness training company KnowBe4.

The study, which surveyed professionals across the UK, USA, Germany, France, Netherlands, and South Africa, reveals a growing gap between confidence and competence in identifying cyber threats.

Continue reading →

As with other forms of 'off the books' shadow tech, used by employees without company approval, shadow AI is a double-edged sword.

Cyberhaven Labs recently reported a sharp 485 percent increase in corporate data flowing to AI systems, with much of it going to risky shadow AI apps.

Continue reading →

New research from governance, risk, and compliance (GRC) specialist MetricStream, in collaboration with GRC Report, looks at risk practitioners' priorities for 2025.

Navigating the complex regulatory landscape is among their top challenges this year, named by 51 percent, with new guidelines, evolving requirements, and unexpected policy shifts occurring almost weekly.

Continue reading →

It's that time again, as we approach the end of the tax year scammers are seeking to cash in with a raft of phishing emails, deepfake phone calls, and fake tax prep websites.

New research from McAfee shows 23 percent of Americans say they or someone they know has lost money to a tax scam and 61 percent of victims have lost more than $1,000.

Continue reading →

The latest threat report from Deep Instinct shows ransomware attacks increasing by 30 percent, driven by AI-powered phishing and Ransomware-as-a-Service offerings.

The findings reveal that AI-generated phishing campaigns have grown in efficacy with advancements in reconnaissance and video and voice generation tools.

Continue reading →

Businesses could be forfeiting up to five percent or more of their revenue to fraud, considering the hidden costs of operational inefficiencies, compliance penalties and customer attrition, according to a new report.

Based on responses from almost 600 decision-makers and strategic leaders across financial services, fintech, payments, eCommerce and iGaming, the study from fraud prevention and compliance specialist SEON, finds budget allocations indicate that 86 percent of companies are spending over three percent of revenues on anti-fraud measures.

Continue reading →

Advanced email attacks on non-profit organizations have surged 35 percent year-on-year according to a new report from Abnormal Security.

Credential phishing attacks on non-profit organizations have escalated by 50.4 percent over the past year too. By stealing login credentials, cybercriminals gain access to internal communications, donor databases, and financial records, allowing them to launch further attacks or sell sensitive information on the dark web.

Continue reading →

For enterprises, making the right cyber security investment isn't just about selecting the most advanced technology. To truly get the best return, decision-makers must also consider the strategic and financial aspects of their choices.

We spoke to Ben Vaughan, chief commercial officer at Bridewell, to discuss how by engaging with the right teams, businesses can ensure their security solutions are not only technically sound but also aligned with their long-term financial goals and sustainable growth.

Continue reading →

The truth about cybersecurity is that it’s almost impossible to keep hackers outside of an organization, particularly as the cybercrime industry becomes increasingly sophisticated and their technology more advanced.

Once a hacker has broken through an organization’s defenses, it is relatively easy to move within the network and access information without being detected for days, and even months. This is a significant concern for Banking and Financial Services organizations, which house valuable sensitive and Personally Identifiable Information (PII). The goal of cybersecurity is to minimize the risk and the impact of a breach. Understanding the adversary’s mindset and activity is central to this.

Continue reading →

Over the past year, more than 50 percent of organizations have experienced at least one security incident involving ICS/OT systems. Among the top vulnerabilities exploited are internet-accessible devices (33 percent) and transient devices (27 percent), often used to bypass traditional defenses.

A new report from the SANS Institute, in partnership with OPSWAT, shows that while 55 percent of organizations reported increased ICS/OT cybersecurity budgets over the past two years, much of that investment remains heavily skewed toward technology, with limited focus on operational resilience.

Continue reading →

New research from Darktrace finds that 78 percent of CISOs say that AI-powered threats are having a significant impact on their organizations, a five percent increase from 2024.

There's more confidence about dealing with them though, more than 60 percent now say that they are adequately prepared to defend against these threats, an increase of nearly 15 percent year-on-year.

Continue reading →

Inconsistent adoption of DMARC standards is leaving 60 percent of US healthcare organizations that have already reported breaches exposed to a second attack.

The study from Red Sift looks at breaches reported to the US Department of Health and Human Services (HHS) during 2023-2024 shows that of 101 companies analyzed, 61 percent remain unprotected, with 33 having no DMARC policy and 28 lacking any data on DMARC.

Continue reading →

Certificates are an important part of security for organizations but they're not without risks. These include certificates with long lifespans (one in every 13 certificates have lifespans over two years), certificates without key usage (one in every 25 certificates), certificates with negative serial numbers (one in every 27 certificates), and unsanctioned domain usage.

Keyfactor is launching a Command Risk Intelligence which will visibility into every certificate in use and helps teams proactively identify and mitigate certificate-related risks before they disrupt business operations.

Continue reading →

A new report shows that 87 percent of companies in the US and UK have, or are in the process of, rolling out passkeys with goals tied to improved user experience, enhanced security, and compliance.

The research from the FIDO Alliance, along with underwriters Axiad, HID, and Thales, finds 47 percent report rolling out a mix of device-bound passkeys on physical security keys and/or cards and passkeys synced securely across the user's devices.

Continue reading →