Articles about cybersecurity

Phishing remains a significant threat to organizations. A new report from Darktrace shows 17.8 million phishing emails detected across its customer fleet between December 21, 2023, and July 5, 2024. Alarmingly, 62 percent of these emails successfully bypassed DMARC checks.

Cybercriminals are embracing more sophisticated tactics, techniques and procedures designed to evade traditional security parameters.

Continue reading →

The interconnected nature of modern business means that a vulnerability in one part of the supply chain can have far-reaching consequences. New research from SecurityScorecard and The Cyentia Institute identified 99 percent of Global 2000 companies are directly connected to vendors that have had recent breaches.

The study shows that 20 percent of these large enterprises use a thousand or more products. Supply chain incidents cost 17 times more to remediate and manage than first-party breaches.

Continue reading →

A new study from managed detection and response specialist Critical Start shows concerns about unknown risks have increased 17 percent compared to last year, with 86 percent naming them as a top issue.

The research, conducted in partnership with Censuswide, finds 66 percent of businesses report limited visibility and insight into their cyber risk profiles and 65 percent of executives express concerns over misalignment between cybersecurity investments and the organization's risk reduction priorities.

Continue reading →

It's often accepted without question that Apple devices are more secure. But analysis by Picus Security of 136 million simulated cyberattacks shows that macOS could only protect against 23 percent of them because of how poorly most security teams manage Apple devices.

The research highlights that macOS endpoints are far more likely to be misconfigured or allowed to operate without Endpoint Detection and Response (EDR). Consequently macOS endpoints only prevented 23 percent of simulated attacks, compared to 62 percent and 65 percent for Windows and Linux respectively.

Continue reading →

A new survey of more than 6,000 respondents globally finds that 62 percent of people are worried about managing too many passwords, accounts and logins.

The report from Keeper Security shows that this leads to some dubious password management with 26 percent relying on memory, 24 percent writing them down and 19 percent storing them in a browser or phone notes app. Two in five also admit to reusing passwords.

Continue reading →

Non-human identities (NHIs) refer to things like API keys, service accounts, system accounts, OAuth tokens. You may not give them too much thought, but a new report from Silverfort looks at the impact they have on an organization's cybersecurity.

Active Directory service accounts -- used for machine-to-machine communication within Microsoft’s Active Directory's (AD) environments -- are the most common and regularly compromised NHIs.

Continue reading →

While 27 percent of security experts perceive AI and deepfakes to be the biggest cybersecurity threats to their organisations not all have a responsible use policy in place.

The third part of a survey of over 200 information security professionals carried out at Infosecurity Europe 2024 has been released today by KnowBe4 and it finds 31 percent of security professionals admit to not having a 'responsible use' policy on using generative AI within the company currently in place.

Continue reading →

It's fair to say that no industry is truly safe from cyber attacks these days, the aviation sector is at particular risk due to the volume of customer data it handles and the potential to cause widespread disruption.

A new report from SecurityScorecard focuses on cybersecurity vulnerabilities across the airline industry and its various supply chains.

Continue reading →

Almost half (49 percent) of all detected spam emails are attributed to business email compromise (BEC) scams, with the CEO, followed by HR and IT, being the most common targets according to a new report.

The research from VIPRE Security Group puts a more sinister complexion on this trend, revealing that a full 40 percent of the BEC emails uncovered were AI-generated, and in some instances, AI likely created the entire message.

Continue reading →

Cybersecurity is a high priority for organizations, yet often they're unsure if they're focusing their effort in the right places, and spending too much or too little on protecting themselves.

Robin Oldham, CEO of Cydea, believes current methods of understanding cyber risk are outdated and misrepresent risk and lead to misunderstandings that only promote fear, uncertainty and doubt. We spoke to him to find out what can be done to change this mindset and approach.

Continue reading →

Almost half of financial services leaders had a positive view of AI in 2023. But despite this initial excitement, the implementation of planned initiatives this year has been sluggish.

A new report from Lucidworks finds only one in four AI projects have been deployed, similar to many of the other industries surveyed. In 2023, the most common expected impact of Gen AI for financial services was business operations improvement. The majority of deployed initiatives followed suit in 2024, however, the industry reports below average cost and revenue benefits.

Continue reading →

Take up of passkeys as a more secure means of accessing websites has been a little disappointing to date, but new research from Dashlane shows that passkeys are starting to gain traction with consumers.

It finds that early passkey adoption is largely being driven by the consumer space, with 'sticky' apps (those used frequently on a daily basis -- including Facebook and X) leading the way.

Continue reading →

A new survey of 800 security decision-makers across the US, UK, Germany and France reveals that 76 percent of security leaders recognize the pressing need to move to shorter certificate lifespans to improve security.

However, the study from machine identity specialist Venafi, also shows many feel unprepared to take action, with 77 percent saying the shift to 90-day certificates will mean more outages are inevitable.

Continue reading →

A new global ransomware study of nearly 1,000 organizations in a variety of industries finds most firms are facing a never-ending series of breaches, a serious epidemic that leaves them continuously in the crosshairs of ransomware gangs.

The study from Semperis also shows that 39 percent of attacked companies in the US, UK, France and Germany paid a ransom four times or more in the past 12 months.

Continue reading →

Of course all companies are vulnerable to email threats, but analysis by Barracuda of targeted email attacks over the past year, reveals that organizations are vulnerable in different ways, according to their size.

Lateral phishing -- where attacks are sent to mailboxes across the organization from an already compromised internal account -- makes up just under half (42 percent) of targeted email threats against organizations with 2,000 employees or more, but just two percent of attacks against companies with up to 100 employees.

Continue reading →