cybersecurity

The majority of CISOs are taking on responsibilities beyond cybersecurity, including business risk, IT oversight, and digital transformation. Three percent of CISOs attribute their raise to taking on larger scope, while others see it reflected in merit increases.

New research from IANS Research and Artico Search surveyed over more than 830 CISOs and other security leaders to understand the key trends and challenges reshaping CISO role.

Smaller businesses are just as vulnerable to cybersecurity issues as larger ones, more so in some cases as they have fewer resources to devote to protection.

New research from UK cloud services firm Six Degrees looks at the concerns of UK SMEs. It finds 35 percent cite AI-related threats as their top concern, outranking malware (25 percent), scams and other fraud (25 percent), phishing (25 percent), and ransomware (23 percent).

Despite being an effective tool for safeguarding sensitive information, encryption remains underutilized by many organizations, leaving them vulnerable to cyber threats.

Many companies still rely on perimeter security measures, viewing encryption as optional rather than essential. Misconceptions about the complexity and cost of encryption further hinder its adoption, leading to a reactive approach that often waits for a data breach before taking action.

In 2024, ransomware groups claimed responsibility for 5,461 successful ransomware attacks on organizations worldwide. Of these 1,204 were confirmed by the targeted organizations, according to analysis by Comparitech.

Across the 1,204 confirmed attacks, 195.4 million records have been breached. These figures for 2024 are lower than those recorded in 2023 (1,474 attacks affecting 261.5 million records), though they are expected to rise as reports often come in months later.

Research by Fortinet has uncovered what it terms a 'phish-free' PayPal phishing attack that seeks to trick the unwary into giving up control of their account.

It starts with an email request for payment that appears to come from a valid email address. Click the link and you're taken to a PayPal login page showing a request for payment. This is where it gets clever because if you do login your account gets linked to the address the email was sent to -- not the one you received it on.

Exabeam's cloud-native, New-Scale Security Operations Platform has become the first security operations platform compatible with the Open-API Standard (OAS).

This gives SOC teams the power to quickly create automations and playbooks with their best-of-breed portfolios and ditch disjointed, monolithic systems that provide merely 'good enough' security.

New research from Netskope Threat Labs has found that 94 percent of organizations are now using GenAI apps, but interestingly more than 99 percent have controls in place to mitigate the risks that they pose.

Organizational use of GenAI has grown from 81 percent of companies using the apps in 2023. ChatGPT continues to be the most popular genAI app, being used in 84 percent of organizations.

New research from hardware authentication security key provider Yubico shows nearly half of Gen Z (47 percent) and Millennials (46 percent) have had their social media account passwords hacked.

It's no surprise then that these generations are keen to adopt hardware security keys, reflecting a growing mistrust of traditional passwords and a shift toward more secure, physical authentication methods.

The state of high-profile cyber incidents in recent years has highlighted the fact that defenses need to be kept up to date to provide adequate protection.

AI and machine learning have the potential to transform security operations to enhance protection against emerging threats. We spoke to Gurucul CEO Saryu Nayyar to get her view on how protection technologies are evolving and why this is so crucial.

With a constant power struggle between attackers and defenders cybersecurity is a fast-moving area. That makes it notoriously hard to predict what might happen, but that doesn't stop us trying. Here are what some industry experts think the cybersecurity world has in store for 2025.

Sasha Gohman, VP, research at Cymulate, thinks ransomware will become obsolete. "Ransomware may become obsolete due to the fact that decrypting your important files may become a feasible task with quantum computing. On the other hand, ransomware operators may then choose to encrypt your important files with quantum-resilient encryption."

Governments around the world are increasingly legislating for cybersecurity and privacy. But regions often have differing views on how this should be achieved.

We spoke to Christian Have, CTO of Logpoint, to get insight into how US surveillance laws could serve as a catalyst for Europe to take greater control over its data, pushing forward the concept of digital sovereignty.

A new report from phishing defense company Cofense highlights increasingly sophisticated phishing attacks that are exploiting trusted email security companies such as Proofpoint, Mimecast and Virtru to trick users into disclosing sensitive credentials.

The attacks make use of fake email attachments, phishing links and credential-harvesting tactics to compromise sensitive data. By mimicking well-known brands, threat actors boost the likelihood that the recipients will trust the emails and engage with harmful content, leading to them exposing critical information.

Phishing remains one of the most significant cyber threats impacting organizations worldwide and a new report shows credential theft attacks surged dramatically in the second half of 2024, rising by 703 percent.

The report from SlashNext shows that overall, email-based threats rose by 202 percent over the same period, with individual users receiving at least one advanced phishing link per week capable of bypassing traditional network security controls.

Artificial intelligence has been one of the fastest growing areas in the tech sector over the past few years.

As AI becomes more commonly adopted what changes can we expect to see happening in 2025? Here are some expert views.

Despite organizations putting in place better security controls the pace of data breaches shows no signs of slowing down.

We spoke to Jon Fielding, managing director, EMEA at Apricorn, to discuss the latest data breach trends, the progress that's been made and where more work is needed to address security threats.