As cybercrime continues to increase, organizations must consider actions to improve their cyber security and cyber resilience. There are constantly new ransomware and data breach headlines hitting the news, and, according to research, a company falls victim to a cyberattack every 39 seconds.

To bolster cybersecurity, organizations must maintain constant awareness, and they should regularly update systems, encrypt and backup data. Cyber security is an ongoing action, it requires constant vigilance as cybercriminals are always looking for new ways to exploit systems and steal data. In addition, 85 percent of all organizations consider their data as one of their most valuable assets, and hackers also share this view. Ransomware is not a problem that is going to go away on its own, especially as it continues to be very profitable for criminal cyber gangs. Having said that, there are many things that you and your organization can do to mitigate against becoming another victim of cyber crime.

New research from Malwarebytes reveals that employees are being tricked into downloading remote monitoring and management tools like AnyDesk to open up back doors to corporate networks.

In a standard phishing technique potential victims are targeted via an email or SMS message, personalized to match their roles within the organization. The link in the email goes to what looks like a legitimate bank website with a link to open a chat support session.

Traditionally, organizations have focused on measuring the results of their cyber security strategies in terms of threat events or security incidents to determine how effective their security controls are.

However, in today's fast-paced world, the real game-changer is aligning security outcomes with business objectives and this is where 'outcome-based security' plays a huge role. It's a shift in focus for organizations, but one which can empower security teams to add even greater value to the strategic goals of the business.

Google has decided to make Magika open source, but what exactly is it? Well, it is an innovative AI-powered system that the search giant designed to revolutionize the way binary and textual file types are identified. Magika stands out for its ability to deliver precise file identification within milliseconds, even when operating on a CPU.

Magika employs a custom, highly optimized deep-learning model that has been meticulously designed and trained using Keras. This model is remarkably lightweight, weighing in at just about 1MB. For inference, Magika utilizes Onnx as an engine, ensuring that files are identified swiftly, almost as quickly as non-AI tools, even on a CPU.

The latest ransomware report from GuidePoint Security shows a decline in activity in January compared to the final quarter of last year, with a drop in the total number of posted victims by 33 percent and 60 percent relative to December and November 2023.

However, this is consistent with the trends of January of 2022 and 2023, both of which also followed heightened Q4 activity from the previous year.

A 'forest' -- in case you didn't know -- is the top-level logical container in an Active Directory configuration that holds domains, users, computers, and group policies.

This level presents a security challenge and a new survey of 1,000 IT professionals from Cayosoft reveals a 172 percent increase in forest-wide Active Directory outages since 2021.

A new report from HP Wolf Security shows cybercrime groups are using professional advertising tools to optimize their malware campaigns and convince users to take the bait.

The report identifies the DarkGate campaign which uses ad tools to sharpen attacks. Malicious PDF attachments, posing as OneDrive error messages, direct users to sponsored content hosted on a popular ad network. This leads to DarkGate malware which hands backdoor access to cybercriminals into networks, exposing victims to risks like data theft and ransomware..

In a new report on the impact of generative AI on security posture, Menlo Security looks at employee usage of gen AI and the subsequent security risks these behaviors pose to organizations.

It finds that 55 percent of data loss prevention events detected by Menlo Security in the last thirty days included attempts to input personally identifiable information. The next most common type of data that triggered DLP detections included confidential documents, which represented 40 percent of input attempts.

A new report from Veracode shows that software security debt -- flaws that have gone unfixed for over a year -- is found in 42 percent of applications.

Although the number of high-severity flaws has reduced 70.8 percent of organizations still suffer from security debt. 45.9 percent have critical security debt, that is high-severity flaws that have been unfixed for 12 months or more.

Just as cybersecurity threats are constantly evolving, so are the compliance regulations that organizations must follow. And as these regulations tighten so the risks of non-compliance become higher.

Cam Roberson, VP at Beachhead Solutions, a provider of cloud-managed PC and mobile device encryption, security, and data access control, sat down with us to discuss what enterprises need to know about the current state of cybersecurity compliance.

1Password has launched its new global partner program today, aiming to enhance its suite of security solutions through strategic partnerships and support tools. This initiative is part of a multi-year strategy designed to provide partners with comprehensive access to 1Password’s security solutions and a toolkit of sales, marketing, and enablement resources.

The program is launching with key partners including Amazon Web Services (AWS), Arrow Electronics, Insight Enterprises, Microsoft, SVA, and many others. 1Password aims to grow its partner ecosystem further by adding more partners across North America, EMEA, and APAC regions.

With cyber threats becoming increasingly sophisticated, organizations face new challenges in safeguarding their digital assets. A new report from Info-Tech Research Group looks at the issues IT and security leaders must prioritize over the coming year.

It highlights the need to take account of the cybersecurity talent shortage, the rise of AI-driven threats, the integration of security risks with business risks, the adoption of zero-trust frameworks, and the increasing significance of automating security operations.

A new report from Picus Security looks at real-world malware samples and identifies the most common techniques leveraged by attackers.

It identifies a surge in 'hunter-killer' demonstrating a shift in adversaries' ability to identify and neutralize advanced enterprise defenses such as next-gen firewalls, antivirus, and EDR. According to the report, there has been a 333 percent increase in malware that can actively target defensive systems in an attempt to disable them.

The overwhelming majority of organizations (91 percent) have experienced a software supply chain incident in the past 12 months, according to a new report.

The study from Data Theorem and the Enterprise Strategy Group surveyed over 350 respondents from private- and public-sector organizations in the US and Canada across cybersecurity professionals, application developers and IT professionals.

The cybersecurity landscape is changing all the time and security teams are constantly searching for anything that can give them an edge in defending their systems.

We spoke to Rajeev Gupta, co-founder and chief product officer at insurance specialist Cowbell Cyber, about cyber risk assessment and how it can help businesses understand their level of risk and improve it to stay ahead of bad actors and threats like phishing attempts.