The annual Gartner Security and Risk Management Summit is always fertile ground for discovering the latest trends in cyber security, with this year being no exception. The 2023 event was held in early June, and central themes of this year's summit were the increasing complexity of managing cybersecurity adversaries, the increase in data breaches, and the heightened risk identity poses in an ever-evolving digital landscape.

One of the most significant takeaways from this year's summit is the role of Privileged Access Management (PAM) within the Cybersecurity Mesh.  The Cybersecurity Mesh distributed architectural approach to scalable, flexible, and reliable cybersecurity control. The Cybersecurity Mesh allows the security perimeter to be defined around the identity of a person or thing, highlighting the critical role PAM plays in modern cybersecurity strategies. The shift to remote work, accelerated by the global pandemic, and the subsequent rise in cloud-based infrastructures, have further emphasized the importance of the shift from infrastructure-based perimeters to identity perimeters.

A new survey of UK small and medium enterprises shows that 47 percent believe they are at greater risk of a cyberattack since the cost-of-living crisis.

The study from CyberSmart reveals that 38 percent believe this is due to increased malicious insider threats such as disgruntled employees making decisions that are not in the best interest of the company. While 35 percent believe it is due to negligent insider threats such as overworked or distracted employees making mistakes.

Two thirds of IT executives in the manufacturing sector believe that their enterprise will be targeted by a cyberattack within the next 12 months.

The study of 300 executives, carried out by CXO Priorities for Quest Software, shows that the most significant threats are seen as ransomware (22 percent), industrial espionage (21 percent), and state-sponsored threats (21 percent).

New survey findings from Lookout show that 70 percent of IT leaders in the financial services sector report a significant increase in data breaches compared to previous years.

Nearly half of organizations (47 percent) are struggling with the heightened difficulty of detecting and mitigating threats, while about a fifth (18 percent) face a significant lack of control over their applications and data.

Operational technology and industrial control system devices represent an attractive target for cybercriminals attempting to access networks, and for nation state actors looking to disrupt infrastructure.

Asset visibility and security company Armis is releasing new research identifying the riskiest devices that pose threats to critical infrastructure industries: manufacturing, utilities and transportation.

Blockchain is best known for its application in securing cryptocurrency. But in recent years it's expanded to drive emerging business in other sectors such as healthcare, real estate, smart contracts, and more.

Because blockchain ensures a tamper-proof ledger of the distributed transactions, it's sometimes used for high-risk transactions and exchanges. But this presents high stakes opportunities for adversaries to steal money and sensitive information.

Many organizations around the world are opting to pay ransoms to cybercriminals in order to buy back ownership of their data. But this can leave them open to further risk of attack.

Gerasim Hovhannisyan, CEO and co-founder of EasyDMARC, believes it's wrong to pay up and that it's better to establish good defenses. We spoke to him to find out why.

After a decrease of eight percent in cyber extortion (Cy-X) victims in 2022, the data for the first quarter of this year shows the largest volumes to date.

The latest Cy-Xplorer 2023 report from Orange Cyberdefense shows businesses in 96 different countries were impacted by Cy-X in 2022. Since 2020 Orange Cyberdefense has recorded victims in over 70 percent of all countries worldwide.

Just 25 percent of IT professionals are following industry best practices for backing up data, according to a new study from hardware-encrypted storage maker Apricorn.

The survey details data backup, encryption and resiliency protocols for over 250 IT professionals in the United States and Canada over the last 12 months. It finds that while 93 percent of respondents say that they factor in data backups as part of their cyber security strategy, only one in four follow the 3-2-1 rule, in which they keep three copies of data, on two different formats, one of which is stored off-site and encrypted.

Law firms store some of the most sensitive information available regarding material business transactions, intellectual property and personal data.

But a new study from the International Legal Technology Association (ILTA) and Conversant Group, reveals a disconnect between legal firms' IT and best practice cybersecurity.

A new report uncovers a worrying 25 percent increase in the total number of new vulnerabilities published in 2022.

The latest Vulnerability and Threat Trends Report from the Skybox Security Research Lab shows 25,096 new vulnerabilities published last year, representing the largest year-on-year rise seen since 2017.

Following on from its adding passkey support to Chrome and Android at the end of last year, Google is continuing to rollout the technology across all its platforms.

The company is now bringing passkeys to Google Workspace. Passkeys offer a convenient and secure passwordless authentication experience across websites and apps, allowing users to sign in with a fingerprint, face recognition, or other screen-lock mechanism across phones, laptops, or desktops.

New research from asset visibility and security company Armis shows threat intelligence has become a top priority, yet organizations don't have a clear view of their networks.

The study of 400 IT professionals across the UK shows the top challenges they faced in the last six months as: keeping up with threat intelligence, compliance with cybersecurity regulations and frameworks, staffing and recruitment, an ever expanding attack surface, and visibility into all assets connected to the network.

Last month broke ransomware records -- and not in a good way. The latest report from Blackfog shows 66 publicly disclosed ransomware attacks, the highest recorded since the company began reporting in January 2020.

More concerning still is a significant uptick in the attack success rate, with a 154 percent increase over 2022.

The Great Resignation and tech layoffs have pushed staff turnover to an all-time high. And with every personnel change, years of institutional knowledge are lost in the transition. That information can be critically important for security executives, like CISOs, who must be the ultimate stewards of organizational security across an ever-changing attack surface.

Organizational environments today are increasingly complex and constantly evolving, making it challenging to understand exactly what is at risk at any given moment. For CISOs joining an organization, it is vital to understand exactly what is on their environment to effectively secure it.