A global analysis of automated bot traffic across the internet finds that in 2022, almost half (47.4 percent) of all internet traffic came from bots, a 5.1 percent increase over the previous year. At the same time the proportion of human traffic (52.6 percent) decreased to its lowest level in eight years.

The report from Imperva shows the volume of bad bot traffic has grown for the fourth year in a row, presenting a significant risk for businesses. The level of activity in 2022 is the highest since Imperva produced its first Bad Bot Report in 2013.

The majority of cyberattacks are made possible by some degree of human error. Phishing emails and social engineering continue to dominate as the most common delivery systems for an attack.

We spoke to Mika Aalto, CEO and co-founder at Hoxhunt, about why a human-focused cyber-strategy is the key to success in combating attacks, about the initiatives that organizations can implement to establish this and how he expects human-related cyber-attacks to evolve.

Like any new innovation, the metaverse is currently at the center of a 'risk versus reward' debate. Unsurprisingly, the 3D virtual world has received a lot of attention, with McKinsey confirming that more than $120 billion was invested in building out metaverse technology and infrastructure in the first five months of 2022.

Promises of extraordinary use cases, from teaching virtualized university lectures to performing surgeries for patients in other countries -- not to mention the potential cost saving and accessibility benefits -- have garnered curiosity. But while it could be some time until we see mass adoption of the metaverse, the security community is already apprehensive of the evolving security risks.

A new survey from Delinea of over 2,000 IT security decision makers (ITSDMs) reveals that only 39 percent of respondents think their company's leadership has a sound understanding of cybersecurity's role as a business enabler.

In addition, over a third (36 percent) believe that it is considered important only in terms of compliance and regulatory demands, while 17 percent say it isn't seen as a business priority.

Analysis of exposed dark web assets from SpyCloud finds that the technology sector has the highest number of malware-infected employees and consumers, the highest number of exposed corporate credentials, and the most exposed malware cookie records.

In the analysis of the darknet exposure of employees of Fortune 1000 enterprises across 21 industry sectors, researchers uncovered 27.48 million pairs of credentials with corporate email addresses and plain text passwords, with over 223,000 exfiltrated by malware.

More than eight in 10 data breaches globally can be attributed to human error.

People are the weakest link in cybersecurity. And this weakness comes from a lack of awareness about our cyber risk and the behaviors that influence it. Many people see cybersecurity as an IT concern. In truth, cybersecurity concerns everyone. When our hospitals get infected with ransomware, we can’t receive care. When our organizations experience a cyberattack, we lose our jobs. Still, we tend to underestimate the importance of cybersecurity to our society and economy.

The first quarter of 2023 has seen a significant increase in cyberattacks looking to exploit trust in established tech brands like Microsoft and Adobe.

A new report from Avast also finds a 40 percent rise in the share of phishing and smishing attacks over the previous year. Overall, two out of three threats people encounter online now seek to use social engineering techniques, taking advantage of human weaknesses.

As another World Password Day rolls around there’s the inevitable debate about whether the days of the password at the front line of security are numbered.

In recent years it has seemed that reports of the password's death have been greatly exaggerated. But as Google extends its rollout of passkey technology it seems that passwords may finally have had their day.

Tomorrow is World Password Day but Google has chosen today to announce a major step towards ending the need for passwords, introducing support for passkeys across Google Accounts on all major platforms.

Back in December last year, passkey support was introduced to Chrome. Today's announcement means they can now be used across Google Services for a fully passwordless sign-in experience.

Last May, 21 percent of all HTML attachments scanned were malicious. Ten months on, that figure has more than doubled with 45.7 percent of scanned HTML files found to be malicious in March 2023.

This finding comes from the latest Threat Spotlight report from Barracuda Networks, which shows that not only is the overall volume of malicious HTML attachments increasing, they remain the file type most likely to be used for malicious purposes.

Remote and hybrid teams are increasingly adopting digital tools to get their jobs done. But while this strengthens productivity for workers it risks compromise to the business's security. In turn, this has exacerbated the need for additional layers of supervision and oversight.

Ungoverned connections leave businesses open to supply chain attacks, data breaches and more. We spoke to Astrix Security CEO and co-founder Alon Jackson to discuss these challenges and how to safely and securely manage the new digital workplace.

A study from Immersive Labs finds that while businesses have high confidence in their overall resilience, teams are insufficiently prepared for threats.

The study, carried out by Forrester, surveyed 316 global cybersecurity training strategy decision-makers in the UK, US, Canada, Germany, and Sweden, finds that 82 percent agree they could have mitigated some to all of the damage of their most significant cyber incident in the last year if they were better prepared.

The continuing rollout of 5G offers faster mobile networking which will pave the way for new apps and devices connecting to the internet and to corporate networks.

Liron Ben-Horin VP of systems engineering at OneLayer argues that this world of faster connections and more devices will need a new approach to security. We spoke to him to find out more.

Honeypots have been around for years and are a tried and tested cybersecurity mechanism. By creating a fake environment with attractive assets, organizations use honeypots to lure attackers into a trap where their actions can be studied and learned from to improve cybersecurity measures. Simultaneously, they are protecting the business’ real assets by preoccupying the attacker with the decoys.

However, honeypots have a narrow field of view as the only activity that they detect is those that target them directly. If an attacker gains access to a network, but not through the honeypot, the business would be none the wiser. It is, therefore, crucial to have more than one honeypot -- a honeynet -- to make it effective. Yet, honeypots are very time-consuming to apply as they need to be installed in networks and systems in data centers. It can take as long as an hour to install just one and it lacks any level of scalability.

Deepfake fraud is on the rise, with 37 percent of organizations experiencing voice fraud and 29 percent falling victim to deepfake videos, according to a survey by identity verification specialist Regula.

Fake biometric artifacts like deepfake voice or video are perceived as real threats by 80 percent of companies, with businesses in the USA most concerned, about 91 percent of organizations considering them to be a growing threat.