A new report from Red Canary finds 87 percent of respondents have been impacted by a security incident they were unable to detect and neutralize in the past year, resulting in data compromise, outages, fines, audit failures and reputational damage.

Based on a study of 700 cybersecurity leaders it finds 73 percent say their attack surface has widened in the past two years, by an average of 77 percent, with 64 percent admitting to having knowledge deficits around securing new technologies.

Continue reading →

To mark the start of this year's Cybersecurity Awareness Month, Dashlane has published its latest report into global password health which shows that although the share of reused passwords has dropped it remains worryingly high.

The share of password reuse remains between 40 and 50 percent across regions worldwide, putting individuals and companies at greater risk of account takeover.

Continue reading →

Businesses are increasingly adopting AI and large language models in search of greater efficiency and savings. But these tools also present risks when it comes to cybersecurity.

We spoke to Aqsa Taylor, director of product management at Gutsy, to learn more about these risks and what organizations can do to address them.

Continue reading →

A new report from IBM X-Force looks at the biggest risks enterprises are facing and highlights how attackers know that credentials are the keys to cloud environments, making them highly sought-after on dark web marketplaces.

Attackers are using phishing, keylogging, watering hole and brute force attacks to harvest credentials. Also dark web research highlights the popularity of infostealers, used to steal cloud platform and service-specific credentials.

Continue reading →

Compromised non-human identities have led to successful cyberattacks at that 66 percent of enterprises.

A new report from AppViewX, based on a survey of almost 370 IT, cybersecurity, and DevOps professionals by Enterprise Strategy Group (ESG), also shows 57 percent of the episodes where organizations suffered a successful attack tied to NHI compromises got the board of directors attention.

Continue reading →

A new report from Regula reveals that 49 percent of businesses globally have experienced deepfake scams involving either audio or video -- almost doubling the number of incidents since 2022.

The survey, of 575 business decision makers, shows a significant rise in the prevalence of video deepfakes, with a 20 percent increase in companies reporting incidents compared to 2022.

Continue reading →

A new report from OpenText finds that collaboration and coordination taking place between nation-states and cybercrime rings to target global supply chains and further geopolitical motives has become a signature trend in the threat landscape.

Russia has been seen to collaborate with malware-as-a-service gangs including Killnet, Lokibot, Ponyloader and Amadey, while China has entered into similar relationships with the Storm0558, Red Relay, and Volt Typhoon cybercrime rings, typically to support its geopolitical agenda in the South China Sea.

Continue reading →

Traditional processes for ensuring employees have the right levels of access to systems have come under strain and become harder to manage because of the spread of cloud-based software.

A new AI-powered identity governance and administration (IGA) platform from Zilla Security aims to tackle the long-standing challenge of managing hundreds of roles or group membership rules to ensure organizations give users job-appropriate access.

Continue reading →

Cybercriminals are increasingly adopting a 'mobile-first' attack strategy to infiltrate enterprise systems by targeting weak, unsecured, and unmanaged mobile endpoints, recognizing mobile as a major entry point to corporate networks and sensitive data.

A new report from Zimperium zLabs shows a significant rise in mobile phishing -- or 'mishing' -- a technique that employs various tactics specifically designed to exploit vulnerabilities in mobile devices.

Continue reading →

According to a new survey, 84 percent of organizations in the enterprise sector spotted a cyberattack within the last 12 months, compared to only 65 percent in 2023.

The study from Netwrix shows the most common security incidents are phishing, user or admin account compromise, and ransomware or other malware attack.

Continue reading →

The rate of change in both technology and economic conditions can make it hard for CIOs to both innovate and satisfy the needs of the business.

We spoke to Ioan Iacob, founder and CEO of financial application specialist FlowX, to discuss the challenges of developing apps in the enterprise and how they can be addressed.

Continue reading →

A new report from SpyCloud finds that Ransomware is seen as the biggest cybersecurity threat across every industry, with 75 percent of organizations affected by ransomware more than once in the past 12 months -- a jump from 61 percent in 2023.

Based on a survey of 510 individuals in active cybersecurity roles within organizations in the US and the UK with at least 500 employees, the report shows some industries are more at risk than others, with insurance firms 6.3x more likely to experience a ransomware attack and healthcare 2.1x more likely.

Continue reading →

Nearly every organization today builds a lot of software, and the majority of that software is developed by cobbling together open source components. When using open source and trying a software composition analysis (SCA) scanner for the first time, it is not uncommon for those organizations to be surprised at what they learn about their open source usage. Many times it quickly comes to light that they have a large load of new and unplanned work to address in the form of security issues in dependencies. They need to fix these issues not just for the organization itself but also to stay compliant with certifications such as PCI or SOC2.

That’s when these organizations begin to experience the five stages of vulnerability management.

Continue reading →

A new report from data integrity company Precisely finds that despite 60 percent of organizations saying AI is a key influence on data programs, only 12 percent report that their data is of sufficient quality and accessible for effective AI implementation.

While 76 percent of enterprises say data-driven decision-making is a top goal for their data programs, 67 percent still don't completely trust the data they rely on for these decisions, up from 55 percent in 2023.

Continue reading →

Large language models (LLMs) in a business setting can create problems since there are many ways to go about fooling them or being fooled by them.

Simbian has developed a TrustedLLM model that uses multiple layers of security controls between the user and the GenAI models in order to create a safer solution.

Continue reading →