While we all know email is a big target for attackers, it’s important to remember that email is not the only risk vector. As companies use more tools and features, the risks grow too. Email is just one piece of the puzzle, which is why it is crucial to consider a wide range of employee security behaviors to get a holistic view of your risks. By doing so, you can focus resources more efficiently.

Human Risk Management (HRM) is a vital part of cyber security. Even if you have technological safeguards in place, HRM plays a substantial role in your overall security stance. Here I highlight some of the employee cyber risks that often get overlooked and how we can better keep an eye on them in real time.

Continue reading →

While we all know email is a big target for attackers, it’s important to remember that email is not the only risk vector. As companies use more tools and features, the risks grow too. Email is just one piece of the puzzle, which is why it is crucial to consider a wide range of employee security behaviors to get a holistic view of your risks. By doing so, you can focus resources more efficiently.

Human Risk Management (HRM) is a vital part of cyber security. Even if you have technological safeguards in place, HRM plays a substantial role in your overall security stance. Here I highlight some of the employee cyber risks that often get overlooked and how we can better keep an eye on them in real time.

Continue reading →

We're all familiar with link shortening services, those handy tools that allow you to shrink URLs down to a manageable size to make them easier to share.

Of course in the past these have been used for nefarious purposes too, hiding the true nature of a link to get people to click on phishing or malware messages. Now though researchers at Infoblox have uncovered something even more sinister, the operation of a shady link shortening service made especially for cybercrime.

Continue reading →

It is very nearly Halloween and we are preparing ourselves to encounter a host of terrifying creatures and monsters, all who are patiently waiting to make their appearances this year. However, while those beings are terrifying in their own right, it's the monsters lurking in the  shadows of the digital world that seem to strike more fear.

Malicious actors and menacing threats feel ever present in the news. As the adoption of cloud and on-demand computing services increases, malicious actors are waiting to make their move when enterprises lose control of their data security. Enterprises and their leaders are kept awake wondering where their data is, who has access to it, how it is being used and whether it’s safe. This piece will explore how to mitigate some of the most scary monsters that are haunting organizations the holiday season and beyond.

Continue reading →

A new survey of over 300 cybersecurity professionals from SlashNext looks at cybercriminal behavior and activity on the Dark Web particularly as it relates to leveraging Generative AI tools and chatbots and finds a startling 1,265 percent increase in malicious phishing emails since the launch of ChatGPT in November 2022.

It also shows a 967 percent increase in credential phishing in particular and that 68 percent of all phishing emails are text-based Business Email Compromise (BEC) attacks.

Continue reading →

We've all heard about how AI is being used to improve cyberattacks, by creating better phishing emails for example, but does AI really have the same potential for being sneaky as humans?

New research from IBM X-Force has set out to answer the question, ‘Do the current Generative AI models have the same deceptive abilities as the human mind?’

Continue reading →

As QR codes have become popular, they're used for all kinds of things from mobile payments to access control and even document sharing. The problem is that they can also hide risks so it's no surprise that they're becoming a popular vehicle for phishing.

New analysis from Hoxhunt finds the use of QR codes in 22 percent of attacks on its 'global human risk network' in the first weeks of October 2023.

Continue reading →

In the third quarter of this year, phishing attacks soared by 173 percent compared with the previous three months, and malware was up 110 percent over the same period.

Email security company Vade has released its quarterly Phishing and Malware Report which shows Q3 2023's malware volumes almost set a record for the highest total of any quarter, trailing only Q4 2016's mark of 126.8 million.

Continue reading →

The latest biannual Cyber Threat Intelligence Report from Critical Start reveals the top 10 cyber threats, including a rise in phishing attacks using QR codes are on the rise with bad actors masquerading as Microsoft security notifications.

Since May this year a major campaign has seen emails with a QR code embedded inside a PNG image or a PDF attachment. This has been aimed across industries with the energy sector being hardest hit -- one US energy company received 29 percent of all emails in the campaign.

Continue reading →

A new survey of 205 IT security decision makers highlights mounting concerns over the use of AI, and deepfakes in particular, as 68 percent of respondents express concerns about cybercriminals using deepfakes to target their organisations.

The study from Integrity360 finds 59 percent also agree that AI is increasing the number of cyber attacks, which aligns with the change in attacks that have been noticeable over the past year as 'offensive AI' is being used for tasks such as malware creation.

Continue reading →

A new report into hidden threats from Ivanti finds that one in three employees believe their actions do not impact their organization's security.

The research also shows that Millennial and Gen Z office workers are more likely to have unsafe cybersecurity habits when compared to Gen X and older (those above 40 years of age).

Continue reading →

The latest Phishing Threat Trends Report from Egress, based on data from its Egress Defend email security tool, reveals that nearly three-quarters of AI detectors can't tell if a phishing email has been written by a chatbot.

Because they utilize large language models (LLMs), the accuracy of most detector tools increases with longer sample sizes, often requiring a minimum of 250 characters to work. With 44.9 percent of phishing emails not meeting the 250-character limit, and a further 26.5 percent falling below 500, currently AI detectors either won't work reliably or won't work at all on 71.4 percent of attacks.

Continue reading →

Senior executives are 60 percent more likely to click on malicious links than their employees, making them a vulnerable target for hackers, according to a new report.

However, data from SoSafe also reveals that senior managers are more likely to report a suspicious email (20 percent) than employees (eight percent) are, which shows that security awareness among top management is rising.

Continue reading →

Of over 200 IT security decision makers surveyed, data theft is cited as the biggest concern by 55 percent, followed by phishing (35 percent) with ransomware taking third place on 29 percent.

The study from Integrity360 shows that in terms of actual incidents phishing is the most common (46 percent), with data theft second on 27 percent. Ransomware, at only 15 percent, is ranked among the least common incidents being seen by businesses.

Continue reading →

Cyberattacks and data breaches come it many forms, but often at the root of them is a phishing scam.

Exploiting the fact that humans are the weakest link in the security chain, cybercriminals use phishing to trick employees into giving up credentials or other sensitive information that can be used to gain a foothold to carry out a later attack.

Continue reading →