Research released by KnowBe4 shows that 75 percent of security professionals have witnessed employees displaying risky security behaviors at work and 62 percent admit to risky behavior themselves.

Top risky things that cybersecurity pros admit to include using entertainment or streaming services (33 percent), using GenAI within the organization (31 percent), sharing personal information (14 percent), using gaming or gambling websites at work (10 percent) and using adult entertainment websites (two percent).

Continue reading →

A new study from cloud-based risk management platform AuditBoard finds 78 percent of organizations are tracking AI as an emerging risk while simultaneously adopting the technology themselves.

The report, based on a survey of over 400 security professionals in the US, finds more than half of enterprises surveyed report using AI to improve efficiency and enhance their digital risk posture.

Continue reading →

Two-thirds of organizations responding to a new survey list cyber risk concerns as the most important drivers for implementing a zero-trust strategy.

A new report from the Entrust Cybersecurity Institute, based on research by the Ponemon Institute, shows the pattern is even more pronounced in the US, with 50 percent of organizations citing cyber breach risk and 29 percent reporting the expanding attack surface for a combined total of 79 percent.

Continue reading →

New analysis from MixMode.ai reveals the countries with the highest and lowest risk for cyber threats worldwide in 2024, with the US ranking 9th overall among countries with the lowest risk.

The analysis is based on a comprehensive dataset encompassing various indices, including the National Cyber Security Index, Cybersecurity Exposure Index, Global Cybersecurity Index, Cyber Resilience Index, and the Final Cyber Safety Score to give each of 70 countries a score out of 100.

Continue reading →

A new report finds that 85 percent of executives surveyed believe computing innovation is
increasing risk.

The report from LevelBlue also shows 74 percent think the opportunity of computing innovation outweighs the corresponding increase in cybersecurity risk -- making cyber resilience nearly impossible to achieve.

Continue reading →

Security vulnerabilities often lurk undetected within organizations, a consequence of gaps in traditional security assessments. These gaps can arise from missed systems during scans or the use of improper scanning techniques or technologies for specific systems.

To effectively manage risk, organizations need a comprehensive understanding of their security posture across the entire technology stack. This is where continuous risk assessment comes in -- it provides enhanced visibility, pinpointing vulnerabilities that periodic audits might miss and highlighting the limitations of traditional methods.

Continue reading →

Human factors, including lack of awareness, training and inconsistent policy adherence, are getting in the way of cybersecurity for smaller businesses.

A new survey of more than 600 business and IT security managers conducted by LastPass and survey research firm InnovateMR shows that cyberattacks targeting smaller organizations have increased significantly in recent years, as cyber criminals have learned these organizations are relatively easy targets.

Continue reading →

The critical national infrastructure that underpins the UK has undergone a tremendous amount of digital transformation in recent years. Areas like water treatment, energy and food production are still heavily reliant on operational technology (OT) systems that were often designed and implemented long before the digital revolution.

Digitizing these systems and connecting them to standard IT networks has allowed operators to boost efficiency and bring in practices like remote working and data collection that weren’t possible in an analogue environment.

Continue reading →

A new study from Barracuda Networks finds just 43 percent of organizations surveyed have confidence in their ability to address cyber risk, vulnerabilities, and attacks.

The findings also show that many organizations find it hard to implement company-wide security policies such as authentication measures and access controls. 49 percent of the smaller to mid-sized companies surveyed listed this as one of their top two governance challenges.

Continue reading →

In today's digital landscape, where data is omnipresent across various platforms and devices, maintaining efficient backup processes has become increasingly critical. Yet, despite the inherent risks, a surprising number of organizations continue to deploy their infrastructure without adequate backup measures in place.

According to a poll conducted among IT professionals, only a mere 25 percent of them adhere to industry best practices concerning data backup, creating potentially dangerous data gaps in production and employee risk management. Initially enticed by the allure of cost-saving, many companies overlook the necessity of investing in backup solutions, only to face dire consequences in the long run.

Continue reading →

According to a new study, 89 percent of cybersecurity professionals agree that their company's sensitive data is increasingly vulnerable to new AI technologies.

The study of 700 respondents across cybersecurity roles, conducted by Vanson Bourne for Code42, also finds that 87 percent are concerned their employees may inadvertently expose sensitive data to competitors by inputting it into GenAI. In addition 87 percent are concerned their employees are not following their GenAI policy.

Continue reading →

An overwhelming majority of global organizations admit they are ill-prepared to handle the steady increase in insider threat activity, according to new research conducted by Cybersecurity Insiders and announced today by Securonix.

While 76 percent of organizations have detected increased insider threat activity over the past five years, less than 30 percent believe they are equipped with the right tools to handle them.

Continue reading →

Today’s complicated threat landscape leaves security teams grappling with new challenges on a scale never seen. Threat actors are more organized and efficient, leveraging a vast ecosystem of tools and services that cater to experts and beginners alike. In early March, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory warning of the resurgence of Royal ransomware with new compromise and encryption tactics used to target specific industries, including critical infrastructure, healthcare and education.

Cyberattacks are only increasing and growing more destructive, targeting supply chains, third-party software, and operational technology (OT). Gartner predicts that by 2025, threat actors will weaponize OT environments successfully to cause human casualties. This is happening at a time of increased technology adoption led by accelerated digital transformation efforts, hybrid work and the Industrial Internet of Things (IoT) boom, leaving security teams to manage an evolving and growing attack surface and multiplying vulnerabilities.

Continue reading →

Without intending to be trite, there is a very important role that experience plays in the mitigation of risk. Experience comes into play when you are tasked with prioritizing risks. If you have zero experience in cybersecurity risk management, two critical vulnerabilities have equal weight and importance. But not all critical vulnerabilities can or will be weaponized and exploited. And not all critical vulnerabilities will result in a breach or security incident. This is the difference between a priori (independent from any experience) vs a posteriori (dependent on empirical evidence) vulnerability management.

To be effective at mitigating risk, we need to find ways to make intelligent use of experience in running infosec programs. We need to use not just our own experience, but also the experience of others. This is a form of collective resilience that is crucial to defending against nation states, organized crime and, like it or not, bored teenagers attacking and breaching companies just for the lulz like LAPSUS$. This piece aims to help identify some ways in which we can better prioritize our efforts.

Continue reading →

Transatlantic data flows underpin more than $7 trillion in cross-border trade and investment per year, according to the U.S. Department of Commerce. The recently announced EU-US Data Privacy Framework (TADPF), in place as of July 10 2023, is expected to further promote opportunity and economic fruitfulness on both sides of the Atlantic.

However, many are rightfully questioning the staying power of this latest version of the TADPF. Will it be third-time lucky or Groundhog Day all over again? Against this backdrop of uncertainty, many companies must evaluate their short- and long-term regulatory resilience.

Continue reading →