Seventy percent of organizations have prioritized investment in SaaS security, establishing dedicated SaaS security teams, despite economic uncertainty and workforce reductions. This was a key finding in the fourth Annual SaaS Security Survey Report: 2025 CISO Plans and Priorities released today by the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment.
Identity-related incidents continue to dominate today's headlines. Clorox, MGM and Caesars fell prey to social engineering, while 23andMe suffered a breach as a result of a hacking method called credential stuffing and UnitedHealth lacked multi-factor authentication (MFA). Although these companies made headlines due to the extent of the breach, today's study revealed that only 10% of respondents didn't have an identity-related incident in the last 12 months, consistent with last year's report.
Demand for cybersecurity talent continues to outpace supply despite growth in available education and training programs, according to new data from CyberSeek, the most comprehensive source of information on the U.S. cybersecurity workforce.
New data from the Federal Trade Commission shows that Best Buy/Geek Squad, Amazon, and PayPal are the companies people report scammers impersonate most often. A newly released data spotlight shows that consumers in 2023 submitted about 52,000 reports about scammers impersonating Best Buy or its Geek Squad tech support brand, followed by about 34,000 reports about scammers impersonating Amazon. PayPal was the third-most impersonated company with about 10,000 reports from consumers.
84% of the US' critical infrastructure organizations have identified the use of AI to drive cyber threats as a current security concern. This dramatic rise in concern about how cybercriminals use AI is revealed in new research by cybersecurity services firm Bridewell, surveying 519 staff responsible for cybersecurity in US critical infrastructure organizations, in sectors such as civil aviation, telecommunications, energy, transport, media, financial services and water supply
Maybe it’s a phishing attack—an innocent-looking email from a company leader or reputable company but generated by a malicious threat actor.
- By Perry Carpenter
- May 28, 2024
In today’s dynamic landscape, the evolution of the digital economy serves as a compelling catalyst for organizations to revamp their networks, facilitate remote work, enhance cloud connectivity, reinforce cybersecurity, and maximize productivity. In particular, the shift to cloud computing and remote work has increased the need for secure access for any user from any device and any cloud to network resources.
- By Pascal Menezes
- May 28, 2024
Proofpoint, Inc., a cybersecurity and compliance company recently released its annual Voice of the CISO report, which explores key challenges, expectations and priorities of chief information security officers (CISOs) worldwide.
A recent survey conducted by KPMG, the audit, tax, and advisory firm, reveals that despite a growing number of attacks and breaches, C-suite cyber leaders are optimistic about the effectiveness of their defenses. The survey also highlights the growing importance of artificial intelligence (AI) in the fight against cyber threats. According to the survey of 200 C-suite cyber leaders at companies with revenue of $1 billion and above, 40% reported that their company had suffered a recent cyberattack resulting in a security breach, with 38% experiencing one to three attacks.
To say that the Internet of Things (IoT) has become a part of everyday life would be a dramatic understatement. At this point, you would be hard-pressed to find an electronic device that is not connected to the internet.
Verizon Business recently released the findings of its 17th-annual Data Breach Investigations Report (DBIR), which analyzed a record-high 30,458 security incidents and 10,626 confirmed breaches in 2023—a two-fold increase over 2022.
Cybersixgill, the global cyber threat intelligence data provider, broke new ground today by introducing its Third-Party Intelligence module. The new module delivers vendor-specific cybersecurity and threat intelligence to organizations’ security teams, enabling them to continuously monitor and detect risks to their environment arising from third-party suppliers and take preemptive action before an attack executes.
Metomic recently released its “2024 CISO Survey: Insights from the Security Leaders Keeping Critical Business Data Safe.” Metomic surveyed more than 400 Chief Information Security Officers (CISOs) from the U.S. and UK to gain deeper insights on the state of data security. The report includes survey findings on various cybersecurity issues, including security leaders’ top priorities and challenges, SaaS app usage across their organization, and biggest concerns with implementing generative AI solutions.
GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals.
According to a new study from four computer scientists at the University of Illinois Urbana-Champaign, OpenAI’s paid chatbot, GPT-4, is capable of autonomously exploiting zero-day vulnerabilities without any human assistance.
- By Brent Dirks
- Apr 23, 2024
Axis Communications announces plans to expand the number of network physical security products certified to FIPS 140 under the Federal Information Processing Standards. This move will improve the cybersecurity postures of Axis customers that must meet the FIPS 140 certification, specifically in the government and critical infrastructure sectors.
i-PRO Co., Ltd. (formerly Panasonic Security), a global leader in professional security solutions for surveillance and public safety, underscores the critical importance of ethical and responsible AI practices in the physical security domain.
Versa Networks, provider of in AI/ML-powered Unified Secure Access Service Edge (SASE), today announced that Versa Next Generation Firewall (NGFW) received a Recommended Rating, the highest rating given by CyberRatings.org. In the Q1 2024 Cloud Network Firewall comparative report, Versa achieved an overall security effectiveness score of 99.90% with the fastest Rated Throughput of any vendor. As a result of CyberRatings’ rigorous testing of 11 cloud network firewall vendors, Versa NGFW once again demonstrated superior performance, security effectiveness, and value.
Graylog, a provider of in SIEM, Enterprise Log Management and API Security, together with SOC Prime, provider of the foremost platform for collective cyber defense, today unveiled their strategic technology partnership. Now available in beta, this collaboration promises to redefine the effectiveness and efficiency around how businesses identify and mitigate cyber threats.
In December, genetic testing company 23andMe acknowledged a hack that led to the theft of nearly seven million customers’ data. As the New York Times reported, criminals obtained “ancestry trees, birth years and geographic locations.” This kind of digital theft may have felt personal to many of those impacted.
- By Christophe Van de Weyer
- Mar 28, 2024