In the world of IT, insider threats are on a steep upward trajectory. The cost of these threats - including negligent and malicious employees that may steal authorized users’ credentials, rose from $8.3 million in 2018 to $16.2 million in 2023. Insider threats towards physical infrastructures often bleed into the realm of cybersecurity; for instance, consider an unauthorized user breaching a physical data center and plugging in a laptop to download and steal sensitive digital information.
- By Craig Herman
- Jul 25, 2024
Computers around the world are beginning to come back online after a defective update to Windows machines from cybersecurity provider CrowdStrike Friday affected almost 9 million machines.
- By Brent Dirks
- Jul 22, 2024
Systems are starting to come back online after a global IT outage on Friday disrupted everything from airline operations to banks and 911 call centers.
- By Brent Dirks
- Jul 19, 2024
Attackers are increasingly targeting human-based vulnerabilities to infiltrate organizations. Humans have direct access to insider systems and data – any threat actor can easily phish users, steal their credentials and secure keys to the kingdom without having to fight advanced cybersecurity defenses. Studies show social engineering attacks and human errors are behind 68% of all breaches.
- By Stu Sjouwerman
- Jul 16, 2024
KnowBe4 recently released its International Healthcare Report. The report takes a closer look at the cybersecurity crisis currently experienced by the healthcare sector, in particular hospital groups, across the world.
Bugcrowd recently released its “Inside the Mind of a CISO” report, which surveyed hundreds of security leaders around the globe to uncover their perception on AI threats, their top priorities and evolving roles, and common myths directed towards the CISO. Among the findings, 1 in 3 respondents (33%) believed that at least half of companies are willing to sacrifice their customers’ long-term privacy or security to save money.
Cloudflare Inc, recently published its State of Application Security 2024 Report. Findings from this year's report reveal that security teams are struggling to keep pace with the risks posed by organizations’ dependency on modern applications—the technology that underpins all of today’s most used sites. The report underscores that the volume of threats stemming from issues in the software supply chain, increasing number of distributed denial of service (DDoS) attacks and malicious bots, often exceed the resources of dedicated application security teams.
Emerging technologies and evolving mission requirements are driving significant expansion of sensitive data at the edge. A growing portfolio of systems -- from PCs to unmanned vehicles, drones and IoT devices -- are collecting, processing, and storing sensitive data.
- By Peter R. Kelley
- Jun 27, 2024
Thales recently announced the release of the 2024 Thales Cloud Security Study, its annual assessment on the latest cloud security threats, trends and emerging risks based on a survey of nearly 3000 IT and security professionals across 18 countries in 37 industries. As the use of the cloud continues to be strategically vital to many organizations, cloud resources have become the biggest targets for cyber-attacks, with SaaS applications (31%), Cloud Storage (30%) and Cloud Management Infrastructure (26%) cited as the leading categories of attack. As a result, protecting cloud environments has risen as the top security priority ahead of all other security disciplines.
The US economy is facing a significant surge in online fraud, with nearly 90% of business leaders reporting it costs them up to 9% of their annual revenue. This is a key finding from the Veriff Fraud Industry Pulse Survey 2024, which surveyed hundreds of senior decision-makers and fraud leaders across various sectors in the US.
Seventy percent of organizations have prioritized investment in SaaS security, establishing dedicated SaaS security teams, despite economic uncertainty and workforce reductions. This was a key finding in the fourth Annual SaaS Security Survey Report: 2025 CISO Plans and Priorities released today by the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment.
Identity-related incidents continue to dominate today's headlines. Clorox, MGM and Caesars fell prey to social engineering, while 23andMe suffered a breach as a result of a hacking method called credential stuffing and UnitedHealth lacked multi-factor authentication (MFA). Although these companies made headlines due to the extent of the breach, today's study revealed that only 10% of respondents didn't have an identity-related incident in the last 12 months, consistent with last year's report.
Demand for cybersecurity talent continues to outpace supply despite growth in available education and training programs, according to new data from CyberSeek, the most comprehensive source of information on the U.S. cybersecurity workforce.
New data from the Federal Trade Commission shows that Best Buy/Geek Squad, Amazon, and PayPal are the companies people report scammers impersonate most often. A newly released data spotlight shows that consumers in 2023 submitted about 52,000 reports about scammers impersonating Best Buy or its Geek Squad tech support brand, followed by about 34,000 reports about scammers impersonating Amazon. PayPal was the third-most impersonated company with about 10,000 reports from consumers.
84% of the US' critical infrastructure organizations have identified the use of AI to drive cyber threats as a current security concern. This dramatic rise in concern about how cybercriminals use AI is revealed in new research by cybersecurity services firm Bridewell, surveying 519 staff responsible for cybersecurity in US critical infrastructure organizations, in sectors such as civil aviation, telecommunications, energy, transport, media, financial services and water supply
Maybe it’s a phishing attack—an innocent-looking email from a company leader or reputable company but generated by a malicious threat actor.
- By Perry Carpenter
- May 28, 2024
In today’s dynamic landscape, the evolution of the digital economy serves as a compelling catalyst for organizations to revamp their networks, facilitate remote work, enhance cloud connectivity, reinforce cybersecurity, and maximize productivity. In particular, the shift to cloud computing and remote work has increased the need for secure access for any user from any device and any cloud to network resources.
- By Pascal Menezes
- May 28, 2024
Proofpoint, Inc., a cybersecurity and compliance company recently released its annual Voice of the CISO report, which explores key challenges, expectations and priorities of chief information security officers (CISOs) worldwide.
A recent survey conducted by KPMG, the audit, tax, and advisory firm, reveals that despite a growing number of attacks and breaches, C-suite cyber leaders are optimistic about the effectiveness of their defenses. The survey also highlights the growing importance of artificial intelligence (AI) in the fight against cyber threats. According to the survey of 200 C-suite cyber leaders at companies with revenue of $1 billion and above, 40% reported that their company had suffered a recent cyberattack resulting in a security breach, with 38% experiencing one to three attacks.
To say that the Internet of Things (IoT) has become a part of everyday life would be a dramatic understatement. At this point, you would be hard-pressed to find an electronic device that is not connected to the internet.