When people hear "supply chain attack," their minds often go to headline-grabbing breaches. But while analysts, CISOs, and journalists dissect those incidents, a more tactical and persistent wave of attacks has been unfolding in parallel; one that's laser-focused on small businesses as the point of entry. This isn't collateral damage. It's by design.Cybercriminals aren't always trying to...

According to the NIS Directive, Member States should adopt a common set of baseline security requirements to ensure a minimum level of harmonized security measures across the EU and enhance the overall level of security of operators providing essential services (OES) and digital service providers (DSP). The NIS Directive sets three primary objectives:to improve the national information security...

The cyber workforce gap is one of the most pressing and persistent challenges facing the cybersecurity industry. In 2024, ISC2 found that the gap amounted to 4.8 million people globally, up 19% from the previous year. Both public and private sector organizations – including the UK’s NCSC and the SANS Institute – have introduced countless initiatives in an attempt to close the cyber workforce gap,...

Cyber incidents are always going to be present. Regardless of whether you’re working for a startup or a corporation, malicious software can target you and your business. This is why it’s important to work closely with cybersecurity incident response teams and have such protocols in place.The lifecycle of a cybersecurity incident starts way before it happens with good preparation. However, the...

Let’s face it: your inbox is a warzone. Email security is a constant battle between evolving threats and the defenses designed to stop them. Every day, attackers bombard user inboxes with increasingly sophisticated phishing attempts, malware, and social engineering attacks. So, how do we win the battle? It’s not as simple as slapping on a piece of software; it’s about implementing a multi-layered...

According to the 2024 State of Ransomware report by Sophos, there was a 500% increase in ransom bills in the last 12 months. Moreover, an analysis by Comparitech revealed 181 confirmed ransomware incidents targeting healthcare providers in 2024, with 25.6 million records compromised. Meanwhile, there were 42 more confirmed attacks on healthcare organizations not involved in direct care provision....

The FBI is set to report that ransomware was the most pervasive cybersecurity threat to US critical infrastructure during the year of 2024. As Reuters reports, complaints of ransomware attacks against critical sectors have jumped 9% over the previous year. The annual report from the FBI's Internet Crime Complaint Center (IC3) will reveal that the likes of manufacturing, healthcare, government...

Ransomware has evolved from a distant “I hope it doesn’t happen to us” threat to an insidious, worldwide crisis. Among the sectors most affected is manufacturing, which has found itself more and more in attackers’ crosshairs. Manufacturing has long viewed itself as immune to digital crime, but ransomware attackers have belied this belief. Industrial operations rely heavily on Industrial Internet...

New cybersecurity legislation is coming thick and fast. And for good reason: cyber threats are becoming more sophisticated, systems are becoming more connected, and geopolitical relationships are becoming more fraught. One of the most recent bipartisan legislations – the US Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 – is designed to modernize cybersecurity standards in...

Africa has made huge strides in digital transformation in the past few years. For example, over 160 million Africans gained broadband internet access between 2019 and 2022. As the continent embraces digitalization, cybersecurity is becoming an increasingly pressing concern. Recognizing the need for a coordinated approach to cybersecurity, Smart Africa recently launched the African Network of...

In July 2024, as the Republican National Committee (RNC) geared up for its national convention in Milwaukee, Chinese hackers infiltrated the RNC's email system. According to The Wall Street Journal, attackers maintained access for several months, trying to get their hands on intelligence on how the GOP planned to address Taiwan in its party platform. Microsoft alerted top party officials about...

Third parties have long been the hidden heroes of the payment card industry, providing specialized, streamlined support to merchants looking to host a website or spin up an app. But that convenience is not without a cost.According to PCI DSS 4.0 compliance standards, although merchants are free to use third parties, the responsibility for any incurred security liability will be all theirs. When a...

The healthcare industry is a prime target for cyberattacks due to the significant value of medical data and the critical nature of patient care. Unlike other sectors, healthcare organizations must balance cybersecurity with the need for immediate access to life-saving information. Ransomware attacks, in particular, have surged, with cybercriminals exploiting outdated systems, unpatched...

It’s been a pretty divisive few months in US politics. The Trump administration has made sweeping changes in almost all areas of policy, ranging from international relations to domestic regulations and everything in between. However, some areas of American politics aren’t so contentious; in fact, a few cybersecurity policies have received bipartisan support. The Cyber Conspiracy Modernization Act,...

As cyber threats evolve, so must the strategies and frameworks that protect the data and systems that are at the heart of national defense, intelligence, and security. At a time when cyber threats are becoming more sophisticated, the need to protect national security systems (NSS) has never been more critical. With this in mind, the Committee on National Security Systems (CNSS) was formed to...

As global privacy requirements evolve, many information security professionals are called upon to enhance or lead information privacy programs. While this transition may seem like a natural progression, I learned five important lessons when I moved from a focus on security and audit to the field of information privacy.What Constitutes PII? Understanding PII is essential to your team's success....

The energy sector has become a prime target for cyberattacks, with successful breaches posing severe risks to national security, economic stability, and public safety. Luckily, the industry is standing up and taking notice, with two-thirds of energy professionals (65%) now saying their leadership now sees cybersecurity as the greatest risk to their business. This was one of the findings from the...

For all the tremendous opportunities that the digitization of business operations has unlocked, there are also complex security and data privacy challenges that organizations have to navigate. In the interests of business privacy and security, legislation exists to hold organizations and policymakers to account. None are perhaps more influential and necessary than the EU’s General Data Protection...

Ransomware is no longer in its heyday. Evolving, AI-driven cybersecurity tools and global law enforcement efforts have seen to that. But that doesn’t mean ransomware is no longer a threat. In fact, in some ways, the danger is greater than ever. While ransomware attacks are less common than they used to be, the consequences of those that succeed are more severe. Earlier this year, the Ponemon...

Compliance is a “ticket to entry” for businesses today, and information security risk management (ISRM) makes sure organizations hang on to their ticket. In this blog, we’ll review how ISRM helps organizations not only get compliant but stay compliant.And how Tripwire makes that process automatic.Compliance is a Core Cost of Doing Business TodayWithout adhering to industry-standard data privacy...