British legal professionals have seen a "significant surge" in data breaches, according to new research from NetDocuments, a firm that provides a cloud-based content management platform for the legal sector.The firm has described how it analysed data from the UK regulator the Information Commissioner's Office (ICO), and discovered that the number of data breaches in the country's legal sector had...

It’s been a tough year for the healthcare sector. Throughout 2024, cybercriminals have unleashed a barrage of attacks on a vast number of healthcare organizations - with disconcerting levels of success. FBI research revealed that healthcare is now the US’s most targeted industry.The attack on Change Healthcare, a United Health-owned health tech company, for example, disrupted operations at...

The Transportation Security Administration (TSA) has proposed new rules requiring those under its jurisdiction to follow specific cyber risk management (CRM) requirements, report cybersecurity incidents in a certain timeframe, and address physical security concerns.This is positive news for the transportation industry, as hundreds of attacks have been leveled against the sector. These attacks have...

Security Operations Center (SOC) analysts have it rough. Modern security tools generate an extraordinary number of alerts, attackers are more sophisticated than ever, and IT infrastructures are unprecedentedly complex. As a result, analysts are overwhelmed with workload and alerts, making it near-impossible to make intelligent, informed decisions. Fortunately, artificial intelligence (AI) is...

Remote work isn’t just a temporary trend anymore; it has become a permanent fixture. What began as a quick response during the pandemic has evolved into the new normal for businesses worldwide. In America, 20% of people now work from home.While this has its advantages (flexibility for workers and cost savings for businesses), it’s not without its complications, having cracked open a host of issues...

Enterprise networks frequently experience changes in endpoint devices, software, and files, which can introduce risk to the organization. To mitigate this, companies can implement foundational security controls like file integrity monitoring (FIM), which tracks changes to essential files and helps restore them if unauthorized. Additionally, organizations may use these controls to monitor for...

Organizations of all types must consider and prioritize cybersecurity in order to protect against a wide range of attacks and prevent potentially catastrophic consequences. With the evolution of the threat landscape and most businesses relying more and more on technological pillars for everyday operations, cyberattacks can have impacts that extend far beyond monetary losses. However, the financial...

A Divisive Veto: California Rejects AI Safety Bill SB 1047California Governor Gavin Newsom’s recent veto of SB 1047, a proposed AI safety bill, has sparked a hot debate on the balance between innovation and regulation in the artificial intelligence (AI) space. California has over a dozen AI related bills that have been signed although this bill sought to establish rigorous safety testing...

Imagine a seemingly minor misconfiguration in your cloud storage or an employee accidentally emailing a sensitive file to the wrong person. These incidents might seem trivial, but they can quickly snowball into a massive data breach, causing financial consequences. This scenario is a stark reminder of the importance of understanding and preventing data leaks.Data leaks are a threat to...

The rapid adoption of cloud technology in the past few years has transformed IT environments, enabling unprecedented opportunities for flexibility, scalability, and collaboration. However, this transformation has introduced a potentially dangerous level of complexity into these environments – recent research from PwC revealed that 75% of executives report too much complexity in their organizations...

When thinking about cybersecurity, we envision malicious actors working in dark basements, honing their tools to invent cunning new ways to breach our defenses. While this is a clear and present danger, it's also important to understand that another hazard is lurking much closer to home - the insider threat.These attacks have devastated entities in all sectors, with severe repercussions. These...

One of the hardest parts of managing an organization’s cybersecurity is patch management.Just as one patch cycle is completed, another set of patches are released. When compounded with the highly regulated energy industry, governed by the NERC CIP Standards, the task becomes even more daunting. Fortunately, Fortra’s Tripwire Enterprise (TE) can ease the process.Some of the specified requirements...

Cybersecurity is a vital concern for organisations, but many security strategies fall short: recent research shows that 44% of UK companies are lacking in basic cybersecurity skills. The consequences of poor security go far beyond the direct impacts of cyberattacks, and the benefits of effective security are numerous as well. Unfortunately, it can be extremely complicated and difficult to cover...

Web browsers and email clients are used to interact with external and internal assets. Both applications can be used as a point of entry within an organization. Users of these applications can be manipulated using social engineering attacks. A successful social engineering attack needs to convince users to interact with malicious content. A successful attack could give an attacker an entry point...

Cyber resilience is a constant topic of concern in technology and cybersecurity, as it approaches security from the standpoint of assuming that attacks are inevitable rather than solely attempting to prevent them. Layered cybersecurity is crucial to ensure comprehensive defense against a wide range of threats. Cyber resilience has long been a necessity for hardware and software components, but...

As cyber threats escalate in frequency and severity, IT and security teams face increased pressure to maintain transparency. With this in mind, the US Securities and Exchange Commission’s (SEC) Cyber Disclosure Rule, released on 26 July 2023, mandates timely and detailed public disclosures about cyber incidents.This rule places a heavy burden on chief information security officers (CISOs), chief...

Today's CISOs wear many hats. They are expected to be experts in technologies, negotiators, strategists, influencers, and a source of inspiration throughout the value chain. As cybersecurity threats evolve and grow, the role of the Chief Information Security Officer (CISO) is becoming even more critical.Cybersecurity Budgets are BoomingFortunately, unlike other tech leaders, CISOs have largely...

In recent years, organizations have learned how crucial penetration testing is for enhancing cyber resilience. However, traditional penetration testing is insufficient in today’s dynamic threat landscape. Recent trends highlight the need for a more continuous and proactive approach to security testing, and continuous penetration testing is set to record huge growth over the next few years, both...

Most modern organizations have complex IT infrastructures made up of various components like Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), public cloud, and sometimes hybrid environments. While these infrastructures bring significant benefits, including improved scalability, flexibility, and cost savings, increasing complexity has made it...

Business email compromise (BEC) is a sophisticated type of phishing that uses social engineering and deception to obtain access to sensitive accounts, networks, and data. In these attacks, bad actors pose as organization executives to request funds transfers from other members of the organization. Playing on the trust that employees place in executives, this scam demands that the attacker gather...