Thanks to social media, online publications, and 24-hour news channels, we’ve never been more hooked into the news cycle. Whether you want to see them or not, the headlines are never far from your eyes and ears. Cybercriminals can weaponize this to their advantage and tailor their phishing attacks to coincide with topical news stories.

The last 24 months has seen a steady stream of media attention relating to attacks on the supply chain. The impact is real, as is the cost. We have watched both big name security like SolarWinds and open source such as log4js serve as targets with devastating effects. Quite often the methods used have anecdotally relied on technical means and to a lesser degree social engineering.

Our threat intelligence have shared several threats they’ve uncovered through monitoring our B2B platform, in our recent report: Keeping pace with emerging threats: Summer 2022 roundup. One of the standout threats to keep your users aware of is a rise in sextortion emails using fake threats to blackmail people into paying cryptocurrency ransoms.

The RSA Conference has been a key date on the IT security calendar for 31 years, billing itself as the place ‘where the world talks security’. After being forced into a virtual event last year due to the pandemic, RSAC was back live in 2022 for a face-to-face event at the Moscone Center in San Francisco. This year’s event welcomed around 26,000 attendees, over 600 speakers, and more than 400 exhibitors. So how did a face-to-face RSAC 2022 stack up after the virtual event in 2021?

Our threat intelligence recently shared several threats they’ve uncovered through monitoring our B2B platform, in our recent report: Keeping pace with emerging threats: Summer 2022 roundup. One of the standout threats to keep your users aware of is a group of phishing emails impersonating Ukrainian charitable appeals – specifically those requesting cryptocurrency donations.

Taking proactive measures is critical to any aspect of a strong cybersecurity strategy. And today, the need for a robust incident response plan has never been greater. As more and more companies embrace remote work, we see an influx of personal devices on the corporate network. As a result, the potential attack surface expands while endpoint visibility is significantly reduced.

It's natural for tension between the cybersecurity team and internal stakeholders to exist. As the administrator, you play a crucial role in ensuring the network's security, protecting against unauthorized access, and troubleshooting any access issues. But trying to keep people both secure and productive can be challenging. Ultimately, you want to protect critical data without making your colleagues' jobs more difficult.

According to a report published by the FBI Internet Crime Complaint Center (IC3), losses resulting from attacks against business emails are 64 times more damaging than ransomware when measured by dollar amount losses. Phishing and email data breaches can be particularly damaging in the health sector. Regulatory authorities and oversight bodies are incredibly stringent when enforcing compliance measures designed to protect sensitive medical and patient data.

2021 was a banner year for phishing attacks. According to our latest report, Fighting Phishing: The IT Leader's View, more than eight in ten organizations, or 84%, were hit by them last year. That's up from the 73% revealed in our previous report. Given stats like these, it's no wonder cyber threats now top the list of concerns reported to the Allianz Risk Barometer by business risk experts.

Looking to improve your organization’s cybersecurity intelligence? We’ve compiled eight ways to boost your internal capabilities and stay abreast of emerging threats.

In his book Secrets and Lies: Digital Security in a Networked World, cybersecurity expert Bruce Schneier wrote, “People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems.” That remains as true today as when the book was first published 22 years ago. It’s easy to understand why users often represent the weakest cybersecurity link within an organization.