For the fifth year in a row, we've been honored with the TrustRadius Tech Cares Award! This recognition is a testament to our unwavering commitment to corporate social responsibility (CSR) and the incredible efforts of our team. What makes this recognition so special is that it celebrates companies that go above and beyond in their CSR programs. At KnowBe4, we've always believed that our responsibility extends far beyond our products and services.

The pressure on security teams has never been greater. With an ever-evolving threat landscape, resource constraints, and now the rapid adoption of artificial intelligence (AI) technologies, Chief Information Security Officers (CISOs) are facing unprecedented challenges. This was one of the clear takeaways from our recent report CISO perspectives: separating the reality of AI from the hype, in which 53 CISOs shared their opinions and experiences of AI’s impact on their security operations.

At this developmental stage, it’s time to start trusting that all of the work you put into teaching kids about good online behavior will pay off.

In a never-ending effort to do their job and secure their environments, cybersecurity teams often bear the brunt of negative perceptions, labelled as the department of ‘No.’ “No” to admin privileges, “No” to personal devices, and “No” to connecting unapproved technologies. These repeated denials, although done with the best intentions, can stifle innovation and create frustration within organizations. This perception needs to change.

The National Institute of Standards and Technology (NIST) helps organizations implement best practices across their operations, including cybersecurity. In particular, NIST password guidelines outlines are considered the gold standard for solid password creation and management policies.

The latest CVE-2024-38077 Remote Code Execution vulnerability (RCE) and coined MadLicense has been rated as absolutely critical with a CVSS 3.1 score of 9.8. The Windows Remote Desktop Licensing (RDL) service has a vulnerability that enables network attacks with low complexity, affecting all versions of Windows Server from 2000 to 2025 (all Windows Servers).

Securing your API ecosystem is increasingly complex, leaving organizations unsure where to begin. Gartner's 2024 Market Guide for API Protection offers clear guidance: Understanding your API attack surface and prioritizing your security efforts is crucial. Once you have visibility into your API landscape, you can implement appropriate security measures to protect your APIs from abuse and access violations.

Whether you've experienced a security breach, are setting up new devices, or simply enhancing your current security practices, this guide provides a step-by-step walkthrough to help you get back online securely. We've got you covered, from setting up your phone and laptop to tweaking essential security settings and securing your apps.

No executive wants to be blindsided by risks that should have been reasonably anticipated, especially the CEO, CFO, and board members. In the CISO Desk Reference Guide, Gary Hayslip, Bill Bonney, and I wrote extensively about how CISOs play a critical role in contextualizing digital and cyber risks to the organization’s broader enterprise risk management practices.

On August 12, 2024, Ivanti announced a critical authentication bypass vulnerability in its Virtual Traffic Manager (vTM), identified as CVE-2024-7593. Ivanti Virtual Traffic Manager (vTM) is a software-based application delivery controller that manages traffic flow to ensure high performance, availability, and security for web applications.