The healthcare sector in the United States has seen a continuous increase in both the frequency and cost of data breaches in the past decade. This is shown by a 61% rise in HIPAA violations from 2019 to 2020, resulting in penalties totaling $13 million for the sector. From 2020 to 2023, the average cost of a single healthcare data breach in the US rose nearly 30%, reaching a whopping $9.3 million.

Artificial Intelligence (AI) has evolved into a vital part of modern businesses. Its reliance on large amounts of data drives efficiency and innovation. However, the need for data security in AI systems has grown critical with this increasing dependence on AI. Sensitive data used in AI must be protected to avoid breaches and misuse. This post will explore critical threats to AI data security, discuss mitigation techniques, and present best practices to help organizations safeguard their AI systems.

If you run an online image search for “cyber hacker,” you’ll likely find countless pictures of shadowy, hooded figures hunched over a laptop. There’s just one problem with those search But here’s the catch: The image of a human hacker is in the minority these days.

Each year, we revisit our risk rating system to ensure it best reflects the needs of security practitioners safeguarding their organizations and supply chains. For our 2024 update, we’ve made two closely related changes: we’ve recategorized some of our existing findings to make an organization’s risk profile more understandable and recalibrated our scoring algorithm to more clearly illustrate the impact of specific risks.

The UK government’s Cyber Essentials certification aims to get the UK up to speed with consistent cybersecurity controls, establishing a higher level of cybersecurity and resilience across the UK.

The rapid expansion of the digital landscape adds increasing complexity to cybersecurity, especially for enterprises that could have up to 100,000 vendors in their supply chain. Addressing these challenges requires implementing an Attack Surface Management (ASM) strategy tailored to enterprise businesses' unique risk profiles. This post outlines the importance of ASM for enterprises and offers a strategy for ensuring its effective implementation.

The Snyk team is excited to announce that our FedRAMP sponsor, the Center for Medicare and Medicaid (CMS), has granted authorization (ATO), enabling their teams to leverage our public sector offering, Snyk for Government (SFG). This stage signifies that we are almost at the finish line of the FedRAMP process and points to our continued investment and support of public sector organizations in their application security efforts.

An important deadline is just around the corner for businesses that operate in the European Union (EU): By October 17, 2024, EU Member States must implement the NIS2 Directive into their national laws. Failure by critical infrastructure organizations to comply with additional cybersecurity obligations can result in consequences including financial penalties and reputational damage.

A recently addressed Windows MSHTML spoofing vulnerability, tracked as CVE-2024-43461, has been revealed to have been actively exploited in zero-day attacks by the Advanced Persistent Threat (APT) group, Void Banshee. Initially unmarked as exploited, Microsoft later updated its advisory to confirm that the vulnerability had been abused in attacks prior to its fix.