In an age when 70% - 90% of successful data breaches involve social engineering (which gets past all other defenses), sufficient training is needed to best reduce human-side cybersecurity risk. Everyone should be trained in how to recognize social engineering attempts, how to mitigate (i.e., delete, ignore, etc.) them, and how to appropriately report them if in a business scenario. The amount of time an organization should devote to security awareness training (SAT) is still up for debate.

The threat group "RA World" (formerly RA Group) has shifted from country-specific ransomware attacks to include specific industries via a new - not previously seen - method of extortion. I don’t like it when I hear about ransomware groups growing, but that's the case in TrendMicro’s new analysis of RA World ransomware. What was once through to be a smaller operation focused on attacks targeting organizations in South Korea and the U.S.

The following paragraphs were cited directly from my recent article highlighting social engineering. "Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close. This is not a recent development. Social engineering has been the number one type of attack since the beginning of networked computers. Despite this long-time fact, most organizations do not spend 3% of their IT/IT Security budget to fight it.

This is the second in a series of four posts about shadow IT, including how and why teams use unapproved apps and devices, and approaches for securely managing it. For a complete overview of the topics discussed in this series, download Managing the unmanageable: How shadow IT exists across every team – and how to wrangle it.

Many of us need to access the Internet on the go, and our phones or tablets are great ways to stay connected wherever we are. However, when connecting online, you may be tempted to connect to a public Wi-Fi hotspot for ease of use and to save your mobile data. While there are measures you can take to secure your connection, these spots are a popular target for hackers to carry out network attacks.

Discover how security automation is redefining proactive defense and operational efficiency in the face of rising cyber threats.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! What the!? Had I seen this several years ago I would understand, but now? From a bank????

In my previous blog post, I talked about the eighth use case from the list of nine things you cannot implement using basic Kubernetes network policy — the ability to log network security events. In this final blog post of the series, we’ll be focusing on one last use case: the ability to explicitly deny policies.

Read also: E-Root Marketplace admin sentenced, an IT-contractor jailed for cyber fraud, and more.

As humans, we tend to trust the people around us in most situations simply by default. We usually don’t assume that the cook in a restaurant will poison our food or that the pharmacist will intentionally swap our medications, and for good reason. One of humanity’s superpowers, which allows all civilization to function, is cooperation. Being suspicious of everyone around you isn’t only exhausting, but it grinds society to a halt.