Web browsers and email clients are used to interact with external and internal assets. Both applications can be used as a point of entry within an organization. Users of these applications can be manipulated using social engineering attacks. A successful social engineering attack needs to convince users to interact with malicious content. A successful attack could give an attacker an entry point within an organization. CIS Control 9 provides several safeguards to ensure the safety of external information.

As we look ahead to 2025, the cybersecurity landscape is poised for significant shifts and challenges. Here are some key predictions that I believe will take place or start to happen in the coming year.

I have spent many years, perhaps too many, working in the world of IT and information security. I can’t complain, I have to say, it has been rewarding. And I have noticed in recent years that there has been a considerable shift in how cybersecurity is perceived within organizations, with this function gaining greater importance and relevance. The personal influence of the CISO has been improving lately, both in terms of attitude and perception.

Malicious files continue to be a significant threat to organizations; SonicWall reported more than six billion malware attacks in 2023. To help organizations prepare for and stay ahead of these threats, we’re introducing an integration with YARA that offers a deeper level of inspection for files across enterprise networks while helping security teams consolidate their toolset in the process.

In a time when 94% of companies have experienced an identity-related breach, many CISOs feel the urgency to strengthen identity and access management (IAM) across their organizations. In fact, a recent survey of CISOs found that identity is the top focus area going into 2025. However, communicating IAM’s value to the board remains a challenge—it isn’t enough for these security leaders to craft effective IAM strategies—they must also secure their board’s support.

In a guest blog post, Trace3's Advisory CISO Michael Farnum introduces a new whitepaper from the team at Trace3 and Tines. In 25+ years of helping organizations build robust cybersecurity programs, I’ve seen firsthand how high the stakes are in the energy sector. As an energy sector professional, you’re likely facing increasing pressure to maintain operational efficiency while safeguarding against ever-evolving security threats.

The evolution of the professional work environment and digital transformation continues to challenge the boundaries of traditional workforce management systems and practices. With 28% of workers worldwide working from home at least one day a week, gaining visibility into the digital behavior of the workforce is paramount to effective and secure management.

Rockstar 2FA targets M365 users, threat actors deploy new RevC2and Venom Loader malware, and SmokeLoader malware reappears after a decline.

Security advice for brand new devices this holiday season.

MacOS, often regarded for its robust security measures, has increasingly become a target for sophisticated cyber threats. Among the latest examples is Banshee Stealer, a malware engineered to compromise macOS systems by extracting sensitive user information. Developed by Russian cybercriminals and offered at a premium subscription fee of $3,000 per month, this malware underscores the growing attention of threat actors toward macOS platforms.