Small businesses are more vulnerable to cyber-attacks since hackers view them as easy victims to target. While this may seem unlikely, statistics reveal that more than half of these businesses experienced some form of cyber-attack in 2022. It's also reported that state-sponsored threat actors are diversifying their tactics and shifting their focus toward smaller enterprises.

For years, KnowBe4 has been a long-time proponent of everyone using PHISHING-RESISTANT multi-factor authentication (MFA) whenever possible. Unfortunately, most MFA is as easily phishable, hackable, and bypassable as the passwords they were intended to replace. Even though KnowBe4 was an early proponent of phishing-resistant MFA, now most of the world is coming around, including NIST and CISA. Why Do I Need Training If I Am Already Using Phishing-Resistant MFA?

My analysis of this year’s newly-released Verizon Data Breach Investigations Report begins with ransomware findings that point back to users as a big problem. If you only read one report each year to give you an idea of what’s going on with cyber attacks, it’s Verizon’s Data Breach Investigations Report (DBIR). Each year, analysts sort through tens of thousands of data breach incidents (some successful, some not) and identify the attack patterns.

A Chinese-speaking phishing gang has expanded its targeting from the Asia-Pacific region to the Middle East, researchers at Group-IB have found. The gang, which the researchers call “PostalFurious,” impersonated a toll operator and a postal service in the Middle East.

A company’s employees, shareholders, senior management, and board of directors expect that company to conduct its business reliably, efficiently, and securely – especially its financial transactions. Internal controls are the mechanisms a company uses to assure that its business processes meet those expectations. And to keep that system of internal controls running smoothly year after year, you must identify the internal control weaknesses in those systems.

Scattered across the internet are jigsaw puzzle pieces containing your personal information. If reassembled by an attacker, these puzzle pieces could easily compromise your identity. Our returning guest today is Len Noe, CyberArk’s resident transhuman (a.k.a. cyborg), whose official titles these days are Technical Evangelist, White Hat Hacker and Biohacker.

The University of Rochester is a mid-sized school in New York State. It was founded in 1850 and has more than 12,000 students overall. The school maintains over 30,000 staff members overall and manages a large amount of data for all those individuals. Since data is largely digital today, the school is a major target for data breaches and identity theft. With breaches becoming so common today, it's not surprising the school suffered from a recent breach.

Enterprise software applications are sophisticated, incorporating various technologies and featuring complex integrations with third-party software applications and systems. Any security vulnerability in software components can bring severe consequences to the organization. That’s why it is critical to effectively manage application vulnerabilities. This article explores application vulnerability management, discussing its importance and best practices.

Patch management is the centralized control and automation of the patch deployment process — deploying patches — to multiple devices, operating systems, firmware, software and hardware endpoints in the IT network. But vulnerabilities are increasing at unseen rates. Over 65,000 new vulnerabilities in existing IT systems were discovered in 2022, which is a 21% increase from 2021. And that makes patch management all the more important.

Many, if not all, SOAR solutions in the market tout case management within their offerings. It’s a hard requirement for most analysts because it’s essential for their job. But those same analysts are burnt out and overwhelmed by high volumes of alerts, and they struggle to work through the near- endless backlog of tickets. When they look for alternatives, security teams are stuck between choosing good automation or good case management.