10.93 million dollars USD. That’s the average cost of a healthcare breach in the U.S. It’s an alarming number that’s only continued to climb, increasing by over 53% in the past three years, according to IBM’s 2023 Cost of a Data Breach Report. In fact, the healthcare industry has had the highest average cost of a breach for 13 years running. It’s not just the costs that are climbing, either.

Identity Management Day occurs on the second Tuesday of April, April 9 this year. It was established by the Identity Defined Security Alliance in 2021 in collaboration with the National Cybersecurity Alliance. Its primary aim is to heighten awareness about the risks associated with the lax or incorrect handling of digital identities. Effective identity management practices help prevent identity theft, fraud, and data breaches, which can have devastating consequences for both individuals and organizations.

Now more than ever, the specter of cyber threats looms large over organizations of all sizes and sectors. The consequences of a data breach stemming from just one vulnerability can be catastrophic, ranging from financial losses to irreparable reputational damage. As businesses strive to reinforce their defenses against these evolving threats, the need for a reliable and predictive cybersecurity risk assessment tool has never been greater.

A new PhaaS service brings the power of bypassing multi-factor authentication (MFA) to the world’s most-used email platforms. At its core, Tycoon 2FA isn’t doing anything new. It uses a reverse proxy server to host a phishing web page that impersonates the legitimate email platform in question. Then it intercepts the victim's input and relays them to the legitimate service. But it’s how this platform does it that is sophisticated.

I have been in the cybersecurity industry for over 35 years and I am the author of 14 books and over 1,400 articles on cybersecurity. I regularly speak with thousands of cybersecurity practitioners each year. Nearly every day, I see (good) cybersecurity advice, but some of it is just a bit shy of what is needed…such as “Use MFA!”. That is good advice, but is not specific enough. It does not give enough detail. There is a slight adjustment needed to get the most benefit.

Who’s responsible for regulating technological change in a democracy?

Each year, our "Open Source Security and Risk Analysis” (OSSRA) report highlights the fact that open source software (OSS) plays a critical and substantial role in modern application development, and it is therefore foundational to the software supply chain. The prevalence of OSS within commercial applications makes it difficult to track, and that makes it difficult to manage the risk that it may introduce.

In cybersecurity as in sports, teamwork makes the dream work. In a world where security analysts can feel constantly bombarded by threat actors, banding together to share information and strategies is increasingly important. Over the last few years, security operations center (SOC) analysts started sharing open source Sigma rules to create and share detections that help them level the playing field.