In an economy where securing data can mean the difference between success and failure, implementing proven data exfiltration prevention strategies is more critical than ever. According to a study conducted by IBM, a data breach can cost global organizations an average of nearly $5 million per incident. In addition to the financial ramifications, data theft can lead to lower customer trust, a loss of future revenue, and even potential lawsuits.

The momentous rise of AI continues, and more and more customers are demanding concrete results from these early implementations. The time has come for tech companies to prove what AI can do beyond adding conversational chat agents to website sidebars. Fortunately, it’s easy to see how cloud data protection has already benefited from advancements in AI and ML. Headline-grabbing large-language models are also making protecting data in the cloud easier to manage across organizations. ‍

Thirty-four percent of state and local government entities were hit by ransomware in 2024, a new report from Sophos has found. While this is a decrease compared to the attack rate in 2023, the mean cost of recovery for these entities has more than doubled to $2.83 million. Seventy-two percent of ransom demands made to state and local government organizations in 2024 were for $1 million or more, with 37% of demands for $5 million or more.

As I sit in the 2024 Seattle Convene conference this week and listen to speaker after speaker talk about their successful security awareness training programs, one thing is perfectly clear. They all prefer carrots and fewer sticks. A question human risk managers frequently ask me is what role negative consequences should play in a successful security awareness training program?

Earlier this month, I was thrilled to join forces with the team at Dark Reading for a webinar on the future of AI in security operations. Titled CISO Perspectives: How to make AI an accelerator, not a blocker, the webinar allowed me to take a deep dive into the future role of AI in security with some of the most knowledgeable CISOs on the subject, Mandy Andress of Elastic and Matt Hillary of Drata.

Phishing is an email-borne malicious technique aimed at learning the sensitive credentials of users or spreading malware. This practice has been on the list of the top cyber threats to individuals and businesses for years. According to the latest Phishing Activity Trends Report by APWG, the total number of phishing attacks identified in Q1 2024 exceeded 963,000.

The healthcare industry's digital transformation has brought unprecedented advancements in patient care. However, it has also introduced new vulnerabilities that put sensitive patient data at risk. Cybersecurity is no longer an option but a critical component of delivering safe and effective care. Threat actors have no compunction about taking advantage of this increased threat surface.

The slow and steady progression of technology has transformed the way we work (and think about work) in so many exciting ways. The past few decades have opened new opportunities to create, automate, and manage just about everything that might exist within the IT ecosystem… but sometimes that progression creates complexity and conflict, as new technology solutions clash with existing standards and operations.

Although there is no way to stop receiving all spam calls, there are steps you can take to reduce the number of spam calls you receive. According to Truecaller’s 2024 report, Americans collectively receive an average of 2.5 billion spam and unwanted calls every month. While spam calls do not always have malicious intent, like hacking your phone or stealing your money, they can grow annoying since they are unwanted and persistent.

Supply chain resilience has never been more critical. Recent cyber outages have underscored a harsh reality—supply chains are vulnerable, and disruptions can have far-reaching impacts. But what does it mean to be supply chain resilient, especially in the context of cyber threats? In this post, we will explore lessons learned from recent cyber outages, offering actionable insights for enhancing supply chain resilience.