Tl;dr: The Shadow IT report, conducted in late 2023, shows that 47% of companies allow employees to access their resources on unmanaged devices, authenticating via credentials alone.

Phishers are in the business of deception. They trick unsuspecting individuals into compromising sensitive data, potentially bringing an entire organization to its knees. Awareness training for employees is one of the most important tools a company can use in its anti-phishing strategy. However, it also has its downsides. Some of these flaws can, and should be fixed. Others leave no choice but to complement training with additional anti-phishing tools.

As organizations continue to look for consolidated platforms to address their security needs, an important shift has happened. Customers have discovered that traditional tools focusing exclusively on static risks (such as misconfigurations, policy/control failures, and network exposure) are not enough to address today’s dynamic cloud threats.

Technological advances in how we create and consume media have repeatedly transformed how election campaigns are fought: social media, TV and radio were all revolutions in their times.There have always been concerns about the impact these new technologies would have on democracy: the Milwaukee Journal worried following the first televised presidential debate, in 1960, that “American Presidential campaigning will never be the same again.” Perhaps they were right…

Elastic Security has exceptionally powerful capabilities that surpass those of smaller vendors Elastic Security has achieved remarkable results in the recent AV-Comparatives Business Security Test, ranking in the top five with other notable security vendors. Elastic Security was identified as being in the larger end of the market and offers exceptionally powerful tools with capabilities that surpass those of smaller packages.

You’ve worked tirelessly to build your business, carefully assembling a team you trust. However, even the most successful companies face an unsettling reality—the risk and the impact of employee fraud. Occupational fraud costs businesses up to 5% of annual revenue, with $3.1B lost to fraud in 2024. Here, we discuss practical strategies for detecting and preventing employee fraud. We look at various types of fraud, red flags to watch for, and prevention tactics to protect your business.

The cybersecurity threat landscape is constantly evolving, requiring organizations to regularly evaluate their security stack to ensure it not only offers the highest level of protection, but is operated by a firm with a long track record of developing, implementing, and properly maintaining the highest quality security tools.

As expected, threat actors are taking advantage of the global IT outage caused by a faulty CrowdStrike update last Friday, SC Media reports. We've been covering this story and it looks like the campaigns have only continued.

A new phishing scam is leveraging trusted aspects of ecommerce to make their scams look legitimate. Perception Point has spotted a new level of credibility used by phishing scammers in which fake payment pages include the use of legitimate support chat. Spoofed payment pages resembling marketplace, like Etsy and Upwork, ask business owners to “claim” payments for products or services sold.

In the world of government-adjacent security and compliance, there are many different terms and acronyms you’ll encounter for the processes you have to perform. Often, these terms are interrelated in a single process, so you tend to learn them in clusters. One such cluster includes STIGs, SRGs, SCAP, and CCIs. What are these, what do they mean, and what do you need to do to utilize them properly? Let’s answer the most commonly asked questions.