Researchers at Barracuda have found that smaller companies tend to receive a higher rate of phishing attacks spread across the organization, according to a report looking at the phishing attack surfaces of companies of different sizes. This is likely due to the smaller number of potential targets and the higher level of access possessed by each employee.

New analysis of Q2 2024 cyber attacks shows the number of attacks experienced weekly by organizations globally is on the rise. Each quarter, Check Point Research puts out a quarterly report covering what cyber attack activity they’re seeing globally. Their latest report covering Q2 of 2024 highlights an unexpected rise in overall attack numbers.

Analysis of current phishing attacks by security researchers have uncovered an increase in the use of trusted shortlink services. To be successful, phishing scammers need to establish legitimacy as much and as early as possible. Brand impersonation within an email has long been one method, but to establish legitimacy to security solutions, scammers have had to do more than just have a look-alike domain.

We are excited to announce that KnowBe4 has been named a leader in the Summer 2024 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) for the PhishER platform for the 13th consecutive quarter! The latest G2 Grid Report compares Security Orchestration, Automation, and Response (SOAR) Software vendors based on user reviews, customer satisfaction, popularity and market presence. Based on 305 G2 customer reviews, KnowBe4’s PhishER platform is the top ranked SOAR software.

We are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares security awareness training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence. Have you ever wanted to peek behind the curtain of Security Awareness Training (SAT) platforms and see which one truly stands out? Well, you don't need to wonder anymore.

New data shows that cyber attacks have resulted in double the number of data breaches in 2024 than throughout all of 2023. After a data breach, there are two common impacts– an organization with disrupted operations and customer victims. We tend to focus only on the duration it takes for an organization to regain normal operations, but the total number of victims from a data breach can take years to tally.

In the ever-evolving world of cybercrime, ransomware attacks continue to be a lucrative business for cybercriminals. The latest development comes from the Dark Angels ransomware group, who have reportedly secured a staggering $75 million ransom payment from an undisclosed victim. This eye-watering sum shatters the previous record of $40 million paid by insurance giant CNA Financial in 2021, setting a new and alarming benchmark in the ransomware landscape.

New data on how the threat of AI in cyber crime is being seen as a growing risk provides insight into how organizations are shifting from reaction to prevention. According to endpoint security vendor Deep Instinct’s Voice of SecOps report, 97% of organizations are concerned they will suffer a security incident as a result of adversarial AI. The advent of new malicious LLM-based AI platforms are allowing cybercriminals to get their hands on sophisticated tech and create convincing deepfakes.

Organizations are falling victim to ransomware attacks where data is stolen, but the victim isn’t being told about it. I have a theory as to why this is happening. Many assume data is being exfiltrated as part of a ransomware attack and it’s going to be used as part of the extortion component of the attack. But according to Arctic Wolf’s The State of Cybersecurity: 2024 Trends Report, that doesn’t seem to be the case.

Organizations need to be aware of the threat posed by QR code phishing (quishing), according to researchers at Trend Micro. “Phishing emails continue to be the number one attack vector for organizations,” the researchers write. “A QR code phishing, or quishing attack, is a modern social engineering cyber attack technique manipulating users into giving away personal and financial information or downloading malware.