In today’s interconnected business landscape, outsourcing to third-party vendors and service providers is an effective method for most organizations to improve operational efficiency and lower financial costs. However, as businesses form third-party partnerships, they inherit potential risks and increase the complexity of their third-party ecosystem, as any one vendor can become an attack vector that cybercriminals exploit to pursue a data breach.

Cybercriminals never sleep, and their aim keeps getting better. According to new research from Abnormal Security, phishing attacks targeting organizations in Europe shot up by a staggering 112.4% between April 2023 and April 2024. Meanwhile, US organizations weren't spared either, with phishing attempts increasing by 91.5% over the same period. Phishing may be an old-school social engineering tactic, but it's no joke.

Need help with a task while you’re out of the office? Sharing your login details with a colleague can seem harmless. However, this seemingly innocent act can lead to unintended consequences, especially if you’re using the same credentials across multiple platforms. Imagine the implications if those shared credentials grant access to your company's network. That's why it's crucial to prioritise security over convenience, and prevent password sharing.

Maintaining an active social media presence can be a great way to improve brand visibility and generate leads, but it also opens the door to cybersecurity risks — from phishing scams and malware to identify theft and data breaches. If employees accidentally post confidential information or click dodgy links via corporate accounts, cybercriminals can launch malicious attacks that can cause lasting damage to your business (67% of data breaches result from human error).

I am excited to see Apple’s recent expansion of identity support in Apple Business Manager, their device and app lifecycle management tool for the enterprise. Simply put, it enables wider adoption of Managed Apple IDs by allowing organizations to use corporate email addresses as corporate Apple IDs, and integrate with a broader range of identity providers (IdPs) beyond Google Workspace and Microsoft Entra ID.

Security budgets naturally compete with other priorities for funding, and finance departments traditionally prioritize immediate financial gains over long-term investments. Cybersecurity, with its focus on prevention, is often seen as an element that’s ‘nice to have’ rather than a necessity. Especially when compared to tangible projects with quicker returns, cybersecurity initiatives can be left chronically underfunded. Where do we spend? And where are the attacks coming from?