Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Redscan

New Kroll report reveals evolving use of insider threat and phishing techniques

In Q1 2024, Kroll observed SMS and voice-based tactics being used in phishing attacks, raising concern around the potential for deep fakes and AI technologies to further enhance the effectiveness of phishing attacks. Linked to this, one insider threat case investigated by Kroll in Q1 saw employee impersonation take place, another area in which AI-related technology could be especially impactful.

Overcoming cyber security alert fatigue

Relying on technology alone, however advanced, can be a critical error. While top end security technologies can provide part of the answer, the sheer number of alerts generated demands constant attention. Without the right resources to analyse and manage these outputs, critical alerts may end up being ignored – a constant thorn in the side of many organisations.

Top 5 cyber security threats in healthcare

From email compromise to malware, the healthcare sector is impacted not only by familiar and persistent challenges but also with newly emerging security threats. Drawing on insights from the recent Kroll report, The State of Cyber Defense: Diagnosing Cyber Threats in Healthcare, this article outlines the key threats affecting organisations such as hospitals, health trusts, GP practices and other healthcare bodies.

Cyber incident response: a guide for small businesses

Cyber incident response offers a structured approach to respond to, manage and mitigate security incidents in order to limit the potential disruption of attacks. In this blog, we discuss how small and medium-sized businesses (SMBs) are being impacted by cyber threats, what cyber incident response involves and the steps you can take to protect your business.

Healthcare cyber security insights revealed in new Kroll report

While the top concern for healthcare cybersecurity professionals is credential access, the Kroll Threat Intelligence team finds that the healthcare industry is consistently targeted by ransomware groups using a combination of valid credential theft and the exploitation of vulnerabilities. These and other insights are discussed in the new Kroll report, The State of Cyber Defense: Diagnosing Cyber Threats in Healthcare.

The secure email standard: safeguarding data in health and social care

To help secure sensitive data, emails that include health and care information sent to and from health and social care organisations are required to meet the Secure Email Standard (DCB1596). In this article, we discuss the standard, what it covers, and how to ensure your organisation fully meets its requirements.

New Kroll report highlights rise in use of external remote services for initial access

Q4 2023 presented a complex security landscape with a mix of both positive and negative trends On the one hand, activity associated with larger ransomware-as-a-service (RaaS) operations, such as LOCKBIT and BLACKCAT, declined due to the success of major takedown operations. However, negative patterns also continued, like the ongoing focus of threat actors on the professional services industry.

ChatGPT security risks: defending against chatbots

AI chatbots such as OpenAI’s ChatGPT, Anthropic’s Claude, Meta AI and Google Gemini have already demonstrated their transformative potential for businesses, but they also present novel security threats that organisations can’t afford to ignore. In this blog post, we dig deep into ChatGPT security, outline how chatbots are being used to execute low sophistication attacks, phishing campaigns and other malicious activity, and share some key recommendations to help safeguard your business.

Chatbot security risks continue to proliferate

While the rise of ChatGPT and other AI chatbots has been hailed as a business game-changer, it is increasingly being seen as a critical security issue. Previously, we outlined the challenges created by ChatGPT and other forms of AI. In this blog post, we look at the growing threat from AI-associated cyber-attacks and discuss new guidance from the National Institute of Standards and Technology (NIST).