Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

KnowBe4

Security Awareness Is Dead. Long Live Security Awareness

Our actions determine outcomes, not our thoughts, our knowledge, or our intentions. Everyone working in cybersecurity knows that and is all too familiar with statistics like “more than 70% of cyber incidents are facilitated by human action” (in some reports, even up to 95%). Seemingly, security awareness is all about educating people about the dangers that be, but it does not cut to the chase of actually training people to do the right thing.

Exploring the DORA: Key Takeaways from the New EU Financial Sector Risk Regulation

When asked why he robbed banks, Willie Sutton, one of the first fugitives named to the U.S. FBI’s most wanted list, reportedly replied, “Because that’s where the money is.” As any infosec professional working for a financial institution can tell you, loads of cybercriminals will likely agree with that sentiment. Banks and similar organizations are no stranger to cyber threats.

[HEADS UP] If You're a LastPass User, You May be the Next Phishing Email Target

Cybercriminals are not holding back on LastPass users as a new phishing campaign has recently launched with the intent to steal your data. The first portion of the campaign is a phishing email that asks you to verify your personal information by clicking on a link. The messages launch in waves with several attempts to impersonate LastPass.

New Threat Actor Impersonates the Red Cross to Deliver Malware

Researchers at NSFOCUS are tracking a phishing campaign by a new threat actor called “AtlasCross” that’s impersonating the Red Cross in order to deliver malware. “NSFOCUS Security Labs validated the high-level threat attributes of AtlasCross in terms of development technology and attack strategy through an in-depth analysis of its attack metrics,” the researchers write.

Cyber Insurance Claims Increased by 12% in First Half of 2023, Attacks More Frequent and Severe Than Ever

The latest cyber claims report from Coalition, a digital risk insurance provider, finds a 12% increase in cyber insurance claims in the first half of 2023 over the second half of 2022, due to surging attack frequency and severity. No industry or company size is immune as the increase was seen across all organizations, however companies with $100 million in revenue saw the largest increase in number of claims (+20%), as well as staggering losses resulting from attacks (+72%).

Deepfakes: The Threat to Reality and How To Defend Against It

Deepfakes have emerged as a serious concern in the digital landscape, presenting a significant threat to truth and trust. While it can be fun to swap your face with the Mona Lisa, there are some significant concerns around how these can be used to deceive us. Let’s take a look at some of the methods used, and ways to spot red flags.

Practical Insights To Improve Security Awareness in Higher Education

I am a strong believer that understanding cybersecurity as part of an organization-wide process is of the utmost importance. Cybersecurity awareness professionals are critically aware that to improve the security posture of an organization, one must involve many stakeholders, e.g., management, HR, IT, legal and compliance. Higher education is making important strides in improving cybersecurity readiness, but much is yet to be done.

MFA Defenses Fall Victim to New Phishing-As-A-Service Offerings

ZeroFox warns that phishing-as-a-service (PhaaS) offerings are increasingly including features to bypass multi-factor authentication. “In 2023, ‘in-the-middle’ techniques are some of the most frequently-observed methods used to gain access to MFA-secured networks,” the researchers write. “They enable threat actors to intercept or bypass MFA protocols by stealing communications without the victim’s knowledge.