In Praise of Bureaucracy – A New Era of Cyber Threats
Let’s face it: most of us dislike bureaucracy. The endless forms, the rigid processes, and the perceived complexity. “Why can’t things be simpler?” we often ask, blaming bureaucratic systems for complicating everything. However, sometimes—perhaps even often—bureaucracy has its merits. It provides logic, structure, and safeguards that are invaluable, particularly in today’s threat landscape. A New […]
Key Cyber Threats to Watch in 2025
As we look ahead to 2025, various predictions about the future of cyber threats have been circulating. To bring clarity, we leveraged Google’s notebookLLM to summarize key insights from multiple sources about what organizations should prepare for in the coming year and beyond. Here’s what you need to know: 1. AI-Driven Cyberattacks Artificial Intelligence (AI) […]
Verizon Survey Reveals Rising Security Risks from Mobile and IoT Devices
Verizon’s Latest Survey Highlights Rising Risks from Mobile and IoT Devices in Corporate Environments In a recently published survey conducted by Verizon, 600 security professionals responsible for information security across various organizations shared their insights on the evolving landscape of mobile and IoT (Internet of Things) device usage. The survey, carried out in April 2024 […]
6 Steps to Prevent Smishing Attacks
Imagine this scenario: You receive a seemingly innocent text message on your phone telling you to click on a link to claim a special offer. Without suspecting foul play, you comply, only to find out later that you’ve fallen victim to a smishing attack. Smishing (a combination of “SMS” and “phishing”) refers to the act […]
Your Employees are Already Using GenAI. How Will You Communicate the Security Risks?
Did you know that 75% of people are already using Generative AI (GenAI) at work? GenAI tools are defined as any artificial intelligence that can generate content such as text, images, videos, code, and other data using generative models, often in response to prompts. Examples include Open AI’s ChatGPT, GitHub’s Copilot, Claude, Dall-E, Gemini, and […]
The Hidden Economy of Vishing Attacks
The phishing landscape has evolved significantly in recent years, encompassing various types of attacks. Many companies have developed taxonomies to categorize different phishing attacks, similar to the taxonomy presented by BlueVoyant. This taxonomy outlines several types of phishing attacks, such as: Email Phishing: The classic phishing attack involves sending emails to different entities within an […]
Defending Against Persistent Phishing: A Real-World Case Study
One of the scariest acronyms in a CISO’s knowledge base is APT – Advanced Persistent Threat. This term refers to someone determined to harm you and can do so in sophisticated ways. A colleague once taught me that the real threat isn’t just the advanced tools of the adversary, but their persistence. This means the […]
Navigating Yesterday’s Battles: Insights from Cybersecurity Reports
We often find ourselves entrenched in yesterday’s battles, grappling with legacy systems, applying products launched last year, responding to attack methods from last year’s, aligning with regulations published 3 years ago, and so on. While we aim to anticipate and prepare for tomorrow’s challenges, the reality is that much of our focus remains on addressing […]
Phishing as a Service: A Headache for Security Professionals
In the landscape of cybersecurity threats, one adversary business module and implementation theme stand out as particularly concerning for security professionals: As a Service (as-a-Service). This clandestine industry, driven primarily by financial motives, has become increasingly sophisticated, posing significant challenges to organizations worldwide. One example of this phenomenon is ransomware as a service. Traditionally, phishing […]
Why Your Cyber Awareness Training May Not Yield the Results You Hoped For
Guest Blog Written by Ira Winkler Considered one of the world’s most influential security professionals, Ira Winkler, President of Secure Mentem & Expert on Technology and Information Security, talks about the right way to conduct cyber awareness training. Is ‘Awareness’ a sufficient goal for your organization? Perhaps one of the most significant flaws in security […]
Is Your Security Awareness Program Aggravating Your Employees?
Guest Blog Written by Ira Winkler Considered one of the world’s most influential security professionals, Ira Winkler, President of Secure Mentem & Expert on Technology and Information Security, shares a personal story and opinion regarding the state of security awareness training, and the key role automation plays in making it more effective. Every so often, […]
