cybersecurity

Kaspersky Ransomware Report for 2024

By / Blog / ,

Kaspersky's 2024 ransomware report reveals an 18% decrease in detections but an increased focus on targeted attacks. Ransomware-as-a-Service (RaaS) remains prevalent. Average ransom payments rose despite overall payments dropping by 35%. The report highlights a shift towards data exfiltration strategies alongside encryption. Major groups faced disruptions, yet new actors emerged, utilizing AI tools and custom toolkits. The report warns of evolving threats including Bring Your Own Vulnerable Driver (BYOVD) attacks. Recommendations stress proactive defense, incident response planning, and education against phishing to combat the changing ransomware landscape.

https://securelist.com/state-of-ransomware-in-2025/116475/

If You Work in Cyber, You Are the Problem, Says CISO

By / Blog /

CISO Greg van der Gaast asserts that cyber security professionals, obsessed with technology, are part of the problem. He argues they need to prioritize business protection over tech fixation, emphasizing that a focus on underlying issues rather than just risk management is crucial. Effective security requires a company-wide approach, not just reliance on tools or risk mitigation strategies.

https://www.computing.co.uk/event/2025/if-you-work-in-cyber-you-are-the-problem-says-ciso

Security Tools Alone Don’t Protect You — Control Effectiveness Does

By / Blog /

Security tools alone don't ensure safety; control effectiveness does. A report reveals that breaches often stem from misconfigured controls, not a lack of tools—organizations possess an average of 43, yet 61% faced breaches due to failure in these configurations. Effective cybersecurity now hinges on optimizing controls, embedding security into organizational practices, and fostering collaboration across teams. Continuous evaluation and adjustment of security measures are critical as threats evolve, emphasizing a shift from mere tool acquisition to proactive control management and resilience-building.

https://thehackernews.com/2025/05/security-tools-alone-dont-protect-you.html

Primary Mitigations to Reduce Cyber Threats to Operational Technology

By / Blog / ,

CISA and other agencies recommend key mitigations for critical infrastructure to reduce cyber threats targeting operational technology (OT) and industrial control systems (ICS):

  1. Remove OT connections to the internet.
  2. Change default passwords to strong, unique ones.
  3. Secure remote access with private network connections and strong authentication.
  4. Document and configure remote access solutions based on least privilege.
  5. Segment IT and OT networks.
  6. Maintain the capability to operate OT systems manually.

Organizations should collaborate with service providers to fix potential misconfigurations. Regular communication and established best practices are essential for enhancing cybersecurity posture.

https://www.cisa.gov/resources-tools/resources/primary-mitigations-reduce-cyber-threats-operational-technology

CIOs Pay Too Much for Not Enough IT Security

By / Blog /

CIOs face IT security challenges, overpaying for ineffective solutions as breaches increase. A survey reveals 90% experienced breaches; half feel they've overspent and underutilized security features. Complexity and inadequate tools hinder effectiveness. The industry shifts towards consolidated, integrated security to simplify procurement and enhance effectiveness, despite concerns over vendor lock-in.

https://www.ciodive.com/news/cios-pay-too-much-for-not-enough-it-security/747194/

Threat Intelligence Platform (TIP)

By / T /

TIP automates threat data collection, analysis, sharing. Enhances cybersecurity posture through real-time insights, integration with security tools, and collaboration among security teams. Enables proactive threat hunting, incident response, and reduced response time.

How CISOs Can Talk Cybersecurity so It Makes Sense to Executives

By / Blog /

CISOs must communicate cybersecurity to executives in business-relevant terms, focusing on risk, financial impact, and alignment with company goals. This involves translating cyber risks into monetary costs and potential business outcomes, avoiding technical jargon, and providing clear, concise updates. Building relationships with board members, particularly the CFO and legal chief, enhances the effectiveness of communication. CISOs should anticipate board questions and follow up with summaries post-meeting to maintain accountability and clarity.

https://www.helpnetsecurity.com/2025/05/05/ciso-talk-cybersecurity-executives/

Threat Intelligence Platforms

By / Blog /

CISOs are increasingly adopting Threat Intelligence Platforms (TIPs) by 2025 for proactive security, driven by growing cyber threats. TIPs now integrate AI for advanced data analysis, automation, and threat prediction. Key trends include converged security operations, geopolitical intelligence, ransomware defense, regulatory compliance automation, and human-centric threat modeling. Success hinges on cultural and operational transformation within organizations, emphasizing collaboration, continuous learning, and proactive risk management. TIPs are seen as a strategic asset, enhancing cybersecurity from a cost center to a competitive advantage.

https://cybersecuritynews.com/threat-intelligence-platforms/

Cyberattacks Highlight Urgent Need for Zero Trust Security

By / Blog / ,

Cyberattacks, like the disruption at Marks & Spencer, signal a crucial need for Zero Trust security as traditional password practices fail against evolving threats. Experts emphasize identity-focused cybersecurity, advocating for preemptive measures and multi-factor authentication. A trend toward identity-based attacks highlights the inadequacy of legacy defenses. Analysts stress the importance of AI-driven approaches for real-time threat detection and rapid response to minimize damage and restore trust. Organizations are urged to invest in integrated strategies to remain resilient against increasingly sophisticated cyber challenges.

https://securitybrief.co.uk/story/cyberattacks-highlight-urgent-need-for-zero-trust-security

Managing Shadow IT Risks

By / Blog /

CISOs face rising risks from shadow IT due to unauthorized technology use; 40% of employees utilize unsanctioned tools, linked to many security breaches. Prohibition can hinder innovation, so a balanced approach is needed. Strategies include deploying discovery tools, creating adaptive governance, conducting risk assessments, educating employees, and offering amnesty for reporting shadow IT. These methods convert threats into insights, promoting secure and agile technology use aligned with business goals, ultimately fostering a security-aware culture.

https://gbhackers.com/managing-shadow-it-risks/

Scroll to Top