The latest trend in cybercrime is that attackers don’t really focus on “hacking” in; they’re logging in. We see this now in the wild, driven by organized criminal groups like Scattered Spider and BlackCat, who’ve reemerged with a renewed focus on gaining access through Read More

Despite ransomware getting the lion’s share of the tech pub headlines, business email compromise (BEC) attacks are alive and well…and having a material impact. New data from Arctic Wolf’s 2024 State of Cybersecurity report shows that BEC attacks – whether attempted or successf Read More

New data covering cyber insurance claims through 2023 shows claims have increased while reaffirming what we already know: phishing and social engineering are the real problem. If you’ve read enough of my articles, you already know my view is a bit skewed towards the need for Read More

New data shows how the overwhelming majority of phishing attacks on financial institutions dwarf every other industry sector by as much as a factor of 30-to-1. It’s no secret that banks and other types of financial institutions hold all the money, so it should be no surprise Read More

The malware-less and seemingly benign nature of business email compromise emails, mixed with impersonation techniques, are difficult to spot as being malicious, making them even more dangerous. I’ve covered both the threat of business email compromise and response-based email Read More

New data on the state of email security shows that nearly every organization has been the target of a phishing attack as attacks increase in sophistication. While organizations are attempting to shore up their cybersecurity defenses, Mimecast’s State of Email Security report Read More

With nearly 280 million phishing emails detected by just one vendor and the increase in the number of unique emails, organizations have a lot to be worried about in 2023. I want to start with some context around this stat. This article is not about the number of phishing emails Read More

The Ohio Supreme Court ruled in favor of an insurance company, determining that its contract to cover any direct physical loss or damage to property did not encompass ransom payments made when a hacker illegally gained access to medical billing software company EMOI’s Read More

With ransomware attacks becoming more frequent, evasion getting more sophisticated, and ransoms increasing, new data shows organizations aren’t fighting for staff and budget. As ransomware attacks now reach downtime costs of over $160 billion, this prevalent attack is Read More

New quarterly data from the Anti-Phishing Working Group shows unprecedented phishing activity with increases in BEC, use of social media, vishing, and smishing. It’s never good when phishing attacks are moving, proverbially, “up and to the right.” But that’s exactly what we’re Read More

Fresh data on data breach costs from IBM show phishing, business email compromise, and stolen credentials take the longest to identify and contain. There are tangible repercussions of allowing your organization to succumb to a data breach that starts with phishing, social Read More

New analysis of threat activity for the first quarter of this year shows anyone with access to corporate email is now on the front lines of modern cyberattacks of all kinds. The key to a solid cyber defense is knowing your enemy. It’s one of the reasons I spend so much of the Read More

The FBI last week published a public service announcement updating its warnings about the continuing threat of business email compromise (BEC, also called CEO fraud). The problem has reached shocking proportions: between June of 2016 and December of 2021, the Bureau counted Read More

As ransomware costs increase, along with the effectiveness and use of extortions, smaller businesses are paying the price, according to new data from Webroot. Small businesses seem to be easy prey for ransomware gangs, according to Webroot’s just-released BrightCloud Threat Read More

A new report suggests that everything from endpoints, to passwords, to training, to security policies, to a lack of awareness is all contributing to a much higher risk of cyberattack. Employee cyber risk is a multifaceted issue that revolves a lot around cyber hygiene, according Read More