Hospitals, clinics and doctor practices have long fallen victim to cyberattacks and breaches kicked off with phishing emails. But with the advent of AI-augmented phishing, the lures are more convincing and could lead to even more scams targeting healthcare organizations, federal authorities warned.
While a significant number of attacks are not yet AI-driven, there's a noticeable shift in the creation of generative malware and lures for business email compromise, warned Ashan Willy, CEO at Proofpoint. LLMs are being used to create enticing lures in foreign languages to target broader audiences.
Many security awareness training programs fail because organizations don't understand the risks they face, said Culture AI's John Scott. He said a successful training program "will help people by making sure that it's targeting the behaviors that address the key risks for the organization."
ServiceNow wants to apply generative AI to its knowledge around how customer environments are configured to help organizations harden their digital attack surface. Security product leader Lou Fiorello said ServiceNow will use generative AI to leverage its presence across the entire enterprise.
Employees need technology that is easy to use and free of errors and that directs them to appropriate cybersecurity guidance when they have questions. Basically, they need technology that helps them to help themselves work more securely, said university professor Steve Furnell.
With social engineering attacks escalating, security organizations should embrace better cybersecurity awareness training to protect their organizations against insidious schemes, said Barry Coatsworth, director of risk, compliance and security at Guidehouse.
In a bid to revolutionize information security training and make it more engaging and memorable for employees, Ivan Milenkovic, group CISO at WebHelp, advises firms to adopt gamification and interactive content in corporate training to make it more accessible and memorable for employees.
A French conglomerate will buy Australia's largest publicly traded cybersecurity company to expand its cyber service delivery capability in the high-growth Oceania market. The Tesserent deal will help Thales to accelerate its development road map and boost its footprint in Australia and New Zealand.
Huntress has completed a Series C round to expand beyond the endpoint protection market and bring managed security to identity and cloud. Hackers are increasingly going after employee accounts at SMBs and using the compromised identity to move into other systems via SSO, CEO Kyle Hanslovan said.
Gamification in cybersecurity can bring great potential business value to many organizations, but security teams need to dispel some misconceptions. In the first place, it’s not a game that takes employees away from their jobs, said Joe Carson, chief security scientist and advisory CISO at Delinea.
With signs pointing to a global economic downturn, cybersecurity organizations are already thinking about managing budgets and doing more than less. Four CISOs share a wide range of belt-tightening tips, from putting the squeeze on your vendors and suppliers to training and hiring from within.
How effective are your cybersecurity awareness programs—and do your employees agree?
This central question was the cornerstone of this research project which assessed the efficacy of cybersecurity
awareness programs from both perspectives—the security professional
and the non-security employee.
Nation-state attackers are not just looking for major vulnerabilities to gain control of the enterprise. They are exploiting minor flaws to gain access and increase the severity of their attacks, says Matanda Doss, executive director of cybersecurity and technology controls at JPMorgan Chase.
Vista Equity Partners' specialization in enterprise software and bench of subject-matter experts should help KnowBe4 reach $1 billion in ARR, says CEO Stu Sjouwerman. The processes and tech stack that got KnowBe4 to $300 million in ARR today aren't necessarily what'll get the firm to $1 billion.