New regulations are already keeping IT professionals on their toes in 2023. One monumental change for California residents and businesses is the California Privacy Rights Act (CPRA). The legislation came into force on January 1, 2023. Legislators drafted the new rules to empower consumers and close gaps in the California Consumer Privacy Act (CCPA). The CPRA gives customers more control over...

A lot of ink over the years has gone into comparing the most common generations within the workplace—and for a good reason. Generations are a great way to compare and study variations in broad subjects like the importance of job security, working habits, and technology usage. These generalizations have been crucial data for many important workplace improvements, including cyber security awareness...

There’s no way to measure your security awareness program’s success unless you identify the behaviors you want to address and develop a clear, actionable strategy. However, many cyber security leaders struggle to create a framework to quantify the success of their security awareness training. As a result, their organizations rely on intuition rather than clearly defined objectives and supporting...

It’s upsetting when bad actors turn the good things in life against us. We use social media daily to celebrate, learn, keep in touch, fall in love, and buy things that satisfy our needs and wants. Unfortunately, hackers exploit that information to execute phishing attacks. Social media platforms did not only experience more attacks in 2022, but it’s also become the fastest-growing attack surface....

Everyone wants to look good in front of their boss. Which is exactly why an urgent email from the CEO of your company is guaranteed to catch your attention. You’re more likely to act on the request immediately without questioning the details. But what if that email didn’t come from your boss? All it takes is one savvy email that encourages an employee to act on behalf of their team leader. For...

Phishing attacks work because people don’t know what phishing looks like. These examples of phishing emails emphasize how easy it is to be tricked.

The education sector experienced a "record-breaking" year of cyber attacks in 2020. In case you'd been sleeping under a rock, there was a global pandemic that drove up the need for virtual setups. According to Microsoft, education is globally the sector most vulnerable to threats like malware, accounting for more than 6.8 million (over 63%) of total reported encounters in early 2022. It's not...

Hackers are targeting hundreds of thousands of Google users with fake Google Drive notifications and emails to try and trick them into visiting malicious websites.

Everyone wants to impress their boss, which is exactly what scammers rely on nowadays to carry out sophisticated phishing attacks called CEO fraud. Examples of CEO fraud are becoming increasingly common, with attackers regularly sending out phishing emails to an organization's employees and impersonating the top executive. This often comes with a demand at the end of the day that must be...

As much as we can say that cyber security measures are advancing, we can say the same about cyber criminals and their strategies. In 2022, ransomware attacks occurred every 11 seconds on average, at a global annual cost to businesses and governments of $20 billion US. Costs are rising in part due to the growing ransoms demanded from victims. While estimates of the average ransomware payout in...

Biometric authentication, such as face IDs, retina scans, and fingerprints, were introduced to our devices to increase security. At first, it felt like it was doing what it was meant to do. Plus, the convenience it brought with it was top-notch. I mean, accessing your smartphone with your thumb? Logging into your bank account using your face ID? Amazing. However, over the past few years,...

This financial sector’s reliance on computer systems and network has made it an attractive target for cyber attacks, now the biggest risk to the UK financial system. In its latest Financial Stability Report, the Bank of England (BoE) agrees that cyber threats may be prevalent in 2023. The BoE said that it is working to strengthen defenses against cyber attacks. The report identified three...

There is a sharp rise in cyber attacks targeting businesses and organizations across Australia. The nature of these attacks ranges from ransomware and phishing scams to distributed denial-of-service (DDoS) attacks, with some estimates suggesting that the number of cyber incidents could be as high as one million per year. The financial cost of these cyber attacks is immense, with businesses and...

Did you know that gift card scams are among the most popular cyber threats? The same things that make gift cards popular with consumers—convenience and ease of use—also make them attractive to scammers as a vehicle for fraud. Gift cards, also known as gift certificates or vouchers, have topped the list of reported fraud payment methods every year since 2018, according to the Federal Trade...

On November 1st, 2022, Dropbox became the victim of a cyber attack where source code repositories, as well as names and emails of their employees, were unauthorizedly accessed. It is not yet clear how the unauthorized access took place, but Dropbox has said that they are investigating the matter. The company is urging all users to change their passwords as a precautionary measure. This breach...

On September 15, the Hive ransomware group claimed to have launched an attack against Bell Technology Solutions on August 20, 2022. The compromised information contained approximately 1.9 million active email addresses, 1,700 names, and active phone numbers. Bell Technology Solutions is a subsidiary of Bell Canada, a leading communications company and communications provider for over 140 years....

The secret of any good security awareness training program is teaching your employees how to mitigate the threats they’re most likely to encounter in the workplace. To do this, you need to choose your security awareness training topics carefully. No two organizations have the same infrastructure, vulnerabilities, or user access policies to sensitive data, so there’s no one-size-fits-all training...