The role of a Chief Information Security Officer (CISO) is critical in an interconnected business environment. A modern CISO will ensure that their organization is well-prepared to handle the myriad of cybersecurity challenges it faces. It is multifaceted, extending beyond traditional IT security to encompass various responsibilities to protect an organization's information assets.

Today we are excited to announce that Netskope has once again been named a Leader in the Gartner® Magic Quadrant™ for Security Service Edge (SSE). This is the third time in a row Netskope has been recognized as a Leader—and we have been recognized as a Leader every time since the inaugural Magic Quadrant for SSE. We’ve also placed highest in vision and furthest in ability to execute for the second time in a row.

Read also: An international operation dismantles a massive phishing platform, the Firebird RAT developers arrested, and more.

What is ASM, sometimes called EASM? A simple definition of External Attack Surface Management (ASM or EASM) is the process of defining and securing your organization from the outside-in. Your organization’s attack surface is made up of all the assets belonging to your organization, all of your vendor-managed assets, Cloud and SaaS assets, and all of their external third-party, fourth-party, and Nth-party connections that are visible to an outsider.

Our latest Phishing Threat Trends Report gives a comprehensive oversight into the types of phishing attacks and tactics organizations are facing so far in 2024, from the rise of ‘quishing’ and AI-powered phishing campaigns to the multi-channel approach. In this blog, we look at the key findings from the report, the industries and demographics most at risk, and the evolution of payloads from 2021 to date.

How often do you read and review the terms and conditions when signing up for a service? Or stay updated with the privacy settings of companies that monitor your data? We often hit the accept button to complete the signing-up process as quickly as possible so we can start using the product, whether it be for cloud storage, streaming, or video games. In doing so, we often risk putting our data in the company's control, leaving us unsure about how exactly they use this data or how they keep it secure.

LastPass has warned that one of its employees was targeted by a social engineering attack that used an audio deepfake that impersonated the company’s CEO. Fortunately, the employee grew suspicious and avoided falling for the attack. Mike Kosak, Senior Principal Intelligence Analyst at LastPass, explained in a blog post, “In our case, an employee received a series of calls, texts, and at least one voicemail featuring an audio deepfake from a threat actor impersonating our CEO via WhatsApp.

New advancements in generative AI voice cloning come at a time when banks are looking for additional ways to authenticate their customers – and they’re choosing your voice. Banks adopted the principles of multi-factor authentication years ago. But continued cyber attacks aimed at providing SIM swapping services have increased the risk of assuming the credential owner actually possesses the mobile device. So, where do they go next to prove you’re you? Voiceprint.

In late March 2024, the cybersecurity community was shaken by the revelation of a critical vulnerability in XZ Utils, a popular open source compression tool integral to many Linux systems. The discovery was made by Andres Freund, a developer at Microsoft, who reported that versions 5.6.0 and 5.6.1 had a backdoor that could potentially allow unauthorised remote code execution.

Supply chain cybersecurity and resilience have become pivotal across various cyber regulations, most notably NIS2 and DORA. In this blog, stemming from our latest ebook '5 Proven Strategies to Maximize Supply Chain Cyber Risk Management’, we will explore the reasons why resilience is a new mandate for CISOs today and, most importantly, how to secure the supply chain at scale—in line with evolving regulatory requirements.