Cybercriminals never sleep, and their aim keeps getting better. According to new research from Abnormal Security, phishing attacks targeting organizations in Europe shot up by a staggering 112.4% between April 2023 and April 2024. Meanwhile, US organizations weren't spared either, with phishing attempts increasing by 91.5% over the same period. Phishing may be an old-school social engineering tactic, but it's no joke.

Security budgets naturally compete with other priorities for funding, and finance departments traditionally prioritize immediate financial gains over long-term investments. Cybersecurity, with its focus on prevention, is often seen as an element that’s ‘nice to have’ rather than a necessity. Especially when compared to tangible projects with quicker returns, cybersecurity initiatives can be left chronically underfunded. Where do we spend? And where are the attacks coming from?

As a CIO, I often wish for a world where the threat landscape is less expansive and complicated than it is today. Unfortunately, the reality is quite different. This month, I find myself particularly focused on the idea that our digital business would come to a grinding halt without the technology ecosystem that supports it. However, this very ecosystem also presents significant risks.

This is why email compliance and archiving solutions are pivotal for shielding your electronic correspondence and ensuring it’s safely stored, retrievable, and compliant with industry regulations. The adoption of such solutions is indispensable for both private and public companies that generate large data volumes, which require extensive storage and reliable backup options for the reasons we’ll explain below.

The Verizon 2024 Data Breach Investigations Report noted a 180% increase in exploited vulnerabilities over the previous year’s figures. The importance of keeping an up-to-date vulnerability management policy for remediating and controlling security vulnerabilities cannot be understated.

Many companies strive to achieve the best security possible. Along the path to improved security, many companies are also required to meet various compliance standards. In some cases, compliance is also a regulatory requirement. This crossroad between security and compliance can sometimes seem at odds with the organization’s goals. Compliance does not always equal security.

Extended detection and response, better known as XDR, is a security technology that combines multiple point solutions, including but not limited to endpoint protection and endpoint security tools, into a unified incident detection and response platform. First described in 2018 by Palo Alto Networks' CTO Nir Zuk, XDR collects, correlates, and contextualises alerts from different solutions across endpoints, servers, networks, applications, and cloud workloads.

Cyberattacks are a growing threat, making it crucial for us to understand the tools and techniques available to secure applications. Today, we dive into the differences and similarities between Dynamic Application Security Testing (DAST) and Penetration Testing with insights from a Veracode industry expert and certified penetration tester, Florian Walter. DAST is an automated technique designed to identify security vulnerabilities in web applications and APIs during runtime.

We’re excited to announce that Snyk has now developed an AWS Marketplace add-on for Amazon Elastic Kubernetes Service (Amazon EKS), embedded directly into the AWS Management Console! Snyk joins a small number of approved ISVs around the globe, allowing customers to deploy a Snyk agent on Amazon EKS clusters using the same methods you would use to deploy native AWS services, either manually via the AWS Management Console or by using AWS’ command-line interface (CLI).