According to Netskope’s recent “Year in Review” Cloud and Threat Report, the most common way cyber attackers gained access to organisations in 2023 was through social engineering. While a favourite tactic of cyber criminals, at its heart, social engineering isn’t about someone breaking code while hunched over a glowing keyboard. It relies on individual human vulnerability, tricking people into opening the door for the attacker to walk through.

One of the many benefits of running your own private cloud infrastructure are the performance improvements when you’re in control of your own connectivity, shortening the path and reducing latency for both users connecting to your private cloud and first mile connectivity to applications and services.

DarkGate is a commodity malware with multiple features including the ability to download and execute files to memory, a hidden virtual network computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation.

February brings a flurry of cybersecurity awareness days. On February 1st, Change Your Password Day reminded us that using “Rover123!” for yet another online account is not an appropriate defence between ourselves and cyber criminals, while yesterday—Safer Internet Day—encouraged us to take positive steps toward protecting ourselves online. But how long do these positive reminders last?

Legacy VPNs have become a significant security liability for businesses and governments. VPNs require inbound access to corporate networks, significantly broadening the attack surface for malware. This makes them prime targets for threat actors, increasing the risk of disruption to your business.

We are witnessing an explosion in the number, type, and mix of smart devices in our business environment, driven by mobility, remote work, and the adoption of digital transformation initiatives. However, these devices come with their own set of security risks and challenges, creating a larger attack surface to manage and control.

Over the past year, the social engineering tactics used for cyber attacks have evolved significantly as attackers manipulate the inherent trust, biases, and vulnerabilities of individual human behavior to gain unauthorized access to sensitive information or systems.

I bet many of you have experienced those frustrating moments on Zoom, Teams, or any other Unified Communications as a Service (UCaaS) platform like RingCentral. You know what I’m talking about—the dreaded video and audio glitches caused by a less-than-stellar internet connection, which are often completely out of your hands.

According to the data collected by Netskope Threat Labs, over the course of 2023, OneDrive was the most exploited cloud app in terms of malware downloads. And if a good day starts in the morning, 2024 does not promise anything good. In fact, at the beginning of January, and after a nine-month break, researchers from Proofpoint detected a new financially motivated campaign by TA866, a threat actor characterized for being involved in activities related to both cybercrime and cyberespionage.

The past decade has seen governments around the world introduce significant new legislation covering data, cybersecurity, and technology. This has been part of a sustained effort to regain some influence over big tech and impose good governance practices on how businesses capture, protect, and manage data. This shift towards greater regulation has been largely led by the EU, which implemented the General Data Protection Regulation (GDPR) in 2018.