Security analysts at identity vendor Sumsub are seeing a massive rise in the use of deepfake fraud in their Identity Fraud Report 2023. And one country may be to blame. While Sumsub’s focus is more around all forms of identity security, it's witnessing a significant increase in deepfakes, as deepfakes are a form of identity fraud. According to Sumsub, the top three fraud trends identified were: The approximate overall growth rate worldwide for the use of deepfakes is 10x.

The US Justice Department has indicted two individuals for launching spear phishing attacks against the US, the UK, Ukraine and various NATO member countries on behalf of the Russian government. “The indictment…alleges the conspiracy targeted current and former employees of the U.S.

Industry analysts Piper Sandler do a yearly 'Industry Note' where they survey CIOs about their next year budget expectations. For 2024 there is a noticeable improvement regarding enterprise IT spending. The header of their survey was: "2024 CIO Survey | Investments in Security, AI, and Cloud Driving IT Rebound". Here is the summary of the full report which is a good read and warmly recommended.

Even when looking at the various kinds of risks to business, cyber attacks still remain the biggest problem. But new data shows there may be a lesson to be learned to minimize losses. Aon’s Global Risk Management Survey, nearly 3,000 organizations across 61 countries were asked about sources of business risk. In the report, “Cyber Attack/Data Breach” was the #1 current risk and #1 future risk seen by organizations.

Surveys, unfortunately, show that the vast majority of organizations do little to no security awareness training. The average organization, if it does security awareness training, does it once annually, likely as part of a compliance program. It is not enough We know from customer data collected, involving many tens of millions of records, over 10 years, that the more frequently an organization does training and simulated phishing, the better able their staff is able to spot phishing attacks.

When 97% of CIOs all see things the same way, it’s probably a sign to take the risk of cyber threats seriously – a problem new data shows is only going to get worse in the next five years. I cover a ton of reports from cybersecurity vendors on our blog, but when you see a network infrastructure vendor put out a report with intent on just covering the challenges organizations are facing and they have some interesting data on cybersecurity, it got my attention.

You would be hard-pressed to find an author and organization (KnowBe4) that has pushed the use of phishing-resistant multi-factor authentication (MFA) harder. When the world was touting “MFA,” we were shouting “PHISHING-RESISTANT MFA” even louder, including here: Today, many of the world’s leading cybersecurity voices, including CISA, Microsoft and Google are pushing phishing-resistant MFA. Here is CISA’s take on it.

In the ever-evolving landscape of cybersecurity, the battle against ransomware has taken a concerning turn. According to the latest findings from Secureworks annual State of the Threat Report, the deployment of ransomware is now occurring within just one day of initial access in more than half of all engagements.

The ransomware attack on ICBC Financial Services caused disruption of trading of U.S. Treasuries and marked a new level of breach that could have massive repercussions. When we saw the attack on the Colonial Pipeline back in 2021, the impact was felt throughout the Southeast United States. Any attack on key businesses that keeps an economy running will have some form of impact should the attack be successful.

A phishing campaign is impersonating Disney+ with phony invoices, according to researchers at Abnormal Security. The phishing emails targeted individuals at 22 organizations in September. “The first step in this multi-stage attack is a seemingly auto-generated notification email informing the target of a pending charge for their new Disney+ subscription,” the researchers explain.