Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As a security executive, how do you know if your organization can detect a certain attack? A talented, experienced team armed with advanced tooling can certainly generate confidence — but even then, detections can slip through the cracks if not properly codified.

Written in collaboration with: Nikos Makriyannis, and Dorit Dor.

In Part 1, we explored what quantum computing really means for crypto security—and why preparation can’t wait. Now let’s take a closer look at how blockchains like Bitcoin and Ethereum are exposed, and how they’re beginning to adapt.

What does “secure by default” really mean—and is it enough? In this episode of CyberArk’s Security Matters, host David Puner sits down with Scott Barronton, Chief Information Security Officer (CISO) at Diebold Nixdorf, to explore the often-overlooked risks of cloud default settings and how assumptions can lead to vulnerabilities.

It's no longer enough for CIOs to check boxes and tick off compliance milestones. The world has changed — and with it, the data privacy landscape. From the GDPR in Europe to California's CCPA, and now Brazil's LGPD and India's DPDP, the patchwork of privacy laws continues to expand. What was once a series of siloed regional regulations has become a living, breathing global challenge. For CIOs leading enterprises that span borders, staying compliant isn't just about avoiding penalties.

Compliance effort often comes from manual spreadsheets, one-off audits, and error-prone documentation processes. Requirements like PCI DSS 6.4.3 (script inventory and justification) and 11.6.1 (tamper detection and alerts) demand continuous monitoring — something legacy tools and manual processes struggle to provide. Legacy CSP and manual reviews are inadequate against modern threats such as Magecart attacks and dynamic script injections, increasing risk and operational cost.

Managing the security gap between your technical defenses and user behavior just got easier! Introducing KnowBe4 SecurityCoach for Microsoft Edge for Business integration. As one of the only human risk management platforms with a native reporting connector in Microsoft Edge for Business, SecurityCoach now transforms your browser into a real-time coaching platform.

Generative AI has transformed software development almost overnight. From coding assistants to AI-native applications, tools are evolving faster than most teams can keep up with. But the rapid evolution of AI comes with its own cost: mental fatigue. Even among AI developers, most don’t consider themselves experts in generative AI. Between shifting tools, growing security risks, and a flood of hype, it’s no surprise that developers and security teams feel overwhelmed.

How many times have you heard the phrase “don’t trust strangers”? The key point today is that many strangers disguise themselves as someone familiar, and that misplaced trust is what leads us to be deceived. Cybercriminals widely use this tactic, and it has a very specific name. Have you ever asked yourself, 'What is social engineering in cybersecurity?' A social engineering attack leverages human psychology through manipulation.

Picture this: You’re in the middle of dinner with friends when your work phone buzzes. It’s the fraud supervisor with alarming news: Low-value transactions are suddenly flooding your servers. Your gut tightens as you hastily excuse yourself and head straight to the office to help secure your customers’ accounts against what turns out to be a Bank Identification Number (BIN) attack.