Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When we think about misdirected email, we often put ourselves in the shoes of the sender. After all, nobody wants to tell their manager that they might (however accidentally) be responsible for a data breach. But what you do when you’re on the other side of the inbox?

Traditionally, email data loss prevention software has used static rules to stop users from emailing sensitive or confidential data. Specifically, email DLP protects organizations from accidentally exposing sensitive data such as bank account numbers, passwords, credit card numbers, intellectual property, or trade secrets.

The US Federal Bureau of Investigation (FBI) has issued an advisory warning of a phishing campaign that’s impersonating city and county officials to send phony requests for permit fees. “Individuals and businesses with active applications for land-use permits are being targeted by criminals impersonating city and county planning and zoning board officials, fraudulently requesting fees associated with these permits,” the FBI says.

Sending an unsecured email can be likened to writing sensitive information on a sticky note and leaving it on someone else's desk: anybody can intercept and share that information. Fortunately, there are ways to ensure your emails are safe from the prying eyes of hackers through encryption, meaning your message — no matter how sensitive — is seen only by the intended recipient.

The number of ransomware attacks increased by 50% in 2025, even though the number of victims who decided to pay the ransom fell to an all-time low, according to a new report from Chainalysis. The size of the ransom for victims who did pay increased significantly, growing 368% year-over-year to nearly $60,000. The total ransom payments observed by Chainalysis last year amounted to $820 million.

Security awareness programs are built on measurement. Before you can reduce human risk, you need a clear understanding of where knowledge gaps exist across your workforce. For many organizations, that process starts with a baseline assessment. For years, KnowBe4’s Security Awareness Proficiency Assessment (SAPA) has provided that foundation.

Long-time followers of mine know that I am not an AI hype person. Some people might even call me an AI critic. I prefer to call myself an AI realist. I do not think AI will kill us all (despite our best efforts to bypass all guardrails and common sense). I do not think AI will replace all jobs. I do not think AI will replace all cybersecurity jobs. But I do think AI allows improvements in many areas, including cyber defenses, over traditional tools and techniques.

More than 90% of successful cyberattacks start with email, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). That’s not because security teams lack tools, but because attackers target human decision-making. For years, organizations treated email security as a filtering problem: block enough malicious messages, and risk goes down. That assumption no longer holds.