Category: Technology

Tokenization is increasingly being recognized as a powerful security measure for protecting sensitive payment data within financial institutions. By replacing sensitive information, such as credit card numbers or bank account details, with randomly generated “tokens,” tokenization reduces the risk of data breaches and fraud. These tokens have no exploitable value outside the specific environment they were created for, ensuring that even if intercepted, they cannot be used by malicious actors.

In the context of financial institutions, tokenization offers several key advantages:

1.  Data Protection: With tokenization, sensitive payment data is never stored in its original form, significantly lowering the risk of data breaches. Even if a hacker gains access to the tokenized data, it remains meaningless without the system that can map it back to the real payment information.

2. Compliance with Regulations: Tokenization helps financial institutions meet regulatory standards such as PCI-DSS (Payment Card Industry Data Security Standard), which mandates that sensitive payment information be protected. By tokenizing data, organizations can reduce the scope of their compliance efforts and improve overall security.

3. Reducing Fraud: Since tokenized data cannot be used outside of the specific transaction or payment network, it helps prevent fraud. Even if tokenized data is intercepted, it cannot be used for unauthorized transactions, providing an added layer of security against cybercriminals.

4. Customer Trust: By implementing tokenization, financial institutions demonstrate a commitment to protecting customer data, building trust, and enhancing the customer experience. This can result in increased loyalty and brand credibility.

5. Cost Savings: Tokenization can also help financial institutions reduce the costs associated with data breaches, including legal fees, fines, and the damage to reputation. By securing payment data at the point of entry, tokenization limits the amount of sensitive information that is ever exposed.

Overall, tokenization represents a critical step in enhancing the security of payment data and reducing the risks associated with storing and transmitting sensitive financial information. By leveraging this technology, financial institutions can better safeguard their customers’ payment data and ensure compliance with evolving security standards.

The post Can Tokenization Help Secure Payment Data for Financial Institutions appeared first on Cybersecurity Insiders.

APIContext has released its UK Open Banking API Performance 2023-2024 Report, the annual analysis of the performance of the open banking APIs exposed by the large CMA9 UK banks (the nine largest banks required by UK law to provide open banking services), traditional High Street banks, credit card providers, building societies, and new digital banks (neobanks).
API performance is crucial for open banking as it ensures fast, reliable, and secure data exchanges between banks and third-party providers and should be prioritised by all banks to meet regulatory requirements, stay competitive, and deliver the speed and security that modern customers demand in their financial interactions. Doing so enables seamless customer experiences and fosters trust in the open banking ecosystem.
This report highlights key API trends and the current challenges impacting the UK open Banking industry – which is widely viewed as the world leader in the open banking sphere.
The report uncovered the following findings:
Bank Type Roles Have Changed:
  • The report reveals neobanks are leading in both availability and speed. For example, neobanks like Tide and Monzo excel in API performance, offering near-perfect availability and rapid response times for a superior user experience. In contrast, CMA9 banks maintain stable but slower services, while traditional banks lag significantly, with high latencies (up to 4500ms) and inefficient API call handling, impacting both user experience and operational costs, a trend that had been identified in previous reports.
Cloud Providers Variability Has Increased
  • Cloud provider performance has seen a general decline across all platforms compared to previous reports, despite variability increasing. Azure showed the most significant decline, especially in Northern Europe, where latency rose by 80%, regularly exceeding 2,000ms. Meanwhile, AWS and IBM outperformed Azure and Google Cloud, maintaining p99 times under 600ms, solidifying their reliability for hosting open banking APIs.
Data Centre Choice Matters for Banking Fintech Apps
  • Akamai Connected Cloud (ACC) UK and AWS UK deliver the best performance for open banking applications, with p99 response times of approximately 1084ms and 1150ms respectively, making them ideal for critical services. In contrast, Azure and Google data centres lag behind, with Azure consistently slow in the UK and Ireland, and Google showing higher latency in Northern and Eastern Europe.
“While the UK’s Open Banking ecosystem continues to lead globally, year-on-year analysis from this report highlights both progress and emerging challenges,” said Mayur Upadhyaya, CEO of APIContext. “The narrowing performance gap between traditional CMA9 banks and neobanks marks a reversal of prior trends, reflecting improvement by some traditional players and stagnation among digital challengers. Meanwhile, the performance variability of a leading cloud provider underscores the critical need for resilient infrastructure choices.
Upadhyaya continues: “The introduction of Open Banking Standard v4.0 provides a vital opportunity to reassess API performance and conformance, setting the stage for renewed ecosystem growth. However, with the EU’s Digital Operational Resilience Act (DORA) driving improved uptime and performance across Europe, the UK must act decisively to maintain its leadership. To foster innovation and trust, Open Banking endpoints must be fast, reliable, and conformant.”
Having evaluated key performance metrics, including API endpoint availability and reliability, latency metrics, cloud provider performance, and a comparative analysis of different bank types, the data for the report was gathered from APIContext monitoring Financial-grade API (FAPI) consent endpoints. Using an active monitoring platform, approximately 8 million API calls from July 1, 2023, to June 30, 2024 were conducted.
To download a copy of the APIContext UK Open Banking API Performance 2023-2024 Report, click here.

The post Open Banking Shortcomings Threaten UK Global Leadership Position Research Finds appeared first on IT Security Guru.

KnowBe4, cybersecurity platform that comprehensively addresses human risk management, today released a new white paper that provides data-driven evidence on the effectiveness of security awareness training (SAT) in reducing data breaches.

Over 17,500 data breaches from the Privacy Rights Clearinghouse database were analysed along with KnowBe4’s extensive customer data to quantify the impact of SAT on organisational cybersecurity. This research provides an in-depth perspective on the effectiveness of security awareness training in preventing data breaches.

Key findings from the research include:

  1. Organisations with effective SAT programs are 8.3 times less likely to appear on public data breach lists annually compared to general statistics.
  2. 97.6% of KnowBe4’s current U.S. customers have not suffered a public data breach since 2005.
  3. Customers who experienced breaches were 65% less likely to suffer subsequent breaches after becoming KnowBe4 customers.
  4. 73% of breaches involving current KnowBe4 customers occurred before they implemented the company’s SAT program.

 

KnowBe4 advises organisations to implement SAT programs with at least quarterly training sessions and simulated phishing tests, noting that more frequent engagement can lead to even greater risk mitigation. The study addresses a critical question in cybersecurity: Does security awareness training measurably reduce an organisation’s risk of real-world cyberattacks? The analysis demonstrates that organisations practicing regular and effective SAT see significant decreases in human risk factors and fewer real-world compromises.

“If you add up all other causes for successful cyberattacks together, they do not come close to equaling the damage done by social engineering and phishing alone,” said Roger Grimes, data-driven defence evangelist at KnowBe4. “The evidence is compelling and clear. Effective security awareness training, with regular simulated phishing exercises, educates employees and significantly reduces the human risk of cybersecurity threats.”

This research provides valuable insights into the substantial role that security awareness training plays in preventing data breaches, particularly given that social engineering and phishing account for 70% to 90% of data breaches. KnowBe4 defines an effective SAT program as one that includes at least monthly training and simulated phishing campaigns.

The full white paper, “Effective Security Awareness Training Really Does Reduce Breaches,” is available for download here.

The post KnowBe4 Research Confirms Effective Security Awareness Training Significantly Reduces Data Breaches appeared first on IT Security Guru.

As we step into 2025, the API landscape is undergoing a transformative shift, redefining how businesses innovate and scale. APIs are no longer just enablers of connectivity; they are the architects of ecosystems, powering everything from seamless automation to AI-driven services. The new year will prove to be a pivotal year for the API ecosystem that will shape the space, highlighting trends, challenges, and opportunities that lie ahead and the following are realistic predictions I see as happening as 2025 progresses. 

Vertical-specific API standards will be adopted at scale 

We will see accelerated adoption of industry-specific API standards across many sectors. The benefits of open standards are obvious across sectors: better interoperability and industry-wide integrations. The success of open banking API standards like FAPI has proven the value of standardized approaches, and the same trajectory is unfolding in healthcare with FHIR. The telecom sector has embraced TM Forum’s Open API, and InsurTech will follow, with new frameworks emerging to address the unique challenges of policy management, claims, and underwriting. Industries like logistics and e-commerce are also stepping up, recognizing the need for consistent standards to handle complex operations. This proliferation of standards is driven by the dual pressures of digital transformation and regulatory compliance, making it clear that custom, industry-aligned APIs are no longer optional—they’re essential. By 2025, API standards will have matured into a defining feature of scalable, interoperable ecosystems, especially as industry big players collaborate more moving forward the need for industry standards will be apparent. 

Rapid security improvements of existing APIs and applications

For the most part, a large majority of API breaches are caused by misconfiguration issues – exploits that are relatively straightforward to remediate. As a result, we are witnessing a lot of relatively unsophisticated attacks because they’re unsophisticated exploits that can  be easily remediated. In fact, more UK organisations than ever before are experiencing API security incidents, with the total soaring from 69% to 83% year-on-year vs 2023.

The industry is now aware of API security risks, but action on deployed applications has lagged due to a critical blind spot: teams often don’t know where vulnerabilities exist in their current architecture. This is about to change. New tools that automatically map production APIs, highlight deviations from best practices, and flag misconfigurations, will empower teams to address risks without overhauling their infrastructure. By providing clear, actionable insights with minimal effort, these tools will enable organizations to dramatically improve their API security posture, particularly in sectors such as finance and healthcare, where legacy systems remain prevalent. In 2025, we will start to see existing APIs evolve from being security liabilities into resilient, well-governed components of enterprise architecture, closing one of the most significant gaps in modern API security.

API performance will improve, driven by increasing SLO accountability 

We can expect to see increased hard costs for slow or unreliable APIs. As API consumers and operators continue to measure performance more effectively, transparency and accountability will rise. Advanced observability tools make it easier to pinpoint issues, and real-time telemetry will drive accountability for latency, uptime, and error rates within their control. Service interruptions now translate directly into lost revenue and damaged customer trust. In response, application owners should expect to demonstrate their resilience. API resilience is key to any overall performance improvements seen and API documentation goes a long way to achieve that. Lastly, increasing awareness and familiarity when building and developing APIs to ensure reliability and performance are baked in from the beginning is crucial. 

Edge computing and AI will drive API performance and adaptability 

Edge computing will move into wide adoption. The demand for sub-millisecond response times in real-time applications—such as gaming, IoT, and autonomous vehicles—will push APIs closer to end-users, reducing latency and improving reliability. This shift will enable new use cases, such as hyper-localized processing for autonomous drones or real-time personalization for smart retail experiences. AI-driven dynamic routing will complement edge computing by continuously optimizing API call paths based on current network conditions, traffic loads, and user demand. Additionally, intelligent caching strategies will leverage predictive analytics to preload and store frequently requested data at the edge, ensuring faster response times even during traffic spikes. Low-latency, highly adaptive APIs will become the baseline performance expectation.

The API realm in 2025 is poised to redefine digital strategy, demanding agility, innovation, and foresight. Organizations that leverage APIs as core assets will unlock unprecedented opportunities, creating seamless integrations whilst simultaneously delivering transformative customer experiences. As businesses adapt to this API-first era, those who anticipate trends and embrace change will lead the charge into a more intelligent future in the interconnected world we live in today.

 

By Jamie Beckland, CPO at APIContext

The post What could the API Landscape look like in 2025? appeared first on IT Security Guru.

KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, this week released its AI-Driven Scams and Fraudulent CVs: The Increased Risk to HR Operations in the UK

survey report, which delves into the specific cybersecurity challenges of 1,001 Human Resources (HR) professionals based in the UK. The research evaluated Artificial Intelligence (AI)-driven fraud, gaps in cybersecurity awareness, and the level of collaboration between HR and IT departments.

The survey findings, which were gathered by Censuswide on behalf of KnowBe4, revealed that 44% of HR professionals have come across job applications that turned out to be scams or fraudulent. Worryingly, two in five (40%) of HR professionals have admitted to progressing a job application before realising it was fraudulent. Considering that 35% of those who were targeted by bogus applications stated these included malicious links or attachments, it could pose a direct cybersecurity threat to their business.

“It is not unheard of for threat actors to embed malware, spyware or other harmful software into a fake resume when applying for a job application,” said Javvad Malik, lead security awareness advocate at KnowBe4. “If clicked by an unsuspecting member of the HR department, it can lead to phishing sites or initiate the download of harmful malware which can cripple the targeted organisation, steal sensitive information or exploit it financially.”

Other key stats from the report include:

HR-related Cyber Attacks:

  • Over half (57%) of companies have experienced a cyberattack in the last 12 months due to employees falling for phishing emails.
  • Alarmingly, 4 out of 5 (82%) of HR professionals have experienced a cybersecurity incident in the past year, yet 40% say they lack a formal incident response plan to deal with a cyber threat.
  • Almost half (48%) have interacted with LinkedIn profiles that were later found to be fake.

Use of AI – For Good & Bad

  • Over a third (37%) of HR teams are leveraging AI tools to screen job applications, while 29% use AI to draft job specifications.
  • There is increasing interest in adopting AI-driven solutions, with 37% of HR professionals advocating for AI-based tools to detect fraudulent applications.

Cybersecurity Awareness & Collaboration:

  • A concerning 41% of HR professionals believe their employees are negligent regarding cybersecurity policies.
  • There is a strong call for enhanced collaboration, with 52% of HR professionals desiring closer partnerships with IT and security teams.
  • Over two-fifths (44%) want more dedicated training for HR and recruitment teams to better identify security risks.

 

“Understandably, the use of AI by the HR department has revolutionised how organisations attract, hire, manage, and retain talent in a bid to improve efficiency and HR processes,” said Javvad Malik, lead security awareness advocate at KnowBe4. “However, the report showcases how this integral department is being targeted by scammers and the risks associated with fraudulent job applications which can lead to detrimental consequences.”

“As a company, we issued a warning about this threat this year after we accidentally hired a fake North Korean employee,” continued Malik. “This demonstrated how every organisation is susceptible. Ultimately, we want to see improved security awareness and advocate for all organisations to update the existing hiring processes to include more security processes to reduce the risk of falling victim. Hopefully, then we can see the exploitable gap diminish, making cybersecurity incidents fewer and further between.”

To view the full findings, please click here.

The post KnowBe4 Report Finds 44% of HR Professionals Have Encountered Fraudulent or Scam Job Applications appeared first on IT Security Guru.

Obsidian Security today announced the successful completion of the Snowflake Ready Technology Validation, and achievement of the Snowflake Partner Network Financial Services Industry Competency. These milestones mark significant progress in Obsidian Security’s product integration and collaboration with Snowflake, the AI Data Cloud company. Through this integration, Obsidian Security customers can strengthen the security of their critical data and applications on the Snowflake AI Data Cloud.

The Snowflake Ready Validation Program recognizes partners that have completed a third-party technical validation to confirm their Snowflake integrations are optimized with an emphasis on functional and performance best practices. Obsidian Security provides identity threat protection and posture management for SaaS and PaaS applications. Through its integration with Snowflake, Obsidian Security will enable joint customers to configure their applications and protect their data in Snowflake to further enhance their ability to conform to compliance standards like NIST and CIS Snowflake Foundations Benchmark best practices.

The Snowflake Partner Network Competency Program validates Snowflake partners for their commitment to driving customer impact across the Data Cloud ecosystem. Obsidian Security protects SaaS and PaaS applications from identity threats and third-party integration risks (including AI applications) and secures data movement between SaaS applications, resulting in automation of SaaS security posture management (SSPM) and compliance. As a Snowflake Premier Partner, Obsidian Security enables shared customers to confidently increase their adoption of the Snowflake AI Data Cloud.

“We have observed sophisticated attackers frequently target organizations through their data stores,” said Iulia Stefoi-Silver, VP Alliances at Obsidian Security. “This collaboration leverages Obsidian Security’s advanced SaaS security solutions to protect customers from these escalating threats.”

The collaboration between Obsidian Security and Snowflake offers customers a streamlined process to better secure their Snowflake environment. Automated workflows for configuring posture controls enable fast and comprehensive adherence to Snowflake’s configuration best practices. In addition to posture management, Obsidian Security’s advanced threat prevention and detection capabilities are more readily available, powered by SaaS security insights enriched from the world’s largest repository of SaaS breach data. Customers also benefit from Obsidian’s seamless integration with security logs in Snowflake’s AI Data Cloud, accelerating incident investigation and response.

“Obsidian Security’s Technology Ready status reflects the company’s continued investment in providing data security solutions to our joint customers,” said Tarik Dwiek, Head of Technology Alliances at Snowflake. “We look forward to continuing to witness Obsidian’s commitment to ensuring a seamless user experience for our joint customers through their SaaS and PaaS posture management and threat prevention and detection solutions.”

“Ensuring the security and availability of our data has become absolutely essential,” said Obsidian Security customer Ravi Chinni, Global Head of Identity and Access Management at S&P Global. “Knowing our data is now better protected on the Snowflake AI Data Cloud with Obsidian Security is a strong endorsement for growing our adoption of Snowflake.”

Obsidian Security was founded with the goal of tackling the unaddressed blind spot in SaaS and PaaS security. Trusted by leading Fortune 1000 and Global 2000 enterprises, Obsidian shields SaaS and PaaS applications from identity threats, 3rd- and 4th-party integrations and data movement risks, and automates SaaS security posture management and compliance.

The post Obsidian Security Achieves Snowflake Ready Validation and Financial Services Competency appeared first on IT Security Guru.

Cato Networks, the SASE provider, today announced the industry’s first SASE-native IoT/OT security solution. With the introduction of Cato IoT/OT Security, Cato is enabling enterprises to dramatically simplify the management and security of Internet of Things (IoT) and operational technology (OT) devices. Cato IoT/OT Security converges device discovery and classification, policy enforcement, and threat prevention in a SASE platform. 

 

Cato IoT/OT Security is a native feature in the Cato SASE Cloud Platform, which allows enterprises to instantly activate the new solution with a click of a button. There is no additional hardware or software to install or configure. Cato IoT/OT Security is the fifth major expansion of the Cato SASE Cloud Platform in 2024 following the releases of Cato XDR and Cato EPP in January, Cato MSASE in June, and Cato DEM in October

 

“Cato Networks is the only SASE leader to build an IoT/OT security solution from the ground up and deliver it natively from a single, cloud-native platform,” said Shlomo Kramer, co-founder and CEO at Cato Networks. “Some SASE portfolio companies address IoT/OT security by repackaging acquired point solutions and requiring customers to handle complex deployment and integration. This approach increases costs, operational burden, and security gaps, which undermines the promise of simplification with a SASE platform. With Cato IoT/OT Security, we are making it easy for customers. There is no integration required. It just works.”

 

IoT/OT: An Ever-Expanding Attack Surface

IoT/OT devices represent a critical weakness in enterprise security posture. According to a Gartner® report, “by 2025, over 85% of enterprises will have more smart edge devices on their network than laptops, tablets, desktops or smartphones.” Many of the IoT/OT devices that enterprises use lack security features and often operate on outdated hardware and software, resulting in highly vulnerable devices. 

 

With a limited ability to protect against advanced threats, attacks on IoT/OT devices can lead to severe business consequences. This includes production downtime, safety incidents, financial losses, and reputational damage. 

 

Cato Extending SASE-based Protection to IoT/OT Environments

Enterprises require an IoT/OT security solution that provides discovery, visibility, policy enforcement, and threat prevention for IoT/OT devices. Cato addresses these needs with Cato IoT/OT Security, which expands the Cato SASE Cloud Platform with IoT/OT capabilities including: 

 

  • Device discovery and classification: Gain instant visibility into IoT/OT environments with no additional integration required. Purpose-built AI and ML capabilities identify IoT/OT devices and provide visibility into their characteristics, such as their type, manufacturer, and version. This removes security blind spots and accelerates IoT/OT device identification. 
  • Policy enforcement: Define and enforce granular access policies. Rules can be set based on characteristics for a specific IoT/OT device, or based on grouping by type, manufacturer, and model for groups of devices. Controlling IoT/OT device access secures the enterprise network and reduces the attack surface.
  • Threat prevention: Protect IoT/OT devices with Cato’s advanced threat prevention capabilities, including Cato DNS Security, Cato IPS and Cato NGAM. This provides protection and safeguards against known and unknown threats. 

 

“Since we’ve switched from a legacy vendor to Cato Networks for our SASE needs, one of the biggest benefits that we’ve seen is reduced costs,” said Chris Simons, global IT manager, infrastructure and security at Oregon Tool. “By converging security and networking in a SASE platform, we can activate new capabilities with little overhead. We believe enterprises can benefit from cost efficiencies with Cato IoT/OT Security. There is no integration required, and it covers all aspects of discovery, visibility, enforcement, and threat prevention in a single solution.”

 

“IoT and OT present two primary challenges for enterprises: visibility and security. It can be difficult to know which IoT devices and OT systems are on the network. Additionally, IoT devices are often less secure by design, while OT systems in critical infrastructure are generally challenging to patch,” said John Grady, principal analyst, network security and web application security at Enterprise Strategy Group (ESG). “By expanding its SASE platform to include IoT/OT security, Cato Networks can help organizations more efficiently discover and protect their connected devices and systems.”

 

Availability

Cato IoT/OT Security is generally available for customers globally. 

The post Cato Networks Introduces Industry’s First SASE-native IoT/OT Security Solution appeared first on IT Security Guru.

New research conducted by CyberSmart, a leading provider of SME security solutions, indicates that mobile cybersecurity incidents at small businesses are widespread.

 

The research, conducted by OnePoll in Autumn 2024, polled 250 small-medium enterprise (SME) business owners or leaders in the UK, found that over a third (35%) of small business employees or owners report clicking on a phishing link via mobile.

 

Elsewhere, 30% of respondents reported losing or having stolen a mobile phone containing sensitive corporate information, leaving their business more vulnerable to potential cybercriminal activity.

 

While these dramatic incidents are a concern from a security perspective, the minutiae of business activity taking place on a mobile, without policies in place, also suggest a concerning lack of security awareness from SMEs. For example, a quarter of respondents admitted using a mobile device used for work to a public charging station (e.g., at an airport or café), and 36% of respondents have worked from a public WiFi network on a mobile device. A further 9% admitted to forwarding corporate data to a personal account, and 11% admitted storing corporate passwords or login credentials on a mobile device without encryption.

 

“These results are obviously a concern for SMEs and their employees. Large organisations are more likely to implement security awareness training for mobile devices and implement a code of conduct for corporate devices. This is not a luxury afforded to most SMEs, who do not have the resources or time to do so.” Said Jamie Akhtar, Co-Founder and CEO at CyberSmart. “It is the responsibility of the cybersecurity industry to change this, and to make security more accessible for the small businesses which make up 99% of the UK economy.”

 

You can find the full results of the survey here.

 

This follows news from CyberSmart that a worrying 60% of businesses expect their employees to carry out work tasks on their personal mobile phone.

The post Poor mobile security practices rife at SMEs, CyberSmart survey finds appeared first on IT Security Guru.

KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today  released its Q3 2024 Phishing Report. This quarter’s findings reveal the most frequently clicked email subjects in simulated phishing tests, demonstrating the continued efficacy of HR and IT-related phishing attempts.

 

KnowBe4’s Q3 2024 Phishing Report reveals that HR and IT-related phishing emails claim a significant 48.6% share of top-clicked phishing types globally. Despite evolving techniques by bad actors, phishing emails remain among the most prevalent tools for executing cyberattacks. KnowBe4’s 2024 Phishing by Industry Benchmarking Report reveals that about one in three users is susceptible to interacting with malicious links or fraudulent requests. Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into clicking malicious links or opening harmful attachments.

 

The report spotlights the ongoing threat posed by email-embedded phishing links, which continue to be the top attack vector of choice. These malicious links, PDF attachments and spoofed domains, when interacted with, often result in disastrous cyberattacks, including ransomware attacks and business email compromise. The report also reveals a surge in phishing campaigns leveraging QR codes. Popular QR code phishing subjects include HR reminders for policy reviews, DocuSign emails to sign an urgent document, and  Zoom meeting invitations. These messages, often masquerading as communication from HR, colleagues or external vendors, pose substantial risks as they can easily be replicated by malicious actors.

 

“Our latest phishing report underscores the evolving sophistication of phishing tactics, with cybercriminals increasingly exploiting the trust employees place in internal communications,” said Stu Sjouwerman, CEO of KnowBe4. “The prevalence of HR and IT-themed phishing attempts, coupled with emerging techniques like QR code integration, presents a complex threat landscape. These tactics are particularly deceptive as they leverage the perceived legitimacy of trusted sources, often prompting hasty actions before verification. In this rapidly changing environment, a well-trained workforce and a robust security culture are not just beneficial—they are essential. By prioritising human risk management, organisations can effectively build a formidable defence against avoidable cyberthreats.”

 

To download a copy of the Q3 2024 KnowBe4 Phishing Report infographic, visit here.

The post KnowBe4 Releases the Latest Phishing Trends in Q3 2024 Phishing Report, With QR Code Phishing on the Rise appeared first on IT Security Guru.

New research conducted by CyberSmart, provider of SME security solutions indicates that organisations not only allow employees to use their personal mobile phones to compete work tasks but actively expect them to. 

The research, conducted by OnePoll in Autumn 2024, polled 250 small-medium enterprise (SME) business owners or leaders in the UK, found that 60% of organisations expect their employees to use mobile devices to carry out work tasks despite not providing all of them with work mobile phones.

Equally concerning is that almost two thirds (60%) of staff members are not expected to carry out mobile security training. An organisation that allows employees to use personal mobile phones to carry out work without security training is massively increasing the chance of a security incident taking place across mobile devices.

Elsewhere, the survey unearthed a worrying lack of concern from business leaders regarding cyber security and employee security. 40% of organisations do not have a mobile code of conduct in place for employees.

“While these results are concerning, SMEs in the UK remain chronically underserviced by the cybersecurity industry” said Jamie Akhtar, Co-Founder and CEO at CyberSmart. “It is important to make the distinction that many of these organisations have limited resources and are already stretched thin making it difficult for them to invest in cybersecurity.”

We would advise SMEs to engage with solution providers who understand their specific needs, and more broadly would advise them to consistently focus on cybersecurity training, IT policies and fostering a more security-conscious culture would help them to achieve a more secure workplace.”

 

The post Mobile security policy missing at most SMEs, CyberSmart survey finds appeared first on IT Security Guru.