Author: Charley Nash

Over the past five years, The Most Inspiring Women in Cyber Awards have celebrated some of the most exceptional women from across the cybersecurity industry. From new starters and students to CEOs and CISOs, the awards aim to celebrate outstanding individuals at every level of the industry. No deed is too small for recognition and every single woman nominated is a shining example of the talent permeating throughout the industry. 

With nominations open for this year’s awards, we caught up with some of 2024’s esteemed winners. We caught up with Lisa Ventura, Founder of Cyber Security Unity, Dr. Andrea Cullen, Co-Founder of CAPSLOCK, Zinet Kemal, Cloud Security Engineer at Best Buy, Rosie Anderson, Head of Strategic Solutions at Th4ts3cur1ty.Company, and esteemed CISO Hazel McPherson

What have you been up to since being named a Most Inspiring Women in Cyber in 2024? 

Lisa Ventura: “Since being named a Most Inspiring Woman in Cyber in 2024 I’ve been focused on developing Cyber Security Unity to help unite the industry through greater collaboration in the industry. I’m also preparing to launch Neuro Unity and AI Unity to bring everything together for neurodiversity and AI all under one roof, just as I have done with Cyber Security Unity. I’ve been commissioned by Kogan Page Publishers to write a book on AI and Cyber Security which is due for release in February 2026, I’ve been a speaker at numerous events, been published in many cyber security and Infosec trade publications and the national press, and I’ve been focused on the Generation Cyber Campaign that I launched last year aimed at getting more people into careers in cyber security. My book “The Rise of the Cyber Women: Volume 3” was published via Security Blend Books last year on 8 March, and I’m also preparing to launch Generation AI and Generation Neurodiversity as separate campaigns. As always, I am very busy on various initiatives and projects in cyber security which is how I like to be.”

Dr. Andrea Cullen: “[Since winning I have been] continued to grow the business and focused on our B2B growth within the sector. I have also made a real point to get out to events and focus on how I might be a role model to others who are looking to develop their careers.”

Zinet Kemal: “Since receiving this incredible recognition, I’ve continued my mission to empower the next generation in cybersecurity. I launched new initiatives focused on online safety for children, expanded my work as a multi-award-winning author of cybersecurity-themed children’s books publishing “See Yourself in Cybersecurity” in Spanish language & “Oh, No… Hacked Again!” In audio book format. More formats means creating more alternative and access for readers.  I also created and released my 2nd LinkedIn learning course as a cloud security engineer on how to Securely Migrating to AWS. I won multiple other awards since then such as the 2024 Visionary Community Leader Award by cybersecurity summit, the 40 Under 40 Georgia Tech alumni award, Women of Influence – One to Watch Honoree by Executive Women Forum, and Women in Security Honoree by Security Magazine.”

Rosie Anderson: “Since winning the award,  I have pushed myself into public speaking and helped to share cyber security awareness and thought leadership at events such as a PA Conference helping the audience become better Guardians of Confidentiality, to speaking at Defcon on a panel to inspire the next generation of talent. Defcon is one of the largest cyber security conferences worldwide – so I seem to have shaken off the nerves! In total, I have spoken at 14 events so far! It’s safe to say that my comfort zone is now a tiny dot in the rearview mirror!”

Hazel McPherson: Where to start? She:

  • Grew BSides Bristol to a 2 day event with 52% speakers being women
  • Launched a new networking brunch for women in the South West (Firewalls and French Toast)
  • Won two CSO30 UK awards, one being the judges choice for recruitment and retention
  • Was part of ‘Hackers in the House’ a select group of cyber individuals that were invited to collaborate on industry policy within the UK government
  • A judge for the SW Awards (and again for 2025)
  • A board advisor for The Hacking Games
  • A senior advisor for the keynote stages for InfoSecurity Europe Conference 2025
  • Headline speaker for the new Rebel Element conference Oh FFS!
  • Spoke a lot about my ‘journey to CISO’ to audiences around the UK

She’s also “still being an awesome CISO for the same company, but twice the size as we bought our biggest global competitor.”

What did winning the award mean to you?

Lisa: “Winning the Most Inspiring Women in Cyber 2024 award was a deeply humbling and empowering experience, I was just so very sorry I couldn’t be there in person to receive it as my husband was very ill with sepsis and in and out of hospital at the time. It signified not only recognition of the things I do in the cyber security space but also acknowledgment of the collective strides women are making in the industry.  This award was a validation of the years of hard work, perseverance, and commitment I have to the cyber security industry, inclusion, and resilience. It also reaffirmed my belief that inspiring others isn’t just about achieving professional success but about lifting others up along the way—encouraging women to enter and thrive in cyber security despite the challenges they may face. Winning the award reignited my strong passion to continue advocating for equitable opportunities in cyber security and to serve as a role model for the next generation of talent.”

Andrea: “Genuinely thrilled to be recognised in this way. I heard some of the nominations and was blown away by the quality of them. It spurred me on to do more to inspire other women to join the sector.”

Zinet: “Winning this award was deeply meaningful. It validated the hard work I’ve put into breaking barriers as a woman, immigrant, career changer and mother in cybersecurity. It also amplified my platform to inspire others—especially women and underrepresented groups—to pursue careers in cybersecurity. The recognition motivated me to continue advocating for children’s online safety, women in cybersecurity and to create more educational resources for youth.”

Rosie: “I was super surprised to be nominated and this has spurred me on to keep being visible as a woman in cyber security, representing career changers and also working mums, as well as continuing with my development. I also met so so many inspiring women in the industry as other nominees and award winners, and it helped showcase just how many amazing women are working in this industry, at all stages in their careers.”

Hazel: “I was so incredibly proud and humbled to have won my first award, and it be this one. I have always hoped that working hard and keeping going would be enough to inspire other women that they can make it in this industry too. It’s hard work, and being a woman often makes it incredibly frustrating, but being recognised by winning this award gave me the boost I needed after 25yrs to keep doing it!”

So, what are you waiting for? Get your nominations in for the 2025 Most Inspiring Women in Cyber Awards now! This year’s awards are sponsored by KnowBe4, BT, Bridewell, Mimecast, Varonis, Certes, Pentest-Tools. The awards, hosted by Eskenzi PR, are also supported by community partners WiTCH, WiCyS UK & Ireland Affiliate, InClusive InCyber and CyBlack. 

Nominations close at 5pm on 22nd January 2025. Nominate here: https://docs.google.com/forms/d/e/1FAIpQLScYSY6YZhZmIYbx-0aT__3XYzWvRXrWozlh-FbfNfvB-0FShg/viewform

The post 2024 Most Inspiring Women in Cyber Winners: Where Are They Now? appeared first on IT Security Guru.

Eskenzi PR are proud to announce that KnowBe4, Mimecast, Varonis, Bridewell, Certes, and Pentest Tools have joined BT as sponsors for this year’s Most Inspiring Women in Cyber Awards. The 5th annual event, held at the iconic BT Tower on the 26th February 2025, aims to celebrate trailblazers from across the cybersecurity industry who are doing exceptional things. The event is also supported by media partners IT Security Guru and Security On Screen. 

Additionally, organisers Eskenzi PR have sought the expertise and guidance of some of the industry’s leading women in cyber and diversity focused groups to make the awards more inclusive and intersectional than ever. We have partnered with WiCyS UK & Ireland Affiliate, Women in Tech and Cybersecurity Hub (WiTCH), CyBlack and Inclusive InCyber (LT Harper). It is hoped that the 2025 event will reach a wider range of inspirational women from across all corners of the globe. 

Cybersecurity is an industry that, in many ways, lacks diverse representation. Research by ISC2 estimates that the percentage of women in the industry is likely in the range of 20% to 25%. The industry desperately needs talent, especially as we face a skills shortage and increasingly complex threats. However, role models and encouragement is critical. We cannot be what we cannot see. 

The Most Inspiring Women in Cyber Awards aims to bring together and empower incredible women (both established and those starting out their careers) and make long lasting connections. 

Nominations can be submitted via this link and will remain open until 5pm on 22nd January 2025. An esteemed panel of judges will then review the submissions and narrow the list down to the Top 20, each of whom will be profiled on the IT Security Guru. There will also be five women crowned ‘ones to watch’. This year’s judging panel includes: 

  • Yvonne Eskenzi, Co-Founder of Eskenzi PR 
  • Holly Foxcroft, Head of Neurodiversity in Cyber Research and Consulting, Stott and May Consulting
  • Anne Dolinschek, Senior Manager of Public Relations (EMEA) at KnowBe4
  • Yasemin Mustafa, Security Portfolio Director at BT 
  • Rachel Downs, Principal Consultant at Bridewell 
  • Kiri Addison, Senior Manager of Product Management at Mimecast
  • Iretioluwa Akerele, Co-Founder of CyBlack 
  • Julie Osborne, Director, Global Security Control Frameworks at Barclays and Vice President of WiCyS UK and Ireland Affiliate  
  • Illyana Mullins, Founder of WiTCH (Women in Tech and Cybersecurity Hub) 
  • Aymun Lashari, Community Manager at LT Harper

On the 26th February 2025, a physical awards ceremony will be held in London at the iconic BT Tower. The event will include a welcome address and an informal panel discussion with a Q&A featuring industry leaders. Then, the finalists will be awarded their certificates and trophies. The event will conclude with networking over food and drinks at the top of the tower. Finalists, judges, and guests are welcome to attend in person and the public can tune in to the ceremony via a live stream. More information to be provided soon.

The award’s founder, Yvonne Eskenzi, said: “We are privileged to once again host this prestigious event supported by industry heavyweights, like KnowBe4. It’s an honour to be back at the dazzling BT Tower too. At Eskenzi, we’re passionate about supporting and fostering diversity in the sector through action. The Most Inspiring Women in Cyber Awards, in collaboration with leading industry women’s networks and forward thinking organisations, strives to empower and uplift women within the cybersecurity sector and foster enduring connections among attendees.”

Headline sponsor, Anne Dolinschek, Senior Manager, Public Relations (EMEA) at KnowBe4, said: “We’re proud to once again be supporting this prestigious event that honours the incredible work women do in cyber and continues to shine a light on the need for diversity and inclusion. DEI initiatives are so important to the development of not only stronger and happier workforces, but to the overall cybersecurity industry as whole and the ability to protect businesses from emerging and maturing cyber threats.”

Yasemin Mustafa, Security Portfolio Director at BT, says: “At BT, we believe in the power of diversity to drive innovation and resilience in cybersecurity. Our support for the ‘Most Inspiring Women in Cyber Awards’ is a testament to our commitment to breaking down barriers and showcasing the incredible talent and leadership of women in this field. By celebrating these role models, we hope to inspire the next generation of women to pursue careers in cybersecurity, helping to create a more inclusive and dynamic industry. Together, we can redefine the future of cybersecurity.”

“We’re proud to be sponsoring this year’s Most Inspiring Women in Cyber Awards,” said Kiri Addison, Senior Manager of Product Management at Mimecast. “Women’s perspectives and expertise in cybersecurity are critical to overcoming the challenges set ahead of the industry today. Mimecast is committed to elevating and empowering women for the betterment of technology and for the cyber safety of people and organizations worldwide.”

“We are proud to be a sponsor of the Most Inspiring Women in Cyber Awards. By supporting this event, we aim to encourage more women to pursue careers in security while celebrating the achievements of those who are already making a significant impact on the space,” said Rebekah McAdams, VP, Global Field & Channel Marketing at Varonis.

Nominate HERE: Most Inspiring Women in Cyber Nominations 2025 (deadline 22nd Jan 2025, 5pm GMT).

The post Forward-Thinking Industry Leaders Sponsor Most Inspiring Women in Cyber Awards 2025 appeared first on IT Security Guru.

The Economic and Financial Crimes Commission (EFCC) recently executed a landmark operation in Lagos, Nigeria, arresting 792 suspects for their alleged involvement in a cryptocurrency investment fraud and romance scam. The raid, conducted at an imposing seven-storey building in Victoria Island, sheds light on the systematic infrastructure and advanced methods employed by these fraud networks to target victims worldwide.

How the Operation Unfolded

According to the EFCC, the surprise raid on December 10, 2024, was based on verifiable intelligence received about criminal activities at a facility known as Big Leaf Building.The syndicate specialized in two main cybercrime schemes:

  1. Romance Scams: Operatives created fake identities and built online emotional relationships with unsuspecting victims. Through manipulation, they convinced victims to send money under false pretenses, often promising love, marriage, or assistance in urgent emergencies.
  2. Cryptocurrency Fraud: The suspects lured victims into fake investment platforms, promising high returns. These platforms were carefully designed to mimic legitimate cryptocurrency trading sites, tricking users into transferring funds that disappeared into the syndicate’s control.

The EFCC uncovered a structured operation: suspects worked in coordinated teams with specialized roles, such as creating fake profiles, engaging in emotional manipulation, and managing fraudulent platforms.

A Growing Global Problem

The scale of this operation underscores the sophistication of modern cybercrime:

  • International Scope: Among the 792 suspects arrested were 148 Chinese nationals, 40 Filipinos, Nigerians, and other foreign nationals, highlighting the global nature of the syndicate.
  • Technology Infrastructure: Law enforcement recovered 500+ SIM cards, mobile devices, and sophisticated computers, reinforcing the professional approach cybercriminals are now adopting.
  • Global Victims: Reports indicate victims were primarily located in the United States, Canada, Mexico, and Europe, a stark reminder that cybercrime knows no borders.
The Corporate-Like Nature of Modern Cybercrime

Cybercrime has evolved into highly organized enterprises that mirror legitimate businesses:

  • Cybercrime has evolved into highly organized enterprises that mirror legitimate businesses:

    1. Hierarchy and Roles: Much like a corporation, cybercriminal networks operate in tiers. Leaders, trainers, and “employees” have specific responsibilities:

    ○ Foreign operatives oversaw operations, acting as trainers and coordinators.
    ○ Nigerian accomplices carried out phishing campaigns, managed fake profiles, and engaged directly with victims using WhatsApp, Instagram, and Telegram

    1. Global Collaboration: The involvement of suspects from multiple countries reflects how

      cybercrime transcends borders, making international cooperation critical.

    2. Infrastructure and Tools: The syndicate used high-end computers, mobile devices, SIM cards, and fake platforms to operate at scale, enabling efficient targeting of victims across regions.
    3. Psychological Exploitation: Combining technology with a deep understanding of human behavior, cybercriminals prey on emotions like trust, urgency, and vulnerability to achieve their goals.

Could This Point to a New Global Trend?

The EFCC’s operation raises important questions about emerging global cybercrime trends, including the existence of similar scam compounds. In Southeast Asia, such scam compounds, physical hubs where individuals are trafficked or coerced into executing cyber scams, have drawn increasing scrutiny. However, the EFCC raid appears to point to a different dynamic. Based on initial reports, this operation seems voluntary and highly coordinated, with participants working systematically toward a shared criminal goal. This stands in contrast to the coercion often associated with scam compounds and highlights the need for further investigation into the true nature and structure of this network

This discovery prompts critical questions:

  • Could this reflect a new variation of scam compounds, blending voluntary collaboration with advanced tools?
  • Will more such hubs emerge across Africa and beyond as international law enforcement ramps up investigations?

As cybercriminal networks evolve into transnational enterprises, law enforcement and cybersecurity experts face higher stakes in combating these sophisticated operations.

Lessons and Tips for Individuals

With cybercriminals becoming more sophisticated, individuals must adopt proactive strategies to protect themselves:

  1. Verify Online Relationships: Romance scams rely on emotional manipulation. Be cautious of anyone you’ve never met asking for money or financial investments.
  2. Research Investment Platforms: Before investing, verify platforms through official registrations and independent reviews. Be skeptical of promises of “guaranteed high returns.”
  3. Secure Digital Communication:
    • Use strong, unique passwords.
    • Enable two-factor authentication (2FA).
    • Be wary of unsolicited messages via WhatsApp, Instagram, or Telegram.
  4. Stay Informed: Learn about common scams, phishing tactics, and new cyber threats to stay ahead.
  5. Think Before You Share: Avoid sharing sensitive personal or financial information without verification.
Recommendations for Law Enforcement

Addressing sophisticated cybercrime requires strategic evolution:

  1. Cross-Border Collaboration: International partnerships and shared intelligence are crucial for dismantling transnational networks.
  2. Investment in Technology: Law enforcement must embrace advanced tools to trace financial flows, analyze digital footprints, and identify cybercriminal patterns.
  3. Digital Forensics Training: Training officers in cyber forensics will help agencies keep pace with evolving criminal techniques.
  4. Public Awareness Campaigns: Educating individuals and businesses about cyber scams can reduce vulnerabilities.
  5. Cybercrime Punishment: A lack of deterrence due to weak punishments allows criminals to re-offend. Penalties must align with the financial and emotional harm inflicted on victims. Establishing stricter, globally consistent sentences is essential to signaling the seriousness of cybercrime and deterring repeat offenses.
  6. Policy and Prevention: Strengthen legal frameworks and equip agencies with resources to disrupt fraud operations before they scale.
Changing the Narrative: Cybercrime is a Global Challenge

Nigeria has long battled with the stereotype of being a “cybercrime hub,” rooted in historical scams like “419 fraud.” However, this operation underscores a more complex reality:

  • Cybercrime is global, involving perpetrators and victims across continents.
  • The presence of foreign nationals and the network’s advanced infrastructure reveal a transnational enterprise, not a localized issue.

By leading successful operations like this, Nigeria is emerging as a key player in the fight against cybercrime, contributing to a safer global digital landscape.

Final Thoughts: A Call to Action

Cybercrime is no longer small-scale or isolated. It is organized, sophisticated, and global. The EFCC’s operation is a reminder that:

  • Individuals must remain vigilant and proactive.
  • Governments, law enforcement, and cybersecurity professionals must collaborate and act decisively.

With cybercriminals adopting corporate-like strategies, stakeholders must respond with equal resolve to disrupt these networks and protect vulnerable individuals. Together, we can dismantle organized cybercrime and build a safer, more secure digital future.

About the Author:

Valeen Oseh-Ovarah is an award winning cybercrime and West African intelligence expert, ex-fraud and cybercrime investigator, and cybersecurity entrepreneur. She has collaborated with US social media tech giants, financial institutions, and law enforcement agencies to combat cybercrime and online fraud. As the Founder of TisOva, a cybersecurity startup dedicated to protecting students and vulnerable groups from online fraud, Valeen is passionate about online safety, scam education, developing innovative solutions to combat fraud and fostering safer online spaces globally. She is also an NCSC CyberFirst and STEM Learning Ambassador.

The post 792 Syndicate Suspects Arrested in Massive Crypto and Romance Scam: The Rise of Cybercrime as a Corporate Enterprise appeared first on IT Security Guru.

Uncategorized

SandboxAQ, a leading technology company, has achieved significant milestones in cybersecurity research and development. The company’s dedicated team has made substantial contributions to the field, particularly in post-quantum cryptography (PQC).

In 2024 alone, SandboxAQ has published 18 peer-reviewed papers, bringing the total number of cybersecurity publications since its spin-off from Alphabet in 2022 to 45. Sixteen of these papers were presented at prestigious conferences.

One of the most notable achievements is the publication of FIPS 205 by the National Institute of Standards and Technology (NIST). The consortium behind this standard, SPHINCS+, was led by SandboxAQ’s Andreas Hülsing from the PQC research and development team. Additionally, SandboxAQ’s SDitH algorithm was selected by NIST for the second round of the PQC Standardization for Additional Signature Algorithms.

The company’s research has also been recognized with accolades. One of its papers received the best paper award at Asiacrypt, a major cryptography conference.

“SandboxAQ’s work in advancing the scientific literature around Post-Quantum Cryptography, combined with their global efforts in the related standards, are essential in helping the community prepare for the quantum threat,” said Mike Brown, CEO of Polar Analysis.

SandboxAQ’s research has been instrumental in pushing the boundaries of cryptography. The company’s researchers have published papers on various topics, including:

  • Attacks on post-quantum signature candidates: Identifying vulnerabilities in potential standards.
  • Oblivious Pseudo Random Functions: Developing practical solutions for advanced cryptographic techniques.
  • Polynomial commitments: A crucial component of zero-knowledge proofs.
  • Formally-verified implementations of PQC standards: Ensuring the security and correctness of cryptographic implementations.
  • Quantum attacks against lattice-based cryptography: Assessing the potential impact of quantum computers on PQC.
  • Fully Homomorphic Encryption: Accelerating this fundamental privacy tool.
  • Threshold Cryptography: Enabling secure multi-party computation.

“SandboxAQ has gathered an impressive team of cryptography researchers and engineers that has led to significant success,” said Douglas Stebila, Associate Professor of Cryptography at the University of Waterloo. “Beyond building an exciting cryptography discovery tool, in a short time they have made major contributions to the design and standardization of new cryptographic algorithms and protocols, with many excellent papers on advanced cryptography and digital signatures in top-tier academic publications.”

“We are extremely glad our candidate made it to the second round of the NIST Standardisation for Additional PQC Signatures, especially as this comes on top of the publication of FIPS 205 and of many scientific results this year,” said Carlos Aguilar Melchor, Chief Scientist of Cybersecurity at SandboxAQ. “We do hope our algorithms will help companies and governments across the world on the PQC transition.”

SandboxAQ’s continued commitment to research and innovation is driving the advancement of cybersecurity. By pushing the boundaries of cryptography and developing practical solutions, the company is helping to secure the digital future.

In 2024, SandboxAQ also announced a partnership with Accenture. The partnership aims to help organisations to strengthen data encryption and protect against future threats.

The post SandboxAQ Advances Global Cybersecurity Through Series of Milestones appeared first on IT Security Guru.

Check Point Software, a global leader in cybersecurity solutions, today announced a leadership transition. Gil Shwed, the company’s founder and current CEO, will assume the role of Executive Chairman. Nadav Zafrir, a seasoned cybersecurity veteran, will step into the CEO position, effective immediately.

“Check Point embarks on a new chapter, with my transition into my new role as Executive Chairman and the appointment of Nadav as the company’s new CEO. I’ve known Nadav for many years and he is the perfect fit to lead Check Point to new heights,” said Shwed. “I have full confidence in the company’s strategy, strength, leadership and employees, and we will work together to ensure this new journey brings even more success than we’ve achieved so far.”

Most recently, Mr. Zafrir was the co-founder and managing partner at Team8, a company-building venture group focused on cyber security, data & AI, fintech, and digital health. Prior to Team8, Mr. Zafrir established the IDF’s Cyber Command and served as Commander of the elite Unit 8200, eventually retiring as a Brigadier General. He is a board member of SolarEdge Technologies (after serving as chairman for five years), and has also served on the boards of 14 private cyber security companies.

“I am honored to join Check Point as its new CEO,” said Mr. Zafrir. “To lead an iconic cyber security company at such a pivotal time for our industry is both a privilege and a profound responsibility. Our world relies on trust, and Check Point’s mission to establish and protect that trust has never been more critical. We are uniquely positioned to live up to this mission, and shape the future of the cyber security industry. I thank Gil for his confidence and visionary leadership and I am grateful to have him as a partner and mentor as our Chairman.”

The post Nadav Zafrir Becomes CEO at Check Point Software appeared first on IT Security Guru.

New research from ISACA has revealed that the majority (87%) of IT professionals agree that there is a lack of gender diversity in the cybersecurity sector, yet less than half (41%) of businesses have programmes in place to hire more women. Whilst troublesome, these stats are not necessarily surprising. What’s more, 74% of businesses noted that attracting and retaining talent is a challenge.

The research by ISACA formed its latest Tech Workplace and Culture report, which surveyed 7,726 tech professionals around the globe.

When looking at why women are still underrepresented in tech roles, 43% of female respondents (and 21% of men) said that it is because most IT role models and leaders are male. The next biggest culprit was pay inequality, according to 42% of women—but only 15% of men—who responded.

Overall, men tend to rate their sense of authority in specific areas of their current role more highly, whereas women tend to give lower ratings. The gap between men and women’s perceptions of authority are the largest for making purchasing decisions (13 percentage point gap) and contributing to the company strategy and direction (10 percentage point gap).

“More needs to be done to increase the representation of women in the IT and technology sector—and more needs to be done to welcome their leadership and influence,” says Julia Kanouse, who serves as Chief Membership Officer at ISACA and oversees the association’s SheLeadsTech program. “This will not only help to address the global skills gap and boost productivity in the sector—it will also create a more inclusive and diverse working environment.”

Survey respondents believe educational institutions can significantly enhance gender inclusion by providing mentors or role models (cited by 52% of respondents). Additionally, establishing tech clubs and/or organisations for women to network (42%) and hiring more female tech professors (31%) are seen as crucial steps towards greater gender inclusivity in the educational sphere.

68 percent of women and 72 percent of men indicate they are extremely or very satisfied with their career progression. Additionally, 73 percent of women and 71 percent of men say they have received a salary increase and/or promotion in the last two years.

Sarah Orton, UK and Europe lead for ISACA’s SheLeadsTech initiative, said: “Encouragingly, women have near-equal career progression satisfaction to their male counterparts and are slightly more likely to have received a raise or a promotion in the last two years. Having a workforce of people with different backgrounds, experiences, and perspectives to bring to the table is not only the right thing to do – it’s also a business imperative that makes an organization more innovative and it’s work that much more efficient and effective. Progress has been made – but the sector has more work to do, and ISACA is supporting this important work.”

The post Only 41% of Businesses Have Programs in Place to Hire More Women in Tech appeared first on IT Security Guru.

Keeper Security has announced the release of a new case study in partnership with the Mike Morse Law Firm. This case study highlights how the firm leverages Keeper to address critical cybersecurity challenges and protect sensitive client information.

In an industry often slow to adopt emerging technologies, Mike Morse Law Firm demonstrates how legal organisations can modernise and secure their operations. According to research, the legal sector has seen a dramatic 77% increase in successful cyber attacks over the past year, with incidents rising from 538 in 2022/23 to 954 in 2023/24. The case study video, Keeper Security + Mike Morse Law Firm, features testimonials from the firm’s Chief Information Officer John Georgatos and IT Manager Tashi Genden, emphasising Keeper’s measurable impact on security, productivity and efficiency.

“As cyber threats grow more sophisticated, it’s essential for the legal industry to adopt enterprise-grade solutions that not only protect sensitive client data but also simplify day-to-day security operations,” said James Scobey, Chief Information Security Officer, Keeper Security. “Keeper allows firms like Mike Morse Law Firm to stay ahead of emerging threats while focusing on what truly matters – serving their clients with confidence.”

“At Mike Morse Law Firm, we’re committed to pushing the boundaries of what’s possible in the legal industry by embracing advanced cybersecurity solutions,” said Georgatos. “Keeper Security helps us modernise our workflows while giving us the peace of mind that our client data is protected at the highest standards. It’s exciting to be part of this transformation—changing the perception of what a law firm can achieve with technology.” 

To achieve compliance and maintain data security, while promoting a more efficient workflow, the firm relies on the following key features of Keeper’s platform: seamless integration with Single-Sign-On (SSO) providers, intuitive browser extensions for password autofill, streamlined onboarding and offboarding processes, and secure shared folder management for enhanced collaboration.

Earlier this month, Keeper Security unveiled a case study with Williams Racing.

The post Mike Morse Law Firm Chooses Keeper Security to Safeguard its Sensitive Legal Data appeared first on IT Security Guru.

ChatGPT has just celebrated its second birthday (30th November)! Parallel to its steep rise to notoriety, ChatGPT is revolutionising the way we interact with technology. Known for generating human-quality text and information (worryingly?), it has become a useful and versatile tool for many. From writing emails and essays to translating languages and providing summaries, ChatGPT can assist users with a wide range of needs, often making it a good accessibility tool.  

Its ability to understand and respond to complex prompts demonstrates the power of artificial intelligence in natural language processing.  As technology continues to advance, ChatGPT and similar models hold the potential to reshape industries and redefine human-computer interaction.  

ChatGPT, while a powerful tool, also presents significant security risks. Sharing sensitive information with the model, for example, raises big privacy concerns. Malicious users can also manipulate prompts to elicit harmful responses, spread misinformation, or generate malicious code. Additionally, weak security practices can lead to unauthorised access and account takeovers. It’s essential to use ChatGPT responsibly and be aware of these potential threats.

So, what do cybersecurity experts think?

Dr Andrew Bolster, senior research and development manager (data science) at Black Duck:

“After two years of ‘ChatGPT’ taking over the public consciousness around ‘AI’, the sheen is coming off and the practical realities of building, productionising and supporting software that is ‘touched by AI’ is coming into stark reality.

Tense discussions (and legal cases) around code authorship, licensing, data residency and intellectual property are taking the place of breathless celebrations of the ‘Transformative Power of AI’.

The reality is that ‘code is code is code’; be it generated by a large language model or an intern, and for security and software leaders to maintain any confidence in their products, that code still needs to be assessed for security risks and vulnerabilities.

Over the past two years, one can see the conversations maturing; around how ‘AI’ can be a participant in the software engineering process. First it was ‘AI will swallow the world and write everything itself’, then came ‘AI can write code but it will still need verification and attestation’, then we passed through ‘AI in the IDE can be an intelligent assistant and help with boilerplate’, and now we’re pacing through a haze of ‘AI Agents can assist with different parts of codebases and help troubleshoot’. One way to think about this is how software startups mature from the crazed ‘I can build it in a weekend’ of a wizardly technical founder and evolves through towards a rigorous collaborative software development lifecycle with quality guardrails, operational stability, and global scale. To drive AI-empowered organisations to reach the quality, stability and scale of modern software development, we must mature our ecosystem of tools and processes _around_ such clever AI ‘agents’; not blindly trusting our businesses to magical black boxes.”

Chris Hauk, Consumer Privacy Advocate at Pixel Privacy:

“While ChatGPT made advancements in the last year, it has yet to reinvent our life as we know it and as was promised. However, the possibilities for the technology, both good and bad, are becoming clearer.  ChatGPT and similar tools help us with routine daily tasks, help us to code better and easier, have accelerated scientific advancements, and more.

For many users the Artificial Intelligence space is restricted to novelty and curiosity, especially when it comes to Siri and other virtual servants. I would venture to say that a majority of users are afraid of AI and are hesitating to dip their toe into the AI waters, even though they are likely using AI-powered apps and devices without realizing they are doing so.

While educational institutions are wary of students using GhatGPT to cheat on writing papers and taking tests, the AI tools used to detect such cheating have definitely not proven to be infallible, with original content sometimes being flagged as AI content.

AI is increasingly used to create deepfakes. It now takes under 3 seconds of audio for bad actors to use generative AI to mimic someone’s voice. These voices can be used to trick targeted users that family members or friends are hurt or otherwise in trouble, or to trick financial institution workers to transfer money out of a victim’s account. Deepfakes are also used in phishing attempts. Deepfakes are becoming increasingly tougher to detect, whether it is audio, video, or still images.

Generative AI tools have become easier to use than ever, as these low-cost easy-to-use tools, along with the plethora of personal information available on the internet results in an ever-expanding threat surface. AI automation tools make it easy to scale attacks, increasing the volume and possibly success of AI scams.”

Javvad Malik, Lead Security Awareness Advocate at KnowBe4, echoes these thoughts on deepfakes:

“From a social engineering perspective in particular, trying to identify when an attack is AI-generated may be the wrong way to look at the challenge. Rather, one should look at where the attack is originating from, what it is requesting, and what kind of urgency is being emphasised. In doing so, people are more likely to be able to spot and defend against attacks regardless of whether they are AI-generated or not.

Likewise, in the broader context, fundamental cyber hygiene remains crucial. Employee training, strong access control, patching, incident response planning, amongst other practices remain vital to building a secure organisation.”

Lucy Finlay, Director of Secure Behaviour and Analytics, at ThinkCyber Security, noted how ChatGPT has been utilised by cybercriminals:

“ChatGPT has lowered the barriers to entry for cybercriminals by eliminating common signs of phishing, such as poor grammar and punctuation, making their scams more convincing. It also enables the creation of tailored phishing scenarios at speed, allowing scammers to pivot quickly between victim types. Additionally, ChatGPT is being exploited to develop new forms of social engineering, such as deepfake video meetings. In these cases, criminals use a deepfake “mask” to impersonate someone’s face, producing highly convincing video calls that are nearly indistinguishable from genuine interactions.”

Lucy continues, on the risks of using AI, like ChatGPT, without proper data safeguarding in place:
“One major risk is that reliance on AI can undermine critical thinking, a skill essential in the current landscape of misinformation, disinformation, and mal-information. Many people trust AI-generated content because it appears “clever,” yet it merely compiles open-source information into digestible chunks. Users may inadvertently trust and act on inaccurate or misleading information without verifying the sources. Another significant risk lies in data privacy. Organisations could unintentionally input sensitive information into a public language model, exposing proprietary data to other users. Conversely, they might receive incorrect or misleading content, including fabricated or harmful mal-information scraped from unreliable sources, as seen in widely circulated yet absurd examples like “stop your cheese sliding off your pizza by gluing it to the slice claim.”

“Companies should educate employees about these risks. Typically, two approaches are considered by companies. The first involves allowing access to AI tools but urging caution by implementing clear policies on safe AI usage and turning on nudges on key generative AI platforms to remind employees to be cautious about what they submit. The second approach is more restrictive, blocking access to AI tools and granting it only when a well-founded business case is made and approved. While the best strategy may vary by organisation, fostering critical thinking is essential in any case, and regular reminders to employees could play a crucial role in mitigating risks.”

The post ChatGPT Two Years On: Experts Weigh In appeared first on IT Security Guru.

It’s that time of year again! Black Friday’s back, along with bargain deals and unprecedented amounts of online shopping. Yet, the busy shopping season brings with it significant risk for consumers and businesses alike, as cyber experts have cautioned, from increased phishing attacks to too-good-to-be-true (decoy) deals. So, how can you be sure a good deal’s not a dodgy one and how can businesses protect both data and customers and make the most of the holiday season? We consulted the experts.

The retail threat landscape, on the whole, has become more complex in 2024. In the US, for example, the industry has become an even more lucrative target for cybercriminals. This year, the US retail sector has seen a significant rise in ransomware incidents, accounting for 45% of global retail ransomware cases (Q1-Q3, 2024), an increase of 9% from 2023, according to research by Cyberint, a Check Point Company. Further Check Point research has found that, in the weeks leading up to Black Friday, there’s been a surge in websites related to Black Friday, an increase 89% higher than the surge in the same period last year. Evidently, Black Friday is big business (but that goes without saying). What’s worrying about this stat is that nearly all of these sites impersonate well-known brands, and almost none are classified “safe.” Cybercriminals also see the opportunity that increased deal searching brings.

Impersonation sites are particularly worrying for consumers and a big risk for companies themselves. According to a blog posted by Check Point: “These shadow sites, enticing consumers with deals that might seem out of place were it not Black Friday, are intended to trick a consumer into entering sensitive details, like payment info or a set of credentials, into the fraudulent site. Effectively, they serve as phishing sites, passively harvesting user credentials from dealseekers. The variety of impersonated sites ranges widely, from global behemoths to smaller, but still prominent, boutiques. Notably, a huge variety of these fake sites share key design features, indicating that a central group might be behind a network of retail phishing platforms.”

The blog notes that AI has made these sites look more believable. So, how can people can protect themselves?

Chris Dimitriadis, Chief Global Strategy Officer at ISACA, advises: “Cybersecurity needs to be front of mind for everyone within an organisation this Black Friday, not just for the cybersecurity or IT team. It is everyone’s responsibility to make sure that consumers are being protected with the right prevention, detection and response systems and processes.”

Dimitriadis continues: “In order for a business to be best protected against bad actors, it is vital that the whole supply chain is cyber resilient and has the right measures in place to defend itself. Just one weak link can leave every single organisation in the chain vulnerable to an attack – making sure the supply chain is coordinated under a common cybersecurity objective this festive period is non-negotiable.”

The supply chain is something that has come under spotlight in 2024 (once again). No doubt incidents like the Snowflake supply chain attack, the CrowdStrike outages and even last year’s MOVEit attacks have contributed to the propelling of the supply chain security conversation even more into the zeitgeist. It is critical that businesses scrutinise their supply chains so that they can protect themselves and their customers, especially in periods where there are likely to be greater attempt of attacks.

Finally, the Check Point security blog provides tips for consumers on how to stay safe online this Black Friday: “For consumers, online protection is as much about being careful as it is about keeping apps updated and patched. Check URLs closely for misspellings or unusual host domains. Make sure the url starts with “https:// and shows a padlock icon, certifying a secure connection. When emails come in, reference the sender against emails you know to be real. Don’t click anything you’re not sure about and don’t blindly click through on QR codes. Never input unnecessary details like your personal information or financial details, and avoid inputting extra information like your birthday where it’s not required.”

 

 

 

 

 

The post Businesses and Consumers Warned To Be Wary This Black Friday appeared first on IT Security Guru.

This year’s Global Cyber Summit at the International Cyber Expo boasted an impressive array of speakers from across the public and private sectors, curated by the team at SASIG. The overarching theme of this year’s Global Cyber Summit was ‘resilience’. One notable talk that called for greater industry resilience was Digital Secure By Design on day two. 

The session, chaired by Ciaran Martin CB, Oxford University Professor and Former CEO of the National Cyber Security Centre (NCSC), explored the Security by Design initiative, which is supported by the UK government and seeks to transform digital technology and create a more resilient and secure foundation for future tech.  

The discussion centred around the question: How do we design a more robust ecosystem that is not susceptible to the vagaries of patching and zero-day vulnerabilities? With speed to market a priority for most organisations, and a lack of regulation to control the security of this process, software and hardware are often sent to market as insecure. Security by design should be the base standard for software and hardware development. 

Speakers on the panel included Agata Samojlowicz, Deputy Challenge Director at DsBD, Michelle Kradolfer, National SBD Manager, Police CPI, and Jake Verma, CTO of Quantaco. 

Why is the Secure by Design initiative important? According to Kradolfer, it’s important that “ecosystems of devices” (across home and work) are secure for people, organisations and countries. This must be done in collaboration with manufacturers too. Samojlowicz noted: “computers are currently insecure by design”. 

The strong case for building securely by design is hard to ignore. Standards are becoming increasingly more important in all sectors, so why not standardise and regulate the building of software and hardware? The industry surely has a responsibility to protect consumers. Kradolfer notes that there are already “too many insecure devices out there”. 

The panellists did think that IoT security is making progress though. Earlier this year, the UK became the first country to legally mandate cybersecurity standards for IoT devices. Under the Product Security and Telecommunications Infrastructure (PSTI) mandate, manufacturers will be legally required to build security protections into any product with internet connectivity. Part of this means banning default passwords, as well as requiring manufacturers to publish vulnerability disclosure policies for reporting security flaws, provide mechanisms for securely updating software, and state minimum periods for providing security updates. 

The panel discussed why organisations want security by design to be taken seriously. For many organisations providing services, cost is a key factor, despite cybersecurity being everyone’s problem. The cost of regular patching is expensive, resource intensive and time consuming. There’s pressure and demand from end users on computer processing unit (CPU)  architecture makers to build securely to reduce costs for end users. There’s also a desire for organisations to know that their entire supply chain is meeting specific requirements, reducing risk. The recent CrowdStrike incident is a good example of this. 

The panel argued in favour of a regulation and a consolidated market, which would in turn boost innovation. Why? Because manufacturers can’t be compelled on an individual basis without regulation pressure and/or standards. It’s easier to cut corners – and cheaper. Without litigation, there’s no drive for change. 

Another example of a good government-led secure by design initiative is CISA’s aptly named Secure by Design. According to their website, secure by design means: 

“Products designed with Secure by Design principles prioritise the security of customers as a core business requirement, rather than merely treating it as a technical feature. During the design phase of a product’s development lifecycle, companies should implement Secure by Design principles to significantly decrease the number of exploitable flaws before introducing them to the market for widespread use or consumption. Out-of-the-box, products should be secure with additional security features such as multi-factor authentication (MFA), logging, and single sign-on (SSO) available at no extra cost.”  

However, the panel stressed that it’s necessary that the markers of what it means to be ‘secure’ are laid out clearly, leaving no room for interpretation. Organisations and manufacturers must understand at which point they can say a product is ‘secure by design’. It must also be laid out clearly where organisations should start. Physical security organisations are less good at this than cyber, despite physical security becoming more digitally connected. This mindset is hard to change. 

Final takeaway? There are standards for everything (food, banking etc.), so why not the security of hardware and software? Secure by design seems like a natural place to start. Regulations that build confidence and are widely accepted will make devices more secure and strengthen the entire supply chain. 

The post Secure by Design: The (Necessary) Future of Hardware and Software appeared first on IT Security Guru.