Last November, the Open Web Application Security Project (OWASP) released its Top Ten List for LLMs and Gen AI Applications 2025, making some significant updates from its 2023 iteration. These updates can tell us a great deal about how the LLM threat and vulnerability landscape is evolving - and what organizations need to do to protect themselves. Sensitive Information Disclosure Risks Grow In 2023, sensitive information disclosure ranked sixth on the OWASP Top 10 List for LLMs. Today, it ranks second. This massive leap reflects growing concerns about LLMs exposing sensitive data as more...
Author: Josh Breaker-rolfe
The manufacturing sector has long been a favorite target for ransomware actors. However, the true scale of the issue has only recently become apparent: research published in Infosecurity Magazine last December revealed that ransomware attacks on manufacturing companies have caused an estimated $17bn in downtime since 2018. But why is the manufacturing sector so vulnerable? And what can organizations do to protect themselves? Keep reading to find out. Why is the Manufacturing Sector Vulnerable to Ransomware? Manufacturing companies have several characteristics that make them especially...
By now, we should all be pretty well acquainted with phishing scams. They've been around for a very long time—nearly 30 years, in fact—and are the primary focus of most security awareness training programs and initiatives. Despite this, phishing remains remarkably effective, with over 90% of successful cyberattacks beginning with a phishing email. Why? Because these scams are constantly evolving. To protect against the next wave of phishing scams, it's important to understand them. As Sun Tzu said, "Know your enemy". With this in mind, here's a rundown of the latest phishing scams to scourge...
In early December 2024, the UK's National Cyber Security Center (NCSC) released its eighth Annual Review. While the report's primary focus is to recap the NCSC's activities over the past year, it also offers invaluable insights into how the UK thinks about and plans to act on cybersecurity. In this article, we'll look at a few of its key takeaways. UK in "A Contest for Cyberspace" The overarching theme of the NCSC Annual Review 2024 is the enormous scale of the cyber threat to the UK and the government's increasingly serious attitude towards it. This is best exemplified in the foreword by the...
The cyber threat to critical infrastructure has never been greater. The growing sophistication of cybercriminals, deteriorating geopolitical relations, and the convergence of operational technology (OT) and information technology (IT) have created unprecedented risks for critical infrastructure organizations. Fortunately, resources are available to help these organizations protect themselves. In late October 2024, the Cloud Security Alliance (CSA) released Zero Trust Guidance for Critical Infrastructure, a systematic, five-step roadmap to help the world's most important organizations...
It’s been a tough year for the healthcare sector. Throughout 2024, cybercriminals have unleashed a barrage of attacks on a vast number of healthcare organizations - with disconcerting levels of success. FBI research revealed that healthcare is now the US’s most targeted industry. The attack on Change Healthcare, a United Health-owned health tech company, for example, disrupted operations at thousands of hospitals, pharmacies, and physician practices, led to the theft of up to 6TB of sensitive health data, and is thought to have affected around 100 million people. Although HIPAA regulates...
Security Operations Center ( SOC) analysts have it rough. Modern security tools generate an extraordinary number of alerts, attackers are more sophisticated than ever, and IT infrastructures are unprecedentedly complex. As a result, analysts are overwhelmed with workload and alerts, making it near-impossible to make intelligent, informed decisions. Fortunately, artificial intelligence ( AI) is helping to ease the strain. Let’s look at how. Better Allocated Resources As noted, modern SOC analysts must deal with a barrage of security alerts. Not only do modern organizations suffer a vast number...
NASA is about to introduce new requirements for its contractors. These requirements will dramatically improve the cybersecurity of spacecraft and the US’ resilience to cyber threats. But what do these requirements mean for spacecraft manufacturers? What challenges will they face? And what will they need to do to comply? Keep reading to find out. Understanding the Cyber Space Threat While NASA has cybersecurity requirements for its spacecraft in operation, these requirements do not extend to the spacecraft acquisition and development lifecycle. Essentially, NASA contractors are not currently...
The rapid adoption of cloud technology in the past few years has transformed IT environments, enabling unprecedented opportunities for flexibility, scalability, and collaboration. However, this transformation has introduced a potentially dangerous level of complexity into these environments – recent research from PwC revealed that 75% of executives report too much complexity in their organizations, leading to ‘concerning’ cyber and privacy risks. To navigate this complexity, modern organizations need security controls that keep pace with rapidly evolving IT environments. In this article, we’ll...
Most modern organizations have complex IT infrastructures made up of various components like Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), public cloud, and sometimes hybrid environments. While these infrastructures bring significant benefits, including improved scalability, flexibility, and cost savings, increasing complexity has made it challenging for security teams to secure the data stored in these environments adequately. Insight into these environments is crucial to securing off-premises data. However, gaining that insight can be highly...