Thales today announced the release of the 2024 Thales Cloud Security Study, its annual assessment on the latest cloud security threats, trends and emerging risks based on a survey of nearly 3000 IT and security professionals across 18 countries in 37 industries.

As the use of the cloud continues to be strategically vital to many organizations, cloud resources have become the biggest targets for cyber-attacks, with SaaS applications (31%), Cloud Storage (30%) and Cloud Management Infrastructure (26%) cited as the leading categories of attack. As a result, protecting cloud environments has risen as the top security priority ahead of all other security disciplines.

This comes as organizations continue to experience cloud data breaches. Forty-four percent of organizations have experienced a cloud data breach with 14% reported having an incident in the last 12 months. Human error and misconfiguration continued to lead the top root cause of these breaches (31%), followed by exploiting known vulnerabilities (28%), and failure to use Multi-Factor Authentication (17%).

Growing cloud usage across enterprises has seen an accompanying growth in the potential attack surface for threat actors, with 66% of organizations using more than 25 SaaS applications and nearly half (47%) of corporate data being sensitive. Despite the increased risks to sensitive data in the cloud, the data encryption rates remain low, with less than 10% of enterprises encrypting 80% or more of their sensitive cloud data.

Sebastien Cano, Senior Vice President for Cloud Protection and Licensing activities at Thales: “The scalability and flexibility that the cloud offers is highly compelling for organizations, so it’s no surprise it is central to their security strategies. However, as the cloud attack surface expands, organizations must get a firm grasp on the data they have stored in the cloud, the keys they’re using to encrypt it, and the ability to have complete visibility into who is accessing the data and how it being used. It is vital to solve these challenges now, especially as data sovereignty and privacy have emerged as top concerns in this year’s research.”

As organizations gain more experience in using cloud computing, many have modernized their investments to meet new security challenges. For organizations that prioritized digital sovereignty as an emerging security concern, refactoring applications to logically separate, secure, store, and process cloud data was the top way they would attain or achieve sovereignty initiatives ahead of other measures such as repatriating workloads back to on-premises or in-territory. Future-proofing cloud environments (31%) was the number one driver behind digital sovereignty initiatives, while adhering to regulations came in at a distant second at 22%.

For more information listen to our webinar with S&P Global hosted by Scott Crawford, Information Security Research Head and Justin Lam, Research Analyst.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Cloud Resources have Become Biggest Targets for Cyberattacks: Thales first appeared on AI-Tech Park.

Sophos, a global leader of innovative security solutions for defeating cyberattacks, today released findings from its survey, “Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders.” According to the report, 97% of those with a cyber policy invested in improving their defenses to help with insurance, with 76% saying it enabled them to qualify for coverage, 67% to get better pricing and 30% to secure improved policy terms.

The survey also revealed that recovery costs from cyberattacks are outpacing insurance coverage. Only one percent of those that made a claim said that their carrier funded 100% of the costs incurred while remediating the incident. The most common reason for the policy not paying for the costs in full was because the total bill exceeded the policy limit. According to The State of Ransomware 2024 survey, recovery costs following a ransomware incident increased by 50% over the last year, reaching $2.73 million on average.

“The Sophos Active Adversary report has repeatedly shown that many of the cyber incidents companies face are the result of a failure to implement basic cybersecurity best practices, such as patching in a timely manner. In our most recent report, for example, compromised credentials were the number one root cause of attacks, yet 43% of companies didn’t have multi-factor authentication enabled,” said Chester Wisniewski, director, global Field CTO.

“The fact that 76% of companies invested in cyber defenses to qualify for cyber insurance shows that insurance is forcing organizations to implement some of these essential security measures. It’s making a difference, and it’s having a broader, more positive impact on companies overall. However, while cyber insurance is beneficial for companies, it is just one part of an effective risk mitigation strategy. Companies still need to work on hardening their defenses. A cyberattack can have profound impacts for a company from both an operational and a reputational standpoint, and having cyber insurance doesn’t change that.”

Across the 5,000 IT and cybersecurity leaders surveyed, 99% of companies that improved their defenses for insurance purposes said they had also gained broader security benefits beyond insurance coverage due to their investments, including improved protection, freed IT resources and fewer alerts.

“Investments in cyber defenses appear to have a ripple effect in terms of benefits, unlocking insurance savings that organizations can be diverted into other defenses to more broadly improve their security posture. As cyber insurance adoption continues, hopefully, companies’ security will continue to improve. Cyber insurance won’t make ransomware attacks disappear, but it could very well be part of the solution,” said Wisniewski.

Data for the Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders report comes from a vendor-agnostic survey of 5,000 cybersecurity/IT leaders conducted between January and February 2024. Respondents were based in 14 countries across the Americas, EMEA and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.

Read the full “Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders,” on Sophos.com for additional global findings and data by sector.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post 76% of Companies Improved Cyber Defenses to Qualify for Cyber Insurance first appeared on AI-Tech Park.

Adlumin, the security operations command center that simplifies complexity for organizations of all sizes, today announced a new capability, Ransomware and Exfiltration Prevention, that quickly detects and stops attackers from exfiltrating data. With the majority of ransomware attackers now employing double-extortion techniques where they threaten to steal and leak sensitive data in addition to encrypting files until a ransom is paid, this new capability disrupts these activities before they can escalate into a full-blown attack.

In addition to this new capability, Adlumin also launched a free tool that any organization can download to simulate data exfiltration associated with a ransomware attack and test the efficacy of their current defense.

Adding capabilities that stop data exfiltration strengthens Adlumin’s Ransomware Prevention feature that already stops ransomware encryption fast enough to save 99% of files. Together, these capabilities provide a comprehensive defense that enables organizations to stop ransomware gangs from both of the techniques they use to disrupt and extort an organization.

“The ransomware threat has evolved and there are no longer many attacks that rely on encryption alone. Since organizations have implemented strategies like file backups to mitigate against encryption, attackers have changed their tactics to include data theft and using data in nefarious ways to extort their victims,” said Robert Johnston, CEO and co-founder of Adlumin. “Ransomware recovery is a lot easier when you take away an attacker’s leverage – that’s why we’re giving our customers new tools to stop exfiltration and encryption at the earliest stages.”

Adlumin’s Ransomware and Exfiltration Prevention works by strategically placing decoy files to draw the attention of malicious actors. The feature monitors these files and looks for signs of encryption and/or data exfiltration and terminates the process at its earliest signs.

Customers of Adlumin’s Managed Detection and Response (MDR) service are already benefiting from its Ransomware Prevention feature at no additional cost. Now, Extended Detection and Response (XDR) customers that use Adlumin’s platform without MDR services can also purchase Ransomware and Exfiltration Prevention as an add-on to Adlumin’s cloud-based platform.

Adlumin’s new ransomware exfiltration simulator is the latest in the company’s suite of tools that are freely available for any organization to download and use. To measure your organization’s effectiveness against ransomware exfiltration and/or encryption with Adlumin’s free tools, visit https://adlumin.com/tools/free-tools/.

For more information on how Adlumin MDR or XDR can keep your organization secure, visit: https://adlumin.com/platform/

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Adlumin strengthens Ransomware Prevention with New Capability first appeared on AI-Tech Park.

Sift, the AI-powered fraud platform securing digital trust for leading global businesses, today released its Q2 2024 Digital Trust Index, which found that 76% of fraud and risk professionals believe their business has been targeted by AI fraud, with over half reporting this type of fraud happening daily or weekly.

The emergence and increased adoption of AI tools, including publicly available chatbots, enables cybercriminals to conduct growingly scalable fraud attacks against both individuals and businesses. Across the Sift Global Data Network, blocked user-generated scam content rose by 22% in Q1 2024 vs. Q1 2023, showing how pervasive this technology has become in the Fraud Economy.

Previous red flags indicating a scam, like typos and syntax issues, are now more rare, with GenAI tools like ChatGPT allowing fraudsters to create polished and convincing written content. Fraudsters employ phishing emails, photo and video manipulation, and voice cloning to circumvent traditional fraud detection techniques, posing significant financial and reputational risks to businesses of all sizes.

“Fraud actors are rapidly adopting AI as a tool to supercharge their attacks, and both businesses and consumers are clearly feeling the impact,” said Armen Najarian, Chief Marketing Officer at Sift. “Businesses must invest in AI to ‘fight fire with fire’ to not only counter the threats posed by AI itself, but to streamline the customer experience and turn fraud prevention into profitable growth.”

Sift data also revealed that 73% of consumers are very or somewhat confident they’d be able to identify a scam that was created using AI. Despite their conviction, nearly a third of consumers claim they have had someone try to defraud them using AI, and more than one in five are falling for these scams. Consumers are increasingly being exposed to hard-to-spot scams like misleading AI-generated images and imposter websites as well as pig butchering scams leveraging deepfake face-swapping and GenAI-enabled conversations, fooling even the most digitally savvy consumers.

Sift’s newest report also found that:

• 84% of Millennials say they’re very or somewhat confident they’d be able to identify an AI scam, compared to 81% of Gen Z, 70% of Gen X, and 53% of Baby Boomers.
• 21% of consumers have been “phished” successfully, with over a third of Gen Z respondents falling for these types of scams.
• 69% of consumers say it has become more difficult to identify scams.
• 79% of consumers are concerned about AI being used to defraud or scam them.

To gather these findings, Sift polled 123 global fraud and risk professionals via online survey, and on behalf of Sift, Researchscape International polled 1,066 adults (aged 18+) across the United States via online survey, in May 2024. In addition to surveying consumers, the Q2 Digital Trust Index relies on data from the Fraud Industry Benchmarking Resource (FIBR), a first-of-its-kind online tool powered by Sift’s Global Data Network, that allows anyone to access key fraud metrics across industries, geographies, and time.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Report: Two-thirds of Businesses Face AI-Fueled Fraud Regularly first appeared on AI-Tech Park.

AttackIQ®, the leading independent vendor of breach and attack simulation (BAS) solutions and founding research partner of the MITRE Engenuity Center for Threat-Informed Defense (CTID), today announced a partnership with Trium Cyber, the exclusive writer of cyber for Trium Syndicate 1322. The partnership will provide AttackIQ Flex to Trium Cyber policyholders as part of a pre-incident suite of solutions to increase insured cybersecurity maturity and reduce insured risk.

AttackIQ Flex is an on-demand, agentless test as a service. It enables organizations to quickly emulate adversary behavior through a simplified user experience, delivering detailed security control performance metrics and mitigations in minutes. AttackIQ Flex leverages AttackIQ’s advanced adversary emulation software that fully emulates cyberattacks, replicating the tactics, techniques, and procedures employed by real-world adversaries and their campaigns. With Flex, organizations can harden their defenses, ensuring that they can interdict the attacker before they can achieve their objectives.

“Trium Cyber is a true innovator in the cyber insurance space,” said Rupen Shah, Vice President of Business Development, Channels and Alliances at AttackIQ. “Their commitment to offering pre-incident services like AttackIQ Flex goes beyond the traditional model. It fosters a collaborative partnership with their insureds, empowering businesses to proactively strengthen their defenses. This helps individual companies reduce their cyber risk and contributes to a more resilient cyber insurance landscape for everyone.”

Through the partnership, Trium Cyber will provide insureds with free Flex credits, allowing these organizations to test as little or as much as needed across different elements of their business. Through this model, AttackIQ is removing the complexity and time constraints that have kept organizations from comprehensive testing in the past.

“We’re committed to connecting our policyholders with best-in-class solutions to proactively manage their cyber risk,” said Josh Ladeau, CEO of Trium Cyber. “AttackIQ stood out as an ideal partner due to their innovative Flex solution. Providing our insureds access to this industry-leading breach and attack simulation solution empowers our clients to continuously and efficiently test their defenses and identify areas for improvement. These are critical elements of an effective security program and we’re excited to deliver such an impactful tool to our primary policyholders.”

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post AttackIQ and Trium Cyber Partner to Strengthen Policyholder Defenses first appeared on AI-Tech Park.

Gigamon, a leader in deep observability, today published its 2024 Hybrid Cloud Security Report, revealing vulnerabilities in organizations’ preparedness to defend against increasingly sophisticated cyberthreats and attacks. The annual survey of over 1,000 Security and IT leaders across Australia, France, Germany, Singapore, UK, and the USA, shows a decline in detection and response capabilities year-on-year (YoY) compared to the company’s 2023 Hybrid Cloud Security Report. As hybrid cloud environments grow in complexity and threat actors launch a barrage of concealed attacks, 65 percent of respondents believe their existing security tooling cannot effectively detect breaches.

Security and IT leaders are at a crucial juncture. The specter of AI-powered cyber attacks looms globally, with 82 percent of respondents predicting that AI will increase the global ransomware threat. And yet,despite global information security spending projected to reach $215 billion in 2024, only half(54 percent) of organizations feel “strongly prepared” to respond to unauthorized access to their hybrid cloud environments.

CISOs Turn to Boards, Prioritize Encrypted Visibility to Help Address Today’s Threats

The research also delves into the insights of 234 CISOs globally. The results highlight that CISOs continue to bear the burden of regulatory and technological pressures, with 69 percent of CISOs reporting they struggle to detect encrypted threats, compared to 59 percent of the total respondents. An alarming 70 percent of CISOs believe their tools aren’t as effective as they could be in detecting breaches, and as a result 59 percent say they would be most empowered by cyber risk becoming a boardroom priority.

Key Findings Highlight Cybersecurity Preparedness Gap

• Most organizations report critical visibility gaps. The complexity of modern hybrid cloud infrastructure contributes to organizations’ lack of control. Three-quarters of respondents agree that East-West (lateral) visibility is more important to cloud security than North-South, yet just 40 percent have visibility into East-West traffic, down from 48 percent in 2023. Encrypted traffic poses another serious blind spot. Although 83 percent describe gaining visibility into encrypted traffic as a priority, a shocking 76 percent currently trust that encrypted traffic is secure.
• Organizations are unprepared for today’s sophisticated attacks. Survey respondents generally acknowledge weaknesses in their tool stack for threat detection. Just 25 percent were able to remediate a live threat in a recent breach. When tooling fails, organizations suffer more serious consequences, with 31 percent of organizations only detecting a recent breach once they received an extortion threat from the adversary; 31 percent became aware of the breach when proprietary information leaked onto the dark web. Of greater concern is that 25 percent of respondents ultimately failed to determine the root cause of the breach.
• Deep observability is viewed as central to modern IT success. When breaches are missed, tool strategies are firmly in the spotlight. Eight in 10 agree that achieving unified visibility into hybrid cloud infrastructure is key to preventing attacks. Six in 10 believe that greater visibility into all data in motion will empower them to securely deploy AI technology. As a result, 80 percent agree that deep observability – delivering network-derived intelligence to log-based security tooling – is now a board-level priority.
• Regulation, boardroom pressure is elevating Zero Trust as a priority. Survey results show that Zero Trust has shifted from a best practice to a must-have, with 64 percent of respondents expecting a mandate in the next two years. Three-quarters report that Zero Trust is now a priority for the board. As a result, 8 out of 10 name Zero Trust as one of theirkey priorities over the next 18 months.

“It is clear that organizations’ tool stacks are falling short, enabling threat actors to exploit blind spots to breach and extort their victims without fear of detection,” said Chaim Mazal, CSO at Gigamon. “Consider that just 1 in 4 organizations can detect and remediate a live threat. Without real-time, network-derived intelligence and insights into all data in motion, including East-West and encrypted traffic, bad actors will continue to wreak havoc, now with AI accelerating their efforts.”

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Gigamon 2024 Hybrid Cloud Security Survey first appeared on AI-Tech Park.

Illumio, Inc., the Zero Trust Segmentation company, and Netskope, a leader in Secure Access Service Edge (SASE), today announced a Zero Trust partnership that brings together the power of Zero Trust Segmentation (ZTS) and Zero Trust Network Access (ZTNA) to protect against breaches and build cyber resilience. The new partnership combines Illumio ZTS with Netskope ZTNA Next via the Netskope Cloud Exchange (CE) platform to enable network and security teams to create Zero Trust policies that consistently secure access at an organization’s perimeter and within its hybrid, multi-cloud infrastructure.

In its recommended Zero Trust Architecture, the National Institute of Standards and Technology (NIST), prescribes three primary Zero Trust enforcement points: identity, network access, and workload segmentation, with Zero Trust Network Access implemented at the organization’s boundary, and Zero Trust Segmentation implemented at the destination workloads. Together, Illumio ZTS and Netskope ZTNA Next share context to ensure consistent Zero Trust security at the perimeter and within an organization’s network to reduce the risk from cyberattacks. Key benefits include:

• Full visibility across hybrid environments: By combining application-to-application and risk-based visibility from Illumio ZTS with the user-to-application-based visibility in Netskope ZTNA Next, organizations gain a consistent, real-time view of user-to-application and application-to-application traffic, enabling them to better understand risk end-to-end.
  
• Protection for end users from non-compliant workloads: Combined visibility between platforms enables security teams to define Netskope policy to block access between users and potentially compromised workloads, or workloads in segmented environments, increasing resilience across the organization.
  
• Dynamic ZTNA policy: Netskope’s security policies are automatically updated based on metadata from Illumio, eliminating the need to rewrite rules as workload attributes change, ensuring users and critical applications are always protected and allowing organizations to scale their Zero Trust architecture.

With ransomware attacks on the rise and IBM data showing the cost of breaches increasing to $4.45 million, organizations are turning towards Zero Trust solutions to strengthen resilience. ZTNA is already widely adopted with Gartner seeing “strong adoption among large organizations and midmarket organizations.” Adoption of microsegmentation is also expected to rise rapidly; Gartner predicts that “by 2026, 60 percent of enterprises working toward Zero Trust architecture will use more than one deployment form of microsegmentation, up from less than 5% in 2023.”

“Businesses today are under pressure to ensure that the right people have the right access to the right online resources, and that requires applying zero trust principles to every interaction with those resources. Our partnership with Illumio ensures that the Netskope One platform learns additional, needed context around private workload posture to help inform and reinforce the security with which private applications and workloads are accessed,” said David Willis, Vice-President of Technology Alliances at Netskope.

“Organizations need their Zero Trust technologies to share context so that they have the same view of the environment they’re protecting and can update policies accordingly,” said Mario Espinoza, Chief Product Officer at Illumio. “That’s exactly what the Illumio and Netskope integration does – Illumio provides Netskope with the needed context to prevent remote users from accessing compromised workloads, while also protecting potentially non-compliant internal workloads from remote access, stopping breaches from spreading. Essentially, we are making it easier than ever for organizations to implement Zero Trust across their hybrid environments to strengthen resilience.”

Illumio and Netskope customers can deploy the plugin today via the Netskope Cloud Exchange (CE) platform. Find more information at: https://www.illumio.com/partners-tap/netskope.

Notes to editors
Gartner^®, Market Guide for Microsegmentation, By Adam Hils, Rajpreet Kaur, Jeremy D’Hoinne, 12 June 2023
Gartner^®, Market Guide for Zero Trust Network Access, By Aaron McQuaid, Neil MacDonald, John Watts, Rajpreet Kaur, 14 August 2023
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Illumio and Netskope Strengthen Enterprise Against Cyber Threats first appeared on AI-Tech Park.

SlashNext, the leader in next gen AI cloud email, mobile, and web messaging security, today released its 2024 Mid-Year Assessment on The State of Phishing. This report is an update to SlashNext’s annual State of Phishing report, which the SlashNext Threat Labs team last issued in October 2023. The surge in phishing attacks reported at that time prompted the team to conduct another comprehensive analysis at the six-month mark to determine if the upward trend was persisting, especially as threat actors continue to leverage generative AI tools to aid their phishing, business email compromise (BEC) and other social engineering attacks.

Fueled by AI-generated attacks, the Mid-Year Assessment revealed a 341% increase in malicious phishing link, BEC, QR Code and attachment-based email and multi-channel messaging threats in the last six months alone. This was on top of a staggering 856% increase in malicious email and messaging threats over the prior 12 months. And, since the launch of ChatGPT in November 2022, there has been a 4,151% increase in malicious phishing messages sent. 

“Humans have been, and will continue to be, the weakest point in any organization’s security,” said Patrick Harr, CEO, SlashNext. “There is a reason threat actors continue to iterate on tactics like phishing that have been around for decades – they are highly effective. According to Verizon’s 2024 Data Breach Investigations Report, humans are increasingly falling for phishing attacks and it now takes a median time of only 21 seconds for a user to click on a malicious link, and only another 28 seconds to then enter their personal data. We know from our research these attacks are getting a boost from generative AI tools that are readily available. Threat actors are using gen AI to customize messages for their victims, write more convincing messages, and dramatically accelerate the speed and volume of these attacks with little to no added cost.”

In looking at specific threat types, SlashNext Threat Labs found a 217% increase in credential harvesting phishing attacks and a 29% increase in BEC attacks in the last six months. Losses due to BEC attacks exceeded $2.9B in 2023, at an average cost of $137,000 per BEC incident, according to the recent FBI IC3 Report. In addition, mobile phones have emerged as the most utilized and vulnerable communications channel, with 45% of all mobile threats now being reported as SMS smishing attacks.

CAPTCHA-based attacks, particularly using CloudFlare, are also on the rise and they are being used to mask credential harvesting forms. Attackers are generating thousands of domains and implementing CloudFlare’s CAPTCHAs to hide credential phishing forms from security protocols that are unable to bypass theCAPTCHAs.

“Leveraging legitimate services like Microsoft Sharepoint, AWS, and Salesforce to hide phishing and malware is another favorite tactic employed by threat actors because it preys on users’ trust in these tools,” continued Harr. “In addition to CAPTCHA-based attacks, QR code-based attacks are growing in popularity and now comprise 11% of all malicious emails – often embedded in legitimate infrastructures. The onus should not be on users to identify and avoid sophisticated attacks, especially when the research proves that relying on training and traditional cybersecurity tools is ineffective against modern attack tactics. It’s time to fight AI with AI and implement AI-powered email and messaging security tools that keep malicious messages out of users’ inboxes altogether.” 

To counter the growing sophistication of these cyberattacks, the SlashNext advanced gen AI security platform is specifically engineered to identify, anticipate and block complex BEC threats, phishing, and ransomware. Utilizing generative AI, natural language parallel prediction, computer vision, relationship graphs, and contextual analysis, the platform achieves an industry-leading detection rate of 99.99%. Discover more about the SlashNext platform and schedule a demo.

Download the full 2024 Mid-Year Assessment to The State of Phishing report.

SlashNext is cohosting a live webinar with the FBI on Wednesday, May 22 at 11 a.m. PT that will discuss key revelations from the 2024 FBI Internet Crime Complaint Center Report. Register for the live webinar, “BEC, Gen AI and the FBI 2024 IC3 Report: Exploring the Most Dangerous Cybercrime.”

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post SlashNext Mid-Year State of Phishing Report first appeared on AI-Tech Park.

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced the results of its Q1 2024 top-clicked phishing test report. The results include the most common email subjects clicked on in phishing tests, reflecting the persistent use of HR or IT-related business email messages that captivate employees’ interests.

Phishing emails continue to be one of the most common methods for executing cyberattacks on organizations worldwide. KnowBe4’s2023 Phishing by Industry Benchmarking Report reveals that nearly one third of users are susceptible to clicking on malicious links or complying with fraudulent requests. As a result, cybercriminals take advantage of this vulnerability and leverage the innovative tools available to them, such as AI, to come up with increasingly sophisticated messages to outsmart users. These bad actors tailor phishing email strategies to appear more legitimate in their requests and trick employees by inciting an emotional response and urgency to click on a malicious link or download an infected attachment.

HR-related phishing attacks take the top spot at 42%, a trend that has persisted for the last three quarters, followed by IT-related phishing emails at 30%. Phishing emails from HR or IT departments that prompt dress code changes, tax and healthcare updates, training notifications and other similar actions are effective in deceiving employees as they can affect a user’s work, evoke an immediate response and can cause a person to react before thinking about the validity of the email.

The KnowBe4 phishing report this quarter also noted more personal phishing email attacks, such as tax, healthcare and ApplePay, that could affect users’ sensitive information. These types of attacks are effective because they cause a person to react to a potentially alarming topic and engage to protect their private information before thinking logically about the credibility of the email.

“KnowBe4’s report shows that cybercriminals are becoming increasingly tactical in exploiting employee trust by using HR-related phishing emails due to their seemingly legitimate source,” said Stu Sjouwerman, CEO of KnowBe4. “Emails coming from an internal department such as HR or IT are especially harmful to organizations since they appear to be coming from a trusted source and can convince employees to engage quickly before confirming their legitimacy, exposing the company to security vulnerabilities. A well-trained workforce is therefore crucial in building a strong security culture and serves as the best defense in safeguarding organizations against preventable cyberattacks.”

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post HR & IT Related Emails Are the Top Choices for Phishing Scams: KnowBe4 first appeared on AI-Tech Park.

New research* released today reveals the extent of concern regarding the future threat posed by AI and Machine learning to our privacy.

Cybercrime is still seen as the main threat with 55%, but AI comes in close second at 53%.  Despite AI being a relatively new menace, the research shows that developers believe the technology is a threat that is rapidly catching up with cybercrime, as it becomes more mainstream. The cost of cybercrime is projected to reach $13.82 trillion by 2028: the reality is that with increasingly sophisticated AI potentially in the hands of a new generation of cybercriminals, this cost could grow exponentially.

The study, commissioned by Zama – a Paris-based deep tech cryptography firm specialising in the world of Fully Homomorphic Encryption (FHE)* – surveyed developers across both the UK and US.

During the research, more than 1000 UK and US Developers were asked their opinions on the subject of privacy, to uncover insight from the people that build privacy protection into everyday applications.  The research revealed developers’ own perceptions and relationship with privacy, delving into subjects such as , what privacy considerations should be at the centre of evolving innovation frameworks, who holds the ultimate ownership of privacy and what their opinion is on the approach to regulation.

In addition to the findings revealing significant concerns about AI’s threat, the research also reveals that 98% of developers believe that steps need to be taken now to address future privacy and regulation framework concerns.  72% also said that regulations made to protect privacy are not built for the future with 56% believing that dynamic regulatory structures – which are meant to be adaptable to tech advancements – could pose an actual threat.

“Despite cybercrime expected to surge in the next few years to the cost of trillions, 55% of developers we surveyed in our research stated that they feel cybercrime is only ‘marginally more of an issue’ than the threat to privacy that AI will pose. We have seen from our work that many developers are the real champions of privacy in organisations and the fact that they have some legitimate concerns about the privacy of our data, in relation to the surge in AI adoption, is a real worry,” says Pascal Palier, CTO and Co-founder of of Zama.

“Zama shares the concerns expressed by developers about the privacy risks posed by AI and its potential irresponsible use. Regulators and policymakers should take this insight into consideration as they try to navigate this new world. It’s important not to underestimate the very real threat highlighted by the experts who are thinking about protecting privacy every day, and make sure upcoming regulations address the increased risks to users’ privacy,” he added.

The survey went on to reveal that 30% of developers believe that those behind making the regulations are not as knowledgeable as they could be about all the technologies that should be taken into consideration, also presents a real danger, while 17% believe this would pose a possible threat to future tech advancements.

“It’s undoubtedly an exciting time for innovation, especially with AI advancements developing as fast as they have. But with every new development, privacy must be at the centre; it’s the only way to ensure the data that powers new innovative use cases is protected. Developers know this,  embracing the vision championed by Zama in which they have the ability and responsibility of safeguarding the privacy of their users. It’s clear, in analysing their insights, that they would like to see regulators taking more responsibility for understanding how Privacy Enhancing Technologies can be used to ensure privacy of use for even the newest of innovations, including Gen AI. Advanced encryption technology such as FHE can play a positive role in ensuring innovation can still flourish, while protecting privacy at the same time,” he adds.

*FHE, Fully Homomorphic Encryption

FHE is an encryption technique that enables processing data without decrypting it. With data encrypted both in transit and during processing, everything you do online could be encrypted end-to-end, allowing companies and organisations to offer their services without ever seeing their users’ data — and users will never notice a difference in functionality.

The research was carried out by Research Without Barriers (RWB) between 9th January 2024 and 8th February 2024 with a sample comprising 1,098 Developers from the UK (571) & USA (527).

About Zama

Zama is a cryptography company building open-source homomorphic encryption solutions for blockchain and AI. Their technology enables a broad range of privacy-preserving use cases, from confidential smart contracts to encrypted machine learning and privacy-preserving cloud applications. Zama was founded by Pascal Paillier and Rand Hindi, and currently has the largest research team in homomorphic encryption.

Since it was founded in 2020, Zama has established itself as the main actor shaping the FHE market, having already made significant contributions to the field of data privacy and encryption, including 17+ filed patent families, $100 million in secured deals and the successful delivery of four innovative products/solutions to the market.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post New privacy research pegs AI as a rival threat to cybercrime first appeared on AI-Tech Park.