Security News

Cybersecurity reporter Sean Lyngass tweeted that Cybersecurity Awareness Month is full of PR pitches capitalizing on security breaches. Anne Cutler, PR executive at Keeper Security, replied, "You are mistaken. It's actually called Cybersecurity PR teams will hold no prisoners and raise awareness whether you like it or not month. You may now consider yourself aware."

Security training is often touted as one of the best ways to combat phishing attacks, malware and other security hazards. The type of security training offered to your employees makes a huge difference in whether your efforts prove effective.

October is Security Awareness Month, an exciting time as organizations around the world train people how to be cyber secure, both at work and at home. Security awareness goes by many other names, depending on the organization: security influence, culture, engagement, training, education, etc.

For the past nineteen years, October has been Cybersecurity Awareness Month here in the US, and that event that has always been part advice and part ridicule. I tend to fall on the apathy end of the spectrum; I don't think I've ever mentioned it before.

If you've ever found yourself in an interminable meeting listening to the CISO ramble on about the important role you play in protecting yourself and the company from cyberthreats, you could probably point an accusatory finger in large part at the National Cybersecurity Awareness Month program. To be fair, if you've ever found yourself sitting at your desk, staring at an email that didn't seem right - that seemed a little off - and you decided to just close the message and alert the cybersecurity team, you likely could give a nod of thanks to NCSAM. Every October since 2004, the US Cybersecurity and Infrastructure Security Agency and National Cybersecurity Alliance in public-private cooperation have directed NCSAM in an effort to make organizations and individuals around the world more aware of the myriad cyberthreats out there and how to guard against them.

Huntress, the managed security platform for SMBs, has acquired Curricula, a story-based security awareness training platform that empowers employees to better defend themselves against hackers. In addition to its core platform, Curricula offers a number of additional features to help businesses build a positively focused security culture - including a gamified phishing simulator, story-based training episodes, custom content creation tools, compliance reporting, and more.

Nearly 60% of organizations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months. The most common types of confidential and sensitive information lost or intentionally stolen include: customer information, intellectual property, and consumer information.

It's important that your current security awareness efforts are appropriate for how your employees work today, not how they worked two years ago. The strongest security cultures are those where each employee fully understands that they are on the front lines.

One Identity released global survey findings that unpack the current state of zero trust awareness and adoption across the enterprise. As zero trust awareness continues to rise on the heels of the U.S. White House's Executive Order that was released in May, and a year plagued by one disastrous cybersecurity incident after another, new findings reveal that only 1 in 5 security stakeholders are confident in their organizations' understanding of zero trust.

ENISA has announced the release of its report - Railway Cybersecurity - Good Practices in Cyber Risk Management for railway organizations. European railway undertakings and infrastructure managers need to address cyber risks in a systematic way as part of their risk management processes.