UK cyber trends: Phishing leads, ransomware doubles. While small biz boost defenses, fewer boards have cyber experts making security investment harder. A risky gap? #CyberRisk #UKGov #TechNews

Is your organization truly encrypting email or just assuming it's secure?

Despite rising threats and regulatory pressure, encrypted email adoption remains low in many industries. Most sensitive messages are still exposed after delivery—leaving you open to breaches, insider threats, and compliance risks. Principal Consultant Ben Kast dives into the technical details in his new blog, as well as advice on the pros and cons of different email encryption options.

Check it out: https://www.lmgsecurity.com/securing-the-email-flow-implementing-encrypted-email-in-microsoft-365-exchange-and-onward/

Cyber Security Policy is markedly different under the Trump administration, to say the least.

Expert warnings mount as key US cyber agencies face staff cuts, leadership shakeups, and even retaliatory actions against private partners - namely those made in the last 24 hours, targeting former CISA Director, Chris Krebs.

Recent White House actions suggest a troubling shift away from expert-driven cyber defense towards political expediency. From sidelined Russia operations to gutted agencies, we examine the evidence and the potential global fallout.

Read our full analysis here: https://opalsec.io/eroding-foundations-the-precarious-state-of-us-cyber-leadership/

"For the first 10 years of cloud computing, security dismissed the cloud, saying 'you can't secure it.' So cloud specialists took charge of security because they had to, leaving the cybersecurity specialists wondering why they're not wanted.'"
—Peter Schawacker

#ai #TechnoRectionaries #CounterRevolution #CyberHistory #CloudComputing #CyberRisk

https://recruiterflow.com/nsc/jobs#menu

"For the first 10 years of cloud computing, security dismissed the cloud, saying 'you can't secure it.' So cloud specialists took charge of security because they had to, leaving the cybersecurity specialists wondering why they're not wanted.'"
—Peter Schawacker

#ai #TechnoRectionaries #CounterRevolution #CyberHistory #CloudComputing #CyberRisk

https://recruiterflow.com/nsc/jobs#menu

New On Location Coverage with Sean & Marco on ITSPmagazine

Cybersecurity in #Italy : A Niche Topic No More...

Not too long ago, if you mentioned #cybersecurity in Italy, you’d get a lot of blank stares. Today, it’s everywhere—boardrooms, government agencies, and, of course, #ITASEC, Italy’s official cybersecurity conference.

This year, #ITASEC2025 took over Bologna, bringing together researchers, policymakers, and industry leaders to discuss what’s next for digital security. AI security, regulatory shifts, #cybereducation — yes, even the Digital Operational Resilience Act (#DORA) that’s reshaping financial sector security—were all on the table.

Unfortunately I wasn’t in Italy at the time of the event, but that didn’t stop me from having a fascinating conversation with Professor Alessandro Armando, one of the key organizers and a leading voice in cybersecurity research. In this latest On Location episode. Of course, Sean Martin joined me and we spoke about:

How cybersecurity went from an afterthought to a national priority in Italy

Why companies are (finally) realizing that #security is an #investment, not just a cost

The rise of Cyber Challenge IT—Italy’s initiative to build the next generation of cybersecurity experts

And, of course, the big reveal… ITASEC 2026 is heading to Sardinia!

Watch the Full Video: https://youtu.be/NsdkYAYZANc

Listen to the Full Podcast: https://eventcoveragepodcast.com/episodes/cybersecurity-in-italy-itasec-2025-recap-future-outlook-with-professor-alessandro-armando-on-location-coverage-with-sean-martin-and-marco-ciappelli

Subscribe to On Location Podcast: https://eventcoveragepodcast.com

Cybersecurity isn’t just about stopping threats—it’s about shaping the future of how we live, work, and trust #technology.

What’s your take? Are we heading in the right direction, or are we still playing catch-up?

#InfoSec, #CyberRisk, #AIsecurity, #CyberThreats, #CyberEducation, #CyberWorkforce, #ThreatIntel, #EthicalHacking, #PenTesting, #RiskManagement, #CyberResilience, #DataProtection, #DigitalSecurity, #CyberLaw, #TechnologyNews, #OnLocationPodcast

Join us on March 26th for a live episode of Cyberside Chats! Ask questions as we discuss a controversial cybersecurity topic of 2025—encryption backdoors. Are they essential tools for law enforcement, or dangerous vulnerabilities that invite cybercriminals in?

We’ll break down Apple’s resistance to the UK’s proposed regulations, global reactions, historical backdoor failures, and what IT leaders need to know as encryption policy evolves.

Register now to join the discussion: https://www.lmgsecurity.com/event/cyberside-chat-live-march25/

ESET warns Germany: 32 million Windows 10 devices at risk! With end-of-support looming in October 2025, cybersecurity experts urge immediate OS migration to prevent potential digital disaster. Upgrade now or face serious security vulnerabilities! #WindowsSecurity #CyberRisk #TechAlert #newz

https://cyberinsider.com/eset-warns-32-million-germans-they-need-to-move-from-windows-10/

Major changes to the HIPAA Security Rule have been proposed to close critical gaps in healthcare cybersecurity. With healthcare breaches up 1,002% since 2018, these updates aim to protect sensitive patient data and enhance resilience. Key changes include:

Regular vulnerability scans and pen testing
Increased documentation, including written policies and IR plans
Mandatory MFA and enhanced encryption
Comprehensive asset inventories and risk analyses and more

These are great guidelines for all organizations, and healthcare organizations should start preparing now! Our expert team can assist you with all of these services, so please contact us if you need help.

Read more: https://www.darkreading.com/cyber-risk/proposed-hipaa-amendments-close-healthcare-security-gaps

Aiming for 100% patching of even critical and high severity vulnerabilities can feel like chasing the wind. So, what *should* #cybersecurity pros do? They should focus on what matters!

Patching every vulnerability isn’t just impractical; it’s unnecessary. And really, #security isn’t about perfection — it’s about prioritization. You’re better off focusing on vulnerabilities that truly matter to your organization’s risk posture.

Here's how you can get help with prioritizing all of those those #CVEs.

https://graylog.org/post/why-patching-isnt-the-ultimate-goal-in-cybersecurity/ #CVE #cyberrisk

Nouveau Podcast #Cybersécurité : Rétrospective 2024 avec Vincent Groleau

3 sujets brûlants analysés :
• L'incident Crowstrike de l'été
• L'impact de l'IA sur la sécurité
• L'évolution du Cloud post-pandémie

Un regard expert sur les défis qui nous attendent en 2025 et les leçons à tirer de 2024.

Web: https://bit.ly/41TL7pt
Spotify: https://spoti.fi/4gCixh5
YouTube: https://bit.ly/4gDDCrj

Cyber risk is not evenly distributed across users in your workforce. In fact, it's very lopsided. A large majority of risk events in your organization probably tie back to a relatively small population of users.

The attached figures provide some stats supporting that statement:

- Just 1% of users are behind 44% of all clicked phishing emails. 5% of users are responsible for 83.4% of all clicks.

- 1% of users are behind 92% of all malware events! 5% of users are responsible for ALL malware events. The remaining 95% had a clean record.

I don't think the proper response to these statistics is to grab torches and pitchforks and go round up these users to purge them from among us. Rather, these results present an opportunity to have a big impact on risk reduction by doing more focused/effective job of educating, incentivizing, and influencing the behavior we want to see among the riskiest users.

Full report "Exposing Human Risk" from Mimecast and Cyentia Institute is available here (no reg req'd): https://assets.mimecast.com/api/public/content/mimecast-exposing-human-risk

28% of ICS/OT systems lack an incident response plan! Are we prepared for the risks this poses to critical infrastructure?

Securing these systems requires more than technology—it’s about strong strategies and skilled teams. Every organization needs a response plan to detect, respond to, and recover from cyber incidents.

What’s your top tip for ICS/OT security? Share below!

Read more about the importance of incident response in our latest blog post: https://guardiansofcyber.com/cybersecurity-news/ics-ot-systems-lack-ir-plan-risk/

Only 1/3 of UK businesses have ever conducted a cyber risk assessment

Plus we often hear from IT and Security Teams that struggle to know what makes a *good* risk assessment?

This is despite risk being widely regarded as the foundation for any cyber security programme. It features in government guidance, international standards, and wider good practice.

So we're starting a new series on the Cydea blog looking into just that. Plus tips and tricks on how you can up your #cyber #risk game (and maybe sneak in a bit of #CRQ too )

Check out the link below to the first part where we touch on preparation and (briefly) identifying risk - then make sure you're following Cydea for future updates!

What makes a good risk assessment? >> https://cydea.com/blog/what-makes-a-good-cyber-risk-assessment/

"...burnout is a human issue which then can lead to a larger cyber risk issue." So, how can orgs help employees and prevent burnout? #Graylog's Joe Gross explains what they can do to support their security teams and reduce cyber risk.

This article shares some great tips on:
Adopting an inclusive culture
Building a comfort level among security teams
Setting cyber-risk expectations from the top

https://www.cpomagazine.com/cyber-security/the-root-cause-of-security-analyst-burnout-human-vulnerabilities/ via CPO Magazine #cyberrisk #cybersecurity #infosec

Did you know 66% of cybersecurity professionals are facing unprecedented stress levels due to increasingly complex threats?
As cyberattacks grow more sophisticated, it's essential to stay ahead of the curve. Tip: Prioritize continuous training to combat the complexity of today's threat landscape. It could be the difference between prevention and disaster.

How does your team handle the stress of an evolving cyber threat environment?

Read more insights in our latest post: https://guardiansofcyber.com/cybersecurity-news/66-of-cybersecurity-professionals-face-unprecedented-stress-levels-due-to-complex-threats/

How prepared is your organization to recover from a cyberattack?

Learn how NIST CSF 2.0 enhances your resilience:

https://hubs.la/Q02SVBjk0

#CyberResilience #NIST #CyberRisk #CyberSecurity

Join us at #RISK, the UK’s premier event for governance, risk, and compliance, in just over a month!

You'll find @cydea at booth 73 (next to the coffee ️) discussing ways to improve cyber risk conversations, and showing off our Risk Platform!

Plus, don't miss @rto on 10th October in the Risk Theatre at 12:00: "Quantifying Cyber Risk: Tools and Techniques for Better Decision Making"

You can book your free ticket here: https://buytickets.at/grcworldforums/1109182/r/cydea

Which industries are hit hardest by ransomware?

Well, that depends on what you mean by "hit hardest." Do you mean which industries most often suffer ransomware attacks/incidents? Or which ones are the most impacted financially?

Regardless of which dimension is top of mind for you, I have good news: this chart from the Cyentia Institute's latest edition of the Information Risk Insights Study (sponsored by CISA) offers a view of both. It plots each sector according to the share of incidents and publicly-known losses over the last five years attributed to ransomware.

If frequency and losses were perfectly correlated, sectors would lie on or near the dashed line. In general, that’s not the pattern we see here. Instead, we see industries that are disproportionately impacted by ransomware relative to event frequency (e.g., Healthcare, Hospitality), while the opposite is true for others (e.g., Financial, Professional). A myriad of factors contribute to the placement of sectors in Figure 14, but the targeting strategy of ransomware gangs is likely a major driver among them.

So, back to the original question - does this sync with your expectations on ransomware-ravaged industries?

Link to download the study (no registration required): https://www.cyentia.com/iris-ransomware/

What is "likely?"

This is what #BSides Exeter thought... ignoring the 0% trolls, "likely" means anywhere between ~30% and ~90% to the 50+ people that voted in our poll.

If you're struggling to communicate your #CyberRisk or don't feel like you're being heard, Cydea can help. Turn ambiguous statements into meaningful numbers that can underpin security programmes, investment cases, or show the benefit you're bringing to the business.

https://cydea.com/platform/