All news with #security awareness tag

🔍 techUK has published its Anti-Fraud Report 2025, warning that fraud now accounts for 40% of crime in the UK and that an estimated 67% is cyber-enabled. The report urges improved collaboration across law enforcement, banks, tech platforms, telecoms and regulators and recommends a connected anti-fraud ecosystem, wider use of AI and machine learning, and a national Tell Us Once victim-reporting model. It highlights the scale of harm—global losses of about $1 trillion in 2024—and cautions that government action is still being finalised.

🔔 Google’s Trust & Safety team published a November 2025 advisory describing rising online scam trends, attacker tactics, and recommended defenses. Analysts highlight key categories — online job scams, negative review extortion, AI product impersonation, malicious VPNs, fraud recovery scams, and seasonal holiday lures — and note increased misuse of AI to scale fraud. The advisory outlines impacts including financial theft, identity fraud, and device or network compromise, and recommends protections such as 2‑Step Verification, Gmail phishing defenses, Google Play Protect, and Safe Browsing Enhanced Protection.

🔒 Google’s November 2025 scams advisory outlines rising, increasingly AI-driven fraud tactics and provides concrete protections. Analysts detail six prioritized threats — including online job scams, review-extortion, AI service impersonation, malicious VPNs, fraud-recovery cons, and seasonal holiday schemes — and describe associated malware and credential risks. The post highlights Gmail, Google Messages, Safe Browsing, Play Protect, and account security features like 2‑Step Verification, and gives practical guidance for individuals and merchants.

⚠️ A majority of German employees already use AI at work, with 62% reporting daily use of generative tools such as ChatGPT. Adoption has been largely grassroots—31% began using AI independently and nearly half learned via videos or informal study. Although 85% deem training on AI and data protection essential, 25% report no security training and 47% received only informal guidance, leaving clear operational and data risks.

🛡️ Many ISO and ISMS certification efforts falter not because the standards are unclear but because organisations treat certification as a one-off checkbox activity rather than embedding controls into daily operations. Common failures include weak senior leadership commitment, insufficient employee involvement and training, wishful thinking about risks, and underinvestment in proper implementation. Practical remedies include clear planning, honest risk assessment, executive sponsorship, targeted competency building, and treating the ISMS as a continuous process rather than a closed project.

🔍 In this episode of Unlocked 403, host Becks speaks with Alena Košinárová, a software engineer at ESET, to unpack the psychological tactics behind social engineering and why people fall for scams even when they know better. They discuss how public information and social media amplify attackers' effectiveness and outline practical measures to reduce exposure. The segment balances behavioral insight with clear, actionable defenses.

🤝 Security leaders must move beyond a risk-only mindset to actively support business goals, as Jungheinrich CISO Tim Sattler demonstrates by joining his company’s AI center of excellence to advise on both risks and opportunities. Industry research shows significant gaps—only 13% of CISOs are consulted early on major strategic decisions and many struggle to articulate value beyond mitigation. Practical alignment means embedding security into initiatives, using business metrics to measure effectiveness, and prioritizing controls that enable growth rather than impede operations.

🔒 The Hacker News guide helps MSPs evaluate readiness to expand into advanced cybersecurity and compliance services. It highlights two essential dimensions — mindset and operational readiness — and provides a practical checklist covering service definition, staffing, tools, processes, sales capability, and financial planning. The guide reframes security as a business enabler rather than a technical checkbox.

🛡️ Small and medium-sized businesses often find enterprise-grade MXDR solutions overwhelming; instead, they need a partnered approach that builds internal expertise while delivering managed detection and response. The ideal MXDR for SMBs is adaptive to maturity, reduces false positives through tailored rules, offers transparent incident reporting and dashboards, and provides threat intelligence and targeted employee training. Kaspersky's Next MXDR Optimum exemplifies this model by combining expert-led support, accessible XDR tools, and role-specific training to foster a security culture.

🔒Elder fraud is rising sharply: in 2024 Americans aged 60+ reported nearly $4.9 billion lost to online scams, with an average loss of about $83,000 per victim. Effective protection pairs ongoing, shame-free family communication with practical technical measures and a clear remediation plan. Teach relatives to use a password manager, enable two-factor authentication, block popups and robocalls, keep devices updated, and verify any urgent financial request before acting.

🔒 Artificial intelligence is reshaping cybersecurity, creating both enhanced defensive capabilities and new risks that require broad AI literacy. The White House's America’s AI Action Plan and Fortinet’s 2025 Cybersecurity Global Skills Gap Report show strong adoption—97% of organizations use or plan AI in security—yet 48% cite lack of staff expertise as a major barrier. Fortinet recommends targeted training, policies for generative AI use, and its Security Awareness modules to help close the gap and reduce threat exposure.

🔒 Small security teams can harden Google Workspace by enforcing MFA, restricting admin roles, and tightening sharing and OAuth app permissions. The article stresses stronger email defenses — advanced phishing controls, DMARC/DKIM/SPF — and proactive monitoring for account takeovers through alerts and behavioral signals. It argues native controls form a solid foundation but leave gaps, and recommends augmenting them with Material Security for unified visibility and automated remediation.

🔒 A recent PPI survey of 50 banks and 53 insurers in Germany reports a sixfold rise in cyberattacks compared with 2021. Sixty-four percent of respondents now view cyberattacks as the sector's top challenge, ahead of digitization, credit quality and regulation. Firms cite low employee awareness and difficulty with real-time detection; malware installation and IT disruption are the most frequent attack types.

🛡️ Roughly 70% of senior security leaders say internal conflicts during a cyber crisis cause more disruption than the attack itself, according to the Cytactic 2025 State of Cyber Incident Response Management (CIRM) Report. The survey of 480 US cybersecurity executives highlights blurred authority, poor communication, and unrehearsed roles that delay response. Experts recommend demonstrating security's business value, reducing operational friction with passwordless controls, and aligning incentives with lines of business.

🔒 Google says reports of a massive Gmail data breach are false and that the coverage mischaracterizes a large compilation of exposed credentials. The 183 million-account figure reflects aggregated infostealer databases and credential dumps compiled over years, not a single Gmail compromise. Troy Hunt added the dataset to Have I Been Pwned, which found 91% of entries were previously seen; 16.4 million addresses were newly observed. Users should check their accounts, run antivirus scans, and change any compromised passwords.

🛡️ In a short video for Cybersecurity Awareness Month, ESET Chief Security Evangelist Tony Anscombe explains how unsanctioned hardware and software — commonly called shadow IT — is creating security gaps in the remote and hybrid work era. He warns that growing employee use of generative AI further increases risk by exposing sensitive corporate data outside IT control. The video outlines practical steps IT teams can take to discover, govern and mitigate these hidden risks and points to related guidance on authentication, patching and ransomware resilience.

🛡️ Scouting America (formerly Boy Scouts) has introduced a new cybersecurity merit badge that highlights digital safety, basic cyber hygiene, and introductory technical skills for youth. The announcement includes a well-designed badge image that has been picked up by mainstream coverage, drawing attention to how organizations are teaching online risk awareness. The author notes the image looks good and expresses a personal wish to earn the badge.

🔐 Cyber Awareness Month highlights the persistent cybersecurity skills shortage and the opportunities it creates for new entrants and experienced professionals. The 2025 Cybersecurity Skills Gap Report documents a global shortfall of more than 4.7 million roles and identifies high demand for data, cloud, network and AI security expertise. Employers increasingly favor certifications (65%) over degrees, opening practical pathways for career changers, veterans, and adjacent IT or business professionals. Investing in upskilling, governance, and awareness programs can reduce breach risk and improve retention.

🔒 ESET's Cybersecurity Awareness Month 2025 video, presented by Chief Security Evangelist Tony Anscombe, explains why ransomware continues to threaten organizations large and small. Citing Verizon's 2025 DBIR and a Coalition Inc. study, it notes that 44% of breaches involved ransomware and 40% of insured victims paid ransoms. The video outlines common intrusion vectors and practical steps — backups, patching, access controls and training — organizations should take to improve resilience.

🔑 VMware certification is presented as a repeatable framework for mastering complex infrastructure and advancing careers, and VMUG Advantage is offered as an accelerator for that journey. The piece, authored by VMUG leadership, highlights survey data from Pearson VUE showing certification-driven promotions and confidence gains. It outlines tangible member benefits—discounts on training and exams, personal-use licenses, on-demand labs, and global community mentorship—and positions certification as a strategic investment for individuals and teams seeking secure, scalable IT practices.