Slavik Markovich, CEO of Descope joins Dave to discuss his career as a serial entrepreneur. Before Descope, he co-founded and was the CEO of Demisto, a leader in the SOAR industry, which was acquired by Palo Alto Networks in 2019 for $560M, where he then served as SVP of Products. Before co-founding Demisto, Slavik was VP & CTO of database technologies at McAfee. He joined McAfee via the acquisition of Sentrigo, a database security startup he co-founded and served as CTO for. He goes into depth of his career changes throughout the years and how that has helped lead him to where he is now in his career. He shares that as a CEO and found of multiple companies he values time and hard workers. He says ” I think we really stress the importance of, uh, of responsibility. So if, if you kinda take something, you, you make sure to finish it and on time, if you promise to do something, you do that. And so that’s really important for us.” We thank Slavik for sharing his story with us. Read More
Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year
It’s time once again to pay our respects to the once-famous cybersecurity solutions whose usefulness died in the past year. The cybercriminal world collectively mourns the loss of these solutions and the easy access they provide to victim organizations. These solutions, though celebrated in their prime, succumbed to the twin forces of time and advancing threats. Much like a tribute to Read More
HR & IT-Related Phishing Emails Are Top-Clicked Among Phishing Email Types
Phishing emails masquerading as HR and IT-related communications are the most likely to be clicked on by employees as unveiled in a recent study, posing a significant cybersecurity risk to organizations across various industries.
The 2024 Phishing by Industry Benchmarking Report, conducted by KnowBe4, analyzed data from over 54 million simulated phishing tests.
While these tests are performed across more than 11.9 million users from 55,675 organizations in 19 different industries.
Through this report researchers at KnowBe4 highlighted the ongoing vulnerability of employees to social engineering attacks, particularly those that mimic internal communications.
Top three riskiest industries by organization size (Source – Knowbe4)
High Initial Vulnerability: The study found that without proper training, organizations across all industries and sizes faced an average Phish-prone Percentage (PPP) of 34.3%. This means that roughly one in three employees were likely to interact with malicious emails.
Industry-Specific Risks: Healthcare & Pharmaceuticals emerged as one of the most vulnerable sectors, with a PPP of 51.4% for large organizations. Other high-risk industries included Insurance (48.8%) and Energy & Utilities (47.8%).
Size Matters: Larger organizations (1000+ employees) generally showed higher vulnerability, with several industries exceeding a 40% PPP.
Free Webinar on Best Practices for API vulnerability & Penetration Testing: Free Registration
Technical Analysis
The report emphasizes the crucial role of comprehensive security awareness training:
After just 90 days of training, the average PPP dropped to 18.9%, representing a nearly 50% reduction in vulnerability.
Organizations that maintained ongoing training for a year or more saw their PPP plummet to an impressive 4.6%.
Methodology and data set (Source – Knowbe4)
Cybersecurity experts stress the importance of continuous education and testing. “Merely paying lip service to security awareness programs does little to shield an organization from attacks that target human vulnerabilities,” the report states.
2024 International Phishing Benchmarks (Source – Knowbe4)
Foster a security-conscious culture within the organization.
Invest in both employee training and advanced technological defenses.
However, it’s important to note that the transforming employee behavior requires persistence, but the benefits of a security-aware workforce are invaluable in the face of increasingly sophisticated phishing attempts.
By prioritizing human risk management and encouraging a strong cybersecurity culture, organizations can significantly reduce their vulnerability to phishing attacks and other social engineering threats.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
December Android updates fix critical zero-click RCE flaw
Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution (RCE) bug. […] Read More