This guide will walk you through the process of reporting a phishing email (with screenshots) in the three most popular email clients Phishing threats plague businesses and consumers globally. Verizon reported in its 2024 Data Breach Investigations Report (DBIR) that 73% of cybersecurity incidents involving social engineering began with phishing (31%) and pretexting (42%). But do you or your employees know how to report these threats? Our goal here isn’t to tell you how to identify a phishing email or to share a wealth of phishing statistics. We’ve done all of that in previous articles. We’re ..read more

Explore the security concepts demonstrated by the nation’s most secure facility to learn how to harden your enterprise’s IT ecosystem Fort Knox’s Vault is synonymous with security. Built between 1935 and 1936, the Fort Knox Bullion Depository at Fort Knox, as it’s actually known, was constructed using “16,000 cubic feet of granite; 4,200 cubic yards of concrete; 750 tons and reinforcing steel; and 670 tons of structural steel.” Simply put, it’s a building that the world’s top criminals can only dream of infiltrating. However, most cybercriminals often aren’t striving to break into the U.S. Tre ..read more

Nearly half of internet traffic identified by Imperva isn’t human; it’s bots, and most are up to no good. Here’s what they’re doing and how you can identify them and fight back… Let’s start by stating that not all bots are bad. After all, Google’s search engine web crawlers make indexing your new web pages possible. But when “bad bots” engage in automated attacks against websites and/or APIs to steal, damage, and defraud businesses and consumers, then it becomes a huge problem that must be dealt with ASAP.  Just how big of an issue are these bots? Imperva’s 2024 Bad Bot Report data, which ..read more

A private certificate authority can significantly increase the security of your internal network systems and data… but only if the CA is correctly set up. Here’s how to do it correctly. Data from a 2022 survey indicates that more than half of organizations admit they don’t follow the key management best practice of storing their cryptographic keys on hardware security modules (HSMs). But generating and storing cryptographic keys on an HSM is just one of many private CA cybersecurity best practices businesses must adhere to when securing their internal infrastructures and data using public key ..read more

Since 2020, the U.S. Environment Protection Agency (EPA) has doled out more than 100 enforcement actions against community water systems (CWS) across the U.S. for violations of the Safe Water Drinking Act. Securing the nation’s approximately 153,000 publicly owned and operated drinking water systems and 16,000 wastewater systems is a responsibility that shouldn’t be taken lightly. However, the majority (70%) of community water systems inspected since September 2023 don’t even meet the baseline security requirements outlined in the Safe Water Drinking Act (SWDA). That’s why the EPA issued an en ..read more

4 industry advances and the inaugural World Quantum Readiness Day underscore the importance of preparing now for quantum-based threats Several new quantum-focused research developments may have moved up the timeline for needing quantum-resistant cryptography. If you do nothing to prepare now, all of your data that’s secured by modern public key algorithms may be vulnerable to harvest now, decrypt later (HNDL) attacks in the future. Knowing this, DigiCert and other industry partners are leading the charge into a quantum-ready future by establishing a new quantum security-focused holiday. This e ..read more

<60 seconds — this is the median time Verizon’s 2024 Data Breach Investigations Report (DBIR) indicates it takes users to fall for phishing emails. (21 seconds to click + 28 seconds to enter their data on a phishing site.) Check out the latest phishing statistics and data from Verizon and other industry leaders… IBM’s X-Force Threat Intelligence Index 2024 report shows that phishing as a top initial access vector in 2023 dropped 44% compared to 2022. But does this mean that phishing is going out of style? Unlikely — phishing constitutes 24/7 business opportunities for bad guys, which is lik ..read more

PKI is everywhere — it secures everything from websites and emails to the smart devices you use to secure your home and business. It’s the hero operating in the background that you don’t know exists unless you know where to look… What do your smart coffee maker, our website, and a nuclear power plant have in common? They all rely on public key infrastructure (PKI) behind the scenes. But why is PKI so popular? It’s the secure, tried-and-true way to: Identify and authenticate authorized users and devices Encrypt data transmitted between two parties or systems Protect software, documents, and ot ..read more

The CA/B Forum’s newly approved “Definitions and Glossary Chartered Working Group” aims to standardize industry language to create clarity and consensus of terms used in security guidelines Within the cybersecurity industry, multiple terms can describe something, or a single term can describe several things. This is especially true within public key infrastructure (PKI). Think of a simple example using terms like “SSL” and “TLS.” Someone could use these terms to refer to the security protocols that layer over HTTP to create the secure HTTPS protocol, or to mean the digital certificates you ins ..read more

Verizon’s 2023 Data Breach Investigations Report (DBIR) data indicates that 86% of web app-related data breaches involved the use of stolen credentials. Explore 9 password cracking methods and how to fight them Password compromises continue to be a leading security issue for organizations and their customers. 46% of Forbes’ U.S. OnePoll survey respondents say their passwords were breached in the past year. There are many reasons why passwords can become compromised. Sometimes, it’s something as simple as hardcoding your credentials into applications. But in most cases, these situations occur a ..read more