Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Author: Bex Bailey Our 2025 Phishing By Industry Benchmarking Report examines why organizations across Asia face some of the highest levels of cybersecurity risk worldwide. In fact, Forrester reveals that organizations in Asia Pacific (APAC) experience an average of 3.5 breaches within a 12-month period versus 2.8 globally. Organizations in the region also experience a cumulative cost of US$2.8 million against the global mean of US$2.7 million.

A new survey has found that 64% of C-Suite executives in cybersecurity or data center roles view data breaches and ransomware attacks as the top threat to companies over the next decade.

Cybersecurity has long focused on fortifying networks, securing endpoints and blocking malicious code. Yet one of the most persistent and costly security vulnerabilities isn’t technical — it’s human. Employees routinely fall for phishing scams, mishandle sensitive data or unintentionally violate security policies. While most people don’t mean to cause harm, their behavior still introduces significant cyber risk to the organization.

Researchers at Bitdefender warn of a wave of social engineering attacks targeting WhatsApp accounts. The attacks begin with automated phone calls that instruct users to add a specific phone number to their WhatsApp contacts. The call then ends abruptly. The scammers are doing this to gather potential targets for future attacks. Most people will ignore the calls, but those who do add the number to their contacts will be more likely to fall for additional social engineering attacks.

Social engineering remains a primary initial access vector for cybercriminals, according to a new report from Europol. “Social engineering, which exploits human error to gain access to systems or personal information, stands out as a prominent technique used by criminal actors in this context,” Europol says.

I am used to repeating some pretty big numbers when talking about the financial impact of cybercrimes. When you look into the data, it is pretty easy to start talking about tens of billions of dollars. I occasionally come across figures that are in the hundreds of billions of dollars in damage across multiple years globally. So, imagine my surprise when I learned the U.S. Federal Trade Commission (FTC) said Americans lost $158.3B in 2023, one year, to scammers, and that annual figure is getting worse.

I recently had several conversations about repeat clickers. First with a Forrester analyst and then, shortly after, at KB4-CON Orlando following a presentation on the subject by Matthew Canham, Executive Director of the Cognitive Security Institute. After that, my approach was a little less organic: intrigued by the topic, I spoke with several KnowBe4 customers to find out how they manage repeat clickers.

Lead Researchers: James Dyer and Louis Tiley Between May 5 and May 7, 2025, KnowBe4 Threat Lab identified a phishing campaign originating from accounts created on the legitimate service ‘EUSurvey’. Although this was a focused campaign, on a smaller-scale to others identified by the team, it employed a combination of sophisticated techniques worth highlighting.

AI-generated voice deepfakes present an urgent threat to organizations, according to researchers at Pindrop. The researchers warn that speech generation tools can create realistic-sounding cloned voices in near real-time, allowing attackers to hold live conversations with victims while imitating someone the victim knows. Additionally, these tools can now convincingly imitate human emotions, making social engineering attacks even more persuasive.

In today's rapidly evolving threat landscape, cybercriminals are becoming increasingly sophisticated in their attack methodologies, particularly when it comes to email-based threats. Organizations worldwide are recognizing that a single-vendor approach to security, while valuable, may not provide the comprehensive protection needed to defend against the full spectrum of modern cyber threats.