Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyber insurers are claiming that cybercriminals made ransomware attacks popular again in 2023 after a slight break in 2022. According to cyber insurer Coalition's 2023 Cyber Claims Report, claims frequency increased by 27% in the first half of this year compared to the second half of 2022. Additionally, cyber insurer Resilience Cyber Insurance Solutions mid-year report showed a similar trend with 16.2% of its total claims were related to ransomware attacks.

We are excited to announce that KnowBe4 has been named a leader in the Fall 2023 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) for the PhishER platform for the tenth consecutive quarter! The latest G2 Grid Report compares Security Orchestration, Automation, and Response (SOAR) Software vendors based on user reviews, customer satisfaction, popularity and market presence. Based on 228 G2 customer reviews, KnowBe4’s PhishER platform is the top ranked SOAR software.

The Wall Street Journal recently published an article about using highly-emotionally charged, “controversial”, subjects in simulated phishing tests. Controversial topic examples include fake pay raises, reward gift cards, and free Taylor Swift tickets. The younger half of our team is convinced the latter topic would have completely tricked them.

A new report sheds light on whether CISOs have been the victim of a cyber attacks, if they're every paid a ransom, their greatest cyber concerns, and much more. While most of the reports I cover on this blog are typically surveys of those "in the trenches," we do like to cover analysis of c-suite perspectives. The CISO Report from Splunk provides some interesting insight into experienced cyber attacks and their impact.

As increasing percentages of businesses experience cyberattacks, new data provides details on where the most organizational risk lies. According to U.K. cyber insurer Hiscox’s Cyber Readiness Report 2023, attacks are on the rise: With these increases, how prepared are organizations? According to Hiscox, organizations are spending money on the problem; the median cybersecurity spend is a little over $1.39 million (with enterprises spending $4.9 million).

Threat actors launched 156,000 business email compromise (BEC) attempts per day between April 2022 and April 2023, according to Microsoft’s latest Digital Defense Report. While most of these attempts go unanswered, criminals can receive massive payouts when they succeed.

As attackers leave little-to-no traces of their attack patterns, more ransomware groups are shifting from automated attacks to manual attacks. According to the newly-released Microsoft Digital Defense Report 2023, about 40% of the ransomware attacks detected were human-driven and tracked back to over 120 ransomware-as-a-service (RWaaS) affiliates. This spike in human-operated ransomware attacks likely goes back to attackers wanting to minimize their footprint within an organization.

Credential harvesting has become a business in and of itself within the cybercrime economy. New insight from Microsoft details the types of attacks your organization should watch out for. I’ve attempted to cover every Microsoft 365 credential harvesting attack since the platform is so popular and is an easy target for cybercriminals. But the news coming from their newly-released Microsoft Digital Defense Report 2023 puts this type of attack into perspective.

Even though there are new attack types for cybercriminals, they are still leveraging old-school attack vectors. Why? Because they still work. I cover new attack methods all the time, with recent examples including a sophisticated phishing campaign impersonating Microsoft and an attack last month targeting the Ukrainian military.

We are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares security awareness training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence. The latest G2 Grid Report compares Security Awareness Training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence.