Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Earlier this year I joined the team at CultureAI, and like many, I shared the news on LinkedIn. Within weeks, I found myself at the receiving end of multiple phishing emails impersonating our CEO designed to exploit new employees. But rather than ignoring them, I thought it could be fun to play along, see where the rabbit hole led, and deep dive into the world of BCE and Gift Card scams.

A few weeks ago, a malware campaign that leveraged Google Ads to promote a fake Homebrew website caught my attention. It tricked users into running an installer command that downloaded and executed a malicious binary resulting in an info stealer being introduced to the user’s machine.

The recent rapid adoption of the AI application “DeepSeek” has gained significant global attention. Becoming the app on both the Apple Store and Google Play Store within its first few days, seeing over 10 million downloads. While this explosive growth of DeepSeek R1 highlights the public’s fascination with AI-driven tools, the security community and policymakers have been less enthusiastic.

Behavioural analytics in cyber security has emerged as a powerful tool for identifying and mitigating human risks. By focusing on how humans interact with systems, user behavioural analytics offer a proactive approach to threat detection, ensuring a more secure digital environment for businesses.

Cyber security threats are increasingly complex, and while external attacks like phishing and malware often take centre stage, insider threats are emerging as a significant concern. Insider threats are risks originating from within an organisation, which pose unique challenges. They exploit an insider’s knowledge of systems, processes, and vulnerabilities, making detection and prevention particularly challenging.

In an era where password breaches have become all too common, Multi-Factor Authentication (MFA) has emerged as a critical layer of security. MFA provides an authentication method that requires users to present multiple forms of identification before gaining access to systems, which is considered a more robust defence against cyber attacks. However, as cyber criminals evolve tactics, MFA is no longer impervious to threats, particularly phishing attacks that exploit vulnerabilities.

Software as a Service (SaaS) applications have become indispensable for organisations in today's digital landscape. From collaboration tools enabling better communication, to SaaS applications that streamline operations, enhance productivity, and support remote work. However, their convenience comes with significant security challenges—many of which stem from human errors, insider threats, and inadequate configuration practices.

Shadow IT refers to the use of information technology systems, devices, software, applications, and services without explicit approval from an organisation's IT department. While it sounds sinister, and has certain implications, it is not always done maliciously or with the intent of breaching security. It encompasses a wide range of digital activities where employees leverage unapproved tools to be more productive or achieve specific goals.

Software as a Service (SaaS) applications have become widespread and indispensable for businesses of all sizes, and for good reason. The convenience, flexibility, and scalability mean teams can access the essential tools and data from anywhere around the globe. This convenience and accessibility, however, does pose its own set of challenges when it comes to security risks.

Human risk management (HRM) has become a more established category in recent years. This development signals a crucial shift towards enabling security teams to accurately quantify and manage workplace risks. With the rise of HRM, a variety of new technologies have also emerged on the market. However, how do you navigate the sea of buzzwords and shiny promises to pick the solution that's right for you?