Information Security News EU Looks to Tech Sovereignty with EuroStack Amid Trade War Biometric Update by Masha BorakThe European Union is making significant strides towards tech sovereignty with the development of EuroStack, a comprehensive technology initiative aimed at reducing dependence on foreign tech giants amid …
Information Security News House Passes Bill Requiring Federal Contractors to Implement Vulnerability Disclosure Policies SecurityWeek by Eduard KovacsThe U.S. House of Representatives has recently passed a bill that mandates federal contractors to establish vulnerability disclosure policies. This legislative move aims to strengthen the security of …
Last Friday, I attended the launch of The Cost of Domestic Violence to Women’s Employment and Education at the University of Technology Sydney. Written by the renowned researcher and writer Anne Summers, this report lays bare how domestic violence and coercive control disrupts women’s financial independence and long-term security.
The event also featured a dynamic Q&A with Jess Hill, journalist, author, activist and advocate extraordinaire, whose expertise in domestic violence issues added depth to the discussion, highlighting the need for systemic change.
As I sat in the standing-room-only audience, one question kept running through my mind:
What tangible steps must institutions take to ensure they don’t just acknowledge this crisis, but actively intervene?
Anne delivered a keynote exposing the economic toll of domestic violence, showing how abuse limits women’s access to employment and education. Jess’s insightful questions deepened the conversation, stressing the urgent need for systemic change.
Their discussion underscored a chilling reality: leaving isn’t just about physical safety—it’s about digital and economic safety, too. If an abuser can still track a survivor through hacked accounts or control their finances, they remain trapped.
The report’s findings confirm what many survivors already know: domestic violence locks women out of economic independence.
The report makes it clear: economic security is one of the biggest barriers to escaping domestic violence. And if institutions don’t take proactive steps, they are complicit in maintaining the status quo.
As we contemplate these challenges, the critical role of cybersecurity—particularly end-to-end encryption—becomes glaringly apparent.
Survivors of coercive control often face digital surveillance, forced account access, and online monitoring, making encryption not just a cybersecurity measure, but a life-saving tool.
Institutions must prioritise encryption in their digital safety initiatives, ensuring that survivors can:
✔️ Access support services securely, without fear of being monitored.
✔️ Communicate with legal, financial, and mental health services safely.
✔️ Regain digital autonomy in a world where abusers increasingly weaponise technology.
Survivors don’t just need protection—they need secure autonomy over their communications, finances, and digital lives.
This isn’t just about awareness—it’s about action. Institutions that claim to support women must walk the walk, not just talk the talk.
Here are five practical, immediately implementable steps that workplaces, universities, and unions must take to proactively combat domestic violence and coercive control:
Universities, workplaces, and unions should collaborate to offer regular digital safety check-ins where individuals can:
✔️ Secure their devices from tracking apps and spyware.
✔️ Review and strengthen privacy settings on work and personal accounts.
✔️ Learn about secure communication tools, like end-to-end encrypted messaging, to protect themselves from cyberstalking and coercive control.
✔️ Understand the warning signs of digital surveillance and how to respond.
Every institution must commit to making digital security a non-negotiable right. These clinics must be practical, confidential, and institutionally backed, providing survivors with the immediate tools to secure their digital independence.
Support systems must go beyond the basics. Many institutions offer Employee Assistance Programs (EAPs) or generic counselling services, but few are tailored for survivors of coercive control. Institutions must provide:
✔️ Specialist legal assistance for women navigating financial and digital abuse.
✔️ Psychological support that understands the long-term impact of coercive control.
✔️ Emergency interventions that provide real, tangible pathways out—including financial assistance and secure housing options.
It is no longer enough to say “help is available”. That help must be structured in a way that makes it truly accessible to women facing complex, tech-enabled abuse.
Policies that react to incidents are no longer enough. Institutions must proactively design out the loopholes that abusers exploit. This means:
✔️ Regular compliance reviews to ensure policies account for coercive control tactics, not just physical abuse.
✔️ Ensuring data-sharing policies protect survivors, preventing abusers from exploiting privacy loopholes.
✔️ Flagging high-risk patterns—such as repeated password resets or location-sharing updates—just as financial institutions flag fraud.
Workplaces, universities, and unions must actively train staff, leaders, and support teams to recognise the warning signs of both domestic violence (DV) and coercive control (CC). Abuse doesn’t always leave bruises—digital surveillance, financial restrictions, and psychological manipulation can be just as damaging.
Unions have historically played a key role in advocating for workplace protections. This must now extend to digital safety and coercive control awareness. They should:
✔️ Ensure workplace policies account for DV and CC protections, including digital abuse considerations.
✔️ Push for survivor-first employment policies—allowing employees to change work emails, request payroll confidentiality, or flag an abuser’s interference.
✔️ Advocate for institutional commitments to survivor support, ensuring that affected employees and students are not left vulnerable.
This report isn’t just another study—it’s a wake-up call.
It’s not enough for institutions to acknowledge this crisis. They must act. Policies must be rewritten. Digital security must be prioritised. Support must be proactive, not reactive.
The cost of silence is too high. Inaction is complicity.
We have the tools. The only question is—do we have the will to use them?
📖 Read the full report here: The Cost of Domestic Violence to Women’s Employment and Education
Kim Chandler McDonald is the Co-Founder and CEO of 3 Steps Data, driving data/digital governance solutions. She is the Global VP of CyAN, an award-winning author, storyteller, and advocate for cybersecurity, digital sovereignty, compliance, governance, and end-user empowerment.
Information Security News Latin American Orgs Face 40% More Attacks Than Global Average Dark Reading by Nate NelsonOrganisations in Latin America are experiencing a surge in cyberattacks, facing 40% more incidents than the global average. This alarming trend underscores the unique cybersecurity challenges in the …
The Hacker News
A new report reveals that a staggering 89% of generative AI usage within enterprises remains undetected, exposing organisations to severe security risks. This covert AI activity can lead to significant data breaches and compromise system integrity. To combat these hidden dangers, the report urges companies to implement comprehensive AI governance frameworks. These should include enhanced visibility of AI applications, robust monitoring to detect unauthorised activities, and proactive management strategies to secure digital environments effectively, ensuring that enterprises can safeguard against the escalating threat landscape.
Read more
Dark Reading by Nate Nelson
A recent cybersecurity investigation has identified that a Chinese Advanced Persistent Threat (APT) group is exploiting a vulnerability in VPN software to launch sophisticated attacks on operational technology (OT) organizations globally. This exploitation poses severe risks to critical infrastructures such as power plants and water treatment facilities. The report calls for immediate and robust security enhancements in vulnerable systems and emphasizes the necessity for continuous vigilance and updated protocols to defend against these strategically targeted cyber-espionage activities, ensuring the safety and resilience of essential services.
Read more
Tripwire by Graham Cluley
Corporations are increasingly victimized by cybercriminals posing as cybersecurity auditors. These fraudsters gain unauthorized access by exploiting the trust within organizations, leading to significant breaches of sensitive data. This emerging trend underscores the critical importance for companies to rigorously verify the credentials of security professionals and to continuously educate their employees about such deceptive tactics. Enhancing verification processes and employee awareness are essential steps to shield businesses from these sophisticated scams, ensuring the security and integrity of corporate information systems against potential threats.
Read more
The Guardian by Josh Taylor
Apple is reportedly developing new technology that could enable social media platforms to accurately determine if users are under 16. This initiative aims to enhance online safety for minors by enforcing age-appropriate content restrictions and compliance with privacy laws. However, it raises significant privacy concerns about the extent and methods of data collection required for age verification. Advocates for digital privacy are calling for transparency and strict safeguards to ensure that these measures do not infringe on individual privacy rights, emphasizing the need for a balanced approach that protects both safety and privacy.
Read more
Dark Reading by Becky Bracken
Recent findings reveal a critical security flaw that allows hackers to compromise car camera systems in just minutes, posing severe privacy and safety risks to vehicle owners. This vulnerability highlights the urgent need for the automotive industry to strengthen cybersecurity measures in vehicle surveillance systems. Manufacturers are called to rapidly enhance security protocols, implement advanced protection technologies, and ensure robust safeguards are in place to prevent unauthorized access. This proactive approach is essential to protect personal data and ensure the safety of drivers and passengers in an increasingly connected world.
Read more
The Register by Connor Jones
Signal CEO Meredith Whittaker has made clear her company has announced plans to withdraw its services from Sweden in response to proposed laws that could compromise encryption standards. The messaging app, known for its staunch privacy policies, stated that the new legislation requiring access to encrypted data would force them to cease operations in the country to protect user privacy. This move highlights the growing tension between tech companies and governments over encryption policies and the balance between security and privacy. Signal’s potential exit from Sweden underscores the significant impact such legislative changes could have on global digital communication and privacy rights.
Read more
BleepingComputer by Bill Toulas
Several popular VSCode extensions, with a combined total of 9 million installs, have been removed from the marketplace due to severe security vulnerabilities. These extensions were found to pose risks that could potentially allow hackers to execute malicious code remotely on a user’s system. This incident highlights significant security concerns within the development tools ecosystem and emphasizes the importance of continuous vigilance in software updates and security auditing. Developers and users are urged to regularly review and update their extensions to safeguard against emerging cybersecurity threats.
Read more
The Register by Jessica Lyons
The scale of info-stealer malware’s impact has been laid bare, affecting millions of victims globally. This type of malware, which stealthily extracts sensitive data from users’ devices, has proven to be almost unstoppable due to its evolving nature and widespread distribution methods. The revelation underscores the persistent threat posed by these malicious programs and highlights the critical need for enhanced cybersecurity measures. Users and organizations are advised to strengthen their defenses by implementing robust security protocols and staying informed about the latest cybersecurity practices to mitigate the risk of data theft.
Read more
CyberScoop by Tim Starks
Karen Evans has been appointed as the Executive Assistant Director for Cybersecurity at CISA, stepping into a pivotal federal role. With her extensive background in cybersecurity and government, Evans is well-prepared to steer national cybersecurity strategies during a time of increasing digital threats. Her leadership is expected to enhance CISA’s capabilities in protecting national infrastructure and improving cyber resilience across various sectors. This appointment underscores the emphasis on bolstering federal cybersecurity efforts to address both current and emerging challenges effectively.
Read more
The Guardian by Dara Kerr
The US national security director has strongly condemned the UK government’s request for Apple to implement a data ‘backdoor’, highlighting major privacy and cybersecurity risks. This demand could jeopardize the security of users worldwide by potentially allowing unauthorized access to sensitive personal and financial information. This critical stance reflects broader global concerns over balancing government surveillance with individual privacy rights. It underscores the urgent need for policies that protect user data while supporting legitimate national security efforts without compromising fundamental privacy principles.
Read more
BleepingComputer by Lawrence Abrams
The Pump.fun X account was recently compromised, sparking concerns over security on social media platforms where financial transactions are promoted. This breach led to the unauthorized promotion of a fraudulent governance token, exploiting platform vulnerabilities and potentially misleading investors. The incident highlights the critical need for robust security protocols and vigilant user education to prevent similar cybersecurity threats. It serves as a stark reminder for investors to rigorously verify the legitimacy of online investment opportunities and underscores the importance of implementing stringent digital safeguards to protect financial interactions on social media.
Read more
The Register by Iain Thomson
Bybit has declared a proactive stance against North Korea’s notorious Lazarus crime-ring following the theft of $1.5 billion from their digital wallet. This bold declaration marks a significant shift in how cryptocurrency exchanges are responding to cyber theft, especially those perpetrated by state-sponsored groups. Bybit’s commitment involves enhancing their security measures and collaborating with global cybersecurity experts to recover the stolen assets and prevent future incidents. This initiative reflects a growing trend among financial platforms to actively combat cyber threats and safeguard investor assets in the increasingly volatile digital currency landscape.
Read more
BleepingComputer by Bill Toulas
EncryptHub has been implicated in a major cybersecurity breach that impacted 618 organizations, leading to the deployment of ransomware and info-stealers across multiple sectors. This extensive breach demonstrates the vulnerabilities in digital security frameworks and the sophisticated tactics employed by cybercriminals to exploit them. The incident calls for an urgent reassessment of cybersecurity measures within affected organizations and emphasizes the necessity for continuous enhancement of defense strategies to combat the evolving landscape of cyber threats. It also highlights the importance of proactive threat detection and response protocols to mitigate the impact of such breaches.
Read more
CyberScoop by Tim Starks
As a vital U.S. cybersecurity law approaches expiration, there is a concerted effort among advocates to secure its renewal. This legislation is foundational in fortifying national infrastructure against evolving cyber threats, enhancing public-private partnerships, and ensuring robust cyber defense mechanisms remain effective. The urgency to renew the law reflects concerns about the potential vulnerabilities that could emerge without it, emphasizing the necessity for up-to-date legal frameworks to adapt to rapidly advancing cyber tactics and maintain the United States’ leadership in cybersecurity resilience and innovation.
Read more
BBC by Zoe Kleinman
The head of US intelligence has publicly expressed concern over the UK’s covert request to Apple for a data ‘backdoor,’ which was not disclosed to US officials. This revelation has sparked significant international tension, highlighting the complexities of privacy, security, and transatlantic cooperation. The US intelligence leader emphasized the potential risks to global digital security and the importance of transparency in such requests, which could undermine trust among allies and jeopardize the privacy of countless users. This incident underscores the delicate balance required in government surveillance and the need for clear communication between nations on cybersecurity matters.
Read more
Dark Reading by Agam Shah
Fortanix is addressing the looming threat of quantum computing to cybersecurity with innovative algorithms designed to withstand potential breaches. As quantum technology advances, traditional encryption methods are at risk of becoming obsolete, exposing critical data to new vulnerabilities. Fortanix’s proactive approach involves developing quantum-resistant algorithms that ensure data remains secure against future quantum decryption capabilities. This initiative not only highlights the importance of forward-thinking in cybersecurity but also positions Fortanix as a leader in preparing for the next generation of cyber challenges.
Read more
Popular Information by Judd Legum
A federal court has issued an injunction against DOGE following a report by Popular Information, which highlighted significant regulatory concerns. This legal action reflects growing scrutiny over digital currencies and their compliance with financial regulations. The court’s decision to halt certain activities of DOGE underscores the challenges facing cryptocurrency projects in navigating the complex landscape of financial laws. This development serves as a critical reminder of the importance of regulatory compliance for cryptocurrencies and may set a precedent for how similar cases are handled in the future.
Read more
Dark Reading by Kristina Beek
Artificial intelligence is being exploited by cybercriminals to create highly convincing fake websites that mimic the cryptocurrency analysis tool, DeepSeek. These fraudulent sites are meticulously crafted to dupe cryptocurrency enthusiasts into divulging personal and financial information, resulting in significant financial losses. This trend of AI-facilitated scams highlights a disturbing evolution in cyber fraud, signalling an urgent need for the crypto community to bolster their defences. Enhanced security protocols and heightened user education are essential to counteract the sophisticated tactics employed by these digital swindlers.
Read more
Security Affairs by Pierluigi Paganini
The Lockbit ransomware group has dramatically escalated its cyber threats by publicly targeting Kash Patel, the FBI Director, with a bold threat to leak “classified” information. This audacious move signals a significant evolution in ransomware tactics, shifting from broad-scale data extortion to directly confronting and challenging national security officials. The incident not only exposes the brazen confidence of cybercriminals but also underscores the urgent need for national security entities to enhance their defensive and responsive strategies against such politically charged cyber threats.
Read more
The Register by Jessica Lyons
A startling revelation indicates that Chinese cyber espionage efforts have targeted the email communications of Republican figures, as detailed in a recent publication. This exposure not only highlights the deep reach of state-sponsored cyber operations but also raises significant concerns about the security of political communications in the U.S. The situation calls for an urgent reassessment of cybersecurity measures within political entities to safeguard sensitive communications from foreign interference, emphasising the need for robust, updated defence mechanisms in the ever-evolving landscape of global cyber warfare.
Read more
The Register by Jessica Lyons
Chinese cyber operators are now targeting medical imaging applications to hijack patients’ computers. This sophisticated attack not only compromises sensitive patient data but also exposes the vulnerability of healthcare systems to cyber espionage. By masquerading as legitimate medical software, Silver Fox disrupts healthcare operations and accesses confidential health records, highlighting a critical need for strengthened cybersecurity measures in medical institutions. This incident urges healthcare providers to enhance their digital defenses and implement more rigorous security protocols to protect patient information from such malicious intrusions.
Read more
Cybersecurity Dive by Rob Wright
The recent discovery of attackers exploiting critical vulnerabilities in Cisco products marks a significant escalation in the Salt Typhoon campaign. This sophisticated cyber operation targets essential network infrastructure, highlighting glaring security gaps that could jeopardise entire networks. The attacks not only exploit these vulnerabilities to gain unauthorised access but also pose severe risks to data integrity and operational continuity for businesses globally. This situation underscores the urgent necessity for organizations to swiftly apply security patches and adopt comprehensive cybersecurity strategies to mitigate potential damages from such pervasive and aggressive cyber threats.
Read more
CyberScoop by Matt Bracken
The recent endorsement by a DHS deputy secretary nominee of the decision to purge the Cyber Review Board has sparked significant discussion within the cybersecurity community. This controversial stance suggests a shift towards streamlining cybersecurity governance, which some argue might sacrifice thorough oversight for efficiency. Advocates for the purge believe it will lead to more direct and agile responses to cyber threats, while critics warn that it could undermine comprehensive policy-making and weaken the nation’s cyber defences. This development calls for a balanced approach that ensures robust security without stifling innovation.
Read more
The Hacker News by Ravie Lakshmanan
The malware LightSpy has notably expanded its capabilities, now boasting over 100 commands that enable it to exert unprecedented control over infected devices across multiple platforms including Windows, macOS, Linux, and mobile. This enhancement significantly increases the threat level posed by LightSpy, allowing cybercriminals to execute a wider range of malicious activities, from data theft to surveillance. The evolution of LightSpy illustrates the growing sophistication of malware tools and underscores the urgent need for cross-platform security solutions to protect against versatile and adaptive cyber threats.
Read more
Cybersecurity Dive by David Jones
Palo Alto Networks has issued a critical warning about active exploitation attempts targeting a file read flaw in their firewall products. This vulnerability, if exploited, allows attackers to access sensitive data, potentially leading to further network compromises. The alert underscores the importance of immediate patching and heightened vigilance among network administrators to prevent unauthorised access. This incident serves as a stark reminder of the continuous threats facing network security infrastructure and the need for ongoing proactive measures to defend against sophisticated cyber attacks.
Read more
ISMG Data Breach Today by Akshaya Asokan
Apple’s recent deactivation of iCloud’s end-to-end encryption, prompted by UK government demands, has been sharply criticised as “digitally illiterate” by Signal’s Meredith Whittaker. This decision is feared to undermine global cybersecurity, potentially affecting anyone globally who communicates with UK users. Experts warn that the UK could now effectively set a “security cap” for users worldwide, compromising digital security unknowingly. In reaction, cybersecurity expert Josh Moore has started a Change.org petition to uphold digital rights, which could lead to parliamentary debate if it reaches significant support levels.
Read more
Dark Reading by Maxime Lamothe-Brassard
Relying solely on traditional cybersecurity methods increasingly exposes businesses to significant vulnerabilities as cyber threats evolve. These outdated defences often fall short, leaving organisations at risk from more sophisticated cyber attacks. The pressing need for a more adaptive and proactive cybersecurity approach is evident, emphasising the integration of innovative technologies and strategies. This shift is crucial for organizations aiming to protect their digital assets effectively in a landscape where cyber risks are constantly changing, urging companies to overhaul their cybersecurity frameworks to stay ahead of threats.
Read more
Forbes by Chris Dimitriadis
The cybersecurity jobs market is tightening, reflecting a growing mismatch between the supply of qualified professionals and the escalating demand for cybersecurity expertise. Organisations are now facing significant challenges in recruiting and retaining skilled personnel amid rising cyber threats. This shift necessitates not only reevaluating compensation packages but also enhancing training and development programs to attract and cultivate talent. Emphasising career development and job satisfaction could be crucial for companies aiming to secure their digital environments in this competitive landscape.
Read more
PrivID (Substack)
The disappearance of $1.4 billion in cryptocurrency has created a perfect storm in the financial technology sector, exposing significant vulnerabilities within crypto exchanges and digital wallets. This incident highlights the intricate challenges of ensuring security in the largely unregulated and highly technical field of cryptocurrency. It underscores the urgent need for enhanced regulatory frameworks and advanced security measures to prevent similar incidents. As the industry grapples with these issues, stakeholders are called to prioritize transparency and strengthen cybersecurity practices to restore and maintain trust among investors.
Read more
IT Security Guru by Kirsten Doyle
MFA fatigue is becoming a tool for cybercriminals who exploit human tendencies to bypass authentication. This involves tricking users into security lapses by exploiting their response to frequent prompts, leading to complacency. The issue underscores the need for organizations to intensify user education and enhance security protocols. By adapting to the evolving tactics of cybercriminals who leverage such human vulnerabilities, companies can better protect sensitive information. Strengthening defenses against these subtle attacks is critical in maintaining robust digital security.
Read more
Security Magazine by Tim Eades
As organizations navigate through increasingly complex digital landscapes, identifying and addressing specific cybersecurity risks has never been more critical. This year, the focus shifts towards combating emerging threats that capitalise on new technologies and the expanded digital footprint of remote work. Proactive measures, including advanced threat detection systems and enhanced security protocols, are vital. Additionally, training employees to recognise phishing attempts and securing end-point devices are essential steps to mitigate risks. Organizations must stay agile, continuously updating their cybersecurity strategies to protect against the ever-evolving cyber threats.
Read more
By Saba Bagheri
Reflecting on this year’s Safer Internet Day, CyAN APAC Director Saba Bagheri delves into the evolving landscape of cyber-attacks in our increasingly digital world. Saba analyses how organized cybercrime groups have sophisticatedly adapted, utilising advanced technologies to exploit cybersecurity vulnerabilities effectively. She emphasises the urgent need for robust defensive strategies, advocating for relentless innovation in cybersecurity measures and a significant increase in user awareness. Her comprehensive insights stress the importance of a proactive approach in protecting digital infrastructures and personal data. By highlighting these ongoing challenges and solutions, Saba Bagheri calls for a united effort to shape a safer internet, ensuring it remains a secure environment for future generations.
Read more
Cyber Daily by David Hollingworth
As part of the Safer Internet Day 2025 campaign, this article underscores the pivotal role of employees in organisational cybersecurity. It discusses the significance of regular cybersecurity training, emphasising how informed employees can act as the first line of defence against phishing, malware, and social engineering attacks. Practical measures, such as interactive training sessions and robust access controls, are presented as key strategies to create a safer internet for all. The piece ties the Safer Internet Day theme to the importance of fostering cyber awareness at every level of an organisation. By equipping employees with the knowledge and tools to navigate online risks, businesses contribute to a global culture of responsibility and safety.
Read more
News Tech by Alex Cooney
This article emphasises the crucial role parents play in safeguarding their children’s online experiences, especially as legislation to hold tech companies accountable is still pending. A report from CyberSafeKids reveals that 82% of children aged 8-12 have unsupervised access to smart devices in their bedrooms, underscoring the need for increased parental engagement. The piece offers practical recommendations, such as initiating regular conversations about online activities, monitoring device usage, and establishing clear digital rules.
Read more
Microsoft Post by Courtney Gregoire
In light of Safer Internet Day 2025, Microsoft addresses the rising concerns over AI-generated content misuse. Their research indicates a global increase in AI usage, with 51% of individuals having used AI tools, up from 39% in 2023. However, 88% express concerns about generative AI. To combat potential abuses, Microsoft has partnered with Childnet to develop educational materials aimed at preventing the misuse of AI, including the creation of deepfakes. These resources are designed to equip schools and families with the knowledge to protect children from online risks associated with AI.
Read more
European Union News
Celebrated on February 11, 2025, the 22nd edition of Safer Internet Day saw worldwide participation under the theme “Together for a Better Internet.” The event introduced “Ally,” a new mascot symbolising a tech-savvy companion for young digital users. Additionally, the AdWiseOnline campaign, “Play Smart, Spend Wisely – Mind the Hidden Costs,” was launched to educate young gamers about their rights and the recognition of manipulative in-game marketing tactics. The campaign reached over 250,000 parents and educators, emphasising the collective effort required to create a safer digital environment.
Read more
Google for Education by Jennifer Holland
In observance of Safer Internet Day 2025, Google for Education highlights its dedication to fostering safe and enriching learning environments amidst the rise of AI technologies. The initiative focuses on collaborating with educators, families, and students to navigate the challenges posed by generative AI. Emphasis is placed on media literacy, responsible AI usage, and overall well-being in both school and home settings, ensuring that students are equipped with the necessary tools and knowledge to thrive safely in the digital age.
Read more
57Network by Shahirah Abdul Aziz
Small and medium-sized enterprises (SMEs) are increasingly targeted by cybercriminals due to perceived vulnerabilities. This article emphasises the need for SMEs to prioritise cybersecurity. It highlights practical steps like educating employees on safe online practices, implementing access controls, and creating incident response plans to ensure a safer internet for businesses and their customers. The article draws attention to the global message of Safer Internet Day, calling for collective action in fostering a secure online environment.
Read more
By Fel Gayanilo
CyAN General Secretary Fel Gayanilo discusses the evolution of identity and access management (IAM) in small to medium-sized businesses (SMBs) beyond traditional Active Directory frameworks. In his analysis, Fel highlights the emerging technologies and strategies that enhance IAM security, addressing the unique challenges faced by SMBs. Fel advocates for adaptive security measures that integrate advanced authentication mechanisms and user behaviour analytics to protect against increasingly sophisticated cyber threats. His insights emphasise the importance of evolving SMB security practices to safeguard sensitive data in a dynamic digital landscape.
Read more
CyAN Board Member and a highly accomplished leader in cybersecurity, fraud management, and risk governance, Bharat Raigangar has been selected as an esteemed juror for the 2025 SCCS & TPRM Europe Awards. These prestigious awards honour the leaders, teams, and solutions driving meaningful change in cyber resilience, risk management, and compliance. Winners will be celebrated at an exclusive networking dinner on April 10, 2025, in Lisbon.
Great news from our community! FIDES Rating, our AI-based SaaS solution for regulatory compliance, is shortlisted for the RegTech Insight Awards Europe 2025 under Best AI Solution for Regulatory Compliance. This nomination celebrates our commitment to transforming compliance with AI, enhancing efficiency and insights across regulations like DORA, NIS2, GDPR, and the AI Act. Vote for Innovation! Support FIDES in category #37 to help advance AI-driven compliance. Your vote matters!
We at CyAN are ALWAYS overjoyed to celebrate our members’ successes and their contributions to the cybersecurity community!
With that in mind, please join us in congratulating our valued member Fatema Fardan on her new role as a Part-time Lecturer at the Bahrain Institute of Banking and Finance (BIBF)!
Starting her career in Bahrain’s banking sector as a student in their management associates program, she now returns with an impressive 16 years of experience in cybersecurity and finance. She is eager to inspire future leaders and contribute to the development of the next wave of talent in Bahrain’s financial sector.
Read more
We’re thrilled to share that CyAN member Tulin Sevgin is starting a new chapter as a Non-Executive Board Member at Working Spirit, a charity that connects Australian military veterans with corporate career opportunities. Tulin’s extensive experience and dynamic enthusiasm have enriched our CyAN board, and we’re excited for her to bring these qualities to an organisation that plays a crucial role in supporting veterans. We are confident that Tulin will greatly contribute to Working Spirit’s growth and continued success in making a meaningful impact.
Read more
Every year, Safer Internet Day reminds us of the importance of making the internet a safer place for everyone. Initially conceived as a tool to connect people and make life more convenient, the internet has evolved into a cornerstone of modern living. Yet, it has …
Flaw found in stalkerware apps, exposing millions of people. Here’s how to find out if your phone is being spied uponBitdefender by Graham Cluley A significant security flaw discovered in stalkerware apps has exposed millions to potential spying, significantly compromising user privacy. This vulnerability allows …
by Shantanu Bhattacharya
Posted on February 20, 2025 | Originally published on RSAC Conference
🔗 Read the original article on RSAC Conference
Imagine the CFO of a global enterprise opens an email attachment during a business trip, inadvertently unleashing ransomware. Initially dormant within the corporate network, the malware activates offline, encrypting critical financial forecasts. With the laptop disconnected from the organization’s security infrastructure, no alerts are triggered. The company faces potential data loss, operational disruption, and reputational damage.
Traditional security solutions—firewalls, IDS, and EDR—rely on server connectivity for updates and threat intelligence. Offline, these defences are rendered ineffective. Cloud-based security, while promising, fails if malware severs or blocks connectivity. The crux of the problem is the dependency on real-time server communication for security updates and behavioural analytics.
Employs AI to identify threats locally without server interaction.
Modern EPP solutions utilize artificial intelligence (AI) and machine learning (ML) to detect and mitigate threats locally on the device. These solutions can operate independently without continuous server communication, ensuring protection even in isolated environments.
Drawback: Limited effectiveness against new, untrained, or rapidly evolving threats due to infrequent updates.
Implements strict access controls, verifying every action.
By implementing Zero Trust principles, security controls are enforced directly on the endpoint, limiting access to sensitive data based on strict identity verification and behavioral analysis.
Drawback: Complex configurations can disrupt workflows and slow legitimate operations.
Protects sensitive data with on-device encryption keys.
Solutions that automatically encrypt sensitive data and manage encryption keys locally reduce the impact of data exfiltration. Even if malware accesses the files, it cannot decrypt and exploit the information without the local keys.
Drawback: If the device is compromised, local keys become a vulnerability.
Monitors and flags unusual activity offline.
Tools that monitor user and application behavior can detect and respond to unusual activities, such as rapid encryption of files or unauthorized access attempts, even when offline.
Drawback: High false-positive rates can overwhelm security teams and reduce operational efficiency.
The ideal security solution integrates server-stub technology, combining the strengths of existing methods while eliminating their drawbacks. It achieves this by maintaining a local replica of critical security functions from the central server, including:
This solution ensures continuous protection with real-time responses to threats, even without connectivity, and synchronizes seamlessly with the server upon reconnection.
The evolving threat landscape demands that organizations rethink endpoint security strategies, especially for high-risk users like CXOs. Solutions that function independently of network and server components are critical to protecting valuable data from malware attacks. By investing in autonomous endpoint protection, Zero Trust models, local encryption, and behavior-based detection, organizations can safeguard their most sensitive information—even beyond the network perimeter. Adopting these measures not only closes critical security gaps but also strengthens overall cyber resilience in an increasingly mobile and connected business world.
For CXOs on the move, cybersecurity must evolve beyond network-dependent models. A server-replica-based solution provides autonomous, resilient protection, closing critical gaps left by traditional defences. Investing in this approach not only protects sensitive data but also fortifies the organization’s overall cyber resilience.
Shantanu Bhattacharya
Founder, CEO & CTO, 360Sequrity
LinkedIn Profile
🔗 Read the original article on RSAC Conference
Information Security News Joint Letter on the UK Government’s use of Investigatory Powers Act to attack End-to-End EncryptionGlobal Encryption Coalition by Ryan Polk The Global Encryption Coalition is actively opposing the UK government’s utilisation of the Investigatory Powers Act to erode end-to-end encryption, asserting that …
