Latest news with #CyberThreats
Zawya
04-08-2025
- Business
- Zawya
From perception to protection: What Africa's Chief Information Security Officers (CISOs) don't know about employees could cost them
Cybersecurity in Africa is entering a new phase. As organisations mature their defences and invest in security awareness training (SAT), a difficult-to-spot, but critical gap is emerging – not between tools and cyber threats, but between what leaders believe about their employees, and what they actually experience. The KnowBe4 Africa Human Risk Management Report 2025 ( provides a glimpse into this mismatch. The results show that many leaders are overestimating their employees' preparedness, and underestimating the gaps in trust, training, and action. Says Anna Collard, SVP of Content Strategy and Evangelist at KnowBe4 Africa, 'It's not just that awareness alone isn't enough – it's that the level of employee's awareness is being misunderstood by the organisational leaders responsible for it..' The perception gap is growing, but measurable While 50% of decision-makers in 2025 rate employee cyber threat-reporting confidence at 4 out of 5, in 2024, only 43% of employees said that they felt confident recognising a threat, while one-third disagreed that their training was sufficient. 68% of decision-makers believe that SAT within their organisations is tailored by role. But only 33% of employees in 2024 felt that to be true – with 16% actively disagreeing. The implications are serious, because a workforce that appears trained and aware on paper may in fact be uncertain, unsupported, and vulnerable. 'This discrepancy between perception and experience is exactly where human risk thrives,' says Collard. 'If leaders don't correct course, they're building security strategies on false confidence.' Why measuring awareness is no longer enough One of the most frequently cited challenges in the report is deceptively simple: measuring if SAT works. More than four in ten respondents said that they struggle to track whether their security awareness programmes translate into safer behaviours. A key contributing factor, identified in the report, is that many organisations still rely on one-size-fits-all SAT, often delivered only annually or biannually, without role-specific customisation or behavioural feedback loops. While 68% say they offer role-based training, this claim is undermined by the fact that 'lack of role alignment' remains one of the top challenges respondents report. The discrepancy is clearest in sectors like manufacturing and healthcare, where generic SAT is most common. Size, it seems, also matters. Larger organisations are consistently less confident in employee readiness, train less frequently, and struggle more to measure outcomes.. Collard says: 'Awareness without action is like an alarm that no one responds to. Organisations are investing in security awareness training, but without the structure, tailoring, and follow-through to translate that into secure behaviour.' Beyond BYOD: The new blind spot is AI One of the most urgent themes to emerge is the rapid rise of 'shadow AI' use. With nearly half of all organisations still busy developing formal AI policies, yet up to 80% of employees using personal devices for work, the risk of unmonitored, unsanctioned AI usage is rising fast. East Africa is leading the way with more proactive AI governance, while Southern Africa, despite topping training frequency, lags behind on AI policy implementation. 'Technology has moved faster than policy,' Collard explains. 'And unless AI tools are properly governed, they become as much a risk vector as they are an asset.' The road ahead: Action, alongside awareness This report outlines five imperatives for African organisations: Customise SAT by role and risk exposure. Track what matters – not just participation, but behavioural outcomes. Formalise reporting structures employees trust and understand. Close the AI policy gap before misuse becomes systemic. Contextualise strategies based on region and sector – because resilience is not one-size-fits-all. 'The human element is often spoken about, but rarely measured in ways that lead to action that acknowledges context. Our goal is to help organisations stop guessing and start structuring their defences around real, contextual insights,'says Collard. 'This is a moment to move from compliance-driven box-ticking to culture-driven resilience. We have the data. Now we need the will. The full report is now available for download here: Distributed by APO Group on behalf of KnowBe4. Contact details: KnowBe4: Anne Dolinschek anned@ Red Ribbon: TJ Coenraad tayla@
Zawya
29-07-2025
- Business
- Zawya
ADGM's FSRA issues cyber risk management framework
Amendments include integration of cyber risk management into existing risk management frameworks. A six-month transition period is provided to facilitate compliance. Abu Dhabi, UAE: The Financial Services Regulatory Authority (FSRA) of ADGM today announced the implementation of amendments to its regulatory framework for Authorised Persons and Recognised Bodies in relation to cyber risk management. Compliance with the amendments will be required from 31 January 2026. The implementation follows extensive industry engagement and feedback received on Consultation Paper No. 3 of 2025. The amendments require firms to integrate cyber risk management into their existing risk frameworks and build upon the FSRA's Information Technology Risk Management Guidance and Governance Principles and Practices to Mitigate Cyber Threats and Crime. Feedback received during the consultation period supported the amendments as a natural evolution of the FSRA's regulatory framework in this dynamic risk area. In response to this feedback, the FSRA has enhanced the proposed amendments by providing firms with a six-month period to ensure compliance, clarifying the principles of proportionality and integration of cyber risk management frameworks, and adapting requirements for arrangements with IT service providers. The FSRA has also revised its guidance to assist firms in assessing the materiality of cyber incidents and is planning to update its cyber incident notification template before the end of the year. Emmanuel Givanakis, Chief Executive Officer of ADGM's FSRA, said, 'These amendments reflect the FSRA's ongoing commitment to operational resilience and cybersecurity. By continuing to integrate global best practices into our framework, we safeguard the integrity of the financial services industry in ADGM. These recent developments demonstrate our ongoing dedication to responsible innovation and further position ADGM as a leading jurisdiction for secure and forward-looking financial activity.' The FSRA acknowledges the constructive and well-received feedback provided in response to the Consultation Paper. To view the amended legislation, click here: FSRA Rules (Cyber Risk Management) | Rulebook About ADGM ADGM, which opened on 21 October 2015, is the international financial centre (IFC) of the capital city of the United Arab Emirates. ADGM is contributing significantly to Abu Dhabi's position as a leading financial centre and a business hub, serving as a strategic link between the growing economies of the Middle East, Africa, South Asia, and the rest of the world. Operating within a regulatory framework based on the direct application of English Common Law, ADGM governs the entirety of Al Maryah Island and Al Reem Island, collectively designated as the financial free zone of Abu Dhabi. ADGM is a top-ranking IFC in the Middle East and Africa region. Its progressive and inclusive business ecosystem fosters growth, resilience, and optimism for global financial and non-financial institutions. Growing synergies between ADGM and other jurisdictions have positioned it as one of the world's most advanced, diverse, and progressively governed financial hubs. For more details on ADGM, please visit or follow us on LinkedIn and Instagram: @ADGM X: @adglobalmarket For media queries, please contact: E: media@
Associated Press
20-07-2025
- Business
- Associated Press
NewSky Security Expands into Cyber Security Private Investigations to Combat Sophisticated Botnet and VPN Threats
NewSky Security Expands into Cyber Security Private Investigations to Combat Sophisticated Botnet and VPN Threats REDMOND, WA, UNITED STATES, July 20, 2025 / / -- NewSky Security today announced the expansion of its services to include specialized private investigations into cybersecurity breaches, with a focus on incidents involving finance, the Internet of Things (IoT), VPNs, and botnets. This provides unparalleled expertise and a proactive defense to financial institutions, IoT-dependent businesses, and corporations globally. 'In today's hyper-connected world, the lines between physical and digital security have blurred. We are proud to announce our enhanced capabilities in cyber security private investigations, which will be crucial in not just stopping cyber threats, but in identifying and helping to bring the perpetrators to justice,' said Scott Wu, CEO at NewSky Security. 'Our new focus on financial, IoT, and VPN-based threats allows us to offer a new level of Cyber security, protecting our clients' most critical assets from sophisticated botnet attacks and other emerging threats.' NewSky Security's expanded services will leverage the company's proprietary AI-powered threat detection and real-time network monitoring to conduct in-depth investigations into the source of cyberattacks. The company's team of experts will work to uncover the methods and identities of attackers, providing crucial intelligence to law enforcement and helping to prevent future incidents. This enhanced service includes a focus on VPN Security, ensuring that remote connections do not become a weak point in an organization's security posture. The rise of interconnected devices in the financial and IoT sectors has created new avenues for cybercriminals to exploit. Botnets are becoming increasingly sophisticated, and securing VPNs is more critical than ever with the rise of remote work. NewSky Security's enhanced focus on cyber security private investigations directly addresses the growing need for a proactive and investigative approach to cybersecurity, moving beyond simple defense to active pursuit of threats. NewSky Security has a proven track record of identifying and mitigating threats, having already identified numerous botnets and malware campaigns for its clients. The company's unique approach involves studying the attackers themselves to build more robust defense mechanisms. About NewSky Security NewSky Security is a cybersecurity company that utilizes artificial intelligence to protect and defend the Internet of Things (IoT). Founded in 2015, the company provides real-time threat visibility and control to prevent business disruptions from cyberattacks. NewSky Security's mission is to empower a hack-proof experience for its clients, allowing them to focus on their core business without the fear of cybercrime. Contact Information: Media Relations NewSky Security +1 425-441-3441 [email protected] Scott Wu New Sky Security email us here Visit us on social media: LinkedIn Legal Disclaimer: EIN Presswire provides this news content 'as is' without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
Yahoo
14-07-2025
- Business
- Yahoo
Hive Pro Releases Eagerly Anticipated Report: "Cyber Horizons 2025"
HERNDON, Va., July 10, 2025 /PRNewswire/ -- Hive Pro Inc., the pioneer vendor in Threat Exposure Management, today released its annual and landmark threat intelligence report, Cyber Horizons 2025, developed by its in-house research division, HiveForce Labs. This expansive publication offers a data-rich, forward-looking view into the evolving cyber threat landscape based on analysis of over 40,000 vulnerabilities, adversary behaviors, and incident telemetry from enterprise environments around the world. Drawing on global intelligence across sectors from healthcare to energy, finance to manufacturing, the report unpacks the increasingly adaptive, AI-driven, and multi-pronged nature of modern cyber threats. Among the key findings: ransomware rose by 21% in 2024, AI-enabled phishing surged, and over 83 zero-day vulnerabilities were actively exploited in real-world campaigns. "Threats in 2025 are faster, smarter, and more relentless than ever," said Ankit Mani, Lead Threat Intelligence Researcher at Hive Pro. "This year, we saw exploits weaponized in minutes. Without real-time threat intelligence integrated into exposure management, organizations risk falling dangerously behind." Cyber Horizons 2025 aims to equip organizations with actionable intelligence to adapt. It calls for a decisive shift from reactive cybersecurity to exposure-centric defense strategies, including continuous control validation, integrated threat modeling, and real-time attack surface visibility. "The traditional security perimeter no longer exists," said Purvi Garg, VP of Products and Innovation at Hive Pro. "What were once edge cases, like identity, cloud, and supply chain, have become the primary battlegrounds. Our report highlights the urgency of aligning security priorities with business risk and operational context. Through the rich data we provide, our goal is to give security leaders clarity and a smarter path forward. It's imperative, now more than ever." Cyber Horizons 2025 is a strategic guide for CISOs, SOC teams, and board-level decision-makers looking to build resilience in a time of increasing unpredictability. No matter the role, this report offers detailed forecasts on topics everyone is curious about, from threat actor trends, and zero-day readiness to AI weaponization and sector-specific insights. The full report is available for download here. About Hive ProHive Pro is the pioneering vendor of Threat Exposure Management through Uni5 Xposure, an end-to-end platform that identifies where organizations are exposed to active threats, tests how security controls perform against potential exploitation, and guides cross-functional teams in eliminating high-priority exposure points. While headquartered in Virginia, USA, Hive Pro has a global presence spanning North America, EMEA, and APAC. View original content to download multimedia: SOURCE Hive Pro Inc
Fox News
11-07-2025
- Fox News
Google fixes another Chrome security flaw being actively exploited
Cyber threats are on the rise, and attackers are becoming more aggressive with each new breach. As a result, Google patched a critical vulnerability in its Chrome browser. This marks the fourth zero-day exploit discovered so far this year. Because hackers had already begun exploiting the flaw, Google quickly released an emergency update for Chrome users on Windows, Mac and Linux. In light of this, as these threats grow more frequent and more sophisticated, taking control of your digital security is essential. With that in mind, here is what you need to know about the latest exploit and the steps you can take to stay protected. The high-severity security flaw, identified as CVE-2025-6554, stems from a type confusion bug in Chrome's V8 JavaScript engine. Attackers can exploit this vulnerability to run malicious code or access other parts of your system by manipulating memory. Fortunately, Google's Threat Analysis Group (TAG), which tracks state-sponsored and targeted spyware attacks, discovered the flaw and quickly issued security updates to protect users. To stop hackers from exploiting the Chrome security flaw, start by updating your browser with the latest security patches. Although Chrome typically updates automatically, you should still check manually to make sure you are running the most recent version. To do this, follow these steps: The latest stable versions that address this exploit are 138.0.7204.96/.97 on Windows, 138.0.7204.92/.93 on Mac, and 138.0.7204.96 on Linux. Updating Chrome is only the first step in protecting your device. To strengthen your defenses, you also need to install reliable antivirus software. Zero-day vulnerabilities like this one can still allow malware to slip through, even after you patch your browser. On Windows devices, Microsoft Defender comes pre-installed and offers a solid layer of free protection. Similarly, Android devices rely on Google Play Protect for automatic malware detection and removal. However, keep in mind that Play Protect is not always enough. It has a history of missing certain threats and may not catch every strain of malware. Mac users benefit from Apple's built-in XProtect system, which Apple updated on July 8, 2025, to counter the latest known malware strains. Even so, adding a trusted third-party antivirus can provide stronger, more comprehensive protection. When choosing antivirus software, make sure it includes these key features: If you already have antivirus installed, take a moment to check for updates. Keeping it current ensures you're protected against the latest security threats. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Hackers are already exploiting the latest Chrome flaw, and more vulnerabilities are almost certain to follow. Updating your browser is not just recommended, it serves as your first line of defense. However, protecting yourself requires more than just patching software. Installing a trusted antivirus and following smart browsing habits can make the difference between staying secure and becoming a target. Stay alert by avoiding suspicious links, never downloading files from unknown sources, and always verifying website URLs before entering personal information. In today's digital world, one careless click can expose everything. What security measures have you taken to protect your devices from online threats? Let us know by writing us at Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Copyright 2025 All rights reserved.
