Government and Security Awareness - Cyber Security Informer

Critical Infrastructure Seeing Benefits of Government Program, CISA Says

Security Boulevard

JANUARY 14, 2025

CISA in two years has seen the number of critical infrastructure organizations signing up for its CPG services double, which has improved the overall security in most sectors, but more needs to be done to strengthen what has become a target adversarial state-sponsored threat groups.

Government

Government Security Awareness Risk Malware

Hackers Exploiting Microsoft Flaw to Attack Governments, Businesses

Security Boulevard

JULY 21, 2025

The post Hackers Exploiting Microsoft Flaw to Attack Governments, Businesses appeared first on Security Boulevard. It also gives them persistence in the systems even after reboots and updates.

Government

Government Data privacy Security Awareness Mobile

Combatting the Security Awareness Training Engagement Gap

Security Boulevard

JANUARY 1, 2025

Despite years of security awareness training, close to half of businesses say their employees wouldnt know what to do if they received a phishing email. According to a US government-backed study, one of the main reasons for the lack of impact of cyber security training is waning engagement and growing indifference.

Security Awareness

Security Awareness Phishing Government Network Security

Why Take9 Won’t Improve Cybersecurity

Schneier on Security

MAY 30, 2025

We’re using security awareness campaigns to cover up bad system design. Or, as security researcher Angela Sasse first said in 1999: “Users are not the enemy.” But—we get it—the government isn’t going to step in and regulate the Internet. These insecure systems are what we have.

Cybersecurity

Cybersecurity Scams Security Awareness Phishing

Why I Refused to Say “People Are the Weakest Link in Cyber”

Jane Frankland

JUNE 24, 2025

And today, with an increasing volume of digital challenges – from malicious to mistakes and malfunction, it’s vital we move beyond this narrative and focus on governance and empowerment instead. But a governance issue that sits squarely with those who lead. a failure of governance. The good news? Change is happening.

Cyber Risk

Cyber Risk Security Awareness Risk Government

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

Jane Frankland

JANUARY 19, 2025

A deepfake (video) from a government official spreading misinformation during a crisis. Here’s what we can do to maintain this balance: Foster a Culture of Security Awareness Security awareness is the foundation of any cybersecurity strategy.

Cybersecurity

Cybersecurity Scams Technology Risk

News alert: Living Security report reveals that just 10% of employees drive 73% of cyber risk

The Last Watchdog

JULY 21, 2025

Visibility is alarmingly low: Organizations relying solely on security awareness training (SAT) have visibility into only 12% of risky behavior, compared to 5X that for mature HRM programs. Through collaborations with leading industry and government entities, Cyentia continually advances cybersecurity knowledge and practice.

Cyber Risk

Cyber Risk Risk Phishing Media

AI Agents in Cybersecurity: A Practical Roadmap for Leaders

Security Boulevard

AUGUST 6, 2025

A leader’s guide on deploying AI agents – from selecting use cases and establishing governance, to safety controls and showing the value. The post AI Agents in Cybersecurity: A Practical Roadmap for Leaders appeared first on Security Boulevard.

Cybersecurity

Cybersecurity Government CISO Security Awareness

Managed detection and response in 2024

SecureList

FEBRUARY 20, 2025

Kaspersky MDR customers by region Distribution of incidents by industry In 2024, the MDR team observed the highest number of incidents in the industrial (25.7%), financial (14.1%), and government (11.7%) sectors. in government, 17.8% However, if we consider only high-severity incidents, the distribution is somewhat different: 22.8%

Phishing

Phishing Social Engineering Government Threat Detection

World Backup Day: A Clarion Call for Cyber Resilience

SecureWorld News

MARCH 31, 2025

As Dana Simberkoff, Chief Risk, Privacy, and Information Security Officer at AvePoint, puts it: "World Backup Day offers a critical reminder to all security professionals of just how important flexible and robust data governance and backup policies are in today's cybersecurity landscape."

Backups

Backups Encryption CISO Mobile

Author’s Q&A: It’s high time for CISOs to start leading strategically — or risk being scapegoated

The Last Watchdog

MAY 13, 2025

And now comes the GenAI wave flooding security vendors with new tools, but also disrupting organizational dynamics, blurring responsibility lines, and injecting fresh uncertainty into already fragile governance structures. And no, Im not talking about security awareness training. Its not a people problem.

CISO

CISO Risk Cybersecurity Government

Huge Leak of Customer Data Includes Military Personnel Info

Security Boulevard

NOVEMBER 25, 2024

EnamelPins, which manufactures and sells medals, pins, and other emblematic accessories, for months left open an Elasticsearch instance that exposed 300,000 customer emails, including 2,500 from military and government personnel. The post Huge Leak of Customer Data Includes Military Personnel Info appeared first on Security Boulevard.

Manufacturing

Manufacturing Government Security Awareness Phishing

Your Agentic AI Governance Checklist: 7 Non-Negotiables to Fix Governance Blind Spots

Security Boulevard

JULY 2, 2025

When you design agentic AI with governance at the core, you stay ahead of risk and avoid reactive fire drills. The post Your Agentic AI Governance Checklist: 7 Non-Negotiables to Fix Governance Blind Spots appeared first on Security Boulevard.

Government

Government Risk Security Awareness Cybersecurity

MITRE Crisis: CVE Cash Ends TODAY — CISA says ‘No Lapse’

Security Boulevard

APRIL 16, 2025

government funding for the Common Vulnerabilities and Exposures program expires April 16. The post MITRE Crisis: CVE Cash Ends TODAY CISA says No Lapse appeared first on Security Boulevard. These are interesting times: U.S.

Government

Government Data privacy Technology IoT

8 security tips for small businesses

Malwarebytes

NOVEMBER 6, 2024

Train your employees in security awareness, so they can recognize phishing attempts and know what they can and can’t do on company-issued hardware. It may also help to know that your supplier is aligned with a standard of cybersecurity deemed good enough by government organizations.

Small Business

Small Business Backups Firewall VPN

“Always Verify”: Integrating Zero-Trust Security for Good Governance

Security Boulevard

JANUARY 24, 2025

The post Always Verify: Integrating Zero-Trust Security for Good Governance appeared first on Security Boulevard. While zero-trust architecture (ZTA) has many benefits, it can be challenging for companies because of a static mindset, increased costs and continuous maintenance.it

Government

Government Architecture Security Awareness Cybersecurity

The State of Appsec in 2024

Adam Shostack

JANUARY 2, 2025

The first has two facets: how do we secure AI systems, and how do we use AI in appsec? The second major inflection is driven by governments re-arranging liability from software operators to software makers. Liability for software makers isnt just coming, its here.

Software

Software Government Security Awareness Passwords

API Sprawl Can Trip Up Your Security, Big Time

Security Boulevard

JULY 2, 2025

The future of API security is not just about better firewalls — it is about smarter governance, automation and visibility at scale. The post API Sprawl Can Trip Up Your Security, Big Time appeared first on Security Boulevard.

Firewall

Firewall Government Security Awareness Cybersecurity

Incident response analyst report 2024

SecureList

MARCH 12, 2025

Geographic distribution of incident response requests, 2024 The distribution of IR requests by industry followed the 2023 pattern, keeping industrial (23.5%), government (16.3%) and financial (13.3%) organizations in the top three most targeted industries.

Ransomware

Ransomware Government Passwords Security Awareness

RSA Conference 2025: Top Announcements and Key Takeaways from the Cybersecurity World’s Biggest Stage

eSecurity Planet

MAY 1, 2025

RSA expands ISPM to strengthen hybrid identity security RSA continued the identity theme on Day 2 with new Identity Security Posture Management (ISPM) capabilities. These updates help enterprises uncover and address identity-related risks across cloud and on-prem systems, all embedded within RSAs Governance and Lifecycle solution.

Cybersecurity

Cybersecurity Mobile Phishing Artificial Intelligence

What Maslow’s Hierarchy of Needs Reveals About Cybersecurity Flaws

Jane Frankland

APRIL 18, 2025

Organisations invest heavily in governance, risk, and compliance (GRC) and risk management efforts while neglecting foundational elements like leadership and culture. No matter how carefully you place the materials or how advanced the tools you use, the structure is doomed to collapse without a strong, stable foundation. The result?

Cybersecurity

Cybersecurity Technology Risk Security Awareness

Who is Hero?

Security Boulevard

JUNE 26, 2025

Social Engineering

Social Engineering Data privacy Security Awareness Engineering

12 Critical SOC 2 Controls to Support Compliance

Centraleyes

MARCH 10, 2025

Common Criteria (CC) At the heart of the SOC 2 framework is the Common Criteria , a set of 33 high-level requirements that form the foundation for the Security category. For example, identifying risks related to third-party integrations might lead to enhanced vendor security evaluations. Tools like Centraleyes streamline this process.

Backups

Backups Encryption Risk Authentication

‘FRED’ Security FAIL — Ignored by US Rail for 20 YEARS

Security Boulevard

JULY 16, 2025

The post ‘FRED’ Security FAIL — Ignored by US Rail for 20 YEARS appeared first on Security Boulevard. BCH vs. SDR, AAR vs. CISA: Railroad industry first warned about this nasty vulnerability in 2005.

Wireless

Wireless IoT Security Awareness Software

FBI Warning: AI-Driven Impersonation Attacks Target U.S. Officials

SecureWorld News

MAY 29, 2025

According to an FBI alert , t he campaign, active since April 2025, primarily targets current and former federal and state government officials and their contacts. Traditional Security Awareness Training is unable to keep up with these AI supercharged deception techniquesand as a result, organizations are more vulnerable than ever."

Scams

Scams Social Engineering Phishing Media

The Battle for Attention: How Cybersecurity Fights for Truth in a World of Noise

Jane Frankland

JUNE 27, 2025

Build Collaborative Ecosystems Cybersecurity isn’t a problem any one organisation, industry, or government can solve alone. By uniting behind clear, outcome-focused frameworks, we can deter fragmented policies that hinder progress.

Cybersecurity

Cybersecurity Risk Phishing Education

The Expiring Trust Model: CISOs Must Rethink PKI in the Era of Short-Lived Certificates and Machine Identity

Security Boulevard

JULY 21, 2025

The post The Expiring Trust Model: CISOs Must Rethink PKI in the Era of Short-Lived Certificates and Machine Identity appeared first on Security Boulevard. The way we manage certificates must transform. For CISOs, this is not a future problem; the time to re-architect digital trust is now.

CISO

CISO Security Awareness Risk Government

Ô! China Hacks Canada too, Says CCCS

Security Boulevard

NOVEMBER 1, 2024

Plus brillants exploits: Canadian Centre for Cyber Security fingers Chinese state sponsored hackers. China Hacks Canada too, Says CCCS appeared first on Security Boulevard. The post Ô!

Hacking

Hacking Social Engineering Cyber Attacks Data privacy

Hiring – Senior Cybersecurity Consultant

BH Consulting

JULY 8, 2025

We are seeking an experienced and business-oriented Senior Cybersecurity Consultant, with a specialisation in Governance, Risk, and Compliance (GRC). Capable of acting as a Chief Information Security Officer (CISO) on a consulting/advisory basis for client organisations. Ability to design and deliver security awareness training.

Cybersecurity

Cybersecurity CISO Healthcare Risk

100 MILLION Americans in UnitedHealth PII Breach

Security Boulevard

OCTOBER 25, 2024

The post 100 MILLION Americans in UnitedHealth PII Breach appeared first on Security Boulevard. Not cute: $UNH’s Change Healthcare unit paid a big ransom—its IT was as weak as a kitten.

Healthcare

Healthcare Social Engineering Authentication Data privacy

App Stores OK’ed VPNs Run by China PLA

Security Boulevard

APRIL 3, 2025

The post App Stores OKed VPNs Run by China PLA appeared first on Security Boulevard. Bad Apple: Chinese firm banned by the U.S. is the shady entity behind a clutch of free VPN appswith over a million downloads.

VPN

VPN Social Engineering Data privacy Security Awareness

Proofpoint Boosting Data Security with Normalyze Acquisition

Security Boulevard

OCTOBER 30, 2024

The post Proofpoint Boosting Data Security with Normalyze Acquisition appeared first on Security Boulevard.

Cybersecurity

Cybersecurity Social Engineering Security Awareness Engineering

HHS Proposes Major Overhaul of HIPAA Security Rule in the Wake of Change Healthcare Breach

Security Boulevard

JANUARY 13, 2025

The post HHS Proposes Major Overhaul of HIPAA Security Rule in the Wake of Change Healthcare Breach appeared first on Security Boulevard. The new rules come in the wake of the Change Healthcare breach, which exposed the electronic personal health information of about 100 million Americans.

Healthcare

Healthcare Security Awareness Risk Government

Yet More Stalkerware Leaks Secret Data: ‘Catwatchful’ is Latest Nasty App

Security Boulevard

JULY 4, 2025

The post Yet More Stalkerware Leaks Secret Data: ‘Catwatchful’ is Latest Nasty App appeared first on Security Boulevard. Content warning: Domestic abuse, stalking, controlling behavior, Schadenfreude, irony.

Social Engineering

Social Engineering Spyware Data privacy Data breaches

Here’s Yet Another D-Link RCE That Won’t be Fixed

Security Boulevard

NOVEMBER 21, 2024

The post Here’s Yet Another D-Link RCE That Won’t be Fixed appeared first on Security Boulevard. D-Licious: Stubborn network device maker digs in heels and tells you to buy new gear.

Internet

Internet Internet IoT Data privacy

Almost 10% of GenAI Prompts Include Sensitive Data: Study

Security Boulevard

JANUARY 21, 2025

A study by cybersecurity startup Harmonic Security found that 8.5% The post Almost 10% of GenAI Prompts Include Sensitive Data: Study appeared first on Security Boulevard.

Risk

Risk Cybersecurity Data privacy Security Awareness

Apple Lets Stalkers Find YOU — ‘nRootTag’ Team Breaks AirTag Crypto

Security Boulevard

FEBRUARY 28, 2025

The post Apple Lets Stalkers Find YOU nRootTag Team Breaks AirTag Crypto appeared first on Security Boulevard. Dumb Design + Crud Code = Privacy Panic: Its been SEVEN MONTHS, but Tims crew is yet to fix the bugs.

Social Engineering

Social Engineering Data privacy IoT Security Awareness

Allstate Violates Drivers’ Privacy, Texas AG Alleges

Security Boulevard

JANUARY 15, 2025

The post Allstate Violates Drivers Privacy, Texas AG Alleges appeared first on Security Boulevard. Dont Mess With Texas Privacy: We will hold all these companies accountable, rants state attorney general Ken Paxton (pictured).

Accountability

Accountability Insurance Social Engineering Spyware

ANOTHER WinRAR 0-Day: Don’t Patch Now — Uninstall It!

Security Boulevard

AUGUST 12, 2025

appeared first on Security Boulevard. Zero day—zero clue: Old, bug-prone app relies on you to go look for update files. The post ANOTHER WinRAR 0-Day: Don’t Patch Now — Uninstall It!

Social Engineering

Social Engineering Data privacy Security Awareness Engineering

Corporate Layoffs Put Company IP at Risk

Security Boulevard

APRIL 7, 2025

With corporate layoffs and government workforce reductions frequently making headlines, leaders often underestimate the potential for massive data loss and intellectual property liability. The post Corporate Layoffs Put Company IP at Risk appeared first on Security Boulevard.

Risk

Risk Government Backups Security Awareness

The Ultimate ISO 27001 Checklist: Step-by-Step Guide to Simplify Your Compliance Journey

Centraleyes

MAY 5, 2025

Initiation The initiation phase lays the groundwork for your entire security program. Here, you define the ISMSs scope and objectives, set up governance, and secure executive sponsorship. Provide Information Security Training and Awareness Checklist Items: Conduct regular, comprehensive security awareness training.

Risk

Risk Information Security Firewall Education

Strengthening Compliance: The Role of WAFs in PCI DSS 4.0.1

Security Boulevard

JULY 8, 2025

appeared first on Security Boulevard. A properly configured WAF is no longer optional but mandatory, providing organizations with real-time protection against evolving web-based threats while ensuring regulatory compliance. The post Strengthening Compliance: The Role of WAFs in PCI DSS 4.0.1

Security Awareness

Security Awareness Risk Government Cybersecurity

The 47-Day SSL Certificate Era: What It Means for Site Owners and IT Teams

Security Boulevard

JULY 4, 2025

The move to 47-day SSL certificates is a major step toward a more secure, automated internet. The post The 47-Day SSL Certificate Era: What It Means for Site Owners and IT Teams appeared first on Security Boulevard.

Internet

Internet Internet Security Awareness Risk

Why Open-Source Encryption and Automated Key Rotation Aren’t Enough Without Certificate Management

Security Boulevard

JUNE 12, 2025

The post Why Open-Source Encryption and Automated Key Rotation Aren’t Enough Without Certificate Management appeared first on Security Boulevard. As organizations scale and adopt cloud-native architectures, the way they manage encryption — particularly how they issue, track and rotate certificates — has never been more critical.

Encryption

Encryption Architecture Security Awareness Risk

Critical Infrastructure Seeing Benefits of Government Program, CISA Says

Hackers Exploiting Microsoft Flaw to Attack Governments, Businesses

Trending Sources

Combatting the Security Awareness Training Engagement Gap

Why Take9 Won’t Improve Cybersecurity

Why I Refused to Say “People Are the Weakest Link in Cyber”

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

News alert: Living Security report reveals that just 10% of employees drive 73% of cyber risk

AI Agents in Cybersecurity: A Practical Roadmap for Leaders

Managed detection and response in 2024

World Backup Day: A Clarion Call for Cyber Resilience

Author’s Q&A: It’s high time for CISOs to start leading strategically — or risk being scapegoated

Huge Leak of Customer Data Includes Military Personnel Info

Your Agentic AI Governance Checklist: 7 Non-Negotiables to Fix Governance Blind Spots

MITRE Crisis: CVE Cash Ends TODAY — CISA says ‘No Lapse’

8 security tips for small businesses

“Always Verify”: Integrating Zero-Trust Security for Good Governance

The State of Appsec in 2024

API Sprawl Can Trip Up Your Security, Big Time

Incident response analyst report 2024

RSA Conference 2025: Top Announcements and Key Takeaways from the Cybersecurity World’s Biggest Stage

What Maslow’s Hierarchy of Needs Reveals About Cybersecurity Flaws

Who is Hero?

12 Critical SOC 2 Controls to Support Compliance

‘FRED’ Security FAIL — Ignored by US Rail for 20 YEARS

FBI Warning: AI-Driven Impersonation Attacks Target U.S. Officials

The Battle for Attention: How Cybersecurity Fights for Truth in a World of Noise

The Expiring Trust Model: CISOs Must Rethink PKI in the Era of Short-Lived Certificates and Machine Identity

Ô! China Hacks Canada too, Says CCCS

Hiring – Senior Cybersecurity Consultant

100 MILLION Americans in UnitedHealth PII Breach

App Stores OK’ed VPNs Run by China PLA

Proofpoint Boosting Data Security with Normalyze Acquisition

HHS Proposes Major Overhaul of HIPAA Security Rule in the Wake of Change Healthcare Breach

Yet More Stalkerware Leaks Secret Data: ‘Catwatchful’ is Latest Nasty App

Here’s Yet Another D-Link RCE That Won’t be Fixed

Almost 10% of GenAI Prompts Include Sensitive Data: Study

Apple Lets Stalkers Find YOU — ‘nRootTag’ Team Breaks AirTag Crypto

Allstate Violates Drivers’ Privacy, Texas AG Alleges

ANOTHER WinRAR 0-Day: Don’t Patch Now — Uninstall It!

Corporate Layoffs Put Company IP at Risk

The Ultimate ISO 27001 Checklist: Step-by-Step Guide to Simplify Your Compliance Journey

Strengthening Compliance: The Role of WAFs in PCI DSS 4.0.1

The 47-Day SSL Certificate Era: What It Means for Site Owners and IT Teams

Why Open-Source Encryption and Automated Key Rotation Aren’t Enough Without Certificate Management

Stay Connected