Cyber Security Protection

A public relations firm in the United Kingdom said the quiet part out loud about cybersecurity marketing: that much of it is fiction if not outright fraudulent. Whiteoaks International surveyed 152 senior marketing, PR and communications professionals in the country, working in cybersecurity. The results found 30% said they helped produce content that was excessive, misleading, or unsubstantiated. More than half (51%) said they had seen this type of messaging in the sector. The post Agency admits most marketing is misinformation appeared first on Cyber Protection Magazine.

Many shady practices on the internet are scams, but some seem “scammy.” Cyber Protection Magazine came across one such operation. While ordering food on Grubhub recently, a pop-up appeared telling us we “earned a reward!” Clicking on the link it offered a $20 rebate on my next purchase. Sounds good, doesn’t it? Not really. Note: All the companies involved in this transaction will be named in this article. All were contacted for comment. Only Grubhub responded with a request for additional information and then went silent. Even though the transaction was occurring within the Grubhub mobile app, the pop-up was from an organization called Cashback-Now. The company name is relatively common for several companies, all apparently running the same type of business. In this case the URL is cashback-now.com. The post Scam Bucket: Legal but “scammy” appeared first on Cyber Protection Magazine.

The digital world is changing fast, and now AI agents are appearing as non-human users who act autonomously. They log in to systems, handle transactions, review data, and even negotiate or create things without people having to step in every time. This shift means greater overall demand for software and changes how work is done. However, this should prompt you to consider online trust and security. The post How Non-Human Users Are Reshaping Business and Cybersecurity appeared first on Cyber Protection Magazine.

Time to dig into the RSAC Conference notes. It was only three years ago that vendors were warning of Q-day, the day quantum computers could break current encryption, filled the pages of technology publications and even general news outlets. Those warnings are much more muted this year. What happened? Primarily, the work of NIST solved the issue in setting new standards for encryption. All the post-quantum computing companies, like PQShield and SandboxAQ, are offering encryption products that are more alike than they are different and all are doing good business providing tools and services. We seem to be more than ready for the dreaded Q-Day. Then, again, the progress on creating an encryption-breaking quantum computer is maddeningly slow. The industry still insists 2029 is the Q day ETA, and it will break military-grade encryption in one week… on a single document. Assuming a nation state that has such a computer has stolen 20,000 encrypted documents, it would take 38 years to decrypt them all. But the number of stolen encrypted documents, although inestimable, is probably orders of magnitude higher. So reality mutes the projections of potential disaster. The post Reporter’s Notebook: What happened to ‘Q-Day’? appeared first on Cyber Protection Magazine.

Ransomware is evolving beyond a straightforward data theft issue as technology advances criminal capabilities.… The post Ransomware defence is now a race against time appeared first on Cyber Protection Magazine.

Anthropic’s announcement of Mythos threw a lot of FUD into the cybersecurity market without significant third-party validation of its abilities. Is that FUD justified, another legal form of extortion designed to get security budget dollars, or just another weird marketing ploy? Maybe more to the point, is it a sheep in wolf’s clothing? Mythos does not address encryption, identity or social engineering, representing most of the issues of cybersecurity, It just deals with vulnerabilities in code development. That might negatively impact the cloud-native application protection platform (CNAPP) sector but, at the same time, the tool is only being offered to Fortune 100 companies. Meanwhile, there are hundreds of thousands of large, medium and small enterprises that won’t get it, at least anytime soon unless they steal it. The post Is Mythos a sheep in wolf’s clothing? appeared first on Cyber Protection Magazine.

Cybersecurity companies tend to target large enterprises because, that’s where all the money is. supposedly. They may be missing a lucrative bet and a solution to AI-generated attacks. In 2025, Comcast issued a report that said 95% of all cyber breaches began with someone in an organization clicking on a malicious link. It wasn’t a brilliant hacker breaking through military grade encryption, or a rogue LLM from a major AI platform discovering backdoors. It was someone not paying attention to the warning signs. Security training is supposed to reduce that by making users more aware of those signs. That is being tested by AI-generated phishing programs massively increasing the number of attempts. A Hoxhunt survey estimated Ai has caused a 14X increase in phishing attempts in the past year. Stopping the inevitable The question is, with cybersecurity hitting a $328 billion market size, why is it getting worse? Benny Czarny, CEO of OPSWAT, answers that question in a new book, “Upside Down Cybersecurity” that just came out. “The reality is that the market is not adopting this technology or it’s underlying concept fast enough.” To be accurate, Czarny is talking about OPSWAT’s content disarm and reconstruction (CDR) technology, but based on talks with dozens of CEOs and CISOs at the RSAC Conference in April, the same complaint is made by every company in cybersecurity. Essentially, the customers that haven’t bought into a cybersecurity service or tool is stupid. They don’t say that for publication, but they do say it. They may be missing another reason. Cybersecurity companies don’t know how to sell their products and services to the people that most need them. Conversations with customers at RSAC back that up. Untapped SMB market A 2022 McKinsey survey showed small to medium businesses (SMBs) represent a total market of $1.5 trillion to $2.0 trillion. That market is generally ignored in favor of Fortune 1000 companies. Moreover, the survey noted that current commercial solutions do not meet needs of SMBs and mid-market companies. (It should be noted that McKinsey’s numbers are based on an erroneous 1998 report on the cost of the cybercrime that was overstated by a factor of between 5 and 10 times the actual number. Official total of cybercrime total less than $1 trillion, making the total available market need at less than that.) That’s a meaningful response to Czarney’s complaint. OPSWAT’s focus is on big infrastructure. Their pricing is not transparent because, as the saying goes, “if you have to ask, you can’t afford it.” That limits OPSWAT’s market to less than 150 customers and, as he said, they are making a good living off of it. OPSWAT and the majority of the industry are still, however, leaving billions of dollars on the table. There is evidence that better training makes a difference. Security behavior-change programs, as opposed to traditional awareness model, employees recognized and reported social engineering attacks with a 6x improvement in 6 months, and reduced the number of malicious clicks by 87%, according to a recent report by Hoxhunt. The key, however, may be providing services that block malicious links or alert users to potential danger and with little to no cost to an organization. Encouragingly enough, there are services that do exactly that. Security at $500/month DNSFilter processes about 170 billion DNS queries daily, blocking 200 million categorized threats. That’s millions of phishing campaigns failing to reach targets That’s significant volume. They also claim to block threats an average of 10 days faster than traditional threat feeds. Significantly, their pricing model starts at $240 a year, for up to 20 users up to a minimum of $1080 per year for a large enterprise. This easily fits into the Cyber Protection Magazine Security Under $500 a Month classification. The post Security for less than $500 a month appeared first on Cyber Protection Magazine.

There is a widening gap between how quickly agents are embedded in day-to-day operations and the maturity level of themore The post Responsible agentic rollouts appeared first on Cyber Protection Magazine.

Today’s small and growing businesses run on the cloud, from invoicing and CRM to collaboration and communication. But as cloud adoption accelerates, so does the risk. Cybercriminals increasingly target small businesses precisely because their security posture tends to lag behind their digital footprint. The post What Every SMB Needs To Know About Cloud Security appeared first on Cyber Protection Magazine.

Cloud-native application protection platforms (CNAPP) emerged as an industry niche around 2021, when Gartner coined the term to describe to consolidate cloud‑security capabilities under a single term. The niche evolved as organizations adopted cloud-native technologies and needed integrated security solutions. In short, CNAPP providers consolidate security and compliance into a unified platform to prevent misconfigurations as compliance requirements evolve. It provides real-time detection and response to threats across cloud workloads. It scans code under development for vulnerabilities preventing runtime issues. CNAPP follows and protects cloud-native applications from development to production. Now it sounds like subscribing to a CNAPP tool set is an easy decision for application developers. That’s the easiest decision. It gets harder going forward. The post Reporter’s notebook: Taking a CNAPP appeared first on Cyber Protection Magazine.