Despite being confident in their ability to spot phishing, many employees still fall for such scams, new research has claimed.
A report from KnowBe4 warns about “misplaced confidence” which can cause even more problems for businesses, showing almost all (86%) of respondents believe they can confidently identify phishing emails.
Yet more than half (53%) fell victim to some form of social engineering scams: 24% fell for a phishing attack, 17% were tricked by a social media scam, and 12% were tricked by a deepfake scam.
High confidence often leads to victimizationEmployees in South Africa lead the way in both the highest confidence levels and highest scam victimization rate (68%), KnowBe4 explains, hinting that misplace confidence can create a false sense of security.
At the other end of the spectrum are UK employees, who reported the lowest scam victim rate (43%). However, this figure too is down 5% compared to 2021, indicating that vulnerability is rising even in regions with historically high confidence levels.
Training is paramount to combating phishing and social engineering, KnowBe4 says, adding that “fostering a transparent security culture” is equally important. While more than half (56%) of employees feel “very comfortable” reporting security concerns, 1 in 10 still hesitate, either out of fear, or uncertainty.
“The Dunning-Kruger effect, which is a cognitive bias where people overestimate their ability, is alive and well in cybersecurity,” commented Anna Collard, SVP Content Strategy & Evangelist at KnowBe4.
“This overconfidence fosters a dangerous blind spot - employees assume they are scam-savvy when, in reality, cybercriminals can exploit more than 30 susceptibility factors, including psychological and cognitive biases, situational awareness gaps, behavioral tendencies, and even demographic traits.”
You might also likeThe time for talk is over. After two years of exploring the potential use cases, growing numbers of organizations are beginning to adopt generative AI (GenAI) to drive tangible business value. Gartner reports that investment in these technologies will continue to rise in the coming months — driving global IT spend to almost USD 6 trillion in the next year.
CIOs are keen to progress beyond the proof-of-concept stage and start putting GenAI to work. Although exciting new capabilities and use cases are emerging on a daily basis, GenAI needs to be built on firm foundations to deliver results. The teams charged with coming up with ideas on how GenAI can be used – and the leaders signing off on their investments of time and money need a solid understanding of how it works. First and foremost, however, they need to focus on making sure they have the data required to fuel the successful adoption of Gen AI tools.
Covering the basesFrom Microsoft leadership teams to US courtrooms, experts are sounding the alarm: with AI, ‘garbage in = garbage out’. If they fail to heed these warnings, organizations will not unlock the benefits they are expecting. Before investing time and money into adopting new use cases for GenAI, organizations need to get the data in place to enable it to succeed. Specifically, they need to cover four core main bases:
1) Modernize existing data
First, organizations need to transform the existing data sets that will be used to train models and drive insights. They need to map and analyze their current data to understand the existing landscape, then use a mix of data warehousing and data lakes to lay the foundations for a robust architecture. They also need to consider the data aggregation, storage, and retrieval requirements, to ensure they can conduct analytics in real time. Data modernization projects can take years to complete, but there is no time to waste – they must be completed in a matter of months.
2) Identify and ingest new sources of quality data
Next, they need to enrich existing data with external insights to add crucial holistic context to supercharge AI. To date, ingesting external data sets has been a time-consuming process, but cloud-based Extract, Transform, Load (ELT) solutions can automatically create pipelines. This enables organizations to quickly bring in reliable data sets that can put them on the path to unlocking deeper insights to fuel their AI use cases.
3) Proactively remove any bias
Next, organizations need to review the entire data landscape to ensure it is clean. They need to be certain their data can be trusted to inform their AI, driving it to make the right decisions. It’s crucial that they identify and remove any unintended biases that might emerge if they feed this data into their AI. By stepping back to consider the potential biases that could arise in their AI use cases before deploying them, they can head off the likelihood of these problems arising in advance.
4) Ensure visibility to underpin data quality and governance
Finally, organizations must eliminate silos, unifying data with end to end visibility to create a single source of truth. AI will not be reliable and accurate if fed with conflicting data - so they must be able to identify confusing conflicts, and remove them. Data evolves over time, which means it is important to maintain visibility over who has changed or added data, and why. This traceability will help identify and overcome potential mistakes, for example, if synthetic training data has been accidentally used for real-world decision-making.
Increasing AI literacy to capitalize on the opportunityThis data provides the raw materials, but it needs to be used in the right way to drive GenAI success. Building knowledge across the business will enable teams to identify use cases that can really generate value. Multiple departments could potentially benefit from GenAI in different ways, so it’s crucial to start with a clear vision and objective in mind. Organizations that invest budget and manhours in training will likely be rewarded with use cases that enable them to confidently deploy GenAI in ways that unlock the fastest ROI.
To enable this, leadership teams must also have a solid level of AI literacy and data literacy. Business leaders need understand how traditional and GenAI models work and how underlying data and training can influence the inferences presented by these models. This will give them a deeper appreciation of the recommendations coming out of an AI based solution in the context of the business use case and they will find themselves in a much better position to accept or decline such recommendations. This is the whole point of the “human in the loop” which is a key factor in the success and acceptance of AI based solutions.
Building on the foundations for successful adoptionBy laying solid data foundations, empowering teams to uncover use cases and ensuring leaders can green-light the right projects, organizations will be on the path to successful GenAI adoption. The opportunity is very exciting, and evolving at a rapid pace, so there is no time to lose. CIOs just need to balance the need for speed with a firm focus on making sure none of the corners are cut. Taking time to lay solid foundations will put them on course for successful GenAI adoption that will unlock value and benefit many different teams across the business.
We list the best project management software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
The growing popularity of Macs and MacBooks in enterprises can in part be attributed to their “secure by design” reputation. And generally, macOS is considered a safe platform, a view widely shared across the tech community.
Although macOS is widely perceived as more secure than Windows, 2024 revealed a worrying trend – a notable increase in Mac-targeted threats. From infostealers like Amos Atomic and Poseidon to advanced nation-state campaigns like BeaverTail and RustBucket, threat actors are exploiting macOS design elements to compromise corporate environments.
An over-reliance on the security mechanisms built-in to macOS can leave organizations vulnerable to attacks, so it’s key for organizations to recognize these risks and understand how to mitigate them effectively.
The Rise of macOS crimewareThere is a growing concern about the presence of malware on macOS, a problem that was relatively minor ten years ago. One contributing factor is the increased prevalence of Macs in business environments, a significant shift from the late 2010s, that has made them more attractive to attackers.
Threat actors have realized there is money to be made from Mac users. As a result, cybercriminals are increasingly targeting them, recognizing the value of these devices for conducting malicious activities.
Additionally, there are more targeted attacks in business environments. Beyond general attacks, Mac users in business environments face targeted attacks from sophisticated threat actors who aim to steal sensitive company data or disrupt operations.
Today, there are more threats to Macs than ever before, but awareness of these threats remains low. In contrast, most Windows users are generally aware of the need for the best antivirus software. However, Mac users often believe their devices are safe by design, a misconception that needs to be reconsidered given the current threat landscape.
Mac myth-bustingWhile the myth that “Macs don’t get malware” has been thoroughly debunked, a lingering perception persists that macOS is inherently safer than other OSes. This belief stems from comparisons to Windows, which faces a staggering volume of malware, but it doesn’t mean that threat actors aren’t actively targeting Macs, too.
2024 saw a significant uptick in macOS-focused crimeware. Infostealers-as-a-service, such as Amos Atomic, Banshee Stealer, Cuckoo Stealer, Poseidon and others, represent a significant portion of these threats. These tools are designed for quick, opportunistic attacks, aiming to steal credentials, financial data, and other sensitive information in one fell swoop.
Amos Atomic, which reportedly began as a ChatGPT project in April 2023, has quickly evolved into one of the most prominent Malware-as-a-Service (MaaS) platforms targeting Mac users. Initially a standalone offering, Amos Atomic has splintered into multiple variants, including Banshee, Cthulu, Poseidon, and RodrigoStealer. These versions are now developed and marketed by competing crimeware groups, spreading rapidly and affecting businesses throughout 2024.
What sets this malware family apart is its shift in distribution tactics. Instead of focusing on cracked games or user productivity apps, it now spoofs a wide range of enterprise applications, significantly broadening its reach and posing a greater threat to corporate environments.
Safe – or unsafe – by design?For convenience, Apple designed Macs so that a single password could be used to unlock the device and allow administrator functions. This means that by default, the same password is used for logging in, installing software, and unlocking the Keychain – the database built into macOS that stores other passwords, including online credentials saved in the browser, application certificates, and more.
In addition, a built-in AppleScript mechanism makes it easy for attackers to fake a legitimate-looking password dialog box. Malware that successfully spoofs a password dialog box to install a fake program is then able to access all the sensitive data stored in the Keychain.
This straightforward yet effective approach is widely adopted by the rash of infostealers currently plaguing macOS businesses and home users. Given how deeply these features are integrated into the system itself, this technique is unlikely to be mitigated by Apple any time soon.
Advanced adversaries: Staying hidden in plain sightRather than the quick-hit tactics of smash-and-grab infostealers, advanced adversaries such as nation-state actors also aim to persist on the device over time. Their goal is to maintain long-term access to compromised devices, often for espionage or other high-value objectives. With Apple introducing user notifications for background login items in macOS Ventura, attackers have adapted by exploring new ways to remain undetected.
Common techniques include trojanizing software, which consists of compromising popular or frequently used applications to ensure the malicious code runs regularly. This can involve infecting development environments such as Visual Studio and Xcode with malicious payloads.
Additionally, leveraging Unix components, threat actors are exploiting overlooked command line elements like zsh environment files (“.zshenv” and “.zshrc”), which execute whenever the user opens a new terminal session, granting the attacker persistent access to the system.
Such tactics underscore the importance of scrutinizing trusted applications, development tools, and the underlying command line environment.
Defensive strategies for organizationsTo protect against the rising tide of macOS threats, organizations should implement proactive and comprehensive security measures. Key defensive strategies include:
The perception that macOS is inherently more secure can create a dangerous blind spot for organizations. Macs are not necessarily more “secure by design” than any other computing platform, and the evidence from 2024 demonstrates that threat actors are increasingly targeting them.
Organizations must treat macOS as a primary target in their security strategy, adopting a layered defense approach and educating users about the risks.
By recognizing and addressing these vulnerabilities, organizations can mitigate the risks of betting too heavily on macOS security – and avoid becoming sitting ducks for the next wave of attacks.
We list the best antivirus software for Mac.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
A little-known device maker is looking to address the growing concerns about smartphone surveillance as modern devices collect and share extensive user data to build digital profiles.
BraX is working to launch BraX3, a business smartphone designed for those who value their privacy above all else - it runs iodéOS, a de-Googled, open source Android 14-based alternative operating system that blocks ads, trackers, and unwanted data sharing.
Instead, the BraX3 uses dedicated privacy-focused servers for essential services, providing safe browsing with privacy-first search engines like Qwant, Brave, and Ecosia.
The most privacy-friendly smartphone yet?The BraX3 also employs Lunar Network for geolocation, blending GPS for outdoor navigation and a secure indoor network-based location service. With no Google identity required, users can enjoy complete anonymity.
It also includes an internet traffic analysis tool, which visualizes who is accessing your data, how much is being collected, and where it is sent. By restricting intrusive applications and ensuring only privacy-compliant apps are used, BraX3 minimizes data exposure without sacrificing functionality.
As for hardware, the BraX3's modular design allows users to replace parts using standard tools, with spare parts available for six years post-launch.
It offers a 6.56-inch HD+ display which supports 90Hz refresh rate, and a pixel density of 280 xhdpi. Under the hood, it boasts the Dimensity 6300 processor (Octa-core, 2.4GHz, 6nm), paired with 8GB of RAM and 256GB of storage. A 5,000mAh battery with 10W charging ensures lasting performance.
It comes with a 50MP camera on the rear as well as a 5MP front camera for selfies. This device features a fingerprint sensor, NFC, Bluetooth 5.2 and multiple 4G and 5G bands.
Crucially, it also supports an eSIM for international travel, dual SIM, and a MicroSD slot.
While the porting process may face delays, BraX hopes that power users will have the option to run Ubuntu Touch, offering an independent app store and Terminal access.
The BraX3 is available for pre-order for $299.00 via crowdfunding platform Indiegogo. With 2,792 backers at press time, this alternative business smartphone signals a rising demand for tech that prioritizes privacy and the right-to-repair.
You might also likeAlthough the likes of Pure Storage, IBM, and Meta believe the writing is on the wall for hard drives, the technology doesn’t look like it will be going away any time soon.
Seagate and its main rival Western Digital are working on magnetic recording methods that will allow the drives to continue increasing in capacity, helping them maintain a clear advantage over SSDs when it comes to storage density.
The main technology leading this charge is HAMR, or heat-assisted magnetic recording, which could see HDDs hitting incredible 100TB capacities. HAMR works by briefly heating the disk surface with a laser to make it easier to write data at higher densities. HDMR - short for heated dot magnetic recording - is HAMR’s likely successor and could lead to even larger drives by focusing the heat and magnetic energy into smaller, more precise areas for even denser data storage.
Not an unreasonable outlayIn a recent The Wall Street Journal article, John Keilman wrote an article covering Seagate’s “fight to store the world’s data”, and mentioned something which caught my attention. “Seagate said two large cloud-computing customers have each ordered one exabyte’s worth of HAMR storage, which works out to tens of thousands of hard drives.”
Keilman didn’t name names - Seagate wouldn’t have told him who the buyers were - but we can narrow the list of suspects down to the usual big US hyperscalers, including Apple, Oracle, Microsoft, Google, Amazon, and Meta. It’s possible that Chinese hyperscalers could have come shopping for the drives, but that seems unlikely to me.
Keilman doesn’t say what capacity drives were sold, but we can assume they will have been Seagate’s highest commercial HDD, the Exos M, which ranges from 30TB (CMR) to 36TB (SMR), with a breakthrough 3TB-per-platter density. Based on timing, it’s likely we’re talking about the 30TB models, as the 32TB drive was only added to the range in December 2024, followed by the 36TB model just a month later.
Assuming the hyperscalers in question paid bulk pricing of around $500 per drive (refurbished models of Seagate's Exos 28TB HDD can currently be purchased for as low as $365), their combined bill likely came to somewhere between $33 and $35 million. For a full exabyte of cutting-edge, high-capacity storage, $16 billion or so isn't an unreasonable outlay.
Seagate previously revealed that a 60TB drive was on its way, and the firm recently announced plans to acquire Intevac, a HAMR specialist, which could help it achieve that 100TB capacity goal faster, as well as ramp up HAMR drive production.
You might also like