Dilki Rathnayake

Various threat actors and organizations are expected to undergo significant changes. Deep and Dark Web (DDW) marketplaces will likely be influenced and governed by law enforcement operations and geopolitical factors, while ransomware, digital extortion, and social engineering will continue to pose serious threats to organizations. These were some of the findings of ZeroFox’s 2025 Key Forecasts Report, which added that generative AI (GenAI) will be a key tool that malicious actors will exploit to enhance the efficiency and effectiveness of their attacks. Daniel Curtis, Manager of Global Intelligence at ZeroFox, says, “The threat from LLMs, deepfake technology, and other…

Small and medium-sized businesses are highly vulnerable to Business Email Compromise (BEC) attacks. Threat actors are evolving, exploiting human error and trust while leveraging automation tools and AI. To shed light on this evolving threat, Information Security Buzz spoke with David Langlands, Todyl’s Chief Security Officer, to discuss the notorious Söze Syndicate, its global impact, and what steps businesses can take to protect themselves. 1. How significant is the threat foreign actors pose using U.S.-based ISPs to facilitate Business Email Compromise (BEC) scams? It’s a significant threat, and we’ve seen threat actors shift towards this direction. Our observations over the past…

The software industry is full of surprises. From development to user experience, it`s a vast avenue of innovations, problem-solving, and security hurdles, driving to create a better and reliable digital landscape for everyone. We spoke with Paul Davis, Field CISO at JFrog, on some interesting topics such as Generative AI, preparing for software outages, and what could be the next Y2K. Dive into this insightful discussion to learn more! What lessons from the Y2K incident remain relevant to today’s cybersecurity challenges? The Y2K crisis was a pivotal moment because we had noticed and knew a problem was coming, and the amount of…

Despite the increase in cloud adoption, there`s a notable decrease in confidence in handling cloud threats in real-time. The skills shortage is also a major challenge with 95% being moderately to extremely concerned and 76% being directly impacted. These were two of the findings of Fortinet’s latest “2025 State of Cloud Security Report,” produced by Cybersecurity Insiders. The report highlights trends and challenges organizations face in the cloud security landscape. Based on insights from over 800 cybersecurity professionals, it also serves as a guide on strengthening organizations’ cloud security posture while adopting innovation in their cloud services. Vincent Hwang, Vice…

Cyber threats evolve rapidly in our current digital world—and Australia is no exception. AI-driven scams, ransomware, and social engineering tactics are only getting more sophisticated. In this interview with Gaidar Magdanurov, President of Acronis, we explore the latest trends in Australia’s cybersecurity landscape, the unique vulnerabilities faced by the region, and how organizations, especially small and medium-sized businesses, can better protect themselves in this dynamic threat environment. 1. How has the nature of cyber threats in Australia evolved over the past year, particularly regarding AI-driven scams and attacks? I would say that Australia is not much different from the rest…

For decades, businesses have employed penetration testing, simulating cyberattacks on their IT systems—to uncover vulnerabilities that hackers could exploit. Traditionally, this process was manual, requiring skilled professionals to probe defenses meticulously, look for any chink in the security armor, and use creativity, technical expertise, and an understanding of attacker strategies. While effective, manual testing can be time-consuming and costly. Today, technological advancements, including artificial intelligence (AI) and machine learning, have transformed the landscape. Automated network penetration testing tools streamline vulnerability discovery by scripting repetitive tasks and running them on a schedule, making regular testing more accessible, even for smaller organizations.…

In July 2024, the City of Columbus, Ohio, experienced a ransomware attack that exposed the personal information of approximately 500,000 residents. While officials quickly took systems offline to contain the incident and reported halting the attack before ransomware encryption could be deployed, stolen data soon surfaced on the dark web. The city later filed a lawsuit against David Leroy Ross, a security researcher known as Connor Goodwolf, who publicly claimed that resident information had been compromised. The city of Columbus argued that Ross’s statements, shared with local media, posed a risk to sensitive data disclosure during the ongoing investigation. Nearly…

VIPRE Security Group’s Q3 2024 Email Threat Trends Report reveals the increasing sophistication of email-based threats, particularly business email compromise (BEC) and malspam campaigns, which have intensified across industries. Analyzing 1.8 billion emails globally, of which 208 million were identified as malicious. As email security advances, cybercriminals are using more sophisticated tactics to evade detection. They often disguise harmful attachments, such as PDFs and DOCX files, as harmless voicemails or urgent security updates to trick recipients. VIPRE’s Chief Product and Technology Officer, Usman Choudhary, commented, “BEC and phishing attacks are becoming more targeted and convincing, highlighting the critical need for…

In today’s fast-evolving digital landscape, Cybersecurity Advisory Boards (CABs) are essential in assisting organizations in navigating the complexities of today’s digital environment. By bringing together industry leaders, CABs provide strategic insights, foster collaboration, and ensure cybersecurity strategies stay ahead of emerging threats. We spoke with Security Sisters Network TM (SSN) about the importance of CABs in the industry. SSN is a small, woman-owned business with a global network of over 18,000 CXOs. SSN emphasizes advocacy, networking, and relationship-building within the cybersecurity sector. SSN creates deep, lasting partnerships with key CXOs by focusing on targeted, high-touch interactions. Their flagship programs develop…

In the complex world of compliance, professionals deal with many responsibilities that go well beyond just cybersecurity. Compliance can encompass areas such as financial regulations, anti-money laundering practices, and safety standards, each requiring its own set of specialized skills; however, a fundamental understanding of cybersecurity principles becomes essential when the focus shifts to cybersecurity compliance. Unfortunately, many compliance professionals have only basic or novice skills in technology, which is a crucial area of understanding. Dilki Rathnayake, the managing editor of Information Security Buzz, spoke to Jay Trinckes, CISO of Thoropass, to discuss the reasons behind this skills gap, the role…