Dilki Rathnayake

Cyber threats evolve rapidly in our current digital world—and Australia is no exception. AI-driven scams, ransomware, and social engineering tactics are only getting more sophisticated. In this interview with Gaidar Magdanurov, President of Acronis, we explore the latest trends in Australia’s cybersecurity landscape, the unique vulnerabilities faced by the region, and how organizations, especially small and medium-sized businesses, can better protect themselves in this dynamic threat environment. 1. How has the nature of cyber threats in Australia evolved over the past year, particularly regarding AI-driven scams and attacks? I would say that Australia is not much different from the rest…

For decades, businesses have employed penetration testing, simulating cyberattacks on their IT systems—to uncover vulnerabilities that hackers could exploit. Traditionally, this process was manual, requiring skilled professionals to probe defenses meticulously, look for any chink in the security armor, and use creativity, technical expertise, and an understanding of attacker strategies. While effective, manual testing can be time-consuming and costly. Today, technological advancements, including artificial intelligence (AI) and machine learning, have transformed the landscape. Automated network penetration testing tools streamline vulnerability discovery by scripting repetitive tasks and running them on a schedule, making regular testing more accessible, even for smaller organizations.…

In July 2024, the City of Columbus, Ohio, experienced a ransomware attack that exposed the personal information of approximately 500,000 residents. While officials quickly took systems offline to contain the incident and reported halting the attack before ransomware encryption could be deployed, stolen data soon surfaced on the dark web. The city later filed a lawsuit against David Leroy Ross, a security researcher known as Connor Goodwolf, who publicly claimed that resident information had been compromised. The city of Columbus argued that Ross’s statements, shared with local media, posed a risk to sensitive data disclosure during the ongoing investigation. Nearly…

VIPRE Security Group’s Q3 2024 Email Threat Trends Report reveals the increasing sophistication of email-based threats, particularly business email compromise (BEC) and malspam campaigns, which have intensified across industries. Analyzing 1.8 billion emails globally, of which 208 million were identified as malicious. As email security advances, cybercriminals are using more sophisticated tactics to evade detection. They often disguise harmful attachments, such as PDFs and DOCX files, as harmless voicemails or urgent security updates to trick recipients. VIPRE’s Chief Product and Technology Officer, Usman Choudhary, commented, “BEC and phishing attacks are becoming more targeted and convincing, highlighting the critical need for…

In today’s fast-evolving digital landscape, Cybersecurity Advisory Boards (CABs) are essential in assisting organizations in navigating the complexities of today’s digital environment. By bringing together industry leaders, CABs provide strategic insights, foster collaboration, and ensure cybersecurity strategies stay ahead of emerging threats. We spoke with Security Sisters Network TM (SSN) about the importance of CABs in the industry. SSN is a small, woman-owned business with a global network of over 18,000 CXOs. SSN emphasizes advocacy, networking, and relationship-building within the cybersecurity sector. SSN creates deep, lasting partnerships with key CXOs by focusing on targeted, high-touch interactions. Their flagship programs develop…

In the complex world of compliance, professionals deal with many responsibilities that go well beyond just cybersecurity. Compliance can encompass areas such as financial regulations, anti-money laundering practices, and safety standards, each requiring its own set of specialized skills; however, a fundamental understanding of cybersecurity principles becomes essential when the focus shifts to cybersecurity compliance. Unfortunately, many compliance professionals have only basic or novice skills in technology, which is a crucial area of understanding. Dilki Rathnayake, the managing editor of Information Security Buzz, spoke to Jay Trinckes, CISO of Thoropass, to discuss the reasons behind this skills gap, the role…

Digital Rights Management (DRM) systems are a crucial tool for protecting digital content from unauthorized access or reproduction. Whether you’re a content creator looking to protect your intellectual property or a business looking to protect revenue streams, DRM is an essential consideration. In this article, we’ll explore the various types of DRM systems, the benefits and challenges of using them, and best practices for implementing DRM to safeguard against unauthorized access or reproduction of protected content. Introduction to Digital Rights Management At its core, Digital Rights Management is a set of technologies and techniques that are used to protect digital…

Cybercriminals are capitalizing on a burgeoning opportunity, akin to a modern-day Gold Rush. With the escalating trend of enterprises migrating their data and applications to cloud environments, the potential for cloud-based cyberattacks continues to expand exponentially. More cloud usage and increased operational complexity, in part due to multicloud use, are leading to an uptick in cloud breach events. This new frontier primarily targets SaaS applications, cloud-based storage, and cloud-hosted applications. Nearly half of the 3,000 respondents in the 2023 Thales Cloud Security Study reported a cloud data breach. SaaS applications’ growing popularity – Thales reports a mean of 97…

When it comes to cybersecurity, bad actors never stand still. As a result, neither can today’s security professionals, technology providers and data privacy legislators. Indeed, an attacker now needs just 102 minutes to begin to move laterally once they have compromised a single device. This puts organizations under the gun to not only identify threats but respond at record speeds to avoid security incidents and ensure compliance with stringent regulations. This article explores three of the top data security challenges that organizations face today and offers advice for mitigating security and compliance risks. Ransomware Ransomware continues to be a pressing threat to…

The idea of removing local admin rights from every single user in your organisation is likely to spark strong reactions. But local admin privileges are like juicy colourful fruit waiting to be picked by threat actors and used to penetrate a network, so give me a chance to explain its importance. The need – and urgency – to remove powerful privileges from ‘regular’ business users’ endpoints, is considerable. Ordinary users at work don’t need full access to their systems, let alone the ability to execute arbitrary code with elevated privileges. That’s far too dangerous. The challenge though? These rights still…