Tech Republic

A new report published by the U.K. government says that OpenAI’s o3 model has made a breakthrough on an abstract reasoning test that many experts thought “out of reach.” This is an indicator of the pace that AI research is advancing at, and that policymakers may soon need to decide whether to intervene before there is time to gather a large pool of scientific evidence. Without such evidence, it cannot be known whether a particular AI advancement presents, or will present, a risk. “This creates a trade-off,” the report’s authors wrote. “Implementing pre-emptive or early mitigation measures might prove unnecessary, but waiting for conclusive evidence could leave society vulnerable to risks that emerge rapidly.” In a number of tests of programming, abstract reasoning, and scientific reasoning, OpenAI’s o3 model performed better than “any previous model” and “many (but not all) human experts,” but there is currently no indication of its proficiency with real-world tasks. SEE: OpenAI Shifts Attention to Superintelligence in 2025 AI Safety Report was compiled by 96 global experts OpenAI’s o3 was assessed as part of the International AI Safety Report, which was put together by 96 global AI experts. The aim was to summarise all the existing literature on the risks and capabilities of advanced AI systems to establish a shared understanding that can support government decision making. Attendees of the first AI Safety Summit in 2023 agreed to establish such an understanding by signing the Bletchley Declaration on AI Safety. An interim report was published in May 2024, but this full version is due to be presented at the Paris AI Action Summit later this month. o3’s outstanding test results also confirm that simply plying models with more computing power will improve their performance and allow them to scale. However, there are limitations, such as the availability of training data, chips, and energy, as well as the cost. SEE: Power Shortages Stall Data Centre Growth in UK, Europe The release of DeepSeek-R1 last month did raise hopes that the pricepoint can be lowered. An experiment that costs over $370 with OpenAI’s o1 model would cost less than $10 with R1, according to Nature. “The capabilities of general-purpose AI have increased rapidly in recent years and months. While this holds great potential for society,” Yoshua Bengio, the report’s chair and Turing Award winner, said in a press release. “AI also presents significant risks that must be carefully managed by governments worldwide.” More must-read AI coverage International AI Safety Report highlights the growing number of nefarious AI use cases While AI capabilities are advancing rapidly, like with o3, so is the potential for them to be used for malicious purposes, according to the report. Some of these use cases are fully established, such as scams, biases, inaccuracies, and privacy violations, and “so far no combination of techniques can fully resolve them,” according to the expert authors. Other nefarious use cases are still growing in prevalence, and experts are in disagreement about whether it will be decades or years until they become a significant problem. These include large-scale job losses, AI-enabled cyber attacks, biological attacks, and society losing control over AI systems. Since the publication of the interim report in May 2024, AI has become more capable in some of these domains, the authors said. For example, researchers have built models that are “able to find and exploit some cybersecurity vulnerabilities on their own and, with human assistance, discover a previously unknown vulnerability in widely used software.” SEE: OpenAI’s GPT-4 Can Autonomously Exploit 87% of One-Day Vulnerabilities, Study Finds The advances in the AI models’ reasoning power means they can “aid research on pathogens” with the aim of creating biological weapons. They can generate “step-by-step technical instructions” that “surpass plans written by experts with a PhD and surface information that experts struggle to find online.” As AI advances, so do the risk mitigation measures we need Unfortunately, the report highlighted a number of reasons why mitigation of the aforementioned risks is particularly challenging. First, AI models have “unusually broad” use cases, making it hard to mitigate all possible risks, and potentially allowing more scope for workarounds. Developers tend to not fully understand how their models operate, making it harder to fully ensure their safety. The growing interest in AI agents — i.e., systems that act autonomously — presented new risks that researchers are unprepared to manage. SEE: Operator: OpenAI’s Next Step Toward the ‘Agentic’ Future Such risks stem from the user being unaware of what their AI agents are doing, their innate ability to operate outside of the user’s control, and potential AI-to-AI interactions. These factors make AI agents less predictable than standard models. Risk mitigation challenges are not solely technical; they also involve human factors. AI companies often withhold details about how their models work from regulators and third-party researchers to maintain a competitive edge and prevent sensitive information from falling into the hands of hackers. This lack of transparency makes it harder to develop effective safeguards. Additionally, the pressure to innovate and stay ahead of competitors may “incentivise companies to invest less time or other resources into risk management than they otherwise would,” the report states. In May 2024, OpenAI’s superintelligence safety team was disbanded and several senior personnel left amid concerns that “safety culture and processes have taken a backseat to shiny products.” However, it’s not all doom and gloom; the report concludes by saying that experiencing the benefits of advanced AI and conquering its risks are not mutually exclusive. “This uncertainty can evoke fatalism and make AI appear as something that happens to us,” the authors wrote. “But it will be the decisions of societies and governments on how to navigate this uncertainty that determine which path we will take.” source

TL;DR: Save 58% on Katteb, an AI content generator that can create more than 30 media types, from articles to product reviews. Have you ever needed AI to create an article or blurb for a newsletter only to get the result, double-check it, and realize that the facts weren’t accurate? If so, you’re not the only one — it’s tricky to customize your prompt and ensure everything the chatbot creates is fully fact-checked. Instead of dealing with subpar results and doing the additional legwork of fact-checking, let Katteb create content instead. This AI generator is designed to save you time by creating articles, product reviews, and so much more content that’s actually error- and plagiarism-free. Grab it while lifetime access is only $79.99 (reg. $195) while supplies last. Your new favorite AI tool Imagine having an AI tool that does as it’s told — and does it correctly. That’s what having Katteb makes a reality. Instead of double-checking what AI’s written for you, you could reallocate that time to other time-consuming tasks. Check out what Katteb AI can do for you: Generate fact-checked and SEO-optimized articles with in-text citations and relevant images up to 2,500 words with just one click. Rewrite web pages and offline text in more than 110 languages while preserving the HTML formatting. Read product specs and prices on Amazon to develop original Amazon product reviews in a single click. Write content based on YouTube videos lasting up to 30 minutes in 110+ languages. Export your generated content to WordPress, Blogger, external files, etc. Plus, Katteb is dedicated to creating content free from errors and plagiarism. The platform has its own innovative proofreading tools, which support over 25 languages. They will ensure everything from web page summaries to articles has zero errors. It can even sniff out any plagiarism in your text and rewrite content if uncovered. Grab lifetime access to the Katteb AI content generator while its price drops to just $79.99. Act now while inventory is still available! Prices and availability are subject to change. Katteb AI Content Generator: Lifetime Subscription Only $79.99 at TechRepublic StackSocial prices subject to change. source

The U.S. Cybersecurity and Infrastructure Security Agency has added four vulnerabilities to its catalog of Known Exploited Vulnerabilities, warning federal agencies to take immediate action. While the mandate applies primarily to Federal Civilian Executive Branch agencies, the alert serves as a wake-up call for all organizations to assess their security posture and defend against emerging cyber threats. Must-read security coverage What are the four vulnerabilities? The four vulnerabilities are: CVE-2024-45195: A direct request ( or ‘Forced Browsing’) vulnerability in the Apache OFBiz ERP system. In this vulnerability, which was patched in September 2024, a threat actor could use URLs, scripts, or files to run arbitrary code on the server. CVE-2024-29059: A .NET Framework Information Disclosure Vulnerability in the Microsoft .NET Framework versions 3.5 and 4.8. Specifically, an error message could be generated that contained sensitive information such as passwords or the full pathname of the installed application. The error could pop up in multiple ways, either automatically generated by the source code or generated by a language interpreter or other external element. It was patched in March 2024. CVE-2018-9276: An issue in PRTG Network Monitor that could allow a threat actor with administrative access to the PRTG System Administrator to exploit an OS command injection vulnerability. It was patched in 2018. CVE-2018-19410 is another issue in PRTG Network Monitor. By exploiting it, an author can use HTTP requests and perform a Local File Inclusion attack to create users with read-write privileges (including administrator). It was patched in 2018. SEE: The U.K. has released a world-first Cyber Code of Practice to help developers, system operators, and organizations safely manage AI. “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said in its alert. Monitoring known exploited vulnerabilities can strengthen an organization’s overall security posture. In this case, the software companies patched the vulnerabilities — sometimes years ago — and users do not need to take any action. In addition, the vulnerabilities highlight the importance of compliance and reporting on security in critical sectors. source

IT leaders are concerned about the rocketing costs of cyber security tools, which are being inundated with AI features. Meanwhile, hackers are largely eschewing AI, as there are relatively few discussions about how they could use it posted on cyber crime forums. 1 New Relic Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Analytics / Reports, API, Compliance Management, and more 2 Wrike Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Medium, Large, Enterprise Features 24/7 Customer Support, 360 Degree Feedback, Accounting, and more In a survey of 400 IT security decision makers by security firm Sophos, 80% believe that generative AI will significantly increase the cost of security tools. This tracks with separate Gartner research that predicts global tech spend to rise by almost 10% this year, largely due to AI infrastructure upgrades. The Sophos research found that 99% of organisations include AI capabilities on the requirements list for cyber security platforms, with the most common reason being to improve protection. However, only 20% of respondents cited this as their primary reason, indicating a lack of consensus on the necessity of AI tools in security. Three-quarters of the leaders said that measuring the additional cost of AI features in their security tools is challenging. For instance, Microsoft controversially increased the price of Office 365 by 45% this month due to the inclusion of Copilot. On the other hand, 87% of respondents believe that AI-related efficiency savings will outweigh the added cost, which may explain why 65% have already adopted security solutions featuring AI. The release of low-cost AI model DeepSeek R1 has generated hopes that the price of AI tools will soon decrease across the board. SEE: HackerOne: 48% of Security Professionals Believe AI Is Risky But cost isn’t the only concern highlighted by Sophos’ researchers. A significant 84% of security leaders worry that high expectations for AI tools’ capabilities will pressure them to reduce their team’s headcount. An even larger proportion — 89% — are concerned that flaws in the tools’ AI capabilities could work against them and introduce security threats. “Poor quality and poorly implemented AI models can inadvertently introduce considerable cybersecurity risk of their own, and the adage ‘garbage in, garbage out’ is particularly relevant to AI,” the Sophos researchers cautioned. Must-read security coverage Cyber criminals are not using AI as much as you may think Security concerns may be deterring cyber criminals from adopting AI as much as expected, according to separate research from Sophos. Despite analyst predictions, the researchers found that AI is not yet widely used in cyberattacks. To assess the prevalence of AI usage within the hacking community, Sophos examined posts on underground forums. The researchers identified fewer than 150 posts about GPTs or large language models in the past year. For scale, they found more than 1,000 posts on cryptocurrency and more than 600 threads related to the buying and selling of network accesses. “Most threat actors on the cybercrime forums we investigated still don’t appear to be notably enthused or excited about generative AI, and we found no evidence of cybercriminals using it to develop new exploits or malware,” Sophos researchers wrote. One Russian-language crime site has had a dedicated AI area since 2019, but it only has 300 threads compared to more than 700 and 1,700 threads in the malware and network access sections, respectively. However, the researchers noted this could be considered “relatively fast growth for a topic that has only become widely known in the last two years.” Nevertheless, in one post, a user admitted to talking to a GPT for social reasons to combat loneliness rather than to stage a cyber attack. Another user replied it is “bad for your opsec [operational security],” further highlighting the community’s lack of trust in the technology. Hackers are using AI for spamming, gathering intelligence, and social engineering Posts and threads that mention AI apply it to techniques such as spamming, open-source intelligence gathering, and social engineering; the latter includes the use of GPTs to generate phishing emails and spam texts. Security firm Vipre detected a 20% increase in business email compromise attacks in the second quarter of 2024 compared to the same period in 2023; AI was responsible for two-fifths of those BEC attacks. Other posts focus on “jailbreaking,” where models are instructed to bypass safeguards with a carefully constructed prompt. Malicious chatbots, designed specifically for cybercrime have been prevalent since 2023. While models like WormGPT have been in use, newer ones such as GhostGPT are still emerging. Only a few “primitive and low-quality” attempts to generate malware, attack tools, and exploits using AI were spotted by Sophos research on the forums. Such a thing is not unheard of; in June, HP intercepted an email campaign spreading malware in the wild with a script that “was highly likely to have been written with the help of GenAI.” Chatter about AI-generated code tended to be accompanied with sarcasm or criticism. For example, on a post containing allegedly hand-written code, one user responded, “Is this written with ChatGPT or something…this code plainly won’t work.” Sophos researchers said the general consensus is that using AI to create malware was for “lazy and/or low-skilled individuals looking for shortcuts.” Interestingly, some posts mentioned creating AI-enabled malware in an aspirational way, indicating that, once the technology becomes available, they would like to use it in attacks. A post titled “The world’s first AI-powered autonomous C2” included the admission that “this is still just a product of my imagination for now.” “Some users are also using AI to automate routine tasks,” the researchers wrote. “But the consensus seems to be that most don’t rely on it for anything more complex.” source

Live Oak Bank is a digital-first bank that provides tailored financial services for small businesses and entrepreneurs across various industries. Offering a range of products from high-yield business savings accounts to specialized small business loans, Live Oak Bank aims to help business owners access competitive rates, simplified banking, and a highly responsive customer service experience. Wondering if Live Oak Bank is right for your business needs? Below, I dive into Live Oak Bank’s key services, rates, customer reviews, and competitive comparisons to see how it stands up in the business banking landscape. Live Oak Bank fast facts My rating: 4.7 out of 5Starting price: No monthly maintenance fees for accountsKey features: High-Yield business savings: Competitive APY for small business savings accounts Specialized loans: Customizable loan solutions for small business growth Digital-first model: Full online banking services with a dedicated customer support team FDIC-insured: Account balances insured up to $250,000 Overview of Live Oak Bank Live Oak Bank caters specifically to business clients, providing industry-focused loan products and high-interest savings options. With a digital-only banking approach, Live Oak makes it easy for entrepreneurs to manage funds and apply for loans without the need to visit a physical branch. The bank supports a range of industries, from veterinary practices and healthcare providers to breweries and self-storage businesses, by offering unique financial tools and knowledgeable customer support. In addition, Live Oak Bank’s user-friendly mobile platform and web app streamline the process for busy business owners. Let’s take a closer look at what Live Oak Bank offers and how it stands out among other digital banking competitors. Live Oak Bank Reviews: User opinions and ratings 4.65/5 Live Oak Bank users frequently praise its high-yield savings rates, loan options, and customer service tailored for business owners. The platform’s industry-specific loan products are particularly valued by niche businesses that often struggle to find financing through traditional banks. However, some users report that the digital-only setup can be limiting, especially if they prefer in-person support or need access to cash transactions. Overall, Live Oak Bank is highly rated for its specialized offerings and strong online experience. Trustpilot: 4.6 out of 5 stars G2: 4.7 out of 5 stars While many customers appreciate Live Oak Bank’s digital tools and high-yield savings accounts, others find the lack of physical branches and cash deposit options to be a drawback. Despite this, Live Oak’s industry expertise, loan offerings, and competitive APYs make it a top choice for digital-forward businesses. Live Oak Bank’s pricing structure Live Oak Bank’s fee structure is simple and business-friendly. They offer accounts with no monthly maintenance fees, which can help small businesses minimize their expenses. Here’s a breakdown of the key pricing points for Live Oak Bank’s offerings: No monthly fees: Account maintenance is free, with no hidden charges for standard transactions. High-yield savings APY: Live Oak offers a competitive APY on its business savings accounts, though rates may vary. Customized loan terms: Business loan fees and rates are determined by the borrower’s needs and industry type. No minimum balance: Live Oak Bank’s accounts do not have a minimum balance requirement, making it accessible for businesses of any size. Key features of Live Oak Bank 4.7/5 Live Oak Bank provides several unique features that can appeal to small business owners and entrepreneurs looking to open a business bank account that has services tailored to their digital infrastructure needs. Below are some of the standout offerings: Industry-specific loan options: Live Oak Bank specializes in providing loans for specific industries such as healthcare, agriculture, veterinary services, and more. This targeted approach allows business owners to access loan products with terms and conditions suited to their industry’s unique requirements. Whether for expansions, equipment financing, or startup funding, Live Oak Bank offers personalized loan options that can be a valuable asset for growing businesses. High-yield savings accounts: Live Oak Bank’s high-yield savings accounts provide competitive APYs, allowing businesses to grow their reserves. Unlike traditional business accounts, Live Oak offers rates that rival other digital banks, making it an attractive option for business owners looking to maximize their savings. Comprehensive digital banking tools: As a digital-only bank, Live Oak provides an intuitive online platform and mobile app where customers can easily manage accounts, check balances, and apply for loans. The bank also offers customer service representatives who are highly knowledgeable in specific industries, giving users access to specialized support without needing a physical branch. FDIC-insured security: Partnering with FDIC-insured institutions, Live Oak Bank ensures that customer deposits are protected up to $250,000, giving business owners peace of mind when managing larger sums through a digital-only bank. More Banking Coverage What business types are supported by Live Oak Bank? Live Oak Bank works with a wide range of industries and business types, offering loans and banking services specifically tailored to various sectors. The primary industries served include: Healthcare: Including veterinary practices and dental clinics Agriculture: Loans for farmers and agricultural businesses Self-storage and warehousing Franchises: Financial solutions for franchise operators Breweries: Specialized loans and financing for breweries Live Oak’s support for these sectors makes it a valuable partner for business owners operating within these industries, as they can access products specifically designed to meet industry standards and requirements. Would our expert recommend Live Oak Bank? 5.00/5 Live Oak Bank is a highly recommended option for small business owners, especially those in specialized industries looking for accessible loans and high-yield savings options. With its no-fee checking, competitive APYs, and industry-specific loan products, Live Oak Bank provides valuable tools for business owners who prefer a tech-forward banking experience. Expert’s opinion: Live Oak Bank is a strong choice for digital-first entrepreneurs seeking flexible, specialized financial solutions. However, businesses that require cash-handling services or prefer in-person banking may want to explore alternative options. Live Oak Bank pros Competitive interest rates for business savings No monthly fees or hidden charges Industry-specific loan products for unique financing needs Simple online and mobile account management Live Oak Bank cons No cash deposit options Limited to digital services with no

Sophos has completed its $859 million acquisition of managed cyber security services provider Secureworks in an all-cash transaction. It now claims to be the “leading pure-play” provider of Managed Detection and Response Services, supporting more than 28,000 global organisations. Secureworks is an Atlanta, U.S.-based cybersecurity company that focuses on threat detection, response, and managed security services. Its acquisition will build out Sophos’ security operations platform for mitigating cyber attacks. “The open and scalable platform helps organizations, especially those with diverse IT estates, safeguard current and future technology investments, providing greater operational efficiencies and return on cybersecurity spend,” Sophos said in a press release about the Secureworks acquisition. Furthermore, Sophos X-Ops, its threat intelligence unit, is expanding its capabilities with the addition of Secureworks’ Counter Threat Unit and security operations and advisory teams. SEE: IBM Acquires HashiCorp for $6.4 Billion, Expanding Hybrid Cloud Offerings “With the integration of Secureworks, our expanded services and product portfolio will provide even stronger end-to-end security solutions that will include identity threat detection and response (ITDR), next-gen SIEM and managed risk, all in a single open platform,” said Sophos CEO Joe Levy, in the release. “We will also be able to further advance our AI, threat intelligence and attack research through more diverse and deeper global telemetry that is analyst-tuned for the real-world. At every level, we are very excited about this next accelerated chapter for Sophos.” Sophos cottoned onto AI nearly a decade ago, leading to dominance Secureworks was acquired by Dell in 2011 for $612 million. Prior to this acquisition, it owned 79.2% of the company, but has been trying to sell up for a number of years. Secureworks has reportedly struggled to differentiate from other large cyber security providers, leading to a loss of share value. Meanwhile, U.K.-based Sophos posted turnover of £644 million in March 2024, marking 5.4% growth, and saw profits double from £100.1 to £183.2. Levy said that Sophos has managed to maintain dominance in MDR, in part, thanks to its “native artificial intelligence” that it first developed nearly a decade ago. He also cited its “mature competencies in ransomware detection, malware analysis and threat actor tradecraft.” Dell and other Secureworks shareholders will receive $8.50 per share in cash in the acquisition, which was originally announced last October. For now, both companies will continue to operate separately, supporting existing clients and developing their own new business opportunities. Cyber attacks are fueling an acquisition boom Cyber attacks are becoming an increasingly serious problem for businesses due to the growing sophistication of hackers that are now augmented by AI, widespread digitization, and the rising value of sensitive data. As a result, cyber security companies are in great demand, and are competing to provide the most comprehensive offering. SEE: 99% of UK Businesses Faced Cyber Attacks in the Last Year In 2024, Cisco acquired Splunk, a data analytics and security platform, for $28 billion, while Mastercard acquired threat intelligence company Recorded Future for $2.65 billion. U.S. private equity firm Thoma Bravo bought AI security firm Darktrace for $5.3 billion, after acquiring Sophos in 2020 for $3.9 billion. So far this year, 1Password, Tenable, WatchGuard, and Darktrace have all announced acquisitions to expand their security offerings. source

An email announcing Google’s elimination of various programmes intended to improve diversity at the company was sent to employees on Wednesday. The email was first seen by the Washington Post saw the email and was the first to report about it. Google is no longer setting hiring targets to improve representation, and is considering ceasing the publication of its annual diversity report. The company said the review of its diversity report is part of a wider evaluation of other DEI-related initiatives, such as grants and training, that “raise risk, or that aren’t as impactful as we’d hoped.” The tech giant is also examining recent court rulings and executive orders from U.S. President Donald Trump that prohibit federal contractors such as Google from engaging in DEI initiatives. President Trump has mandated the elimination of all DEI-related positions in federal agencies, the discontinuation of diversity initiatives among federal contractors, and the removal of language related to gender identity from federal communications and policies. He has also directed federal agencies to identify private-sector entities for potential investigations of unlawful DEI-related practices. Trump’s orders refer to DEI as “dangerous, demeaning, and immoral race- and sex-based preferences” and emphasises hiring based on “individual initiative, skills, performance, and hard work.” Despite these changes, Google maintained in its email that it would keep its resource groups for underrepresented employees and would continue expanding its offices in cities with diverse populations. However, it will eliminate “aspirational goals” tied to hiring targets. SEE: Only a Quarter of Cybersecurity Professionals are Women In a statement responding to the leaked email, Google told The Guardian: “We’re committed to creating a workplace where all our employees can succeed and have equal opportunities, and over the last year we’ve been reviewing our programs designed to help us get there. “We’ve updated our 10-k language to reflect this, and as a federal contractor, our teams are also evaluating changes required following recent court decisions and executive orders on this topic.” Google’s most recent diversity report stated that 33.8% of its U.S. employees were women, 5.7% were Black, and 7.5% were Latinx. Other big players in tech are also paring back DEI initiatives Under the current administration’s executive orders, some of Silicon Valley’s biggest players are scaling back their DEI initiatives. Alphabet, Google’s parent company, omitted that it was “committed to making diversity, equity, and inclusion part of everything we do and to growing a workforce that is representative of the users we serve” in its annual filing to the Securities and Exchange Commission this week, despite including it in every report since 2021. In December, Amazon removed some DEI-related wording from its website and informed employees it was “winding down outdated programs and materials” associated with inclusion in a company-wide memo, according to Bloomberg. Meta eliminated its DEI programs last month due to “legal and policy landscape surrounding diversity, equity and inclusion efforts,” according to a memo seen by Axios. The state of Oklahoma has made a shareholder proxy proposal to Alphabet, Amazon, and four other large companies asking for “political neutrality” in their policies, essentially urging them, as an investor, to cease their DEI initiatives. Apple has recommended that its shareholders reject a similar proposal from a conservative think tank, calling it “unnecessary.” source

Over a fifth of CISOs have been pressured not to report a compliance issue, according to new research. As they take on greater responsibility in the boardroom, they also face increasing accountability for security incidents, making them more vulnerable to executive pressure when compliance risks arise. The report, published by data management platform Splunk, also found that 59% of CISOs would be willing to become a whistleblower if their company ignored compliance requirements. However, the fact that some feel compelled to take such drastic measures highlights a deeper issue — a communication breakdown between CISOs and corporate boards. The disconnect is often rooted in lack of awareness among executives regarding the complexity and time required to maintain compliance. Board members may underestimate the security team’s workload and, when faced with delays or challenges, may encourage CISOs to downplay or withhold issues instead of reporting them. “While boards know compliance is important, many may not fully realize or understand the work required to achieve it,” said Kirsty Paine, field CTO and strategic advisor for Splunk, in The CISO Report. “With a lack of day-to-day insight, it’s not surprising that board members think it should be ‘easy’ or are confused when CISOs and their teams take excessive amounts of time to achieve and sustain a strong compliance posture.” Splunk’s research surveyed 500 security leaders, including CISOs, and 100 board members across 16 industries worldwide to examine how cybersecurity decision-makers and executive teams interact. The findings reveal a growing presence of CISOs in corporate leadership, but also persistent challenges in aligning security with business priorities. CISOs are being brought into the boardroom as cyber threats become a bigger risk, but face growing challenges As cyber threats continue to rise, CISOs are being given an increasing amount of responsibility. The report found that 82% now report directly to the CEO, up from 47% in 2023, and 83% attend board meetings regularly. However, this increased presence has not translated into better alignment between security teams and executives. The study revealed that 94% of CISOs have experienced a disruptive cyberattack, with 55% reporting multiple incidents and 27% facing repeated breaches. Despite these threats, CISOs and board members remain divided on key priorities, budgeting, and strategic focus. SEE: Global Cyber Attacks to Double from 2020 to 2024, Report Finds Despite CISOs being entrusted with strategic decision making, the Splunk report highlighted some clear areas of misalignment between them and the rest of the board. For instance, 52% of boards think CISOs spend most of their time aligning their security efforts with business objectives, but only 34% of CISOs said this was the case.In reality, the bulk of their work involves choosing, installing, and operating technology, according to 57% of CISOs. CISOs also have different priorities to the rest of the board. More than half, or 52%, prioritise innovating with emerging technologies, while only 33% of boards agree. A similar percentage, 51%, also ranked upskilling and reskilling security employees as important, but only 27% of boards shared that view. When it comes to compliance, only 15% of CISOs ranked it as a top performance metric, likely because many see it as a checkbox exercise that results in only baseline levels of security. However, 45% of boards appreciate it as an important metric. Must-read security coverage CISOs believe they are good at communicating, but evidence suggests otherwise The Splunk report shows that CISOs feel they communicate well with the rest of the board, leading to their alignment on key issues. However, they may be overrating their relationship. A total of 61% of CISOs feel they align on strategic security goals, compared to 43% of the board members. When it comes to communicating the progress of security milestones, 44% of CISOs rate their ability highly, but just 29% of board members agree. Such miscommunications are having real consequences on business operations. For instance, only 29% of CISOs report having the proper budget for cybersecurity initiatives and goals, compared to 41% of board members. This insufficient investment is leaving organisations vulnerable to cyberattacks. A total of 62% of CISOs who postponed their technology upgrades to cut costs said it resulted in a successful breach or attack. CISOs need to improve their communication with boards by focusing on the numbers To prevent cyber attacks and compliance misalignment, security leaders must refine their approach when engaging with board members. “Many boards state that they prioritize business growth (44%) over strengthening the cybersecurity program (24%), which means they’re inclined to back cybersecurity initiatives that provide the most value to shareholders and the organization,” the report’s authors wrote. Indeed, 64% of boards say presenting security as a business enabler is the most effective way to increase budgets, but only 43% of CISOs approach the topic that way. Just under half, or 46% of boards say that presenting costs such as downtime and potential fines is the most convincing argument in budget discussions. SEE: Downtime Costs World’s Largest Companies $400 Billion a Year The onus is not just on CISOs. Board members must consult the CISO as a primary stakeholder in decisions that impact enterprise risk and governance, the report’s authors said. “Despite the gaps, they share a duty to safeguard the company. Boards protect profitability and stock price; CISOs protect data and systems. This is something to build on. But it will take communication, understanding, and a generous dose of patience to come together,” they wrote. source

Phishing takes advantage of the weakest link in any organization’s cybersecurity system — human behavior. Phishing attacks are generally launched via email, although some opening salvos have begun using text messaging or phone calls. In the most common scenario, an email arrives purporting to be from HR or IT, for example. It looks just like any other company email. It advises viewers to update their personal information or IT profile by clicking on a link or opening an attachment. When the person does so, they are told to enter personally identifiable information, such as their date of birth, full name, social security number, and passwords. This enables a bad actor to take over their account and steal their identity, and it can also be the initial stage in a ransomware attack that locks the entire company out of IT systems. According to KnowBe4’s 2024 Global Phishing By Industry Benchmarking Report, one in three employees, or 34.3% of an organization’s workforce, are likely to interact with a malicious phishing email. After 90 days of training against phishing scams, 18.9% are still expected to fail a simulated phishing test. After a full year of phishing and security training, this number falls to 4.6% or around 5%. In other words, it is unlikely that any organization can completely eliminate intrusions caused by phishing attempts. This makes it abundantly clear why every organization needs to institute multi-factor authentication. NordLayer Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Small (50-249 Employees), Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Small, Medium, Large, Enterprise Semperis Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Small (50-249 Employees), Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Small, Medium, Large, Enterprise Features Advanced Attacks Detection, Advanced Automation, Anywhere Recovery, and more ESET PROTECT Advanced Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+) Any Company Size Any Company Size Features Advanced Threat Defense, Full Disk Encryption , Modern Endpoint Protection, and more How multi-factor authentication works One of the best defenses against credential-stealing phishing attacks is MFA. This imposes an additional step that individuals must take to be allowed access. Thus, even if cybercriminals compromise an account, they are blocked from causing harm as they should lack the additional item needed to gain entry. MFA introduces several extra security factors in the authentication process, including: Something you know: a password or a PIN. Something you have: a phone, USB drive, or email to receive a code. Something you are: a fingerprint or facial recognition. By having a secondary code-sharing device or a biometric tool for authentication, MFA makes it harder for credential thieves to get past those security factors. If someone clicks a malicious link and credentials are stolen, MFA offers another point of verification that the threat actor cannot access, whether it’s SMS, email verification, or via an authenticator app. For the end user, this means that they will have to either provide a biometric identifier on their device or laptop, or be sent a code by text or an authenticator app on their phone. This typically only takes a few seconds. The only hassle might be when there is a delay in the arrival of the code. Note, however, that threat actors have stepped up their game by finding ways to compromise MFA credentials. According to an alert from the Cybersecurity and Infrastructure Security Agency: “[I]n a widely used phishing technique, a threat actor sends an email to a target that convinces the user to visit a threat actor-controlled website that mimics a company’s legitimate login portal. The user submits their username, password, and the 6-digit code from their mobile phone’s authenticator app.” CISA recommends using phishing-resistant MFA as a way to improve overall cloud security against phishing attacks. There are several ways that this can be accomplished. More cloud security coverage Choosing the best MFA solution for your business Any type of MFA will help protect data in the cloud from a phishing attack. Consumer-grade MFA uses a code sent by text. However, threat actors have figured out ways to trick users into sharing those codes. Further, users may leave themselves vulnerable by not setting up MFA across all of their applications and devices or by turning off MFA completely. Therefore, organizations must favor phishing-resistant MFA and include two or more layers of authentication to achieve a high level of protection against cyberattacks. Here are some of the features to look for in MFA candidates: Code sharing Code sharing operates by sending a text to a mobile phone or a code to an authenticator app on that device. Although code sharing is not enough, it is a good start. Fast ID Online Fast ID Online (FIDO) leverages asymmetric cryptography, where separate keys encrypt and decrypt data. FIDO authentication works in one of two ways: through separate physical tokens or authenticators that are embedded into laptops or mobile devices. NFC NFC stands for near-field communication, which employs a short-range wireless technology embedded into a physical security key such as a phone, a USB device, or a fob. Some methods also use a security chip embedded into a smart card. SEE: Securing Linux Policy (TechRepublic Premium) Recommended MFA solutions There are several enterprise-grade MFA solutions available. PingOne MFA Image: Ping Identity Along with standard MFA features such as one-time passwords and biometrics, PingOne MFA utilizes dynamic policies that IT can use to optimize the authentication process and integrate authentication into business applications. As a cloud-based MFA service, PingOne MFA can provide stronger authentication by requiring a combination of factors — such as requiring a user to scan their biometric fingerprint specifically on their smartphone. Cisco Duo Image: Cisco Duo Cisco Secure Access by Duo offers many out-of-the-box integrations, a simple enrollment process, and convenient push authentication features. It is one of the most widely deployed MFA applications and offers a healthy balance between ease of use and overall

North One North One is a financial technology company and not a bank. Banking services are provided by The Bancorp Bank, N.A; Member FDIC.  is a financial technology (fintech) company that offers small business owners savings from typical account fees by charging no monthly fees and having no minimum balance requirements. It also has various business tools through integration with popular software, QuickBooks, Expensify, Shopify, and more. Additionally, you can streamline your fund allocation through its budgeting feature, Envelopes. North One’s fast facts Our rating: 4.33 out of 5 Starting price: $50 opening deposit. Key features for North One Standard Account: No monthly fees or balance minimums. Physical and virtual cards. Over 50 integrations including QuickBooks, Wave, Patriot Accounting, and Zoho. Links with popular ecommerce sites. Budgeting tool, Envelopes. North One perks include discounts and free trials of software and productivity tools. Image: North One North One’s Business Checking account is a perfect fit for small businesses, especially eCommerce establishments seeking to maximize the powerful integrations offered by this provider. Businesses that often use ACH can choose its higher tier plan to access fee-free same-day ACH services. In addition, North One helps small businesses manage their funds better using its convenient budgeting system, Envelopes. Let’s check out North One Business Checking’s standout features and pricing structure to see how it compares with other financial providers. North One Business Checking Reviews: What Users Think of North One 4.30/5 On Trustpilot, North One received a rating of 4.4 from about 200 reviews and 4.2 from around 50-plus reviews on Product Hunt. Customer feedback has been mostly positive. Many praised its excellent customer service and user-friendly platform. Reviewers mentioned that the support team was knowledgeable and professional, and provided timely responses. Some also appreciated the QuickBooks integration and free and cheap ACH and wire options. Specific North One Business banking reviews were unavailable. However, several users appreciated its Envelopes feature and said the system helps them organize their funds and simplify fund allocation for regular business expenses. One reviewer commented that North One understands the needs of small businesses by offering efficient, reliable, and innovative banking solutions. The negative feedback came from users with suspended or closed accounts. North One Business Checking Pricing Structure 3.82/5 Like many fintech companies, North One offers no monthly fees or balance minimums. An initial $50 deposit is required, but the minimal fees and transparency help small business owners save and anticipate potential account costs. North One Business Checking account: No monthly fees or required balances. $50 opening deposit. Unlimited transactions. Unlimited incoming domestic wires and ACH deposits. $20 outgoing domestic wires. 1.5% fee for same-day ACH. $1 minimum, $15 maximum $4.95 per cash deposit at Green Dot locations. Aside from its standard account, North One offers a higher-tier product, North One Plus, with a monthly fee of $20. The benefits include fee-free same-day ACH and lower domestic incoming wire transfer fees ($15) for those who regularly use these services. North One Business Checking Key Features 4.4/5 North One offers several advantageous features to its customers, especially its budgeting tool, Envelopes. Let’s check its features to see how it gains a competitive edge over other providers. Key features for North One Business Checking: No monthly fees or balance requirements. Same-day ACH. Budgeting tool. Robust integrations. Customer perks. No Monthly Fees and Balance RequirementsWith a North One checking account, you can save on monthly maintenance fees without meeting a minimum balance. You also get unlimited transactions, domestic wires, and ACH deposits, which can contribute to more savings for small businesses. Same-day ACHOnly same-day ACH is available with your North One business account. You will be charged 1.5% of the total transfer amount. However, if you subscribe to the paid plan, North One Plus you can send free ACH payments. Businesses that regularly need to perform same-day ACH can sign up for the higher-tier product for more savings. Budgeting ToolThrough Envelopes, North One’s budgeting feature, you can set aside parts of your funds for specific business expenses like taxes and payroll. You can create unlimited envelopes and set up custom rules. This helps businesses manage their funds better by allocating money for specific spending. Robust IntegrationsWith over 50 software integrations for accounting, financial management, invoicing, payments, POS & eCommerce, payroll, and productivity, you can link your business checking account with your daily tools. This streamlines payment processing and data sharing, leading to more business efficiency. Customer PerksYour North One account lets you access plenty of perks, such as discounts to free trials of popular business products like QuickBooks, Gusto, Stripe, Adobe, Intuit TurboTax, Microsoft Advertising, Zoho, and more. It leads to more savings while you build and grow your business. Would Our Expert Use North One Business Checking? 4.8/5 Small business owners looking for a cost-saving checking account will find North One invaluable. I recommend it for its multiple software integrations, allowing seamless connection with the business platforms you use daily. You will not need to pay for standard monthly and transaction fees. At the same time, you can take advantage of its unlimited domestic wire and ACH deposits. Another distinctive feature I appreciate is its robust eCommerce integrations, like Shopify, Square, and Stripe. Online store owners, Amazon sellers, and dropshippers can easily access customer payments through these platforms. That’s why I included North One in our list of the best banks for eCommerce businesses. Another top feature is its budgeting tool, Envelopes, which makes fund allocation decisions easy. The few drawbacks, however, are that North One is not for cash-reliant businesses. You can deposit cash at Green Dot retail locations, but a fee of up to $4.95 per transaction applies. Your account won’t also earn any interest. Alternatively, you can opt for a traditional provider like U.S. Bank for branch access or Bluevine for interest-earning checking accounts. Before opening an account, see our article on how to open a business bank account to learn the step-by-step process. North One Business Checking Pros Fee-free checking: No monthly fees and