America Drops to 4th Place in Cybersecurity Awareness

✍🏻 From the Editor’s Desk

Last week showed how even strong awareness in cybersecurity can mask serious gaps. While many know how to pick strong passwords and spot phishing, newer threats like AI-privacy risks and deceptive deepfakes are slipping under the radar. How quickly can organisations and individuals shift their defenses to cover those emerging weak points?

🔎 Deep Brief

America Drops to 4th Place in Cybersecurity Awareness

A recent survey reveals the U.S. has dropped to 4th place globally in cybersecurity awareness.  While many Americans are good at creating strong passwords and spotting scam emails, only 5% recognize AI-privacy risks at work. Other areas of concern include unsafe password storage (only 16% know where to store them securely) and weak Wi-Fi security. 

These gaps matter because technology is changing fast. AI tools are becoming part of daily workflows — but when people are unaware of how data is used, shared, or exposed through these tools, risk rises. The survey suggests simple security habits (e.g. multi-factor authentication, regular software updates, using a VPN) are still very useful.

🧠 Strategy in Action

Legal teams are Stepping Up

According to the Herbert Smith Freehills Kramer Cyber Risk Survey, legal teams are stepping up in organisations’ cyber-risk frameworks. In particular, general counsel and legal departments are increasingly involved not just as responders when something goes wrong, but as proactive parts of planning, risk assessment, policy making, and compliance.

👉 Takeaway: That shift has practical outcomes. Organisations that involve legal early tend to better map regulatory obligations, spot where contracts expose them to risk, and clarify who is accountable during a breach. By treating cyber risk as something that combines technical, legal, and business perspectives, these companies report fewer surprises and faster response times when threats emerge.

🕵️ Threat Actor Spotlight

North Korean group Kimsuky

The North Korean group Kimsuky has begun using deepfake technology in phishing campaigns aimed at targets in South Korea. Their recent approach: generate realistic images of South Korean military ID documents via AI tools (including ChatGPT) to lend credibility to emails that ask people to review drafts of official documents.

These attacks are crafted for maximum trust. The IDs connect with the recipient’s domain (military, defense, research), increasing the chance they'll engage. The malicious emails include links and files (e.g. zip → LNK) that, once opened, execute malware.This shows threat actors are combining social engineering with synthetic content to bypass suspicion and trick users. 

🛠️ Tool Check

PAM Tools Comparison

Privileged Access Management (PAM) tools are key to controlling who can access sensitive systems. Comparitech has listed 7 top PAM solutions, each with strengths and trade-offs.

• Delinea Secret Server – A secure password vault with strong audit trails, supporting both on-premises and cloud deployment. Suitable for organizations needing flexible access control.

• CyberArk PAM – Enterprise-grade platform with robust session management and access monitoring. A good fit for large-scale environments but comes with a steep learning curve.

• ARCON PAM – Centralized platform offering continuous monitoring of privileged accounts. Designed for enterprises seeking tighter oversight of privileged access.

• KeeperPAM – Zero-trust and zero-knowledge architecture with just-in-time access features. Well-suited for cloud or hybrid environments.

• WALLIX Bastion – Strong option for distributed setups with secure remote and roaming access management. Good for organizations with global teams.

• BeyondTrust – Provides broad operating system support, combining credential management with advanced threat detection. A versatile choice for mixed IT environments.

• One Identity – Offers unified identity and access governance with detailed auditing capabilities. Ideal for enterprises focused on compliance and governance.

🗣️ Community Signal

Looking ahead, we see a handful of interconnected mega themes driving investment opportunities in cybersecurity. One of the biggest is platformization – consolidating security tools into a unified platform. Today, major companies juggle on average 130 different cyber security tools. This approach often creates complexity, not clarity, and can leave dangerous gaps in protection particularly as the rise of connected devices like robots and drones is making unified security platforms more important than ever. Meta Marshall, Morgan Stanley’s Cybersecurity and Network and Equipment Analyst.

📚 Don’t Miss This

• More than 100 cybersecurity experts urge senators to confirm Kirsten Davies as Pentagon CIO

• CrowdStrike Among Those Hit In NPM Attack Campaign

• The US government plans to provide a safety mark certification for consumer-grade IoT devices in 2023, similar to the Energy Star program

 🔗 Stay Connected

|Manage preferences|  |Refer a colleague |  |Contact us|  

Until next edition!