Unlike email scams (known as phishing), vishing happens over the phone. Recent studies have highlighted a dramatic escalation in vishing attacks.

The 2025 CrowdStrike Global Threat Report documented a 442% surge in vishing incidents from the first to the second half of 2024.

Additionally, research from Enea indicates that vishing, smishing, and phishing attacks have increased by 1,265% since the launch of ChatGPT.

John Mc Loughlin, cybersecurity expert and CEO of J2 Software, says this type of scam is becoming more common – and more convincing.

“Here’s how it usually works: a scammer calls you, pretending to be from your bank or another trusted company.”

“They’ll say your account has been hacked and then ask you to ‘verify’ your identity by giving them private information like your PIN or password. Because the call feels urgent and sounds real, people often fall for it,” he warns.

Vishing versus Phishing

The Oxford Dictionary defines vishing as a scam where someone pretends to be from a trusted company and tricks one into giving out personal details, like bank or credit card information.

“While both vishing and phishing aim to steal your private info, the big difference is how they do it. Phishing usually comes through fake emails or websites. Vishing uses voice calls or voicemails to create a sense of urgency and pressure you into acting quickly. This voice approach can feel more personal – and more convincing,” he explains.

Scammers are also getting smarter. They now use spoofing technology to make it look like they’re calling from a real company, which makes these calls even harder to spot. That’s why it’s more important than ever for both people and businesses to update their security measures and focus on education and awareness.

How to protect yourself from Vishing

Here are a few simple tips to help stay safe:

• Don’t give out personal info over the phone, especially if the call was unexpected.
• Hang up if something feels off. Trust your gut.
• Double-check who’s calling. Instead of trusting the caller ID, call the company back using their official number.
• Use spam call blockers. Many phones and apps can help block scam calls before they reach you.

Stay Alert, Stay Safe

Fighting cybercrime isn’t just about having the right tech – it’s also about being aware and cautious. Whether you’re at home or work, being informed about scams like vishing helps keep your personal and company data safe.

“The bottom line? Stay alert, ask questions, and don’t let a phone call rush you into sharing sensitive information. That’s how we can all stay one step ahead of the scammers,” he concludes.

More about J2 Software

J2 Software is a cyber security-focused technology business founded in 2006 to address the critical need for effective cybersecurity, governance, risk, and compliance solutions that are practical and purpose-built. With the continued rise of cybercrime, identity theft, and confidential data leakage, J2 Software’s mission is to provide managed cyber security services that are not just a competitive advantage but an absolute business necessity.

Its comprehensive managed cyber security services cater to businesses of all sizes, ensuring greater visibility to identify risky behaviour and enhancing the capability to respond effectively to prevent losses. The team understands that cybersecurity is essential for protecting valuable assets and maintaining business continuity.

J2 Software delivers essential tools that empower organisations to take control of their technology spend. Its hand-picked solutions, combined with expert services, provide complete visibility over our customers’ environments while reducing risk and lowering costs.

With a dedication to improving the cyber resilience of our customers, J2 Software has expanded its reach globally, serving more than 700 customers across 5 continents. Its commitment to innovation, reliability, and customer satisfaction has made the company a trusted partner in the ever-evolving landscape of cybersecurity. 

The post Vishing: The Voice Scam You Need to Know About appeared first on Tech | Business | Economy.

Research indicates that most small and medium-sized enterprises invest less than £500 annually in cybersecurity.

This underinvestment is typically due to indifference or a lack of understanding. It’s similar to insurance – rarely needed, but crucial when required.

John Mc Loughlin, J2 Software CEO, shares his experiences, insights, and passion for protecting businesses, big and small, from the ever-growing threats in cyberspace. He is an entrepreneur that stands out for his relentless drive and commitment to cybersecurity.

Mc Loughlin’s drive is to stop bad things from happening to good businesses. He begins by shedding light on J2 Software’s mission – to implement practical cybersecurity solutions for customers of all sizes, ensuring they can work securely from anywhere.

“I disagree with the notion of cybersecurity as an insurance policy. It is actually an enabler for doing more business. It allows companies to grow and service larger markets securely,” he says, explaining that security should be seen as an essential tool for growth rather than a reactive safeguard.

Bridging the investment gap between small and large businesses

Interestingly, he notes that large businesses also fall short when it comes to investing in cybersecurity.

“There’s massive underinvestment across the board,” he says.

He compares this mindset to purchasing a car and expecting it to run without ever needing maintenance or fuel.

For Mc Loughlin, visibility is key. “We can’t stop criminals from trying to attack, but we can ensure total visibility so that our customers can continue working without disruptions. I cannot emphasise enough that ongoing vigilance and adaptability are essential for long-term security.”

The impact of AI

With AI being a hot topic, he acknowledges its influence on cybersecurity. “While AI has been leveraged by cybercriminals to create more convincing phishing attacks and scams, it’s also a powerful tool for defence. AI helps us detect patterns far quicker and more efficiently.”

The ongoing evolution of AI is something he’s keeping a close eye on, as the rapid pace of change continues to reshape the cybersecurity industry.

“One of the biggest challenges has been staying ahead of the curve. We’ve always been ahead in terms of automation and visibility, but it took years for customers to catch up to the language we’ve been speaking,” he adds.

He remains driven by the desire to make a positive impact. “We prevent bad things from happening to good businesses, and that’s what keeps me motivated,” he says passionately. “We’re helping businesses stay afloat, and in turn, those businesses support families and communities. It’s a ripple effect.”

The post Stopping Bad Things from Happening to Good Businesses appeared first on Tech | Business | Economy.

The increasing frequency and sophistication of these threats demand a more strategic approach to cybersecurity investment, yet many organisations continue to underestimate the financial consequences of a breach.

The financial toll of cybercrime can be divided into direct and indirect impacts. Direct costs include the immediate loss of revenue due to downtime. A business can grind to a halt in the aftermath of an attack, often requiring weeks to restore operations.

The high costs

The cost of recovery, including professional support to restore systems, investigate the breach, and work with regulators, is another major direct hit to the bottom line.

The indirect costs, however, can be just as devastating, if not more so. Many people do not understand how severe the indirect effects of a successful cyber compromise will have on the business.

The most immediate indirect impact is the erosion of trust among customers, partners, and the public. A loss of trust often leads to a significant loss of business, as customers may turn away permanently.

Further indirect costs arise from regulatory reporting requirements and the protective measures necessary to safeguard individuals affected by the breach.

These additional expenses can accumulate rapidly.

The true cost of a cyberattack extends far beyond ransom payments, regulatory fines, and recovery costs; it reaches into the personal lives of employees, affecting mental health and well-being.

A cyber-attack is extremely stressful to the business and those responsible for recovery, which can lead to burnout and prolonged stress-related absences from work.

The cybersecurity investment gap

Despite the mounting risk, many organisations continue to under-invest in cybersecurity. I see a disproportionate under-investment in relation to the risk of cybercrime. This mismatch between risk and investment is a critical issue for CFOs.

While some boards may approve increased spending on cybersecurity, this spending is often ineffective, with a focus on isolated solutions rather than a comprehensive strategy.

The problem is that many business leaders still view cybersecurity as a technology issue. Cybersecurity has nothing to do with technology, it is about managing digital risk through a structured, resilience-based approach.

Technology is only an enabler; true resilience comes from understanding the broader risks and implementing a strategic framework that covers all aspects of digital risk.

Minimising financial damage

Prevention, as the saying goes, is better than cure. For businesses, this means building a robust cyber resilience framework.

There is no way we will stop attackers trying to attack, but an effective framework can help businesses detect and respond to threats before they cause significant damage.

Security comes from visibility – resilience provides visibility, visibility gives us the capability to respond.

By ensuring total visibility across all parts of a cyber resilience framework, organisations can detect potential attacks early, limiting the financial damage. The sooner a threat is identified, the easier it is to contain, reducing the potential for widespread disruption.

Aligning cybersecurity with financial strategy

One of the key challenges for CFOs is aligning cybersecurity investments with their overall financial strategy.

The focus needs to shift from the cost of individual cybersecurity tools to the value of preventing cyber incidents in the first place.

Let’s rather focus on what your business does to make money. By understanding how cyberattacks can disrupt revenue streams and harm customer relationships, business leaders can better justify the necessary investment in cybersecurity.

The financial impact of a cyberattack is not limited to the cost of recovery. Most businesses will face at least two weeks of downtime, followed by months of ongoing disruption. During this time, businesses lose not only revenue but also market share, as competitors swoop in to capture dissatisfied customers.

In many cases, 30% of customers will no longer want to do business with a company that has been breached. By calculating these potential losses, businesses can gain a clearer picture of the true cost of cyber risk.

Incident response planning

A comprehensive incident response plan is essential for reducing the financial impact of cybercrime. Being prepared is crucial.

Regularly reviewing and testing incident response plans can help organisations respond more effectively when an attack occurs, reducing both the direct and indirect costs of a breach.

Building cyber resilience into the business also includes regular awareness training and cybersecurity drills.

These exercises help employees understand their role in protecting the business, creating a culture of vigilance that strengthens the organisation’s overall defences.

The rising cost of cybercrime is placing significant financial pressure on CFOs. While many organisations still under-invest in cybersecurity, the true cost of a breach – from lost revenue and reputational damage to regulatory fines and personal stress – far outweighs the expense of building a robust, resilience-based cybersecurity framework.

By shifting focus from technology solutions to strategic risk management, businesses can reduce their exposure to cyber threats and protect their bottom line.

The post Financial Impact of Cybercrime appeared first on Tech | Business | Economy.

It brings security closer to users and applications, allowing proactive threat detection, real-time monitoring, and rapid response to potential security incidents.

Businesses need more than just security; they need a holistic approach to network performance and protection.

The integration of SSE, alongside other existing solutions, will help them achieve this.

Cybersecurity has become a top priority for businesses as they integrate remote work into their daily operations and rely on cloud-based services.

The ever-evolving tactics of cybercriminals demand the adoption of novel techniques and technologies to counter emerging threats.

The landscape

The cybersecurity landscape has witnessed a convergence of various attack types and motivations. Acts of sabotage, espionage, and hacktivism have become more prevalent, making it clear that the need for robust cybersecurity measures is greater than ever.

In a survey conducted by PwC, nearly half of the CEOs expressed their intent to increase investments in cybersecurity and data privacy for their respective companies.

A significant portion of these investments is likely allocated to advanced cybersecurity frameworks designed to combat the escalating threats posed by data breaches, malware, ransomware, and other security challenges.

The Rise of SSE

At the forefront of this battle is SSE. According to Gartner, by 2025, approximately 80% of enterprises are projected to adopt a strategy that unifies web, cloud services, and private application access through a single vendor’s SSE platform.

SSE consolidates multiple cybersecurity capabilities within a single cloud-native software stack, protecting enterprises and their networks against anomalies, threats, and sensitive data breaches resulting from phishing, malware, ransomware, data theft, and other unwanted access attempts to locations, applications, and resources.

SSE is a concept aimed at providing improved protection and network performance for organisations relying on cloud-based services and virtual networking.

It offers a holistic approach to security and networking, focusing on network edge security. It streamlines infrastructure, enhances efficiency, and brings security services closer to users and applications, reducing latency and improving the user experience.

SSE comprises several components that set it apart from other network security approaches:

• Network Transformation (SDN): SSE involves a shift toward cloud-based services and virtualisation, replacing traditional hardware-centric networks with software-defined networks (SDN) that provide flexibility and agility.

• Security Integration: SSE incorporates security functions into the network edge, eliminating the need for separate security appliances at multiple locations. This consolidation simplifies architecture, reduces costs, and bolsters security.

• Service Optimisation: SSE places emphasis on enhancing network performance and user experience by bringing security services closer to the network edge, reducing latency and improving responsiveness.

• Zero Trust Network Access (ZTNA): SSE can implement ZTNA principles, enforcing strict access controls, user identity verification, and device health checks to secure network resources at the edge.

• Cloud Secure Web Gateway (SWG): Integration of a Cloud Secure Web Gateway enhances web security, incorporating features such as web filtering, data loss prevention, and malware detection to protect users accessing resources via the network edge.

• Cloud Access Security Broker (CASB): CASB integration within SSE provides visibility and control over cloud services and applications, offering user authentication, access control policies, data encryption, and monitoring of cloud service usage at the network edge.

• Firewall-as-a-Service (FWaaS): FWaaS can be integrated into SSE as a vital security component, monitoring and controlling network traffic with features such as network segmentation, traffic inspection, intrusion prevention, and threat detection.

The Importance of SSE

SSE brings security closer to users and applications, enabling proactive threat detection, real-time monitoring, and rapid response to potential security incidents.

It also ensures secure access to cloud services, a critical requirement for modern business operations. The benefits of SSE include:

• Enhanced Security Posture: SSE implements proactive security measures to protect against advanced threats, with real-time threat detection, encryption, and data loss prevention.

• Secure Access to Cloud Services: It ensures secure connectivity and seamless access to cloud services, establishing secure tunnels, authenticating users, and applying security policies to safeguard data.

• Improved Network Performance: SSE minimises latency by bringing security closer to the network edge, resulting in faster and more reliable network performance, particularly for latency-sensitive applications.

• Bandwidth Optimisation: SSE optimises bandwidth utilisation by managing traffic intelligently, ensuring that critical applications receive the necessary resources.

• Cost Efficiency and Scalability: SSE streamlines network architecture, reducing the need for separate security appliances at every location. It offers scalability to adapt to changing business needs.

• Flexible Scaling: It allows organisations to adapt their network and security infrastructure efficiently as per evolving requirements.

SSE versus SASE

SSE and Secure Access Service Edge (SASE) are occasionally confused, but they serve different scopes. SASE is a broader framework that encompasses SSE, combining networking and security services in a cloud-native architecture.

SASE offers a comprehensive approach to network and security, ensuring secure access to resources regardless of the user’s location.

Components of SASE include network and security integration, identity-centric access, and a zero-trust architecture.

While SSE and SASE have distinct scopes, they can synergise. SSE can be integrated into a broader SASE framework to enhance network edge security and provide localised security services, enabling organisations to establish a comprehensive security posture across their network.

The future

By considering SSE and its potential integration into a broader SASE architecture, businesses can strengthen their security posture and optimise their network infrastructure.

SSE is not just about security; it’s about a holistic approach to network performance and protection, and we believe that the integration of SSE, alongside existing solutions, will help businesses achieve this.

The post Modern Business Security: The Power of Unified Cloud Protection appeared first on Tech | Business | Economy.