Last month we observed the solemn 18th anniversary of the terrorist attacks of Sept. 11, 2001. We have made significant strides since then in securing our nation against large-scale terrorist attacks from foreign groups like al-Qaida. We have established a Department of Homeland Security; strengthened aviation and infrastructure protections; constructed an integrated intelligence apparatus; and struck strong blows against terrorist enclaves overseas.

This work must continue as ISIS, al-Qaida and other extreme violent Islamist organizations seek to regroup. But we must recognize that in the past two decades, the threats of terrorism and mass violence have metastasized. We have seen the emergence of new strains of ideologically motivated terrorism and targeted mass violence, much of which is launched by domestic actors.

Nearly 18 years after the Sept. 11 terrorist attacks, three former secretaries of Homeland Security gathered at ground zero on Monday and pressed the government to prioritize cybersecurity risks as one of the top threats to the United States.

Janet Napolitano, who led the Department of Homeland Security under former President Barack Obama, urged officials to apply greater creativity to cybersecurity in an effort to avoid the failure of “imagination” that the 9/11 Commission said might have prevented the 2001 airliner attacks.

Workplace violence is on the rise. In May, there was an active shooter event in Virginia Beach, where a disgruntled city employee murdered 12 of his co-workers. In May, as well, another school shooting occurred in Colorado, not far from where the infamous Columbine shooting took place in 1999. As the debate for sensible gun-control continues, gun laws alone will not stop the next massacre, particularly for those already intent on causing harm.

Scammers impersonating the Internal Revenue Service are emailing individuals malware to steal information, marking an escalation compared with recent schemes that used the agency in less sophisticated attacks.

The latest scam emails include links that appear similar to the IRS.gov web address but lead to compromised websites that could download software to record a victim’s keystrokes, potentially sharing passwords and other sensitive data with attackers, the IRS warned last week.

When it comes to falling prey to a phishing email scam, one study found that those working in certain industries are more likely than others.

A study released this summer by KnowBe4 found that those who work in construction are the most susceptible to phishing attacks among small-to-medium-sized businesses and the second-most likely to fall for a phish among large corporations. Workers in the hospitality industry were most likely in the large business category.

After a ransomware attack, depending on the breadth of the incident, systems affected and security measures in place, recovery time can take months – or even years. Recently, malicious actors targeted two major cities – Atlanta and Baltimore – with ransomware attacks, causing officials to surrender control of their systems, halt critical services and endure extensive reputational and financial damage.

Former DHS secretary Michael Chertoff and former NSA head Mike McConnell write for CNBC that Wednesday’s FCC spectrum upgrades are a positive step in 5G support, and bring us another step closer to a more connected internet of things. But the move also means the U.S. needs to expand it’s cyber industrial base as well as its cooperation with other countries beyond our four biggest allies, in order to avoid using products developed by companies including Huawei.

Insider threat has become one the biggest risks to businesses globally, accounting for 64% of security breaches today. With the average cost to resolve insider-related incidents reaching $2.08m per incident, it should come as no surprise that organizations are beginning to invest heavily in employee monitoring technology.

Security researchers recently revealed that a previously unknown hacker group carried out a series of attacks on government agencies in 13 countries by redirecting agency computers to hacker-controlled servers. This happened through the manipulation of domain name system (DNS) infrastructure. 

And it followed a US Department of Homeland Security alert disclosing a global campaign, subsequently linked to Iran, to redirect internet traffic and steal sensitive information also by compromising DNS infrastructure. The DNS is an attractive target because it serves as a global address book, translating internet names we know into IP addresses that computers can recognize. The infrastructure supporting DNS is maintained by a number of core companies that administer internet domains, register new domain names, and host DNS “lookup” services which convert those domain names into IP addresses.

A company that claimed to use technology tools to help victims with ransomware cleanup was found to secretly be paying the ransom, while collecting a premium from their clients, according to an expose out this week. The situation brings the core dilemma of business-focused ransomware directly into the spotlight: To pay, or not to pay?