Is this email difficult to read? View it in a web browser. ›
The Wall Street Journal ProThe Wall Street Journal Pro

CybersecurityCybersecurity

Sponsored by Zscaler logo.

How Can Companies Get Better at Detecting Hackers Who Act Like Legitimate Employees?

By Kim S. Nash
 

Hello. Boston Capital, which invests in the development of affordable housing, is this week notifying thousands of people in at least five states that their Social Security numbers and other personal data was breached in January.

The company didn’t detect the breach itself; it found out when hackers made data-theft claims online, which prompted Boston Capital to investigate. The company didn’t go into detail in its disclosures to state regulators about its cybersecurity measures, so we don’t know about any intrusion-detection systems it might have had in place. 

This isn’t an unusual situation but it is a concerning one. Hackers are good at slipping in and out unnoticed, often by way of abusing legitimate credentials and acting like insiders.

Readers, I’d love to hear from you: What work flows or tools can make companies better at spotting potentially “bad” insider activity? Email me with your thoughts.

More news below.
 

‏‏‎ ‎
CONTENT FROM: ZSCALER
Reduce Cyber Risk as AI Exposes Vulnerabilities

The recent “Claude Mythos” model is a reminder of what happens when frontier models can discover and exploit vulnerabilities at machine speed. Threat actors aren’t just using AI for better phishing anymore; they’re industrializing the entire attack lifecycle. In this special webinar, Zscaler CEO Jay Chaudhry and security executives share practical advice to reduce exposure and stay ahead.

Watch Webinar Now

 

More Cyber News

PHOTO: ZAMEK/VIEWPRESS/CORBIS/GETTY IMAGES

AT&T, T-Mobile, Verizon and five other telecom firms formed their own cyber information-sharing group, separate from an existing one hosted within the U.S. government. The idea is to be able to collaborate faster and privately to hash out and respond to cyber threats. (Cybersecurity Dive) 

Federal financial regulators are holding off on cybersecurity assessments of big banks while the firms assess the capabilities of Anthropic's Mythos, Bloomberg reported, citing people familiar with the situation. The Federal Reserve and Office of the Comptroller of the Currency are also discussing how best to address threats and vulnerabilities identified by the AI model.

Companies continue to fall behind in patching, with exploitation of known vulnerabilities the primary way hackers hacked last year, according to Verizon. Exploited bugs accounted for 31% of breaches in the 12 months ending in October 2025, up from 20% in the prior period, Verizon said Tuesday in its annual data breach investigations report. (CyberScoop)

  • The median time from detection to patching was 43 days, up from 32 days the year earlier. Verizon analyzed more than 22,000 breaches in its latest research.
30%

Jump in monthly cyber insurance policy volumes by companies in the auto industry at insurer Cowbell U.K. in the months after a significantly damaging cyberattack at carmaker Jaguar Land Rover. 
 

About Us

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten and James Rundle. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.
 
Share this email with a friend.
Forward ›
Forwarded this email by a friend?
Sign Up Here ›
 
Desktop, tablet and mobile. Desktop, tablet and mobile.
Access WSJ‌.com and our mobile apps. Subscribe
Apple app store icon. Google app store icon.
Unsubscribe   |    Newsletters & Alerts   |    Contact Us   |    Privacy Notice   |    Cookie Notice
Dow Jones & Company, Inc. 4300 U.S. Ro‌ute 1 No‌rth Monm‌outh Junc‌tion, N‌J 088‌52
You are currently subscribed as [email address suppressed]. For further assistance, please contact Customer Service at pro‌newsletter@dowjones.com or 1-87‌7-975-6246.
Copyright 2026 Dow Jones & Company, Inc.   |   All Rights Reserved.
Unsubscribe