Featured Insights
Most Recent
BCM: Protecting Operations in an Age of Disruption
In an increasingly complex operating environment, disruption is no longer a remote risk but rather a sustained and predictable condition for organizations. Heightened regional tensions, cyber threats, supply chain shocks, and climate-related events mean that government entities and private companies are expected to demonstrate clear readiness to maintain operations under pressure.
A Case Study | Building Resilience Against Operational Disruption
Challenged with an evolving regulatory environment and heightened regional risk context, a major government-owned organization faced increasing expectations from its board, regulators, and stakeholders to demonstrate operational readiness, continuity of critical services, and structured crisis response capabilities aligned with national priorities.
Beyond Annual Audit | Strengthening Fraud Oversight in China
In recent years, multinational companies operating in China have devoted significant attention to external risk factors such as geopolitical tensions and trade disputes. Yet while external risks command executive focus, internal risks can quietly accumulate. Paul Tan explains the different mandates of external auditors and forensic auditors, the practical implications of those differences, and why deploying the right expertise at the right time materially influences outcomes when concerns arise.
Morpheus Unmasked: Big Game Hunting and Private Data Sales
Recent Ankura cases dealing with Morpheus ransomware group suggest that a new approach to the ransomware ecosystem is gaining popularity among threat actors. Typically, when a ransom is not paid, the threat actor resorts to leaking the victim’s data. In these situations, Ankura’s Cyber Threat Investigation & Expert Services (CTIX) analysts navigate the dark web and conduct covert downloads to determine exactly what data has been publicly leaked and exposed on the threat actor’s dark web leak site.
Redefining the PMO: Driving Alignment, Decisions, and Outcomes
As organizations continue to invest heavily in transformation and delivery, the role of the project management office (PMO) is being reexamined through a more strategic lens.
Ankura CTIX FLASH Update – May 12, 2026
Malware Activity When Trusted Platforms Become the Delivery Vehicle for Malware Recent research highlights two (2) growing malware campaigns that show how attackers are exploiting trust and familiarity to bypass security controls. In one campaign, Mac users searching Google for a Claude AI download are lured by sponsored ads that appear legitimate and lead to ...
From Models to Agents: Rethinking Intelligence in Financial Systems
Banking is starting to change how it uses artificial intelligence (AI) in everyday decisions. In the past, banks relied on structured models designed to produce consistent, predictable results. Now, there is growing interest in “agent-based” systems that go beyond making predictions — they can also interact, coordinate tasks, and take action.
Resilient Demand Amid Reemerging Inflation and Cost Pressures (Ankura Monthly Economic Report)
U.S. consumers show continued resilience, but underlying conditions are weakening as inflation, rising borrowing costs, and declining liquidity begin to pressure spending and sentiment.
Payroll Assessment Primer | Compliance Starts with the Numbers: Building Better Assessments Through Better Data
In this article, we discuss how sampling can be an effective tool and the types of data that are typically gathered.
Ankura CTIX FLASH Update – May 11, 2026
Malware Activity How Attackers Are Turning Trusted Platforms into Weapons Recent cyber campaigns show how attackers are increasingly exploiting trust in well‑known brands and platforms to carry out effective attacks. In one case, criminals set up a fake Claude AI website that looks legitimate and tricks Windows users into downloading malware hidden inside a supposed “Claude‑Pro Relay” tool, giving attackers remote control over infected systems. In another campaign, hackers abuse Google’s paid search ads to impersonate GoDaddy’s ManageWP login, leading victims to a nearly identical sign‑in page that steals usernames, passwords, and even two‑factor codes in real time. Both attacks ...
