Author: Jane Devry

Business executives never think they’ll be victims of a cyberattack until it happens to them—and by that point, it’s already too late. Over the course of a few weeks, I had seen three companies fall victim to cybercrimes executed through social engineering—and I was forced to face the gravity of an impending crisis facing CEOs. One thought consumed me: if a large-scale company could be breached, what did it mean for my own private equity firm, which transfers millions of dollars to investors and tenants every month?

After days of deliberation, I developed a potential solution. With over 25 years of experience in IT and cybersecurity, multiple patents to my name, and a track record of building and selling a Managed Service Provider (MSP) that reached $65 million in annual revenue, I understood the evolving nature of cyberthreats. The key, I realized, was fostering shared awareness across all corporate communications, implementing a system that visually signals threats to end-users to help prevent deepfake-driven social engineering attacks.

I embarked on a journey to draft the patents, develop the software, and build the company. What I wasn’t prepared for was the sheer volume of attacks occurring every day across Corporate America.

In the past few months, I’ve spoken with hundreds of major companies. CTOs and CISOs have quietly disclosed their breaches to me. The patterns are both clear and alarming: social engineering is the predominant attack vector, and AI has transformed these attacks from obvious scams to near-perfect impersonations.

A few years ago, a Dubai company director was duped by a cloned voice to initiate $35 million in bank transfers. Another company last year acknowledged that a series of AI-generated video calls, mimicking their CFO, nearly resulted in $25 million dollars of fraudulent transfers. These are not isolated incidents. They represent a fundamental shift in the cybersecurity landscape that most organizations—and certainly most individuals—have yet to comprehend.

Traditional cybersecurity has focused on protecting systems: firewalls, intrusion detection, and endpoint protection. These tactics remain necessary but are increasingly insufficient. The most sophisticated attackers don’t bother trying to break through your technical defenses. Why would they when they can simply call your finance department, sound exactly like your CEO, and request an urgent wire transfer?

The rise of generative AI has exponentially increased both the scale and sophistication of these attacks. Previously, social engineering required skilled human operators who could stage a convincing performance on calls or craft persuasive emails. This limited the number of high-quality attacks possible. Now, AI can generate thousands of personalized, contextually aware communications—emails, voice calls, even video—that appear completely legitimate.

This transformation has happened with breathtaking speed. A Midwest company shared that their phishing simulation tests from just 18 months ago now seem laughably obvious compared to the real attacks they’re seeing today. The awkward phrasing and grammatical errors that once served as red flags have disappeared, replaced by perfectly crafted messages that reflect the exact communication style of the impersonated executive.

What makes this crisis particularly insidious is its invisibility. Unlike a ransomware attack that announces itself with encrypted files and demand notes, successful social engineering often leaves no obvious trace until the money is gone. And companies, fearing reputational damage, rarely disclose these incidents publicly unless legally required—embarrassed to admit that they are quite literally being “robbed blind.”

The financial implications are staggering. The FBI’s Internet Crime Complaint Center reported that Business Email Compromise (BEC) attacks—just one type of social engineering—resulted in billions of dollars in reported losses. But industry experts I’ve spoken with believe the true cost is far higher, potentially 5 to 10 times greater when factoring in unreported incidents. The scale of this threat is not just alarming, it’s a wake-up call for businesses to rethink their cybersecurity defenses. 

So, what can be done? Technical solutions are part of the answer. The system we’ve been developing uses AI to detect AI, analyzing communication patterns across channels to identify anomalies and provide real-time warning indicators.

Regulators also have a role to play. Compliance auditors and cyber insurance providers can guide companies to employ technology that provides shared awareness and non-repudiation aggregators. Also, current disclosure requirements often fail to capture the true nature and extent of social engineering attacks. More granular reporting mandates would help illuminate the scale of the problem and drive appropriate responses.

As AI continues to advance, the line between authentic and synthetic communications will only blur further. The attackers have weaponized trust itself, exploiting our fundamental human tendency to believe what we see and hear from seemingly familiar sources.

This crisis is real, growing, and largely invisible to the public. It’s time we recognized that in the new cybersecurity landscape, the weakest link isn’t your firewall—it’s human psychology. And strengthening that link will require tools, training, and vigilance beyond anything we’ve previously deployed.

 

 

The post They’re Not Hacking Your Systems, They’re Hacking Your People: The AI-Powered Crisis We’re Ignoring appeared first on Cybersecurity Insiders.

AI applications are embedded in our phones and becoming a vital part of life. To accelerate mainstream adoption, technology companies are inundating us with TV commercials to show the magic of AI. “Summarize a research report.” “Make this email sound professional.” 

Many people don’t realize that as they watch these commercials and experiment with the technology, most of these capabilities are based on language, particularly large language models (LLM). On the consumer side, breakthroughs in natural language processing and improving search engines are great. Andrej Karpathy, Open AI co-founder, referred to this when he said, “The hottest new programming language is English.” But this is not necessarily where the real power of AI is for enterprises.

Although nearly half (49%) of CEOs use AI for content generation, communication, and information synthesis, implementation more broadly across enterprises is flat or cooling. Enthusiasm for AI to enhance productivity, reduce downtime, and increase ROI is there, but the full potential is untapped due to cost and security concerns.

Initial AI applications have relied heavily on machine learning (ML), a subset of AI that has evolved into transformer architecture or look-ahead architecture. ML models basically predict what the next word, the next sentence, the next paragraph will be, and so on. However, training a model costs millions of dollars before it adds value and must be done responsibly. Using flawed or biased data can lead to inaccurate results. You must also lasso the data and the systems it connects to so that sensitive data isn’t exposed. 

This is where the newest innovation in AI, distinct from ML, is coming into play to enable additional enterprise use cases. With the right boundaries, new AI can provide game-changing value, including assistance in building cyber resilience.  

Delivering Cyber Resilience Insights

According to Gartner’s latest Hype Cycle for I&O Automation, by 2026, 50% of enterprises will use AI functions to automate Day 2 network operations, compared with fewer than 10% in 2023. 

The new generation of AI  will help us get there. 

AI is now moving from training to inference, helping you quickly make sense of or create a plan from the information you have. This is made possible based on improvements to how AI understands massive amounts of semi-structured data. New AI can figure out the signal from the noise, a critical step in framing the cyber resilience problem. 

The power of AI as a programming language combined with its ability to ingest semi-structured data opens up a new world of network operations use cases. AI becomes an intelligent helpline, using the criteria you feed it to provide guidance to troubleshoot, remediate, or resolve a network security or availability problem. You get a resolution in hours or days – not the weeks or months it would have taken to do it manually.  

Enabling Better Network Automation

In the same study, Gartner also finds that by 2026, 30% of enterprises will automate more than half of their network activities – tripling their automation efforts from mid-2023. 

AI is not the same as automation; instead, it enhances automation by significantly speeding up iteration, learning, and problem-solving processes. New AI allows you to understand the entire scope of a problem before you automate and then automate strategically. Instead of learning on the job – when you have a cyber resilience challenge, and the clock is ticking – you improve your chances of getting it right the first time. As the effectiveness of network automation increases, so too will its adoption.

Let’s look at the challenge of vulnerability management as an example.

Imagine you are a managed service provider (MSP). A flaw has been discovered in an open-source library that’s typically included in most of the popular switches made by multiple vendors. You, your customers, the vendors, and the bad guys all hear about this vulnerability at roughly the same time. Your job is to figure out how to remediate faster than the bad guys who will accelerate attacks because they know the door will close. 

Today, you have to manually figure out what to do across a complex and distributed network environment consisting of different customers, switches, and versions of switches that may or may not be running a version of the library with this vulnerability. 

You write one automation script after another to remediate each scenario. But you don’t see the commonalities until you’re well into the project. Eventually, you realize you could have written a handful of scripts to cover most of your customers, but by then, it’s too late. 

New AI allows you to streamline the project by formulating an AI-based lookup. You can pull in customer configuration information automatically and then use AI to categorize customers based on that criteria to see how cyber resilient they are. AI can also provide recommendations on how many unique automation scripts you will need to write so you can focus your resources and build resilience faster. 

The Magic of AI: Enabling Cyber Resilience

AI is never certain, but it can give you high-probability guidance, and that’s what business leaders look for to help them manage their enterprises strategically. 

You can get to cyber resilience faster when AI can provide insights that help you slash the amount of prep work and time spent writing automations to solve network security and availability problems. For business leaders, that’s more than magic. That’s a compelling use case for AI.

The post AI and Automation: Key Pillars for Building Cyber Resilience appeared first on Cybersecurity Insiders.

As organizations accelerate their cloud adoption for cost-efficiency, scalability, and faster service delivery, cybercriminals are taking notice. Cloud technology has become a cornerstone of modern business operations, offering unparalleled flexibility and innovation. However, with great promise of cloud technology can also bring great risk. In 2025, threat actors are anticipated to increasingly target cloud technologies, exploiting their rising complexity and potential vulnerabilities. The rapid expansion of cloud services, combined with the shift toward hybrid and multi-cloud environments, has created an intricate web of interconnected systems that presents a lucrative target for cybercriminals.

With critical functions like identity and authentication now consolidated in the cloud, businesses face a growing risk: a single point of compromise could grant attackers access to an organization’s most valuable assets. Organizations must recognize that their cloud environments are not isolated; they are part of a vast digital ecosystem that requires constant vigilance, strategic planning, and proactive defense measures. 

The Growing Cloud Attack Surface

As businesses increasingly migrate workloads to the cloud, they expand their attack surface, introducing new security challenges. Cloud-based identity and authentication services, while enhancing security and user experience, have become attractive targets for attackers. A compromised cloud access point can serve as a gateway to an organization’s most sensitive assets, resulting in significant financial and reputational damage.

The shared responsibility model — where cloud providers manage infrastructure security while customers handle data and application security — can create gaps if organizations fail to implement proper security measures. Misconfigurations, lack of visibility, and inconsistent security policies across cloud environments are common pitfalls. Cybercriminals are exploiting these weaknesses using techniques such as social engineering, credential stuffing, privilege escalation, and utilizing lateral movement within cloud systems. Organizations must take a proactive approach to cloud security by continuously assessing their defenses and addressing vulnerabilities before they can be exploited.

What Organizations Can Do to Prevent Cloud-Based Threats

To fortify their organizations against cloud-based threats in 2025, security leaders must move beyond traditional, reactive approaches and adopt a comprehensive, proactive cybersecurity strategy that includes:

•Proactive Threat Validation: Organizations can no longer rely solely on periodic breach and attack simulations or penetration testing conducted after threats have been identified. Instead, they must integrate continuous validation of their security posture using real-world threat intelligence. By aligning defensive measures with the latest adversary tactics, techniques, and procedures (TTPs), organizations can prioritize the most pressing exposures and mitigate risks before they are exploited.

•Live Threat Intelligence Integration: The evolution of threat actors requires security teams to move from passive scanning to intelligence-driven security practices. By leveraging live threat intelligence, businesses can gain a predictive understanding of potential attack paths and adversarial behaviors specific to their industry. This approach helps prioritize vulnerabilities that align with known threats and allows for timely and strategic mitigation.

•Predictive Posture Assessment: Modern cloud environments demand a shift from traditional risk assessments to predictive posture validation. This involves analyzing indicators of potential adversarial activity and using that intelligence to strengthen defenses. Organizations can leverage AI-driven insights to correlate data on vulnerabilities, attack paths, and threat actor movements, ensuring a prioritized and dynamic security approach.

•Scaling Offensive Testing: Security teams must enhance their offensive capabilities by automating red team exercises. By emulating advanced adversaries at scale, organizations can identify security gaps without the need for extensive manual orchestration, enabling more efficient and thorough assessments of their cloud environments.

•Incident Response Optimization: A proactive security posture includes the ability to swiftly detect, contain, and remediate breaches. Simulating attacks on cloud access points enhances incident response readiness, enabling security teams to act decisively in the face of evolving threats.

Strengthening Cloud Security with Proactive, Intelligence-Driven Strategies

As cloud environments continue to evolve, organizations must adopt a proactive, intelligence-driven approach to security. Moving beyond traditional reactive measures, businesses need to continuously validate their security controls using real-world threat intelligence to anticipate and defend against emerging threats. 

The key to safeguarding cloud assets in 2025 lies in leveraging advanced security technologies and aligning defenses with evolving adversary tactics. Organizations that embrace continuous validation and tailored cybersecurity strategies will be better equipped to protect their critical assets and enhance overall resilience. By fostering a culture of continuous improvement and staying ahead of threats, businesses can confidently navigate the complexities of the modern cloud landscape.

 

 

 

The post Securing the Cloud Frontier: How Organizations Can Prepare for 2025 Threats appeared first on Cybersecurity Insiders.

In November 2024, U.S. authorities charged multiple individuals for conducting cyberattacks on telecom and financial firms. They allegedly used phishing to steal credentials, breach networks, and exfiltrate data, leading to major security and financial losses.

This incident highlights the escalating sophistication of cyber threats and the critical need for advanced defense mechanisms. Traditional security measures are inadequate, requiring organizations to adopt AI-driven cybersecurity strategies. Those who don’t get on board will be left behind due to the fast growth in both technology and threats. 

AI’s ability to process vast data in real-time helps counter evolving threats. By identifying anomalies and potential vulnerabilities proactively, AI empowers organizations to neutralize risks before they escalate into significant breaches.

Modern Cybersecurity Challenges

The challenge isn’t just the growing number of threats; it’s that these threats are becoming smarter and more difficult to detect. Cybercriminals are also adopting AI and at an expedited rate to refine their tactics, from making phishing emails more convincing to automating credential theft. Even more concerning, they’re using deepfake technology to perpetrate fraud, blurring the lines between real and manipulated data. 

To counter these evolving threats, AI-driven cybersecurity is emerging as the next line of defense. Unlike traditional rule-based systems, these AI-powered solutions use machine learning to sift through massive data sets, identifying patterns and behaviors that humans might miss. What this means for businesses is faster, more accurate threat detection and a reduction in the noise from false positives that often swamp security teams.

More than just a tool for detection, AI is helping organizations stay one step ahead of the attackers. It’s automating routine tasks, allowing security professionals to focus their efforts on addressing real threats. With AI systems continuously learning and evolving, they adapt to new threats, making them increasingly reliable as organizations contend with the growing volume and complexity of cyberattacks. 

AI and Digital Transformation

The real value of AI in cybersecurity lies in its ability to reduce false positives. Traditional security systems often generate alerts for non-issues, creating noise that detracts from the real threats. With AI, organizations can filter out these distractions and focus only on genuine risks. AI’s ability to automate routine security tasks—like patch management and vulnerability scanning—frees up valuable human resources. Security teams can then focus on more strategic activities, like threat mitigation and risk analysis, which drive greater value.

The Playbook 

To harness the power of AI in cybersecurity, business leaders should consider the following strategic steps:

  1. Deploy Intelligent Threat Detection – Invest in AI-driven security platforms that provide real-time monitoring, anomaly detection, and automated response capabilities.
  2. Build a Strong AI Governance Framework – Develop clear policies for AI adoption to ensure responsible use, data protection, and compliance with evolving regulations.
  3. Upgrade Threat Intelligence Capabilities – Leverage AI to analyze vast amounts of threat intelligence data, identifying emerging risks before they escalate.
  4. Seamlessly Integrate AI into Security Operations – Ensure AI solutions work within existing cybersecurity architectures for a unified, resilient defense system.
  5. Stay Ahead with Continuous Training – Regularly update AI models, train security teams on AI-driven insights, and conduct red-team exercises to test AI effectiveness.
  6. Be Proactive with AI-Enhanced Incident Response – Implement AI-powered detection, investigation, and mitigation protocols to reduce attack impact and response times.

As cybercriminals refine their AI-driven attacks, businesses must adopt AI-powered defenses to stay ahead. Investing in AI tools within digital transformation efforts strengthens cybersecurity while preserving operational agility. AI is no longer optional, it is essential. By leveraging AI for predictive threat detection and mitigation, companies protect their digital assets and ensure long-term resilience in an evolving threat landscape.

 

The post AI’s Edge in Cybersecurity: How It’s Detecting Threats Before They Happen appeared first on Cybersecurity Insiders.

Introduction

Power, water, gas, and tribal utilities serve as the backbone of modern society, providing essential services that sustain daily life. However, these critical infrastructures face an escalating threat landscape characterized by cyberattacks that can disrupt services, compromise sensitive data, and threaten public safety. As utilities work to fortify their digital defenses, a new and formidable challenge is emerging on the horizon: quantum computing.

Quantum computers, while promising revolutionary advancements in fields such as materials science, medicine, and logistics, pose an existential threat to existing encryption protocols. These advanced machines have the capability to break the mathematical foundations of current encryption methods, rendering traditional cybersecurity protections obsolete. Given the rapidly approaching quantum era, utilities must prioritize cyber resilience—developing the ability to anticipate, withstand, recover from, and adapt to cyber threats.

While no single solution will provide complete security, utilities must take a multi-faceted approach to shoring up vulnerabilities, enhancing defenses, and ensuring continuity of operations in an increasingly hostile cyber environment. This article explores the growing cyber threat landscape, outlines key strategies for cyber resilience, and provides actionable insights to help utilities prepare for the quantum future.

The Growing Threat Landscape

The complexity and interconnectedness of modern utility networks make them prime targets for cyber adversaries. Over 90% of cyberattacks on utilities originate from open communications ecosystems such as corporate email, enterprise messaging, and videoconferencing platforms. Once attackers gain access, they can employ various tactics, including ransomware, phishing, and sophisticated intrusions aimed at disrupting industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems.

Historical cyber incidents serve as stark reminders of the risks posed by inadequate cybersecurity measures. One of the most notable examples is the 2015 cyberattack on the Ukrainian power grid, which resulted in widespread power outages. This attack demonstrated how adversaries could manipulate ICS environments, emphasizing the need for robust cyber resilience strategies.

As adversaries continue to refine their tactics and quantum computing looms as a future disruptor of encryption, utilities must be proactive in their approach to cybersecurity. The following key strategies offer a blueprint for strengthening cyber resilience in this rapidly evolving threat landscape.

Key Components of Cyber Resilience for Utilities

1. Risk Assessment and Threat Intelligence

Understanding vulnerabilities and anticipating potential threats are fundamental to cyber resilience. Utilities must conduct regular risk assessments to identify security gaps, evaluate system weaknesses, and prioritize mitigation efforts.

Additionally, utilities should engage in active threat intelligence sharing with industry peers, government agencies, and cybersecurity organizations. Collaboration through initiatives like the Critical Infrastructure Security Consortium (CISC) enables cross-sector knowledge exchange and strengthens the collective defense posture of the utility sector.

2. Robust Cybersecurity Frameworks

To navigate the complex cybersecurity landscape, utilities should implement established industry frameworks such as the NIST Cybersecurity Framework (CSF) and ISO/IEC 27001. These frameworks provide structured methodologies for managing cyber risks, enhancing security controls, and improving incident response capabilities.

Regulatory compliance is another essential aspect of cybersecurity for utilities. Adhering to standards like the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) helps ensure that critical infrastructure assets are safeguarded against cyber threats. While specific regulatory requirements may vary across sectors, collaboration and knowledge-sharing between utilities can lead to broader adoption of best practices.

3. Network Segmentation and Zero Trust Security

A Zero Trust security model, which assumes that threats can originate from both external and internal sources, is crucial for preventing unauthorized access and limiting the lateral movement of cyber threats. Key Zero Trust principles that utilities should adopt include:

  • Multi-Factor Authentication (MFA): Strengthening access controls by requiring multiple verification factors.
  • Least Privilege Access: Granting employees and third parties only the necessary permissions to perform their tasks.
  • Continuous Monitoring: Implementing real-time surveillance of network activity to detect anomalies and potential threats.

Additionally, network segmentation can help contain potential breaches by isolating critical systems from non-essential networks. This approach ensures that a compromised component does not lead to the complete failure of utility operations.

4. Incident Response and Recovery Plans

Utilities must develop comprehensive incident response plans to detect, contain, and mitigate cyber threats. These plans should be regularly tested through tabletop exercises and simulated cyberattacks to ensure that employees and IT teams are prepared for real-world scenarios.

In the aftermath of a cyberattack, robust data backup and disaster recovery strategies play a vital role in restoring operations. Secure data archiving and after-action reviews help utilities analyze response effectiveness, optimize detection and reaction times, and produce reports for regulatory compliance.

5. Workforce Recruiting, Training, and Awareness

Human error remains a leading cause of cybersecurity incidents. To address this issue, utilities should invest in workforce development initiatives that promote cybersecurity awareness and technical proficiency.

Proactive recruitment efforts, including partnerships with universities and cybersecurity training programs, can help cultivate a new generation of professionals equipped to handle utility cyber risks. Existing employees should also receive continuous training to recognize phishing attempts, social engineering tactics, and other evolving threats.

Fostering a culture of security awareness strengthens the human firewall within an organization, reducing the likelihood of insider threats and accidental security lapses.

6. Collaboration and Public-Private Partnerships

Cyber resilience is not a solitary endeavor; it requires coordinated efforts across multiple sectors. Public-private partnerships between utilities, government agencies, cybersecurity firms, and industry organizations enable knowledge sharing, joint response initiatives, and accelerated threat mitigation strategies.

Organizations like the CISC provide a foundation for collective cyber defense, facilitating cross-sector collaboration and resource allocation. By working together, utilities can leverage shared intelligence, develop unified response frameworks, and strengthen the resilience of critical infrastructure.

Preparing for the Quantum Threat

While utilities must address existing cybersecurity challenges, they must also prepare for the advent of quantum computing. Quantum computers will eventually possess the capability to break conventional encryption methods, making it imperative for utilities to explore post-quantum cryptography (PQC) solutions.

Governments and cybersecurity researchers are actively developing quantum-resistant encryption algorithms to counteract this looming threat. Utilities should stay informed on these advancements and begin integrating quantum-safe cryptographic measures into their cybersecurity strategies.

Transitioning to quantum-resistant encryption will require careful planning, infrastructure upgrades, and regulatory considerations. By staying ahead of the curve, utilities can ensure that their cybersecurity defenses remain robust in the face of evolving technological disruptions.

Conclusion

As utilities navigate an increasingly complex cyber threat landscape, the urgency of cyber resilience has never been greater. The rapid evolution of cyber threats—coupled with the impending impact of quantum computing—demands a proactive, multi-layered approach to security.

By adopting comprehensive cybersecurity frameworks, implementing Zero Trust principles, enhancing workforce training, and fostering industry collaboration, utilities can fortify their defenses and ensure the continued reliability of critical infrastructure. Cyber resilience is not just about defending against attacks—it is about maintaining operational stability, safeguarding public trust, and future-proofing against technological advancements.

The quantum era is on the horizon. Utilities that act now to strengthen their cyber resilience will be better positioned to withstand the challenges of tomorrow’s digital landscape.

 

__

Damien Fortune is the founder and CEO of SENTRIQS, developers of the most secure solution for compliant collaboration, GLYPH. 

Betsy Soehren Jones is a utility operations executive specializing in cyber security, artificial intelligence, and supply chain.

 

 

 

The post Cyber Resilience for Utilities in the Quantum Era: Preparing for the Future appeared first on Cybersecurity Insiders.

Cybersecurity has become an important element of business continuity. Regardless of the industry, all organizations operate in increasingly hazardous environments, with significant threats like ransomware impacting millions of businesses every year.

However, while these threats are very real, your business shouldn’t operate in fear. With the right knowledge and tools, you can have more confidence in your organization’s ability to minimize its attack surface or even recover successfully in the event of an attack.

To get to this point, however, there are some fundamental strategies and best practices you should be deploying.

Identify the Warning Signs

One of the most intimidating aspects of ransomware attacks, besides their aggressive nature, is that they can happen in an instant. While ransomware may appear to execute instantaneously at first glance, more subtle indicators emerge that show an organization that it could be in danger of an attack.

A common sign of a ransomware attempt is unusual spikes in network activity or unexpected system slowdowns. This could be the beginning of an infiltration and can also precede application or file storage performance issues.

If you’re seeing an increase in suspicious emails or flagged spam, it’s possible that your organization may be getting targeted, and it’s important to take added precautions.

Know How to Isolate and Contain

How quickly you respond to potential ransomware incidents can make all the difference in your ability to avoid or recover from them successfully. By acting decisively during an attack, you can prevent serious damage and limit the disruption it causes.

Conduct a Thorough Situation Assessment

After you’ve contained the threat, it’s important to start assessing any damage that’s occurred. Understanding the scope of the attack not only helps you to identify which systems may need to be prepared, but it also helps you to know if there are deeper data compliance issues you or your partners should be aware of.

Something that will inform your next steps is knowing exactly what type of ransomware you’ve come across. For example, why most ransomware variants work to quickly encrypt sensitive business data, the primary goal of an attacker can vary considerably. While some attackers may settle for smaller breaches for quicker financial gains, others may be motivated by disrupting operations as much as possible. 

Work with Cybersecurity Professionals

Knowing how to adequately prepare your business to avoid ransomware attacks can take a fair amount of experience and knowing the right tools to use. In most cases, working with outside security experts is the best way to ensure you’re taking all the necessary steps to protect your business.

External experts are not only valuable in helping to prevent a future attack, but they can also be called in the event that you need to quickly recover from a successful breach. They’ll be able to help with data recovery, system and network restorations, and when working with cybersecurity insurance providers.

Evaluate Your Recovery Options

In the event your business needs to recover from a successful ransomware attack, there are different recovery options you’ll want to decide on. Assuming you’ve kept reliable backups of your critical data, executing manual recovery efforts is definitely an option worth considering sooner rather than later.

Negotiating with attackers or paying a ransom is often a risky option. Paying a ransom doesn’t guarantee that you’ll be able to gain access to your encrypted data again, nor will it ensure you aren’t targeted again. A safer alternative is to explore using professional data recovery services and working with qualified security partners to help you quickly and efficiently recover.

Execute System Restoration

Once you have chosen a recovery process, it’s time to execute it. The first step in most recovery processes is to first try to decrypt locked-out files if lower-grade encryption is used. However, in most cases, modern ransomware will be ineffective since most attackers use highly advanced encryption technologies when planning out their attacks.

In addition to using decryption technology, you can work with your partners or outside security teams to restore the most critical systems first using your recent backups. It’s important to ensure that all backups are adequately scanned before implementation to ensure that they are free of any lingering malware or other suspicious files.

Improve Your Security Effectiveness Long-Term

Prevention is the key to avoiding the long-term impact of ransomware. To do this, it’s important to regularly assess the performance of your existing security measures and identify areas that need improvement. Conducting regular assessments of your organization’s cybersecurity posture gives you the blueprint necessary to ensure you’re maximizing the value of your security investments.

However, business risk assessments are beneficial for more than just keeping your business safe. They’re also important when evaluating regulatory compliance when adopting AI tools and ensuring secure and responsible implementations across all your systems.

Don’t Let a Ransomware Attack Break Your Business

There is no question that ransomware is an intimidating cyber threat that all businesses should be aware of. However, by understanding the risks and taking proactive steps to protect your organization, you’ll be able to confidently navigate new security challenges as they arise.

 

Author Bio:

Nazy Fouladirad is President and COO of Tevora, a global leading cybersecurity consultancy. She has dedicated her career to creating a more secure business and online environment for organizations across the country and world. She is passionate about serving her community and acts as a board member for a local nonprofit organization.

 

 

The post From Crisis to Confidence: Navigating Ransomware Incidents with Expert Guidance appeared first on Cybersecurity Insiders.

Cybercriminals are constantly looking for ways to exploit financial data, and cloud-based billing systems have become a prime target. While these platforms offer automation, scalability and convenience, they also introduce security vulnerabilities that businesses must address. 

To fully benefit from cloud billing while mitigating risks, organizations need a proactive security approach. To help strengthen your defenses, let’s explore key security threats and best practices for protecting cloud-based financial systems. 

Key Security Risks in Cloud-Based Billing Systems 

While cloud-based billing platforms improve efficiency, they also require strong security measures to protect sensitive financial data. Without the right safeguards, these vulnerabilities can put businesses at risk: 

• Data Breaches and Unauthorized Access 

Financial data is a prime target for cybercriminals, and unauthorized access to billing records can lead to fraud, identity theft and compliance violations. Weak authentication measures and misconfigured access controls often increase the risk of breaches. 

• Inadequate Encryption Practices 

Without strong encryption, sensitive financial data remains vulnerable to interception. Cloud-based billing platforms must encrypt data both at rest and in transit to prevent unauthorized access. Poor encryption key management can further expose billing information to cyber threats. 

• API Security Vulnerabilities 

Billing platforms often rely on Application Programming Interfaces (APIs) to integrate with third-party applications and financial tools. If not properly secured, these APIs can become entry points for attackers to access sensitive data or manipulate transactions. 

• Insider Threats 

Employees and third-party vendors with access to billing systems can pose security risks, whether through accidental mishandling of data or malicious intent. Without strict access controls and monitoring, internal threats can lead to unauthorized transactions or data leaks. 

• Compliance and Regulatory Challenges 

Billing systems must comply with regulations such as Payment Card Industry Data Security Standard (PCI-DSS), General Data Protection Regulation (GDPR) and Service Organization Control 2 (SOC 2). Failure to meet these standards can result in legal penalties and reputational damage. Many organizations struggle to maintain compliance, leaving gaps in their security frameworks. 

• Distributed Denial-of-Service (DDoS) Attacks 

DDoS attacks overwhelm cloud-based platforms with excessive traffic, causing downtime and preventing legitimate transactions. These disruptions not only impact revenue but also erode customer confidence in the security of the billing system. 

• Weak Security Patching and Updates 

Cyber threats evolve rapidly, making it critical for cloud providers to release security patches regularly. However, businesses that delay updates leave themselves exposed to known vulnerabilities that attackers can exploit. 

Best Practices for Securing Cloud-Based Billing Systems 

To protect sensitive financial data and reduce security risks, cybersecurity professionals must implement a comprehensive security framework. The following best practices help mitigate threats and enhance billing platform security: 

• Strengthen Access Controls and Authentication 

Enforcing multi-factor authentication (MFA) and role-based access controls helps restrict unauthorized access to billing data. Strong authentication protocols reduce the risk of credential-based attacks. 

• Implement End-to-End Encryption 

Data encryption using industry standards such as the Advanced Encryption Standard (AES-256) protects billing information from interception. Businesses should also adopt secure encryption key management practices to safeguard stored financial records. 

• Secure API Integrations 

Since APIs connect billing platforms to various financial tools, securing them is essential. Organizations should implement API authentication measures and regularly audit API permissions to prevent unauthorized data access. 

• Conduct Regular Security Audits and Testing 

Routine security assessments – including penetration testing and vulnerability scanning – help identify weaknesses before they can be exploited. Working with third-party auditors allows businesses to uncover risks and improve security measures. 

• Choose a Secure and Reliable Billing Platform 

Selecting a subscription billing system that prioritizes security can help businesses reduce vulnerabilities while managing transactions efficiently. A well-designed system will include robust authentication controls, end-to-end encryption and compliance with industry security standards. 

• Monitor for Insider Threats 

Behavioral analytics tools can detect unusual activity within billing systems, allowing businesses to identify and mitigate potential insider threats before they cause damage.

• Protect Against DDoS Attacks 

Cloud-based DDoS protection services help prevent service disruptions by filtering malicious traffic before it impacts billing operations. Scalable network defenses keep transactions running smoothly, even during an attack.  

• Automate Security Patching 

Keeping billing platforms updated with automated patch management reduces exposure to cyber threats. Businesses should prioritize cloud providers that offer managed security updates and vulnerability monitoring. 

Cloud-Based Billing Security: A Smarter Approach 

Cloud-based billing platforms offer efficiency and scalability, but without strong safeguards, they remain prime targets for cyber threats. Going forward, organizations must prioritize access controls, encryption and secure integrations to protect their cloud-based infrastructure. 

After all, a well-protected billing system does more than prevent breaches – it builds trust, supports compliance and strengthens long-term financial stability. Taking proactive steps today will help businesses stay ahead of evolving threats and maintain a secure, reliable billing system for the future. 

AUTHOR BIO: Matt Ream is the Director of Product Marketing at BillingPlatform. With extensive experience in product marketing, particularly for B2B SaaS companies, Ream has a proven track record of establishing robust marketing foundations and positioning products as industry leaders. 

The post How Secure Are Cloud-Based Billing Systems? Addressing The Top Security Risks appeared first on Cybersecurity Insiders.

Most organizations today struggle with the basic of things. They don’t know how many endpoints they have on their network. They don’t know if they have antivirus installed. If they get a simple alert they don’t know its cause or where to begin to investigate it.

The vast majority of companies’ struggles with the very basics are due to talent availability. For example, a company of 500 employees cannot afford to put 10 people on one particular security product. But AI agents for cybersecurity can act like virtual employees who can augment humans.

Before we dive further into this bold claim, it’s important to understand that AI agents are different than GenAI and ChatGPT we’ve been hearing about for a while.

The whole large language model (LLM) phenomena started with ChatGPT. When people talk about AI agents or when they think about using LLMs, they invariably think about the ChatGPT use case. ChatGPT is a very specific use case where someone is talking to basically a chat bot. The promise of AI agents is having software that automatically does things for you – where software is powered by LLMs and that software is always trying to figure out what needs to be done. Even without telling it to do something, it does it. That is very different from early use cases of chat bots where users take the initiative and ask the questions.

Let me explain how AI agents work. As an example, a Security Operations Center analyst receives a Splunk alert about an employee logging in from a new location where they have never been. If the analyst asks Google about the alert and the employee logging from a new location, Google will offer some information and suggestions that can serve as a guideline. But in order to best triage that issue further, the analyst would want to get all the location information from where that employee had logged in in the past. The analyst may want to create a query that pulls information from Active Directory or Okta. Once they correlate this data, they may decide that more information is needed. AI agents do something very similar, and look at a whole variety of security knowledge inputs. They have this reasoning and can figure out that for this kind of alert certain information is needed, and they will find out how to get that information. They may need to run a few queries on various security systems, and they can correlate all the information in a report. This is just one example, and the reality is that there are thousands of different types of alerts and hundreds of different security tools. While AI agents cannot do everything today, the idea is that there are simple tasks they can do reliably to decrease the amount of work for the SOC team.

In fact, AI agents are often more effective than humans who bottleneck some processes. For example, if there’s an alert about a particular IP address then information about that IP address is needed. Humans will need to pull different kinds of information from internal and external sources. This takes time and effort, and they need to do it continuously. And all this data collected doesn’t really help because a SOC analyst wants to look at only the relevant information, and not spend time determining what’s important, and what’s not. This is one very simple use case where AI agents can deliver automatic enrichment with the right information based on the context, on what you are doing, and the alert.

Organizations, however, need to understand the security of the AI agents and GenAI they are considering. AI agents can cause damage in a thousand ways, they are like DevOps creating 100 lines of code every hour with no review process and no trial environment to test code before being deployed in production. A very frequently encountered problem with AI is hallucinations and these can be difficult to detect because they are subtle and hidden. For example, one of the common AI agent use cases is attempting to extract indicators of compromise (IOCs) from unstructured data. Because of the way LLMs are trained, they respond very confidently and even if information does not exist they will give an answer. So the right approach is to take any answer from an LLM with a grain of salt and use that not as gospel but as a candidate toward resolution. And then you can run your own deterministic logic to figure out whether that answer is correct or not. It is very important for organizations to look to solutions that can verify whether or not its LLM outputs are correct.

Regarding AI agents and cybersecurity, there are two axes of development today. First, we have a long way to go in making AI agents much more powerful and useful. There is no reason that in a couple of years you cannot triage 100 percent of your alerts with AI agents. There is no law in physics that’s getting in the way, it’s only a matter of engineering. Of course, it will require lots of development, but it can be done. To be more effective, AI agents need more reasoning and more domain knowledge gained over time. The second axis of development is making AI agents more reliable. Today AI agents can extract IOCs from some cyber threat intelligence (CTI) sources. But using them as is proves ineffective because sometimes they will work and sometimes they won’t. Reliability, trust and control are orthogonal to the inherent power of LLMs. As an analogy, consider that not all employees are equally competent. Some are very competent and powerful, while others are just starting their careers. But even with your most competent employees, you can’t always trust them. Some of them can be knowledgeable but unreliable – reliability and trust are orthogonal to competence. And that is the same with AI agents.

And how do we deal with unreliable people? We don’t throw them away, we put guard rails around them. If someone is very erratic, but when they do their work it’s very high quality, you don’t put them on critical projects. You give them lots of buffers. On the other hand, if someone is highly reliable but their work is just average or always needs review, you need to plan accordingly. LLMs are the same way, and the good thing is that it’s all software. So you can take its work and another AI agent can verify its work, and if it’s not good then you can throw it away. Organizations should have frameworks to evaluate the outputs of LLMs and make sure that they are used when useful, and you don’t use them where they can do damage.

However, the democratization of AI tools can lower the entry barrier for attackers, potentially leading to a surge in sophisticated attacks. This scenario underscores the urgency for defenders to automate their defenses aggressively to keep pace and stay ahead of evolving threats.

We have yet to see if AI agents will finally allow defenders to move ahead of the attackers, because adversaries are not sitting idle. They are automating attacks using AI today and it will get much worse. Fundamentally we should speed AI use for defenses even faster than we are now. The question is, if AI continues to become very powerful, then who wins? I can see a deterministic path for defenders to win because if intelligence is available on both sides then defenders will always have more context. For example, if you are trying to break into my network and there are 100 end points and you don’t know which endpoint is vulnerable, you will have to find out by doing a brute force attack. But as a defender I have that context into my network. So all things being equal, I will always be one step ahead.

However, this future is contingent on continuous innovation, collaboration, and a strategic approach to integrating AI into security frameworks. Now is the time for organizations to get their strategies in line and defenders should work together and collaborate. There is not a moment to lose because AI will create a tsunami of automated attacks, and as a human if you are spending $100 responding to an attack that costs your attacker a penny, you will go bankrupt. As an industry we must automate our defenses, and AI agents provide a great start.

The post How AI Agents Keep Defenders Ahead of Attackers appeared first on Cybersecurity Insiders.

Steve Jobs famously said, “Let’s go invent tomorrow instead of worrying about what happened yesterday.” If the pace of change is any indicator, the tech industry took that sentiment and ran with it. 

We’re at the halfway point of the 2020s decade, one punctuated by massive amounts of change. The Covid-19 pandemic ushered in an evolution in how we work and play, paving the way for innovation at breakneck speeds. In just five years, we’ve seen significant shifts in certain areas of security, in particular. Understanding these trends is key as we move forward into 2025. 

1.SIEM is out; security data fabrics are in. The majority of Fortune 500 enterprise organizations we work with have told us they’ve definitively decided to move away from their SIEM. Almost all are moving to a security data fabric and data lake for the myriad cost, efficiency and analytical benefits. Some aren’t sure exactly when, how or if they’ll buy one or build one, but they’ve made the choice to begin this effort. 

So, what will happen in 2025? More companies will have a security data lake strategy. Some will build their own, while others will purchase off-the-shelf proven data lake solutions. All of them will have to mature their outlook on security data management and analysis. This is a daunting task for many. One of the things I frequently hear most from companies is that they don’t think they’re “mature” enough to begin making better use of their security data. Unfortunately, this is a problem of “paralysis by analysis.” In 2025, we’ll see more companies seek to help themselves by enlisting the expertise of others who have successfully moved to a security data fabric and lake model. Practitioners who’ve done so successfully will have a bigger voice on the vendor stage, especially since a security data fabric and data lake is often comprised of multiple home-grown or off-the-shelf solution. 

2.VPN is out; zero trust is in. It’s hard to find anyone these days who still uses a VPN and isn’t thinking about how to get away from it. With legislation like Executive Order 14028 and other paradigms set for zero trust models, almost everyone seems to realize that the cornerstone of a solid zero trust solution is connectivity that facilitates user access to applications regardless of the network they are on. There are a handful of leading providers of zero trust services, some being pureplay public cybersecurity companies that have mature and reliable solutions. The next frontier of zero trust is bringing into the fold non-standard assets like those for OT/IoT, as well as enabling connections between devices to be performed in alignment with zero trust protocols. 

In 2025, we’ll see more companies look to upgrade their solutions to best-of-breed zero trust connectivity models, as well as look to harness data from those solutions for security analysis. Products that leverage exchange platforms to make user-to-application connections may have a wealth of logs that can be combined with other security signals to produce insights on risks and threats. 

3.SaaS is not out, but on-premises purchasing models are back. Between 2016-2022, SaaS was all the rage. However, for security, privacy and cost reasons, the largest of enterprises are retrenching on SaaS and looking to keep or repurchase on-premises solutions. Many large companies find on-premises more beneficial from an accounting perspective and, long-term, they often are indeed more affordable. Control of where their data resides is becoming paramount in our ever-changing regulatory environment, especially in the face of some new regulations that may place more accountability on CISOs and companies for security or privacy violations.  Those who were holdouts on migrating from SaaS to on-premises are relishing the fact that they triumphed in their assumption that on-premises was a better model for them, after all. 

In 2025, we’ll see companies that are exchanging SIEMs for data lakes and retiring older network detection and response (NDR) solutions for new-age methods of network monitoring, place at least the data storage components on-premises, or at minimum under their control, where possible. This will enable them to have better confidence in their ability to protect security and privacy of data that transits these solutions for analytical purposes. 

The tech industry is inventing tomorrow so quickly that today is struggling to keep pace – particularly when it comes to keeping digital assets safe. New regulations and new technologies, with both positive and negative implications, always require new strategies and tactics for organizations to thrive. Some of the tools and technologies that have been foundational to enterprise cybersecurity programs for years—SIEM, VPN, SaaS and others—are caught in the midst of a security data (r)evolution that is necessary in the new age of AI-fueled threats and global uncertainty. 

Take stock of your current security posture and determine whether security data fabrics, zero trust and on-prem solutions should be part of your security organization’s evolutionary process.

The views and opinions expressed by the individuals herein are their own and do not reflect any official policy or position of Comcast. These views and opinions are provided for illustrative purposes only and Comcast makes no warranties, whether express, implied, or statutory, regarding or relating to the accuracy of such statements.

 

The post Three Cybersecurity Shifts to Consider for the New Year appeared first on Cybersecurity Insiders.

During geopolitical tensions, supply-chain uncertainties, and fast-moving regulatory changes, organizations accelerate their risk-management programs, especially when mitigating risks inherent in business relationships with other organizations.

With so many challenges and headwinds to face, risk managers are increasingly pressed to use every tool in their toolkits to stay ahead of security threats while remaining within the bounds of the law.

Among their most valuable tools is the Standard Information Gathering (SIG) Questionnaire, a widely used assessment that helps organizations evaluate the security, privacy, and compliance risks of their third-party service providers and vendors. The SIG questionnaire, which Shared Assessments developed, standardizes the process of gathering mission-critical information about vendors and their security protocols, sparing organizations the effort of creating custom questionnaires for each assessment.

Many business leaders have become adept at using the SIG Questionnaire, but this year, it has been updated in ways that every organization should know.

The updates found in SIG 2025 reflect a shift toward stricter regulatory compliance and third-party risk governance. 

Organizations that adapt to these changes early will become more resilient, secure, and compliant in an increasingly complex vendor landscape.

The Role of SIG in Third-Party Risk Management

Tailor-making risk profiles for every service provider and vendor on the roster would consume more time and resources than most organizations have. This is why the SIG Questionnaire was developed. Its advantages include:

  • Standardization via a consistent framework for evaluating vendors, making risk assessments comprehensive and comparable.
  • Better efficiency by reducing the workload for both organizations and vendors by eliminating redundancies and streamlining the risk assessment process.
  • Comprehensive analysis, addressing cybersecurity, data privacy, operational resilience, regulatory compliance, and business continuity.
  • Alignment with regulations including ISO 27001, NIST, GDPR, HIPAA, SOC 2, and other laws, which simplifies complex compliance requirements.

Before onboarding a new vendor, organizations send the SIG questionnaire to them to get a sense of their security posture. Vendors and service providers also enjoy the benefits of standardization, as they can complete the questionnaire once and share it with multiple clients, saving time and effort.

Risk-management teams then analyze the responses to find gaps and determine whether additional controls or audits will be needed before onboarding the provider.

While the system works well, it also changes over time. This year will bring important updates to the SIG Questionnaire and understanding these is crucial in making third-party risk-management programs as effective as they can be.

Understanding the Changes

The 2025 SIG update includes new questions, expanded content mappings, and enhanced regulatory alignment. While no new risk domains have been added, there are other significant changes, including:

  • Five new questions on response requirements and outsourced incident reporting.
  • Four new questions assessing contingency planning, data governance, and resilience strategies.
  • Three new questions that address evolving threats.

Users can also expect improved functionality and expanded compliance mapping. The latter deserves a closer look.

Mapping Compliance

The 2025 SIG directly maps to 31 reference documents, including new standards and regulations. This streamlines regulatory compliance and saves time.  

SIG 2025 incorporates three key regulatory frameworks—and new controls for risk teams–to align with global cybersecurity and risk management trends:

  • E.U. Digital Operational Resilience Act (DORA), which strengthens the financial sector’s ability to withstand cyber threats and operational disruptions. SIG 2025 includes control J.11, which evaluates whether an organization has outsourced its incident reporting responsibilities, aligning with DORA Article 18.
  • E.U. Network and Information Security Directive 2 (NIS2), which mandates stricter security measures for supply chain security, requiring organizations to assess third-party risk exposure. SIG 2025 controls C.11 and C.12 were added to address Article 29, emphasizing information-sharing about cyber threats, vulnerabilities, and security incidents.
  • NIST Cybersecurity Framework (CSF) 2.0:, which strengthens governance functions and aligns cybersecurity practices with enterprise risk management. SIG 2025 now incorporates NIST CSF principles to improve third-party cybersecurity governance and risk visibility.

As organizations surely realize, the updates to the SIG Questionnaire are substantial. So, how should risk managers best prepare for them?

Ready for the Future

To effectively integrate the important updates to SIG—which will save organizations time and reduce the risk of falling out of compliance—risk teams get familiar with the new functionalities and explore the enhanced features of the SIG Manager to streamline the assessment process. They should also update assessment templates to incorporate the latest regulatory mappings and use custom scoping to ensure assessments are comprehensive and compliant.

Risk teams should also attend webinars and other training sessions offered by Shared Assessments to stay current on the latest changes and best practices.

By proactively adapting to these enhancements, risk teams will strengthen their third-party risk management programs and maintain compliance with evolving standards.

The gradual evolution of SIG is a reflection of the world that businesses find themselves in today. Geopolitics continues to affect commerce and supply chains. Regulations safeguarding privacy and security continue to proliferate.

At the same time, organizations find they need to do business with an ever-growing roster of vendors and service providers, all of whom bring their own unique risks to the table.

Broader vendor risk management covering multiple risk domains is crucial as security and business continuity challenges continue to multiply. Risk teams need every possible tool at their disposal – and the updated SIG Questionnaire is among the most valuable.

The post What Risk Managers Need to Know About SIG 2025 appeared first on Cybersecurity Insiders.