Author: Jane Devry

Introduction

Companies are increasingly pursuing a cloud-first strategy by developing and deploying applications with the cloud in mind. With the majority of organizations adopting a hybrid or multi-cloud approach to support various use cases and work models, the attack surface has significantly broadened, making securing today’s cloud environments more critical and increasingly complex. 

The 2024 Cloud Security Report, based on a comprehensive survey of 927 cybersecurity professionals worldwide, provides critical insights into the current trends driving cloud security. It explores key challenges in protecting complex cloud environments, what solutions and strategies cybersecurity professionals are prioritizing, how they’re allocating their resources, and the best practices they’re adopting to ensure the security of cloud workloads. 

Key findings include:  

  • Multi-Cloud Preference: A majority of organizations (78%) opt for hybrid and multi-cloud strategies to combine flexibility, control, and the unique benefits of various cloud services.
  • Cloud Adoption Barriers: Security and compliance concerns (59%) are critical roadblocks to faster adoption of multi-cloud strategies. Technical challenges (52%) and resource constraints (49%) present substantial challenges in achieving visibility and policy control within complex multi-cloud infrastructures and emphasize the necessity for robust cloud security expertise.
  • Cybersecurity Talent Shortage: Companies face a critical shortage of cybersecurity expertise, with 93% of respondents concerned about finding qualified professionals to protect complex multi-cloud environments. This directly affects their security posture and strategic efforts. This persistent scarcity of cloud security expertise hinders faster and more widespread adoption of multi-cloud strategies.
  • Unified Cloud Security Platform Preference: 95% of respondents advocate for a single platform to streamline security across cloud environments. The objective is to simplify and automate security management, mitigate the talent gap, and enhance security through consistent policy enforcement and visibility, addressing the inefficiencies of managing multiple disparate security systems.

We would like to thank Fortinet for the invaluable support of this important industry research project. We hope this report serves as a practical guide for cybersecurity leaders and practitioners to navigate the complexities of cloud security more effectively in your ongoing efforts to secure your organization’s cloud journey against evolving cyber threats.

Thank you,

Holger Schulze Founder

Cybersecurity Insiders

Cloud Deployment Strategies

Choosing the right cloud deployment strategy is critical for organizations to maximize the benefits of cloud computing while minimizing associated risks. 

The majority of organizations (78%) favor a hybrid or multi-cloud strategy, integrating multiple deployments into a single operating environment. A large portion of this (43%) use a hybrid of cloud and on-premises infrastructure. 35% of organizations have a multi-cloud strategy, highlighting a preference for leveraging the strengths of different cloud service providers for a variety of use cases. Just 22% rely on a single cloud provider, suggesting a focused approach that simplifies management but that may increase dependency on one vendor.

To better navigate the complexities of hybrid and multi-cloud deployments, organizations should prioritize an integrated security framework that ensures seamless protection across their entire digital footprint. This is essential to delivering the agility, scale, and security needed for robust defense against evolving cyber threats.

Multi-Cloud Adoption

The number of cloud providers an organization uses is crucial, impacting operational flexibility, risk management, and the complexity of security implementations. A majority of organizations (71%) use two or more cloud providers, indicating an approach that seeks to combine flexibility, control, and the unique benefits of each cloud service provider. An increase of 2 percentage points from last year’s survey reflects a growing shift towards multi-cloud strategies, driven by the need for specialized cloud services, regional availability, and redundancy.

Interestingly, only 29% of organizations rely on just one cloud provider, highlighting a preference for simplicity and perhaps a strategic partnership with a single cloud provider.

Organizations should adopt a seamless, cloud-neutral approach to securing multiple cloud environments that ensures consistent security policies and visibility across their digital footprint, reducing complexity and bolstering defense mechanisms against increasingly sophisticated cyber threats.

Preferred Cloud Providers

Next, we asked cybersecurity professionals about their current and future use of cloud providers, to better understand the changing market dynamics within the cloud ecosystem. Microsoft Azure continues to lead the market, with 62% of organizations in our survey currently utilizing its services, followed by Amazon Web Services (AWS) at 54%. This indicates a strong preference for these established cloud giants.

The survey results also highlight a significant interest in future adoption across all providers, particularly Oracle Cloud and Google Cloud Platform, with 27% and 25% of respondents planning to adopt these services, respectively. This suggests an increasingly diverse cloud adoption.

Navigating Cloud Adoption Barriers

Identifying and understanding the barriers to faster and more widespread cloud adoption is essential for organizations to better navigate the complexities of transitioning to cloud-based solutions.

Security and compliance concerns are at the forefront, with 59% of respondents identifying it as a primary barrier. This highlights the importance of ensuring that security and compliance are an integral element of cloud adoption. Technical challenges follow closely at 52%, highlighting that the ease of cloud adoption is not without its challenges.

49% of respondents cite resource constraints, including the lack of staff expertise and budget limitations, underscoring the need for adequate investment in human and financial resources to support cloud initiatives. Organizational and operational barriers (49%) underscore that cloud computing is not just a new technology, it is also a new operating model that offers innovative working methods and requires management buy-in to address potential resistance to change.

Perceptions of Cloud Security Risks

Evaluating the risk of security breaches in public cloud environments reveals significant concerns about the risks and unique security challenges associated with cloud computing, compared to on-premises environments.

A combined 44% of respondents perceive the risk of security breaches in public cloud environments as higher than in traditional on-premises IT environments, with 30% considering it somewhat higher and 14% viewing it as significantly higher.

Conversely, 30% of participants view the risk as lower in public cloud environments, indicating confidence in cloud providers’ security measures and advancements. A notable 26% of respondents believe the risk remains the same, suggesting that while the cloud introduces new dynamics, the fundamental security challenges persist across environments.

Public cloud offers organizations the opportunity to embrace a proactive, automated approach to security. Adopting a security-by-design mindset offers organizations the ability to effectively mitigate risks and capitalize on the scalability, flexibility, and innovation that the cloud offers.

Cloud Security Concerns

The level of concern regarding public cloud security is a critical indicator of the cybersecurity community’s perception and readiness to address potential risks and threats.

Despite increasing cloud adoption, cloud security concerns show no signs of improving: a significant majority of 96% express high levels of concern, with 37% being extremely concerned and 41% very concerned about public cloud security. The high degree of cybersecurity concern, which has remained consistent over the years, acts as a significant barrier to faster cloud adoption, as organizations grapple with the perceived risks and the complexities of securing cloud environments. Only a small fraction (22%) report moderate to no concern, indicating a strong consensus on the importance of robust security measures in public cloud deployments. 

This data aligns with the previous finding where a combined 44% of respondents perceived a higher risk of security breaches in public clouds compared to traditional on-premises environments. This reinforces that while cloud computing offers numerous benefits and grows rapidly, security remains a paramount concern.

To address these concerns, organizations should not only maintain a security-by-design approach but also invest in continuous monitoring, threat intelligence, and incident response capabilities specific to cloud environments. Adopting cutting-edge security solutions and fostering strong collaborations with cloud providers can help mitigate the perceived risk and concerns associated with public cloud, ensuring a secure and resilient cloud infrastructure.

Challenges in Cloud Security Operations

The management of day-to-day cloud security operations presents a multifaceted challenge for organizations, requiring a delicate balance between technological, procedural, and human factors. Data security and privacy emerges as the top concern, with 58% of respondents highlighting the critical importance of protecting sensitive information and preventing data leaks in the cloud. This underscores the importance of robust data governance and encryption practices. Configuration management is a close second at 55%, reflecting the complexity and potential risks associated with cloud configurations—as a single misconfiguration can expose organizations to significant security risks. 

Access control and identity management is another major challenge, cited by 54% of participants, emphasizing the need for stringent control over user access and privileges to prevent unauthorized access. Threat detection and respons (50%) and endpoint security (45%) further indicate the ongoing struggle to identify and mitigate security threats in real-time and secure the myriad of devices accessing cloud services. Policy and compliance management (45%) and cloud security management (45%) highlight the difficulties in ensuring consistent security policies across environments and aligning cloud security features with on-premises solutions.

To navigate these challenges in cloud security operations, organizations should prioritize a unified security strategy that leverages automation, advanced analytics, and integrated security platforms to streamline data security, policy enforcement, access management, and threat detection and response. Emphasizing the development of cloud-native security skills within teams and fostering a culture of security awareness can further enhance an organization’s ability to manage cloud security operations effectively.

Multi-Cloud Security Challenges

Multi-cloud environments significantly increase the complexity and challenges of securing cloud workloads. Ensuring data protection and privacy in each environment is identified as the most significant multi-cloud security challenge, with 55% of respondents highlighting it as a concern. This aligns with the earlier emphasis on data security and privacy as critical operational issues, underscoring the increased complexity when data is dispersed across multiple cloud environments. 

Having the right skills to deploy and manage solutions across all cloud environments is a major challenge for 51% of participants, echoing the previously noted need for cloud-native security expertise to effectively navigate the multifaceted cloud security landscape. Understanding how different solutions fit together and understanding service integration options are critical challenges for 47% and 44% of respondents respectively.

These concerns spotlight the intricacies of achieving seamless integration and interoperability among diverse cloud environments, a crucial factor for maintaining robust security and operational efficiency. The challenge of managing the costs of different solutions, cited by 42% of respondents, further reflects the operational and financial balancing act required in a multi-cloud strategy.

To effectively address these challenges, organizations should leverage integrated security solutions that offer visibility and control across multi-cloud environments, supporting consistent data protection and privacy standards. Emphasizing partnerships with vendors that provide comprehensive multi-cloud security capabilities and fostering skills development can empower businesses to overcome the complexity of securing multi-cloud architectures. This approach not only mitigates the identified challenges but also harnesses the full potential of multi-cloud environments for enhanced agility, scalability, and innovation.

Cybersecurity Talent Gap

Echoing the challenges highlighted in securing multi-cloud environments, the ongoing shortage of skilled professionals capable of protecting complex multi-cloud environments stands out as an ongoing, critical industry problem.

An overwhelming 93% of respondents express concern about the industry-wide shortage of qualified cybersecurity professionals. This considerable apprehension reflects the acute awareness of the gap between the growing demand for skilled cybersecurity talent and the available workforce, a gap that exacerbates security vulnerabilities and operational challenges in an increasingly complex cyber landscape. 

An emphatic 74% of respondents confirm that their organization is currently experiencing a shortage in cybersecurity talent. This finding quantifies the extent to which the skills shortage is affecting day-to-day security operations and strategic initiatives within organizations.

To mitigate the impact of the perennial cybersecurity skills shortage, organizations should consider a multifaceted approach that includes fostering partnerships with academic institutions to pipeline new talent and investing in training and development programs to cultivate internal talent and adapt to the evolving demands of cloud security. Organizations should also consider embracing unified security solutions that replace multiple-point solutions, incorporating artificial intelligence, and reducing operational complexity to bridge the skills gap while enhancing threat detection, response capabilities, and overall security posture.

Critical Cybersecurity Skills

In the context of the pronounced cybersecurity talent shortage faced by organizations, we asked about the specific cybersecurity skills deemed most critical for addressing today’s security challenges.  

Cloud and application security skills takes the top spot, with 60% of respondents highlighting its critical importance. This underscores the accelerated migration to cloud services and the necessity for robust security practices in application development and deployment. Following closely, identity and access management (IAM) is identified by 59% of organizations as essential, reflecting the growing complexity of securing user access across increasingly distributed IT environments.

Governance, risk, and compliance (GRC) is recognized by 58% of respondents as an important skill, underscoring the essential role of regulatory compliance and risk management frameworks in today’s cyber threat landscape. Security monitoring and operations, threat intelligence, and advanced technical security skills—all at 57%— demonstrate a nearly equal emphasis on proactive threat detection, understanding cyber adversaries, and leveraging advanced technologies for robust security posture.

Cloud Security Budget Trends

The allocation of resources to cloud security is a critical indicator of organizational priorities and the perceived importance of cloud infrastructure protection in the face of evolving cyber threats and technological advancements.

A significant 61% of respondents anticipate an increase in their cloud security budget over the next 12 months. This substantial majority signals a strong recognition of the escalating cybersecurity challenges and the need for enhanced security measures in cloud environments, propelling cloud security budget to increase by 37%.

The willingness to invest up to 37% more in cloud security reflects an understanding that robust defense mechanisms are essential to safeguard sensitive data and maintain compliance with regulatory standards in the increasingly cloud-centric business landscape.

Meanwhile, a third of organizations (32%) expect their cloud security budget to remain unchanged. Only a small fraction, 7%, project a decrease in their cloud security budget. 

Given the predominant trend towards increased cloud security investment, organizations should strategically allocate additional resources to areas of highest risk and potential impact, such as advanced threat detection, identity and access management, and security automation. This approach not only prepares businesses to combat sophisticated cyber threats but also enhances their overall security posture by leveraging the latest technological innovations in cloud security.

Embracing Cloud-Based Security Solutions

The decision to adopt cloud-based security solutions is driven by a variety of factors that align with organizational goals for agility, efficiency, and enhanced protection. The need for better scalability, recognized by 56% of survey respondents, highlights the cloud’s ability to dynamically adjust to fluctuating demands. Close behind, cost savings and faster deployment, at 47% and 46% respectively, underscore the economic and operational benefits enticing organizations towards cloud security solutions. Enhanced performance (42%) and the reduction of manual efforts for patching and software upgrades (40%) further catalyze the shift to cloud-based security solutions, especially in light of the perennial cybersecurity skills shortage.

Organizations considering cloud-based security solutions should prioritize scalability, cost efficiency, and rapid deployment to capitalize on the cloud’s operational and economic advantages. Focusing on solutions that offer streamlined policy management and continuous compliance can further enhance security postures, ensuring resilience in the face of evolving threats and regulatory landscapes.

Unified Cloud Security Platform

Given the complexity, operational headaches, and skills challenges already highlighted, it comes as no surprise that organizations are looking for a unified security platform to streamline and consolidate security management across diverse cloud environments. An overwhelming 95% of respondents confirm that having such a platform would be advantageous for protecting data consistently and comprehensively across the cloud footprint. 

This demand for a single, integrated cloud security platform echoes the industry’s shift towards platform consolidation, driven by improving security effectiveness, simpler integration, and reduced management overhead. It is the only effective approach to addressing the cybersecurity talent gap and mitigating increasingly sophisticated and automated attacks. Such a unified platform alleviates the operational burden of navigating multiple security interfaces and enhances overall security posture through consistent policy enforcement and comprehensive visibility across all cloud environments.

Securely Embracing the Cloud:  Essential Cloud Security Strategies

I n today’s rapidly evolving cloud landscape, adopting a robust cloud security posture is imperative for organizations of all sizes. This guide outlines essential best practices for securing your cloud environments, from unifying security platforms to investing in specialized skills, designed to protect against the sophisticated threats of tomorrow.

ADOPT A UNIFIED SECURITY PLATFORM: Centralize security control and visibility across all cloud environments to streamline operations and enhance visibility, a strategy preferred by 95% of organizations.

EMPHASIZE CLOUD-AGNOSTIC SECURITY:  With 78% using hybrid or multi-cloud environments, it’s crucial to develop strategies that address the unique challenges of these environments and ensure consistent security policies and enforcement.

AUTOMATE POLICY AND COMPLIANCE MANAGEMENT: Implement systems to automate and streamline security policies across cloud environments and consistently meet regulatory requirements. 

PRIORITIZE DATA PROTECTION:  Implement robust data governance and encryption to safeguard sensitive information across all cloud services, addressing the security challenge mentioned by 58% of organizations.

ENHANCE CONFIGURATION MANAGEMENT:  Actively manage cloud configurations to prevent misconfigurations and reduce exposure to security vulnerabilities.

STRENGTHEN ACCESS CONTROL: Employ strict identity and access management to implement Zero Trust principles and reduce the risk of unauthorized access.

BOOST THREAT DETECTION AND RESPONSE:  Leverage advanced analytics and automated response capabilities to identify and mitigate threats in real time.

INVEST IN CLOUD-NATIVE SECURITY SKILLS:  With 93% expressing great concern over the cybersecurity skills shortage, foster the development of cloud-specific security expertise within your team to navigate the complex cloud security landscape more effectively.

Methodology and Demographics

The 2024 Cloud Security Report is based on a comprehensive global survey of 927 cybersecurity professionals conducted in February 2024, to uncover how cloud user organizations are adopting the cloud, how they see cloud security evolving, and what best practices IT cybersecurity leaders are prioritizing in their move to the cloud. The respondents range from technical executives to IT security practitioners, representing a balanced cross-section of organizations of varying sizes across multiple industries.

__

Fortinet (NASDAQ: FTNT) secures the largest enterprises, services providers, and government organizations around the world. Fortinet empowers our customers with complete visibility and control across the expanding attack surface and the power to take on ever-increasing performance requirements today and into the future. Only the Fortinet Security Fabric platform can address the most critical security challenges and protect data across the entire digital infrastructure, whether in networks, application, multi-cloud, or edge environments. Fortinet ranks #1 as the company with the most security appliances shipped worldwide and more than 730,000 customers trust Fortinet to protect their businesses. www.fortinet.com

__

Cybersecurity Insiders brings together 600,000+ IT security professionals and world-class technology vendors to facilitate smart problem-solving and collaboration in tackling today’s most critical cybersecurity challenges. Our approach focuses on creating and curating unique content that educates and informs cybersecurity professionals about the latest cybersecurity trends, solutions, and best practices. From comprehensive research studies and unbiased product reviews to practical e-guides, engaging webinars, and educational articles – we are committed to providing resources that provide evidence-based answers to today’s complex cybersecurity challenges. Contact us today to learn how Cybersecurity Insiders can help you stand out in a crowded market and boost demand, brand visibility, and thought leadership presence. Email us at info@cybersecurity-insiders.com or visit cybersecurity-insiders.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The post 2024 Cloud Security Report Fortinet appeared first on Cybersecurity Insiders.

Gartner created the Continuous Threat Exposure Management (CTEM) framework as a strategic approach to help organizations of all sizes and maturity levels address modern cybersecurity challenges by continually and consistently evaluating the accessibility, exposure, and exploitability of an enterprise’s assets. Gartner predicts that organizations prioritizing their security investments based on a continuous threat exposure management program will realize a two-third reduction in breaches by 2026. The framework has garnered quite a bit of attraction over the last two years as new startups offer their take on a threat exposure management solution in a race for industry dominance. An even greater number of existing security solutions have modified their positioning to highlight their legacy vulnerability management, attack surface management, or breach and attack simulation tools as CTEM offerings. 

Most organizations address part of the story because they are missing the contextualized threat data that functions as an intelligence layer. It is estimated that an average enterprise organization can have anywhere from 40-70 tools in its security stack. Yet many security teams still struggle to understand their cybersecurity readiness capabilities, including detection, response, and preventive measures, because of a lack of integration. Manual configuration reviews, occasional penetration tests, or siloed, tool-centric administration of security controls are insufficient in the face of rapidly changing attack techniques. Dedicated threat exposure management solutions, on the other hand, take a broader approach, encompassing the entire organization’s IT infrastructure and identifying potential attack paths while considering the impact of vulnerabilities. 

Why starting with threat is key

With the proliferation of sophisticated threats outpacing the evolution of defenses, the pivot from a reactive to a proactive security strategy will be a challenge for security practitioners. Taking a threat-centric approach ensures alignment of cyber threat intelligence against actual defenses to understand and triage the most critical issues. 

Automated threat prioritization is necessary to properly assess, configure, optimize, and align current security tools to defend against advanced threats in a timely manner, but is not often integrated into traditional security offerings. For example, when a new threat advisory is released, organizations need to ensure they have real-time access to information required to determine if they are at risk, such as visibility into unpatched vulnerabilities, the likelihood of an attack, validate that controls can defend against the specific threat, and measure the potential business impact. The time-consuming manual processes of threat mapping, threat intelligence fusion, and determining defense readiness diminish an organization’s ability to proactively address exposures. 

Today, that process can take days or even weeks as cybersecurity products and services like cyber asset attack surface management (CAASM), cloud security posture management (CSPM), SIEM, XDR, and vulnerability managers compile data that don’t work together. This issue means organizations have severe gaps in their defenses for extended periods of time. Without automation and the ability to scale, organizations leave themselves susceptible when they scramble to understand their exposure to new threats.  

Implementation Challenges

Having a CTEM strategy is critical for organizations to optimize existing security investments. Implementation involves unifying various security tools to help organizations understand all exposure risks, including vulnerabilities, security tool deployment and configuration, exploitable public-facing assets, and missing detection coverage; however, several challenges can hinder the successful execution of a program, including:

  • Lack of holistic visibility into the entire defense surface and tool integration complexities
  • The time and effort it takes to operationalize cyber threat intelligence 
  • Difficulties in prioritizing specific organizational vulnerabilities and associated threats
  • The ability to continuously automate security control assessments rather than relying on point-in-time assessments and audits 
  • Not being able to systematically map tool capabilities and detection coverage to adversarial TTPs 
  • Skills gaps

To start understanding your relevant threats and vulnerabilities, organizations need to overcome issues with data integration, organizational silos, a lack of skilled personnel, and the complexities of automation. Addressing these challenges will require fostering cross-team collaboration amongst threat and security operations teams and adopting technologies that can unify security data and automate analysis.

Market Adoption

Although the threat exposure management market is gaining traction amongst security leaders, it is still considered an emerging market, with Gartner research placing market adoption between 5% and 20%. The cost of ownership should not be a hindrance to adoption. It will likely lead to a net positive on an organization’s bottom line, as these programs have proved to help with tool consolidation and save time, resources, and manpower used to automate manual processes and testing. Finding the cost of CTEM as a tool is generally justified when reflected against optimization and saving on defense infrastructure, effectively managing threats in a better way and ultimately helping to avoid the cost of a breach in the long run.

Security teams will continue to struggle with ensuring cyber defenses are calibrated and responsive to the threats that matter most to them without early adoption. CTEM adoption will require an industry shift as we move away from reactive tooling to a more proactive and programmatic approach; however, we have slowly seen an uptick in exposure management initiatives since actions by the Security and Exchange Commission (SEC) requiring publicly traded companies to disclose material breaches of any cybersecurity incident and to describe their processes for assessing, identifying, and managing material risks from cybersecurity threats. To achieve this, security leaders must have quantitative data to demonstrate and attest that their program is well-reasoned and defendable.  

The bottom line is that organizations must overcome siloed technologies, broken integrations, the complexity of analyzing the dynamic relationships between adversaries and defensive capabilities, and the difficulties in exposure measurement and management. To stay ahead of emerging threats and establish your team as a modern SecOps organization you must implement an effective CTEM program that will allow you to continuously analyze defensive capabilities, prioritize threats and vulnerabilities, and optimize tooling across your security ecosystem.

 

The post How modern SecOps teams use CTEM to Assess and Reduce Cyber Threats appeared first on Cybersecurity Insiders.

New Board Members Include Top Leaders in Tech, Scientific Communities

Charlottesville, VA (12/18/2024) — RIIG, an AI driven risk intelligence and cybersecurity solutions provider, announces the addition of two new members, Cody Sanford and Philip E. Bourne to its advisory board.

“With their combined expertise in business expansion, big data, and cutting-edge technological strategies, Cody and Philip bring invaluable insights to our mission of advancing our product innovation,” says Alex Soroka, President of RIIG. “Cody’s proven track record in steering companies through financing and mergers and acquisitions complements Philip’s extensive scientific and research expertise, ensuring a dynamic blend of strategic and analytical leadership.”

Continues Soroka, “RIIG welcomes Cody and Philip to our board. We look forward to fresh ideas and innovative perspectives as we embark on the next chapter of our growth.”

•Cody Sanford was previously T-Mobile’s Executive Vice President, Chief Information Officer and Chief Product Officer, leading the company’s Product & Technology organization. He held a variety of leadership roles at T-Mobile over the past 20 years, and helped spearhead the successful merger of T-Mobile and Metro Wireless. Sanford is also a board advisor to a number of start-up technology firms. 

•Dr. Philip Bourne is the Founding Dean of the School of Data Science and Professor of Biomedical Engineering at the University of Virginia. He leads a range of initiatives to encourage and facilitate the use of big data in large-scale research across the scientific and technological disciplines, with special emphasis on structural bioinformatics and systems pharmacology. Previously, he was the Associate Director for Data Science at the National Institutes of Health and spent 20 years on the faculty at the University of California-San Diego, eventually becoming Associate Vice Chancellor of Innovation and Industrial Alliances.

RIIG specializes in innovative tool and application development powered by advanced artificial intelligence to address challenges in data security, threat detection, and strategic risk management across diverse and complex data environments.  With partnerships and collaborations with US federal, commercial, and academic institutions, RIIG empowers organizations to gain advantage and solve unique challenges.

Led by a team of industry professionals with deep expertise in AI, cybersecurity, and data science, RIIG’s experienced leaders and skilled team members are committed to providing innovative solutions that address the complex challenges of today’s ever-changing technology landscape.

Last month, RIIG announced a $3 million seed funding round led by the Felton Group, the family office of Charlottesville-based hedge fund manager, Jaffray Woodriff. RIIG is using the capital to accelerate the development and launch of RIIG’s AI-powered solutions, expand client support, and grow its sales and marketing teams.

The post RIIG Announces Two New Board Members to Guide Strategy and Accelerate Growth appeared first on Cybersecurity Insiders.

Almost every single organisation, large or small, is acutely aware of the need to implement robust security measures. However, this is easier said than done. As the threat landscape continues to evolve, only heightened by tools such as AI, it can be difficult to stay ahead and ensure appropriate security measures are in place. Furthermore, there are a lot of security tools out there, and many organisations have tried to implement security measures and are now overwhelmed with an influx of information trying to figure out how best to manage it. 

However, though it may not be the easiest task, it’s certainly one worth doing right. So, as we look ahead to 2025, what are the main trends that organisations need to be aware of and how can they use this knowledge to stay protected? 

1.Nation-state threats will worsen 

The global geopolitical landscape is increasingly influencing the cyber threat environment. Nation-state actors, motivated by political or strategic goals, are launching more sophisticated cyberattacks which target critical infrastructure, government agencies and private enterprises. These attacks are often highly targeted and can have devastating consequences that disrupt society and economies.

In 2025, we can expect an uptick in cyberattacks from nation-state actors as global tensions rise. The UK, like many other countries, has already experienced the consequences of these kinds of attacks – and new technologies such as AI and quantum computing are only making things more complex. Just last month, UK minister, Pat McFadden, warned that Russia and other adversaries of the UK are attempting to use AI to enhance cyber-attacks against the nation’s infrastructure. Worryingly, however, over half (52%) of IT leaders in the UK do not believe the government can protect its citizens and organisations from cyberwarfare. 

As we move into the new year, we will increasingly see nation-state attacks move away from the direct theft of sensitive information and focus more on destabilising economies, disrupting services, or causing widespread panic. When it comes to threats such as these, catching the early warning signs is vital. Organisations need to ensure they are using proactive measures to detect and prevent threats before they materialise.

2.Supply chain attacks will continue to cause major disruption 

For the last few years, it has become increasingly evident how vulnerable organisations are to supply chain attacks. Attacks on third-party vendors and partners have been responsible for some of the highest-profile breaches this year, such as the Synnovis and the Network Rail attacks. Additionally, the estimated global cost of supply chain attacks is expected to reach $60 billion in 2025. 

As such, supply chain security is now a priority for many businesses, particularly as they depend more on external vendors for critical services and products. This broadens the scope of cybersecurity efforts beyond the organisation itself to include partners, suppliers, contractors and service providers. As such, organisations need to view their cybersecurity strategy holistically. It’s no longer enough to adopt a security posture that focuses solely on internal assets – businesses must extend their scope to the entire ecosystem.

3.Regulatory compliance becomes more complex 

The importance of regulatory compliance in cybersecurity has shifted from being a mere checkbox exercise to a fundamental aspect of any organisation’s strategy. And, with new regulations on the horizon, especially in the UK and Europe, businesses are now faced with even more stringent requirements.

For example, the EU’s Network and Information Systems Directive (NIS2) and Digital Operational Resilience Act (DORA) are pushing organisations to establish more robust cybersecurity frameworks. However, meeting these compliance requirements is not just about avoiding penalties. Organisations that invest in comprehensive cybersecurity programs, those that go beyond compliance and look to proactively protect against risks, are better positioned to maintain their reputation and trust among customers. 

Additionally, as the number and complexity of regulatory frameworks continue to increase, the demand for compliance-as-a-service solutions – which help organisations navigate the complex landscape of local and international regulations – will increase. These services can offer businesses tailored solutions that simplify the process of ensuring adherence while also enhancing their overall cybersecurity posture.

4. Solution consolidation will be vital 

Lastly, in response to the growing complexities of the threat and regulatory landscape, another trend we should expect to see in 2025 is the move toward single-platform solutions. Currently, organisations are heavily relying on point solutions designed to address specific security concerns, such as firewalls, anti-virus software and intrusion detection systems. However, as the threat landscape grows increasingly complex, the demand for integrated solutions will increase and it’s important that organisations have the ability to easily work through the influx of information that is out there with single-platform solutions.

Looking ahead

When it comes to cybersecurity, playing catch-up is not an option. In 2025, UK organisations need to ensure that they are staying one step ahead of bad actors. By being aware of the current trends in the threat landscape, businesses can make better-informed decisions regarding their cybersecurity posture. The threat landscape is always evolving, but organisations that stay informed, adopt a proactive cybersecurity approach, and make the most of the latest technologies will be far better positioned to protect themselves. 

 

The post The UK’s Cybersecurity Landscape: Key Trends and Challenges for 2025 appeared first on Cybersecurity Insiders.

In the ever-evolving landscape of cybersecurity, regulation often plays a lagging, but critical role in driving industry wide improvements in security posture, particularly around the security of Payments Data (Note 1). The Payment Card Industry Data Security Standard (PCI DSS) has undergone a profound transformation with version 4.0.  While the initial transition to 4.0 began in March 2024, organizations have until 31 March 2025 to fully implement and align with the comprehensive security requirements. 

This isn’t merely an update—it’s a strategic reimagining of how organizations must protect Payments Data in an increasingly complex digital ecosystem, providing a structured transition period for businesses to adapt to the enhanced security framework. 

The Urgent Need for Modern Payment Data Security

It is commonly repeated that cybercriminals have become more sophisticated – but in reality they have mostly become more business savvy in how they monetize easy access to data. Conversely the cost of responding and recovering from a breach has increased dramatically at the same time. According to the most recent Ponemon Institute report, the average cost of a data breach is currently around $4.45 million globally, with the United States experiencing the highest average cost per breach at $9.48 million. 

PCI DSS 4.0 was released as a comprehensive response to these escalating threats, and to keep pace with newer technologies, providing a more dynamic and adaptive approach to payment data security. The goals as outlined by the PCI Security Standards Council were to:

  • Continue to meet the security needs of the payments industry, 
  • promote security as a continuous process, 
  • add flexibility for different methodologies, and 
  • enhance validation methods.

What’s changed as a result 

The new standard and its latest revision represents a paradigm shift for one of the industry security standards around, moving beyond traditional compliance checkboxes to a more holistic, continuous security approach. A number of leading CISO’s that we help support are using PCI DSS 4.0 has the catalyst to not only enhance their PCI compliance, but modernize their legacy data security platforms. 

Adapting to Evolving Security Threats

PCI DSS 4.0 strengthens a number of fundamental security measures that address existing threat vectors.  Key identity updates unsurprisingly include a heavy focus on enhancing authentication and access control. Yet another example of the intersection of data and identities. This includes expanded multi-factor authentication (MFA) requirements, ensuring all access to cardholder data environments (CDE) is more secure. Password policies now require a minimum of 12 characters, reflecting modern security best practices. New requirements focused on the detection and protection against phishing, and web attacks to address ongoing e-commerce and phishing threats. The standard also strengthens encryption requirements, mandating encryption of Sensitive Authentication Data (SAD) and implementing stricter controls over Primary Account Number (PAN) data movement, including mandating separation between production and test environment through cryptographic key management.

Promoting Security as a Continuous Process

PCI DSS 4.0 moves from annual assessments to continuous security, emphasizing ongoing threat detection, response, and risk-based testing. Organizations must now maintain constant oversight of their Cardholder Data Environments (CDE), and also .  Organizations must clearly assign roles and responsibilities for each requirement, ensuring accountability for security actions. Coupled with this are changes around the need for ongoing monitoring and periodic reassessments of the CDE, and risk-based testing, which mandates authenticated internal vulnerability scans. These updates aim to identify and address security gaps in real time, strengthening overall data protection.

Increasing Flexibility to Meet Security Objectives

Recognizing that organizations have unique business needs, PCI DSS 4.0 introduces greater flexibility in how some of the security objectives are met. Companies can now use group, shared, and generic accounts under specific conditions, allowing for more operational efficiency. Targeted risk analyses empower organizations to set custom frequencies for certain activities, like vulnerability scans, based on risk levels. The new “customized approach” enables organizations to implement and validate security requirements in ways that better suit their operational models, fostering innovation while maintaining strong security.

Enhancing Validation and Reporting Methods

Clearer validation and reporting procedures in PCI DSS 4.0 improve transparency and accountability. Organizations now have better alignment between the information reported in the Report on Compliance (ROC) or Self-Assessment Questionnaire (SAQ) and the Attestation of Compliance (AOC). This alignment ensures that the information shared with stakeholders and auditors is consistent and complete, supporting more accurate assessments of an organization’s security posture.

The Role of DSPM in PCI DSS 4.0 Compliance

Data Security Posture Management (DSPM) has emerged as a critical tool for organizations striving to meet PCI DSS 4.0 requirements. DSPM solutions provide continuous visibility into both the Cardholder Data environment, but also the posture of the identities with access to it – key requirements from 31 March 2025. This insight into data security risks and compliance status, makes leading DSPM invaluable for maintaining the ongoing security posture required by the new standard. A DSPM can help organizations:

  1. Automatically discover and classify cardholder data across diverse environments
  2. Monitor data movement and access patterns in real-time
  3. Detect configuration drift, permission sprawl and security gaps that could impact compliance
  4. Streamline compliance reporting and documentation

Deployment Model Is Critical

But let’s be honest – if you’ve ever been responsible for PCI DSS compliance, you already know the frustration of using legacy data classification tools that leverage SaaS deployment models. Whether you’re driving PCI compliance like our customers at a major retailer, a fast-growing startup, or a payment provider, you’ve likely faced this scenario: You need to prove you know exactly where your payment card data lives, but your compliance tools demand you send them potentially sensitive data samples just to help you find… potentially sensitive data. It’s a catch-22 that keeps security leaders up at night. 

The problem? Most data classification tools live in the cloud, outside your PCI environment. Using them means extracting sample data from your secure environment and sending it to their SaaS platforms – essentially creating a new compliance challenge just to solve your existing one. It’s like building a second house just to check if your first house is secure. So the solution is not to tell you why something is flagged as Payments Data.

This is where Symmetry Systems takes a radically different approach. Instead of asking you to send sensitive data out, we come to you. Our solution deploys directly within your PCI-controlled environment, meaning:

  • No more scope expansion headaches
  • No risky data movement to external services
  • Real-time monitoring that actually sees everything
  • Validation you can trust because the data never leaves your control

For teams already stretched thin managing PCI DSS 4.0 transitions, this isn’t just a technical advantage – it’s a practical lifeline. You can focus on securing your data instead of jumping through hoops to prove you’re securing it.

Preparing for PCI DSS 4.0: A Strategic Roadmap

Achieving PCI DSS 4.0 compliance starts with establishing visibility into your cardholder data environment—not just known storage locations, but shadow IT, forgotten databases, and unmonitored data flows. Data Security Posture Management (DSPM) tools are essential for discovering and classifying cardholder data across cloud services, structured and unstructured data stores, and legacy systems. DSPM provides technical discovery, while business context adds depth, creating a baseline for compliance readiness.

With visibility in place, identify gaps against PCI DSS 4.0’s enhanced requirements. DSPM helps with access analysis, encryption status, retention policy adherence, and cross-border data tracking. Broader actions, like updating physical security protocols, strengthening authentication, and managing vendor compliance, require organizational change. Continuous monitoring—a PCI DSS 4.0 mandate—is supported by DSPM’s real-time tracking and anomaly detection but must be paired with governance measures, such as policy updates, incident response plans, and training programs. DSPM sets the foundation, but achieving full compliance requires a unified effort across technology, processes, and people.

Continue the journey to Modern Data Security

PCI DSS 4.0 represents not just another compliance headache, but to us and our customers, a much needed evolution in cybersecurity strategy to focus on the data and identities that matter most. The most successful organizations will view this standard not as a compliance burden, but as a strategic opportunity to differentiate themselves through superior data protection.

The future of payment data security is here—a future defined by adaptability, intelligence, and proactive protection. Are you ready?

Notes

1: Critical Payment Data Protected Under PCI DSS 4.0

Cardholder Transaction Data

  • Primary account number
  • Cardholder full name
  • Card expiration date
  • Service code

Sensitive Authentication Data

  • Full track data
  • Card verification code
  • Personal Identification Number (PIN)

The post PCI DSS 4.0: A Comprehensive Guide to Enhanced Payment Data Security appeared first on Cybersecurity Insiders.

Each year, companies lose around 5% of their annual revenue to fraud, which is a conservative estimate as most fraud goes undetected. As a result, companies have made it a top priority to tackle fraud. However, just when they find new ways to track down bad actors, fraudsters adapt. 

Fraudsters are using advanced cybersecurity techniques to launch increasingly sophisticated attacks. By leveraging an array of emerging technologies – machine learning (ML), artificial intelligence (AI), and cloud services – fraudsters are industrializing their operations, from automated phishing campaigns to Internet of Things (IoT) device exploitation and synthetic identity creation. This technological arms race presents an escalating challenge for businesses as traditional fraud prevention tools struggle to keep pace.

The challenge is compounded by the silos separating cybersecurity and fraud prevention teams within organizations. These organizational barriers create blind spots that sophisticated attackers exploit. To combat such attacks effectively, companies need to embrace an integrated approach that bridges the gap between these departments. Success demands more than collaboration – it requires a fundamental reimagining of how organizations detect, prevent and respond to hybrid threats.

Blurring the Lines Between Cybersecurity & Fraud Prevention

The traditional organizational model of separate cybersecurity and fraud prevention teams has become obsolete. Cyber teams, focused on infrastructure security, typically report to technology departments, while fraud teams report to product or operations. This structural division creates not just communication gaps but fundamental misalignments in threat detection and response capabilities.

Resource constraints further compound this issue, with cyber teams prioritizing enterprise infrastructure, leaving minimal bandwidth for direct involvement in fraud prevention efforts. The result is a fragmented security posture where implementation becomes mired in departmental complexity even when both teams identify critical needs – such as device integrity software.

How Cybercriminals Are Adopting Advanced Technologies

Today’s cybercriminals operate with unprecedented sophistication, leveraging cutting-edge technologies to bypass detection and execute large-scale fraud:

•Machine Learning & AI

Fraudsters are weaponizing ML and AI to scale their attacks, using algorithms to harvest and analyze social media and digital trails for personalized phishing emails and business email compromise (BEC) schemes. The emergence of generative AI further enhances scams with realistic deepfake audio and video content, creating multi-modal attacks that existing fraud systems struggle to detect.

•IoT Device Exploitation

The explosive growth of IoT devices presents new vulnerabilities for exploitation. Fraudsters use sophisticated spoofing tools to manipulate GPS locations and evade geolocation-based anti-fraud measures. These attacks don’t just compromise individual devices – they undermine entire security frameworks reliant on location data.

•Cloud Technology Misuse

Cloud-native services have become a force multiplier for fraudsters, offering the infrastructure needed to deploy botnets and execute credential stuffing and brute-force attacks at a massive scale. The democratization of cloud computing enables fraudulent operations to expand quickly and cheaply. Without advanced continuous monitoring systems utilizing ML-driven anomaly detection, these activities frequently remain undetected until significant damage occurs.

•Jailbreaking Legitimate AI Services

In a troubling new trend, fraudsters are finding ways to manipulate large language models (LLMs), systematically probing and exploiting built-in safety measures to weaponize these tools for phishing scripts, chatbot scams, and social engineering. This sophisticated manipulation renders traditional human oversight models obsolete as automation accelerates and diversifies potential fraudulent activities.

•Deepfake Services

Deepfake technology has evolved from a novelty to a serious security threat, providing fraudsters with the ability to circumvent KYC procedures through synthetic identities. Using a combination of stolen personal data and AI-generated content, bad actors can establish fraudulent accounts that pass even advanced verification processes.

•Tamper Detection as a Key Defense Mechanism

Tamper detection, originating from cybersecurity practices, plays a critical role in fraud prevention by monitoring devices for unauthorized modifications or access. Organizations without adequate device and application tamper detection capabilities leave security gaps that fraudsters exploit. Bypassing these safeguards can lead to significant issues, such as compromised data flows. Legacy detection measures struggle to maintain their effectiveness as tampering techniques grow more sophisticated.

Proactive Strategies for Combating Cyber-Driven Fraud 

Modern fraud prevention demands vigilance beyond initial authentication. Advanced AI systems now provide real-time threat detection, analyzing user behavior patterns and flagging anomalies that could signal fraudulent activity. What sets cutting-edge detection apart is its ability to identify complex attack patterns across multiple channels simultaneously, providing a comprehensive view of potential fraud threats. By implementing a layered defense strategy that combines cross-functional collaboration between cybersec and fraud teams and advanced tamper detection – organizations can detect and respond quickly to emerging threats.

Bridging the Gap for Future Resilience 

Today’s threat landscape has evolved beyond simple fraud schemes into a complex web of hybrid attacks that blur the lines between cybercrime and fraud. Fraudsters have learned to weaponize emerging technologies, like quantum computing and advanced ML models, making traditional prevention tools obsolete.

Organizations must respond by dismantling operational silos and fostering seamless collaboration between cybersecurity and fraud teams. When supported by advanced technologies like continuous monitoring and intelligent tamper detection, this creates a dynamic defense framework that adapts to emerging threats in real-time. 

The post How Fraudsters Are Adopting Cybersecurity Techniques to Bypass Detection appeared first on Cybersecurity Insiders.

Equitech Growth Fund Award for Developing Infrastructure to Enable Workforce Development Efforts

Baltimore, MD (12/19/24) – The Maryland Association of Community Colleges (MACC), the advocate and unified voice for Maryland’s 16 community colleges, and BCR Cyber, a leading provider of comprehensive cybersecurity training and job placement services, have received a $935,680 grant for their Cyber Workforce Accelerator (CWA) through the new Equitech Growth Fund from TEDCO (Maryland Technology Development Corporation).

Developed by MACC and BCR Cyber, the CWA provides all 16 of Maryland’s community colleges with access to BCR Cyber Series 3000 cyber ranges that deliver advanced experiential training and education technology to train and certify thousands of entry level IT and cyber practitioners. The Equitech Growth Fund award will facilitate procurement, configuration, and deployment of three BCR Cyber Series 3000 cyber ranges. The CWA will now have 13 cyber ranges available to all Maryland community colleges. 

“The Equitech Growth Fund was created to provide additional funding and resources to entities supporting Maryland’s growth through infrastructure and workforce development efforts,” said Troy LeMaile-Stovall, TEDCO CEO. “And with a highly competitive round of applications, we are anticipating the 14 awarded projects, including the one submitted by the Maryland Association of Community Colleges and BCR Cyber, to be a steppingstone in creating a competitive and sustainable Maryland ecosystem.”

TEDCO’s Equitech Growth Fund, managed by TEDCO and the Equitech Growth Commission, provides grants for infrastructure and workforce development initiatives that support Maryland’s economic competitiveness and inclusive growth of emerging and advanced industries in the State. The Equitech Growth Commission is tasked with developing an inclusive, comprehensive, long-term strategic plan and 10-year goals for growing the State’s innovation economy to be highly competitive with other states and regions relative to growing, attracting, and retaining a skilled workforce and high-growth businesses.

“This latest grant substantially impacts Maryland’s cybersecurity training and job placement capabilities by providing the capacity to serve thousands of community college cyber students and trainees in Maryland,” says Michael Spector, President of BCR Cyber. “We are extremely grateful to TEDCO for selecting the Cyber Workforce Accelerator program not only to help fill a significant technology job gap in our state, but also to create life-changing career opportunities for Marylanders.”

For more than seven years, BCR Cyber has worked with the Maryland Department of Labor Employment Advancement Right Now (EARN) program and Maryland community colleges to establish an IT and cyber workforce development pipeline. More than 2,000 Maryland residents have been trained, certified, and 83 percent placed through the pipeline. Participants are drawn from across the state, are generally unemployed or under-employed, and come from varied backgrounds and demographics; persons of color represented 68 percent of the program participants, 47 percent were women.

“Maryland continues to lead the nation in the use of cyber ranges at community colleges for workforce development and career advancement for underserved citizens. The Cyber Workforce Accelerator is a model that can be replicated in every state in the U.S.,” adds Spector.

As a function of this effort, a public-private consortium created by BCR Cyber of 35+ cybersecurity companies and government agencies will steer course content development and recruit entry-level employees trained at the community college cyber ranges. Each of these entities have pledged significant leveraged resources to this project.

BCR Cyber has also established a wide range of strategic relationships with state and federal IT departments, allowing them to deliver cutting-edge cybersecurity training to their employees. Collaborating closely with these government entities, BCR Cyber is enabling them to strengthen their cybersecurity posture while fostering a culture of continuous learning and improvement.

Additionally, BCR Cyber holds exclusive responsibility for conducting technical proficiency testing for third-party assessment organizations (3PAOs), as required by the Federal Risk and Authorization Management Program (FedRAMP). BCR Cyber testing ensures these organizations meet the standards necessary to assess and authorize cloud service providers for federal agencies.

This latest grant from TEDCO brings the total amount awarded year to date for the Cyber Workforce Accelerator to $6.4 million.

The post Maryland Association of Community Colleges and BCR Cyber Receive TEDCO Grant appeared first on Cybersecurity Insiders.

Most people are familiar with the concept of Schrödinger’s Cat – a thought experiment, whereby a hypothetical cat is sealed in a box with a radioactive substance and a device that releases a poison if the radioactive substance decays.  The experiment is designed to illustrate a quantum paradox wherein the cat may be considered both alive and dead simultaneously because its fate is linked to a random event that may (or may not) occur.

What does this have to do with modern software development? Well, it mirrors an increasingly critical risk associated with secrets embedded in code. These phantom secrets have the potential to cause major cybersecurity issues, yet a worrying number of developers aren’t aware of their existence. Many simply assume they’re long deleted, but until they examine the depths of commit history, they can’t be certain.

What are phantom secrets?

During development or testing, developers often embed sensitive secrets — such as credentials, API tokens, and passkeys — directly into their code, mainly for convenience. Of course, it goes without saying that these sensitive secrets must be removed before the code is pushed to production. To do this, developers typically rely on scanning tools, which find and erase them when the time comes. 

However, while many scanners can detect the presence of secrets and accidental exposures, there’s a hidden threat that’s overlooked by a worrying number of these tools – even after secrets are removed, they can still be retrieved from the commit history. 

This issue stems from a basic design flaw in Git-based infrastructure, and since this architecture underpins most Source Code Management (SCM) systems — including GitHub, GitLab, and Bitbucket — it impacts nearly all popular DevOps platforms. In fact, recent research by Aqua Nautilus found a vast number of secrets belonging to Fortune 500 companies on GitHub alone. 

The implications are extremely concerning. Not only can attackers exploit these exposed secrets to move laterally within an organisation’s environment, escalate privileges, and gain access to sensitive data, but most scanning tools currently can’t detect this threat at all.

Why do secrets scanning tools miss secrets? 

Most of the time when developers run secrets scanning on their SCM, they will be using the git clone, command, either actively or behind the scenes in the internals of the scanning tool.  

Due to edge cases or design choices of Git and SCM platforms, when using git clone command, developers will miss some commits that remain unscanned and unreachable. In this case, these commits may contain secrets that won’t be discovered. 

GitHub is a popular platform with plenty of public repositories. Hence, it is often targeted by attackers who launch massive secrets harvesting campaigns. However, the problem certainly isn’t limited to GitHub alone. 

Interestingly, in its documentation GitHub states unequivocally that sensitive data can be exposed via different scenarios, but it doesn’t explain how and why this exposure happens. It’s unclear for users how this happens and how to find this exposed sensitive data. 

To demonstrate the risk, Aqua Nautilus recently conducted a detailed analysis into how many hidden secrets exist. The analysis involved scanning the top 100 organisations on GitHub, ranked by the number of stars, which together have 52,268 different repositories. Firstly, the repositories were scanned with Gitleaks using git clone, then they were scanned again using git clone –mirror. The number of unique secrets, meaning those that only exist in the mirrored version of the repository, were then counted. The analysis found that if users only scan for secrets using a regular git clone, they will miss around 17.78% of the potential secrets in their repositories, which is a startling number.

Eliminate oversights with historical secret scanning

Fortunately, there is now a way to eliminate the oversights inherent in many scanning tools –historical secrets scanning. This new technology, which is available in leading secrets scanning solutions like Aqua Trivy, is designed to identify and address secrets that, though deleted from code, remain accessible in the commit history. 

Historical secret scanning works by thoroughly scanning and analysing commit history to uncover hidden or deleted secrets that traditional scanners miss, enabling teams to eliminate these risks once and for all. The key benefits of this approach include a complete view of all secrets without blind spots, enhanced detection that far surpasses conventional scanners alone, a reduced attack surface through the elimination of phantom secrets, and much stronger overall code security.

It’s critical that developers realise credentials, API tokens, and passkeys embedded in code can remain exposed for many years, even after they think they’ve been deleted. Releasing software with these secrets embedded in it poses a significant security risk. Fortunately, adoption of historical secret scanning is a great way to gain complete oversight of all secrets without blind spots, including those buried deep within the commit history. This oversight gives developers and organisations the ability to properly mitigate these risks, helping to reduce their exposure to cyberattacks and significantly bolster their security posture in the process.

 

The post Combatting phantom secrets: have you heard of historical secrets scanning? appeared first on Cybersecurity Insiders.

A recent report by Lineaje AI Labs has revealed that the United States is the top contributor to open-source projects, but it also leads in anonymous contributions, raising significant concerns about transparency and security in the global software supply chain. 

Geopolitical Risks in Open-Source Contributions 

The report, titled “Crossing Boundaries: Breaking Trust,” highlights the geopolitical risks associated with the geographic distribution of open-source contributions. With the rise of nation-state cyberattacks, the origin of code has become a critical issue for national and economic security. Microsoft estimates that its customers face 600 million cyberattacks daily, with 24% targeting the IT sector from nation-state attackers. 

Key Findings: 

  • U.S. Dominates Open-Source Contributions: The U.S. accounts for more than one-third (34%) of global open-source contributions, followed by Russia at 13%. Other significant contributors include Canada, the U.K., and China. 
  • High Rate of Anonymous Contributions: In the U.S., 20% of open-source contributions are anonymous, more than twice the rate of Russian contributions and three times that of Chinese contributors. Globally, 5-8% of open-source components are of unknown or dubious origin, potentially introducing hidden backdoors, malware, or critical vulnerabilities. 
  • Critical Software Faces Geo-Provenance Concerns: Industries such as defense, water, electricity, banking, and retail face challenges in software maintenance due to contributions from multiple countries, making it difficult to exclude adversarial nations completely. 

Global Maintenance Gaps in Open Source 

The report also identifies several troubling trends in the maintenance of open-source software, which contribute to critical vulnerabilities: 

  • Security Weaknesses: Open source contributes 2 to 9 times the code developers write, with over 95% of security weaknesses originating within open-source dependencies. Over half (51%) of these vulnerabilities have no known fixes, and 70% of open-source components are poorly maintained. 
  • Unmaintained Open Source Less Vulnerable: Surprisingly, unmaintained open source is less vulnerable than well-maintained open-source, which is 1.8 times more vulnerable due to the high rate of change. 
  • Deep Layer Vulnerabilities: Open-source projects can embed up to 60 layers of components, leading to poor risk assessment and remediation approaches. Knowing which vulnerabilities to fix can eliminate at least 50% of the effort and improve security posture by 20-70%. 
  • Version Sprawl Complications: More than 15% of open-source components have multiple versions in a single application, complicating remediation efforts. 
  • Security Risks from Coding Language Diversity: A mid-sized application can include 1.4 million lines of code across 139 languages, often dragging in risky memory-unsafe languages. 
  • Team Size Impacts Security: Open-source projects with very small (<10) or large (>50) teams deliver more risky packages than mid-sized teams. 

As open-source software continues to play an integral role in the global software supply chain, understanding and mitigating the risks associated with anonymous contributions and maintenance gaps will be more important than ever during this time of geopolitical tensions.

The post New Report Shows That The U.S. Leads in Anonymous Open-Source Contributions appeared first on Cybersecurity Insiders.

HackerOne’s suite of cybersecurity tools, including bug bounty programs and vulnerability disclosure services, is now available through the AWS Marketplace, expanding options for organizations to strengthen their cloud security. The platform provides tools for penetration testing, AI-assisted threat assessments, and secure code audits.

The AWS Marketplace connects users with software solutions designed for Amazon Web Services (AWS) environments, simplifying the process of selecting, purchasing, and deploying tools. With HackerOne now listed, businesses can tap into its unique combination of automated tools and insights from a global network of security researchers. These resources enable enterprises to address vulnerabilities across all stages of development and deployment.

By integrating with the AWS Marketplace, HackerOne aims to provide seamless access to its services, particularly for testing digital assets within AWS cloud environments. Organizations also benefit from AWS-certified experts with expertise in identifying cloud-based vulnerabilities, while HackerOne programs can be centrally managed through the AWS Security Hub for better visibility and coordination.

Cloud security challenges remain a significant concern, with misconfigurations and vulnerabilities often cited as leading causes of breaches. “As businesses migrate to the cloud, it’s critical they adopt comprehensive tools to mitigate emerging threats,” said John Addeo, Vice President of Channel Partnerships at HackerOne. He emphasized that the platform’s availability on AWS Marketplace helps streamline compliance and risk management processes.

HackerOne’s offerings can now be found in the Security, Testing, and Assessment sections of the AWS Marketplace, giving organizations an efficient way to access and deploy essential cybersecurity tools.

The post HackerOne Cybersecurity Platform Joins AWS Marketplace appeared first on Cybersecurity Insiders.