Author: Jane Devry

HackerOne’s suite of cybersecurity tools, including bug bounty programs and vulnerability disclosure services, is now available through the AWS Marketplace, expanding options for organizations to strengthen their cloud security. The platform provides tools for penetration testing, AI-assisted threat assessments, and secure code audits.

The AWS Marketplace connects users with software solutions designed for Amazon Web Services (AWS) environments, simplifying the process of selecting, purchasing, and deploying tools. With HackerOne now listed, businesses can tap into its unique combination of automated tools and insights from a global network of security researchers. These resources enable enterprises to address vulnerabilities across all stages of development and deployment.

By integrating with the AWS Marketplace, HackerOne aims to provide seamless access to its services, particularly for testing digital assets within AWS cloud environments. Organizations also benefit from AWS-certified experts with expertise in identifying cloud-based vulnerabilities, while HackerOne programs can be centrally managed through the AWS Security Hub for better visibility and coordination.

Cloud security challenges remain a significant concern, with misconfigurations and vulnerabilities often cited as leading causes of breaches. “As businesses migrate to the cloud, it’s critical they adopt comprehensive tools to mitigate emerging threats,” said John Addeo, Vice President of Channel Partnerships at HackerOne. He emphasized that the platform’s availability on AWS Marketplace helps streamline compliance and risk management processes.

HackerOne’s offerings can now be found in the Security, Testing, and Assessment sections of the AWS Marketplace, giving organizations an efficient way to access and deploy essential cybersecurity tools.

The post HackerOne Cybersecurity Platform Joins AWS Marketplace appeared first on Cybersecurity Insiders.

As we head into the new year, organizations face escalating governance, security, and regulatory compliance challenges, especially as AI adoption accelerates. To help businesses navigate these complexities and prepare for 2025, Henry Umney, Managing Director of GRC Strategy at Mitratech—a leading global compliance technology provider used by 30% of the Fortune 500 and over 500,000 users in over 160 countries—offers actionable insights and strategies.

Here are some of Henry’s key recommendations to ensure success in the year ahead:

  • Inventory & Risk Ranking: Start the year by building a comprehensive inventory of AI models and assigning risk rankings based on business impact or regulatory requirements like the EU AI Act. Use frameworks like the NIST AI RMF to benchmark and close gaps in your governance approach.
  • Budgeting for AI Security: Make AI security a priority for your 2025 budget. Begin with visibility—inventorying assets, assessing vulnerabilities, and benchmarking processes to ensure resources are effectively allocated.
  • Penetration Testing & Vulnerability Assessments: These steps are no longer optional for 2025. Testing critical AI processes can uncover risks early, guiding remediation efforts and budget planning to ensure continuity.
  • Continuous Governance: AI governance isn’t static. Allocate resources for ongoing monitoring, advanced training, and governance enhancements to stay ahead of evolving threats and compliance requirements.

With AI playing a more prominent role in business strategies, Henry’s expertise provides a clear roadmap for navigating this increasingly complex landscape.

The post Navigating AI Risks: Best Practices for Compliance and Security appeared first on Cybersecurity Insiders.

According to the Identify Theft Resource Center, the number of data compromises reported in the first half of 2024 increased 14% compared to the same period in 2023.  With cyberattacks increasing and impacting businesses of all sizes, more and more often the everyday consumer is feeling the effects – from Ahold Delhaize, parent company of Stop & Shop and other grocery chains, experiencing a cybersecurity issue that left grocery stores with empty shelves right before Thanksgiving to the Change Healthcare cyberattack compromising critical healthcare systems. These cyberattacks left consumers in some instances without a Thanksgiving turkey – and more detrimental, resulted in providers not able to submit new claims, pharmacies unable to charge appropriately for prescriptions, and prior authorizations not going through for essential medications.

Cybersecurity incidents do not always have these dire consequences, but they can erode customer confidence in an organization’s ability to serve them and protect their sensitive information. Organizations across industries must ensure they take the proper steps to prepare, mitigate and quickly recover from a cyberattack as it is no longer a matter of if one will happen – but a matter of when.

Identifying Potential Threats & Vulnerabilities

One of the first steps organizations can take to increase their cyber resilience is identify any potential system threats and vulnerabilities before bad actors can exploit them. To do so, many organizations rely on human led penetration testing which simulates attacks on a network and identifies weaknesses and vulnerabilities in real-time. Autonomous penetration testing is designed to provide companies with an unbiased and comprehensive view of their system.  As new weaknesses emerge, they are identified immediately which enables a proactive approach to risk management. 

Organizations should also conduct regular risk assessments to gain insights into their current security posture. Implementing continuous monitoring and threat detection allows organizations to analyze network traffic and detect unusual activity that may pose a security threat. Automated alerts and real-time responses help quickly address any suspicious activity so organizations can help mitigate potential damage and do so before it impacts customers. 

Implementing a Business Continuity Plan

When cyber incidents do inevitably occur, organizations must be prepared to respond – which is where business continuity plans come in. Business continuity plans test and validate how to keep operations running if a particular technology or vendor shuts down, enabling organizations to continue operations and save critical data. There are a few key areas these plans should cover, including:

  • Redundancy and Backup Solutions: Redundant systems, including regular data backups, ensure continuity in case a vendor’s services become unavailable. 
  • Specific Incident Response Procedures: Implement a plan for vendor-based incidents, and regularly test them. 
  • Reinforce Communication Protocols: Develop communication lines and protocols to seamlessly coordinate with discovered vendors in the event of a security incident.
  • Periodic Exercises with Updates: Perform periodic tabletop exercises and simulations that validate current processes, and update business continuity plans based on lessons learned and evolving threats.

Business continuity plans are a critical component of a comprehensive cybersecurity strategy. By implementing a comprehensive plan, organizations can reduce the overall downtime from a cyber incident. This not only limits financial losses, but also preserves the organization’s reputation and instills greater trust with customers. 

Investing in Employee Training

Employees are the backbone of any organization, but when it comes to cybersecurity, they can also be a vulnerability. Investing in regular cybersecurity awareness and training programs is one of the most effective ways to mitigate this risk and cultivate a well-informed and vigilant workforce. Employees should receive continuous education and training on emerging threats and best practices as the cybersecurity landscape is constantly evolving. This includes ensuring all employees know how to recognize phishing emails, avoid suspicious links, understand the importance of strong passwords, and report suspicious activity as soon as it happens. Every person in the organization, from entry-level to executives, should be involved in these trainings to build a culture of security throughout the entire workforce.

A comprehensive training program should involve simulations of different types of cyberattacks, so employees are properly prepared to respond to any threat. This involves running phishing drills and other real-world scenarios so organizations can test employees’ responses and improve their readiness. Simulations also give employees a chance to put their skills into practice and have greater awareness of potential threats when navigating online spaces, building important habits for the future.

While cyber threats are always looming, there are steps organizations can take to be better prepared. Investing in solutions like penetration testing, conducting regular risk assessments, and educating employees can all greatly mitigate business disruption. Being proactive when it comes to cybersecurity is critical for organizations to avoid being the next cyberattack making headlines – and more importantly, demonstrates a commitment to security for their customers. 

 

The post How to Increase Your Cyber Resilience – and Customer Trust appeared first on Cybersecurity Insiders.

Companies are adopting new technologies — such as AI — to help improve operations and enhance customer service. But 77% of CEOs worry about emerging security risks tied to these applications and tools.

Businesses must find a way to navigate the push-pull of potential benefits and possible drawbacks. Focus too much on strategic objectives and data security gets left behind. Put too much emphasis on regulatory rigor and potential opportunities may slip past.

Put simply, balance is key. Here’s what it looks like in practice. 

Exploring The Cybersecurity Trifecta

Three components impact the adoption and integration of security practices: Mission, safety, and compliance.

Mission

Mission objectives may be short or long term. They may focus on bringing in new customers, improving current consumer and partner relationships, or deploying and integrating new technologies that help streamline business operations.

At their core, these objectives represent what businesses want to achieve — what they could do if security and compliance weren’t a concern. When paired with protective policies, the result is a paradox: Cybersecurity measures often seem like they’re in opposition to mission objectives.

In practice, businesses must find ways to incorporate security solutions without sacrificing growth or profitability. 

Safety 

Safety focuses on protecting both personnel and business assets. On the staff side, safety may include the defense of payroll, medical, and human resources data. Business assets, meanwhile, range from intellectual property to proprietary code, financial statements, and process data.

Common approaches to safety include data encryption, multifactor authentication (MFA), and zero trust network access (ZTNA).

Compliance

The proliferation of data digital has led to the development of government standards and private industry regulations. If companies fail to meet these standards, they could face fines, operational penalties, or legal action.

Consider the EU’s GDPR. This regulation requires companies to follow specific practices when handling, collecting, and using the personal data of individuals living in the European Union. For example, businesses must clearly state how they intend to use collected data and provide the option for customers to opt out. Other regulations such as the CCPA, HIPAA, and PCI DSS also play a role in cybersecurity operations. 

Think of cybersecurity as a three-legged stool. If any leg is shorter or longer than the others, the stool isn’t stable. For example, if you prioritize business goals over data safety or compliance, you open yourself to legal and regulatory challenges.

If compliance is your only concern, meanwhile, you may find yourself struggling to meet business goals and may miss the forest for the trees when it comes to safety. 

Three Best Practices to Find Your Security Footing

So how do companies find their security footing?  

1.Conduct regular risk assessments

You can’t find balance if you don’t know what’s underfoot. In practice, this means carrying out regular risk assessments to determine where your security is effective, where it needs work, and where it’s effectively non-existent. 

These risk assessments can also help support mission objectives. For example, if assessments determine that security around financial operations is strong and reliable, companies can confidently act on potential mergers or investments.

If security assessments reveal vulnerabilities, businesses can take steps to close these gaps before taking on new projects. Given the growing complexity of regulations, it’s often worth working with a third-party provider that can deliver GDPR, CCPA, or HIPAA compliance consulting, as well as carry out in-depth risk assessments to determine next steps.

2.Develop and test incident response plans

Security compromise is a matter of when not if. The development and testing of incident response (IR) plans help ensure that companies aren’t caught unaware when malicious attacks or insider issues arise.

The most important aspect of IR plans? Test, test, test. As threats evolve, plans must keep pace. If plans are static, they may provide a false sense of security that attackers can exploit. 

3.Provide employee training

Employees represent security risk but are also a key line of defense against potential threats. To bolster cybersecurity, companies should provide regular employee training on current and emerging threats. It’s also a good idea to carry out practical exercises, such as simulated ransomware attacks or phishing campaigns to give staff practical experience in dealing with security concerns.

Together, these best practices help shore up security weak points without sacrificing short- and long-term business goals. Worth noting? Regular application of these best practices is required to ensure cybersecurity strategy stays in balance. 

Steady as She Goes

Effective business cybersecurity is about balance. Too much emphasis on mission objectives opens companies to security threats, while over-focus on safety and compliance can hamstring growth and revenue plans.

To find (and keep) security efforts in balance, businesses need to carry out in-depth risk assessments, develop and regularly test IR plans, and ensure employees are up to date on both current and emerging threats.

The post How to Implement a Balanced Approach to Cybersecurity: Prioritizing Mission, Safety, and Compliance appeared first on Cybersecurity Insiders.

Cyber insurance is now becoming more widely adopted with 43% of businesses now holding a policy and premiums have fallen for the first time this year, with the Global Insurance Market Index showing a decline of 6% over the last three quarters of 2024. This is due in part to the market maturing and providers becoming more accurate at assessing risk. Ransomware, supply chain attacks, business email compromise, data breaches, human factors and skills shortages were all seen as the key risks this year, with AI and geopolitics set to join the list as insurers seek to align policies with risk.

But the sector is also becoming more prescriptive over what is covered. Around a fifth of insurers elected to remove ransomware protection altogether in 2023 while others have chosen to cap payments. What’s more some of these attacks could be classed as cyber warfare if they are deemed to have been carried out by or sanctioned by a nation state actor. In fact, Lloyd’s of London issued a statement to this effect last year stating that certain policies should include a clause that excludes liability for losses arising from any state-backed cyber attack. For this reason, it’s imperative that businesses read the terms and conditions of their policy and pay attention to any changes that are typically made by insurers on an annual basis. 

Reading the fine print

Unfortunately, many businesses are not familiar with the cover they are afforded. A survey conducted by Apricorn of IT security decision makers in mid-2024 found that 7% of those questioned were unsure whether it covers them adequately in the event of a cyber breach. Others found they were unable to make a claim, with 8% proving unsuccessful in claiming financial assistance from their insurer. However, they were all too aware of what they wished to guard against, with 31% naming ransomware as a top concern when seeking cover followed by phishing and supply chain attacks.

Insurers are also becoming more exacting in their requirements when it comes to the security measures that the business should adopt to meet policy requirements. 

They’ll often want to see how the business plans to protect its data through the use of encryption, access controls and secure storage, for example, as well as the incident response plan which should include provisions for recovery to help the business resume operations. 

Key to this ability to recover is the back-up strategy yet surprisingly few have a multi-layered backup plan that is tried and tested. Ideally, the business should follow the 3-2-1 rule and have at least three copies of data, stored on at least two different media, one of which should be offsite. One copy of the data should be offline, for example, on an encrypted removable hard drive that can be disconnected from the network. And the strategy should be tested on a regular basis to ensure data can be retrieved.

Too many are unable to recover data

The Apricorn survey found that half of those questioned had to resort to recovering data from backups over the past year. Of these, a third (33%) were either unable to do so or could only partially recover their data, illustrating that weak backup processes remain. This is in spite of the fact that almost half (46%) consider robust backup policies to be the most important factor when it comes to compliance with cyber insurance policies, up from 28% in 2023. 

Other key considerations when it comes to meeting insurance demands cited by respondents were password hygiene (41%) and employee training and awareness (43%). These efforts, combined with encrypted storage (both at rest 35% and on the move 39%), regular patch updates (35%) and access controls (36%), were all regarded as essential components of a robust cyber defence strategy.

What the survey reveals therefore is that businesses are aware of what measures they need to have in place but they’re not always blast testing those processes. The tide is turning with the implementation of more robust backup practices but it’s doing so at too slow a pace. There has a significant increase in automated backups, for instance, indicating a move away from manual backups which can see users either forget to save data or make mistakes in doing so. Automated backup to both central and personal repositories has surged to 30%, up from 19% in 2023.

Attacks against backups are on the increase

However, threat actors have been quick to exploit this reliance on repositories. The 2024 Ransomware Trends report found that 96% of ransomware attacks are now aimed at these repositories. This makes it even more critical that companies don’t just rely on these online locations but have air gapped or offline backups of their data. 

Looking to the future, it’s imperative that the cyber insurance sector and their business clientele collaborate more if we are to see premiums reflect and protect against threats accurately and at a sustainable price point. We need to see more transparent policies that adopt clear wording and address current and emerging threats on the insurance side and we need to see organisations not just pay lip service to policy requirements but actively test and add contingency storage on the part of the enterprise. 

Cyber insurance should never be a substitute for risk assessment but should instead be seen as a means of guarding against residual risk once measures have been enacted. Any breach will still result in considerable cost and expense caused by loss of business and reputation, recovery efforts and reporting so reducing the likelihood of it happening is in everyone’s interests.

 

The post Could better backups reduce cyber insurance premiums? appeared first on Cybersecurity Insiders.

Prediction 1: Robust supply chain security is not optional; it’s essential for safeguarding against software vulnerabilities.

•In 2025, businesses need to safeguard themselves from security risks linked to software dependencies – that is, external applications or code they rely on. While they save development time, they can pose cybersecurity risks, including vulnerabilities from outdated or unpatched components, supply chain attacks, and malicious code insertion. These are what we call “zero-day” risks as the flaws remain unknown and unpatched, leaving zero-days to respond to threats.

•The increase in cyber attacks on popular applications underscores the importance of strong supply chain security. Companies should establish strict controls, including regular audits, timely software updates, and thorough management of vulnerabilities to reduce risks from third-party software.

•Effective crisis management will be crucial. Businesses should adopt a structured approach known as ‘Red Teaming’, whereby a group of skilled security experts, known as the “red team,” simulate real-world cyberattacks on an organisation’s systems, networks, and physical infrastructure. The goal is to identify vulnerabilities and test the effectiveness of the organisation’s defenses by emulating the tactics, techniques, and procedures of potential adversaries. Regular drills and scenario planning will help ensure organisations are prepared to respond effectively to security incidents.

•A comprehensive Third Party Risk Management Program should ensure compliance by managing evolving requirements and assure due diligence through proactive management responsibility. It must be flexible to adapt to varying risks across different third-party engagements and act as a platform that utilises automation for adequate coverage and frequent assessments. Additionally, it should integrate with the organisation’s risk culture and appetite, providing visibility and management capabilities, and produce repeatable, coherent results that drive continuous improvement. 

Prediction 2: As geopolitical tensions rise, businesses must be prepared to swiftly isolate network segments to mitigate risks.

•The ability to segment networks and implement robust controls to remotely switch off locations will be critical in 2025. As geopolitical tensions escalate, businesses must be ready to swiftly isolate parts of their network in response to potential sanctions or security threats. This is essential for maintaining operational security and continuity, especially for companies in high-tension regions. 

•Advanced network segmentation involves creating distinct, isolated segments within a company’s network, each with its own security controls and access policies. This can help limit the spread of potential cyber threats and allow for more precise control over data flow and access. By segmenting their networks, businesses can help better protect sensitive information and critical infrastructure from cyberattacks and espionage. 

•In addition to network segmentation, businesses must develop robust remote control capabilities to manage and secure their operations from a distance. This includes the ability to remotely switch off or isolate specific locations in the event of a security breach or geopolitical crisis. By having these controls in place, companies can quickly respond to emerging threats and minimise the impact on their operations. 

Prediction 3: NIS2 mandates 24-hour reporting of cyber incidents; this will push businesses to enhance their incident response frameworks for greater transparency.

•The new NIS2 Directive will require in-scope organizations to report significant cyber incidents within 24 hours, down from the previous 72 hours. This accelerated timeline will challenge some, as thorough investigations often take longer. While the aim is to enhance transparency and prompt response, initial reports may lack detailed information. Organizations will need robust incident response frameworks to meet these deadlines, ensuring timely updates while continuing investigations.

•NIS2 will push organizations to improve their cybersecurity hygiene and compliance management. Emphasising risk frameworks and duty of care, the Directive will compel organizations to adopt comprehensive cybersecurity measures. This includes regular security assessments, employee training, and advanced security technologies. By enhancing their cybersecurity posture, organizations can better protect against threats and ensure compliance, mitigating the risk of penalties and reputational damage.

•NIS2 will also highlight the importance of supply chain security, requiring enterprises to assess and manage risks associated with third-party vendors. Companies must ensure their suppliers adhere to stringent security standards, extending evaluations to multiple tiers of the supply chain. 

•Customers will leverage cyber risk quantification tools and processes to enhance risk management, facilitate board communications, demonstrate effective risk management, and evaluate the efficacy of their cybersecurity programs. Additionally, supply chain security plays a crucial role in this process.

The post 2025 Cybersecurity Predictions appeared first on Cybersecurity Insiders.

Fenix24™, a leading provider of incident response recovery solutions, has introduced Argos99™, the latest addition to its suite of cybersecurity services. This innovative offering, developed in collaboration with Conversant Group’s renowned recovery expertise, is designed to enhance organizations’ cyber resilience and optimize recovery processes by delivering critical insights into their IT assets and infrastructure.

Many organizations face challenges stemming from limited visibility into their IT environments, including critical on-premises systems, SaaS-based data repositories, and the interdependencies of vital systems. This lack of awareness increases security vulnerabilities and prolongs recovery times in the event of a cyber incident. Argos99 addresses these issues by providing a centralized platform to map dependencies, manage distributed IT assets, and monitor key data repositories. The solution identifies and tracks IT assets such as endpoints, virtual infrastructure, privileged credentials, shadow IT, and SaaS data, along with the dependencies that underpin essential business functions.

“In the age of cyberwarfare where we are all potential victims, the biggest challenge for post-incident recovery and pre-incident resiliency is the unknown,” said Mark Grazman, CEO of Conversant Group. “Argos99 empowers businesses to proactively address these risks by providing interdependency mapping and a comprehensive view of their entire IT environment. Not only does Argos99 help organizations in peacetime, but it will also further accelerate Fenix24’s recovery process, enabling faster and more effective responses when incidents occur.”

Built on the insights, best practices, automation, and scripts developed by Fenix24, Argos99 is more than just a preventative tool—it is a cornerstone of comprehensive cyber resilience.

Key features and benefits of Argos99 include:

  • Policy and Configuration Analysis: Enables organizations to pinpoint areas for improvement in cybersecurity configurations, spanning Endpoint Detection and Response, firewalls, lateral movement defenses, identity management, storage, and backups.
  • Configuration Drift Monitoring: Tracks changes in cyber policies over time, providing functionality to revert policies to their intended configurations across all tools.
  • Asset Dependency Mapping: Uncovers critical Tier 0 infrastructure dependencies, offering a deeper understanding of the relationships between databases, identity systems, and application layers.
  • Rapid Hardening: Identifies configuration vulnerabilities and creates a roadmap for remediation, allowing organizations to address weaknesses in days rather than months while mitigating the risk of repeat attacks.

Argos99 is now available to both new and existing Fenix24 customers. For additional details, visit Argos99.com.

The post Fenix24 Debuts Argos99 to Fortify Cyber Resilience and Streamline Incident Recovery appeared first on Cybersecurity Insiders.

As cyberattacks become more frequent and targeted, the potential for significant collateral damage increases, complicating efforts to maintain societal resilience. Looking ahead to 2025, the question we must ask ourselves is: how can we protect our most vulnerable infrastructure from the fallout of cyberwarfare?

Here are my predictions for how this landscape will evolve in 2025 and the trends security teams will need to continuously monitor.

The Blurring Line Between Military and Civilian Targets

The distinctions between military and civilian infrastructure are rapidly blurring in the cyber domain. Hospitals, water utilities, transportation networks, and even personal smart devices have become prime targets for cyberattacks. In 2025, the civilian infrastructure is expected to be on the frontlines of cyber warfare. The risks posed to civilians—whether through disruption of essential services or direct harm via compromised healthcare systems—are no longer secondary concerns in cyberwarfare, but key objectives.

Ransomware has evolved from a financial windfall for cybercriminals to a political weapon for nation-states. These attacks will continue to target sectors critical to national security, including healthcare, transportation, and finance, pushing cybersecurity even further to the forefront of national defense priorities.

The Escalation of State-Sponsored Cyberattacks

Nation-states and rogue factions are rapidly integrating cyberattacks into their military arsenals, with cyber operations becoming a first-strike option in geopolitical conflicts. By targeting critical infrastructure—such as energy grids, communication networks, transportation systems, and supply chains—these attacks can cripple an entire national infrastructure and create mass chaos without a single physical shot being fired. This shift toward cyber warfare reduces the immediate risk of physical casualties, and in turn allows state actors to engage in asymmetric warfare, where a smaller, technologically advanced nation can punch well above its weight.

We expect to see an escalation in state-sponsored cyberattacks aimed at creating widespread disruption and psychological stress. These attacks will demonstrate increased sophistication as governments turn to advanced technologies, including AI-driven malware, to outmaneuver their targets.

Cyber Mercenaries and Proxy Actors: The Hidden Hands of Cyberwarfare

A new breed of actors is emerging on the cyber battlefield: cyber mercenaries and proxy groups. These private contractors operate in the shadows and often conduct operations on behalf of nation-states, often with plausible deniability. The rise of these actors complicates attribution, making it harder to identify the true culprits behind a cyberattack and escalating international tensions.

In 2025, we will see increased involvement of these proxy actors, particularly in regions of political conflict, where nation-states seek to wage cyber campaigns without direct accountability. This will lead to heightened uncertainty and confusion, as attacks can no longer be easily attributed to state actors, further muddying the waters of cyberwarfare.

Cyber Espionage and the Race for Emerging Technologies

Intellectual property theft and cyber espionage are likely to intensify as nation-states seek to gain competitive advantages in emerging technologies, including AI, biotechnology, and quantum computing. The strategic importance of these technologies cannot be overstated, as they are central to the future of economic and military power. In 2025, we expect to see more targeted attacks on research institutions, tech companies, and critical infrastructure linked to these innovations.

The Emergence of AI-Driven Cyber Weapons

Artificial intelligence is transforming the offensive capabilities of cyber actors. The next generation of cyber weapons will be powered by machine learning algorithms that allow them to autonomously learn, adapt, and evolve. AI-driven malware, for example, will be capable of dynamically changing its code to evade detection, bypassing even the most advanced security measures.

These AI-powered tools will be especially dangerous because they can automate much of the work currently done by human operators. The combination of speed, intelligence, and adaptability makes AI-driven cyber weapons harder to defend against and far more destructive. In 2025, we may see AI-designed attacks that overwhelm cybersecurity teams by generating thousands of variants of malware or exploiting zero-day vulnerabilities faster than defenders can respond.

The Weaponization of IoT Devices

The proliferation of Internet of Things (IoT) devices introduces an alarming attack surface for cyber actors. From smart homes to autonomous vehicles, medical devices, and industrial IoT systems, connected devices are vulnerable to large-scale attacks that could cause physical damage or disrupt critical services. 

We expect to see the weaponization of IoT devices in 2025, with cyberattacks targeting everything from individual households to nationwide infrastructures. For instance, a well-coordinated attack on smart energy meters could cause massive power outages. Likewise, attacks on autonomous transportation systems could lead to chaos in major cities. As more devices come online, the potential for destructive IoT-based cyberattacks will increase exponentially.

Quantum Computing: The Next Frontier of Cyber Threats

While quantum computing remains in its early stages, breakthroughs in 2025 may begin to challenge the security of traditional encryption methods and password complexity. State actors that invest heavily in quantum research could gain the ability to decrypt sensitive data previously considered secure and/or passwords that in the past were not easily guessed. This will trigger a race to develop quantum-resistant encryption standards and new password methodologies, but until then, the threat of quantum-enabled cyberattacks looms large.

Global Cybersecurity Cooperation Breakdowns

As cyberwarfare tactics become more sophisticated and geopolitical stakes rise, we may see a breakdown in international cooperation on cybersecurity. Distrust between nations and diverging national interests could lead to fragmented defense efforts, making it harder to mount a unified response to global cyber threats. In 2025, the challenge will be technical as well as political, as nations navigate the complex terrain of cyber diplomacy.

To strengthen the response to cyberattacks, organizations, vendors, and governments should prioritize collaboration, information sharing, and trust-building through public-private partnerships and international coalitions. Standardizing global cybersecurity frameworks and promoting shared certification programs can improve defense alignment, while regular cyber diplomacy summits and confidence-building measures can promote trust and cooperation between nations. Expanding AI-powered threat intelligence networks and establishing national and international cyber defense task forces will enhance real-time response capabilities.

As we head toward 2025, state-sponsored chaos, AI-driven weaponry, and the blurred lines between civilian and military targets will define the cyber domain. To defend against these rising threats, we must adopt holistic security strategies that identify and prioritize risk across the entire digital ecosystem. Equally important will be fostering international collaboration, as cyberwarfare knows no borders, and the only way forward is through collective defense. The time to act is now, as the stakes have never been higher.

 

The post 2025 Predictions for the Cyberwarfare Landscape appeared first on Cybersecurity Insiders.

Cybersecurity is dynamic, ever changing and unpredictable. This past year contained significant surprises. Who would have thought the largest data breach incident of 2024 would involve no malware or vulnerability exploitation?

Subject matter experts often make inaccurate predictions. Rather than try to predict the future, here are insights into what 2025 may hold based on Intel 471’s historical analyses of trends and intelligence collection.

Artificial intelligence (AI) will enhance, scale attacks.

In 2024, the AI naysayers became almost as loud as its proponents, with questions regarding how much large language models (LLMs) can improve, questionable scraping of training material and why LLMs aren’t great at math. But AI shows strong capabilities with narrow-focused tasks, such as search, chatbots, image and text generation and simple coding tasks. Cybercriminals and nation-state actors have shown interest in applying LLMs to some of the mundane tasks they’re faced with when trying to breach organizations. Microsoft and OpenAI disabled accounts used by Russian, Iranian, Chinese and North Korean threat actors. Those actors were using OpenAI’s services for productivity-enhancing tasks, such as researching companies, finding cybersecurity tools, debugging code, writing basic scripts, creating content for phishing campaigns and translation.

Predicting AI’s course over the next year would be foolish, as this is a field that has surprised machine learning (ML) and AI experts with years of middling progress, which has been punctuated with sudden leaps in forward movement. AI is becoming cheaper and more accessible via open source models that allow more malicious actors to experiment. This has resulted in more customized AI tools being offered on forums. In short, the risks are already here.

While threat actors may not be writing exploits with AI (yet), productivity gains are worrisome in that it increases the scale and quality of attacks, whether it be through polished phishing, better selected targets or faster and more complete reconnaissance. Also, visibility into how nation-state adversaries are using LLMs will fall as countries develop their own LLMs. The status quo now — where natively developed LLMs aren’t as good as OpenAI — gives OpenAI and Microsoft an insightful window into threat actor activity. Actors have to enter prompts, and all of those prompts can be correlated and analyzed as to where they’re coming from, what they’re asking and their likely goals. It’s like looking over the shoulder of adversaries while they’re plotting. This position won’t last, however.

Malware distribution will bounce back.

One of the most significant law enforcement operations of 2024, Operation Endgame, targeted several types of “dropper” or “loader” malware — initial stage infections that can download other malware. The operation focused on IcedID, SystemBC, Pikabot, SmokeLoader and Bumblebee, which threat actors used to distribute other malicious code that could eventually lead to ransomware, data theft, or further illicit activity. The operation led to four arrests and the takedown of more than 100 servers worldwide. This action appeared immediately successful, with the targeted malware families dropping in circulation. These law enforcement operations impose costs on threat actors, as it takes time, effort and money for them to reconstitute malware distribution infrastructure.

Intel 471’s patented malware emulation and monitoring system showed a sharp drop between the second and third quarter in delivered payloads, or to put it another way, malware observed delivering other malware. This could be the result of the disruptions. Since the distribution of loader or dropper malware is critical for follow-on attacks, there is market demand for access to compromised machines. As such, Intel 471 has observed one targeted malware family, Bumblebee, rebound with a new version circulating in October 2024. The Bumblebee campaign yet again proves that dismantling a malware campaign’s infrastructure does not guarantee its permanent elimination. Despite exhibiting low activity and lacking significant sophistication or unique distribution methods, the observed changes in development indicate the actors are actively refining their malware. We would expect overall malware distribution to increase in 2025.

Rising geopolitical tension will influence cyber.

Geopolitical events and cybersecurity are becoming ever closer entwined. Offensive cyber actions are used by nations for espionage, intellectual property (IP) theft, pre-positioning in case of conflict and spreading misinformation. China poses one of the most formidable adversaries, as it has targeted government and civilian infrastructure at scale. U.S. FBI Director Christopher Wray has said China “has a bigger hacking program than every other major nation combined. In fact, if each one of the FBI’s cyber agents and intelligence analysts focused exclusively on the China threat, China’s hackers would still outnumber FBI cyber personnel by at least 50 to 1.” Russia, which continues a grinding war campaign in Ukraine, has long-running and highly effective advanced persistent threat (APT) groups that have continually demonstrated their expertise in infiltrating supply chains and compromising major software vendors.

The election of Trump for a second, non-consecutive term could change how the U.S. Department of Justice conducts cyber-related investigations. For at least a decade, the department has been aggressive in identifying, naming, sanctioning and indicting Russian, Chinese, Iranian and North Korean threat actors, both in the nation-state and financially motivated cybercrime spheres. A perceived weakening in how the U.S. approaches holding threat actors publicly accountable for their actions could open the door to more aggressive activity. However, cybersecurity has generally been one of the few non-partisan issues in an increasingly hostile U.S. political environment, so the department may be left to continue its solid work in holding threat actors accountable.

The post What 2025 May Hold for Cybersecurity appeared first on Cybersecurity Insiders.

Once a cornerstone of the digital promise, trust has been undermined by corporate misuse, data breaches, disinformation, and the growing realization that what we see online might not even be real. The effects are far-reaching, touching not only our interactions with technology, but also our relationships with each other and the world around us. Business leaders need to recognize the trend and take steps to respond.

Digital trust—the confidence we place in online platforms, services, and technologies—is declining. Data from the Pew Research Center in 2023 showed 72% of Americans have little to no understanding about the laws and regulations that are currently in place to protect their data privacy, an increase of nine percentage points since 2019. Among those surveyed with a college degree, 70% were skeptical that anything they do to manage their online privacy will make a difference.

The Crumbling Foundations of Digital Trust

The digital world was built on the assumption that the platforms we use would act responsibly. Yet, recent history reveals a series of breaches—both of data and of trust. High-profile scandals like Cambridge Analytica’s misuse of Facebook data demonstrated how personal information could be weaponized for profit or political gain.

A study by PwC identified a trust gap between companies and their customers: while 90% of business executives believe customers highly trust their company, only 30% actually do. The delta has grown from 57 percentage points in 2023. Social media companies in particular are struggling to gain consumer trust as users feel their personal information has become a commodity, traded and exploited by algorithms and corporations that rarely prioritize their interests. 

When we’re given the rare opportunity to exercise choice about the trust users put in online businesses—such as cookie consent forms mandated on European websites—many users choose skepticism. They opt out of tracking and data sharing, a subtle rebellion against platforms that typically demand trust in exchange for their services. However, one recent study found 65% of websites tested continued to use tracking cookies even after the user had explicitly opted out. 

This reality prompted the World Economic Forum to call the Chief Trust Officer (CTrO) role “The next C-Suite role that every company needs” and posed a simple question to business leaders: “Who’s in charge of reviewing, redefining and reconstructing trust?” Many companies, even two and a half years after the article was written, would be unable to provide an answer, and relatively few organizations have heeded the advice to create a CTrO position. 

From Implicit Trust to Zero Trust

Perhaps the quickest way for a company to lose the trust it has earned is in the aftermath of a data breach. But despite ‘breach fatigue’, where users are no longer shocked by breaches, only disappointed, 66% of U.S. consumers said they would no longer trust a company that had a data breach. 

One of the biggest trust challenges companies face relates to cybersecurity. For years, access to accounts, applications, databases and information has relied on the implicit trust in a username and password combination. Provide the right access credentials, and you essentially have the keys to the kingdom. Hackers have exploited this weakness ruthlessly for decades. A breach can be devastating and recovery often takes years. 

It should therefore come as no surprise that the cybersecurity strategy being widely adopted by large companies around the world is called ‘Zero Trust’. Zero Trust assumes that no user or application can be trusted by default, requiring constant verification. While effective at protecting networks, it’s also a telling reflection of our times: trust is no longer given; it must be continuously earned. Every interaction requires verification, every connection demands scrutiny.

A Zero Trust architecture makes it significantly harder for cyber attackers to steal data, but it also builds trust with third parties in a vendor ecosystem. If suppliers implement Zero Trust in their environment, the likelihood of a breach that disrupts customers is significantly lower.

A Crisis That Demands Action

Rebuilding digital trust will be a long road, but C-suite leaders can take immediate steps to make a difference for their customers. 

Communicating clearly about data collection and usage is key. X, formerly Twitter, recently revamped its privacy policy to highlight six common areas of concern, including the data collected, how it is used, and how users can update their privacy settings. This allows users to get the highlights even without reading the full policy.

Next, taking steps to minimize the likelihood of a breach by deploying a Zero Trust architecture, and prioritizing relationships with third-party suppliers that do the same, pays dividends. The approach simplifies networks by removing firewalls and VPNs, which are often the source of breaches, and reduces the risk of financial, operational, and reputational damage of an attack that can affect consumer confidence for years. 

Last, leaders must prioritize digital literacy among employees. Security awareness teaches us how to avoid phishing and other common threats, but now equip employees with the skills to navigate a complex digital landscape, including how to critically assess sources, spot deepfakes and disinformation. Fake news, manipulated videos, and AI-generated deepfakes each pose real risks to businesses.

Of course, for meaningful change, a concerted effort from government, industry and individuals is required, and that seems unlikely in the short term. But, as highlighted in the Harvard Business Review in 2015, companies that give customers control of their personal data and offer fair value in return for it, will not only be trusted, but will earn ongoing and expanded access. In a world where customer data is a source of competitive advantage, gaining consumers’ confidence will be key.

 

The post Digital Trust Is Declining. Businesses Must Respond appeared first on Cybersecurity Insiders.