Author: Jane Devry

External vulnerability scans have become a staple in the cybersecurity toolkit of most organizations. Similar to a penetration test, external scans are designed to discover open ports and internet exposed assets including websites, servers, APIs, and other network endpoints to help identify vulnerabilities and potential entry points in an organization’s external infrastructure. 

The exploitation of vulnerabilities as the critical path to initiate a breach had an 180% increase over last year, according to the Verizon 2024 DBIR Report.  That makes verifying the security posture of externally-facing systems very important. External scanning is part of that equation. Scanning can uncover vulnerabilities like injection flaws, cross site scripting, broken authentication, unsecured APIs and other common security misconfigurations that lead these breaches. But while they can provide a baseline level of security if used correctly, external vulnerability scans can create a false sense of safety if not used effectively, which is far too often the case.

Many organizations struggle with the basics of managing and maintaining an external vulnerability management program, and often see it fall apart over time. Everyone runs external scans, yet everyone hates them. They are notorious for creating more noise than intel, and more busy work than actionable remediation advice. What gives?

Challenges in Discovering External Assets 

Despite the near ubiquitous use of external scanners, the visibility they give us is limited. Most organizations struggle to know what external assets they own, much less maintain a comprehensive and up-to-date view of their external attack surface. Common challenges include:

• The work is tedious: There’s a lot of manual effort required to use external scanning tools effectively. Traditional tools often require manual input of enterprise organizational data and attribution to assets, domains and IP addresses, which is not only time-consuming but also prone to errors. Maintaining an accurate and up-to-date inventory of external assets becomes an overwhelming task. This is especially true for large organizations with complex IT environments and companies active in M&A like the financial sector and biotech.
• It’s resource and time intensive: Continuously scanning for and cataloging every Internet-facing asset requires significant labor time and computing resources that often get deprioritized amidst the daily onslaught of security alerts and incidents. There is also the trade-off between the scope of the scan and the amount of load and impact to the network. The more comprehensive the scan, the bigger the trade-off. 
• It’s often a shot in the dark: The proliferation of shadow-IT and orphaned infrastructure —unknown and unmanaged external assets—makes knowing what assets you own to scan an immense challenge. Digital assets that are no longer actively managed or monitored can include outdated servers, forgotten cloud instances, and old test environments that were never decommissioned. Such assets are particularly dangerous because they often go unnoticed until they are exploited by malicious actors.
• Scans don’t happen often: Many organizations conduct scans infrequently, such as once a quarter or even less often, which leaves significant windows of exposure and long periods during which new vulnerabilities can emerge and remain undetected. These sporadic efforts are insufficient in today’s fast-paced threat environment.
• Impact of scanning on production: Today’s scanning technologies force organizations to make a trade-off between network impact and the completeness/frequency of scans due to the brute-force methods used to discover network-facing assets. As a result, organizations often de-emphasize scan completeness and frequency, leaving them vulnerable.

As a result of these challenges, we end up with a patchwork of partial information, leaving gaping holes in our understanding of our attack surface. The market is full of solutions, yet no tool has fully addressed the issue comprehensively. This disconnect highlights a critical gap in the security posture of many organizations. The tools are there, but the processes and understanding required to leverage them effectively are often lacking.

Addressing the external attack surface gap

To bridge this gap, organizations should adopt the following best practices:

1. Regular Scanning: Conduct regular and comprehensive scans of the entire external attack surface. This should be done at least weekly, if not daily, to ensure new vulnerabilities are quickly identified.
2. Automation: Leverage automated tools that can continuously discover and monitor all external assets. Automation reduces the manual effort required and ensures more consistent and accurate results.
3. Prioritization: Use threat intelligence to prioritize the remediation of identified vulnerabilities based on their risk level. This helps focus efforts on the most critical issues first.
4. Policy and Governance: Establish strong policies and governance structures to ensure continuous monitoring and management of external assets. This includes setting up processes for regularly updating asset inventories and decommissioning outdated infrastructure.
5. Continuous Monitoring: Implement continuous monitoring solutions that provide real-time visibility into the external attack surface. This allows for immediate detection and response to emerging threats.

By recognizing the limitations of current approaches and adopting automated, process-driven solutions, organizations can bridge this critical gap. Regular scanning, strong processes, and continuous monitoring are key to staying ahead of emerging threats and ensuring a secure external attack surface. 

 

The post Addressing the Disconnect in External Attack Surface Awareness appeared first on Cybersecurity Insiders.

In an era defined by the exponential growth of digital transformation, traditional Virtual Private Network (VPN) solutions have become a significant liability for modern organizations. 

While VPNs were once heralded as a secure method of enabling remote connectivity, they are now seen as outdated, vulnerable, and ill-suited to combat the sophisticated threats facing today’s enterprises. 

High-profile data breaches and cyberattacks frequently exploit vulnerabilities in VPN infrastructures, prompting CIOs and CISOs to reassess their reliance on these tools. 

The operational complexity and poor user experiences associated with VPNs only compound the challenges, driving organizations to explore more secure and efficient alternatives.

The Growing Pains of VPNs

Despite their historical utility, VPNs are increasingly being viewed as an obstacle rather than an enabler of secure connectivity. Their shortcomings span multiple domains, making them a weak link in modern security architectures.

Security Risks

VPNs have become a prime target for cybercriminals. Their vulnerabilities, ranging from weak configurations to outdated software, expose organizations to significant threats. 

Human error further exacerbates these risks, as improper usage or mismanagement can leave networks wide open to attacks. 

High-profile incidents, such as ransomware attacks and data breaches, are often traced back to exploited VPN vulnerabilities. 

In today’s high-stakes cybersecurity landscape, these risks are untenable.

Poor User Experience

From a user perspective, VPNs often hinder productivity. Cumbersome setup processes, sluggish connections, and frequent disconnections frustrate employees and IT administrators alike. 

Hybrid workers, who rely on reliable and fast access to organizational resources, often find VPNs to be a bottleneck rather than a solution. This poor user experience undermines adoption and compliance, creating further vulnerabilities.

Operational Complexity

Managing VPN infrastructure is both complex and resource-intensive. IT teams must continuously monitor, update, and troubleshoot VPN systems to ensure minimal downtime and maximum security. 

This effort diverts critical resources from strategic initiatives, leaving organizations stuck in a reactive mode of operation. As enterprises grow, scaling VPN solutions to meet demand becomes increasingly challenging, further straining IT departments.

The Rise of Zero Trust Network Access (ZTNA)

In response to the limitations of VPNs, Zero Trust Network Access (ZTNA) has emerged as a transformative solution. Built on the principle of “never trust, always verify,” ZTNA redefines how organizations approach secure access. 

Unlike VPNs, which grant broad network access upon authentication, ZTNA provides granular, context-aware access to specific applications and resources.

Key Benefits of ZTNA

Enhanced Security:

ZTNA eliminates the concept of a traditional network perimeter, instead focusing on securing individual interactions. This significantly reduces the attack surface, making it harder for cybercriminals to exploit vulnerabilities.

Improved User Experience:

ZTNA offers seamless and secure access to resources, regardless of location or device. This flexibility ensures that employees can work efficiently without compromising security.

Simplified Management:

ZTNA solutions are designed to be straightforward to deploy and maintain, reducing the operational burden on IT teams. Automated policy enforcement and centralized management streamline operations, allowing organizations to focus on innovation.

As organizations modernize their security infrastructure, ZTNA is quickly becoming a cornerstone of their strategies. It represents a fundamental shift away from the outdated “castle-and-moat” approach of VPNs, paving the way for more resilient and adaptable security models.

A Step Toward Comprehensive Security

While ZTNA provides a robust foundation for modern security, it is only the first step in a broader Zero Trust journey for many organizations. Today’s hybrid environments, where data, applications, users, and devices are dispersed across on-premises, cloud, and edge infrastructures, demand a more holistic approach.

Security Service Edge (SSE): Bridging the Gaps

Security Service Edge (SSE) solutions build on ZTNA by integrating additional capabilities, such as Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Digital Experience Monitoring (DEM). SSE consolidates these tools into a unified framework, providing organizations with a comprehensive solution for managing security across all interactions.

End-to-End Visibility:

SSE offers centralized insights into network traffic, enabling organizations to monitor and analyze activity across all endpoints, whether in the cloud or on-premises.

Consistent Policy Enforcement:

With unified security policies, SSE ensures consistent enforcement across devices, locations, and applications. This reduces the risk of policy drift and ensures compliance with regulatory standards.

Enhanced Threat Detection:

By leveraging advanced threat intelligence, SSE solutions can identify and mitigate risks proactively, preventing breaches before they occur.

SSE not only enhances security but also simplifies IT operations by eliminating the need for multiple, disparate tools. This integration allows organizations to scale their security strategies more efficiently, ensuring they remain agile in the face of evolving threats.

Universal ZTNA (UZTNA): The Ultimate Evolution

As organizations mature in their Zero Trust adoption, they increasingly pivot toward Universal ZTNA (UZTNA). Unlike traditional ZTNA, which often focuses on remote users, UZTNA extends Zero Trust principles across the entire IT ecosystem covering all users and all devices. This comprehensive approach is essential for securing modern, dynamic environments that include legacy systems, Internet of Things (IoT) devices, and hybrid infrastructures.

Key Advantages of UZTNA

Unified Access Control:

UZTNA enables granular, dynamic access policies that are universally applied, ensuring secure interactions across all users, devices, and resources.

Interoperability:

Designed to integrate seamlessly with existing security frameworks and cloud environments, UZTNA ensures that organizations can enhance their security posture without disrupting operations.

Future-Ready Architecture:

UZTNA is built to adapt to emerging technologies and evolving business needs, providing organizations with a resilient, future-proof security framework.

By adopting UZTNA, organizations can achieve a level of security that is both comprehensive and adaptive, positioning them to address not only current threats but also those on the horizon.

From ZTNA to SSE and UZTNA: A Holistic Security Journey

The journey from ZTNA to SSE and ultimately to UZTNA represents more than a series of technological upgrades, it is a strategic evolution toward a security model that aligns with the demands of the modern enterprise.

The Case for Integration:

Organizations that integrate these solutions into a cohesive Zero Trust strategy gain unparalleled visibility, control, and resilience. By unifying their security architectures, they eliminate silos and redundancies, creating a more efficient and effective defense mechanism.

The Competitive Edge:

In addition to enhancing security, this progression enables organizations to foster innovation and agility. Employees benefit from seamless, secure access to resources, while IT teams can focus on strategic initiatives rather than reactive firefighting.

The Future of Zero Trust:

As the Zero Trust model continues to evolve, concepts like Continuous Adaptive Risk and Trust Assessment (CARTA) and Artificial Intelligence for IT Operations (AIOps) are expected to play a pivotal role. These advancements will further refine how organizations manage security, ensuring they remain ahead of the curve.

Leading the Way

By embracing the full spectrum of Zero Trust capabilities, from ZTNA to SSE and UZTNA, organizations position themselves as leaders in the cybersecurity landscape. This approach not only mitigates risk but also empowers businesses to thrive in a world where adaptability and resilience are paramount.

The shift away from legacy VPNs is not just a technological imperative; it is a strategic necessity. With ZTNA, SSE, and UZTNA, organizations can navigate the complexities of modern IT environments with confidence, ensuring they are prepared to face whatever challenges the future holds.

This transformation is more than a response to evolving threats; it is a proactive step toward a secure, efficient, and innovative future.

 

 

The post Legacy VPNs: A Ticking Time Bomb for Modern Organizations appeared first on Cybersecurity Insiders.

This year’s Black Hat Europe showcased the latest advancements in research, developments and emerging trends in cybersecurity. Being surrounded by all of the innovative technologies and expert insights that are shaping the future of the cybersecurity landscape is what made Auguria, Inc., a pioneer in AI-powered security operations solutions, decide that Black Hat Europe was the perfect venue to announce the newest version of its Security Knowledge Layer Platform. 

The freshly enhanced platform can now integrate with some of today’s biggest data sources, including CrowdStrike, SentinelOne, Microsoft Windows Event Logs, and Palo Alto Networks.

Auguria also unveiled its Explainability Graph feature, which is a trailblazing tool that provides visual, context-rich threat data for security teams.  

Breaking Down the Expanded Integrations 

Across various platforms, security teams process an average of 78 trillion signals per day. This approach complicates the process of analyzing the data and identifying potential threats. This is where Auguria’s expanded platform comes in. Auguria now integrates seamlessly with the below key data sources, enabling organizations to harness richer insights and operational efficiencies:  

•CrowdStrike: Auguria now supports CrowdStrike

Falcon® platform’s EDR data, providing AI-driven prioritization and actionable intelligence for quicker, more accurate incident response. 

•Microsoft Windows Event Logs: Often overwhelming in volume, Windows Event Logs are transformed into actionable insights, with Auguria enriching data, filtering out noise, and surfacing critical events for review. 

•Palo Alto Networks: The integration brings world-class firewall and network telemetry into Auguria’s Security Knowledge Layer, enriching Palo Alto Networks data with noise reduction, contextual intelligence, and prioritization for faster incident investigations. 

•SentinelOne: With SentinelOne Singularity platform’s industry-leading endpoint detection and response (EDR) and threat telemetry, Auguria users gain data compaction, advanced enrichment, and alert correlation, resulting in alert fatigue reduction and enhanced SecOps efficiency. 

These integrations allow SecOps teams to consolidate, prioritize, and analyze data from multiple sources within Auguria’s platform, simplifying processes and facilitating faster, smarter security decisions. 

An Introduction to Auguria’s Explainability Graph  

Auguria’s Explainability Graph is an innovative feature that visualizes threat data, offering security teams an intuitive and contextual map of anomalous activity. It delivers a detailed yet easily digestible representation of suspicious or anomalous activity, helping teams to: 

•Act with Confidence: Gain actionable  insights to swiftly mitigate emerging threats. 

•Identify Root Causes: Understand the “why” behind unusual behavior or threats. 

•Uncover Connections: Identify the underlying relationships between seemingly isolated events. 

With the launch of the Explainability Graph, Auguria showcases its data science expertise by seamlessly integrating and correlating millions of streaming log events. This results in security teams staying ahead of increasingly sophisticated threats with minimal friction. 

The latest additions to the Auguria platform offer numerous advantages for SecOps teams. These benefits include: 

•Cost Efficiency: Lower SIEM and data storage costs by intelligently managing less-critical telemetry. 

•Customizable Outputs: Export enriched data to XDR, SIEM, or other security tools seamlessly. 

•Noise-free Insights: Automatically filter up to 99% of non-actionable data. 

•Faster Investigations: Enriched, prioritized data accelerates response times. 

•Proactive Threat Hunting: AI-driven detection of anomalies and high-risk behaviors. 

 

The post Black Hat Europe Recap: Auguria Debuts Newly Enhanced Platform appeared first on Cybersecurity Insiders.

As we step into 2025, the cybersecurity landscape is at a pivotal juncture. The challenges of AI-driven threats, evolving data privacy standards, relentless breaches, and the looming quantum computing era demand vigilance and innovation. Our predictions signal a shift from reactive defense to proactive transformation, where companies and vendors alike prioritize secure-by-design technologies, continuous encryption, and quantum-resilient solutions.

Continued government regulation and the rising cost and consequences of data breaches will pressure companies to uplevel data privacy initiatives to a strategic business imperative

The Challenge: With data breaches continually rising, data privacy is as significant a concern as ever. Standards around the globe, such as the UK’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), also pressure the U.S. government to keep up. At the same time, the cybersecurity industry demands regulation to help companies protect their customers and their brands.  

Many non-technology industries need to be faster to update their legacy infrastructure, but struggle due to cost constraints and limited resources. With the continued movement toward digitalization and the use of vast cloud data storage, this situation cannot continue. Businesses simply can’t afford the high cost of a breach. This scenario is especially true in healthcare, which remains a primary target of cyber attacks. 

Many organizations have relied on cyber insurance for protection in the event of an infringement, but the sheer volume of breaches triggers insurance providers to terminate coverage when negligence is deemed a factor. In addition to the steep regulatory fines and penalties resulting from a breach, companies also face class-action lawsuits from their business and consumer customers, costing organizations hundreds of millions, if not billions, of dollars. Company executives and Boards of Directors are now being held personally liable when customer data falls into the wrong hands, tainting their reputations and subjecting them to punitive action.

DataKrypto Prediction: Companies will increasingly address data privacy strategically and operationally, investing in new infrastructure and technology to develop stringent data protection to avoid the costly consequences of cybersecurity attacks. Adversely, such investments can create new attack surfaces, which will be addressed with innovative, privacy-enhancing technologies (PETs) like secure multi-party computing (SMPC), trusted execution environments (TEEs), confidential computing, and fully homomorphic encryption (FHE). 

Data breaches will lessen as cyber developers focus on building “secure by design” applications that protect data throughout its lifecycle.

The Challenge: Today’s relentless onslaught of data breaches costs companies millions yearly and erodes trust in their brands. Traditional encryption methods leave data exposed and unencrypted during operations and data transitions, exposing companies to gaps in protection and costly data leaks. Sophisticated attackers exploit these vulnerabilities, exposing organizations to expensive breaches. This scenario has left organizations scrambling to find and invest in solutions that enable end-to-end data protection throughout its lifecycle — safeguarding data at rest, in use, in transit, and every point in between.

For several years, Fully Homomorphic Encryption (FHE) was touted by cryptography experts as an ideal solution to close the gaps created by traditional encryption and protect data at all times. FHE essentially allows data to be processed while still encrypted, so data is never “in clear” or unprotected. Many companies have attempted to achieve a performant FHE solution. Still, the technology’s high incremental costs, integration complexities, and performance bottlenecks have prevented its widespread adoption and practical implementation for real-world business use cases.

New FHE innovations are now coming to market that overcome the technology’s complexities and performance issues, making it a viable way for development teams to build applications with inherent data protection mechanisms suitable for real-time business use cases. FHE maintains data confidentiality throughout its lifecycle by enabling computations on encrypted data, significantly reducing the attack surface for many common cybersecurity threats. As such, we expect a dramatic shift in 2025 toward more widespread adoption of FHE, a trend that will continually expand in years to come.

DataKrypto Prediction: New FHE innovations that make real-world deployment practical, affordable, and manageable will help companies across industries maintain continuous data protection and minimize the impact of many prominent attacks (see below). As attackers realize their efforts to breach systems and access confidential data are ineffective, they will eventually focus elsewhere.

Cybersecurity vendors will introduce “quantum-safe” solutions as quantum computing poses new risks. 

The Challenge: As quantum computing advances, organizations worldwide are growing increasingly concerned about its potential impact on cybersecurity. While experts estimate the post-quantum computing (PQC) era is still five to 15 years away, forward-thinking companies are preparing for this inevitable future. Hackers aren’t waiting for the PQC era; they’re harvesting data now, anticipating future decryption capabilities.

To address the potential threat of quantum attacks, in August 2024, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) finalized its principal set of encryption algorithms designed to withstand cyberattacks from a quantum computer, encouraging computer system administrators to transition to the new standards as soon as possible. At the same time, NIST stated that the 2048-bit keys used by Rivest–Shamir–Adleman (RSA) encryption should continue to offer sufficient protection through at least 2030. 

As the world prepares for a PQC future, companies face a more immediate threat: the gaps in data protection when data is in use for analysis and computation, and when it moves between different stages in its lifecycle. Advanced encryption algorithms, such as Fully Homomorphic Encryption (FHE), are being adopted to overcome these gaps. FHE allows for data computations without decryption, ensuring end-to-end, continuous protection. Symmetric FHE in particular is quantum resistant, making it a strategic investment for future needs and ensuring protection of data today.

DataKrypto Prediction: In response to the forthcoming quantum computing threat combined with the ongoing need for end-to-end data protection, we see two trends emerge:

1. Organizations will prioritize implementing advanced quantum-resistant cryptographic techniques, such as Fully Homomorphic Encryption (FHE) based on symmetric encryption. 
2. Cybersecurity vendors will advance algorithms already in development to make quantum attack-proof security systems a reality.

As we look ahead to the coming year, we’re standing on the precipice of a new era in cybersecurity. It’s not just about defense anymore; it’s about innovation, about turning challenges into opportunities. We’re excited to share what’s top of mind for us as we head into a new year, based on  conversations with our customers, and technology leaders and cybersecurity innovators.

As cyber threats grow in sophistication, 2025 will identify the trailblazers who turn these challenges into opportunities, setting a new standard for resilience and trust in an increasingly digital world.

 

The post 2025 Outlook: Turning Threats into Opportunities in a New Era of Innovation appeared first on Cybersecurity Insiders.

The holiday season is a time for celebration, with organisations hosting festive parties and employees spending time with family. However, as teams focus on year-end tasks, cybercriminals are planning their attacks. 

The combination of increased online shopping during Black Friday and Cyber Monday, followed by December festivities, creates the perfect opportunity for cyberattacks. For organisations, the holiday period is a prime target for cybercriminals, with the rise of remote work, and distracted teams, it is vital that businesses protect themselves from becoming victims of festive-season threats.

Festive Frauds: Why Holiday Scams Spike in December 

Black Friday, the unofficial start of the holiday shopping season, is a magnet for both eager consumers, as well as cybercriminals. Last year, the NCSC warned Black Friday bargain hunters of enhanced online scams after over 10 million pounds was lost were lost the previous year. On top of this, the increased use of AI-powered cyber-attacks is leading to more and more concern for individuals, amid the holiday season.

Over this period, organisations that rely on in-house IT teams may struggle to respond to threats promptly, as fewer security staff are online, leaving them vulnerable to threats. Not to mention that employees, busy with increased demand, might overlook essential cybersecurity practices. 

While businesses are focused on preparing for holiday celebrations or managing year-end workloads. Cybercriminals see it as an opportunity to increase their attacks. With heightened cyber threats, and distracted staff, this can result in an increase in ransomware incidents, phishing attacks, and scams targeting employees.

Phishing emails are particularly convincing during this time, leveraging festive themes and urgent requests. Common scams include fake charity appeals, holiday e-cards, counterfeit shopping sites advertising too-good-to-be-true discounts. Particularly for organisations, this includes emails impersonating colleagues or managers with “urgent tasks.” These emails often manipulate the recipient’s, deceiving them into clicking malicious links or sharing sensitive data.

AI has further escalated the sophistication of holiday cyberattacks. AI-powered phishing scams, deepfakes, and advanced malware make threats harder to detect and more personalised. For example, AI-generated deepfakes can convincingly impersonate managers through voice or video, tricking employees into transferring funds or sharing confidential data.

The Expanding Attack Surface of Remote Work

During the holiday season, many employees are on the move, working remotely from various locations and connecting to different networks. This is becoming more common in everyday work life, making it crucial for organisations to ensure robust security for all endpoint devices.

With remote and hybrid working now standard in 2024, while it offers flexibility and improved work-life balance, it also greatly increases the attack surface for businesses, introducing new security risks. Remote devices, often the weakest link in cybersecurity, are particularly vulnerable. A survey by Absolute Security revealed that 73% of respondents see these devices as the primary security concern.

Unlike office environments, home and public networks are less secure, leaving remote devices susceptible to cyberattacks. Cybercriminals can easily exploit weak security, putting businesses at greater risk. Without the same level of control over remote devices, safeguarding sensitive data and preventing breaches becomes much harder.

As cybercriminals increasingly target remote workers to infiltrate corporate networks, unsecured Wi-Fi, outdated devices, weak passwords, and inconsistent software updates creates plenty of opportunities for attackers. The lack of continuous oversight makes it even more challenging for IT teams to enforce security policies, respond swiftly to threats, and ultimately protect against data breaches and ransomware attacks.

How To Secure Your Business for the Holidays:

Organisations must adopt a robust cyber resilience posture that strengthens endpoint security and enables organisations to respond and react in a timely manner. Traditional security measures relying on secure office connections are no longer sufficient. According to Absolute Security’s Cyber Resilience Risk Index, Endpoint Protection Platforms and network security applications fail to operate effectively 24 per cent of the time on managed PCs.

With numerous devices used by remote employees, ensuring cyber resilience is vital to minimising damage and downtime. Downtime—when systems, devices, or networks are unavailable—can severely disrupt operations, impact productivity, and result in significant financial losses, particularly during critical business periods like the holiday season.

A comprehensive defence strategy must include reactive measures for immediate response, preventative steps to close vulnerabilities, and recovery protocols to restore functionality quickly. Keeping software updated, monitoring all devices, and ensuring network visibility are key actions to mitigate risk. Protecting the network alone is insufficient if endpoint devices are left vulnerable due to outdated security measures.

Centralised IT teams require real-time visibility into the network and must act decisively against suspicious activity. If abnormal behaviour is detected, compromised devices should be frozen or shut down to contain the incident before it spreads. Additionally, isolating devices used from unfamiliar locations provides an extra layer of protection, enabling fast and efficient incident management.

By adopting a proactive approach to cyber resilience, businesses can reduce downtime and ensure rapid recovery from security issues, protecting sensitive data and maintaining operations. A secure, smooth holiday season depends on strong endpoint security, real-time monitoring, and a focus on keeping systems up to date. After all, the holidays should be filled with cheer—not disrupted by cyber threats threatening to steal your Christmas spirit.

 

The post How the Cyber Grinch Stole Christmas: Safeguard Your Festive Season appeared first on Cybersecurity Insiders.

The cyberthreat landscape has shifted rapidly over the past several years, and this evolution will continue in 2025. AI has become more powerful and accessible; as a result cybercriminals are using the technology to launch sophisticated phishing attacks, conduct surveillance on potential targets, and manipulate victims with increasingly realistic deepfakes. While AI is also being used to detect cyberthreats, these innovations aren’t keeping up and the cost of data breaches and other attacks is rising at what seems like an inexorable pace. 

CISOs and other security leaders must adopt an all-of-the-above approach to cybersecurity, which includes everything from zero-trust security architecture and AI-powered threat detection to organization-wide cybersecurity awareness training. While the arms race between offensive and defensive AI capabilities will be a major feature of the cyber threat landscape in 2025, a focus on awareness training will ensure that end users who are often the last line of defense against cyberattacks are equipped to protect the company.  

The development of comprehensive cybersecurity programs that combine security awareness and technology like automation and AI will be a key focus in 2025. Companies must ensure that employee training complements their tech stack, which will enable coordinated threat responses and mitigation. When companies invest in technology and people, they will establish distributed cyber defenses that are capable of adapting to new challenges in 2025 and beyond. Here’s what security leaders should expect next year:

Prediction #1: AI will continue to drive the next generation of cyberattacks

As cyberattacks become increasingly sophisticated, security teams are struggling to keep up. According to the latest data from IBM, the average cost of a data breach has reached an all-time high of $4.88 million. A significant driver of the surging cost of cyberattacks is the rise of AI-powered social engineering, and this trend shows no sign of slowing. Google’s 2025 Cybersecurity Forecast anticipates that AI will be used to “develop and scale more convincing phishing, vishing, SMS, and other social engineering attacks.” 

Cybercriminals are using large language models (LLMs) to launch more personalized and effective phishing attacks. It’s now possible for cybercriminals around the world to compose compelling and error-free phishing messages — regardless of which languages they speak or their level of technical proficiency. This means the barriers to entry for many cybercriminals have come crashing down. AI also enables cybercriminals to personalize their attacks based on stolen data and specific vulnerabilities. 

The way in which everyone, from your mailroom to your boardroom, interacts with content online needs to change because knowing the difference between what’s malicious and what isn’t has never been more difficult. That will take real, sustained, human-focused work.

As cybercriminal capabilities become more advanced, companies must also defend growing attack surfaces. Industries like healthcare and financial services are in the middle of sweeping digital transformations, and they’re being hit particularly hard by cyberattacks. However, it has never been more important for companies across all industries to prioritize cybersecurity. 

Prediction #2: Companies will be more disciplined with cybersecurity investments

Company leaders are under no illusions about the urgency of the threat posed by cyberattacks as we enter 2025. According to the latest Allianz Risk Barometer, cyber incidents comprise the top global business risk “for the first time by a clear margin.” This is why it’s no surprise that a 2024 survey of business and technology executives conducted by PwC found that 77 percent expect their cyber budgets to increase over the next year. While 78 percent of executives have increased their investments in generative AI over the past year, over two-thirds say the technology has expanded their attack surface. 

There are many different cybersecurity investments companies can make, but some are more effective than others. For example, IBM reports that resources such as encryption and AI insights are among the top factors that reduce the average cost of a data breach, but the number one mitigating factor is employee training. This is no surprise, as the two most common initial attack vectors are phishing and compromised or stolen credentials — which are often obtained through social engineering.

In 2025, companies will need to invest in integrated approaches to cybersecurity that deploy the most effective technologies without ignoring the human element. The CISOs and security teams that find this balance will be in a strong position to navigate the shifting cyberthreat landscape. 

Prediction #3: Cybersecurity awareness training will evolve

Cybercriminals are using AI to attack more than just secure networks and systems — they’re using it to exploit victims’ psychological vulnerabilities. Beyond the use of LLMs to create more effective phishing messages, cybercriminals are also deploying AI technology such as deepfakes to deceive and coerce victims. Deepfakes allow cybercriminals to launch advanced multistage cyberattacks — when victims call to confirm the authenticity of a fraudulent message, they may end up interacting with a deepfake instead of a person.

Cybersecurity awareness training must adapt to this new era. It is much more difficult to identify phishing messages in the absence of red flags like misspellings or sloppy writing. Many employees aren’t capable of identifying deepfakes. As phishing messages and other cyberattacks become more targeted on the basis of victims’ individual characteristics, training will have to be personalized around employees’ unique psychological vulnerabilities and learning styles. Employees must be aware of the latest cybercriminal tactics, and there should be clear policies around device usage, account security, and incident reporting. 

Tools like automation can be used to reduce human error and AI can help companies detect and respond to cyberattacks, but well-trained employees will remain a critical element of any effective cybersecurity platform. This is why it’s vital for security teams to integrate their human and digital resources. 

The post The three top cybersecurity predictions for 2025 appeared first on Cybersecurity Insiders.

Introduction

Hybrid work is the new reality for many businesses, but it also poses new challenges for cybersecurity. CISOs and security architects need to rethink how they protect their critical resources from cyber threats, as they have to deal with a diverse and distributed workforce, a multitude of applications, and a complex network environment. Traditional access solutions are no longer adequate for this dynamic and demanding scenario. 

This is why more and more security leaders are turning to Security Service Edge (SSE) services to enable secure, unified access for the modern business. SSE platforms are the next generation of enterprise access solutions, as they integrate ZTNA, SWG, CASB, and DEM technologies into a single cloud-based service. With SSE, any user can access any application from any location, with optimal performance and security.  

The 2024 Security Service Edge Adoption Report provides a comprehensive analysis of the SSE market’s current state and future trends, based on a survey of 631 cybersecurity professionals. The report reveals how SSE is transforming the way businesses secure their hybrid work environments, as well as the key drivers and benefits of adopting SSE. 

Key findings from the report include: 

• 94% stated their workforce is primarily hybrid or fully remote
• 59% say that adopting a SASE strategy is highly important to their business
• 57% of organizations plan to start their SASE strategy with a Security Service Edge (SSE) platform
• 69% of businesses want to adopt a Security Service Edge (SSE) platform within the next 24 months
• 44% plan to begin SSE implementation with Zero Trust Network Access (ZTNA) deployment 

We are grateful to HPE Aruba Networking for their valuable collaboration on this report. Their expertise in SASE, SSE, and Zero Trust has enriched our research and findings.   

We hope this report will serve as a useful guide for IT and cybersecurity professionals on your path towards SSE.

Thank you

Holger Schulze

CEO and Founder

Cybersecurity Insiders

The Modern Workplace

The Risk in the New Workplace

As we approach the fourth anniversary of COVID-19, which acted as the catalyst for the rapid shift to remote and hybrid work, it is evident that businesses are not reverting back to traditional in-office operations. Instead, they have adeptly adjusted to meet the demands of their workforce. Specifically, hybrid work arrangements have remained consistent for 76% of organizations, while remote work environments have surged by 80% compared to last year. Conversely, in-office work has declined by 50% during the same period.

Overall, the widespread adoption of hybrid and remote work models is here to stay. Consequently, businesses must adapt their cybersecurity strategies to effectively support this distributed workforce. Consider your organization’s unique needs and explore secure access solutions for business applications, catering to users accessing them from any location.

Just as people are working from anywhere, many different types of users are gaining access to critical business resources. When assessing risk, it is unsurprising that employees — pose the highest risk to the business (rising from last year’s second place) likely due to their direct access to sensitive data and applications. Contractors follow closely as the second-highest risk category, given the nature of external users requiring access to internal business resources.

When securing access for your business, which group presents the most risk? Mostly in office Suppliers and customers also present significant risks, albeit to a lesser extent, while partners are perceived as the least risky user group. These responses underscore the critical nature of insider threats, whether from direct employees or those slightly removed, such as contractors and suppliers.

This statistic strongly emphasizes the need for implementing Zero Trust measures, not only for “trusted” internal users but also for external ones. Teams must critically evaluate their business processes to transform employees, currently the highest risk group, into allies for security strategy and overall business success. A well-functioning business cannot afford to have its employees driving the most risk; the right security approach is essential.

Top Priorities and Challenges

In the context of the modern workplace, it is crucial to understand both the business’ priorities and the challenges they face. Within the survey findings, a striking alignment emerges: the top three areas of business challenges also happen to be the highest priorities. This alignment emphasizes the critical nature of these areas.

Firstly, the foremost priority and challenge revolve around ensuring user productivity. As users access applications across data centers or the cloud, on various devices and networks, maintaining seamless access to essential resources within the distributed environment becomes paramount. Teams must guarantee fast, reliable, and consistent access, regardless of the user’s context or situation.

Secondly, adopting a Zero Trust strategy stands as the second priority and challenge. As demands for better experience increase, it’s important that security isn’t compromised for the sake of productivity. Striving for solutions that achieve both objectives is the goal.

Lastly, the third priority/challenge focus on the business’s ability to increase visibility into user and application traffic. Traditional secure networking solutions often lack visibility due to mobile users and extended app locations. To remain competitive in the evolving threat landscape, businesses don’t just need visibility, but actionable insights that proactively addressing security gaps and hidden risks.

Confidence in Security

Gauging how well an organization can protect workforce access is crucial for improving its cybersecurity. The survey data shows that only one-third (33%) of organizations feel very confident in their security teams’ ability to secure workforce access. On the flip side, two-thirds (67%) express low confidence levels.

In today’s cyber-risk landscape, security teams must be confident in securing business access. The reported lack of confidence reflects doubts about the effectiveness of the current tools and technologies. Remember: the right technology empowers security teams, while the wrong ones can leave businesses vulnerable.

Legacy Access Solutions

The number of solutions deployed to secure resource access highlights organizations’ security infrastructure complexity. According to the survey, 73% of organizations now utilize three or more distinct security solutions, marking a 10% increase year-over-year. The share of organizations utilizing 3 to 5 security solutions has surged by 19.5%, while the share of organizations deploying one or two security solutions has declined by 29%. This shift suggests that many companies previously in the 1-2 range have transitioned to the 3-5 range.

As the traditional network security stack continues to expand, it’s essential to assess when this approach becomes unmanageable for teams. Consider the impact of an ever-growing array of security appliances on your business and security team, and perhaps explore alternative security strategies.

With most businesses boasting over 3 security solutions, it’s no surprise that 29% of cybersecurity professionals claim policy management as their greatest challege with current access solution—whereas last year’s primary challege was granting too much trust to users. Other top challenges include include increased cost (22%) and inflexibility of exisiting security solutions (21%).

 

A Modern Solution

Prioritizing a SASE Strategy

The term Secure Access Service Edge (SASE) has generated significant interest in recent years. Coined in 2019, businesses were initially unaware of the profound impact the SASE framework would have in the post-COVID world. Survey results unequivocally demonstrate its significance: 59% of respondents deem SASE adoption highly important for their business, while a mere 8% dismiss it as inconsequential.

As organizations evaluate the potential benefits of SASE—such as enhanced security efficiency, reduced complexity, and heightened security agility—they must also recognize its role in promoting integrated network and security strategies, thereby mitigating tensions between these critical functions.

SSE as a Strategic Initiative

Determining the starting point for your Secure Access Service Edge (SASE) strategy is pivotal, as it sets the foundational direction for integrating network and security functions. A majority of organizations (57%), plan to begin their SASE strategy with Security Service Edge (SSE) platforms, including Zero Trust Network Access (ZTNA), Cloud Access Security Broker (CASB), and Secure Web Gateway (SWG). This preference highlights the emphasis on the security aspect of SASE, prioritizing secure access and threat prevention. However, WAN Edge Services has increased in mindshare since last year’s survey, as previously 67% said they preferred to start with SSE. This shift could be due to the increased demand for greater unification and consolidation as Unified SASE platforms have begun merging SSE and WAN Edge Services rather than treating them as two separate parts.

For organizations embarking on the path to SASE, the focus should be on selecting an entry point that addresses the most immediate needs while laying the groundwork for a comprehensive SASE framework. Whether starting with SSE to bolster security measures with Zero Trust or with WAN services to enhance network capabilities, the key is to choose a path that supports seamless expansion and integration of SASE components over time, ensuring a unified and adaptive security approach.

Furthermore, when asked which technology is most critical to a Zero Trust strategy, SSE platforms ranked first for the second year in a row at 32%. SSE even ranks higher than identity solutions like SSO and MFA (26%), SIEM solutions (22%) and endpoint security (21%).  The implementation of Security Service Edge (SSE) is recognized as a strategic initiative across the industry, as it is central to both an overarching SASE strategy and a Zero Trust approach.

Adoption of SSE

How quickly are organizations planning to adopt strategic SSE platforms? According to the survey, 69% of cybersecurity experts plan to implement SSE within the next two years, up four percentage points from last year. Notably, 40% of these organizations aim to adopt SSE by the end of 2024, indicating a strong priority to bolstering security strategy for the business. Further, only 11% of businesses are not considering SSE at all, while 20% will soon consider evaluation. 

According to the survey, ZTNA is the most popular starting point for SSE adoption, with 44% of organizations choosing it, compared to 47% last year. This is followed by Secure Web Gateways (SWG) rising from 20% to 29% year-over-year. Security teams realize they need to establish Zero Trust with ZTNA first and then secure web access with SWG. CASB adoption fell from 33% last year to 27%, implying a shift in SSE adoption priorities.

Appliance Reduction With SSE

A Security Service Edge (SSE) framework can optimize your cybersecurity infrastructure by streamlining or eliminating traditional security appliances.

The survey reveals that VPN concentrators are the technology most security teams want to see replaced by SSE (66%), for the second year. SSL inspection follows this with 37%. As a result, SSE plays a key role in VPN replacement and facilitates scaling out SSL inspection through cloud-delivered SSE approaches.

The report also shows that external FW/IPS (34%) climbed to the 4th highest technology to be replaced, compared to the 9th slot last year. This is likely due to the fact that more and more SSE services are building FWaaS into their platforms which allows greater appliance consolidation in these areas.

Furthermore, internal load balancing solutions rose to the 5th highest technology to be replaced, at 33%, while previously at the bottom of the list last year. This could be emphasizing the need for greater resilience and scalability, both achievable with a cloud-delivered SSE solution.

SSE Architecture Preference

SSE architecture is typically categorized into two delivery methods: PoPs via public cloud providers or PoPs in vendor owned data centers. The report finds that cloud and hybrid SSE architectures continue to grow in preference, with 65% desiring an SSE solution that utilizes public cloud in some capacity, up from 60% last year.

This is the result of 41% of respondents favoring a hybrid approach, a mix of public cloud providers and vendor-owned data centers for hosting SSE PoPs, up from 34% last year. This 20% increase in preference likely results from more teams leaving the “no preference” category, which dropped 26% year-over-year, and joining the hybrid architecture category. Additionally, 24% prefer SSE PoPs hosted on public cloud platforms like AWS, Google Cloud, and Azure, highlighting the cloud agility and global reach these platforms offer. Finally, those who favor vendor-owned data centers has remained constant at 21%, which may indicate a desire for dedicated resources and better security.

These preferences highlight the diversity in organizational needs and priorities when it comes to deploying SSE solutions. Embracing a mixed architecture could provide the best of both worlds, combining the cloud’s scalability with the control offered by vendor-specific data centers. As companies navigate their SSE implementation, considering the specific advantages of each architecture and how they align with business goals will be crucial in crafting a secure, efficient, and resilient cybersecurity posture.

Challenges & Barriers to Change

Key Barriers to SSE Adoption

When asked about key challenges, the survey participants revealed that getting buy-in from various teams is the most significant barrier to seamless SSE adoption, cited by 35% of respondents. This highlights the organizational and cultural challenges of aligning multiple stakeholders, specifically from security and networking teams, around adopting new security technologies. Following closely are cost issues, identified by 25% as the main obstacle, reflecting concerns over the financial implications of implementing SSE solutions. Additionally, 22% of participants see too much organizational change at once as a challenge.

The survey reveals that disruption and downtime (32%) is the top concern for SSE, moving up from second place last year (24%). Complexity preventing SSE deployment at scale (30%) is the second highest concern, up from 22% last year. If you share this concern, evaluate two things when choosing an SSE vendor: (1) Does the vendor have one or multiple UIs? Multiple UIs mean more policies and management scale issues. (2) What is the architecture of the SSE vendor? Do they host PoPs in a public cloud or their data centers? The vendor’s scalability affects your scalability.

Lastly, the survey results show a significant drop (decrease by 18% from last year) in the concern that SSE won’t replace existing security infrastructure, which was last year’s biggest concern. This means SSE is gaining trust and proving its ability to replace legacy solutions like on-premise firewalls, VPNs, etc.

 

Benefits of SSE

After reviewing the barriers and challenges of SSE, let’s look at the benefits. When asked about the most valuable benefit of adopting SSE, the survey results highlight enhanced user experience at the edge as a leading benefit, recognized by 22% of respondents. This underscores the importance of maintaining a seamless and efficient user experience, especially in environments where edge computing plays a pivotal role.

Following closely, Zero Trust implementation is valued by 21% of participants, indicating the critical role SSE plays in facilitating a shift towards more secure access control frameworks within organizations. Simplified IT management through consolidation of tools also emerges as a significant benefit for 18% of respondents, reflecting the appeal of flexible, scalable security solutions that can replace legacy tools.

The benefits we see for SSE map closely to the priorities and challenges we reviewed earlier in the report, specifically in user experience and security. Security teams are looking to find a way to balance the two, and SSE can solve this problem. 

The Importance of User Experience

Integrating Digital Experience Monitoring (DEM) into Security Service Edge (SSE) offerings is becoming increasingly important for organizations looking to gain real-time insights into user experience and how it impacts performance  and productivity.

An overwhelming majority of 90% confirm that DEM is important to a holistic SSE platform, indicating a recognition of the value DEM adds in monitoring and ensuring a positive user experience without compromising security. This finding suggests that organizations are increasingly aware of the balance between security and user experience, with many prioritizing solutions that can provide visibility into how security measures impact user interactions.

Getting Started With SSE

Earlier in this report, we confirmed that hybrid or fully remote work is the norm for 94% of organizations. This is a significant factor contributing to the most common starting point for security teams beginning their SSE journey by securing remote and hybrid access for employees (33%).

Following this, the emphasis on securing third-party access has nearly doubled year-over-year, with 18% of cybersecurity professionals selecting it as their primary use case. This shows the underlying importance that teams need to ensure secure access for vendors, contractors, and other external parties, not just employees. Additionally, implementing Zero Trust security on-premise is highlighted by 14% as the third most predominant use case.

These insights indicate that organizations are keenly aware of the evolving security landscape and are looking to SSE solutions to address their most pressing challenges. Starting with use cases that support remote work and secure third-party access reflects a strategic approach to strengthening security postures while accommodating the needs of a distributed workforce and extended enterprise. As SSE adoption progresses, these initial use cases can lay a solid foundation for expanding into other areas, ensuring a comprehensive and flexible security framework.

Using Security Budget Wisely

How will your security budgets be impacted in the coming year? Whether your budget is increasing, remaining the same, or decreasing, each category has its own implications and challenges.

If you are among the 47% of enterprises that expect an increase in security budgets, you have a great opportunity to enhance your security posture. Your business understands that the security landscape is evolving, and you need more resources to protect it. Use this chance to plan, identify, and eliminate risky or outdated technologies and leverage SSE to support your business.

If you are among the 44% of teams that will have no change in your security budget, you have to optimize your spending and prioritize your goals. Instead of relying on point products that may not work well together, choose holistic platforms that offer more value and efficiency.

If you are among the 9% of teams that will face a decrease in your security budget, you have to make some tough decisions and trade-offs. Security is still your top business priority, so don’t settle for solutions that don’t meet your needs or expectations. Don’t waste dollars on suboptimal products and switch to solutions that deliver better results.

8 Actionable Strategies  for Effective SSE Deployment

Effective Security Service Edge (SSE) implementation is crucial for bolstering cybersecurity defenses in a rapidly evolving cyber threat landscape. This guide highlights eight essential practices for deploying SSE as you seek to optimize and streamline your organization’s secure access.

1.Reduce Dependency on Legacy Security Appliances 

Leverage SSE to streamline or eliminate traditional security appliances, such as VPN concentrators and SSL inspection appliances, for a more efficient and scalable cybersecurity infrastructure. 

2.Implement Zero Trust Network Access Principles 

Prioritize Zero Trust within the SSE framework, ensuring all users are authenticated, authorized, and continuously validated before granting access to applications and data.

3.Consolidate Security Architecture on a Unified SSE Platform 

Integrate disparate security tools and platforms into a unified SSE solution that provides ZTNA, SWG, CASB, and DEM functionality. This approach reduces complexity and improves manageability for better security posture and policy enforcement.

4.Embrace Cloud and Hybrid SSE Architectures 

Opt for SSE solutions that support cloud, on-premise, and hybrid deployments to ensure flexibility and scalability, accommodating the diverse needs of your organization.

5.Strategically Plan SSE Deployment 

Start with ZTNA to secure remote access to private business applications and replace VPN technology, then gradually expand the SSE framework to include more use cases and areas of secure access needs, ensuring comprehensive coverage.

6.Secure Hybrid and Remote Work Environments 

Emphasize the security for hybrid and remote work by implementing SSE solutions tailored to distributed workforce needs, ensuring secure and efficient access without compromising user experience.

7.Enhance User Experience with DEM 

Incorporate Digital Experience Monitoring (DEM) within your SSE strategy to ensure an optimal user experience without sacrificing security, which is especially crucial in edge computing environments.

8.Allocate Budgets Towards SSE Investments 

Prioritize spending on SSE technologies that offer the most significant impact on your security posture. This involves assessing your threat surface, identifying key vulnerabilities, and investing in solutions that address these challenges effectively.

Methodology & Demographics

This survey was conducted in February of 2024 with a sample of 631 respondents, representing a diverse range of industries and organizational sizes. Respondents included IT professionals, cybersecurity experts, and decision-makers responsible for their organization’s network security and remote access strategies. The survey aimed to gather insights into current trends, challenges, and attitudes towards Security Service Edge (SSE), reflecting the evolving landscape of cybersecurity and remote work practices. The data collected provides a snapshot of industry perspectives and practices in this domain.

___

HPE Aruba Networking helps businesses capture, secure, and transport data to users and applications from edge to cloud. Built on decades of reimagining the future and innovating to advance the way people live and work, HPE delivers unique, open, and intelligent technology solutions as a service. With offerings spanning Cloud Services, Compute, High-Performance Computing & AI, Intelligent Edge, Software, Storage, and now Security, HPE provides a consistent experience across all clouds and edges, helping customers develop new business models, engage in new ways, and increase operational performance. HPE Aruba Networking helps businesses capture, secure, and transport data to users and applications from edge to cloud. Built on decades of reimagining the future and innovating to advance the way people live and work, HPE delivers unique, open, and intelligent technology solutions as a service. With offerings spanning Cloud Services, Compute, High-Performance Computing & AI, Intelligent Edge, Software, Storage, and now Security, HPE provides a consistent experience across all clouds and edges, helping customers develop new business models, engage in new ways, and increase operational performance. Learn More. Ready to experience the power of an SSE platform?  Take a free 24-hour test drive today!

___

Cybersecurity Insiders brings together 600,000+ IT security professionals and world-class technology vendors to facilitate smart problem-solving and collaboration in tackling today’s most critical cybersecurity challenges. Our approach focuses on creating and curating unique content that educates and informs cybersecurity professionals about the latest cybersecurity trends, solutions, and best practices. From comprehensive research studies and unbiased product reviews to practical e-guides, engaging webinars, and educational articles – we are committed to providing resources that provide evidence-based answers to today’s complex cybersecurity challenges. Contact us today to learn how Cybersecurity Insiders can help you stand out in a crowded market and boost demand, brand visibility, and thought leadership presence. Email us at info@cybersecurity-insiders.com or visit cybersecurity-insiders.com

The post Security Service Edge Adoption Report 2024 appeared first on Cybersecurity Insiders.