Author: Jane Devry

Introduction

In the past, Virtual Private Networks (VPNs) have been the go-to solution for remote access. However, with the surge in remote work and distributed workforce models and the rise of cloud adoption, the basic connectivity provided by VPNs is being put to the test. As cyber threats continue to evolve at a rapid pace, VPNs struggle to provide the secure, segmented access that organizations require. Instead, they often grant full access to the corporate network, increasing the risk of cyberattacks once malicious actors obtain login credentials.

As the landscape of remote access security evolves, VPNs are increasingly seen as inadequate. The focus is shifting towards adopting Zero Trust to meet changing business needs. When contemplating the technologies that could replace VPNs, many teams are gravitating toward a Zero Trust Network Access (ZTNA) approach, which effectively eliminates the need for corporate VPNs.

Our 2024 VPN Risk Report, based on a survey of 593 IT professionals and cybersecurity experts, offers a comprehensive analysis of the current state of VPNs. It uncovers the risks and challenges businesses encounter due to VPN usage and provides insights into the future of secure remote access and its implications for businesses like yours.

Key findings from the report include:

• 92% of respondents are concerned that VPN will jeopardize their ability to keep their environment secure.
• 81% of users are dissatisfied with their VPN experience.
• 56% of respondents are looking for an alternative to the traditional VPN.
• 75% view Zero Trust as a priority for their business.
• 59% of organizations have adopted or plan to adopt ZTNA within the next 2 years.

We thank HPE Aruba Networking for their invaluable contribution to this VPN Risk Report. Their expertise in Zero Trust and secure access solutions has greatly enhanced our findings.

We hope this report serves as a valuable resource for IT and cybersecurity professionals on your journey towards Zero Trust security.

Thank you,

Holger Schulze

CEO and Founder Cybersecurity Insiders

The State of VPN

The Evolving Enterprise

The past year has witnessed a seismic shift in the business landscape, driven by increased workforce mobility and changes in the location of business resources. This transformation is part of the broader digital revolution sweeping across industries.

While a significant 71% of organizations continue to run private applications in data centers, there’s an undeniable shift towards cloud adoption. Today’s businesses operate in hybrid and multi-cloud environments, balancing the need to support mission-critical applications in data centers with the advantages offered by the cloud. However, both VPNs and ZTNA services often struggle to bridge this gap effectively.

In the current scenario, organizations are tasked with supporting a geographically dispersed workforce. A staggering 88% of organizations support remote workers in North America, followed by 35% in Europe and 29% in Asia. This presents unique challenges, as different countries and regions have varying security standards, compliance requirements, and availability levels.

VPN Utilization

The transition to remote work has accelerated the adoption of remote access solutions, with 96% of organizations leveraging VPNs to secure access to private applications. Despite being a technology that’s nearly three decades old, VPNs remain widely used, primarily because most alternative technologies have served as supplements rather than replacements.

A substantial 80% of organizations use VPNs to secure their remote employees’ access, underscoring the industrywide shift towards remote work. Additionally, 43% of organizations use VPNs to connect multiple sites and 33% secure third-party access through VPNs. These diverse needs extend beyond the original intended purpose of VPNs, which was employee remote access.

VPN Frequency and Quantity

With the majority of organizations relying on VPNs, it’s no surprise that most end-users (58%) use VPNs daily. In fact, 92% use it at least once a week, indicating a heavy dependence on VPNs for business operations and a tendency to grant network access to end-users from various locations.

To support a global workforce requiring daily resource access, most organizations depend on three or more VPN gateways (65%) which leads to a varied level of network and operational complexity. For larger organizations with five or more gateways (21%), managing secure remote access becomes an increasingly daunting operational challenge.

Organizations with multiple or expanding VPN gateways may need to consider more sophisticated methods or technologies to manage growing complexities and ensure adequate capacity, security, and redundancy.

Risks and Challenges of VPN

Challenges of VPNs

The most significant challenge with VPNs, as reported by 21% of survey respondents, is the poor user experience. This includes slow connections and frequent disconnections, which directly impact employee productivity and overall business continuity. It’s surprising yet understandable that user experience tops the chart of the most impactful VPN issues. Executive teams and board members are under increasing pressure to ensure that remote and hybrid access do not hinder or disrupt the overall success of the business.

Complexity in management and administration follows user experience at 19%. The growing demand for high performing VPN access can stretch IT resources thin and strain teams. Additionally, 17% of respondents cited insufficient security and compliance, a concern central to protecting sensitive data and adhering to regulatory standards. High costs (15%) and scalability limitations (13%) further complicate the effective deployment of VPN services, potentially hindering business growth and adaptability.

To effectively address and overcome these challenges, organizations should consider modern access technologies such as scalable Zero Trust Network Access (ZTNA). These provide simplified, secure application access and focus on adaptive, cloud-managed solutions that ensure reliable, always-on connectivity for remote users.

VPN Security Concerns

While user experience and operational efficacy are important, arguably the most crucial aspect of VPNs is their ability to keep your business secure. When asked about their level of concern for their VPNs opening them up to risk, 92% of respondents expressed some level of apprehension regarding their VPNs’ ability to secure their environments. More than half (55%) had at least moderate levels of concern.

This alarm may stem from the fact that a significant number of attacks in the previous year have been associated with VPNs, providing a doorway into the corporate network. The fact that cybercriminals have identified this weak point in network security is reflected in the level of concern among respondents.

Top VPN Vulnerabilities

Survey participants were asked about the types of cyberattacks most likely to exploit VPN vulnerabilities in their environment. This is a crucial perspective for organizations to tailor their cybersecurity strategies more effectively.

The results serve as an interesting reminder to organizations that VPNs are exposed to a multitude of attacks, not just ransomware, which often gets the most attention. The survey data reveals that while ransomware (47%) tops the list of VPN vulnerabilities, it is closely followed by phishing (43%) and malware (42%). These are the predominant attack types that exploit the end-user and then take advantage of the VPN access point.

To strengthen defenses against such a broad spectrum of cyber threats, organizations should adopt secure access solutions leveraging a Zero Trust model. These solutions enhance defense by verifying each access request and limiting broad network access. They provide granular control at the application level, offering stronger protection against various cyber threats, including sophisticated attacks, compared to traditional VPNs.

VPN and Least-Privilege Access

In the face of escalating VPN vulnerabilities, security teams are compelled to prioritize prevention and containment strategies. Yet, a startling revelation emerges when these teams assess the efficacy of their VPN segments in curbing network attacks. A mere 2% voice doubts about the VPN’s capacity to restrict lateral movement effectively. This statistic is deeply concerning, especially in light of the increasing exploitation of VPNs, which often results in unauthorized lateral network access. It raises the specter of overconfidence, potentially opening the floodgates to further breaches.

Traditional VPN technology achieves segmentation through intricate network partitioning, which often deters organizations from pursuing more detailed segmentation. In response to this challenge, security teams are encouraged to explore Zero Trust technologies. These innovative solutions enable policy-based segmentation, bypassing the complexities of network segmentation. Offering superior granularity and ease of implementation, Zero Trust technologies can significantly enhance the confidence and effectiveness of security teams.

VPN Experience and Complaints

While VPN is universally used (96%), it is alarming to discover that a significant 81% of users report dissatisfaction with their VPN experience. This dichotomy creates a clear disconnect between the security and technology choices of IT and the preferences of end-users. As the greatest challenge with VPNs remains the subpar user experience, there is an evident and ongoing demand for improved access experiences. It’s crucial to remember that end-users, often considered the weakest link in the security chain, will seek workarounds if their demands are not met, potentially escalating security risks.

The most prevalent complaint among VPN users is the sluggish connection speed experienced when accessing applications via VPN with 28 % of users highlighting this as a critical issue. Other notable concerns include frequent connection drops (20%). difficulties in connecting to the VPN or accessing applications (18%). the complexity of the VPN authentication process (14%) and issues arising from Authentication problems (12%).

Overall VPN pose a multitude of user experience issues, ranging from initial connection challenges to problems during VPN connections and even productivity-inhibiting slowness once access is achieved. This underscores the need for a more user-centric approach to secure access. 

The Future of VPN

Exploring VPN Alternatives

VPN technology has been around for 30 years, and many organizations are seeking out technologies that can give them a competitive edge in the modern world of cloud and mobility. In fact, with increasing remote work and evolving cyber threats, finding efficient and secure access solutions has become a priority for over half of respondents (56%) who are considering alternatives to traditional VPN for remote access.

This indicates a significant shift in thinking as organizations seek out alternatives to network-centric security solutions and opt for an alternative that offers better security, enhanced productivity, more flexibility, and better operational efficiency.

Prioritizing Zero Trust

Adopting a Zero Trust strategy is increasingly important for organizations to enhance their cybersecurity posture in response to evolving threats, remote work challenges, and increasing VPN issues.

Three of four organizations (75%) view adopting a Zero Trust strategy as a priority for their organization, with 40% seeing it as one of their highest priorities. This sentiment resonates with the 56% of organizations contemplating alternatives to traditional VPNs.

Given the shifting cybersecurity landscape and persistent issues with traditional VPNs, it’s advisable for organizations to prioritize implementing a Zero Trust framework, which aligns with the move towards more secure and efficient remote access solutions.

Zero Trust Network Access (ZTNA) Adoption

The decision to adopt a Zero Trust Network Access (ZTNA) service marks a significant stride towards a comprehensive Zero Trust strategy, particularly in light of the challenges and limitations associated with traditional VPNs. As Zero Trust gains priority, ZTNA adoption follows suit, with a majority of organizations (59%) having adopted or planning to adopt ZTNA within the next two years.

As organizations chart their adoption course, they should consider solutions that embody essential Zero Trust principles and robust Security Service Edge (SSE) architectures. It’s important to remember that not all ZTNA solutions are created equal.

ZTNA as a VPN Replacement 

While the majority of respondents are actively planning on adopting ZTNA, it’s crucial that the chosen solution can effectively replace legacy VPN technology. A significant 78% of respondents believe that it’s important for a ZTNA service to fully replace VPN.

Despite most respondents advocating for full technology replacement, many ZTNA technologies on the market cannot fully replace VPN due to limitations on port and protocol support. When assessing a ZTNA, ensure that the offering can fully replace VPN and aligns with your business needs.

ZTNA and Beyond 

Another consideration for organizations is the extent to which a ZTNA solution integrates into a broader Security Service Edge (SSE) platform. 83% believe that it’s important for a ZTNA solution to be part of an overarching SSE strategy, with 35% viewing it as very or extremely important.

This could largely be attributed to the growing trend for organizations to move towards system unification and simplification. Security Service Edge (SSE) offers organizations a single platform for all their application access needs, encompassing not just private applications, but also SaaS apps and the open Internet. As your organization begins to assess a ZTNA service, ensure that it forms part of a larger security strategy so that the platform evolves alongside your needs.

2024 Budget Allocation

Changes in budget allocation for VPN infrastructure and remote access solutions are indicative of evolving priorities and strategies in response to increasing remote work demands and related cybersecurity challenges. Consequently, a majority of organizations (51%) have seen increased budgets for remote access solutions, with 13% reporting a significant increase.

Organizations should evaluate their current investment in remote access solutions and consider how to best utilize their resources, whether increasing or decreasing, in a manner that advances the business. Consider shifting funds towards more secure and efficient alternatives like ZTNA to future-proof your business and optimize not only cost but also security and user experience.

Methodology & Demographics

This survey was conducted in December of 2023 with a sample of 593 respondents, representing a diverse range of industries and organizational sizes. Respondents included IT professionals, cybersecurity experts, and decision-makers responsible for their organization’s network security and remote access strategies. The survey aimed to gather insights into current trends, challenges, and attitudes towards VPN infrastructure and alternative remote access solutions, reflecting the evolving landscape of cybersecurity and remote work practices. The data collected provides a snapshot of industry perspectives and practices in this domain.

__

HPE Aruba Networking helps businesses capture, secure, and transport data to users and applications from edge to cloud. Built on decades of reimagining the future and innovating to advance the way people live and work, HPE delivers unique, open, and intelligent technology solutions as a service. With offerings spanning Cloud Services, Compute, High-Performance Computing & AI, Intelligent Edge, Software, Storage, and now Security, HPE provides a consistent experience across all clouds and edges, helping customers develop new business models, engage in new ways, and increase operational performance. Learn how HPE can help you modernize your security with our holistic  HPE Aruba Networking  SSE offering. Learn More

Ready to experience the power of ZTNA as part of our SSE platform?  Take a free 24-hour test drive today!

__

Cybersecurity Insiders brings together 600,000+ IT security professionals and world-class technology vendors to facilitate smart problem-solving and collaboration in tackling today’s most critical cybersecurity challenges. Our approach focuses on creating and curating unique content that educates and informs cybersecurity professionals about the latest cybersecurity trends, solutions, and best practices. From comprehensive research studies and unbiased product reviews to practical e-guides, engaging webinars, and educational articles – we are committed to providing resources that provide evidence-based answers to today’s complex cybersecurity challenges. Contact us today to learn how Cybersecurity Insiders can help you stand out in a crowded market and boost demand, brand visibility, and thought leadership presence. Email us at info@cybersecurity-insiders.com or visit cybersecurity-insiders.com

 

 

The post 2024 VPN Risk Report appeared first on Cybersecurity Insiders.

No company or industry is safe from attack these days. Financial Services, Manufacturing and Healthcare were among the most impacted across the 3,205 compromises in 2023 — a 72% increase from 2021. Additionally, the average cost of a breach is $4.45 million. To make sure that they’re proactively keeping their organizations safe, security teams need the right tools and solutions to support them — especially when 59% say their teams are understaffed.

A major job function of a CISO is assessing security solutions for their organization — but what exactly should they be assessing? How will they know which tools will keep a major threat out, and which tools may fail at the time when they’re needed the most?

As the Chief Evangelist at Team Cymru, I’ve helped hundreds of CISOs evaluate new security tools for their organization that elevate their security teams above the competition to become a harder target to breach. According to security practitioners surveyed in our recent “Voice of a Threat Hunter 2024,” what makes a threat hunting program most effective is the tools. Here are nine factors to consider when evaluating a security solution to guarantee you’re making a wise investment.

1. Performance

Start with evaluating the performance of the solution, like whether it will be able to assess your data at a reasonable rate or handle your network capacities. Also look at what its performance will be in the real world, like whether it will perform without causing a flood of false positives — the key measurement here is accuracy of data and if it leads to successful outcomes when using it. You don’t want to purchase a tool only to discover after deployment that it doesn’t meet your performance standards.

2. Compliance and Standards Alignment

Also, consider how the solution enables you to better achieve compliance and standards alignment. If you happen to be in an industry that’s regulated, you really want to make sure that the tool is going to be able to meet your regulatory needs in a safe way and that the security tool on its own doesn’t violate any regulations or policies. That’s often overlooked, particularly around privacy. Arm your procurement teams with minimum acceptable criteria for security standards, ensuring that only those over the bar can join your roster of trusted suppliers. 

3. Integration

No one gets a new green field where you’re building a single monolithic system. Regardless where you are or move to, you’ll need to address how a solution integrates into your current systems. Integrations are almost certain to happen with either previous solutions you’ve inherited as the new CISO or with the disparate pieces of your complete footprint. Confirm with the vendor that your new solution can integrate with existing tools and can connect to each other seamlessly. Ask your security team leaders to create a vendor integration matrix — what needs to be connected to what, and why. This will help you understand where there may be overlap, but also an opportunity to consolidate further to save budget.

4. Automation and Scalability

Another consideration is how the tool achieves scalability through automation. One of the things CISOs overlook is they often buy a security solution for the network and enterprise they have now, but they fail to look at purchasing for what their organization will look like three or five years into the future. During evaluation, your security teams should be specifically instructed to assess how the tool can be automated, and the measurable gains of doing so — regardless if they will leverage it from Day 1.  You don’t want to quickly outgrow your investment within a year and have to then rebuild — start with scalability in mind. Understanding the business objectives helps feed into your overall strategy to scale.  Most Boards of large enterprise organizations have a Cyber representative, responsible for communication between the most senior layers and management within the organization. Maximize this relationship by providing strategic insights whilst gaining the long term visibility needed for more effective planning. 

5. Usability and Manageability

Additionally, using the tool is a very critical piece, but so is managing the tool. For example, if you have a large security team, all of those individuals will need accounts for the tool, if the suppliers license model isn’t favorable to large user counts, this will take budget and resources to happen. Use license scaling as part of your evaluation assessment to truly understand the long term investment impact. Make sure that the workflows built around these tools are something that your team can manage in a reasonable amount of time. Additionally, check to make sure that you’ll have sufficient support for your solution. Presumably, the vendor sells or offers support — check that their reputation is good by asking in forums or finding user reviews.

6. Cost Effectiveness

What often gets overlooked in the purchasing process is the cost of the solution relative to the risk that you’re trying to offset with it. For example, purchasing a solution that’s only used for a situation where the impact of the risk is actually far lower than the cost of the solution. Take into account not just cost but the lifecycle cost to begin with. 

7. Innovation and Future Proofing

Similar to scalability, another consideration is innovation and future-proofing. You don’t want to find out in a year that the solution you bought is already antiquated because technology or society has changed so much that your tool doesn’t work anymore. The recommendation is to obtain the vendor roadmap under NDA before or during an evaluation, ask them pressing questions about the future product vision, and establish if that fits your strategy. When you’re in the planning stages on what you are going to use and how you’re going to use it, consider what technology might be changing or what new technology might come on the scene. Obviously, it’s not possible to plan for every possible future outcome, but keep your ears open for what might be coming in the future. 

8. Reporting and Analytics

Next, consider reporting and analytics. Make sure that the tool is going to be able to tell you something meaningful. A tool that just produces graphs and charts may be useful to some of your team, but some of your team may need statistics. Some reporting that comes from it may need to go to the board. You want to be able to make sure that the tool can produce the type of data and results that you can communicate clearly and effectively to all the various stakeholders, whether they be the practitioners on the ground or whether they are in the boardroom. 

9. User Reviews and Case Studies

Finally, ensure both you and your team take time to read user reviews and case studies to learn more about which tools might be best for you. As a C-level executive, I receive all kinds of advertisements about products — and many of those are actually worthwhile reading, like the case studies that they publish. These allow you to see how someone else actually used this tool for the very same thing that you’re looking to use it for, or of equal value, knowing what to avoid investing in.

Finding Better Security Solutions Today

Your cyber landscape is likely going to expand, becoming more challenging to manage and exposed to an increasing array of sophisticated adversaries  — which is why security teams need the right tools and solutions to stave off those attacks. By evaluating a new solution’s performance, how it integrates, scalability, cost-effectiveness, and more, CISOs can be certain they’re not just investing in the right tool for today, but the right one for tomorrow as well.

 

The post 9 Factors to Consider When Evaluating a New Cybersecurity Solution appeared first on Cybersecurity Insiders.

The digital landscape is evolving rapidly, with it, the threats we face online. As cyberattacks grow in sophistication, so must the defenses that protect our sensitive information. Among the groundbreaking shifts in cybersecurity, one revolution is unfolding silently yet powerfully: the transition to passwordless authentication.

Passwords were once considered the backbone of digital security but had become more of a liability. Weak, reused, or stolen passwords contribute to a significant portion of cyber breaches.

The rise of passwordless authentication promises to eradicate these vulnerabilities by removing the need for traditional passwords. Instead, this innovative approach leverages cutting-edge technologies to enhance security and user convenience in equal measure.

Why Passwords Are Failing Us

For decades, passwords have been the first line of defense for digital accounts. However, their limitations have become glaring in an increasingly connected world.

Common Issues of Passwords:

• User Error: Most people find it hard to remember complicated passwords, with many falling into unsafe practices of writing them down or reusing them across platforms.
• Phishing Attacks: Cybercriminals have perfected the art of creating fake emails and websites that trick users into revealing their credentials.
• Credential Theft: Millions of passwords get exposed in breaches and go on sale on the dark web.
• Brute-Force Attacks: Automated bots can crack weak or common passwords in a matter of minutes.

Although measures like two-factor authentication (2FA) and password managers have offered improvements, they are not a perfect solution. The core problem remains: passwords depend too strongly on human behavior, which tends to be the weakest link in cybersecurity.

What is Passwordless Authentication?

Passwordless authentication removes the reliance on static credentials by employing more secure and user-friendly methods, such as:

• Biometric authentication: It authenticates your identity using fingerprint scanning, facial recognition, or voice recognition with no credential input.
• Cryptographic Keys (Passkeys): These are device-based tokens that leverage public-key cryptography to authenticate users securely.
• Magic Links and One-Time Codes: Sent over email or SMS, they authenticate your identity without a password.

The FIDO Alliance: Driving the Passwordless Revolution

One of the main forces in this change is the FIDO Alliance, an international consortium promoting open standards for secure authentication. FIDO protocols use public-key cryptography to provide a strong and phishing-resistant solution, dispensing with the use of passwords while ensuring that no sensitive information ever leaves or is stored on centralized servers; rather, authentication keys are stored on users’ devices.

The FIDO standard has been gaining adoption across different industries; the tech giants Google, Apple, and Microsoft have already integrated it with their respective ecosystems. With better interoperability and user-friendliness, FIDO is now fast-tracking the adoption of passwordless authentication globally.

The Benefits of Passwordless Systems

Passwordless authentication brings a set of benefits to both users and organizations, so this is a win-win solution. Key benefits are:

Advanced Security

Without passwords, attackers lose a major entry point. Key-pair methods like passkeys are resistant to phishing, brute-force attacks, and credential theft.

Seamless User Experience

Forgetting or resetting passwords is a common experience. Passwordless systems take that away, making access faster and smoother.

Cost Savings

Password resets are one of the single largest costs for businesses in time and resources. Eliminating passwords removes this burden completely.

Scalability and Flexibility

These systems adapt to various use cases, from personal apps to enterprise-level security.

Compliance with Privacy Laws

FIDO-certified passwordless solutions align with regulations like GDPR by reducing the amount of sensitive data stored on servers.

Industries Leading the Charge

Passwordless systems are being adopted in a variety of industries that require increased security and usability, such as:

Banking and Finance

Financial institutions are leading the adoption of passwordless authentication to protect sensitive customer data and smooth out digital transactions.

Healthcare

Patient privacy is a top priority, hence, passwordless systems provide a secure and HIPAA-compliant way to access medical records.

E-Commerce

Retailers are leveraging passwordless technology to minimize cart abandonment rates caused by forgotten passwords and to enhance customer trust.

Technology

Companies like Apple and Google are now embedding passwordless features into their operating systems, creating a ripple effect for other industries to follow.

Overcoming Challenges to Adoption

While its benefits are tremendous, the transition to passwordless authentication isn’t free of challenges:

Awareness and Education

Many users and businesses are unaware of passwordless technology or hesitant to adopt it due to unfamiliarity. Effective education campaigns are needed to bridge this gap.

Initial Investment

Upgrading authentication infrastructure can require significant financial and technical resources. However, the long-term savings and improved security justify the cost.

Legacy Systems

Integrating passwordless solutions into existing systems can be complex, particularly for older platforms that lack compatibility.

Despite such challenges, organizations that take cybersecurity seriously realize the crucial requirement to invest in modern authentication methods.

The Road Ahead: A Passwordless Future

Passwordless authentication is more than just a trend; it’s a shift in the paradigm of cybersecurity. By design, this approach mitigates the intrinsic vulnerabilities of traditional passwords and makes access to digital accounts more secure and user-friendly.

Organizations that embrace passwordless systems early will position themselves as leaders in cybersecurity, fostering trust among users and gaining a competitive edge.

As adoption continues, passwordless technology will become the standard, fundamentally changing how we approach online security. The silent revolution in cybersecurity is here, and it’s transforming the digital landscape one passwordless login at a time.

 

 

 

The post The Silent Revolution in Cybersecurity: Going Passwordless appeared first on Cybersecurity Insiders.

The unfortunate reality is that – for the safety of the people attending – security measures are now an absolute requirement in large public spaces, including performance venues, airports, train stations and even malls. While government, community, and public safety agencies pursue different approaches aiming to decrease the likelihood and frequency of potentially violent incidents, scientists are developing advanced technology solutions to help prevent them from occurring at the physical location. 

Security in Motion

At the heart of a preventative approach to public-venue protection is the development of “seamless security” using a combination of an optical camera, which includes a depth sensor, and millimeter-wave radar. Currently, traditional airport screening uses a form of this radar, but in a static fashion. A person stands still, raises their arms, and the system scans them. This method is effective; however, it can cause bottlenecks and delays when there are lots of people trying to get through the same entry.

Seamless security technology tries to accelerate this process by scanning individuals while they are in motion.

With a seamless-security approach, the camera tracks an individual’s movement as they are scanned by the millimiter-wave radar. By combining the tracking and the radar data, the system provides better resolution and imaging quality without disrupting the crowd flow. To expedite screening, the security scanning data can also be fed to an integrated monitoring system with overhead video surveilance technology. In high-volume traffic environments, this real-time data flow is a significant benefit. It can identify objects of concern as well as unusual behavior, thereby prompting any preventative action.

While there are privacy concerns about the use of security scanning, the system can be configured to not reveal privacy-sensitive data to the operator. As common in current airport systems, the operator only sees an indication of where the suspicious objects are on the person body and possibly an image of the suspicious object. The system does not provide images of people scans to the operators. The purpose is to screen for suspicious objects, notably forms like guns or knives, and not invade privacy. It is a no-touch system, unless additional action is warranted.

Applications for seamless security include:

• Avoiding long lines and crowds at train or subway stations by scanning people while they are on the move.
• Conducting more efficient screening at large public events (e.g., large venues, parks, stadiums).
• Using high-precision screening and identification at business entrances to verify the identity of those entering the location.
• Establishing unique security zones in a building to identify for additional screening.
• Monitoring people on escalators as they move between floors in a facility.
• Improving screening at mall entrances.
• Combining camera and radar-systems imaging to identify suspicious items as well as anomalous behavior.

Waves of Innovation Ahead

As development of seamless security progresses, the likely first iteration, within the next three to five years, will be for more predictable, semi-static environments, such as people moving along a corridor or escalator or less precise scanning of people in motion. Performing millimeter-wave precision imaging for people in free motion requires the combination of optical cameras and radar data, a technology under active development. This combination requires algorithms that track the motion from  the optical data and use the tracking to combine the radar data in a coherent way. The outcome is an accurate radar image, as if the person is scanned is a traditional static airport scanner.

To achieve this outcome, a security system requires four pillars—each containing an optical and a radar system—that coordinate to acquire a 360-degree screen of an individual. They can be placed along regular paths to provide non-invasive screening as people move along a building entrance, a stadium, an escalator or a business building corridor, for example.

A positive factor driving this development is that the costs of components needed for millimeter wave radar systems have come down, due to innovations predominantly in the automotive sector. A “system on a chip” pricing has made it more affordable to innovate new methods of large-venue security screening. 

Artificial intelligence (AI) will continue to play a role in the future of seamless security. AI can improve the image models through machine learning, leading to better scanning and more accurate imaging. In addition, AI systems can automatically recognize suspicious objects, such as guns, knives or explosive devices, and distinguish them from safe items (e.g., keys, smartphone). To address privacy concerns, AI can help mask images that are not relevant to security scanning.

AI will also detect anomalous behavior in an overhead surveillance system and prompt further action form the security personnel. It will also be used for general security practices such as facial recognition to match a person’s identity with an individual wanting to gain access to a building. The use of AI should not remove the involvement of a human to qualify the accuracy of behavior and identity issues, especially considering concerns over AI safety, possibility of AI hallucinations, and incidents of deep-fake fraud.

Right now, seamless security will be achieved using different sensing modalities like optical sensors and radar. Longer term, terahertz imaging also looks quite promising, as it can also penetrate clothing while providing more precise imaging. 

Ideally, seamless security in five or more years will combine biometric scanning for identity recognition and camera and millimeter wave screening for security scanning, giving people traveling in public spaces a more secure environment. As our security and identification needs evolve, technology follows to support them with improved hardware, algorithms and artificial intelligence. The goal should always be towards less intrusive yet more effective security systems.

 

The post Advanced Radar Screening Key to Safer Public Spaces appeared first on Cybersecurity Insiders.

Enterprise copilots and low code/no code capabilities are enabling business users to quickly and easily build new apps and automations throughout the enterprise, as well as process and use data at the speed of AI. Tools like Microsoft Copilot Studio take this a step further; business users can build their own copilots to drive the business forward. What’s more, business users can now build their own agents and AI apps that can act autonomously on their behalf. While this is great for productivity and efficiency, it also introduces new risks that organizations need to have a plan for as the march towards fully autonomous AI moves forward.

There are a lot of exciting new opportunities this type of technology brings. But as you’ll see below, low code/no code development can create significant risks. Security teams need to be able to keep up and establish proper guardrails to ensure that as bad actors find ways around native controls, that the enterprise’s crown jewels stay secure. They need to thread the needle, however, so as not to stifle innovation, but to keep the organization’s data secure by preventing data leaks and security back doors – and keeping AI from acting out of bounds.

New tools, new capabilities 

The proliferation of low-code and no-code platforms has revolutionized software development, enabling even those with minimal technical background to rapidly create complex applications. This democratization accelerates app deployment and reduces development costs significantly.

The ability to build copilots takes all of this activity and its possibilities a step further.  Business users can already easily build copilots to do things like read the transcript of a recorded interview, summarize it and send an email to the team. The next phase is not just building copilots and apps that act when prompted but also AI agents that can act autonomously on the user’s behalf – which is already starting. Zapier, for example, has released Zapier Central in beta form, and Salesforce’s Einstein Service Agent is applying this technology to the customer service realm. Individuals can now create a bot that acts as a personal assistant, for example.

Convenience and speed create security risks

The introduction of autonomous AI brings a new set of concerns that organizations must build guardrails around. That’s on top of some of the common challenges that come up when using low code/no code to build apps and automations: 

Overprovisioning access: If someone shares an application they’ve built with everyone at the organization, when only a select group needs it, that presents a risk. It might mean that even guest users or personal accounts in the creator’s tenant can now access that application – and the data it has access to. In the worst case, they can also misconfigure these to be shared openly to the public internet. 

Embedded credentials: Another common mistake is embedding a credential into an application rather than having a secure authentication method where that application should make a call to a password vault to make sure the credential is secure. So, if you hard-code a credential into the application or, you’re giving access to the username and password combo that can allow bad actors to do credential stuffing into all your different accounts across the enterprise and gain access to many things they shouldn’t have access to. 

Lack of visibility: You have no security visibility as to who is building what and what the ensuing risks are.  

With all of these factors, organizations have to carefully consider and construct a game plan for understanding things like:

• If AI and AI apps inherently have access to corporate data (which is more or less the whole point of them), what happens when we turn it loose?
• How would we be able to spot “bad activity” if it were occurring?
• How do we make sure AI isn’t accessing things it shouldn’t internally?
• How do we make sure what it returns to other apps, users and/or datasets is compliant and secure?
• How do we ensure that business users are consistently making the right and secure choices when building these bots or agents?

A safer approach is needed

The primary reason to use AI and to enable anyone to both use and build with AI is because it can parse through data sets quickly and automatically. It can process large data sets and information far faster than humans can; and people can harness that power to drive innovation and efficiency. 

So, when you’re developing AI apps, copilots, and agents, it’s critical to consider security because, even if you’re designing a copilot or extension to do a certain task and it’s only linked with a certain data set, AI is inherently going to teach itself to gain access to more data sets. Moreso, bad actors can also target these apps to take control over them (think remote copilot execution) and not only control what data goes out to users, but can also socially engineer them to click bad links, use bad information, and a whole lot more. 

Another concern with letting business users create their own agents and bots is that they are in charge of implementing security controls like access and authentication. As a result, bots and agents are often left exposed or accessible to too many people, leaving them vulnerable to prompt injection attacks, where anyone – bad actors or unknowing insiders – can jailbreak the copilot, bot or extension into doing something it shouldn’t, resulting in data leakage via prompt injection.

To fix the problem, one approach that’s been considered is data loss prevention (DLP), but this method has been around a long time and hasn’t fixed the existing issues of data loss where end users copy/paste sensitive data to the public internet, let alone the new or forthcoming ones. It’s time to take a practical approach in implementing an AppSec approach, putting more controls in place around the things that matter most.

IT and security teams must gain more visibility into what people are building, especially AI apps, since this is now happening outside the purview of traditional IT parameters and accessing deep swaths of corporate and public data. They also need visibility into what AI itself is doing of its own volition. Robust monitoring and scanning tools are essential, as well. Teams need to erect stringent guardrails on the back end so that sensitive data doesn’t get overshared. They need to design these guardrails in such a way that they provide security but don’t hinder progress and innovation.

Securing enterprise AI

People are starting to build their own agents and copilots and soon, they’ll be able to create ones that act on their behalf at work, like a virtual assistant. As these agents and copilots act autonomously, it’s a huge lift for security to understand data, business context and logic in order to protect the enterprise from access and authentication errors, data leaks and cyber-attacks. Only then can they make sound decisions that foster innovation. IT and security teams need visibility, monitoring and controls so businesses can flourish while keeping their data safe.

 

The post Creating a Copilot That Doesn’t Violate Security and Compliance appeared first on Cybersecurity Insiders.

Businesses are facing increasingly sophisticated threats from ransomware groups, hacktivists, and individual attackers. The 2024 Arctic Wolf Security Operations Report sheds light on the key trends shaping the modern threat environment and provides actionable insights for businesses to enhance their cybersecurity postures.

Troye technical director Kurt Goodall says one of the dominant themes in this year’s report is the evolving nature of cyber threats. “Despite the rapid advances in technology, tried-and-true methods like social engineering and exploiting unpatched vulnerabilities remain incredibly effective.”

“In fact, Arctic Wolf’s observations indicate that exploitation of known vulnerabilities with available patches outnumber the exploitation of zero-day vulnerabilities by 7.5 times,” he adds.

Furthermore, the report highlights a disturbing trend of increased phishing activity, with a notable 500% spike observed in just one month. Attackers continue to exploit world events, political upheavals, and natural disasters to lure unsuspecting victims. In April 2024 alone, phishing attempts surged by 150%, coinciding with major political announcements and occurrences as well as ongoing conflicts Russia-Ukraine and Israel-Hamas conflicts.

In addition, Arctic Wolf’s 2024 SOC report highlights the critical need for 24×7 security operations, with 45% of the security alerts issued by their SOC being generated outside of regular working hours and 20% occurring on weekends.

Identity: The emerging battleground

Identity and access management (IAM) telemetry has emerged as the most common source of early threat detection, responsible for seven of the top 10 indicators of compromise leading to security investigations by the Arctic Wolf SOC.

Unauthorised credential usage and account takeovers (ATOs) remain a significant concern, with infostealers like the Win32.Zbot trojan appearing in over 2,000 weekly instances. These findings underscore the need for businesses to implement robust IAM systems and continuous monitoring to mitigate identity-based attacks.

Manufacturers under siege

Goodall says manufacturers are increasingly becoming targets of cyber espionage and intellectual property theft. “More than 26% of alerts in this year’s report were related to threats targeting manufacturers, a staggering 2.6x higher than expected. This finding aligns with growing concerns about industrial espionage, particularly as certain countries push for industrial modernisation.”

Ransomware: A persistent threat

Despite law enforcement takedowns and growing distrust between ransomware groups, ransomware remains a major threat. Arctic Wolf Security Engineers responded to 158 ransomware attempts between May 2023 and April 2024.

Arctic Wolf notes that, “an effective SecOps function dramatically reduces the risk posed by ransomware.” Highlighting the importance of monitoring ransomware precursors such as initial access to the environment, the establishment of persistence, and the reconnaissance and exfiltration of data as a way to disrupt the attack chain of a ransomware attack.

The importance of vulnerability remediation

One of the simplest and most effective ways to mitigate cyber risk is through vulnerability remediation. Attackers continue to exploit core business applications like Windows 10, MS Outlook, and Cisco IOS, with many vulnerabilities remaining unpatched for months or even years. Organisations are urged to prioritise remediation efforts, as known vulnerabilities outnumber zero-day threats by 7.5 to 1.

The 2024 Security Operations Report emphasises the critical importance of around-the-clock monitoring and a robust SecOps strategy. Organisations that can effectively operationalise their cybersecurity investments, respond swiftly to alerts, and build resilience through vulnerability management and identity protection will be far better equipped to defend against modern cyber threats.

“As the report states, effective security operations is your best defence against today’s financially motivated attacks and government-backed espionage. For organisations seeking to safeguard their digital infrastructure, the report offers a comprehensive view of the threats they face and practical solutions to reduce cyber risk,” he concludes.

 

 

The post 2024 Arctic Wolf Security Report: Key insights and trends appeared first on Cybersecurity Insiders.

As more businesses move online, establishing an e-commerce channel is essential to meet buyer expectations for speed and convenience. But as more activity is conducted online, businesses face a rising threat that can’t be overlooked: business identity theft. This especially rings true for businesses serving other businesses, or B2B organizations. In 2024, over one-third of online merchants experienced business identity theft, posing a problem for a company’s bottom line, reputation and customer trust. 

Business leaders are more concerned about business payment fraud during the holiday season, and rightfully so, since business payment fraud attempts spike during this time. As criminals continue to get smarter, the damage from these attacks can impact business stability. With 96% of U.S. companies reporting being targeted by at least one payment fraud attempt in the year, it is important that businesses understand the risks and take action. Here are five common challenges businesses face with identity theft, and what you can do to stay ahead.

The Complexity of Business Identity Theft

Business identity theft is far more complex than consumer identity theft. It often involves large-scale financial fraud, tax evasion and supply chain manipulation. One of the simplest and most common tactics is email spoofing, where criminals impersonate a legitimate business email domain to commit wire fraud, attempting to trick companies into transferring funds or shipping goods by appearing as a trusted partner. In these cases, the attackers often have minimal information beyond the email domain itself, relying on deception to prompt quick responses.

Another tactic is the use of shell companies, which criminals create and then let ‘age’ to help appear legitimate. Some fraudsters also leverage recently inactive or defunct business identities to give their schemes a veneer of credibility. This issue is especially challenging in regions like the UK, where public databases make it easier for criminals to identify dormant or expired business identities to exploit. The result is often financial loss and reputation damage for the companies that unknowingly interact with these fraudulent entities. Staying ahead of these tactics requires companies to adopt advanced technologies, like AI and machine learning, to monitor for unusual behavior and detect fraud before it causes damage.

Rising Costs and Financial Repercussions

Business identity theft carries heavy financial consequences, from direct losses to the costs of recovering stolen funds. Unfortunately, many businesses can only recover a fraction of what is lost – most less than 10% of what is stolen. With the increasing sophistication of these crimes, recovery is becoming harder and more costly. Compounding the problem, many cyber and security insurance policies no longer cover wire or payment fraud, reflecting how widespread this threat has become. Business disruptions caused by fraud can also lead to downtime, missed sales opportunities and higher insurance premiums. To protect your bottom line, businesses must invest in solid security solutions.

Reputational Damage and Long-Term Impacts

The fallout from business identity theft goes beyond financial loss. When fraud occurs, it can shake the confidence of customers, partners and suppliers, undermining trust in the business. Once a company has been targeted, it may even face repeated attacks as stolen data is often resold and reused, sometimes resurfacing in new fraud attempts even years later. 

As many as 66% of consumers report they would not trust a company following a data breach. In some cases, legal or regulatory penalties can follow, adding further strain on a company’s reputation. Recovery can take years, and for some businesses, the trust they’ve lost is often never fully restored. This lasting damage to a brand, especially in a competitive market, can significantly impact growth and customer loyalty. Addressing identity theft is not only about preventing immediate loss but also about protecting the long-term health of the business.

Balancing Security with Customer Experience

Businesses must strike a delicate balance between enhancing security and maintaining a smooth customer experience. Adding layers of security, like multi-factor authentication, identity verification and fraud detection measures, can slow down the transaction process, potentially frustrating customers. However, neglecting these safeguards leaves businesses open to attacks. A common protective measure is limiting shipping locations to verified business addresses and preventing changes in transit—methods often used to deter fraudsters who gain access to accounts via business email compromise. In these cases, attackers may phish an employee to obtain access, then use the compromised account to place orders.

The challenge is to integrate these security measures in ways that don’t disrupt the customer’s journey, such as using fraud detection systems that work in the background without interfering with purchases. This balance is especially critical as flexibility in payment options plays a huge role in customer satisfaction—78% of buyers say invoicing is a must, and over half would switch to a different merchant if they offer flexible net terms. Balancing security and customer needs keeps your business safe while building loyalty and average order volume. In fact, TreviPay company research found that retaining a business buyer for seven years can lead to a 150% increase in revenue per customer, jumping to 240% after ten years.

Finding the Right Fraud Prevention Expert

Fighting fraud requires a lot of work. Given the complexity of identity theft and the increasingly sophisticated tactics used by criminals, businesses can benefit from partnering with external fraud prevention experts. These specialists can provide the expertise and tools needed to safeguard against emerging threats while allowing companies to focus on their core business operations. Leveraging third-party providers for real-time decision-making, credit risk assessments and transaction monitoring can help businesses stay one step ahead of fraudsters. As fraudsters use increasingly advanced technology to outsmart existing defenses, having a trusted partner with deep industry knowledge and the right technology is critical to ensuring long-term protection and peace of mind.

To ensure end-of-year sales are safeguarded during the busy holiday season, companies must recognize business identity theft is present, complex and can have long-standing impacts on customer trust and public reputation. Leveraging partners with fraud prevention tools and expertise can also help quickly combat suspicious transactions, while allowing business leaders to focus on driving revenue and meeting buyer payment preferences. By offering seamless, consistent and financially secure experiences, businesses can boost buyer loyalty and order values for the holidays and beyond.

 

 

The post 5 Identity Theft Challenges Every Business Needs to Tackle appeared first on Cybersecurity Insiders.