Author: Jane Devry

Artificial Intelligence (AI) is fast transforming modern businesses, they are now beginning to understand the importance of risk and compliance – not only as regulatory checkboxes but as critical components of successful AI integration.

Historically, these activities have been sidelined, as they often seem to lack direct value or innovation. However, AI’s growing role has changed the game, creating a compelling reason for IT departments to address risk and compliance with renewed focus and urgency.

Preparing for AI readiness requires a solid framework that can manage data integrity, security, and compliance, ensuring that organisations maintain control and mitigate risks effectively. Here are some critical steps to consider.

Defining your data estate

AI’s effectiveness relies on well-organised, accessible data. The first step toward readiness is defining your data estate, a process that involves cataloguing all data sources, locations, and formats across the organisation.

With AI’s ability to process and analyse large datasets, an incomplete or poorly mapped data landscape could result in inaccurate insights or overlooked assets. Identifying all data points also reveals hidden risks, from compliance liabilities to potential vulnerabilities, allowing organisations to address these proactively.

Completing cloud migration

Cloud environments have become the standard for handling modern AI tools, given their superior data management capabilities compared to traditional on-premises systems. Migrating to the cloud enables organisations to leverage mature, built-in tools for data governance and policy management, as well as scalable computing power essential for AI applications.

Argantic, a renowned Microsoft Solutions Partner within the Turrito group of companies, recognises this shift in infrastructure as it partners with, a respected Microsoft Solutions Partner, to provide enhanced cloud support. This partnership helps internal IT teams with the complex task of cloud migration, from design and implementation to ongoing optimisation and support.

Ensuring proper data access controls

One of AI’s unique capabilities is to turn ordinary users into “super searchers,” allowing them to uncover data they may not have previously accessed or known about. Consequently, establishing proper data access controls becomes vital. By limiting access to only the data each user needs, organisations reduce the risk of sensitive information being inadvertently exposed or misused.

This step not only safeguards proprietary data but also ensures compliance with data protection regulations, such as GDPR, as AI-driven searches can lead to unexpected privacy implications if unmanaged.

Defining data loss, sharing, and retention policies

AI’s integration into day-to-day operations brings increased attention to data handling policies. Data loss prevention, controlled data sharing, and retention policies must be well-defined and directly tied to data files, enabling these policies to persist as data moves within or outside the organisation.

Properly applied data policies help maintain data integrity, reduce the risk of leaks, and ensure that outdated or unnecessary data is systematically purged, avoiding clutter and compliance violations.

Addressing shadow AI usage

As companies test the waters with new AI tools, a common trend has emerged: senior staff experimenting with these tools outside of IT’s oversight. This ‘shadow AI’ activity, while innovative, raises serious concerns over unauthorised access to sensitive data and unmonitored data movement.

Companies are increasingly reaching out to experts like Argantic for assistance in creating safe boundaries for AI tools, ensuring that any exploration remains within compliance guidelines.

Empowering internal IT teams for the AI-driven future

For internal IT teams tasked with managing these changes, the burden can be significant. AI adoption places extra demands on teams that may already be stretched thin, dealing with legacy systems that are costly and rigid.

Offering specialised Microsoft and compliance expertise, Argantic empowers internal IT departments with the agility they need to handle the increasing complexities of AI, cloud migrations, and data governance.

Garry Ackerman, Argantic director, noted the advantage of providing tailored support to mid-market organisations that may lack extensive in-house resources. “Through this partnership, internal IT teams gain access to skills and support only as needed, ensuring they can focus on core activities without being sidetracked by ongoing AI management and compliance projects.”

AI adoption is a powerful tool for innovation, but it introduces risks that business leaders must be prepared to manage. Addressing these risks head-on with a comprehensive compliance and data governance framework will pave the way for successful AI integration.

As the company illustrates, the right partnerships can strengthen IT teams and set a strong foundation for the future, empowering organisations to fully harness AI’s potential within a safe, compliant, and well-managed environment.

The post Preparing IT teams for the next AI wave appeared first on Cybersecurity Insiders.

SecurityBridge, the Cybersecurity Command Center for SAP, has launched its latest advancement: Virtual Patching. This innovative feature enhances SAP security by delivering automated protection for unpatched SAP systems starting on SAP Patch Day.

Virtual Patching serves as a cross-platform solution that seamlessly integrates SecurityBridge’s Patch Management and Threat Detection modules. It provides real-time defense against vulnerabilities by notifying SAP administrators whenever unpatched code is identified. This ensures that affected SAP systems remain protected until official patches are available, enabling administrators to adhere to their patch management processes without sacrificing security.

“Our cross-functional innovation in Virtual Patching underscores SecurityBridge’s leadership in SAP security,” remarked Holger Hügel, Product Management Director at SecurityBridge. “With this 100 percent automated approach, SAP systems are safeguarded from the first moment a vulnerability is disclosed, ensuring continuous protection.”

Key Features of SecurityBridge’s Virtual Patching Include:

  • Automated Threat Detection: Alerts are generated exclusively for impacted SAP systems, ensuring that notifications are targeted and relevant.
  • Pre-configured Signatures: SecurityBridge updates its Threat Detection signatures via the cloud, eliminating the need for manual system updates.
  • Patch Day Protection: SAP systems are automatically shielded from vulnerabilities when new SAP SecurityNotes are issued on Patch Tuesday.

Following the release of version 6.30 in early October 2024, Virtual Patching is now part of the SecurityBridge Platform subscription, positioning it as an essential tool for enterprises aiming to enhance their SAP security operations.

The post SecurityBridge Unveils Automated Virtual Patching to Protect SAP Systems from Vulnerabilities appeared first on Cybersecurity Insiders.

As global elections reshape the political landscape, the future of financial crime regulation and enforcement hangs in the balance. Explore how changing leadership across major economies can influence financial integrity, compliance, and global sanctions, and learn how businesses can proactively adapt to these shifts

A Pivotal Election Year: Shaping Financial Crime Regulation

In one of the most consequential global election cycles in recent history, the implications for financial crime regulation and enforcement are coming into sharp focus. In 2024, countries representing over three-quarters of the world’s population have voted or are heading to the polls, and political transitions will inevitably bring significant changes to how governments manage financial crime and international regulations. For businesses and financial institutions, this is an era of both uncertainty and opportunity.

Financial Integrity of Election Processes

Particularly notable in a momentous election year is the issue of financial integrity of election campaigns, candidates and political parties, which has come under increasing scrutiny globally. Scandals or allegations around campaign financing have featured in many of this year’s elections. This is reflected in demand from competent authorities for Kroll’s support in this area, as part of efforts to help restore and build public trust in electoral systems.

Political Shifts and Financial Crime Regulation

Financial crime encompasses a broad range of illicit activities involving the misuse or abuse of financial systems and institutions for unlawful gain. It includes offenses such as fraud, money laundering, sanctions evasion, bribery, corruption, terrorist financing, tax evasion and cybercrime.

Promises to crack down on corruption often feature in political campaigns, in both developed and developing countries. In recent years, increased political pressure on regulators has impacted enforcement action and the tone from the top. While regulation and enforcement mechanisms in advanced economies typically maintain a certain degree of independence from the political process, elections can lead to significant shifts in the focus and intensity of financial crime regulation and enforcement.

For example, in the U.S., the emphasis of a Harris-led government may be quite different than a potential second Trump administration. Under Biden-Harris, the administration has placed a significant focus on global efforts to counter corruption, “kleptocracy” among authoritarian governments. Initiatives like the Summit for Democracy have seen democracies worldwide coming together to combat corrupt regimes. This has impacted how the U.S. approaches financial crimes on a global basis. Often, a change in administration can lead to either tougher or lighter-touch regulations and enforcement, also reflecting the state of economies and the need perceived by politicians to lighten the regulatory burden on companies to support economic growth. Of course, in financial crime, this can be counterproductive and make economies less stable and more vulnerable. Businesses need certainty and need to know their money will be safe and that they are operating in countries with high standards of integrity and rule of law.

Sanctions in a Changing Political Era

Sanctions regimes are another area where political change, including foreign policy, could result in significant shifts. During his first term, Trump was known for his aggressive stance on sanctions, particularly against Iran. If reelected, he could take a tougher approach on security concerns with Iran and trade relations with China while taking a different approach to the Russia-Ukraine conflict.

This shift may change the focus of challenges that financial institutions have faced with Russia-Ukraine sanctions, but it also could introduce new challenges. Financial institutions must be prepared to adapt quickly to the changes, not just in the entities targeted by sanctions but in the complexity and nature of these sanctions.

The changing nature of sanctions will require businesses to have flexible, dynamic compliance systems. Institutions must be ready to implement systems that can respond swiftly to these new realities.

The Role of AI in Financial Crime and Sanctions Compliance

Similarly, regulatory approaches to artificial intelligence (AI), which is quickly becoming a critical tool in tackling the challenges of financial crime, vary considerably and may change or evolve as a result of the outcomes of this year’s global wave of elections. 

Regulatory uncertainty notwithstanding, AI is likely to play a growing role in combating financial crime, managing sanctions and ensuring compliance. Its ability to process vast amounts of data efficiently makes it indispensable for financial institutions. However, AI is not a one-size-fits-all solution. For institutions with multiple legacy systems and data integrity and management challenges, implementing AI without fully understanding its underlying issues could exacerbate existing compliance problems.

AI can help streamline processes, making compliance more efficient and accurate. But without proper oversight and expertise, it could lead to unintended consequences. AI must learn from something, and if the former practice has not been effective, then it may simply optimize ineffective controls and give firms a false sense of security. This is where professional firms come into play, offering the expertise to evaluate an organization’s readiness for AI and helping develop tailored solutions that align with their specific compliance needs.

Navigating Global Regulatory Fragmentation

One of the most significant challenges facing financial institutions today is the potential for greater fragmentation in the implementation of global standards. As nationalism and protectionism rise, we may see this undermining collaboration across borders and the more joined up approach to fighting financial crime that we need. Challenges to a single, global standard may continue to rise, making it difficult for international institutions to maintain a globally consistent compliance strategy.

Financial institutions must now navigate a world where multilateral solutions are increasingly difficult to implement. They are facing competing or even conflicting demands that often vary across jurisdictions.

In some parts of the world, political polarization and instability have contributed to an erosion of trust and transparency in local institutions. This has led global financial institutions, for example, to derisk from certain jurisdictions and operations over concerns that AML and financial crime regulation and compliance are not sufficiently robust.

As global regulations, or at least their implementation by national authorities, face the prospect of fragmentation, financial institutions must be prepared to flex their compliance strategies depending on the country they are operating in. This will require greater agility and a more nuanced understanding of local political dynamics.

Staying Ahead: Adapting to an Evolving Regulatory Landscape

The 2024 election cycle has significant implications for how governments handle financial crime, sanctions and compliance. Whether it’s a shift in U.S. focus or European countries pushing for stronger AML regulations, the global regulatory landscape will continue to shift. For financial institutions, staying ahead of these changes means investing in dynamic, adaptable systems and leveraging technology to improve efficiency, effectiveness and compliance. However, implementing these solutions requires careful planning and expertise.

As financial crime regulation becomes more complicated, businesses must remain vigilant, agile and prepared to respond quickly to shifting regulatory demands. Whether dealing with new sanctions or ensuring the financial integrity of election processes, the stakes have never been higher.

 

The post Elections and Financial Crime: Navigating a Shifting Landscape appeared first on Cybersecurity Insiders.

Threat intelligence can help identify a threat actor’s motives, targets, and behaviour, all while isolating threats before causing harm.

In September, Transport for London suffered a significant data breach that greatly impacted Londoners. Live data feeds to travel apps have paused, and 30,000 employee passwords are due to be reset. Only a month later, the Internet Archive suffered a monumental breach, with over 31 million users’ data hacked.

Cybercrime is continually on the rise all over the globe, and artificial intelligence (AI) advancements make the situation worse rather than better. As of April 2024, there have been 7.78 million cyber attacks on UK businesses, with 58% of UK companies experiencing this growing issue. Seeing the numbers as well as the staggering costs of the attacks, many organisations wonder what more they need to do to protect themselves from proliferating cyber threats.

According to Oxylabs, a leading web intelligence collection platform, a focus on proactive rather than reactive cyber defence measures might help identify some threats before they strike. Combining threat hunting –­ a proactive approach to identifying and isolating cyber threats, with threat intelligence – publicly available data on cyber actors, their motivation, and emerging techniques, can help businesses gain an upper hand in the never-ending battle.

Vaidotas Sedys, Head of Risk at Oxylabs, said, “A growing number and impact of cyber incidents call for changes in how organisations respond to threats. A reactive approach is expensive in many ways and might bring financial and reputational damage as well as harm to clients if their data is affected. Threat hunting is a proactive approach. Cyber teams go out into the wild and proactively identify potential risks and threat patterns, isolating them before they can cause any harm.”

A threat hunting team requires specific knowledge and skills. These teams consist of various professionals, such as threat analysts, analysing available data to understand and predict attacker’s behaviour; incident responders, reducing the impact of a security incident; and cybersecurity engineers, responsible for building a secure network solution capable of protecting the network from advanced threats. 

“Specialists use a combination of tools that help in threat hunting”, added Sedys. “Most employ security information and event management (SIEM) systems that collect event log data from various sources and analyse it in real-time to identify deviations. Intrusion detection systems (IDS) enable network monitoring for suspicious activity, while Endpoint Detection and Response (EDR) security systems combine continuous real-time monitoring and collection of end-point data with a rule-based automated response.”

However, for threat hunting to be effective, it needs proper intelligence. Threat intelligence uses various sources to gather relevant data points encompassing technical data, Social Media Intelligence (SOCMINT), Human Intelligence (HUMINT), and Open-Source Intelligence (OSINT). The latter usually refers to publicly available web data that can be gathered from the Internet using web scraping tools.

Sedys continued, “OSINT contains information from public websites, open forum chats, dark web marketplaces, and many other open sources. Monitoring these spaces can help companies identify their vulnerabilities. OSINT uses publicly available information, meaning companies don’t have to invest in resources to access classified or restricted data. Modern data scraping tools, powered with advanced AI and machine learning (ML) features, are significantly improving the threat intelligence collection process as they enable pulling and analysing raw data in real-time.”

Advancing AI capabilities is also changing how businesses approach and combat cyber risks, with cyber specialists experimenting with various AI solutions to enhance threat hunting and intelligence efforts. 

“AI algorithms can analyse massive amounts of information, such as network traffic, systems logs, and user behaviour data,” added Sedys. “Specific patterns and deviations that might be unnoticeable to the human eye can suggest a potential threat. AI-powered threat detection also includes historical threat data analysis, being the basis for predictive model development. Speed is the main advantage of using AI-driven technologies. Such systems can monitor and detect anomalies in nearly real-time, which is impossible for cyber teams that rely solely on human intelligence.”

“We must learn from the damaging cyber incidents we’ve seen lately. Threat hunting and intelligence is the way to proactively search for cyber threats using an organisation’s internal and external data, helping detect risks before they cause any real damage. Enhanced AI-based systems are also helping to automate risk identification processes, including real-time web data collection and analysis. Organisations must enhance their threat intelligence systems before they succumb to impending attacks,” concluded Sedys.

The post Disastrous cyberattacks show organisations need to be more proactive in defence, says Oxylabs appeared first on Cybersecurity Insiders.

In recent years, the alarming surge in ransomware attacks has left small to mid-sized businesses (SMBs) grappling with unprecedented security challenges. The exponential increase in cyberthreats has not only compromised sensitive data but has also translated into significant downtime and financial burdens for these organizations. Continuous attacks on SMBs not only result in millions spent on recovery, but also erode customer and stakeholder trust. The aftermath of a successful ransomware attack can be devastating, causing long-lasting damage to a company’s reputation. The perception of insecurity may also deter potential customers and partners, further hindering the growth and sustainability of the business.

One of the most notable reasons SMB’s have become such a prime target for repeated attacks is due to the sheer ease at which hackers can successfully penetrate internal defenses. It is no secret that small businesses operate on limited security budgets and often find themselves relying on outdated and minimally managed IT systems. This combination of factors creates a tantalizing opportunity for cybercriminals to continuously exploit known vulnerabilities and capitalize on weakened security defenses. 

Prioritizing Cybersecurity In Your Business Strategy

The growing complexity of digital transformation has also made it more challenging for smaller firms to stay on top of security. With phishing getting more targeted and ransomware more sophisticated, business owners are becoming overwhelmed with the never-ending project of evolving their security posture. Often, small business owners tend to underestimate the importance of a well rounded cybersecurity plan and instead believe they are too insignificant to be targeted by cyber incidents. However, the truth is that these businesses often harbor valuable data, customer information and financial assets, making them attractive targets for malicious actors. In fact, threat actors are not particularly picky in their target selection process – their business model relies more on numbers than on quality of targets, accruing large quantities of potential victims in the expectation of a percentage of those resulting in financial payout.

It is imperative for small business owners to prioritize cybersecurity as a fundamental component of their overall business strategy. This strategy should encompass regular software updates, employee training to recognize and thwart social engineering and phishing attempts, and the establishment of a robust incident response plan. Additionally, investing in modern cybersecurity solutions, even within the constraints of a limited budget, can significantly enhance the organization’s defenses against cyberthreats. Risk is constantly evolving, and managing that risk is essential to a strong cybersecurity program and crucial to operational resilience.  

Understanding and implementing powerful data protection is more than just a legal obligation – it’s also a business enabler. Without the trust and support of a loyal customer base, businesses are likely to falter. But the challenge of cybersecurity in a world with sophisticated hackers with advanced cyber tactics means that you can’t just plug a few holes and hope for the best. It requires a carefully thought-out risk mitigation plan that takes an effective approach to recognizing vulnerabilities through an established monitoring system that swifty detects and mitigates possible threats via patch management. But resource-limited SMB IT teams have an enormous workload to deal with and unfortunately vulnerability patching is just one of those things that gets put on the back burner. This then creates gaps in patch deployment that provides hackers with the perfect environment to heavily exploit known vulnerabilities.

Automating Patch Management Drastically Reduces Stress

Overworked security teams often view the concept of patch management as a highly-disruptive, time consuming process that threatens day-to-day operations due to required downtime. As a result, vulnerabilities either go undetected or are slow to receive a consistent patch schedule. Outsourcing key IT systems can greatly reduce the stress a business owner can feel in attempting to secure everything in house. But those types of organizations often deal with long to-do lists that are associated with developing, monitoring and maintaining the overall compliance and security of their clients’ programs. As a result, it can be easy to fall behind and struggle to enforce proper security standards. This is why a holistic automated approach to patch management can streamline the process significantly while alleviating additional tasks for owners.  

Consistent patch management is an essential tool to have in the cyber toolbox. Automated patch management systems are pivotal to streamlining the identification, testing, and deployment of patches across the IT infrastructure. This level of automation ensures that critical updates are applied promptly, reducing the window of opportunity for attackers to exploit weaknesses. Moreover, fighting automation with automation minimizes the margin for human error, a crucial factor in the fast-paced world of cybersecurity where the speed of response is paramount.

Allowing system patches to be placed on autopilot and achieve patching consistently throughout the ecosystem greatly reduces the need to schedule emergency maintenance windows or reboots. Additionally, it minimizes the amount of time and resources dedicated to lengthy risk analysis and coordination between security teams and business leaders. Finally, automating the deployment of security patches means that organizations can confidently remain compliant and secure on an ongoing basis.  

Finally, small businesses must remember that there is still a human factor to consider when establishing powerful security measures. Human error, while completely unintentional, can open the door for phishing attacks, privacy breaches and malware exploitation. From failing to install software security updates in a timely manner, to weak passwords to accidentally providing sensitive information to the wrong person, employee error can manifest itself in a variety of ways that makes the business an easy target. Business owners can flip the script and encourage responsible internet practices, enforce password security, and adopt multi-factor authentication or VPN tools, so that employees can confidently acquire the skills to promptly identify, respond to, and mitigate threats.

In the current threat landscape, it is more critical than ever before for senior leadership in businesses of any size to carefully assess their cybersecurity initiatives. Developing robust and proactive strategies to navigate an aggressive battlefield can instill confidence in both employees and owners as they strive to enhance their security posture. 

 

The post Cyber Expert Points SMB Leaders to Patching as Important Tool for Avoiding Attacks appeared first on Cybersecurity Insiders.

Staying on top of customer expectations in the digital age means adopting new software at a dizzying pace. Enabling a remote workforce also requires provisioning dozens of SaaS apps and online productivity services. Juggling these business imperatives while keeping data secure can quickly become a CISO’s worst nightmare. Shadow IT risks swelling out of control, and cloud sprawl knows no bounds. Yet, refusing to evolve is not an option if you want to stay competitive.

So, how do you allow safe use of new, cloud-based IT resources without compromising governance or risk management? How do you avoid letting your attack surface grow exponentially while still moving fast? 

It requires constructing flexible guardrails through policies and tools that secure data and access across all environments. The good news is that finding a balance between agility and oversight is possible, even in the chaos of digital transformation. The key is taking a governance-based approach that educates employees while still allowing productivity.

What is Shadow IT and Why Does it Matter?

Before examining solutions, you need to understand the heart of the problem – what exactly is shadow IT, and why does it create so much business risk? At a basic level, shadow IT refers to any hardware, software, servers, services or data that employees use or access for work without IT’s approval or oversight. 

Sometimes, shadow resources are hosted as public cloud containers or spun out as serverless functions. Other times, they are simply a SaaS app, analytics dashboard, or productivity tool that employees sign up for to fill a need without considering security.

No matter what form shadow IT takes, the dangers are two-fold:

1.Visibility Gaps: IT and security teams need more insight into what data is processed and stored outside sanctioned systems. There is no chance to enforce data governance policies or ensure regulatory compliance.

2.Expanded Attack Surface: Each shadow IT solution likely relies on an internet connection and has some vulnerability that hackers could exploit as a backdoor into corporate networks, providing more ways to breach sensitive systems.

Plenty of high-profile hacks have originated from shadow IT, including the identity and access management company Okta. Not only does this show that these risks are real, but with digital transformation accelerating and cloud adoption ubiquitous, stamping out shadow IT completely is no longer realistic. The key is implementing flexible guardrails to balance security with employee productivity.

Constructing Pragmatic yet Effective Security Guardrails

So, how can your organization allow some safe use of shadow IT resources while still enforcing good data hygiene and access controls? It requires a multi-pronged approach:

Lead with Governance and Oversight

IT departments should focus first on improving the governance of sanctioned apps and resources before chasing every potential shadow risk. Ensure you have:

Comprehensive policies: Set enterprise policies for acceptable use of devices, networks, services, and data with specific security protocols required for cloud solutions. Make it easy for employees to request formal approval of new tools.

Asset inventories: Maintain current inventories of hardware, devices, software systems, and cloud services used across the business. Identify all dependencies and data flows. Use this baseline for audits.

Visibility tools: Install network traffic monitoring, endpoint agents, or user behavior analytics software to detect the use of unsanctioned apps and services. Many solutions specialize in identifying shadow-hosted containers or serverless workloads spinning out of control, and some offer features to evaluate container security configurations. Cloud Access Security Brokers (CASBs) also provide visibility into sanctioned and unsanctioned SaaS apps.

Risk assessments: Conduct in-depth cyber risk assessments to understand your weak points and refresh regularly as new shadow IT resources pop up. Quantify potential data breach costs or IP losses if containers are misconfigured.

Educate Staff on Security Best Practices

When adopting new tools, your employees likely intend to avoid putting company data at risk. They simply want to be more productive. Make security awareness training mandatory for all staff covering topics like:

  • Proper access controls and authentication protocols for cloud-based or container workloads
  • Dangers of overexposed container services or servers
  • How breach costs directly hurt bottom lines and bonuses
  • Easy procedures for requesting IT to vet and approve new apps or tools

Friendly reminders on security tips related to shadow IT usage should be persistent across internal communications, from emails to Slack messages to breakroom posters.

Focus on Securing Data Itself

Accept that some shadow IT usage will slip through the cracks no matter what. To complement governance and education, technical measures for securing sensitive data itself are necessary as a final line of defense. This data-centric approach puts safeguards directly around the company’s crown jewels.

Implement strong data classifications: Classify all enterprise data by sensitivity level (public, internal, confidential, restricted) and encrypt appropriately with keys controlled by IT security teams. This limits damage if employees misconfigure containers and data is exposed. Confidential data warrants finer-grained classifications like customer PII, financial records, product IP, etc.

Enforce rights management: Control usage authorization of classified data via identity and access management policies and privileged access tools. Integrate classifications with cloud access policies. This will disrupt malicious insider threats even if they access shadow IT resources.

Install data loss prevention software: Deploy DLP software on employee endpoints to detect risky data exfiltration behaviors, like copying databases or code repositories to personal drives or unsanctioned cloud storage services. DLP can also block restricted data from being uploaded—couple this monitoring with user education on responsible data handling.

Segment cloud workloads: Use micro-segmentation, VLANs, and security groups to isolate different cloud workloads from other production infrastructures based on their classification levels. Limit the blast radius of any breaches originating from shadow resources like contaminated containers or serverless functions that gain unauthorized access. This technique complements zero-trust architecture.

Practice least privilege access: Provide employees and applications minimal access to data stores based on their role and intended usage. Blaming blanket access is unnecessary if shadow IT components become compromised. Integrate legacy systems with cloud access brokers and identity providers to enable this at scale.

The key insight is that while governance and education aim to reduce shadow IT risks on the front end, securing sensitive data acts as the last line of defense if all else fails. A resilient data-centric approach limits the impact of inevitable shadow IT usage while still enabling your company to capture the productivity benefits of the cloud.

Sustaining Security in the Cloud Era is About Balance

There you have it – establishing pragmatic guardrails to secure shadow IT is possible by combining oversight, training, and data-centric protections. Of course, this also allows employees the freedom to safely leverage new technologies that drive competitive advantages, like cloud services, data analytics, and container platforms. With the right balance of flexibility and governance, your organization can securely embrace digital innovation rather than restrict it.

 

The post Establishing Security Guardrails in the Age of Shadow IT appeared first on Cybersecurity Insiders.

Companies expect their investments in AI to unlock worker productivity, improve the customer experience, and boost revenue — but how, exactly, is this going to happen? The devil is in the details, namely, solving for inefficiencies in document workflow.

Oft-overlooked, everyday tools like document and PDFs are where AI can be transformational. A Forrester survey of 402 PDF and document tool users and 116 decision makers found that organizations leveraging AI realize higher levels of employee satisfaction.

More importantly, they spend less time on tedious work. 

Put another way, 66% of respondents said employees spending time on manual work better left to AI reduces time spent on primary work. Further, 62% said this damages the customer experience, and 56% cited negative impacts to brand reputation due to document errors.

The Cost of Lost Time

PDFs move throughout an organization like the connective tissue of an organism. They are the vehicle for communication, collaboration and workflows that impact strategy, innovation and engagement. PDF workflow directly impacts the employee experience.

Unfortunately, projects aimed at improving the employee experience often fall to the bottom of the priority list. While nearly 70% of respondents admit that operational processes supporting document tasks are very manual, nearly half have not yet leveraged AI to fix this.

On average, survey respondents said they’re using eight tools for their PDF and document needs, many of them outdated, lack automation, and integrate poorly. Each tool has a learning curve and its own interface. An employee might have a tool for e-signatures, another to edit PDFs, another for document scanning, and yet another for collaboration.

As a result, employees are left to fend for themselves. Many employees spend their days doing manual, repetitive work. This adds up to roughly an entire day of the workweek lost, not to mention the toll on employee satisfaction. A majority of employees (56%) admit that this lost time means they don’t have enough time to do their primary work.

How Can AI Help?

The good news is that AI can pick up some of this manual work and free up employees. When asked exactly how AI can help, two-thirds of respondents cited document and text summary creation as the most valuable, followed by document redaction and content explanation.

Data Extraction: AI can interrogate blocks of data, extract relevant information, and summarize content or provide answers to questions. This will free up employees because 80% of data extraction is done manually today. Employees have to physically look at a document, extract fields, and enter them into another application.

Document Redaction: Employees also spend an inordinate amount of time manually searching documents and redacting sensitive information, such as personal identifiable information, credit card numbers, account numbers, etc. The stakes are high. Compliance failures, hefty penalties, and a brand’s reputation all hang in the balance — and human error is inevitable. But AI done right can automatically prevent sensitive information from seeing the light of day. 

PDF Editing: In hundreds, perhaps thousands, of documents, inaccuracies and inconsistencies abound. They often come from sources themselves, where someone may indicate they’re married on one form and single on another. Employees are tasked with comparing documents and identifying problems, but AI that knows what to look for can catch them automatically.

Tackling the PDF Problem

Wrangling documents and freeing up employees to be more productive on things that matter requires organizations to recognize that they have an employee-experience problem and then commit resources to fix it. To be fair, this can be a challenge given that many companies are focused on sweeping, transformative projects.

How to get started? Companies should consolidate their PDF tools into one that leverages AI. A whopping 80% of respondents said an all-in-one platform would be valuable or extremely valuable. A single tool with AI automation features enables employees to do their best, most efficient work.

Companies, of course, will have to review and revise each piece of the document process before introducing AI. They’ll need a good handle on existing inefficiencies, from unnecessary and repetitive steps to overtly labor-intensive tasks, so that they can pinpoint areas to standardize and automate.

Automation Leads to Autonomy

Fixing the PDF problem with AI will lead to a lot of business benefits, but the one that sticks out the most is a better employee experience. AI will give employees more autonomy to develop automations, generate documents, redact documents, and summarize content. In essence, AI can become a kind of super assistant to offset labor-intensive tasks and help employees get their work done.

 

The post How AI Transforms the Employee Experience appeared first on Cybersecurity Insiders.

Today’s organizations face a daunting challenge: effectively and at scale detecting and preventing web scraping attacks. These attacks, which involve automated data extraction from websites, can have far-reaching consequences, ranging from increased infrastructure costs to the loss of sensitive information and intellectual property. 

Web scraping attacks pose a unique challenge due to their versatility and adaptability. Unlike other forms of automated abuse, such as account takeover or denial of inventory attacks, web scraping can target any application or endpoint within a domain. This breadth of potential targets makes detection and mitigation particularly challenging,  mainly when traditional approaches rely on application instrumentation, adding complexity and delay to development workflows. 

Key Challenges in Prevention 

Scraping attacks have the potential to occur throughout an organization’s domain, unlike other automated forms of business logic abuse that tend to target specific applications and related endpoints. For instance, while account takeover/credential stuffing attacks focus on applications requiring user credentials and denial of inventory attacks concentrate on checkout applications and their API requests, scraping aims at a broader range of endpoints. This wide-reaching nature of scraping makes prevention a challenge.  

Ensuring effective detection and mitigation of web scraper attacks requires a comprehensive approach that covers all public-facing applications, including those with dynamically generated URIs. However, attempting to prevent scraping using a bot mitigation tool that necessitates application instrumentation can present significant obstacles. Injecting an agent into every web application and endpoint within the domain can lead to delays and complexities in the application development and deployment workflow. If the URI is dynamically generated, adding an agent may further impede page load times, exacerbating the processing burden. 

Scraping attacks rely on HTTP GET requests, automated attacks initiated by sending straightforward HTTP GET requests to targeted URIs. Since HTTP GET requests typically constitute 99% of all transactions on a standard domain, any bot mitigation strategy must be capable of processing all such transactions. However, this presents challenges in both scalability and efficacy, given that most bot mitigation approaches struggle to handle the entirety of site/domain traffic. Additionally, the emphasis on utilizing HTTP POST for sending device fingerprinting logic means these traditional management approaches often overlook most attack signals originating from HTTP GET requests. 

Lastly, scraping attacks exploit application APIs and endpoints, which are increasingly pivotal in transitioning toward a faster, more iterative application development workflow. These API endpoints provide access to the same information users access via rich web-based interfaces, catering to mobile customers, partners, and aggregators. In the face of resistance from web applications, scraping attacks seamlessly pivot to utilizing API endpoints to achieve their objectives. However, first-generation bot mitigation tools encounter a significant challenge in thwarting scraping attacks targeting these API endpoints. Unlike web pages or software development kits (SDKs), API endpoints lack a tangible surface for installing agents. Since API consumers often operate as bots, integrating JavaScript or a Mobile SDK proves exceedingly challenging. 

Getting Ahead 

Organizations must adopt a strategic approach to defense to effectively combat web scraping attacks. Rather than relying solely on traditional bot mitigation tools, which may struggle to keep pace with evolving attack techniques, a comprehensive strategy centered around API security is essential.  

Organizations can detect and prevent even the most sophisticated scraping attacks by leveraging behavioral fingerprinting and machine learning without intrusive application instrumentation. Invest in solutions that offer holistic coverage across all public-facing applications, including web, mobile, and API-based endpoints. By utilizing tools that continuously monitor and analyze incoming traffic, security teams can efficiently identify patterns indicative of scraping activity, enabling proactive intervention to mitigate potential threats before they escalate. 

The Benefits of Proactive Defense 

The threat of web scraping attacks is real and pervasive but not insurmountable. Organizations can fortify their defenses with API-centric security solutions to future-proof their infrastructure against emerging threats and maintain a competitive edge in an increasingly digitized landscape. Organizations can mitigate the financial and reputational risks associated with scraping attacks, enhance operational efficiency, and ensure uninterrupted business continuity by adopting a proactive stance towards web scraping prevention.  

 

The post The Hidden Threat of Web Scraping and How to Fight Back appeared first on Cybersecurity Insiders.

Many businesses, particularly smaller ones, often fail to recognise the importance of cybersecurity. Research indicates that most small and medium-sized enterprises invest less than £500 annually in cybersecurity. This underinvestment is typically due to indifference or a lack of understanding. It’s similar to insurance – rarely needed, but crucial when required.

J2 Software CEO John Mc Loughlin shares his experiences, insights, and passion for protecting businesses, big and small, from the ever-growing threats in cyberspace. He is an entrepreneur that stands out for his relentless drive and commitment to cybersecurity.

Mc Loughlin’s drive is to stop bad things from happening to good businesses. He begins by shedding light on J2 Software’s mission – to implement practical cybersecurity solutions for customers of all sizes, ensuring they can work securely from anywhere.

“I disagree with the notion of cybersecurity as an insurance policy. It is actually an enabler for doing more business. It allows companies to grow and service larger markets securely,” he says, explaining that security should be seen as an essential tool for growth rather than a reactive safeguard.

Bridging the investment gap between small and large businesses

Interestingly, he notes that large businesses also fall short when it comes to investing in cybersecurity. “There’s massive underinvestment across the board,” he says. He compares this mindset to purchasing a car and expecting it to run without ever needing maintenance or fuel.

For Mc Loughlin, visibility is key. “We can’t stop criminals from trying to attack, but we can ensure total visibility so that our customers can continue working without disruptions. I cannot emphasise enough that ongoing vigilance and adaptability are essential for long-term security.”

The impact of AI

With AI being a hot topic, he acknowledges its influence on cybersecurity. “While AI has been leveraged by cybercriminals to create more convincing phishing attacks and scams, it’s also a powerful tool for defence. AI helps us detect patterns far quicker and more efficiently.”

The ongoing evolution of AI is something he’s keeping a close eye on, as the rapid pace of change continues to reshape the cybersecurity industry.

“One of the biggest challenges has been staying ahead of the curve. We’ve always been ahead in terms of automation and visibility, but it took years for customers to catch up to the language we’ve been speaking,” he adds.

He remains driven by the desire to make a positive impact. “We prevent bad things from happening to good businesses, and that’s what keeps me motivated,” he says passionately. “We’re helping businesses stay afloat, and in turn, those businesses support families and communities. It’s a ripple effect.”

The post Stopping bad things from happening to good businesses appeared first on Cybersecurity Insiders.

As students settle into term time at university, cybersecurity is likely not at the forefront of their minds. However, with 97% of higher education organisations reporting a cyberbreach or attack in the past year, universities must prioritise cybersecurity measures to protect their students and staff.

The growing threat to university networks

The rise in attacks on university networks is alarming but not surprising. Universities hold vast amounts of valuable data, including research papers, intellectual property (IP), student and staff details, and financial information. This makes them prime targets for hackers. The repercussions of a breach can be far-reaching, impacting not only personal data security but also causing revenue loss and significant reputational damage.

Recent university data breaches highlighted in the media underscore just how severe the ramifications can be. Breaches like these can lead to operational disruptions, financial losses, and a tarnished reputation, affecting the institution’s ability to attract and retain students and staff.

Increasing vulnerabilities in higher education

The era of online and hybrid learning, along with the widespread adoption of cloud computing across institutions, has increased universities’ vulnerability to cyberattacks. While these technological advancements offer many benefits, they also open new avenues for threat actors, such as ransomware and phishing attacks.

Staying protected – steps to improve cyber-resilience

To combat these threats, universities must invest in robust cybersecurity infrastructure. Here are the critical steps that decision-makers should consider to enhance cyber-resilience:

•Strengthen supply-chain security

Supply chains can be complex and susceptible to attacks. The recent global IT outage that impacted 8.5 million computers worldwide demonstrated the catastrophic impact supply chain disruptions can have. While the CrowdStrike outage was the result of an unintended error rather than a malicious attack, it highlighted the need to mitigate such risks.

The best way for universities to reduce the risks of such disruption is through preparation. It’s vital that they invest in the right foundations, including secure and reliable network solutions. This can help ensure any data stored or processed by this technology is accessible to those who need it and kept safe from the hands of cybercriminals.

Conducting thorough forensic audits can also help identify and mitigate potential risks within the supply chain, ensuring a secure network environment. Universities should consider specific tools or frameworks for these audits to strengthen their defences.

•Embrace zero-trust security 

Zero-trust security, also known as perimeterless security, is a modern approach that requires continuous authentication and validation of all users, both inside and outside the network. This model ensures that access to data is strictly controlled and monitored, significantly reducing the risk of cyberattacks. Universities can implement this by establishing strict access controls and regularly reviewing user permissions.

•Proactively address phishing threats 

Phishing attacks remain a prevalent threat, accounting for a sizeable portion of breaches. These attacks often exploit human emotions and can deceive even the most cautious individuals. Regular awareness training and reminder emails about the dangers of phishing can help to eliminate these vulnerabilities. Universities should implement specific training programs and foster a culture of cybersecurity awareness among staff and students.

•Invest in advanced network solutions 

Traditional “castle-and-moat” cybersecurity models, which rely on protecting a centralised data centre with firewalls, are becoming obsolete. With the shift towards cloud-based applications and remote working, solutions such as Secure Access Service Edge (SASE) and Security Service Edge (SSE),  employed in conjunction with Software Defined Wide Area Networks (SD-WAN), provide a more effective defence.

By combining advanced network solutions like SASE, SSE, and SD-WAN, institutions can modernise their infrastructure and enhance their security posture. This layered approach enables enhanced visibility, proactive threat prevention, and comprehensive, centralised control – ensuring that universities can protect data and access points while adapting to the evolving needs of students and staff.

•Prepare for Denial-of-Service attacks 

Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks can cripple university networks, making crucial services unavailable. To counter these threats, universities should invest in DDoS mitigation services. These services help maintain operational continuity and protect against the significant disruptions and reputational damage caused by such attacks. Effective DDoS mitigation tools can provide real-time protection and resilience.

A resilient future for staff and students

Today’s cybersecurity threats demand a proactive and resilient response from universities. Ensuring a secure digital environment is not just about safeguarding data – it’s about maintaining trust, reputation, and operational continuity. Now is the time for universities to act decisively and invest in comprehensive cyber-resilience strategies. By doing so, they can protect themselves from the growing threat of cybercriminals while maintaining efficiency and competitiveness in the academic landscape.

 

The post Protecting university students with robust network solutions appeared first on Cybersecurity Insiders.