Author: Jane Devry

Kyocera CISO Andrew Smith explains how he’s responded to the cyber risks associated with AI and how businesses can start implementing it.

Ever since AI’s meteoric rise to prominence following the release of ChatGPT in November 2022, the technology has been at the centre of international debate. For every application in healthcare, education, and workplace efficiency, reports of abuse by cybercriminals for phishing campaigns, automating attacks, and ransomware have made mainstream news.

Regardless of whether individuals and businesses like it, AI isn’t going anywhere. That’s why, in my view, it’s time to start getting real about the use cases for the technology, even if it might lead to potential cyber risks. Companies that refuse to adapt are risking being left behind in the same manner that stubborn businesses were when they refused to adjust during the early days of the Dot-com boom.

When it comes to early adoption, everyone wants to be Apple; nobody wants to be Pan-Am. So, how do businesses adapt to the new world of AI and tackle the associated risks?

Step 1: Understand the legal boundaries of AI and identify if it’s right for your business

Despite the risks, the mass commercialization of AI is a positive development as it means legal conditions are in place to help govern its use. AI has been around for a lot longer than ChatGPT; it’s just that we’re only now starting to set guidelines on how to implement and use it.

Regulations are constantly changing given the rapid evolution of AI, so it’s essential that businesses are aware of the rules which apply to their sector. Consultation with legal professionals is as crucial as any step of the process; you don’t want to commit a large amount of capital towards a project which falls foul of the law.

Once you’ve got the all-clear to proceed – hopefully with some additional understanding of the legal parameters – it’s down to you to identify if and where AI can add value to your business and how it could affect your approach to cybersecurity. Are there thousands of hours being spent on mundane tasks? Could a chatbot speed up the customer service process? How will you keep sensitive data safe after the introduction of AI software?

What’s important is that businesses have taken the time to identify where AI could add value and not just include it in digital transformation plans because they think it’s the right thing to do. Fail to prepare, prepare to fail – and avoid embarking on vanity projects that could do more harm than good.

Step 2: Decide on your AI transformation partner

This doesn’t mean you start using ChatGPT to run your business!

Assuming you don’t already have the talent in-house, there are hundreds, if not thousands, of AI transformation businesses for you to partner with on your journey.

I won’t labour over this step as every business will have its procurement processes. Still, my best advice is to look at the case studies of an AI transformation company’s existing work and even reach out to their existing clients to find out if their new AI tools have been helpful. Crucially, make a note of any security issues encountered in AI projects and bear this knowledge in mind. Like anything, a third-party endorsement for impactful work goes a long way.

That said, with the rapid growth in AI, sometimes “case studies’ are not freely available, and businesses should consider not discounting skilled firms. Instead, if a company has the credentials, insight, and technology, allow them the ability to demonstrate capabilities and how these support your journey.

Step 3: Ensure cyber-hygiene and cyber-education are communicated across the business

Unfortunately, most cyber-attacks are caused or enabled by insiders, usually employees. In the vast majority of cases, it’s not malicious; it’s just a member of your team who doesn’t understand the implications of cyber risks and doesn’t take all the necessary precautions.

Therefore, your best opportunity to nullify those risks is by thoroughly and consistently educating your employees. This should apply just as much to new AI tools as to anything else at the business.

It seems obvious to most by now, but ChatGPT is free because we are the product. Every time you input data into the model, it learns from your input, and there’s a distinct possibility that your data will be regurgitated at some stage to someone else. That’s why staff must be careful about entering sensitive information, even if an AI tool claims to keep data secure.

Not inputting sensitive company data into (Large Language Models) LLMs might be an easy and obvious starting point, but there’s plenty more that companies should be educating their employees about cyber-hygiene and not just its relevance to AI. Key topics can include:

  • Best practices in handling sensitive company data
  • The right way to communicate and flag potential breaches
  • Implementing an incident/rapid response plan
  • Regularly backing up data and ensuring it is secure
  • Secure by design – “Doing the thinking up front”

I believe education and training remain the best tools for tackling cybercrime, and failing that; you should ensure you have a solid plan to ensure that criminals can’t hold you to ransom should the worst happen.

Step 4: Implementation and regular review

If you successfully completed steps 1-3, you should have a powerful new AI tool to improve your business.

Once your staff have been trained on security risks are and using it, AI shouldn’t be treated as a ‘set and forget’ tool – any business using it should constantly review its effectiveness and make the necessary tweaks to ensure it provides maximum value the same way we do with our staff. It’s not just for efficiency either: there’s a good chance that regular reviews will expose potential vulnerabilities, and it’s far better for you to catch them before a potential cyber-criminal does.

If you skip one of the above steps, you risk encountering significant security issues and ultimately wasting capital on a failed or troublesome project. Follow each step correctly, however, and AI will become a powerful tool to help you stay ahead of the curve.

The post How Kyocera’s CISO tackles the threat of cyber risk during AI adoption appeared first on Cybersecurity Insiders.

Cybersecurity and resilience have grown in priority for both the public and private sectors as threat surfaces reach unprecedented scales and threat actors gain new capabilities. The growing scale and complexity of cyber-attacks not only pose a threat to national security but also cost victims trillions of dollars each year. As the nation transitions from one administration to the next, U.S. leaders must continue to build on the successes of previous administrations, address gaps that exist in the nation’s cybersecurity ecosystem, and continue leaning on public-private partnerships that have proved valuable in the past. 

Carrying Best Practices Into a new Administration

Within the last eight years, the Biden-Harris and the Trump-Pence administrations have taken tangible steps to fortify the country’s security posture. In 2018, President Trump signed the Cybersecurity and Infrastructure Security Agency (CISA) Act of 2018 to establish CISA, a first-of-its-kind component agency dedicated to U.S. cybersecurity. Following multiple cyber-incidents in the U.S., in 2021, President Biden issued Executive Order 14028 (EO 14028), aimed at modernizing and protecting federal networks, improving public-private partnerships, and strengthening the ability to respond to incidents.

In 2022, Congress and the Biden-Harris Administration took this action a step further by enacting the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), requiring covered entities to report covered cyber-incidents and ransom payments to CISA. Later that year, former President Biden issued a memorandum to EO 14028, directing federal agencies to only use software provided by software producers who can attest to complying with the “NIST Guidance” outlined in the memorandum. In this case the “guidance” refers to the NIST Secure Software Development Framework and the NIST Software Supply Chain Security Guidance.

Both CIRCIA and the subsequent memorandum marked pivotal steps to improve public-private partnerships to defend and respond to threats, while also shifting liability onto software producers who fail to take reasonable precautions to secure their software. 

Software vendors can take multiple steps to build security into the products that agencies will use, much like car seatbelts fitted for safety. Chief among them is the adoption of a secure-by-design framework and software build environment incorporating security into the products from their inception. For example, security vendors should base their build environment on four central tenets:

  1. Base the build system on ephemeral operations that leave no long-lived environments available for attackers to compromise.
  2. Produce deterministic artifacts to ensure security.
  3. Build in parallel, utilizing isolated and distinct build environments, standard validation, and security. Each build environment should have very limited access, and no single person should have access to them all. 
  4. Verify every build step and produce cryptographically signed statements of fact for each of the tasks executed in the pipeline, creating an immutable record of proof and providing complete traceability. 

As vendors employ multiple build environments for engineers and application security teams to validate and test the software to ensure it operates effectively and securely, enacting an assumed breach mindset is also important. An assumed breach mindset takes zero-trust a step further, reducing the attack aperture and risk by eliminating implicit trust relying on artificial intelligence (AI) and analytics to continuously validate connections between users, data and resources through identity access management, multi-factor authentication, and other measures to insulate the environment from security threats.  

Coupled with observability, organizations can gain single-pane-of-glass visibility into the entire environment to proactively identify issues, including potential breaches. The assume breach model needs accurate information to mitigate risks. Observability clarifies how assets fit into the ecosystem and provides critical data about infrastructure and indicators to protect the most critical assets. 

However, the responsibility for strengthening our nation’s cybersecurity posture does not rest solely on organizations.

Filling in the Gaps 

The federal government also plays a vital role in addressing systemic challenges. While the U.S. has made positive strides hardening federal information systems and networks during the last decade, the Trump-Vance Administration must address remaining gaps to bolster the resilience of the nation’s digital ecosystem. One of those gaps is workforce development.

As our world becomes more connected through technology, the demand for cybersecurity professionals to address the expanding threat landscape will continue to grow. For example, according to the World Economic Forum’s Global Cybersecurity Outlook 2024, 52% of public organizations said that a lack of resources and skills is their biggest challenge when designing cyber resilience. Another contributing factor to the cyber-workforce shortage is the rapid proliferation of emerging technologies such as cloud computing and AI. While these technologies have introduced numerous benefits and capabilities, they have also widened the workforce gap creating additional skill shortages. The International Information System Security Certification Consortium reports that of 14,865 cybersecurity professionals surveyed globally, 92% said their organization suffers from skills gaps in one or more areas. 

The federal government is attempting to address this widening gap through various skills-based initiatives to expand the cyber-talent pipeline. In 2023, the Office of the National Cyber Director (ONCD) began implementing the National Cyber Workforce and Education Strategy (NCWES) aimed at growing the cyber workforce, increasing diversity, and improving access to cyber education and training through partnerships across the private sector. Another potential pathway, recently introduced in a bill by House Homeland Security (HLS) Chairman Mark Greene (R-TN-07), aims to provide full-scholarships for cyber training and education for students, who in turn, will work for the federal government for a certain number of years. While both initiatives have enormous potential, they will take time to implement and mature to their full potential. 

The public and private sectors will have to continue finding creative ways to recruit, train, and retain cyber-talent to defend cyber space from malicious actors now and into the future. For instance, SolarWinds CEO Sudhakar Ramakrishna has proposed an initiative in which industry partners provide one full-time equivalent (FTE) employee to CISA to work together as a community. We are all resource constrained. Supplementing CISA with hundreds, if not thousands, of FTEs from across the industry could yield a relatively large, skilled workforce focused on creating best practices, advanced threat intelligence, and broadly sharing that information across the ecosystem. Such an initiative would help fill the gap immediately and strengthen the public-private partnership through a shared defense of our nation’s digital ecosystem. 

The Importance of Public-Private Partnerships

Another gap for the Trump-Vance Administration to quickly fill, is the role of former CISA Director, Jen Easterly. Since becoming the operational lead for U.S. federal cybersecurity, CISA has been vital in heightening the security and resiliency of our digitally interconnected ecosystem through public-private partnerships to fortify our nation’s security posture. The public-private partnership fostered by CISA has been instrumental in addressing multiple large-scale attacks, but there is still a lot of work to be done to harmonize legislative and regulatory requirements across the industry. 

Like cyber-workforce challenges, legislative and regulatory harmonization will also require strong public-private partnerships to deconflict and standardize reporting requirements. In 2023, the Department of Homeland Security (DHS) identified 45 in-effect cyber-incident reporting requirements administered by 22 federal agencies according to the Harmonization of Cyber Incident Reporting to the Federal Government report. Depending on the critical infrastructure sector, some businesses could be required to report the same incident to multiple federal agencies, at different deadlines, with varied methods (online form, email, verbal, etc.) of submission. Hopefully, CIRCIA will provide some clear parameters and coordination mechanisms to minimize regulatory overlap and conflict among the various federal agencies in that sector.

U.S. Congress must also continue its path to agency harmonization regarding cybersecurity legislation and regulations. Recently, Congressman Clay Higgins (R-LA-3) introduced a bill aimed at streamlining federal cyber-security efforts and removing duplicate reporting requirements. The bill would establish a “Harmonization Committee” consisting of members from ONCD and other regulatory agencies to “develop a regulatory framework for achieving harmonization of the cybersecurity requirements of each regulatory agency.” Clear parameters, standardized reporting channels, and a safe harbor framework are much needed to alleviate confusion about the reporting requirements and allow the victim to focus on mitigating and resolving the threat, rather than worrying about personal liability. 

The Road Ahead

In a CIRCIA hearing last year, Congressman Eric Swalwell (D-CA-14) shared an alarming conversation with a former Fortune 100 CISO, who told him “when an attack happens now, rather than respond to the attack, the first thing that you do is you huddle all of the lawyers and you’re losing precious response time because you’re worried about […] your personal liability on any action that you take, which means that consumer data and consumer information and potentially critical infrastructure could be seriously jeopardized as that’s taking place.” 

We must have a unified, whole-of-nation approach through public-private partnerships to protect federal information systems and networks without imposing legislative and regulatory liabilities that will discourage entry into the cyber workforce. As the outgoing National Cyber Director recently stated in a blog titled Service for America: Cyber Is Serving Your Country, “In an increasingly digital and interconnected world, all cyber jobs are vital to our national security and serve our public interest.” 

In this era of AI, growing cloud architectures, and more dangerous nation-state actors, the new administration has its work cut out to protect national cyber-territory. The good news is that it has a strong foundation on which to build. If the federal government continues to foster positive public-private partnerships to collectively build a sustainable cyber workforce pipeline and harmonize legislative and regulatory processes — the nation will be prepared for whatever cyber-future is on the horizon.

 

 

The post Fortifying the Nation’s Cybersecurity Posture in a New Administration appeared first on Cybersecurity Insiders.

The World Economic Forum’s Global Cybersecurity Outlook 2025 Insight Report paints a bleak picture of what the year ahead holds for technology security  teams worldwide. However, some industries are likely to be worse off than others. The financial sector, for example, is an attractive target for cyber-attacks, as confirmed by Statista which states that the average cost of a data breach in this industry in  2024 was approximately $6.08 million, compared to $4.88 for the overall average cost of a data breach across all industries. As such, financial institutions must prioritize cyber defense and take action to minimize the impact of attacks. One route to doing  this is by automating aspects of cybersecurity so SOC teams can focus on higher-value activities. 

According to the latest Threat Quotient research into The Evolution of Cybersecurity Automation Adoption, financial services organizations tend to be more mature in cybersecurity  automation adoption than their industry counterparts. Further, they may have passed through the period of disillusionment that commonly occurs in the technology adoption cycle. This is evidenced by the report finding that 87% of financial services organizations value the importance of cybersecurity automation, up from 69% the previous year, which is mostly used to focus on incident response, phishing analysis and threat hunting.  

However, given the growing complexities of the threat landscape, more needs to be done to equip financial organizations globally to prepare for attack. To try to counter this issue, governments have introduced new regulations for the financial sector such as The Digital Operational Resilience Act (DORA) which is an EU regulation that aims to strengthen the sector’s resilience to ICT-related incidents  with clearly defined requirements. Part of the regulation requires organizations to engage in threat intelligence sharing, to raise the level of knowledge and awareness of cyber threats on an industry scale. 

Knowledge is power 

Being aware of the latest industry threats, vulnerabilities and attack patterns is a powerful way to enhance the security posture of an organization and proactively mitigate risks. To achieve this, companies should systematically collect, analyze and disseminate information about potential cybersecurity threats to help identify emerging trends and stay ahead of possible threats. This knowledge, when shared across organizations and industries, can go a long way in helping more companies be alert and prepared for potential cyber threats. 

Within the financial services industry, threat intelligence is commonly only shared with direct partners and suppliers (59%) and within their organizations (48%), according to ThreatQuotient research. However, by sharing insights beyond the borders of the organization to the broader industry, security teams within all these organizations are empowered to gain a tactical advantage and actively improve their cybersecurity practices based on information collected according to real-world attack methodologies. 

Growing a community of information sharing  

Nevertheless, it is encouraging that 59% of Financial Services organizations are sharing threat intelligence with partners and suppliers, because considerable cyber risk resides in the supply chain – especially where smaller suppliers may lack sophisticated security solutions and in-house expertise. DORA addresses this by specifying that third-party ICT risk must be managed as an integral component of the overall ICT risk management framework. Sharing threat intelligence with the wider supplier ecosystem should be considered best practice as part of this risk management approach. 

Threat actors are sharing knowledge amongst themselves to enhance their skills with Cybercrime-as-a-Service (CaaS) providing a range of sophisticated tools and malicious services to a broad range of users through online marketplaces. Organizations must follow suit and band together with the sharing of threat intelligence across large and small organizations to collectively assess vulnerabilities and implement proactive measures to defend against rising threats. This collaboration is a cornerstone of effective cybersecurity which is further enhanced by integrating cybersecurity platforms to augment collaboration efforts. 

Closing the skill gap with automated threat intelligence 

There is no quick fix for the widening cybersecurity skills gap, but technology can be part of the solution in helping to ease the pressure on the teams that are combating cyber risks daily. With threat intelligence, security teams have valuable, real-world intelligence that can help them to be better prepared for attacks.  

Further, by automating elements of the process of threat hunting, intelligence gathering and threat profiling, security teams can work smarter and not harder, as they gain insights to prioritize threats, detect attacks earlier and develop strategies to respond faster and more effectively. This proactive approach not only strengthens the cybersecurity posture of the organization but – when intelligence is shared – also improves the posture of supply chains and the industry.  

AI is the problem and the solution 

While cybersecurity automation has achieved a degree of maturity in the financial sector, applying artificial intelligence to cybersecurity is still in relatively early stages across most industries. Again, the sector seems to be an early adopter, as evidenced by The Evolution of Cybersecurity Adoption report, which found that half of the financial services respondents are using AI across their cybersecurity operations, a figure that is considerably higher than other industries. 

However, the widespread adoption of AI will also increase the threat landscape. Not only do technologies like ChatGPT create potential risks for organizations, but AI tools are also being used by threat actors to enhance their skills and increase their breach success rates.

Despite the risks, AI also brings with it immense potential in bolstering an organization’s defence mechanisms, detecting threats and enabling faster incident response times. For example, Gen AI can help speed up threat intelligence gathering and reporting, so security teams can focus on more complex tasks.  

As cyber threats become increasingly sophisticated, it is more important than ever that the financial services industry bands together to collaborate and establish a united front against potential cyber-attacks. This includes prioritizing the adoption of cyber security automation to identify, analyze and prioritize threats in the industry to make better decisions and respond efficiently and effectively, thereby minimizing the impact of a potential attack. Ultimately shared threat intelligence enables organizations in the financial services industry to put up a united front and safeguard the valuable assets that their customers entrust them with. 

 

The post Fortifying Financial Services Cybersecurity with Threat Intelligence and Cybersecurity Automation appeared first on Cybersecurity Insiders.

Weak passwords, as various studies have shown, can be cracked in a second, but now AI can crack even stronger ones in the same amount of time. Language models can and will be used to brute force passwords and organize dictionary attacks more often, cybersecurity experts predict.

“AI is a breakthrough technology that is beginning to permeate all aspects of life and business, including cybersec. We should be mindful that in 2025, the time it takes to guess, social engineer, or brute force passwords is going to drop dramatically due to AI tools in the hands of cybercriminals”, says Ignas Valancius, Head of Engineering at NordPass, a leading password manager.

According to the Top 200 Most Common Passwords research, simple passwords like “123456” or “qwerty” can be cracked in under a second. The more complex the password, the longer it takes, but with the increasing computing power and AI advances, hackers will be able to try many more combinations in less time. So even more complex passwords will be cracked faster. 

AI is learning 

“I’m not saying that super long, random 18-character passwords are at immediate risk. But shorter ones – they could be in danger. With the arrival of DeepSeek, language models are being commoditized. Recently, researchers at Stanford and the University of Washington trained the “reasoning” model using less than $50 in cloud computing credits. With things so cheap, more threat actors will choose the easy way – buy some datasets on the dark web, ask an AI to make dictionary or brute force attacks on all the accounts, and go watch a movie. No need to organize months-long phishing campaigns,” says Valancius.

A dictionary attack is a systematic method of guessing a password by trying many common words and their simple variations. Attackers use extensive lists of the most commonly used passwords, popular pet names, fictional characters, or literally just words from a dictionary – hence the name of the attack. They also change some letters to numbers or special characters, like “p@ssw0rd”.

Poor security habits

The latest Top 200 Most Common Passwords research shows that despite the efforts of many organizations, there hasn’t been much improvement in people’s password habits. During a six-year study by NordPass, the password “123456” topped the charts as the most common password 5 out of 6 times. “password” held this not-so-noble title just once.

“And let’s not forget that the more people use AI, the more it learns about them. This is to say that many people already share sensitive data with ‘free’ AI tools to get things done, but here’s the catch – nothing’s really free. That data gets used for training, tracking, and, even worse, creating detailed profiles for more targeted attacks. So, as we move forward, it’s crucial to keep our passwords long and strong, and tread carefully as we interact with AI tools,” Valancius added.

How to create long and strong passwords

  • When creating or updating passwords, make sure they are at least 8 characters long and contain some uppercase and lowercase letters, symbols, and numbers. Keep in mind that this is the bare minimum for your password. The longer it is, the better. Just be sure not to use your name or other personal information, like your date of birth, because that is exactly the type of correlation an AI or a hacker would be looking for. Anniversaries, names of family members, and pet names should be avoided as well.
  • Since long random passwords are very hard to remember, creating a passphrase might be a good workaround. For example, the well-known phrase from Star Wars, “May the Force be with you,” could make a pretty good passphrase: “M@Y7heF0rc3BwithY0(_)”.
  • Use different passwords for different accounts and never reuse them. If it gets overwhelming, consider using a password manager. It can help you create strong passwords and synchronize them across devices. That way, you’ll only need to remember one master password. 
  • Another option is switching to passkeys. They combine biometric verification with cryptographic keys, offering a safer and more convenient alternative to passwords. In other words, passkeys let you get rid of passwords entirely and use your face or a fingerprint to log in. 

ABOUT NORDPASS

NordPass is a password manager for both business and consumer clients. It’s powered by the latest technology for the utmost security. Developed with affordability, simplicity, and ease of use in mind, NordPass allows users to securely access their passwords on desktop, mobile, and browsers. All passwords are encrypted on the device, so only the user can access them. NordPass was created by the experts behind NordVPN – the advanced security and privacy app trusted by more than 14 million customers worldwide. For more information: nordpass.com.

The post AI is coming for your passwords – better make them strong appeared first on Cybersecurity Insiders.

Enacted in 1996, the Health Insurance Portability and Accountability Act (HIPAA) has been the regulatory standard for U.S. healthcare providers, health organizations, and health data processors and clearinghouses to protect the confidentiality and security of electronic public health information (ePHI). HIPAA also outlines penalties for non-compliance. 

In January 2025, the U.S. Department of Health and Human Service’s Office for Civil Rights (OCR), which oversees HIPAA, published proposed updates to the HIPAA Security Rule. This long-awaited proposal now includes many new cybersecurity requirements to better protect the healthcare system from the growing number of cyberattacks.

The proposed changes mark the first update to HIPAA’s Security Rule since its inception in 2005 – a sign that HIPAA as a framework has worked well for all of its additions since its establishment in 1996. But as the health data risk landscape evolves, the framework that regulates its security must evolve too.

HIPAA security updates: making a good framework even better

Three factors are driving the urgency behind the HIPAA Security Rule updates.

First, technology has changed significantly over the last 3 decades, especially in the healthcare industry. From better integrated health technology to the sophistication of data sharing – and data hacking – tools, systems have changed.  

Threat actors and breach trends have also changed. Cyberattacks have increased exponentially in all industries – in 2024 alone, OCR recorded 579 breach incidents from health organizations or their third-party partners, a 127% increase from the previous year. Healthcare data is also one of the top targeted and most coveted categories sought by hackers due to the large amounts of extremely valuable, easily monetizable personal data available.

Security rule updates to HIPAA should be seen by leaders as a step towards making an already good security framework even better and more prepared for the current challenges of the health industry’s cyber risk environment.

What are the implications of the proposed HIPAA rules?

The proposed updates cover a wide spectrum of cybersecurity areas in addition to clarifying terminology in the existing framework language. Several key themes stand out:

Modern cyber hygiene requirements: The healthcare industry cyberattacks of 2024, the largest being Change Healthcare, showcased just how quickly hackers can take advantage of weak points in a health system’s security and cause major damage. Implementing controls such as multifactor authentication, stronger password security standards, data encryption, anti-malware measures, and network segmentation seems fundamental, but codifying these steps makes the entire system more secure. 

More robust and proactive risk measures: Across the proposed updates, regulators are signaling the need for healthcare organizations to enhance their risk analysis practices and conduct risk assessments more regularly. Addressing risks ad-hoc will no longer be an acceptable standard – healthcare organizations need to be more proactive about risk assessments and take these steps more continuously. 

Standardization and harmonization: In the existing HIPAA rules, organizations have a degree of flexibility and interpretation between which rules are required, and which rules are “addressable” under certain circumstances. The new proposed rules tighten the definition of some of these rules, making any addressable circumstances less open to interpretation. The proposal also includes rules that recognize other standard frameworks for compliance, such as NIST and CISA, and require harmonization of controls across these frameworks alongside HIPAA. Together, these measures reduce or fully eliminate the potential for ambiguity in organizations’ interpretation of what constitutes compliance. 

Thematically, it’s clear that regulators are pushing organizations to take their cybersecurity steps to the next level to better protect valuable patient data from cyber threats.

Guidance for health cybersecurity leaders

Cybersecurity leaders in healthcare play an important role in not only making sure new regulations are implemented, but that others on their leadership team – all the way up to the C-suite and board – understand how these rules will impact their wider organization. Given the above areas of focus in HIPAA’s updates, leaders may wonder what else can be done to reinforce a stronger environment under HIPAA.

While the proposed rules are yet to be approved, leaders can start taking steps in anticipation of upcoming changes to create a more risk-aware workforce and culture. Updating cybersecurity training programs and encouraging employee adherence to training will help teams better understand their role in preventing cyber risk. Every person plays a part in safeguarding the risk environment, especially in healthcare. Leaders, however, are held responsible if a violation – or worse, a risk event – occurs, and regulators will not be lenient if organizations are caught unaware or unprepared.

In the current environment, health systems may feel stretched for resources or may not know where to start in protecting legacy systems from threats. Updating and harmonizing health system technology takes time, but an integrated approach is also necessary. Health leaders are advised not to take on this work alone or set their IT teams to the task without targeted, specialist guidance.

Though AI cybersecurity tools are still in the early stages of applications in healthcare risk management functions, the future is promising. With the right tools available and proper controls in place, AI can help those responsible for the safe stewardship of health data do their job more efficiently and focus on proactive risk management, rather than repetitive monitoring, reporting, or compliance tasks. 

Though addressing cybersecurity risks upfront do present health systems with potential expenses – additional training, more IT and cyber employees, new software or consultancy fees – getting ahead of risks before they happen is much more manageable than navigating the challenges of a cyberattack. 

Leaders in any industry need to remember: the cost of a data breach is not just the cost of paying out a hacker’s ransom. Breach recovery also includes the cost of brand management and reputational damage control, sustaining long-term resilience, and straightening out any interruptions to communications or operations. In the healthcare industry, the cost also includes human health and, potentially, human lives. 

By staying informed on HIPAA’s security rule updates, planning for a more robust risk system, and staying compliant, hospital systems and health data stewards can be ready for the risks of the modern cyber risk environment. Patient safety is worth protecting at all costs.

The post How healthcare cyber risk teams can plan ahead for HIPAA’s Security Rule update appeared first on Cybersecurity Insiders.

Email encryption is an essential protection for modern businesses. The software market has adapted to this need, so leaders have a broad range of potential solutions available to fill the gap. But what are the best email encryption options for enterprises?

What Are the Best Email Encryption Options for Enterprises?

Once it’s clear what differentiates a top-tier messaging encryption solution from the crowd, you can make an informed decision. With that in mind, here are the 10 best email encryption options for enterprises to kick-start your search.

1. DataMotion

The best overall email encryption service for most organizations is DataMotion, an artificial intelligence (AI)-powered secure data exchange. DataMotion works with several leading email platforms using FIPS-validated AES encryption standards.

In addition to securing emails, DataMotion offers secure direct messaging capabilities, which are ideal for health care and government operations. The company also employs a zero-trust model, ensuring access to sensitive data remains as tight as possible. Such protection is all the more valuable in light of its support for third-party integrations for productivity tools and other apps.

Customers have seen 28% reductions in support and 48% efficiency gains, highlighting the platform’s ease of use and streamlined nature. A built-in generative AI model can further aid security and productivity efforts by providing quick, informative answers to user questions.

2. Proton Mail

Another reliable all-around solution is Proton Mail, which comes from the same developers as Proton VPN. Proton enables end-to-end encryption, secure cloud storage, self-deleting messages and multi-factor authentication (MFA) to maximize data protection for companies of any size.

Many enterprises like Proton for its Swiss roots, as Switzerland has some of the world’s strictest data privacy laws. It’s also open-source, enabling thorough auditing, and offers anti-phishing measures. Phishing remains the most common data breach vector, so such defenses are hard to overlook.

Proton Mail also has a free version, making it one of the more accessible options. Unfortunately, its integrations are limited, and users cannot use their current email accounts.

3. RMail

RMail is another one of the best email encryption options for enterprises today. The standout feature of this service is that it includes automatic proof of delivery receipts, which are helpful when complying with laws like the General Data Protection Regulation (GDPR).

The platform also includes electronic signatures to strengthen secure document exchanges. It’s highly configurable, too, letting you set rules for which types of messages to encrypt, adjust compliance automations and choose between multiple cryptography standards.

Despite such high-level protective measures, RMail works with many existing email platforms. However, its user interface is relatively complex, and its pricing can be difficult to figure out, so it may not be the best for smaller or less technically experienced companies.

4. Mimecast Advanced Email Security

Another far-reaching secure messaging solution is Mimecast’s Advanced Email Security. In addition to encryption, it includes anti-phishing measures, AI-powered email threat detection and strong authentication protocols.

Mimecast focuses on stopping business email compromise (BEC), which has led to over $55 billion in losses since 2013. It’s able to do so thanks to a wide array of advanced tools, including QR code analysis, impersonation detection and real-time threat intelligence. Intelligence sharing across the solutions’ 250-plus integrations takes these benefits further.

These advanced features have the downside of requiring additional technical expertise to capitalize on fully. The minimum requirement of 50 users may also make the platform less ideal for smaller operations.

5. Barracuda Email Protection

Organizations wanting a multi-layered approach without as much complexity should consider Barracuda Email Protection. Like Mimecast, Barracuda includes phishing protection, malware detection and threat analytics to complement its email encryption. However, it’s more accessible to smaller or less tech-savvy businesses.

You can also get phishing simulations and zero-trust enforcement from Barracuda, but only with a Premium Plus subscription. Still, AI-powered tools like behavioral analytics and policy enforcement are available on all tiers.

Barracuda is relatively affordable compared to other comprehensive email security services, too. It works best when you can have a dedicated team to manage it, though. Considering that the nation faces a tech talent gap that could grow to 7.1 million unfilled roles by 2034, that may prove challenging.

6. Tuta Mail

Tuta, formerly known as Tutanota, runs another one of the best email encryption solutions for enterprises. Tuta Mail runs on virtually any operating system, including Windows, MacOS, Linux, Android and iOS. It also applies end-to-end encryption to the entire email, not just the main content.

Setting up Tuta Mail is fairly straightforward, and the service has a fee tier without any messaging limits. It’s also open-source, providing another layer of transparency and trust. Paid users get the added advantage of unlimited searching to sort through encrypted databases for specific messages.

Tuta is best for smaller operations or those without much IT experience. However, it doesn’t support existing email addresses, and its search function is computationally demanding.  

7. PreVeil

Another easy-to-use option is PreVeil. The platform has end-to-end email and file encryption, can work with existing accounts, supports both Gmail and Microsoft Outlook and, most importantly, offers all of this in its free package.

While 64% of organizations globally plan on increasing their cybersecurity spending this year, saving on email encryption frees room in the budget for other defenses. Consequently, it’s hard to overlook such a capable free option. PreVeil has several paid tiers, too, offering larger amounts of encrypted storage, advanced security options and built-in CMMC compliance.

Some of PreVeil’s most advantageous features, like its compliance automation, are locked behind paywalls. For teams only needing basic protections, though, its free version deserves consideration.

8. NeoCertified

Another of the best email encryption options to integrate into existing systems is NeoCertified’s Encrypted Email API. NeoCertified offers a range of application programming interfaces (APIs) to tie directly into the software you already use, and the Encrypted Email solution is one of its most helpful.

The API is FIPS-140 compliant and complies with other regulations like the Health Insurance Portability and Accountability Act (HIPAA) and the GDPR. On top of encrypting messages, it also offers monitoring and configurable permissions features.

NeoCertified’s business model removes many concerns over interoperability. However, implementing it can follow a steep learning curve, and its pricing is not the most transparent.

9. Virtru

Virtru is a more user-friendly email encryption alternative. It integrates with popular email platforms, even coming in the form of a Chrome extension for Gmail users, so implementing it is fairly easy. Automated detection enables automatic encryption without needing to specify a message as sensitive.

The Chrome extension is free, although it only works on Gmail. Still, Gmail accounts for 30.57% of all email opens, so this covers a large number of users. Keep in mind that the free version only offers basic protections. Enterprise users will likely need one of Virtru’s paid tiers.

While Virtru is fast to set up and easy to use, it lacks some of the advanced security features of its competitors. Higher-level tiers may also get expensive, but it’s a good option for small and medium-sized operations.

10. StartMail

StartMail may be the encryption solution of choice for some niche use cases. It offers easy-to-use password-based encryption, which can even apply to non-users to secure communications with outside recipients. More importantly, it includes aliases.

The standout feature of StartMail is that it uses disposable email addresses. While not every team needs such functionality, it’s useful when you need to register with outside parties to receive certain communications. Using aliases means you can hand out addresses freely without exposing yourself or your workforce to credential stuffing.

Unfortunately, StartMail does not have mobile support, despite 41.6% of email opens coming from mobile devices. It also lacks some advanced defenses, but for those who need disposable addresses, it’s the best platform available. 

What to Look for in an Email Encryption Solution

The key to finding the best email encryption service is understanding what sets a reliable solution apart from the rest. One of the most important factors to consider is the cryptography standards in use.

In general, a higher level of encryption is always preferable, but some enterprises require specific types of algorithms. The Cybersecurity Maturity Model Certification (CMMC) requires FIPS-validated or NSA-approved standards, so government contractors should only use a service providing such options.

Leading email encryption providers also cover a range of communications, covering instant messaging, not just emails. Similarly, further-reaching security measures are always preferable. End-to-end encryption, cryptography for attachments and both at-rest and in-transit protection make a solution stand out. Any security features outside of encryption are also ideal.

Interoperability and ease of use also deserve consideration. A solution that doesn’t work with your existing IT stack or requires technical expertise your workforce lacks will be of limited value. 

Find the Best Email Encryption Solution for Your Needs

What the best email encryption option is ultimately depends on your specific needs, budget and workflow constraints. However, you should be able to find something that works for you between these 10 solutions.

Modern enterprises cannot afford to ignore the need for email encryption and related secure messaging services. Begin your search today with these providers and ensure a safer yet still efficient workflow for your company tomorrow.

 

The post The 10 Best Email Encryption Options for Enterprises in 2025 appeared first on Cybersecurity Insiders.

As industry grows more technologically advanced by the day, and as more organizations of all types turn to cyber solutions to support or in some cases wholly operate their network security functions, the greater the need becomes for skilled cybersecurity professionals who can help protect those organizations’ interests.

Bad actors are everywhere, and their sophistication continues to increase in order to meet the challenge of cracking increasingly complex systems designed to prevent their entry. Businesses need cybersecurity professionals with the skills to meet and neutralize those threats. Finding skilled workers—and securing the best talent among them—has become like searching for a needle in a haystack that doesn’t even exist. 

What are businesses to do? Skills-based hiring can help organizations recruit well-qualified candidates by widening the talent pool and evaluating relevant technical skills and aptitude for success in a cybersecurity role.

The Widening Cybersecurity Talent Gap

The demand for cybersecurity personnel significantly outpaces available talent in the market today. Rapid and frequent advancements in technology, as well as society’s increasing reliance on that technology to do business, has significantly driven the need for qualified cybersecurity personnel in the workforce. This threat is already affecting the bottom line of a great majority of business across industries.

According to a recent study by the World Economic Forum, there is a global skills shortage of about four million cybersecurity professionals, and that number continues to grow. Citing the Fortinet 2024 Cybersecurity Skills Gap Report, the World Economic Forum also noted that 87 percent of organizational leaders claimed one or more security breaches experienced by their business in 2023. “More than half of those respondents,” WEF wrote, “indicated that breaches cost them more than $1 million in lost revenue, fines and other expenses.”

How Skills-Based Hiring Can Bridge the Cybersecurity Talent Gap 

Skills-based hiring is a proven long-term strategy that widens the recruiting pool and objectively measures the relevant skills and aptitude of job candidates. Many of these prospects may lack technical experience, but given the right tools, they could become a strong cybersecurity asset. One of the key advantages of skills-based hiring is its ability to pinpoint the candidates most likely to reach their full potential. 

Businesses are facing urgent cybersecurity challenges, yet struggling with the same talent shortages as countless others. To stay ahead, organizations must start building their long-term cybersecurity talent pipeline now—and find new ways to maximize existing expertise. Although four million technically skilled prospects won’t emerge in the market overnight, many professionals who are strong candidates for a career in cybersecurity but who come from a different professional or educational background are available. This group will serve as the backbone of the professional cybersecurity force of the future.

Hiring the Next Generation of Your Cybersecurity Professionals

It raises an important question: How do businesses go about determining which nontraditional candidates meet the appropriate standard for re-training and then prime them for success as cybersecurity professionals? Skills-based hiring can help.

Soft skills are essential for a role in cybersecurity, including problem-solving ability, critical thinking, communication skills (in order to decode technical language for nontechnical colleagues and stakeholders) and adaptability. And fortunately, most of these transferable soft skills can be measured through pre-hire assessments and structured interview questions. Cybersecurity is a young, developing field that will likely always be evolving. Skills-based hiring can help identify flexible and dynamic minds, steer them toward optimal career paths and build the practical and soft skills needed to excel within the discipline. Rather than trying to compete for a dwindling pool of qualified talent, organizations can begin developing their own – which not only helps to begin addressing a current demand but also contributes to higher long-term retention rates of those employees.

Upskilling Through Skills-Based Management Strategies

Equally important in cybersecurity is the ability to invest in and upskill your IT and cybersecurity team, ensuring that they possess or acquire the latest skills and tools needed to adapt to the landscape and protect an organization. Skills-based management strategies can help with upskilling by providing insight into areas for growth and how an employee is progressing.

Some candidates and employees are better suited for a role or a career path than others, but rather than reflexively rewarding seniority or arbitrary personality traits, skills-based hiring adheres to a scientific model. This allows for a more objective and measurable approach to upskilling talent, leading to increased mobility, employee engagement and satisfaction (as well as retention). With more workers seeking upskilling opportunities from their employers, it’s a strategy that can make an organization more attractive to the best candidates.

As cyber attacks become more frequent, sophisticated and impactful across industries, organizations must find ways to address a leviathan labor shortage. Skills-based hiring is a solution that significantly widens the candidate pool beyond those with technical years of experience, not only distinguishing top cyber talent but also identifying and developing nontraditional candidates with the profiles to become productive cybersecurity professionals themselves.

 

The post How Skills-Based Hiring Can Help Combat Cybersecurity Skills Shortages appeared first on Cybersecurity Insiders.

As federal agencies move beyond the Office of Management and Budget’s (OMB) September 2024 zero trust implementation deadline, achieving comprehensive zero trust remains an ongoing endeavor. While all agencies continue working toward this critical cybersecurity mandate, a select group has emerged as particularly effective in their implementations, offering valuable lessons for organizations at every stage of their security journey.

What Sets Leaders Apart?

The shift from traditional perimeter-based security to zero trust architecture represents a fundamental change in how federal agencies approach cybersecurity. Leading agencies have recognized that success in this transition requires more than just compliance with mandates – it demands a comprehensive transformation of security practices and organizational culture.

These agencies have found success through strategic partnerships with commercial cloud providers and specialized service providers. These collaborations bring critical technology, battle-tested methodologies, and lessons learned from diverse implementations across the public and private sectors.

Furthermore, these agencies have a comprehensive approach to security, addressing all five pillars of the zero trust architecture: identity, device, network/environment, application workload, and data. Rather than treating zero trust as a checkbox exercise, they’ve embraced it as a fundamental shift in how they think about security. These leaders excel at both macro and micro segmentation, effectively dividing their networks into manageable, secure segments while maintaining clear visibility into devices and their security postures, implementing dynamic access controls based on real-time validation of users and devices.

Transforming Operations with Zero Trust

The journey to zero trust excellence is all about transforming how agencies operate. Leading agencies have discovered that proper implementation of zero trust principles actually improves operational efficiency. By optimizing resource utilization and enabling systems to respond at the speed of compute, these agencies are more secure and more effective.

These agencies demonstrate particular strength in data protection, ensuring information is safeguarded both at rest and in transit, with clear visibility into data movement. They extend security beyond the perimeter to individual workloads and applications, recognizing that modern threats require a more granular approach to protection. Their flexibility in applying zero trust principles to unique scenarios – such as organizational mergers, third-party access management, and complex infrastructure considerations like operational technology environments – ensures that security measures can be effectively implemented across a wide range of contexts.

A Roadmap for Success

For agencies looking to follow in these leaders’ footsteps, the path forward begins with honest assessment and strategic planning. Most organizations typically find themselves in one of four common scenarios when approaching zero trust implementation:

  1. They’ve already made progress on modernizing their security approach but aren’t sure if they’ve achieved a true zero trust architecture or how to measure their maturity level
  2. They’re unsure where to start or which technologies will deliver the best outcomes in the shortest timeframe
  3. They’re stuck on a specific implementation challenge where conventional solutions haven’t been effective
  4. They need assistance developing a detailed roadmap that includes guidance on how to “programmize” zero trust to ensure continued success for years to come

Regardless of their starting point, the most successful implementations regularly begin with a comprehensive evaluation of current security postures, followed by the development of detailed roadmaps that balance quick wins with long-term goals.

The key is to start with manageable steps while keeping sight of the larger vision. Leading agencies have found success by initially focusing on fundamental elements like multi-factor authentication and enhanced visibility into network traffic. These measures provide immediate security benefits while building momentum for more comprehensive changes.

Automation is another key focus area for leading agencies. They recognize that manual processes can’t keep up with the speed of modern threats. Prioritizing automated threat detection and response, continuous monitoring and assessment of security posture, and streamlined access provisioning and de-provisioning enables these agencies to maintain a robust security stance with greater efficiency.

Navigating Challenges

Every transformation faces obstacles, and the journey to zero trust is no exception. Legacy systems, budget constraints, and talent shortages present significant challenges. However, leading agencies have developed innovative approaches to overcome these hurdles.

For legacy systems, successful agencies have adopted a pragmatic approach, implementing compensating controls around older systems while gradually modernizing critical applications. They’ve learned to navigate budget constraints by aligning zero trust initiatives with other modernization efforts and demonstrating concrete returns on investment through improved efficiency and reduced risk. By framing zero trust as an investment in overall agency effectiveness and resilience, leaders can often secure the necessary resources for implementation.

The talent shortage, perhaps the most pressing challenge, has led to creative solutions. Top performers have invested in comprehensive training programs for existing staff while building partnerships with academic institutions to create sustainable talent pipelines. Some have successfully leveraged managed services to augment their internal capabilities, creating hybrid teams that combine institutional knowledge with specialized expertise.

Looking Ahead

The federal agencies leading the charge in zero trust have demonstrated that while the journey is complex, significant progress is achievable. Their experiences offer a valuable roadmap for organizations at every stage of the zero trust journey, proving that enhanced security and operational efficiency aren’t mutually exclusive goals.

As cyber threats continue to evolve, the lessons learned from these agencies become increasingly valuable. Their success stories show that with careful planning, strategic implementation, and a commitment to change, organizations can build a more secure and resilient digital future.

While the OMB deadline has passed, these leading agencies demonstrate that the true value of zero trust extends far beyond mere compliance. Their experiences show that thoughtful, comprehensive implementation creates a foundation for lasting security and operational excellence that will serve agencies well as they face the challenges of an ever-evolving threat landscape. The journey to zero trust may be ongoing, but the path forward is clear, and the benefits are worth the investment.

###

Mark Modisette is the Senior Director for Zero Trust Strategy at Optiv + ClearShark, where he helps clients implement Zero Trust Principles effectively. With a background at companies such as CVS Health, Microsoft, and Avaya, Mark has held various leadership positions focused on security strategy and risk management.

 

The post Zero Trust, Maximum Impact: Strategies from Leading Federal Agencies appeared first on Cybersecurity Insiders.

DeepSeek has taken the AI world by storm, surpassing ChatGPT as the most downloaded smartphone app and gaining rapid adoption due to its efficiency and accessibility. While its advancements in AI reasoning and performance optimization are impressive, security researchers, including our team at Qualys, have uncovered many critical vulnerabilities that raise serious concerns for enterprise adoption.

It is vital that organizations prioritize security just as much, if not more than performance when it comes to AI deployment. This piece will dive into the findings from Qualys’ security analysis of DeepSeek-R1, explore the real-world implications of unsecure AI environments, and share best practices for organizations to implement proactive security measures that ensure responsible and secure AI deployment. 

The Alarming Results from DeepSeek-R1’s Security Analysis

To evaluate DeepSeek-R1’s security posture, the Qualys team conducted a comprehensive analysis using its AI security platform, Qualys TotalAI. TotalAI provides a purpose-built AI security and risk management solution that can identify threats and other safety concerns to ensure that AI models are secure, compliant and resilient. 

The analysis of DeepSeek focused on two key areas: knowledge base (KB) and jailbreak attacks. TotalAI’s KB Analysis assessed DeepSeek-R1 across 16 categories, including controversial topics, factual inconsistencies, illegal activities, unethical actions, sensitive information exposure, and more. Throughout the testing, nearly 900 assessments were conducted. Alarmingly, the model failed 61% of these tests, identifying critical ethical, legal and operational risks. 

During the analysis, DeepSeek-R1 was also subjected to 885 jailbreak attempts using 18 different attack categories. It failed 58% of these tests, meaning attackers can easily bypass critical built-in safety mechanisms, including instructions on how to make explosives, promoting misinformation and violence, among other illegal activities. The testing exposed severe weaknesses in DeepSeek’s AI alignment and presents serious risks for organizations integrating it into their workflows. 

Why Is This Concerning for Enterprises?

The vulnerabilities exposed through this security analysis highlight three major risks for enterprises – the first being evident ethical violations. DeepSeek-R1’s inability to prevent adversarial jailbreak attempts could lead to unintended consequences, such as the spread of misinformation, bias reinforcement, or facilitation of illegal activities. It is important that enterprises leveraging AI must ensure their models align with ethical and legal standards to maintain trust and integrity.

The next major risk concerning enterprises is privacy and security breaches. A recent cybersecurity incident exposed over a million log entries from DeepSeek AI, including sensitive user interactions and authentication keys. This shows clear deficiencies in DeepSeek’s data protection measures and increases concerns for enterprises storing sensitive information. 

Finally, DeepSeek-R1’s data storage practices present significant compliance concerns for organizations operating under regulations like GDPR and CCPA. Since all user data is stored on servers in China, it is subject to Chinese Cybersecurity Law, which allows government authorities access to locally stored data without user consent. This creates potential conflicts with GDPR’s strict data protection requirements and CCPA’s provisions for user privacy rights. Additionally, opaque data governance practices raise concerns about unauthorized access or state-mandated disclosure of sensitive information.

Best Practices to Strengthen AI Security

To address vulnerabilities in AI models like DeepSeek-R1 effectively, businesses must adopt a proactive security strategy that prioritizes both technical safeguards and regulatory compliance. This begins with implementing comprehensive security solutions tailored for AI environments, which provide continuous monitoring and automated risk management for LLMs. Organizations should also conduct adversarial testing to identify weaknesses like jailbreak susceptibility or ethical misalignment before deployment. 

On the compliance front, businesses must perform detailed legal risk assessments to ensure adherence to data protection regulations like GDPR and CCPA, while addressing cross-border privacy concerns tied to data storage practices. Deploying models in private cloud environments rather than relying on hosted solutions can help mitigate regulatory risks while maintaining greater control over sensitive data. By combining these measures with ongoing updates to align with evolving threats and standards, businesses can ensure secure and responsible use of AI technologies. 

As AI adoption accelerates, so do its risks. DeepSeek-R1 is a perfect example of this. While the model does deliver significant advancements in AI efficiency, it failed more than half of the Qualys TotalAI KB and Jailbreak tests. Attackers will continuously develop new techniques to bypass AI safeguards. Organizations must adopt proactive, comprehensive security solutions, like Qualys TotalAI, that ensure AI models remain resilient, compliant and aligned with evolving business and regulatory demands.  

 

The post Overcoming Critical AI Security Risks Uncovered in DeepSeek-R1 appeared first on Cybersecurity Insiders.

Security awareness training has been steadily gaining traction and momentum as organizations have come to understand that cyberattacks mostly stem from their own employees (e.g., clicking on phishing links, downloading malicious files, failing to use strong passwords). Despite a lot of in-house training, almost half (46%) of employees still continue to struggle with phishing emails. 

Common Mistakes That Dampen Security Training

Conventional cyber awareness programs may fall short in certain areas.

One-size-fits-all: Most training programs are generic, offering the same content to all individuals regardless of their role, skill level, or prior knowledge. This lack of personalization can lead to disengagement and ineffective learning.

Outdated content: Training programs may fail to keep pace with the evolving threat landscape – content isn’t regularly updated to reflect the latest threats like AI-generated phishing attacks, or coercive synthetic media such as deepfakes, leaving users unprepared to defend against modern cyber risks.

Absent real-world context: Conventional training rarely simulates real-world scenarios, making it difficult for people to apply what they’ve actually learned in practice. This gap between theory and application can leave organizations vulnerable to attacks.

Lack of consistent feedback: Without timely and actionable feedback, individuals may not understand their mistakes or learn how to respond and improve. This can result in repeated errors and a false sense of security.

Limited user context: Basic metrics to assess user performance – i.e., click-through rates or completion percentages – can lack depth when not analyzed in the context of an employee’s background, learning history, job role, cyber maturity level, or other factors. In the absence of such granular understanding, organizations are unable to measure a program’s true education efficacy or tailor it to address specific worker behaviors or risks. 

What Is Agentic AI And How Can It Enhance Cyber Training Programs? 

So-called agentic AI refers to artificial intelligence systems that exhibit a high degree of autonomy and adaptability. Unlike conventional AI that follows predefined rules and operates within a specific framework or scope depending on its training models, agentic AI can learn, reason, and make independent decisions in dynamic environments. These systems are capable of understanding context, predicting outcomes, and taking actions to achieve specific goals. In the context of security awareness training (SAT), agentic AI can serve as a virtual coach, a mentor, or even a simulated adversary, providing employees with real-time feedback, personalized learning paths, and immersive experiences. One agentic AI program can even be dictated by another agentic AI program.

There are number of ways in which agentic AI can enhance SAT programs:

Personalized learning: Agentic AI can analyze an employee’s role, skill level, and learning history to create customized programs tailored to individual need. AI can also generate intelligent quizzes based on an organization’s specific security and compliance policies.

Contextual and targeted training: Agentic AI can analyze each user’s learning history, job role, risk score, behavior patterns, susceptibility to specific threats, and factors such as location or language to automatically deliver the most relevant and targeted content tailored to the individual. 

Adaptive learning: AI agents can adapt to an employee’s progress, adjusting the difficulty and focus of the training as needed. If an employee consistently performs well in identifying phishing emails, the AI might introduce more complex attacks or shift focus to other areas, such as password security or data protection. This approach ensures that users are always challenged and maximizes the effectiveness of training.

Dynamic template generation: AI agents can dynamically generate training templates based on the latest scams and social engineering tactics. This ensures that employees are always learning about the most current threats, creating a more relevant and up-to-date training experience.

Continuous monitoring and feedback: AI agents can continuously track employee behavior, interactions, and responses during training sessions and offer real-time feedback and guidance. This proactive monitoring and nudging can help organizations address security concerns quickly and ensure employees receive timely feedback, thereby boosting cyber awareness and practices.

User Benefits of Agentic AI-Powered Cyber Awareness Training

Lower training fatigue: Agentic AI can make security training more engaging and less overwhelming by delivering bite-sized knowledge refreshers at optimal intervals. This reduces information overload, ensures that security awareness becomes part of the daily routine and improves learning retention without causing fatigue.

Enhanced user experience and learning: AI agents can boost employee enthusiasm and engagement by offering interactive, gamified, and scenario-based learning. This makes the training experience more enjoyable, immersive and effective, improving retention of best practices while fostering a culture of cyber awareness and vigilance.

Deep behavioral insights: AI can track and analyze user behavior during training programs to identify patterns, strengths, and weaknesses, allowing for more targeted intervention like hands-on coaching, and improved results.

Agentic AI is transforming security training by making it more personalized, targeted, and effective. By addressing the limitations of conventional training, it equips employees with the skills and knowledge needed to combat modern cyber threats. As organizations face increasingly sophisticated attacks, agentic AI offers a modern and scalable solution to build a resilient, security-conscious workforce.

 

About the Author

 Erich Kron is Security Awareness Advocate for KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management with over 70,000 customers and more than 60 million users. A 25-year veteran information security professional with experience in the medical, aerospace, manufacturing and defense fields, he was a security manager for the U.S. Army’s 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, SACP and other certifications. Erich has worked with information security professionals around the world to provide tools, training and educational opportunities to succeed in information security.

LinkedIn: https://www.linkedin.com/in/erichkron/

 

The post Harnessing Agentic AI To Supercharge Security Awareness Training appeared first on Cybersecurity Insiders.