Author: Jane Devry

According to research, the number of data breaches is increasing year over year. Worse yet, for businesses, data loss may not be the most considerable cost associated with an IT incident — it could result in a lawsuit from customers, investors, employees, or whoever’s data was exposed in the breach. Thus, many businesses wonder how they can reduce their liability.

Challenges in IT liability

Unfortunately, understanding liability when it comes to matters of IT, such as data breaches, is not cut and dry. Of course, the wrongdoer is the primary culprit for the incident, but the organization responsible for protecting the data may also be held liable. In many instances, the actions (or lack thereof) of an organization and its employees contribute to the severity of a breach, and as such, they are held at least partially liable.

Recent technological developments have made IT liability even more complex. While the rise in remote and hybrid work structures has introduced more access points and vulnerabilities to networks, artificial intelligence technology has simultaneously allowed cyber attackers to become more sophisticated in their attacks. This means that businesses must be particularly vigilant to ensure they are not held legally and financially accountable for the consequences of any cyber attacks.

In many cases, negligence is the key determinant of the extent to which a business will be held liable for a data breach. Rarely does a business act maliciously or intentionally to cause a data breach, with the notable exception of companies that sell customer data. More often than not, a data breach results from a business failing to fulfill its responsibility to protect its customers and their data.

What can businesses do to reduce their cybersecurity liability?

At a basic level, businesses can be expected to implement core cybersecurity best practices. For example, access control, malware prevention software, and data encryption are standard measures every business should be expected to take as a bare minimum. If a business has shown complete and total disregard for the safety of its customers’ data by failing to implement even the most basic of safeguards, it will almost certainly be found liable for the consequences of the data breach.

Businesses that work with third-party contractors must take particular care when vetting potential partners, as the mistakes of these contractors could negatively affect the business that contracted them. Failing to do one’s due diligence when hiring a contractor is a form of negligence in itself, meaning that if a third party does not implement the proper cybersecurity measures and causes a data breach, the service provider could be held responsible for the consequences.

There is one tool that businesses can use to protect themselves against potential liability from data security breaches: their contracts. Contracts should include clear provisions relating to cybersecurity because this ensures that both the responsibilities of the business and the rights of the customer are defined. Examples of data security provisions that should be outlined in service contracts include what standards of encryption will be used when storing data and how long data will be stored — including after the contract is terminated.

Contracts can also include waivers that free businesses of liability for data security breaches in certain circumstances. For example, a business can include a clause in a contract that defers liability to third-party contractors in the event of a security breach caused by a third party’s actions or negligence. Some contracts may even include clauses that release the business from any and all liability relating to data breaches.

Finally, businesses must ensure that they stay up-to-date with any applicable laws and regulations regarding data security. With new technologies emerging like artificial intelligence — not to mention the fact that several new lawmakers are entering into office — these regulations are constantly changing. However, failure to maintain compliance with regulations could cause a business to face not only fines and penalties from regulators but also liability in lawsuits for their failure to adhere to regulations.

A data breach can be a costly situation for a business, but there are protections that a business can take to minimize its liability. By taking steps like implementing basic cybersecurity measures, ensuring that contracts are carefully written to minimize liability, and staying in compliance with applicable regulations and laws, businesses can mitigate their financial and legal risk in the case of a cyber attack.

 

The post IT Liability Concerns appeared first on Cybersecurity Insiders.

Defense Tech companies that seek to maximize their chances of winning government contracts must understand current and future cybersecurity requirements. Specifically, they need to know that there are existing Defense Federal Acquisition Regulation Supplement (DFARS) clauses that mandate NIST SP 800-171 Rev. 2 compliance for certain contracts they’re looking to obtain. To compete for these contracts, Defense Tech companies must also post a NIST SP 800-171 Rev. 2 self-assessment score to the Supplier Performance Risk System (SPRS). Additionally, the more rigorous Cybersecurity Maturity Model Certification (CMMC) process is just around the corner and is expected by most to go into effect early next year. This is why Defense Tech companies need to act today to start their compliance journey. Companies that get ahead of CMMC can enjoy a window of competitive advantage, yet those who fall behind stand to lose out on government contracts and opportunities. 

NIST SP 800-171 rev. 2 Overview  

Compliance with NIST Special Publication 800-171 Rev. 2, titled “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations,” is currently required in many Department of Defense (DoD) contracts. Developed by the National Institute of Standards and Technology (NIST), this framework provides guidelines on how organizations can safeguard sensitive information that is shared by federal agencies. The publication includes 110 security requirements spread across 14 families, such as access control, incident response, and system and information integrity. These requirements help ensure that non-federal organizations implement adequate security measures to protect Controlled Unclassified Information (CUI) from unauthorized access and cyber threats.  

By providing a standardized set of requirements, NIST SP 800-171 Rev. 2 helps to mitigate risks associated with the loss or compromise of CUI, which could have significant national security implications. The guidelines also aim to enhance the overall cybersecurity posture of the defense industrial base (DIB) and other sectors handling federal information. 

Compliance with NIST SP 800-171 rev. 2 is mandated by DFARS clauses which may be present in sensitive defense contracts. Key among them is DFARS 252.204-7012, which requires defense contractors to implement the NIST SP 800-171 Rev. 2 security controls to protect CUI and to report any cyber incidents to the DoD. Additionally, DFARS 252.204-7019 requires contractors to submit a current assessment of their NIST SP 800-171 Rev. 2 implementation to the Supplier Performance Risk System (SPRS). The intent of these clauses is to ensure that contractors maintain a minimum level of cybersecurity to ensure information shared by federal agencies is better protected. 

SPRS Overview  

SPRS is a tool used by the DoD to evaluate the performance and risk profiles of its suppliers. SPRS aggregates data from multiple sources to provide a comprehensive view of a supplier’s performance, including compliance with cybersecurity standards such as NIST SP 800-171 Rev. 2. This system helps the DoD make informed decisions regarding contract awards and supplier management, ensuring that contractors meet necessary performance and security standards. 

CMMC Overview  

Defense Tech companies must currently comply with the NIST SP 800-171 Rev. 2 and SPRS and should begin preparing for CMMC. CMMC was introduced to address DoD concerns related to rampant nation state data theft and industrial espionage occurring within the DIB. The current CMMC proposal has three maturity tiers. Level 1 is a subset of NIST SP 800-171 Rev. 2. Level 2 is aligned with full NIST SP 800-171 Rev. 2 compliance. Level 3 includes additional advanced security practices. All DIB companies should expect to reach Level 1 compliance. Companies handling CUI will be expected to minimally reach Level 2 compliance.  

Making CMMC a Competitive Advantage  

CMMC is likely to go into effect early next year. Once in effect, companies will have a defined period of time to become compliant and have a third-party assessment conducted to ensure all requirements are met. Companies first to reach this milestone will have a unique window of competitive opportunity. Forward thinking companies are conducting CMMC gap assessments and shoring up weaknesses. They are also locking in a C3PAO engagement, ensuring they have a spot in line once assessments can proceed. Because there are a limited number of C3PAOs, the line is already getting long. Once the ruling is passed, companies might find themselves many months away from being able to secure an assessment – hence the window of opportunity for companies leaning into CMMC readiness. 

Furthermore, just because you have a spot in line for a C3PAO doesn’t mean you will be ready to pass the audit. Implementing the necessary system, infrastructure, and process changes to achieve compliance with NIST SP 800-171 Rev. 2, which CMMC L2 is currently based on, can take six months to a year. There are significant cybersecurity technologies and operational capabilities that companies must bring up and make operational. Some of the costliest and complex include mature capabilities around log management, threat detection, incident response, and vulnerability management. These capabilities require specialized technology and staff that companies must acquire, or they’ll need to select a service provider to whom they can outsource. If going the service provider route, they too must be CMMC compliant.  

Conclusion  

Defense Tech CEOs need to ensure they are factoring current and future compliance requirements into their overall go-to-market strategy. Failure to understand these requirements can severely impede a company’s ability to compete — today and in the future. Alternatively, getting your company on a path to be NIST SP 800-171 Rev. 2 compliant will ensure you are meeting current requirements and will be ahead of the game when CMMC goes into effect. It would also be wise to start speaking with C3PAOs and consider securing your place in line, to maximize what might be a rare window of extreme competitive differentiation.  

About Chris Petersen:

Chris Petersen is a leader and innovator who cares deeply about protecting governments and companies from cybersecurity threats. Chris began his career as a consultant with Price Waterhouse (PwC) and later Ernst & Young (EY). He then joined the first Silicon Valley startup providing Managed Security Services. In 2002, Chris co-founded LogRhythm, a Gartner Magic Quadrant Leader in Security Information & Event Management (SIEM). Currently, Chris is the CEO of RADICL Defense, a stealth-startup protecting organizations from nation state threats. Chris has spoken at conferences across the globe, holds multiple patents, and is an EY Entrepreneur of the Year.

 

The post Giddy Up! It’s Time for Defense Tech Companies to Get Ahead of CMMC Before They Get Left Behind appeared first on Cybersecurity Insiders.

Insider threat management remains a top priority for organizations as insider incidents rise. Insider threats encompass a broad spectrum of malicious activities, from data theft and espionage to fraud and workplace violence. To counter these risks, organizations are enhancing their insider risk management programs by leveraging advanced technologies and whole-person analytical approaches.

This article, derived from a companion webinar and white paper, explores the evolving insider threat landscape. It examines industry survey insights on perceived risks and program effectiveness, while exploring key technologies and differentiators among modern counter-insider threat (C-InT) solutions. It also shares the advantages of whole person insider threat management, along with expert recommendations on migrating to this proactive approach.

Insider Threat Challenges and Perceptions

Insiders have legitimate access to sensitive resources, making threat detection difficult. They can exploit their privileges and typically inflict substantial harm before being discovered. Compounding these challenges, many employment and privacy regulations limit how organizations can monitor insider activity, necessitating legal consultation and well-defined policies before instituting a whole-person, counter-insider threat (C-InT) program.

A recent Cybersecurity Insiders survey of over 400 cybersecurity professionals reveals a growing concern over insider threats.¹ Seventy-one percent of organizations feel vulnerable, with a third reporting significant risk exposure. Many respondents believe their insider threat programs are only nominally effective.

Traditionally, organizations have relied on security controls across identity, physical access, endpoints, networks, and cloud environments to detect insiders. However, a whole person approach extends beyond technical indicators to incorporate behavioral data sources such as human resources records, legal data, and social media activity. The same survey indicated that approximately half of organizations are also incorporating behavioral data sources, such as legal data, human resources data, and publicly available information (PAI), into their insider threat programs.

Conventional Insider Threat Technologies

C-InT solutions primarily detect threats by analyzing access violations, data leakage, anomalous user behavior, and unauthorized activity across physical, identity, endpoint, and network layers. Security tools, including SIEM and IAM systems, are often employed to enhance visibility and support user and entity behavior analytics (UEBA).

According to a recent QKS-Group market report², key capabilities in C-InT solutions include user and device monitoring, UEBA, extended detection and response (XDR), security automation, audit and reporting, and dashboard analytics. UEBA enables organizations to detect anomalies in user behavior that could indicate insider threats, such as privilege abuse, unauthorized data access, or application misuse. 

C-InT tooling includes varying pre-defined and custom analytics and dashboarding capabilities to facilitate monitoring, documentation, and incident response. Workflow automation further enhances security operations by streamlining alert handling, investigative analysis, and incident response.

Responding to Threats and Leveraging AI Detection

C-InT solutions offer manual, semi-automated, and automated response mechanisms to mitigate threats in real time. Automated responses can disable accounts, block devices, or quarantine suspicious files, enhancing security teams’ efficiency. AI and machine learning (ML) are increasingly leveraged to reduce related alerts and filter out false positives. They can identify patterns indicative of insider risk at great speed; however, AI-driven approaches can lack transparency, raising concerns about potential biases and misclassifications.

Predictive analytics enables organizations to model risk indicators and behavioral trends to preemptively identify potential threats – activities of persons on the critical path to insider threat.³ While traditional insider risk management primarily reacts to security incidents, predictive modeling facilitates proactive intervention. 

Whole Person Risk Assessment: A Paradigm Shift

Whole person insider threat management integrates behavioral data with technical indicators to enhance predictive risk assessment. Behavioral data sources include HR performance evaluations, law enforcement records, financial risk indicators, and social media activity. By incorporating these diverse data sets, organizations can develop a holistic risk profile of potential insider threats.

According to Frank L. Greitzer, Ph.D., chief behavioral scientist at Cogility, traditional insider threat detection methods often alert security teams only after an attack is underway. However, by incorporating behavioral data, organizations can identify early warning signs—providing opportunities for intervention before an incident occurs. Whole person risk assessment enables analysts to recognize subtle red flags along the critical pathway to an insider threat.

For whole person insider threat management to be incorporated into an existing program, behavioral data acquisition, privacy compliance, and analysis consistency must be managed to ensure ethical and legal compliance. Once achieved, how can organizations effectively modernize their insider threat program to take advantage of a whole-person approach. Frank L. Greitzer offers guidance towards implementing a whole person insider threat approach:

1.Expand Stakeholder Involvement: Engage HR, legal, behavioral scientists, and employee representatives alongside security teams to develop a comprehensive C-InT strategy. 

2.Define Key Insider Risks: Identify not only severe threats but also concerning behaviors that indicate an increased risk of insider activity.

3.Develop Insider Risk Assessment Models: Map potential risk indicators (PRIs) and assign weighted ratings to refine risk assessments. Leveraging existing PRI taxonomies, such as SOFIT (Socio-technical and Organizational Factors for Insider Threats) can help streamline the process.

4.Refine Risk Models with Expert Feedback: Continuously calibrate assessment models using insights from insider threat analysts and behavioral experts.

5.Assess Data Sources and Compliance Requirements: Identify and document available technical and behavioral data sources, ensuring compliance with privacy regulations.

6.Establish Monitoring and Response Guidelines: Develop standardized templates and procedures for insider risk assessment and response.

7.Evaluate Program Costs and Effectiveness: Measure current insider threat program performance to identify gaps and justify investments in enhanced capabilities.

8.Assess Implementation Trade-offs: Consider operational costs, technological requirements, and integration challenges when transitioning to a whole person approach.

9.Estimate Program Impact and ROI: Assess improvements in risk mitigation, operational efficiency, and security outcomes resulting from whole person risk management.

10.Secure Executive Buy-in and Execute: Present key findings and performance metrics to gain stakeholder commitment and drive implementation forward.

Modernizing Insider Threat Management

As insider threats continue to evolve, organizations must modernize their C-InT programs by incorporating continuous behavioral monitoring, AI-driven analytics, predictive modeling, and automated response workflows. A whole person approach shifts insider threat management from reactive detection to proactive risk assessment, helping organizations protect assets, mitigate risks, and foster a secure workplace.

Now is the time to transition to a forward-thinking, whole person insider threat strategy to enhance security resilience and safeguard against emerging threats.

For further insights, refer to the original webinar or white paper.

Acknowledgments: The author would like to thank Frank Greitzer, Ph.D. (Cogility Software), Holger Schulze (Cybersecurity Insiders), and QKS-Group for their contributions

References:

  1. 2024 Insider Threat survey by Cybersecurity Insiders n=413
  2. 2024 QKS-Group SPARK Matrix™: Insider Risk Management
  3. Shaw, E. & Sellers, L. (2015). Application of the critical-path method to evaluate insider risks. Studies in Intelligence, 59(2), 41-48
  4. Adapted from: Greitzer et al. (2018). https://ieeexplore.ieee.org/document/8424651
  5. Intelligence and National Security Alliance (INSA), Human Resources and Insider Threat Mitigation: A Powerful Pairing, September 2020 – INSA White Paper
  6. SOFIT; Greitzer, Pearl, Leuong, and Becker. https://ieeexplore.ieee.org/document/8424651

The post Insider Threat Program Modernization: Trends, Technologies, and Whole-Person Risk Assessment appeared first on Cybersecurity Insiders.

41% Collect Sensitive Data Ranging from Credit Card Info to Passwords, Putting Tens of Millions at Risk of Identity Theft

Incogni, a leading data privacy provider, today issued a comprehensive new study analyzing the privacy risks posed by 238 AI-powered Google Chrome browser extensions. The report, “Ranking AI-Powered Chrome Extensions by Privacy Risk in 2025,” reveals that two-thirds (67%) of analyzed extensions collect user data, and more than a third (41%) collect personally identifiable information (PII), including sensitive details like credit card numbers, passwords, and location data. DeepL is recognized as one of the most privacy-invasive extensions, while Grammarly has a high risk impact. Such invasive privacy practices might affect countless users and expose them to identity theft and cybersecurity threats.

Extensions like Grammarly, which make writing almost anything effortless, or Vetted, which act as online shopping assistants, are quickly becoming as engrained in everyday life as smartphones did in the early 2010s. However, because many users trust Google’s ecosystem, they also assume that third-party extensions vetted through the Chrome Web Store are equally safe. Unfortunately, browser extensions may suffer data breaches, as shown by recently revealed Chrome extension hacks, with 35+ compromised extensions affecting over 2.6 M users.

To assess the risk of using AI-powered Chrome browser extensions, Incogni researchers analyzed the permissions of 238 extensions with more than 1,000 users, along with the data their publishers admit to collecting, then used the findings to create a ranking of AI extensions and extension categories based on how much of a risk they pose to user privacy.

“People are coming up with such creative ways to use AI; there’s probably an AI extension for almost any use case you could think of,” said Darius Belejevas, head of Incogni. “While this is very exciting, it could also be risky if users don’t stop to consider whether the extensions they add to their browser may be logging their every keystroke, or injecting code into the sites they visit.”

Key findings of the report include:

  • 67% of analyzed extensions collect user data.
  • PII is collected by 41% of extensions, including at least a quarter of those in eight of the nine categories examined.
  • 41% of investigated extensions have a high risk impact, meaning they could cause severe damage to the user; these include permissions like the ability to inject code into websites or run on all pages opened on the user’s browser.
  • Nearly 100 extensions require sensitive permissions that provide access to personal user data, like passwords, financial information, browsing history, email content, and location.
  • 18% collect authentication information, such as passwords, credentials, security questions, and personal identification numbers (PINs); audio transcription and programming helpers are the worst offenders
  • 7% collect financial and payment information (transactions, credit card numbers and credit ratings scores), including 15% of text/video summarizers and 14% of audio transcribers.
  • Among the most popular extensions, the most privacy-invasive was the DeepL AI translator and writing assistant, followed by AI Grammar Checker & Paraphraser and advanced AI assistant Sider.
  • Grammarly, DeepL, and Sider were recognized as the most popular extensions with high risk impact.

 While some of the data types collected are clearly sensitive and may cause consumers to think twice before using an extension, others are more vague. For example, “user activity” (collected by 22% of extensions) may not sound alarming, but it is actually one of the most sensitive types of data, as it reflects everything from highly personal data, sensitive company information, and keystrokes to passwords, timestamps, and even behavioral patterns.

The report digs deep to reveal the most privacy-invasive extension categories and titles.  The programming assistants category was found to be the most invasive, followed by personal assistants/general-purpose extensions and integrating/connecting extensions.

The researchers also investigated the most popular extensions, with at least 2M users each, and ranked them according to their data collection and permission request practices.

Among the most popular extensions, the most privacy-invasive was found to be DeepL, which requires the highest number of sensitive permissions (four), including scripting and webRequest. It also collects five data points, including personal communications and user activity, and requires five permissions. The second most privacy-invasive, AI Grammar Checker & Paraphraser also collects five data points, and requires a relatively high number of sensitive permissions (scripting and activeTab). Sider ranked third, requiring the highest number of sensitive extensions (four), including offscreen and all urls.

It is also notable that Grammarly, DeepL and Sider have a high risk impact, which means that, theoretically, they have the ability to exfiltrate or compromise a lot of sensitive user data or otherwise encroach upon users’ privacy.

Belejevas adds, “Unfortunately, we have more reason than ever to be cautious—from hackers and scammers actively looking for ways to exploit people and systems. It’s essential consumers carefully weigh the benefits against the potential risks of AI-powered extensions and choose more privacy-friendly options.”

The report is available for download at: https://blog.incogni.com/ranking-ai-powered-chrome-extensions-by-privacy-risk-in-2025/

About Incogni

Incogni helps people take control of their data by removing their personal information from various sources, such as data brokers or people search sites. Incogni provides a simple, user-friendly solution that prevents the data from being sold and reduces the likelihood of cybercrime and spam.

The post New Research from Incogni Ranks Top 238 AI-Powered Google Chrome Extensions by Privacy Risk appeared first on Cybersecurity Insiders.

The cybersecurity landscape is rapidly evolving, and with mainstream adoption of artificial intelligence (AI) and more complex software supply chains, organizations are realizing they must adopt a proactive strategy to attain true cyber resiliency. Recognizing that traditional cybersecurity protocols no longer work against today’s cyber threats is an important first step.

Black Duck’s recent Building Security in Maturity Model (BSIMM) 15 report provides key insights into how organizations are responding to today’s cybersecurity challenges, emerging risks, and the most effective strategies for strengthening security programs. By analyzing the security practices of 121 organizations across multiple industries, BSIMM15 serves as a roadmap of what the biggest threats are to organizations, how to meet compliance requirements, and steps for safeguarding a company’s software ecosystem.

BSIMM15: The State of Software Security

Software security trends continue to evolve in response to the changing cyber threat landscape, and now, organizations have to navigate both the opportunities and risks posed by artificial intelligence (AI) and large language models (LLMs) while also ensuring their security programs are robust.

The evolving complexity of AI-driven systems have created new threats and vulnerabilities that organizations are still working to define and secure. In response, the BSIMM15 report found that there has been a 30% increase in organizations forming dedicated research groups to study emerging threats and develop new defensive strategies. Additionally, the use of adversarial testing (abuse cases) has more than doubled in the last year. It is evident that companies recognize the need to continuously test AI models against potential exploits so they don’t find themselves vulnerable if weaponized by threat actors. While we cannot firmly tie the rise in these BSIMM activities to concerns with AI, it is clear these activities will be keys in addressing the risks.

The report also uncovered that securing the software supply chain was a top priority for organizations, which is largely due to evolving regulatory requirements. Now more than ever, companies are under pressure to ensure transparency and security across the entire software development lifecycle. BSIMM15 found a 67% increase in the use of software composition analysis (SCA) to identify vulnerabilities in open-source components and a 22% rise in the generation of software bills of materials (SBOMs) to provide greater visibility into deployed applications.

However, despite these advancements, security awareness training has seen a decline over the years. In 2008, the BSIMM1 report found that 100% of organizations conducted basic software security training for their teams, yet today, that number has dropped to just 51.2%, marking the lowest participation rate recorded to date. This decline raises concerns about the overall preparedness of organizations to defend against evolving cyber threats. It also illustrated the need for increased investments in security education and awareness initiatives among all company departments. 

It is possible that this investment is already happening, and software security training is simply evolving from traditional methods to more just-in-time training. Things like collaboration channels, a walk to the next desk to talk with the local security champion, and the training provided by security testing tools as they describe an issue and its remediation, can provide training that is immediately actionable. This is something we will be exploring more in the next year.

Security Strategies to Mitigating Emerging Threats, AI Risks, and Software Supply Chain Challenges

It is evident that organizations must refine their security strategies to keep pace with emerging threats, regulatory pressures, and evolving software vulnerabilities. Instead of trying to adopt a one-size-fits-all approach, companies must personalize security protocols based on their unique business needs.

As previously mentioned, while AI offers benefits to cybersecurity, it also poses complex security risks. Many organizations are still in the early stages of defining AI-specific attack surfaces and integrating protective measures. In order to stay ahead of these risks, businesses should proactively gather intelligence on AI-related threats, establish secure design patterns for AI models, and ensure that AI security is embedded into existing governance frameworks. Treating AI security as an afterthought could expose businesses to unforeseen vulnerabilities and have detrimental impacts on an organization.

Another critical priority is strengthening software supply chain security. Regulatory requirements, especially for those who develop software for the U.S. government, have created significant changes and challenges in security practices. The BSIMM15 report indicates that in order to mitigate this, there has been a sharp rise in the adoption of software composition analysis (SCA), with a 67% increase in organizations leveraging this approach to identify vulnerabilities in open-source components. Additionally, there has been a 22% increase in the creation of software bills of materials (SBOMs), helping companies provide better transparency into software dependencies. Organizations have also increased their efforts to protect code integrity, reflecting the growing need for enhanced visibility and risk mitigation in the software supply chain.

Lastly,  organizations must embrace a “shift everywhere” approach to cybersecurity. In today’s landscape, security must be integrated across legal, audit, risk management, and vendor oversight functions. According to BSIMM15, there has been a 43% increase in event-driven security testing automation highlights a growing shift toward embedding security throughout the entire software development lifecycle (SDLC). Companies that adopt cross-functional security governance are better positioned to proactively manage real-time security threats and compliance requirements, ultimately reducing risk and achieving cyber resiliency.

Looking ahead, s as cyber threats grow in complexity and regulatory expectations continue to evolve, organizations must take a proactive and strategic approach to security. Strengthening defenses against AI-driven threats, securing the software supply chain, reinvesting in security awareness, and integrating security across all business functions are essential steps in building a resilient security program. 

 

The post Strengthening Cybersecurity in an AI-Driven World: Insights and Strategies from Black Duck’s BSIMM15 Report appeared first on Cybersecurity Insiders.

In today’s digital-first era, cyber threats are a persistent and challenging reality for enterprises. According to a 2024 State of Cybersecurity report by the Information Systems Audit and Control Association (ISACA), 38% of organizations experienced increased cybersecurity attacks in 2024, compared to 31% in 2023. Data from Check Point shows that these attacks continue to increase, spiking to an average of 1,876 cyberattacks per organization during Q3 of 2024. This marks a 75% increase over the same period in 2023.

With cyber threats continuing to grow in frequency and sophistication, it’s not surprising that cyber risks are the number one business concern. A PwC survey found that 66% of tech leaders rank cyber as the top risk their organization is prioritizing for mitigation over the next 12 months. 

There is no doubt that digital-first enterprises today are facing a wide array of security challenges and threats. An expanding threat landscape, rapidly evolving technology and a fragmented regulatory environment are all converging to create enormous complexity for organizations when it comes to protecting sensitive business data.

To solve these security challenges and risks, enterprises are turning to technologies like NetSfere’s mobile messaging and collaboration platform that are designed to maintain data security, integrity, and privacy.

Expanded threat landscape

With the adoption of remote and hybrid working models and ongoing enterprise digital transformation, the cyber threat landscape continues to expand in organizations. 

Hybrid and remote work are a mainstay in many businesses today. A report by Owl Labs reveals that in 2024 more than one in three workers (38%) were hybrid or remote, increasing by 15% from 2023. This includes 27% who are hybrid, a 4% increase from last year. The report also revealed that full-time remote work surged by 57%, with 11% of workers working from home.

As organizations expand their digital footprints to support remote and hybrid work and improve customer experience, the number of endpoints and applications multiply and right along with that comes increasing exposure to security vulnerabilities. 

Solving for these risks

Enterprises can reduce this exposure and strengthen their security posture by using a secure by design and default mobile messaging and collaboration platform.

Purpose built for enterprises, NetSfere ensures the security, compliance, and control of business communication across geographically dispersed teams and across all devices. 

The end-to-end encryption (E2EE) built into the platform protects data at rest and in transit and robust administrative controls embed data security and compliance into business communication across every channel. Combined, these features reduce the attack surface, providing no point of entry for threat actors intent on accessing and exploiting sensitive enterprise data.

Rapidly evolving technology

While new technology brings many benefits to enterprises, it also introduces new threats. Today, the rapid adoption of artificial intelligence (AI) is posing security challenges for organizations and the looming emergence of quantum computing is bringing other security threats to the forefront.

AI

Enterprises are increasingly accelerating the adoption of AI to automate tasks, improve data analysis and decision making, personalize customer experiences and more. According to a survey by McKinsey, while AI adoption by respondent organizations hovered at about 50% over the last six years, in 2024, adoption jumped to 72%.

As enterprises rush to deploy AI to reap the business value of this technology, cybercriminals are busy using the technology to hone and automate their attacks. They are weaponizing AI to execute sophisticated phishing attacks, deploy malware that evades detection, and compromise chatbots. 

Quantum computing

Experts do not know exactly when quantum computing will arrive, but many believe that it could be in the next five to ten years. 

Google’s recent introduction of a new quantum chip called Willow marked a significant advancement toward commercially viable quantum computing. Willow performed a computation in under five minutes that would take one of today’s fastest supercomputers 1025 or 10 septillion years.

The looming concern for enterprises is that a future cryptographically relevant quantum computer (CRQC) will be able to break most public-key encryptions that currently secure digital communications.

While quantum breakthroughs like Willow cannot yet break current encryption protocols, it is only a matter of time before the technology matures enough to do so.

The quantum risk is not just a future worry for enterprises – quantum threats are present today. Cybercriminals are wasting no time preparing for the quantum computing era by deploying “harvest-now, decrypt-later” (HNDL) attacks. Bad actors are currently working to steal encrypted data and storing the data until they can use quantum computers to decrypt it. They are mining data from messaging apps, collaboration tools, and other systems, putting sensitive business data at risk of exposure and exploitation. 

The fast-approaching era of quantum computing is creating an urgent imperative for enterprises to speed up their timelines for adopting post-quantum cryptography (PQC) to protect critical systems and data from quantum threats.

Securing against emerging threats  

As AI and quantum computing pose new security challenges, organizations need secure solutions designed to address these challenges. 

NetSfere’s AI-driven mobile messaging platform is built for the enterprise, unlocking the full value of AI safely and securely. It provides a secure AI experience unique to each organization without integrating with any open-source chat/AI functionalities and without any data or information ever leaving the enterprise.

NetSfere also future-proofs business communication, defending sensitive data against the impending capabilities of quantum computing. NetSfere’s crypto-agile architecture features seamless integration of post-quantum cryptography that ensures data remains secure now and in the quantum era.

Fragmented regulatory environment

As technology evolves and the threat landscape expands, policymakers are working to develop cybersecurity laws and regulations aimed at protecting data security and privacy. 

In the U.S., the absence of a federal data privacy regulation means that enterprises must comply with a fragmented mix of state laws that govern how data is collected, processed, and stored. Overlapping compliance regulations across different states and countries creates compliance complexity that is massively challenging for enterprises to navigate.

Last year, seven new states passed comprehensive data privacy laws in the U.S., bringing the total number of state data privacy laws to 19.

Lawmakers are also working to address the unique data protection challenges posed by AI.

In the U.S. last year, at least 45 states, Puerto Rico, the Virgin Islands and Washington, D.C., introduced AI bills, and 31 states, Puerto Rico and the Virgin Islands adopted resolutions or enacted AI legislation, according to the National Conference of State Legislatures.

Outside the U.S., the European Union (EU) enacted the world’s first comprehensive AI regulation. According to the EU, “the aim of the new rules is to foster trustworthy AI in Europe and beyond, by ensuring that AI systems respect fundamental rights, safety, and ethical principles and by addressing risks of very powerful and impactful AI models.”

As a post-quantum future looms, policymakers will also soon be addressing compliance requirements related to PQC standards. This will require enterprises to ensure their cryptographic practices are compliant with evolving regulations and standards.

Simplifying data security and compliance 

Laws and regulations addressing data security and privacy are continuing to evolve. To successfully navigate compliance today, enterprises need solutions that take the complexity out of compliance.

NetSfere takes the complexity out of compliance, providing enterprises with a convenient and frictionless way to communicate and collaborate while safeguarding data security and ensuring regulatory compliance. 

An AI-driven, quantum-safe platform, NetSfere helps organizations build the most secure, compliant digital workplace with industry-leading PQC end-to-end encryption, full IT control, guaranteed compliance, and no data collection ever.

Wrapping up

Enterprises today face a wide array of cybersecurity risks that make it challenging to maintain the security, privacy, and integrity of their data. As the threat landscape expands, technology advances and the regulatory environment continues to evolve, solutions like NetSfere are mission-critical to helping organizations mitigate these risks. 

 

The post Solving for Enterprise Cybersecurity Challenges and Risks with Secure Business Communication appeared first on Cybersecurity Insiders.

In today’s digital-first era, cyber threats are a persistent and challenging reality for enterprises. According to a 2024 State of Cybersecurity report by the Information Systems Audit and Control Association (ISACA), 38% of organizations experienced increased cybersecurity attacks in 2024, compared to 31% in 2023. Data from Check Point shows that these attacks continue to increase, spiking to an average of 1,876 cyberattacks per organization during Q3 of 2024. This marks a 75% increase over the same period in 2023.

With cyber threats continuing to grow in frequency and sophistication, it’s not surprising that cyber risks are the number one business concern. A PwC survey found that 66% of tech leaders rank cyber as the top risk their organization is prioritizing for mitigation over the next 12 months. 

There is no doubt that digital-first enterprises today are facing a wide array of security challenges and threats. An expanding threat landscape, rapidly evolving technology and a fragmented regulatory environment are all converging to create enormous complexity for organizations when it comes to protecting sensitive business data.

To solve these security challenges and risks, enterprises are turning to technologies like NetSfere’s mobile messaging and collaboration platform that are designed to maintain data security, integrity, and privacy.

Expanded threat landscape

With the adoption of remote and hybrid working models and ongoing enterprise digital transformation, the cyber threat landscape continues to expand in organizations. 

Hybrid and remote work are a mainstay in many businesses today. A report by Owl Labs reveals that in 2024 more than one in three workers (38%) were hybrid or remote, increasing by 15% from 2023. This includes 27% who are hybrid, a 4% increase from last year. The report also revealed that full-time remote work surged by 57%, with 11% of workers working from home.

As organizations expand their digital footprints to support remote and hybrid work and improve customer experience, the number of endpoints and applications multiply and right along with that comes increasing exposure to security vulnerabilities. 

Solving for these risks

Enterprises can reduce this exposure and strengthen their security posture by using a secure by design and default mobile messaging and collaboration platform.

Purpose built for enterprises, NetSfere ensures the security, compliance, and control of business communication across geographically dispersed teams and across all devices. 

The end-to-end encryption (E2EE) built into the platform protects data at rest and in transit and robust administrative controls embed data security and compliance into business communication across every channel. Combined, these features reduce the attack surface, providing no point of entry for threat actors intent on accessing and exploiting sensitive enterprise data.

Rapidly evolving technology

While new technology brings many benefits to enterprises, it also introduces new threats. Today, the rapid adoption of artificial intelligence (AI) is posing security challenges for organizations and the looming emergence of quantum computing is bringing other security threats to the forefront.

AI

Enterprises are increasingly accelerating the adoption of AI to automate tasks, improve data analysis and decision making, personalize customer experiences and more. According to a survey by McKinsey, while AI adoption by respondent organizations hovered at about 50% over the last six years, in 2024, adoption jumped to 72%.

As enterprises rush to deploy AI to reap the business value of this technology, cybercriminals are busy using the technology to hone and automate their attacks. They are weaponizing AI to execute sophisticated phishing attacks, deploy malware that evades detection, and compromise chatbots. 

Quantum computing

Experts do not know exactly when quantum computing will arrive, but many believe that it could be in the next five to ten years. 

Google’s recent introduction of a new quantum chip called Willow marked a significant advancement toward commercially viable quantum computing. Willow performed a computation in under five minutes that would take one of today’s fastest supercomputers 1025 or 10 septillion years.

The looming concern for enterprises is that a future cryptographically relevant quantum computer (CRQC) will be able to break most public-key encryptions that currently secure digital communications.

While quantum breakthroughs like Willow cannot yet break current encryption protocols, it is only a matter of time before the technology matures enough to do so.

The quantum risk is not just a future worry for enterprises – quantum threats are present today. Cybercriminals are wasting no time preparing for the quantum computing era by deploying “harvest-now, decrypt-later” (HNDL) attacks. Bad actors are currently working to steal encrypted data and storing the data until they can use quantum computers to decrypt it. They are mining data from messaging apps, collaboration tools, and other systems, putting sensitive business data at risk of exposure and exploitation. 

The fast-approaching era of quantum computing is creating an urgent imperative for enterprises to speed up their timelines for adopting post-quantum cryptography (PQC) to protect critical systems and data from quantum threats.

Securing against emerging threats  

As AI and quantum computing pose new security challenges, organizations need secure solutions designed to address these challenges. 

NetSfere’s AI-driven mobile messaging platform is built for the enterprise, unlocking the full value of AI safely and securely. It provides a secure AI experience unique to each organization without integrating with any open-source chat/AI functionalities and without any data or information ever leaving the enterprise.

NetSfere also future-proofs business communication, defending sensitive data against the impending capabilities of quantum computing. NetSfere’s crypto-agile architecture features seamless integration of post-quantum cryptography that ensures data remains secure now and in the quantum era.

Fragmented regulatory environment

As technology evolves and the threat landscape expands, policymakers are working to develop cybersecurity laws and regulations aimed at protecting data security and privacy. 

In the U.S., the absence of a federal data privacy regulation means that enterprises must comply with a fragmented mix of state laws that govern how data is collected, processed, and stored. Overlapping compliance regulations across different states and countries creates compliance complexity that is massively challenging for enterprises to navigate.

Last year, seven new states passed comprehensive data privacy laws in the U.S., bringing the total number of state data privacy laws to 19.

Lawmakers are also working to address the unique data protection challenges posed by AI.

In the U.S. last year, at least 45 states, Puerto Rico, the Virgin Islands and Washington, D.C., introduced AI bills, and 31 states, Puerto Rico and the Virgin Islands adopted resolutions or enacted AI legislation, according to the National Conference of State Legislatures.

Outside the U.S., the European Union (EU) enacted the world’s first comprehensive AI regulation. According to the EU, “the aim of the new rules is to foster trustworthy AI in Europe and beyond, by ensuring that AI systems respect fundamental rights, safety, and ethical principles and by addressing risks of very powerful and impactful AI models.”

As a post-quantum future looms, policymakers will also soon be addressing compliance requirements related to PQC standards. This will require enterprises to ensure their cryptographic practices are compliant with evolving regulations and standards.

Simplifying data security and compliance 

Laws and regulations addressing data security and privacy are continuing to evolve. To successfully navigate compliance today, enterprises need solutions that take the complexity out of compliance.

NetSfere takes the complexity out of compliance, providing enterprises with a convenient and frictionless way to communicate and collaborate while safeguarding data security and ensuring regulatory compliance. 

An AI-driven, quantum-safe platform, NetSfere helps organizations build the most secure, compliant digital workplace with industry-leading PQC end-to-end encryption, full IT control, guaranteed compliance, and no data collection ever.

Wrapping up

Enterprises today face a wide array of cybersecurity risks that make it challenging to maintain the security, privacy, and integrity of their data. As the threat landscape expands, technology advances and the regulatory environment continues to evolve, solutions like NetSfere are mission-critical to helping organizations mitigate these risks. 

 

The post Solving for Enterprise Cybersecurity Challenges and Risks with Secure Business Communication appeared first on Cybersecurity Insiders.

In 2025, many security teams face a stark reality: they are being asked to manage increasing workloads with dwindling resources, all while threats and breaches continue to multiply. When a critical vulnerability or incident arises, these teams often find themselves working around the clock. The result is an unsustainable cycle that erodes both their effectiveness and well-being.

In addition, imposter syndrome is alarmingly prevalent among cybersecurity professionals. A survey by Careers in Cyber found that over 58% of professionals in this field experience persistent self-doubt and feelings of inadequacy despite their achievements.

On top of this, the tight-knit and highly skilled nature of the community often exacerbates these feelings, as comparisons with peers can intensify self-doubt. While camaraderie is one of the profession’s greatest strengths, the pressure to measure up can be overwhelming.

All this can contribute to a high rate of burnout. In fact, nearly half – 46% – of security professionals who leave their roles point to burnout as the primary reason. These departures don’t just represent lost talent; they create critical gaps in institutional knowledge and security coverage, leaving organizations more vulnerable to threats.

The good news is that companies can take meaningful steps to support these teams. By focusing on sustainable practices that place people and security on equal footing, they can create a healthier, more effective environment for their teams.

How Companies Can Empower Teams and Reduce Stress

To tackle these challenges head-on, organizations need to build balance and resilience within their cybersecurity teams. Here are three important strategies for doing this.

#1: Encourage Boundaries Between Work and Real Life

It’s time to stop treating exhaustion as a badge of honor and prioritize real work-life balance. Flexible schedules, clear on-call boundaries and access to mental health resources can reduce stress and boost well-being and professional effectiveness.

Leadership sets the tone and should lead by example. Company leaders can address stressors before they overwhelm teams by fostering open communication, transparency and regular check-ins. Creating an environment where employees feel encouraged to disconnect without fear of falling behind is essential for building a sustainable, productive workplace culture. Some other examples from industry leaders include:

  • A monthly mental health stipend for flexibility in choosing what works best for them.
  • Access to newsletters, webinars and podcasts exploring related topics like stigma, relationships, anxiety, balancing work and life, homeschooling and staying connected.
  • Ensuring employee benefits include counseling, life coaches and even gym memberships.

#2: Invest in People

Remember the excitement of starting in tech? That spark can stay alive by focusing on meaningful growth—sharpening technical skills, developing leadership and improving communication and time management.

Ongoing training builds confidence and reduces burnout by providing purpose and preventing stagnation. Including mental health training such as Mental Health First Aid also helps foster a supportive, balanced culture. Mentorship programs help spread knowledge, lighten workloads and encourage collaboration. Growth can drive continued success, but it should empower employees and not feel like another task.

#3: Automate, Automate and then Automate Some More

Let’s face it—no one gets into tech to do repetitive tasks, but time after time, we find ourselves doing them no matter our role. Automated tools can take over the more mundane work, handling routine alerts, streamlining incident response and neutralizing low-level threats. This process lightens workloads and reduces cognitive strain by cutting out repetitive, time-consuming work. As a result, teams can focus on critical thinking, problem-solving and strategic initiatives that genuinely add value.

Make Self-Care Part of Your Security Stack

While tackling mental health challenges in cybersecurity often requires support at the organizational level, it also requires individuals to set boundaries and take ownership of their well-being. Here are three tips to help individuals set themselves up for success:

1.Take Breaks: Take regular breaks to disconnect and recharge. Even a short walk or a few minutes of mindfulness can make a significant difference. Leaders can model this behavior by stepping away themselves, signaling to their teams that well-being is a priority.

2.Move Your Body: Exercise is a proven stress reliever. Take advantage of gym memberships and wellness programs, or encourage daily movement. Teams can also engage in group activities like step challenges to build camaraderie while promoting health.

3.Normalize Seeking Help: Make mental health support a regular part of professional life. Talk to a therapist or access resources offered by your organization, but also consider creating mental health channels in security-related Discord and Slack groups. Scheduled check-ins with friends—whether by phone, video or in person—can provide important moments of connection, especially on busy days.

Here are some resources for support:

The National Alliance on Mental Illness (NAMI)

The American Foundation for Suicide Prevention (AFSP)

Mental Health Hackers

American Psychiatric Association’s Resources for Employers

Mental Health First Aid

It’s Time to Break the Cycle

In 2025, the mental health of IT and cybersecurity professionals must be a priority. By investing in automation, tools, training and workplace culture, organizations can break the burnout cycle and empower teams to maintain a strong security posture. A healthy, supported team is not just an asset—it’s essential in the fight against cyber threats. Balance is key, and seeking help is a strength. Together, we can create a future where cybersecurity professionals thrive, strengthening and securing organizations.

Amanda Berlin

Amanda Berlin is senior product manager of cybersecurity at Blumira, where she leads the development of new detections based on threat intelligence and research. An accomplished author, speaker and podcaster, Amanda is known for her ability to communicate complex technical concepts in an accessible and engaging way for audiences of all backgrounds. She co-authored the O’Reilly Media book Defensive Security Handbook: Best Practices for Securing Infrastructure and is also the co-host of the Brakeing Down Security podcast. Amanda is the CEO and co-founder of Mental Health Hackers, a non-profit organization that raises awareness about mental health issues in the cybersecurity community.

 

The post Out with Burnout, In with Balance: Empowering Cybersecurity Teams in 2025 appeared first on Cybersecurity Insiders.

The upcoming Netflix show Zero Day paints a dramatic picture of a disastrous cyberattack on the United States, with severe infrastructural damage and thousands of casualties. Although the show has not been released yet, it has already raised an important question: Could such a catastrophic event happen in real life? 

Ilia Sotnikov, Security Strategist at Netwrix, explains why we can all enjoy the series, while those in charge of national critical infrastructure must continue their work to keep such a prolonged nationwide cybersecurity disaster improbable:

Nations around the globe have suffered attacks on their critical infrastructure in the past few years. Cyberattacks such as the ransomware attack on Colonial Pipeline have led to short-lived regional disruptions, and state-sponsored advanced persistent threat (APT) groups have tried to establish a foothold in various environments, from government agencies to telecom providers. 

Nevertheless, a devastating attack like the one in Zero Day is unrealistic in today’s world. There are three key reasons:

•Increasing security oversight for critical infrastructure — Critical infrastructure organizations like power plants, transportation networks and healthcare providers are not left to fend for themselves when it comes to cybersecurity. Governments around the world not only enact strict regulations but provide resources to help organizations adhere to them. In the US, the Cybersecurity and Infrastructure Agency (CISA) facilitates cybersecurity oversight across critical infrastructure and coordinates implementation efforts across the public and private sectors. In addition, national security and intelligence agencies keep their eyes on potential harmful activity that could impact critical infrastructure. This constant monitoring and collaboration reduce the likelihood of a successful attack on multiple critical systems simultaneously. 

•Operational and technical complexity — While a particular organization may be vulnerable to adversaries, executing a coordinated attack on a nation’s entire critical infrastructure requires overcoming significant technical and operational hurdles. Adversaries would have to establish persistence in multiple diverse environments, learn how each of them operates, and determine how to cause the most destruction and chaos. Then they would need to weaponize their presence in each environment by gaining access to the most impactful systems and controls. Such an operation would require not only gaining extremely high levels of access across multiple technology stacks in multiple highly secured environments but also being able to maintain it for a long time without raising any alarms. Realistically, this is a military-grade operation that very few nation-states have the means and motivation to contemplate, let alone hacker groups who will realize no financial gain from their efforts.

•Global monitoring and diplomacy — Intelligence services around the world are collecting information about other nation-states, whether they see them as hostile, competitive or even friendly; it’s a part of international politics. However, conducting a cyberoperation against another nation’s civilian infrastructure is a different thing altogether. Even if the incursion is limited to infiltration “only as preparation,” it’s akin to massing a huge invasion force at the border — an act that demands a response. In the modern world, the stakes are way too high for any nation-state to undertake such an attack, knowing that it will inevitably be seen as an act of war.

Still, risk management formulas always consider not just the probability of an adverse event but the severity of its impact. Even if an event is extremely unlikely, if the impact is completely unacceptable, then the organization or government must prepare for the scenario. That’s exactly the case with the risk of a coordinated cyberattack on a nation’s critical infrastructure — however unlikely such an event is, it is not impossible, so it’s essential to take steps to reduce the probability down as close to zero as possible. As we have seen, the government, the intelligence community and critical infrastructure organizations are already doing exactly that.

In short, while successful cyberattacks have damaged critical infrastructure on a modest scale in recent years, there is little risk of a doomsday event like the one in Netflix’s Zero Day. So sit back, relax and enjoy the show.

The post Netflix’s “Zero Day” TV Series: Is a Devastating Global Cyberattack Really Possible? appeared first on Cybersecurity Insiders.

Imagine you’re a performer at a circus. You’re juggling balls, pins, torches, and the occasional chainsaw, all while blindfolded. Shouts from the crowd are coming from every direction, and new objects keep getting tossed in without notice. You’re juggling as much as you can, but eventually, something’s bound to fall, and it could be the chainsaw. This scenario captures the reality of many modern Security Operations Center (SOCs) teams trying to manage threat detection with outdated tools.

According to Vectra AI’s 2024 State of Threat Detection report, SOCs are stretched thin, worn out, and increasingly frustrated as SOC professionals are expressing dissatisfaction with their current threat detection tools. What was meant to be a reliable security stack has turned into an overwhelming, noisy system that often hinders more than it helps. This has led to not only a breakdown in tools but also a breakdown in SOC team trust. 

The Growing Issue of SOC Fatigue

SOC teams are burnt out and overwhelmed by an endless stream of alerts, posing a growing threat to organizations. Due to the mass of alerts, 71% of SOC professionals worry about missing a real attack. Even more concerning, 62% of these alerts are ignored outright because teams simply don’t have the capacity to manage them all. 

Many of these teams are juggling 20+ different tools, but it’s not that simple – “more tools” does not mean “more secure.” For most SOCs, the number of tools is overwhelming, resulting in added complexity, extra manual effort, and more missed threats. Teams are left scrambling to fine-tune systems and prioritize alerts without clear direction. 

Balancing Precision vs Recall 

The problem (and solution) lies in a delicate balance: achieving comprehensive visibility without overloading SOC teams with data. Many tools aim to flag every potential threat to ensure nothing is missed. However, this approach fuels alert fatigue, burying SOC teams and increasing the risk of overlooking genuine attacks amidst false positives while leading to frustration and burnout. 

This is a perfect example of the precision vs. recall dilemma. Tools that prioritize recall aim to catch every possible threat, generating an overwhelming number of alerts to ensure nothing slips through the cracks. The trade-off? An excess of false positives and a frustrated SOC team. On the other hand, tools that focus on precision produce fewer, more accurate alerts but risk overlooking stealthy, low-and-slow attacks hidden within the noise. Finding the right balance between the two is where the challenge lies.

Tools must detect threats while also showing teams exactly how and why those threats were flagged. SOC teams should be given full visibility into the detection and response process so that they know where each signal is coming from, why it’s important, and how to respond. 

Turning Actionable Insights Into Reduced Workloads 

There is a silver lining, though. 75% of SOC professionals using AI tools have seen a significant reduction in their workload. Modern detection tools should unify real-time data from an entire attack surface with AI-powered analysis, enabling SOC teams to shift their focus from sorting through false alarms to responding to real threats. Instead of SOC analysts spending hours combing through a thousand emails to find the one that matters, modern tools should bring those critical messages straight to the top of the inbox. 

89% of SOC teams plan to invest in more AI-powered tools over the next year, but these investments need to be made into tools that deliver on their promises and provide actionable insights and customized solutions tailored to each SOC’s needs.

The Path to Restoring Trust 

In today’s complex cyber landscape, SOC teams aren’t asking for more tools; they’re looking for control. They require a platform and tools that integrate effortlessly, cut through the noise, and deliver actionable, explainable AI-driven insights that truly make a difference.

The post Restoring SOC Team Confidence Amid Waves of False Positives appeared first on Cybersecurity Insiders.