The MCP flaw reveals a systemic AI security gap, exposing enterprise systems to supply chain attacks and forcing a shift toward data-layer governance.
The post The MCP Disclosure Is the AI Era’s ‘Open Redirect’ Moment appeared first on TechRepublic.
WhatsApp is testing usernames that could let users chat without sharing phone numbers, adding a new privacy layer now rolling out to some beta users.
The post WhatsApp New Update Lets You Chat Without Sharing Your Phone Number appeared first on TechRepublic.
NWN launches an AI-powered security platform to tackle tool sprawl, alert fatigue, and modern cyber threats in the era of agentic enterprises.
The post Why Operationalizing AI Security Is the Next Great Enterprise Hurdle appeared first on TechRepublic.
Agentic AI dominated RSAC 2026, but security leaders warn governance is lagging. Here’s why discovery isn’t enough — and where control must evolve.
The post RSAC 2026 Proved the Industry Agrees on the Problem — Now Comes the Hard Part appeared first on TechRepublic.
RSA Conference 2026 spotlights AI in cybersecurity, from SOC automation to governance challenges, as experts weigh trust, control, and risk.
The post Inside RSA 2026: Security Leaders Grapple With AI’s Growing Role and Risks appeared first on TechRepublic.
Threat actors are abusing the LiveChat SaaS platform to impersonate brands like PayPal and Amazon in phishing campaigns designed to steal credentials, credit card details, MFA codes, and other sensitive data. Victims are lured through phishing emails and directed to LiveChat pages where attackers use chat interactions to request personal and financial information. The campaign highlights how cybercriminals are increasingly leveraging legitimate services and real-time engagement to make phishing attacks appear more trustworthy.
The post LiveChat Abuse: How Phishers Are Exploiting SaaS Support Tools to Steal Sensitive Data appeared first on Security Boulevard.
America’s new National Cyber Strategy sends a very clear message that cybersecurity is now about resilience, not just defense. The strategy emphasizes modernizing federal networks, protecting critical infrastructure, and deploying AI-enabled cybersecurity capabilities to detect and disrupt threats at scale. It also reinforces long-standing priorities such as Zero Trust architecture and secure supply chains. But […]
The post Decoding the White House Cyber Strategy: Why Resilience Matters Now appeared first on ColorTokens.
The post Decoding the White House Cyber Strategy: Why Resilience Matters Now appeared first on Security Boulevard.
Cybersecurity concerns in 2024 can be summed up in two letters: AI (or five letters if you narrow it down to gen AI). Organizations are still in the early stages of understanding the risks and rewards of this technology. For all the good it can do to improve data protection, keep up with compliance regulations and enable faster threat detection, threat actors are also using AI to accelerate their social engineering attacks and sabotage AI models with malware.
AI might have gotten the lion’s share of attention in 2024, but it wasn’t the only cyber threat organizations had to deal with. Credential theft continues to be problematic, with a 71% year-over-year increase in attacks using compromised credentials. The skills shortage continues, costing companies an additional $1.76 million in a data breach aftermath. And as more companies rely on the cloud, it shouldn’t be surprising that there has been a spike in cloud intrusions.
But there have been positive steps in cybersecurity over the past year. CISA’s Secure by Design program signed on more than 250 software manufacturers to improve their cybersecurity hygiene. CISA also introduced its Cyber Incident Reporting Portal to improve the way organizations share cyber information.
Last year’s cybersecurity predictions focused heavily on AI and its impact on how security teams will operate in the future. This year’s predictions also emphasize AI, showing that cybersecurity may have reached a point where security and AI are interdependent on each other, for both good and bad.
Here are this year’s predictions.
Shadow AI will prove to be more common — and risky — than we thought. Businesses have more and more generative AI models deployed across their systems each day, sometimes without their knowledge. In 2025, enterprises will truly see the scope of “shadow AI” – unsanctioned AI models used by staff that aren’t properly governed. Shadow AI presents a major risk to data security, and businesses that successfully confront this issue in 2025 will use a mix of clear governance policies, comprehensive workforce training and diligent detection and response.
How enterprises think about identity will continue to transform in the wake of hybrid cloud and app modernization initiatives. Recognizing that identity has become the new security perimeter, enterprises will continue their shift to an Identity-First strategy, managing and securing access to applications and critical data, including gen AI models. In 2025, a fundamental component of this strategy is to build an effective identity fabric, a product-agnostic integrated set of identity tools and services. When done right, this will be a welcome relief to security professionals, taming the chaos and risk caused by a proliferation of multicloud environments and scattered identity solutions.
Explore cybersecurity servicesCybersecurity teams will no longer be able to effectively manage threats in isolation. Threats from generative AI and hybrid cloud adoption are rapidly evolving. Meanwhile, the risk quantum computing poses to modern standards of public-key encryption will become unavoidable. Given the maturation of new quantum-safe cryptography standards, there will be a drive to discover encrypted assets and accelerate the modernization of cryptography management. Next year, successful organizations will be those where executives and diverse teams jointly develop and enforce cybersecurity strategies, embedding security into the organizational culture.
As organizations begin the transition to post-quantum cryptography over the next year, agility will be crucial to ensure systems are prepared for continued transformation, particularly as the U.S. National Institute of Standards and Technology (NIST) continues to expand its toolbox of post-quantum cryptography standards. NIST’s initial post-quantum cryptography standards were a signal to the world that the time is now to start the journey to becoming quantum-safe. But equally important is the need for crypto agility, ensuring that systems can rapidly adapt to new cryptographic mechanisms and algorithms in response to changing threats, technological advances and vulnerabilities. Ideally, automation will streamline and accelerate the process.
Data and AI security will become an essential ingredient of trustworthy AI. “Trustworthy AI” is often interpreted as AI that is transparent, fair and privacy-protecting. These are critical characteristics. But if AI and the data powering it aren’t also secure, then all other characteristics are compromised. In 2025, as businesses, governments and individuals interact with AI more often and with higher stakes, data and AI security will be viewed as an even more important part of the trustworthy AI recipe.
As AI matures from proof-of-concept to wide-scale deployment, enterprises reap the benefits of productivity and efficiency gains, including automating security and compliance tasks to protect their data and assets. But organizations need to be aware of AI being used as a new tool or conduit for threat actors to breach long-standing security processes and protocols. Businesses need to adopt security frameworks, best practice recommendations and guardrails for AI and adapt quickly — to address both the benefits and risks associated with rapid AI advancements.
Protect against AI-assisted threats; plan for AI-powered threats. There is a distinction between AI-powered and AI-assisted threats, including how organizations should think about their proactive security posture. AI-powered attacks, like deepfake video scams, have been limited to date; today’s threats remain primarily AI-assisted — meaning AI can help threat actors create variants of existing malware or a better phishing email lure. To address current AI-assisted threats, organizations should prioritize implementing end-to-end security for their own AI solutions, including protecting user interfaces, APIs, language models and machine learning operations, while remaining mindful of strategies to defend against future AI-powered attacks.
There’s a very clear message from these predictions that understanding how AI can help and hurt an organization is vital to ensuring your company and its assets are protected in 2025 and beyond.
The post Cybersecurity trends: IBM’s predictions for 2025 appeared first on Security Intelligence.
The new year always kicks off with a flood of prediction articles; then, 12 months later, our newsfeed is filled with wrap-up articles. But we are often left to wonder if experts got it right in January about how the year would unfold. As we close out 2024, let’s take a moment to go back and see if the crystal balls were working about how the year would play out in cybersecurity.
Here are five trends that were often predicted for 2024.
As the year began, there was no doubt that artificial intelligence (AI) would be a main character in the year’s events — and that was right on the money. Many organizations began to use or continue using AI in their cybersecurity operations in a wide range of ways. For example, Microsoft’s internal response teams use a large language model to manage requests and tickets based on how they were handled previously, saving 20 hours per person each week.
As the world turned its attention over the summer to the Paris Olympics, the team responsible for keeping the Paris Olympics data, apps, systems and even physical buildings protected turned to AI. While 140 cyberattacks were linked to the Olympics, the teams’ efforts resulted in no disruption of the competitions.
Throughout the entire life cycle of the games, from before the opening ceremony to after the torch left Paris, cybersecurity teams used AI to secure critical information systems, protect sensitive data and raise awareness within the games’ ecosystem. Additionally, algorithmic video surveillance based in AI scanned video to detect abandoned bags, the presence of weapons, unusual crowd movements and fires.
Unfortunately, experts were right about cyber criminals also turning to AI technology to more effectively conduct attacks. Threat actors are using AI in a wide range of ways for data breaches and cyberattacks, including improved reconnaissance, better target profiling and lowering expertise required for conducting an attack. Because AI can automate many processes required for an attack, such as vulnerability scanning, exploitation and data exfiltration processes, more cyber criminals now have the skills for even more damaging attacks.
“Since the release of gen AI, attackers are increasingly employing tools along with large language models to carry out large-scale social engineering attacks, and Gartner predicts that by 2027, 17% of total cyberattacks/data leaks will involve generative AI,” wrote Gartner in an August 2024 press release.
IBM distinguished engineer Jeff Crume has no doubt that the trend of cyber criminals using AI for attacks will continue in 2025. He says that cyber professionals do a better job of authentication because attackers are finding it easier to log in than to hack in. While looking for bad grammar and spelling errors now works to spot phishing attacks, he expects that this will no longer work as AI-based phishing attacks hit mass distribution.
Explore cybersecurity servicesWhile experts correctly predicted that deepfakes would become more of a threat in 2024, it’s likely no one expected the scale of arguably the most shocking deepfake story of the year. At the beginning of 2024, attackers created a deepfake video call that led to an employee giving the cyber criminals $25 million, which showed the power and damage that deepfakes can cause. But the World Economic Forum expects that the trend will only increase, even declaring that over the next two years, AI-fueled disinformation will be the number one threat in the world.
Throughout the year, other deepfake incidents made headlines. Quantum AI, an AI company, was suspected by the Securities and Exchange Commission of using AI to generate deepfakes on social media to deceive the public that Elon Musk developed the company’s technology. Even the well-received Paris Olympics were not immune to deepfakes, with Russian Group Storm-1679 suspected of creating AI content to discredit the International Olympic Committee. As the year closed out, German citizens saw an increase in AI-based propaganda regarding the upcoming German elections in 2025, including text, images and video.
Ray Harishankar, IBM Fellow, IBM Quantum Safe, predicted that in 2024, “harvest now, decrypt later” attacks would become more common. As the year moved forward, quantum computing became an increasingly top concern, especially the harvest-now attacks. In July, the Office of Management and Budget released the Report on Post-Quantum Cryptography, which urged organizations to prepare their systems and processes for advancements in quantum computing.
During the fall of 2024, the predictions of the quantum’s impact became even more urgent, as symmetric cryptography would be unsafe by 2029, with even asymmetric cryptography fully breakable by quantum technology by 2034.
“That does not mean, however, that the risks are five years away. The prospect of harvest-now, decrypt-later attacks is already a concern, making the post-quantum cryptography transition an urgent priority,” wrote Gartner.
John Dwyer, former Head of Research at IBM X-Force, predicted we might face a ransomware recession as more companies pledged not to pay the ransom. While we wish we could declare this came true, the jury is still out, and likely, we won’t know for sure until all the data is collected from 2024.
However, Wired declared in the summer of 2024 that “ransomware showed no signs of slowing down in 2024 — despite increasing police crackdowns.” In December, Heather Wishart-Smith wrote in her Forbes article The Persistent Ransomware Threat: 2024 Trends and High-Profile Attacks about the increasing dual extortion technique of cyber criminals as an increasing trend in 2024.
All in all, the experts were largely on target with their 2024 predictions. And in the next few weeks, we will start the prediction game all over again as we wonder what’s in the cards for cybersecurity in 2025.
The post 2024 trends: Were they accurate? appeared first on Security Intelligence.
With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.
We’ve summarized this past year’s top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following year.
On April 8, 2024, one of the largest personal data breaches took place, leading to nearly 3 billion US citizens having their information leaked on the dark web. Even more shocking was that all of this information came from only one source — National Public Data, a background check and fraud prevention service located in Coral Springs, Florida.
The stolen information collected contained names, social security numbers, home addresses and known relatives, and was listed on the dark web for sale for $3.5 million. Many of the victims were still unaware of the breach several months later, leading to several class action lawsuits filed by a dozen U.S. states. National Public Data has since then filed for bankruptcy.
A SecurityScorecard report revealed this year that 90% of the world’s top energy companies experienced data breaches that stemmed from third-party breaches. Many of these attacks were a direct result of increased reliance on cloud services and third-party integration to manage networked systems.
It was confirmed that out of the 264 individual breaches linked to third-party compromises, the MOVEit vulnerability was one of the major reasons for the issues. With critical infrastructure organizations playing a significant role in the health and well-being of citizens, these types of breaches continue to threaten public safety. The energy sector as a whole has since begun implementing stricter vendor assessments, continuous system and threat monitoring solutions and more secure data transfer protocols.
Read the Cost of a Data Breach ReportAccording to the IBM Cost of a Data Breach 2024 report, the financial sector has seen a surge in data breach costs since the pandemic, reaching an average of $6.08 million per incident. While various attack types account for this increase, IT failures and simple human error account for a significant portion of the problem.
While certain improvements have been made in threat detection and containment timelines, many financial firms still have an uphill battle to climb. Larger-scale financial service breaches are now estimated to reach hundreds of millions of dollars in damages, leading many organizations to invest more in comprehensive identity and access management (IAM) solutions, AI-powered security solutions and dedicated incident response teams.
The global average cost of data breaches jumped 10% year-over-year between 2023 and 2024, with the latest figure reaching an alarming $4.88 million. The number represented by this average is driven by a number of factors, including lost business revenues, recovery costs and regulatory fines.
Complicating this ongoing trend, 40% of breaches recorded now involve data spread across multiple public and cloud environments and on-premises systems. These larger digital footprints average over $5 million in recovery costs with an average containment timeline of 283 days. Encouragingly, organizations that leverage AI-driven security workflows are experiencing a significantly lower average of $2.2 million per breach, pointing to a positive trend in next-generation security measures.
The cybersecurity skills gap widened over the last few years, with 50% of organizations experiencing data breaches reporting that they stemmed from staffing shortages. Skills shortages are specific to a wide range of critical areas, including cloud security and incident response, data analysis and compliance expertise. Another growing need for these impacted organizations is proficiency in security information and event management (SIEM) tools and active threat hunting.
In an ongoing effort to fill the key personnel gaps, it’s now recommended that organizations put a stronger focus on upskilling their existing workforce. Modern businesses can also leverage professional soft skills such as good communication and adaptability to help supplement and strengthen their security teams.
The past year has shown that while modern cybersecurity tools and solutions provide protection against a broader range of threats, very few industries and organizations are immune to cyber crime’s evolving nature.
As we move into 2025, enterprises should prioritize a proactive approach to cybersecurity planning. This includes optimizing their access restriction policies when operating with both in-house and remote teams, working to address any critical staffing shortages, and creating a stronger culture of security awareness within their organization.
The post 2024 roundup: Top data breach stories and industry trends appeared first on Security Intelligence.
Entrar