The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has launched a new initiative called “CI Fortify” aimed at helping critical infrastructure operators prepare for disruptive cyberattacks linked to geopolitical conflicts. The initiative comes amid growing concerns over nation-state cyber threats targeting operational technology (OT) systems that support essential services across the United States. The CI Fortify initiative focuses on improving critical infrastructure resilience through two key objectives: isolation and recovery. CISA said the effort is designed to help operators maintain essential operations even if adversaries compromise telecommunications networks, internet services, or industrial control systems. According to the agency, nation-state actors are no longer limiting their activities to espionage. Instead, threat groups have increasingly been pre-positioning themselves inside critical infrastructure environments to potentially disrupt or destroy systems during future geopolitical conflicts.

CI Fortify Initiative Focuses on Isolation and Recovery

Under the CI Fortify initiative, CISA is urging critical infrastructure organizations to assume that third-party communications and service providers may become unreliable during a crisis. Operators are also being asked to plan under the assumption that threat actors may already have some level of access to OT networks. Nick Andersen, Acting Director at CISA, emphasized the need for organizations to prepare for worst-case operational scenarios. “In a geopolitical crisis, the critical infrastructure organizations Americans rely on must be able to continue delivering, at a minimum, crucial services,” Andersen said. “They must be able to isolate vital systems from harm, continue operating in that isolated state, and quickly recover any systems that an adversary may successfully compromise.” The isolation strategy outlined under CI Fortify involves proactively disconnecting operational technology systems from external business networks and third-party connections. CISA said this approach is intended to prevent cyber impacts from spreading into OT environments while allowing organizations to continue delivering essential services in a degraded communications environment. The agency advised operators to identify critical customers, including military infrastructure and other lifeline services, and determine the minimum operational capabilities needed to support them during emergencies. CISA also recommended updating engineering processes and business continuity plans to support safe operations for extended periods while systems remain isolated.

Recovery Planning Central to Critical Infrastructure Resilience

Alongside isolation, the CI Fortify initiative places strong emphasis on recovery planning. CISA urged operators to maintain updated system documentation, create secure backups of critical files, and regularly practice system replacement or manual operational transitions. The agency noted that organizations should also identify communications dependencies that could complicate recovery efforts, such as licensing servers, remote vendor access, or upstream network connections. CISA encouraged operators to work closely with managed service providers, system integrators, and vendors to understand potential failure points and establish alternative recovery pathways. The initiative also highlights broader benefits of emergency planning beyond cybersecurity incidents. According to CISA, the same planning processes can help organizations maintain operations during weather-related disruptions, equipment failures, and safety emergencies. The agency said isolation planning can help cut off command-and-control access to compromised systems, while strong recovery preparation can reduce incident response costs and shorten recovery timelines.

Security Vendors and Service Providers Asked to Support CI Fortify

The CI Fortify initiative extends beyond infrastructure operators and calls on cybersecurity vendors, industrial automation suppliers, and managed service providers to support resilience planning efforts. Industrial control system vendors are being encouraged to identify barriers that could interfere with isolation and recovery procedures, including licensing restrictions and server dependency issues. Managed service providers and integrators are expected to assist organizations in engineering updates, local backup collection, and recovery documentation planning. Meanwhile, security vendors are being asked to support threat monitoring and provide intelligence if nation-state actors shift from espionage-focused activity to destructive cyber operations. CISA also requested vendors share information related to tactics that could undermine recovery or bypass isolation protections, including malicious firmware updates and vulnerabilities affecting software-based data diodes.

Volt Typhoon Cyberattacks Continue to Shape U.S. Cybersecurity Strategy

The launch of CI Fortify is closely tied to ongoing concerns surrounding the Volt Typhoon cyberattacks, which U.S. officials have linked to Chinese state-sponsored threat actors. CISA’s initiative specifically references the Volt Typhoon campaign as an example of how adversaries have attempted to establish long-term access inside U.S. critical infrastructure systems to potentially support disruptive actions during military conflicts. The Volt Typhoon operation first became public in 2023, when U.S. authorities revealed that Chinese hackers had infiltrated multiple sectors of American critical infrastructure. Former CISA Director Jen Easterly stated in 2024 that the agency had identified and removed Volt Typhoon intrusions across several sectors. She later reiterated in 2025 that efforts continued to focus on identifying and evicting Chinese cyber actors from critical infrastructure environments. Despite these operations, cybersecurity researchers and some government officials have warned that Chinese threat actors may still retain access to portions of critical infrastructure networks. Several experts have argued that nation-state groups remain deeply embedded in certain environments despite years of remediation efforts. With the CI Fortify initiative, CISA appears to be shifting focus toward operational resilience, recognizing that prevention alone may not be sufficient against sophisticated nation-state cyber threats targeting U.S. critical infrastructure.

The U.S. Department of the Treasury has unveiled a new digital asset cybersecurity initiative, aimed at strengthening defenses across the rapidly growing digital asset ecosystem. The initiative, announced by the Treasury’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP), seeks to provide timely and actionable cyber threat intelligence to eligible U.S.-based digital asset firms. The move comes amid escalating cyberattacks targeting cryptocurrency platforms and follows recommendations outlined in the federal report “Strengthening American Leadership in Digital Financial Technology.”

Understanding About Digital Asset Cybersecurity Initiative 

At its core, the digital asset cybersecurity initiative will extend high-quality threat intelligence, previously reserved for traditional financial institutions—to digital asset companies and industry organizations. This includes insights that help firms detect, prevent, and respond to cyber threats affecting their platforms, customers, and infrastructure. “Digital asset firms are an increasingly important part of the U.S. financial sector, and their resilience is critical to the health of the broader system,” said Luke Pettit, Assistant Secretary for Financial Institutions. “By extending access to the same high-quality cybersecurity information used by traditional financial institutions, Treasury is helping promote a more secure and responsible digital asset ecosystem,” he added further. Eligible firms that meet Treasury criteria will receive this information at no cost, signaling a broader push to align cybersecurity standards across financial sectors.

Rising Threats Drive Urgency for Digital Asset Cybersecurity

The digital asset cybersecurity initiative comes at a time when cyber threats against cryptocurrency platforms are intensifying in both scale and complexity. Treasury officials emphasized that the initiative directly responds to this evolving threat landscape. “Cyber threats targeting digital asset platforms are growing in frequency and sophistication,” said Cory Wilson, Deputy Assistant Secretary for Cybersecurity. “This initiative expands access to actionable threat information that helps firms strengthen defenses, reduce risk, and respond more effectively to incidents.” Recent incidents emphasize the urgency. Alleged North Korean hackers reportedly stole $280 million from crypto platform Drift using a complex attack. Industry-wide losses exceeded $3.4 billion last year, with billions more lost annually over the past five years. In another case, Bitcoin ATM operator Bitcoin Depot disclosed a cyberattack on March 23 that resulted in losses exceeding $3.6 million. Additional breaches this year have reported losses of $26 million and $40 million, highlighting persistent vulnerabilities across the sector.

Government Push Amid Ongoing Crypto Crime

Despite increased enforcement efforts, cybercriminals and nation-state actors continue to exploit weaknesses in the digital asset ecosystem. U.S. authorities, including the Justice Department, have ramped up prosecutions and issued repeated warnings about infiltration attempts, particularly by North Korean threat groups. However, these measures have had limited success in curbing attacks. Threat actors continue to exploit coding flaws, social engineering tactics, and employee vulnerabilities to gain access to crypto platforms. The digital asset cybersecurity initiative is designed to complement these efforts by shifting focus toward proactive defense and real-time intelligence sharing rather than reactive enforcement alone.

Strengthening the Future of Digital Finance

Treasury officials also framed the digital asset cybersecurity initiative as a foundational step for the future of digital finance. As digital assets become more integrated into mainstream financial systems, cybersecurity is emerging as a critical pillar for sustainable growth. “This initiative reflects the principles of the GENIUS Act by promoting responsible innovation grounded in strong cybersecurity and operational resilience,” said Tyler Williams, Counselor to the Secretary for Digital Assets. “As digital assets become more integrated into the financial system, access to timely and actionable cyber threat information is essential to protecting consumers and safeguarding the stability of U.S. financial markets,” Williams added. The broader federal strategy emphasizes balancing innovation with security. The Treasury’s report highlights the need for regulatory clarity, risk mitigation, and public-private collaboration to support the long-term growth of digital assets while addressing illicit finance and cyber risks.

A Step Toward Industry-Wide Cyber Resilience

With cyberattacks continuing to disrupt the crypto ecosystem, the digital asset cybersecurity initiative represents a significant step toward improving industry-wide resilience. By bridging the gap between traditional financial cybersecurity frameworks and emerging digital asset platforms, the initiative aims to create a more secure and stable environment for innovation. As digital assets evolve from niche technology to a core component of global finance, initiatives like this may play a key role in shaping how the industry manages risk, and whether it can keep pace with increasing cyber threats.

With 90% of organizations unprepared for quantum threats, the shift to post-quantum cryptography (PQC) is a structural necessity. Explore the "harvest now, decrypt later" risk and the NIST PQC standards.

The post The Quantum Clock is Ticking and Your Encryption is Running Out of Time  appeared first on Security Boulevard.

CTG, now operating under the Cegeka Group, is rolling out a cyber resilience scoring dashboard at RSAC 2026 that boils an organization’s security posture down to one number. The dashboard consolidates results from multiple security assessments into a single view. It produces an overall resilience score, domain-level maturity indicators, and progress tracking mapped to NIST,..

The post CTG Launches Cyber Resilience Scoring Dashboard to Give CISOs a Single Risk Number appeared first on Security Boulevard.

Stop treating employees like the "weakest link." Discover why traditional cybersecurity awareness training fails and how to build a culture of belonging through human-centered design, security guardrails, and collaborative resilience.

The post Rethinking Cyber Awareness: From Blame to Belonging  appeared first on Security Boulevard.

For companies running a modern, adaptive and defense-centered security program, threat modeling is not a new concept. In fact, it’s one of the core tenets of preventative cybersecurity best practices. Being able to find vulnerabilities within software or a network, map them out and remediate them – before an attacker can successfully orchestrate a breach..

The post Threat Modeling with AI: A Developer-Driven Boon for Enterprise Security  appeared first on Security Boulevard.

Analysis of the Trump administration’s concise 2024 cybersecurity strategy arguing for policy-led government, private-sector implementation, deregulation to spur innovation, and elevation of AI security as a national priority.

The post The White House Got the Cyber Strategy Right — By Knowing What Not to Do appeared first on Security Boulevard.

Europe’s plan to build sovereign search infrastructure highlights a growing security concern: dependence on foreign platforms for access to information and AI knowledge may represent a systemic vulnerability.

The post Europe’s Sovereign Search Plan is Really a Security Strategy appeared first on Security Boulevard.

Veeam’s Agent Commander turns backup into an AI-era command center, giving enterprises the guardrails, visibility, and precision “undo” they need to safely scale autonomous agents.

The post Veeam’s ‘Agent Commander’: Bringing Guardrails and Resilience to the Wild West of AI appeared first on TechRepublic.

The CDK Global breach exposed how niche vendors can cripple entire industries. Move beyond questionnaires to continuous, AI-driven monitoring of third-, fourth- and nth‑party dependencies, dynamic prioritization, and threat‑informed supply‑chain risk management.

The post The Silent Supply Chain: Why Your Fourth-Party Vendor is Your Biggest Blindspot  appeared first on Security Boulevard.

Collaboration is more important than ever—and doable—according to the WEF’s Global Security Outlook 2026 report. 

The post Collaboration Critical As Geopolitical Pressures, AI Reshape Cybersecurity  appeared first on Security Boulevard.

As AI adoption accelerates, organizations must evolve their security strategies from prompt filtering to comprehensive behavioral monitoring. This shift is critical to safeguarding against adaptive threats and ensuring safe AI deployment in production environments.

The post The Attack Chain Your AI System is Already Missing  appeared first on Security Boulevard.

The UK government is tightening its government cyber security posture with a dual strategy, faster vulnerability remediation and a long-term workforce pipeline. With cyberattacks increasingly targeting public services, the launch of a new vulnerability monitoring service (VMS) alongside the creation of a dedicated cyber profession signals a structural shift in how the state plans to defend its digital infrastructure. Public-facing systems used by millions—from the National Health Service to the Legal Aid Agency—have become prime targets for cybercriminals. The government’s latest move acknowledges a simple reality: improving government cyber security is no longer just about tools; it is about speed, coordination, and skilled people.

Vulnerability Monitoring Service Accelerates Government Cyber Security Response

At the center of the announcement is the new vulnerability monitoring service designed to detect and fix cyber weaknesses significantly faster across public sector systems. According to government data, critical vulnerabilities are now being resolved six times faster than before reducing the average remediation window from nearly 50 days to just eight. The service focuses heavily on Domain Name System (DNS) risks, often overlooked but highly dangerous. DNS weaknesses can allow attackers to redirect users to malicious websites or disrupt essential services entirely. In the context of government cyber security, even small misconfigurations can have widespread consequences. The VMS continuously scans approximately 6,000 public sector organizations and detects around 1,000 different types of vulnerabilities. By automating detection and providing actionable remediation guidance, the government has also cut the backlog of critical unresolved vulnerabilities by 75%. This shift highlights a growing trend in public sector cyber security, automation is becoming essential as threat volumes continue to rise.

Cyber Risks Now Directly Impact Public Services

Speaking at the Government Cyber Security and Digital Resilience conference, Ian Murray emphasized the real-world consequences of cyber incidents: “Cyber-attacks aren’t abstract threats — they delay NHS appointments, disrupt essential services, and put people’s most sensitive data at risk. When public services struggle it’s families, patients and frontline workers that feel it. The vulnerability monitoring service has transformed how quickly we can spot and fix weaknesses before they’re exploited so we can protect against that." Adding further, he said, "We’ve cut cyber-attack fix times by 84% and reduced the backlog of critical issues by three quarters. And as the service expands to cover more types of cyber threats, fix times are falling there too. But technology alone isn’t enough. Today I’m launching a new government Cyber Profession to attract and develop the talented people we need to stay ahead of increasingly sophisticated threats - making government a destination of choice for cyber professionals who want to protect the services that matter most to people’s lives.” His remarks underline a key insight shaping modern government cyber security strategy—technical fixes must be matched with workforce capability.

Building Long-Term Cyber Resilience Through Talent

Alongside technical improvements, the government has launched its first dedicated cyber profession program in collaboration with the Department for Science Innovation and Technology and the National Cyber Security Centre. The initiative includes a cyber academy, apprenticeship pathways, and a structured career framework aligned with national professional standards. Manchester is expected to become a central hub, reinforcing the region’s growing digital ecosystem. Richard Horne, CEO of the NCSC, highlighted the broader impact of strengthening UK cyber resilience: “Cyber security is more consequential than ever today with attacks in the headlines showing the profound impacts they can have on people’s everyday lives and livelihoods. As our public services continue to innovate, it is vital that they remain resilient to evolving threats and vulnerabilities are being effectively managed to reduce the chances of disruption. The government Cyber Action Plan is a crucial step in building stronger cyber defences across our public services and the launch of the government Cyber Profession today will help attract and retain the most talented professionals with the top-tier skills needed to keep the UK safe online.”

Why Government Cyber Security Is Becoming a Workforce Challenge

While the new vulnerability monitoring service improves detection and response speed, the creation of a cyber profession reflects a deeper structural issue—skills shortages remain one of the biggest risks to government cyber security. Recent assessments have consistently warned that public sector organizations struggle to compete with private industry for cyber talent. By formalizing cyber career pathways, the government is attempting to make public service roles more competitive and sustainable. Ultimately, the announcement shows that cyber resilience is no longer treated as an IT function but as a national capability. Faster patching reduces immediate risk, but long-term government cyber security will depend on whether the public sector can successfully attract and retain the people needed to defend increasingly complex digital systems.

India’s rapidly expanding space sector has received a major policy push with the release of new space cyber security guidelines aimed at strengthening protection across satellite and ground infrastructure. The framework, jointly developed by the Indian Computer Emergency Response Team (CERT-In) and SatCom Industry Association India (SIA-India), signals a growing recognition that cyber resilience is now as critical to space missions as launch capability itself. The guidelines were unveiled during the DefSat Conference & Expo 2026 held in New Delhi, India, at a time when satellite communication systems are increasingly becoming the backbone of connectivity, navigation, defense operations, and disaster management across the country.

Space Cyber Security Moves from Technical Layer to Strategic Priority

India’s space ecosystem is no longer limited to government-led missions. The rapid rise of private satellite operators, ground station providers, and space-tech startups has significantly expanded the attack surface. As satellite communication networks support everything from banking connectivity in remote regions to military operations, the importance of space cyber security has moved beyond technical discussions into national strategic planning. The new framework acknowledges this shift by outlining security controls across the entire satellite lifecycle, from space assets and ground stations to supply chains and user terminals. It also highlights emerging risks such as signal spoofing, unauthorized command uplinks, firmware manipulation, and ground infrastructure compromise. [caption id="attachment_109838" align="aligncenter" width="602"] Image Source: PIB[/caption] These space cyber security guidelines are advisory in nature but provide a structured baseline for organizations to assess and improve their cyber posture. Importantly, the document pushes stakeholders to adopt risk-based governance rather than reactive compliance.

A Collaborative Model for Space Sector Cyber Resilience

According to Sanjay Bahl, Director General of CERT-In, “CERT-In remains steadfast in strengthening the cyber resilience of all sectors across Bharat. Recognizing the strategic importance of space systems, including satellite communication networks, to India’s technological sovereignty and future growth, these comprehensive guidelines establish a unified and forward-looking framework by considering defense in depth, breadth and height to safeguard satellite networks, ground infrastructure, space related supply chains and space assets against the rapidly evolving and increasingly sophisticated cyber threat landscape.” The emphasis on layered defense reflects a broader industry realization—traditional IT security models are insufficient for space systems, where physical assets in orbit cannot be easily patched or replaced. Subba Rao Pavuluri, President of SIA-India, highlighted the importance of public-private collaboration: “Public Private Partnership and the considered views of industry are fundamental to strengthening cyber resilience across any sector. This joint guideline document issued by CERT-In and SIA India reflect a holistic and collaborative approach, integrating industry perspectives with the deep cyber security expertise of CERT-In. Together, they mark a significant step forward in advancing the cyber security posture of India’s space sector and reinforcing its preparedness against emerging digital threats.” The collaborative approach is particularly relevant as private players now design, launch, and operate critical satellite services.

Rising Threat Landscape Forces a Shift in Security Thinking

The urgency behind strengthening space cyber security becomes clearer when viewed against recent threat activity. Anil Prakash, Director General, SIA-India, highlighted the scale of the challenge, emphasizing that India’s expanding space ecosystem can no longer treat cybersecurity as a technical afterthought. “India’s expanding space ecosystem now requires cybersecurity to evolve from a technical afterthought into a core pillar of mission assurance. The joint framework developed with CERT-In institutionalizes resilience across satellites, ground infrastructure, and supply chains—particularly significant at a time when over 1.5 million cyberattack attempts were recorded during Operation Sindoor and attacks on government networks surged nearly sevenfold,” he said. He further explained, “In this evolving threat landscape, critical infrastructure and industry are equally vulnerable. Importantly, these cyber guidelines are based on an adaptive model and will be periodically refined through structured industry consultation to remain responsive to emerging threats and technological advancements.” Concluding with a call to action for the industry, Prakash noted, “For industry, this is a clear call to adopt secure-by-design architectures and align innovation with national security imperatives.”

Why the Space Cyber Security Framework Matters Now

The release of these space cyber security guidelines marks an important shift in how India approaches digital risk in space. Instead of reacting to incidents, the framework promotes proactive controls such as threat intelligence sharing, supply chain security validation, and governance mechanisms including the appointment of CISOs for satellite operations. More importantly, the framework positions space cyber security as a continuous process rather than a one-time compliance exercise. As satellite constellations grow and commercial launches accelerate, cyber resilience will increasingly determine operational reliability. India’s space ambitions are expanding rapidly—but without secure communication layers, innovation alone cannot sustain trust. The CERT-In and SIA-India framework is a timely reminder that the future of space is not just about reaching orbit—it is about securing it.

Explore how organizations can prepare for the quantum age by developing quantum security intelligence, establishing governance plans, and prioritizing system updates. Learn strategies for building resilience without exorbitant investments as quantum computing technology advances

The post Will Your Organization Take the Quantum Leap in 2026? Read This First appeared first on Security Boulevard.

Organizations today continuously face a number of fast-moving cyber threats that regularly challenge the effectiveness of their cybersecurity defenses. However, to keep pace, businesses need a proactive and adaptive approach to their security planning and execution.

Cyber threat exposure management (CTEM) is an effective way to achieve this goal. It provides organizations with a reliable framework for identifying, assessing and mitigating new cyber risks as they materialize.

The importance of developing cybersecurity resilience

Regardless of the industry, all organizations are subject to certain security risks. While various tools and solutions can help to reduce this risk, the only real way of maintaining a strong security posture is by developing a certain amount of cybersecurity resilience.

Cybersecurity resilience is the ability of a business to maintain its core operational state regardless of an attempted or even successful cyberattack. The key components of cybersecurity resilience include:

• Proactive risk management: It’s important to be able to identify and mitigate any potential threats before they have the opportunity to exploit known vulnerabilities. This requires regular risk assessments and strict security policies.

• Continuous monitoring and improvement: Monitoring systems and networks is critical to help identify suspicious network activity while informing the necessary stakeholders for mediation. Regularly reviewing logs and threat reports also allows organizations to improve their security efforts going forward.

• Incident response and recovery: In the event of a successful breach, organizations must be prepared to handle all necessary protocols for threat containment while executing critical recovery efforts to minimize operational disruption.

• Maintaining a progressive cybersecurity culture: While security tools and solutions are important, organizations looking to establish more cybersecurity resilience need to also build awareness with their employees on relevant threats and how they can help protect themselves and the business.

What is CTEM?

While establishing cybersecurity resilience on its own is important, the prevalence and severity of modern-day security threats mean organizations need to look for a more comprehensive approach to threat management.

CTEM relies on the use of automated routines spread across an organization’s entire infrastructure, designed to identify and assess any security gaps present. Unlike traditional vulnerability assessments, which are typically scheduled throughout the year, CTEM solutions enable real-time threat intelligence at all times.

When integrated across all of an organization’s IT assets, including on-premise and cloud networks, systems, applications and databases, CTEM solutions provide a much more proactive approach to strengthening an organization’s security posture.

Explore cyber threat management services

Key components of CTEM

CTEM frameworks operate by incorporating several key components across an organization’s entire infrastructure. These components include:

Threat intelligence

Leveraging real-time threat intelligence, CTEM references an organization’s location, industry type and digital structure to benchmark against similar organizations while recognizing and prioritizing likely threats. This helps businesses place their mitigation efforts in the right places while always being one step ahead of malicious attackers.

Vulnerability management

CTEM makes use of active vulnerability scanning and assessment tools to look for common vulnerabilities and exposures (CVEs) as well as misconfigurations in systems and networks that could lead to exploitation. Using automated routines, CTEM solutions will run continuous scans for these vulnerabilities and then prioritize them based on the most critical risks.

Security testing

Applying CTEM frameworks across an organization can often include making use of penetration testing services and establishing red teams to help simulate real-world attack scenarios. This helps organizations validate the effectiveness of their current cybersecurity solutions and helps to “stress-test” response capabilities.

Risk assessment

CTEM solutions apply various risk assessment methodologies to help evaluate the potential impact of discovered vulnerabilities. This includes considering various factors that can impact remediation efforts, including the types of assets at risk, how financially sensitive each asset is and the potential impact a successful breach could have on the long-term viability of an organization.

Breaking down the five stages of CTEM

CTEM deployments are an iterative process that involves continuous improvement and refinement. The five stages of CTEM include:

1. Scoping: The initial stage of CTEM involves establishing certain boundaries within which the solution will operate. This requires organizations to identify the relevant systems, applications or key data the solution will actively monitor. Another element of this stage is to outline any specific goals or objectives that need to be achieved to ensure the solution is properly calibrated.

2. Discovery: The discovery stage is when all digital assets are cataloged within the defined scope. While many assets may already be defined during initial scoping stages, the CTEM discovery process may also identify unknown assets, including SaaS solutions or other shadow IT elements that may have been missed. This stage is completed using a series of automated tools that scan and catalog new assets as they’re discovered.

3. Prioritization: After all assets are properly cataloged, the next step is to assess and prioritize all risks associated with each of them. To achieve this, CTEM solutions will apply risk assessment protocols and active threat intelligence to determine the most critical risks.

4. Validation: The validation stage makes sure that any identified vulnerabilities are legitimate and require an actual remediation process. This is designed to minimize or eliminate any false positives.

5. Mobilization: The final stage of CTEM is mobilization, which is any action necessary to remediate vulnerabilities and mitigate risks. This can include coordinated efforts between security teams, IT operations and business stakeholders to ensure that vulnerabilities are addressed effectively.

Start implementing CTEM in your organization

Implementing CTEM is a crucial step towards improving an organization’s cybersecurity resilience. Here are some steps your organization can follow to start benefiting from CTEM integrations:

1. Begin with a cybersecurity risk assessment: Take the time to conduct a comprehensive cybersecurity risk assessment with the help of a security services partner to identify any potential vulnerabilities in your organization.

2. Embrace automation: Leveraging automation tools to streamline various aspects of your CTEM program is critical to enable real-time threat mitigation. This can help to reduce manual security efforts, improve the accuracy of risk remediation efforts and accelerate incident response times.

3. Prioritize and validate: Prioritize any discovered vulnerabilities based on their potential impact on your organization and validate any potential attack vectors using techniques like penetration testing and red team simulations.

4. Establish clear communication channels: It’s important to ensure that security information is shared effectively between different teams and stakeholders. Regardless of the type of CTEM solution your organization chooses to implement, establishing clear communication channels and protocols is essential to ensure that security information is disseminated effectively and acted on in a timely manner.

Keep your business ready

Implementing a CTEM program for your organization is a critical step for organizations considering today’s increasing cyber threats. By taking a proactive and continuous approach to your risk management strategy, you can significantly minimize your digital attack surface while achieving a more resilient cybersecurity posture.

The post How CTEM is providing better cybersecurity resilience for organizations appeared first on Security Intelligence.

A recent CISA red team assessment of a United States critical infrastructure organization revealed systemic vulnerabilities in modern cybersecurity. Among the most pressing issues was a heavy reliance on endpoint detection and response (EDR) solutions, paired with a lack of network-level protections.

These findings underscore a familiar challenge: Why do organizations place so much trust in EDR alone, and what must change to address its shortcomings?

EDR’s double-edged sword

A cornerstone of cyber resilience strategy, EDR solutions are prized for their ability to monitor endpoints for malicious activity. But as the CISA report demonstrated, this reliance can become a liability when paired with inadequate network defenses. Here’s why:

1. Tunnel vision on endpoints: EDR excels at identifying threats on individual devices but struggles with network-wide attacks. This leaves gaps when hackers exploit lateral movement or unusual data transfers — activities that often require network-level visibility to detect.
2. Playing catch-up with threats: Traditional EDR tools depend on recognizing known indicators of compromise (IOCs). Advanced attackers can easily sidestep these tools by using novel techniques or blending in with legitimate activity.
3. Blind spots in legacy systems: Legacy environments often go unnoticed by EDR, giving attackers free rein. In the CISA case, these systems allowed the red team to persist for months undetected.
4. Overwhelmed defenders: Even when EDR generates alerts, security teams can become desensitized by a flood of notifications. As seen in the CISA assessment, critical warnings can slip through the cracks simply because defenders are too stretched to respond.

Common EDR pain points

The challenges highlighted in the CISA report mirror broader issues organizations face with EDR:

• Detection without context: EDR tools often spot anomalies on endpoints but fail to connect the dots across the broader network. This lack of context can leave organizations blind to coordinated attacks.
• Weak network integration: Without network-layer defenses, EDR struggles to identify malicious activities like unusual traffic patterns or data exfiltration, key tactics in advanced breaches.
• Fragmented systems: Many organizations operate a patchwork of security tools, leaving critical gaps in coverage and making it harder to correlate data across endpoints, networks and cloud environments.

Explore threat detection and response services

The next evolution of EDR

Recognizing these shortcomings, cybersecurity is rapidly evolving beyond traditional EDR. Here’s how:

1. Extended detection and response (XDR): XDR takes EDR to the next level by integrating endpoint, network and cloud data into a single platform. This broader scope allows organizations to see the full attack picture and respond more effectively.
2. AI-driven insights: Cutting-edge EDR solutions now harness machine learning to detect subtle behavioral anomalies. By identifying deviations from normal activity, these tools catch threats even when no IOCs exist.
3. Zero trust security: Zero trust architectures take endpoint defense a step further by ensuring no device or user is trusted by default. This integration of endpoint, identity and network security reduces dependence on EDR alone.
4. Network visibility: Modern EDR tools are incorporating network traffic analysis to close the gaps identified in the CISA report. Monitoring traffic for anomalies, such as unusual data flows or external connections, bolsters defenses.
5. Cloud-native solutions: As businesses embrace hybrid and cloud environments, EDR is evolving to provide seamless coverage across on-premises and cloud systems, addressing vulnerabilities in these critical areas.

Why do gaps persist?

Even with these advancements, many organizations struggle to fully address EDR’s limitations:

• Resource strains: Small security teams often lack the bandwidth or expertise to implement and manage advanced solutions like XDR.
• Budget constraints: Upgrading to integrated platforms or modernizing legacy systems can be costly.
• Legacy challenges: Outdated environments remain vulnerable, acting as weak points that attackers can exploit.
• Leadership missteps: As the CISA report pointed out, organizations sometimes deprioritize known vulnerabilities, leaving critical gaps unaddressed.

Building a more resilient future

The CISA red team findings are a wake-up call: Endpoint protection alone is no longer enough. To outsmart today’s sophisticated adversaries, organizations must adopt a layered defense strategy that integrates endpoint, network and cloud security. Solutions like XDR, zero trust principles and advanced behavioral analysis offer a path forward — but they require strategic investments and cultural shifts.

The post Insights from CISA’s red team findings and the evolution of EDR appeared first on Security Intelligence.

Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.

But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.

Understanding the 6 dimensions of data cleanliness

It doesn’t matter where your company data is sourced — without addressing its quality and accuracy, you won’t be able to rely on it. To create the right data cleanliness policy, you’ll need to understand its different dimensions. These include:

• Accuracy: Identifies to what extent data can be trusted and is free from errors. This requires specific validation protocols and compliance with data collection standards.
• Completeness: Signifies whether or not collected data provides clear answers to certain questions. It involves evaluating any missing data attributes and recognizing any apparent gaps.
• Consistency: Checks that data is properly mirrored when stored in multiple databases and represented by a percentage of matched values.
• Validity: Refers to data adherence against predefined rules or formats. It helps eliminate the violation of logical constraints or data type restrictions.
• Uniqueness: Makes sure all data types reference the same units of measure or support formats to remove the possibility of information overlapping or duplication across data sets.
• Timeliness: Represents the degree to which data remains up-to-date. This ensures data is accessible when it’s required so it can be used properly.

Once you have a grasp on these six core elements, you’re ready to move forward with crafting your data cleanliness policy.

Explore data security solutions

Step 1: Define policy scope and objectives

The first step to take when creating a data cleanliness policy is to define all appropriate business objectives. Any specific data sets or systems and the intended use of the information within them should be clearly outlined.

This step also involves considering often-overlooked data, including unused software logs, outdated emails and former customer records. If this information is forgotten about, it can lead to security issues down the road when they are left in unsecured locations.

Step 2: Classify data assets

With your policy scope defined, you’ll need to take inventory of all relevant data sources. Data assets can include various databases spread across multi-cloud environments, locally stored spreadsheets or any other areas where data is stored.

Classifying all data assets is another way to minimize forgotten data from compiling and creating high-value targets for cyber criminals. During this process, you’ll also want to categorize data based on its relative sensitivity or regulatory requirements. This will make it easier to implement the right access controls and data retention policies.

Step 3: Establish data quality standards

The data quality standards you develop for your policy should be measurable and easy to understand. To achieve this, you’ll need to lay out specific criteria for each data type, including the acceptable formats data should be in and any validation rules you have in place.

With your metrics in place, you’ll be able to regularly monitor their performance over time. Many times, regulatory requirements will stipulate that data needs to meet certain accuracy and completeness benchmarks. Having these trackable metrics in place provides the transparency needed to ensure these regulations are continuously being met.

Step 4: Assign roles and responsibilities

Establishing clear accountabilities is essential when managing organizational data. Your data cleanliness policy should define the various roles in your organization, including specifying who can access data and what levels of permission they have.

Controlling the amount of individuals who can access, modify or delete data is one of the most important elements of ensuring data integrity over the long term. It helps you to mitigate the danger of insider threats as well as establish clear lines of accountability if and when anomalies are located in data sets.

It is also common to make use of a data governance team that can help to implement and enforce various policy initiatives. These teams can reduce the likelihood of data inconsistency and help support various data security protocols in place.

Step 5: Implement data cleansing procedures

In the event that data issues are discovered, your policy should also cover necessary data correction procedures. This can include standardization, normalization or deduplication of data stored across systems.

Another supporting element of this process is having clear data retention and disposal policies in place. This helps to reinforce best practices when it comes to data lifecycle management. It also minimizes a digital attack surface, making it less likely that sensitive information is left in a vulnerable storage state, and helps to minimize damages in the event of a successful cyberattack.

Maintain healthier organizational data

Being able to rely on the accuracy and consistency of your company data is critical. Not only does data integrity play an important factor in improving the value of your technology investments, but it also helps to strengthen your cybersecurity posture.

By following the steps above, you’ll be able to draft a data cleanliness policy that allows you to maintain healthier organizational data while extracting its full value.

The post How to craft a comprehensive data cleanliness policy appeared first on Security Intelligence.