The recent arrival of DeepSeek AI not only sent shockwaves throughout Silicon Valley but once again brought some very important data privacy issues back to the surface. Authorities in the Netherlands, Australia, Ireland and France have already begun examining the vendor’s data practices, with privacy worries front and center. In Italy, the regulator has already asked the government to ban the app to protect the data of Italian users.

AI tools aside, these issues are perennial headline-grabbers across the business ecosystem, with organizations everywhere struggling to build strategies that give stakeholders and regulators the certainty they need. The underlying paradox illustrates the depth of the challenge: data is an organization’s most valuable asset, but it can also be its greatest potential risk.

So, what more can organizations do to improve privacy? What approaches represent best practice and, aside from the obvious, what are the upsides of getting privacy processes right?

The foundation for addressing privacy is to first get insights into the data accumulating in the environment. With those insights available, there are three areas to address:

First, identify file types that are not to be stored on corporate systems. While inefficient, the accumulation of non-business-related content can lead to the introduction of ransomware or even silent data exfiltration in the event of a breach.

Second, examine the aging profile of existing datasets. The less data present on a system, the easier it is to ensure the adequate protection of private or sensitive data. A data lifecycle policy should be enacted to ensure that as data ages, it is relocated to the appropriate location for long-term storage until its final disposition.

Third, it makes sense to classify sensitive datasets and then ensure that any data tagged as sensitive or private is stored in areas with highly restricted access permissions.

 Many organizations face difficulties coping with the sheer volume of unstructured data being collected, retained, and used. To cope, they need a solution that is agnostic to the variety of vendor platforms deployed. They also need the flexibility to gain insight into and act on all their unstructured data, whether stored in file or object form—in the cloud or on premises. Acting on what has been observed in the environment will lead to positive downstream outcomes, as outlined above. 

Therefore, what’s required instead is a shift to proactively manage the data, leveraging key insights on the data estate. This will enhance the protection of private or sensitive data in the environment. The legacy (and reactive) approach has been to store all data in perpetuity, but this is no longer a viable approach. 

Meeting governance goals

In this context and driven by widespread and costly data privacy failures, the governance environment has become significantly more complex and demanding. Authorities are now armed with stringent regulatory frameworks and the teeth to impose massive fines.

For organizations focused on compliance – which should, of course, be all of them – effective data governance is dependent on enterprise-wide visibility. Understanding what data exists, where it resides, who owns it and how it is used needs to be backed by a policy-driven approach that enforces strict controls over data classification, access and retention. This is essential to align with both internal requirements and external regulations, such as DORA, GDPR, APRA, CCPA, and HIPAA, among others.

Once governance policies are in place, businesses must continuously monitor and audit their data environments to detect and mitigate risks. The most effective automated tools can enforce compliance by identifying high-risk or sensitive data to ensure it is properly documented, secured and handled to meet governance standards.

Advanced vendor-agnostic data management technologies can also seamlessly integrate unstructured data across diverse storage systems, applications and cloud systems. For those organizations with complex, multi-environment architectures, this is becoming an essential requirement for the delivery of effective governance.

Given the widespread of data-driven technologies (of which GenAI is one), privacy will continue to occupy the minds of business leaders as they look to balance opportunity with risk. Those who do so successfully can enjoy the prospect of a win-win situation where data stays safe but also transforms organizational effectiveness.

 

The post Data privacy is back in the headlines – how can organizations do a better job? first appeared on Cybersecurity Insiders.

The post Data privacy is back in the headlines – how can organizations do a better job? appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/MJ1DCfP
via IFTTT

AI has reached an inflection point. It’s no longer just a business enabler—it’s redefining the attack surface. As organizations deploy AI to automate decision-making, accelerate operations, and enhance customer experiences, cybercriminals are doing the same, leveraging AI-driven automation to scale attacks faster than security teams can respond. The result? A growing security gap where APIs—the backbone of AI adoption—have become the easiest and most lucrative target.

The DeepSeek API key exposure is just the latest example of how fragile these connections can be. While businesses focus on AI’s potential, security teams must confront the reality: AI is only as secure as the APIs that power it. Without dedicated API protection, organizations risk data breaches, adversarial AI manipulation, and compliance failures—threats that traditional security tools weren’t built to handle.

APIs: The Overlooked Weak Link in AI Security

Every AI system, from large language models to fraud detection engines, relies on APIs to function. But these APIs are often built for speed and functionality—not security. Attackers understand this, shifting their focus from breaking AI models to exploiting the APIs that connect them.

Through exposed endpoints, attackers can steal sensitive data, execute model inversion attacks to infer training data and expose confidential information, or overwhelm APIs with excessive requests, leading to denial-of-service (DoS) disruptions. Business logic attacks—where attackers manipulate API requests to exploit system processes—are becoming the weapon of choice for AI-powered fraud, misinformation campaigns, and large-scale automation abuse. With ransomware increasingly focused on data exposure, compromised APIs can leak customer data, proprietary AI models, and other sensitive assets, creating significant financial and reputational risks for organizations.

Many organizations still fail to incorporate API security into their broader cybersecurity strategy. Traditional security models—centered around firewalls, endpoint detection, and network monitoring—are not designed to address the complexities of API-based attacks. With AI accelerating the reliance on APIs, security teams must evolve their defenses. This means shifting from reactive security measures to continuous API risk assessments, runtime protection, and anomaly detection tailored for AI-driven environments. Without this shift, businesses will struggle to keep up with increasingly sophisticated API-based threats.

AI Agents: From Productivity Boosters to Security Nightmares

The rise of Agentic AI—autonomous AI-driven agents that interact with APIs—introduces a new frontier of risk. These AI-powered entities are designed to make decisions, complete tasks, and execute API calls without human oversight. But what happens when they are compromised?

A single exploited AI agent can trigger unauthorized transactions, exfiltrate sensitive data, or launch automated cyberattacks across multiple systems. Attackers can hijack trusted AI agents to impersonate legitimate users, automate large-scale credential stuffing, or even manipulate enterprise workflows. Security teams must shift their focus from simply defending against automation to securing the very AI-powered agents that enterprises rely on.

Cloud Security Won’t Save You—API Protection Will

When cloud computing first emerged, security concerns around data residency and control slowed adoption. It wasn’t until 2009 that NIST defined cloud models, and by 2011, a formalized shared responsibility model took shape—where cloud providers secured the infrastructure, but organizations remained responsible for their own data and applications. Over time, companies recognized the benefits of cloud adoption and developed security standards, compliance frameworks, and controls to mitigate risk.

AI security is following the same trajectory. While cloud-hosted AI applications provide scalability and efficiency, the security of the APIs that connect these models to business-critical systems falls entirely on the organization. Vendors deliver baseline protections, but security teams must implement the right security controls, update compliance programs, and regularly audit API security to ensure AI-driven processes remain secure. Adopting AI without securing APIs is just as risky as embracing the cloud without governance—security leaders must take an active role in mitigating these risks.

To enable AI adoption safely, security leaders must equip their organizations with the right tools and processes. This means revisiting security strategies, enforcing API security assessments, and embedding AI-specific threat detection into compliance programs. Cloud security alone is not enough—organizations need dedicated API protection to prevent data exposure, adversarial AI manipulation, and large-scale automation abuse.

Security Leaders Must Take Action—Before AI Outpaces Security

The regulatory landscape is evolving as fast as AI adoption itself. The Colorado AI Act, EU AI Act, and FTC regulations are pushing toward stricter AI governance, making weak API security a compliance liability. Organizations that fail to secure AI-powered APIs will not only face cyber threats—they will also face increased scrutiny from regulators, investors, and customers.

Security leaders must act now by conducting full-scale API security audits to uncover vulnerabilities before they are exploited. Continuous monitoring of AI-driven API traffic is critical to detecting adversarial AI manipulation in real time. Business logic abuse must be actively mitigated, preventing attackers from exploiting AI decision-making systems to commit fraud or disrupt operations.

AI is no longer an emerging technology—it’s here. But without a proactive security-first approach, businesses will find themselves constantly reacting to threats rather than staying ahead of them.  Security isn’t optional—it’s the deciding factor between AI-driven success or AI-powered disaster. Organizations that embed API security into AI development will lead. Those that don’t will be left cleaning up preventable breaches.

 

The post AI-Driven Attacks Are Exploiting APIs—Here’s What Security Leaders Must Do first appeared on Cybersecurity Insiders.

The post AI-Driven Attacks Are Exploiting APIs—Here’s What Security Leaders Must Do appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/NX5s0d6
via IFTTT

While cyber threats evolve at an unprecedented pace, equipping the next generation of cybersecurity professionals with practical, hands-on skills is more critical than ever. ANY.RUN’s Security Training Lab offers a learning environment where users can analyze real-world malware, understand attack techniques, and enhance their threat detection skills. 

Designed for security teams, students, and independent researchers, this interactive platform provides a safe, cloud-based sandbox for analyzing malicious files and URLs in real-time.

Security Training Lab Program’s Contents

The program is based on 30 hours of academic content: texts, video lectures, interactive tasks, and tests. Its main modules focus on: 

• Static Analysis and Advanced Static Analysis: study malware’s structure without executing the files.
• Dynamic Analysis and Advanced Dynamic Analysis: study malware’s behavior. 
• Encryption Algorithms — RC4, XOR, AES, RSA, and others.
• Malware Capabilities: tactics, techniques, evasion mechanics. 
• Analysis of Scripts and Office Files.

STL’s contents and structure

 

Audiences, Features, and Benefits

With over eight years of expertise in tackling cybersecurity challenges, ANY.RUN has crafted this course to empower students and educators alike. For universities, the program bridges the gap between theoretical knowledge and real-world application. 

As a resource for personal education, it is valuable for the use of practical tools and interactive tasks for progress self-check: from quick tests to more complex assignments. 

Educational institutions can also benefit from Security Training Lab by: 

• enriching their cybersecurity curriculum with modern materials that meet industry standards;
• helping students apply theory in practice;
• monitoring student performance and progress.

Students are presented with opportunities: 

• to get the critical skills employers are looking for;
• to master the latest techniques and tools in malware analysis;
• to work with actual examples of cyber threats and real-world simulations;
• to receive a certificate and an exclusive graduate discount.

One of the tasks on understanding dynamic analysis 

Key Skills Students Can Develop

After successfully completing the course, neophyte malware analysts and threat hunters acquire the following skills critical for a career in the field. 

1. Understanding a malware’s potential capabilities before it runs by analyzing source code and file structure

2. Watching malware behavior in a controlled environment, track its processes, network connections — to predict and counter malicious actions effectively

3. Utilizing frameworks like MITRE ATT&CK to map malware behaviors to known tactics and techniques; to build proactive defense strategies based on threat intelligence.

4. Identifying patterns of malicious activity, such as persistence mechanisms, privilege escalation, and detection evasion techniques, critical for both analysis and hunting.

5. Using a variety of professional tools, industry-standard workflows and techniques.

6. Critical thinking and a strategic approach to cybersecurity. Students learn to formulate hypotheses about threats and devise effective mitigation strategies under realistic conditions.

Conclusion

The Security Training Lab provides a dynamic learning environment where students can engage with real-world threat simulations, ensuring they graduate not only with knowledge but with the confidence and competence to combat modern cyber threats effectively.

Interested in bringing Security Training Lab to your educational institution?  

Contact ANY.RUN and discuss your specific requests and requirements with our team. Ask any questions and get a customized quote. 

 

The post Learn Malware Analysis with This Hands-on Course first appeared on Cybersecurity Insiders.

The post Learn Malware Analysis with This Hands-on Course appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/reN6BSo
via IFTTT

Today’s organizations face a rapidly multiplying number of digital identities as hybrid work and cloud, SaaS, IIoT, and other technologies proliferate. Companies understand the critical nature of identity security, but they still find Identity Governance and Administration (IGA) challenging and complex. They want cloud-native tools to help them secure identity management, maintain reliable access control for sensitive data, and comply with applicable regulations. At the same time, companies need to keep costs down and maintain performance for users and business operations. These goals all point to the imperative of implanting a modern, SaaS-based IGA solution.

We recently surveyed more than 500 IT and business leaders responsible for access management, identity governance, cybersecurity, compliance, and overall IT administration. The key insights, discussed below, will give organizations an overview of the state of IGA in 2025 and how they can best protect their digital identities. 

Challenges with current IGA

Organizations find their current IGA solutions challenging for several reasons. These solutions have a hard time ensuring appropriate user access control, complicated customization requirements, and a high total cost of ownership (TCO). Almost 60% of survey participants said expensive TCO was a main drawback in their current IGA solution. The situation calls for more flexible and efficient IGA solutions.  

The implication is that enterprises are discovering it’s too time-consuming to upgrade their current IGA solution, or it would require resources they don’t have. Over 50% of those surveyed noted that they lacked the skills and development effort needed to run their solution with customization. About 46% reported functionality gaps in their IGA solution; one is the struggle to ensure users have the right access to data and systems at the right time. The other is the solution’s inability to automate access control and compare access rights.

Increased IT security investment

It’s clear from reported budget allocations that companies understand the increasing importance of cybersecurity – of which IGA is a part – in the current business environment. Almost 90% of participants reported an increase in funding over the last year for security teams and resources.

Enterprises might have increased cybersecurity spending to preempt the financial losses that could result from data breaches, especially in highly regulated industries that hold vast databases of sensitive data. If so, they wouldn’t be wrong; the financial sector saw monetary losses due to cybersecurity incidents more than quadruple since 2017, to the tune of $2.5 billion, according to the International Monetary Fund. IMF data also suggests that most enterprises know the capabilities they need to manage better, as well as how such improvements will impact return on investment and process efficiency. 

Greater interest in Cyber Liability Insurance

In light of rising data breach costs, many companies are choosing to buy Cyber Liability Insurance. Sixty-four percent of survey participants reported that their companies have purchased this insurance to offset breach expenses. And yet, Network Assured found that just 19% of companies have purchased coverage for security incidents costing more than $600,000. That’s a problem that could lead to being underinsured because the average ransom paid by companies that have been breached exceeds $800,000.

Insurers are demanding more stringent security measures to address breach risks. These include strong authentication protocols, better access controls, and an identity governance program that is well-defined. All these measures signal a company’s willingness to meet an insurer’s security requirements.

IGA investment is driven by a desire for efficiency

The main business issues driving IGA investment are complex access governance and time-consuming manual processes. Sixty-one percent of participants named time-intensive manual processes as the first or second factor driving their companies’ investment in IGA. 

For most enterprises, it looks like there are ongoing challenges related to user access management, identity lifecycle management, and manual, error-prone onboarding and offboarding. In addition, 64% of participants noted that the burdensome requirement to manage user permissions across different systems – the process of complex access governance – is the first or second-most important challenge they hope to overcome by investing in a new IGA tool.

Advanced IGA features increase ROI 

Three key features of IGA solutions can substantially increase ROI: enhanced access visibility, user behavior insights, and Role-based Access Control (RBAC). For today’s companies, cloud-based platforms that offer these capabilities are especially valuable.

When survey participants were asked which features would boost their companies’ ROI the most, about 57% pointed to cloud-based user access control such as RBAC. This could signify that many enterprises would see substantial bottom-line advantages by implementing a cloud-based IGA solution that provides improved access control across cloud, multi-cloud, hybrid, and on-premises environments.

Seizing the IGA opportunity

What do these findings suggest about the state of IGA? Well, even though organizations are spending more on IT security, many continue to struggle with TCO. Most companies have confidence in their primary identity security capabilities, but unnecessary access and over-permissioned access are ongoing issues. User access control remains difficult, and Cyber Liability Insurance has become an attractive method for offsetting breach expenses. The good news is that IGA’s advanced features increase a company’s ROI.

Companies can improve the state of their IGA by addressing security gaps and conducting a comprehensive audit of existing IGA capabilities to enhance their IGA strategy. The next step is to invest in an IGA platform that offers modern SaaS features and automates manual processes. This includes built-in analytics that use Generative AI-powered insights to enhance decision-making. These steps will help organizations move forward in their ability to manage today’s deluge of digital identities.

 

The post Examining the State of IGA first appeared on Cybersecurity Insiders.

The post Examining the State of IGA appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/9hG3OsT
via IFTTT

Ransomware attacks have become one of the most feared cyber threats in recent times. Cybercriminals are increasingly leveraging sophisticated technologies, including artificial intelligence (AI), to execute highly effective and near-flawless attacks. The growing sophistication of these attacks makes them difficult to counter, leaving many victims with no option but to pay hefty ransoms to regain access to their data.

However, what if there was a way to break ransomware encryption using cloud computing? This might sound improbable, but a recent breakthrough has proven otherwise.

In a remarkable achievement, an Indonesian programmer successfully decrypted Akira ransomware encryption using cloud computing resources, offering a beacon of hope for future victims. This breakthrough demonstrates that paying a ransom may not always be the only solution to ransomware attacks in the future.

According to reports, Indonesian citizen Yohanes Nugroho was handed an encrypted file from Akira ransomware by a friend seeking assistance. In just 10 hours, Nugroho managed to decipher the encryption algorithm, setting a precedent for other ethical hackers to take on the challenge of breaking into the encryption schemes of notorious ransomware gangs.

As detailed in an update shared on Telegram, Nugroho leveraged the immense processing power of GPUs to crack the Akira ransomware’s encryption. He discovered that the malware developers used 1,500 permutations and combinations to scramble encryption keys before securing them with RSA-4096 encryption. However, by harnessing GPU capabilities, which can process 60 million permutations and combinations per second, he successfully overcame the encryption—a process he described as being as simple as making a cup of coffee once the right approach was in place.

To accomplish this, Nugroho used the GPU computing power provided by RunPod and later employed Vast.ai resources to complete the task within a short span of 10 hours. His work emphasizes the potential to further simplify the decryption process, making it more accessible with the development of automated computational tools.

Historically, law enforcement agencies worldwide have been engaged in similar efforts to develop ransomware decryption methods. However, cracking encryption keys has always been an arduous and time-consuming process. Now, thanks to the integration of AI-driven approaches and the availability of powerful GPU computing resources on demand, decrypting ransomware-encrypted files seems more feasible than ever.

This technological advancement could significantly reduce the downtime associated with ransomware attacks, helping organizations and individuals recover their data without succumbing to ransom demands. If further refined, such techniques could serve as a game-changer in the fight against cybercriminals, minimizing the devastating impact of ransomware attacks on businesses and critical infrastructures worldwide.

The post Akira Ransomware encryption breached with cloud computing appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/SiCbvg5
via IFTTT