Cary, North Carolina, March 13th, 2025, CyberNewsWire

As Artificial Intelligence (AI)-powered cyber threats surge, INE Security, a global leader in cybersecurity training and certification, is launching a new initiative to help organizations rethink cybersecurity training and workforce development. The company warns that AI is reshaping both the threat landscape and the skills required for cybersecurity professionals. While AI offers significant advantages in cyber defense, organizations must ensure their teams are properly trained to leverage it effectively without becoming overly reliant on automation.

“The rise of AI in cybersecurity isn’t just a challenge—it’s an opportunity,” said Dara Warn, CEO of INE Security. “By training cybersecurity professionals properly, AI can be leveraged to filter noise, reduce burnout, and increase efficiency. However, if we don’t train people to understand the ‘why’ behind AI-driven decisions, we risk a future where cybersecurity professionals are blindly following AI without the expertise to think critically beyond it.”

AI as a Force Multiplier: Improving SOC Efficiency and Threat Detection

AI-driven security tools are improving the signal-to-noise ratio, making Security Operations Centers (SOCs) more efficient by reducing false positive alerts—an area cybersecurity tools have been refining for over a decade. AI can prioritize critical threats, allowing analysts to focus on real dangers rather than wasting time investigating false alarms.

“AI is making threat detection smarter, but it’s not foolproof,” said Tracy Wallace, Director of Content at INE Security. “Security professionals need to be trained to work alongside AI, not just follow its outputs. AI is great at reducing alert fatigue, but analysts still need the expertise to investigate, interpret, and respond to threats accurately.”

Generative AI: A Double-Edged Sword for Cybersecurity Talent

One of the most promising yet complex aspects of AI’s rise is its impact on the cybersecurity workforce. On one hand, generative AI will lower the barrier to entry, allowing more professionals to enter the cybersecurity field and reducing the global labor shortage. 

However, this shift also presents risks. “The concern isn’t that AI is making cybersecurity easier,” said Wallace. “The concern is that if professionals become too dependent on AI outputs, they won’t develop the critical-thinking skills necessary to work beyond what the AI gives them. Organizations must ensure that cybersecurity training teaches professionals not just how to use AI but how to work independently of it when needed.”

The Data Privacy Dilemma: AI and LLM Security Risks

Another concern in AI-driven cybersecurity is data privacy and security risks with large language models (LLMs). While concerns over data leakage with cloud-based AI models are growing, this isn’t a new challenge—it’s an evolution of longstanding security principles. Organizations must ensure AI-powered security solutions do not require external data sharing.

“As AI becomes more deeply integrated into cybersecurity operations, privacy-first security architectures are crucial,” said Wallace. “Organizations need AI models that can operate securely without exposing sensitive data to external systems.”

The Future of AI Security Training: Agentic Architectures and AI-Driven Automation

Looking ahead, Agentic AI architectures are becoming a hot topic in cybersecurity. While some view it as buzzword hype, there is real potential for AI-driven security agents that autonomously investigate threats, adjust defenses in real-time, and improve security workflows with minimal human intervention.

However, automation must be carefully balanced. “Agentic AI might be the future, but we can’t let it replace hands-on expertise and human decision-making,” said Warn. “Security professionals must be trained to interpret AI-driven insights, make judgment calls, and recognize when AI is wrong.”

Training as the Solution: INE Security’s AI-Powered Cybersecurity Curriculum

To close the cybersecurity skills gap and help professionals work effectively with AI, INE Security is working to expand its AI-driven training programs. These programs will focus on:

• AI-Driven Threat Analysis – Training security teams to interpret AI-generated threat intelligence and reduce false positives.
• Machine Learning for Cyber Defense – Teaching professionals how AI-powered security models work and how attackers exploit AI vulnerabilities.
• Generative AI in Cybersecurity – Helping cybersecurity teams understand the risks and benefits of AI-generated attacks and defenses.
• Hands-On AI Security Labs – Simulating real-world AI-powered attacks and training professionals on how to counter them manually and with AI assistance.

“Our end goal is not just to train security professionals how to use AI but to train them how to think critically in an AI-driven world,” said Wallace. 

The Call to Action: Prepare for AI-Driven Threats Now

With AI transforming cybersecurity threats at an unprecedented pace, INE Security urges companies to:

• Train their cybersecurity teams on AI-driven tools, while ensuring they develop critical problem-solving skills.
• Prioritize AI-powered security solutions that enhance, not replace, human expertise.
• Implement privacy-first AI models that reduce data exposure risks.

“The AI revolution in cybersecurity is here,” concluded Warn. “Organizations that act now—by investing in security training, developing cybersecurity talent, and understanding how AI truly impacts the field—will be the ones leading the industry forward. The future of cybersecurity belongs to those who train for it.”

About INE Security

INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers, offering both Red Team training and Blue Team training. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.

Contact

Kathryn Brown
INE Security
kbrown@ine.com

The post INE Security Alert: Using AI-Driven Cybersecurity Training to Counter Emerging Threats appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/2UunDeK
via IFTTT

San Jose, United States / California, March 12th, 2025, CyberNewsWire

Aptori’s AI-Driven AppSec Platform Proactively Eliminates Vulnerabilities to Minimize Risk and Ensure Compliance.

Aptori, a leader in AI-driven application security, today announced the launch of its AI-driven AppSec Platform on Google Cloud Marketplace as part of graduating from Google Cloud’s ISV Startup Springboard program. This new agentic AI solution leverages semantic reasoning to analyze application code and logic in real time, delivering deterministic vulnerability detection, contextual risk prioritization, and automated remediation.

Aptori’s AI-driven approach goes beyond traditional static analysis. Unlike conventional tools, its proprietary semantic reasoning technology understands application logic and behavior in real-time, allowing it to detect complex security flaws—including business logic vulnerabilities, API misconfigurations, and runtime threats—that other solutions often miss. The result is deeper coverage and more precise security insights.

[youtube https://www.youtube.com/watch?v=WFQjpLyni6I]

Acting as a proactive teammate, Aptori’s AI Security Engineer works alongside developers and security teams to identify security weaknesses, assess risk, and implement fixes in real-time. As a core component of the AI-Driven AppSec Platform, the AI Security Engineer provides deep semantic understanding of code and applications, accelerating secure development while ensuring compliance and reducing the risk of breaches.

Aptori’s participation in the Google for Startups Accelerator: AI-First program has further advanced its capabilities. By integrating Gemini models with its semantic reasoning technology, the AI Security Engineer now delivers exceptionally precise code fixes, accelerating remediation with unparalleled speed and accuracy.

 “Bringing Aptori’s AI Security Engineer to Google Cloud Marketplace will help customers quickly deploy, manage, and grow the solution on Google Cloud’s trusted global infrastructure,” said Dai Vu, Managing Director, Marketplace & ISV GTM Programs at Google Cloud. “Aptori can now securely scale and support customers on their digital transformation journeys.”

“We’re thrilled to work with Google Cloud to empower global enterprises with seamless solutions to tackle evolving security and compliance challenges,” said Sumeet Singh, CEO & Founder of Aptori. “CISOs are under immense pressure to protect sensitive data, ensure compliance, and mitigate risks—while security teams struggle to keep up with the pace of development. Now, with AI-driven semantic analysis detecting vulnerabilities and delivering precise fixes in real time, we’re empowering security teams to stay ahead of threats, enforce compliance, and make proactive security a competitive advantage.”

Key Benefits of the Aptori AI-Driven AppSec Platform

• Automated Vulnerability Detection – Leverages semantic reasoning to identify security weaknesses in code, containers, applications, APIs, and cloud infrastructure, detecting risks beyond traditional static analysis.
• Automated Risk Remediation – Aptori’s AI Agents integrate seamlessly into your SDLC to continuously detect, triage, and remediate vulnerabilities with AI-driven code fixes—accelerating secure development and minimizing the risk of breaches and data leaks.
• Continuous Compliance – Seamlessly integrates into CI/CD pipelines, automating compliance with standards such as SOC 2, PCI DSS, HIPAA, HITRUST, NIS2, and ISO security frameworks, ensuring ePHI and sensitive data remain protected.

Aptori’s selection for the Google Cloud ISV Startup Springboard program marks a new era in AI-driven security, revolutionizing how organizations protect their applications at scale. Watch the video to learn more about Aptori’s transformative approach to security.

Users can explore how Aptori’s AI-powered application security solutions integrate with Google Cloud to enhance compliance, accelerate secure development, and mitigate risk. Explore the details at the Aptori AI Security Center.

About Aptori

Founded in 2021 and based in San Jose, California, Aptori is a leading innovator in AI-driven application security and vulnerability management. By harnessing advanced AI technology and Google Cloud’s Gemini, Aptori accurately identifies security vulnerabilities in code, applications, APIs, and infrastructure, enabling proactive threat detection, automated remediation, and ongoing compliance. Seamlessly integrated into CI/CD pipelines, Aptori continuously detects and remediates vulnerabilities while ensuring compliance with standards such as SOC 2, PCI DSS, HIPAA, HITRUST, NIS2, and ISO security frameworks.

Trusted by leading global enterprises, Aptori dramatically reduces vulnerability remediation time and accelerates secure software releases—empowering development and security teams to stay ahead of evolving cyber threats. 

Users can discover how Aptori empowers security teams with proactive protection, AI-driven vulnerability management, and streamlined compliance. Users can learn more at https://aptori.com.

LinkedIn: https://www.linkedin.com/company/aptori/

Contact

Harinder Singh
Aptori
hsingh@aptori.com

The post Aptori Now on Google Cloud Marketplace for AI-Powered Security and Automated Risk Remediation appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/ndUNrGO
via IFTTT

In the complex and rapidly evolving field of data security, accurate terminology is more than semantics—it defines how organizations understand, manage, and protect their information. However, many vendors blur the lines between terms like “data classification,” “categorization” and “identifiers,” often misusing them interchangeably. This confusion obscures the true value of advanced solutions, hindering businesses from achieving comprehensive data security.

In this article, I will clarify the differences between traditional data classification, context-driven categorization and subcategorization, and address how some vendors’ misapplication of terms like “data classes” and “identifiers” perpetuates outdated methodologies.

Misunderstanding Classification vs. Categorization

With traditional data classification, many vendors describe their data solutions as providing “classification,” but what they often mean is basic file labeling. This involves applying tags like “Confidential,” “PII” or “Public” to files based on simple rules or regex. This includes predefined patterns such as email addresses or credit card numbers which trigger specific labels; file metadata where labels are assigned based on attributes like file type or storage location; and manual tagging where users manually apply labels, which is resource-intensive and prone to error.

While these approaches can meet basic regulatory requirements, they fall short in modern environments due to their inability to analyze data context or relationships.

On the other hand, when it comes to categorization and subcategorization, true categorization goes far beyond labeling. It involves semantic understanding, where AI can automatically discover and organize data into meaningful categories and subcategories. These include high-level categories like “customer data” or “intellectual property,” and subcategories such as “contracts,” “blueprints” or “marketing plans.”

Categorization not only identifies the type of data but also understands its role, context, and significance within the organization, enabling proactive risk management.

The Problem with Interchanging Terms

Some vendors compound the confusion by using terms like “data classes” or “identifiers” interchangeably with classification and categorization. Here’s why this is problematic:

When “data classes” is misused as categories, “data classes” should refer to broad groupings like “personal data” or “financial data.” Vendors sometimes use “data classes” as a catch-all term for both categories and their subsets, masking the need for nuanced classification that reflects organizational context.

Overemphasized identifiers are a problem because “identifiers” are specific patterns (e.g., social security numbers, credit card numbers) that are easily recognized by regex or keyword-based tools. Some vendors claim comprehensive classification by merely identifying these patterns, ignoring data that lacks obvious markers, such as intellectual property or strategic documents.

As a result, these practices perpetuate a narrow, surface-level view of data security that fails to address the challenges of unstructured data or complex regulatory environments.

Why Regex and Rule-Based Systems Fall Short

Many vendors still rely heavily on regex (regular expressions) or manual rule creation to classify data. While these methods can identify structured data with specific patterns, they struggle with unstructured data since documents, emails, and multimedia files often lack the consistent patterns regex relies on. In addition, manually updating rules to reflect new data types or regulatory changes makes them resource intensive in dynamic environments. These methods also result in false positives and negatives because without context these systems frequently misclassify or miss critical data.

For example, a regex-based tool might identify a string of numbers as a credit card but overlook its actual role in a financial report, missing the broader context and associated risks.

Semantic Intelligence: The Context Revolution

Semantic intelligence offers a solution to these limitations by combining contextual understanding with automation. It transforms data management in a number of ways.

For example, semantic intelligence understands data’s role beyond identifiers. Unlike tools fixated on identifiers, semantic intelligence interprets the meaning and usage of data. A document titled “Project Scope” is recognized as strategic business data, even without explicit patterns.

Semantic intelligence also offers categorization with depth. Instead of lumping files into broad data classes, it dynamically categorizes and subcategorizes data. For instance, for a category of customer data the subcategory could include contracts, purchase orders, or correspondence.

In addition, semantic intelligence delivers dynamic adaptation, as AI continuously learns and adapts to ensure that classifications evolve with the organization’s data and regulatory landscape. Finally, semantic systems analyze structured and unstructured data across cloud and on-premises environments, offering comprehensive coverage and complete visibility without manual effort.

The True Impact of Misused Terminology

When vendors misuse terms like “data classification” or “identifiers,” they create confusion that can lead to:

• Overestimated capabilities where businesses may believe they’re achieving comprehensive security when, in reality, they’re addressing only surface-level issues.
• Compliance risks since inadequate classification methods can lead to missed compliance requirements, especially as regulations grow stricter.
• Missed opportunities as organizations fail to unlock the full potential of their data, as traditional tools lack the depth to uncover meaningful insights.

What Businesses Should Seek Out

Organizations can leverage semantic intelligence to eliminate the limitations of traditional classification and discovery tools for autonomous, context-driven categorization. Here are some of the capabilities you should look for when evaluating a data security platform:

Instead of regex or rules, look for solutions that use advanced AI to dynamically understand data without predefined patterns to deliver fast and accurate results;

• Rich contextual categorization of data capabilities at multiple levels, from high-level classes to granular subcategories, ensuring actionable insights;
• Adaptable and scalable solutions that can handle petabyte-scale environments, analyzing structured and unstructured data with ease; and
• Proactive risk management functionality to flag risks like overly permissive sharing or misplaced sensitive data, enabling immediate remediation.

Conclusion: Clarity Leads to Security

In data security, precision matters. Misusing terms like “classification,” “categorization,” “data classes,” and “identifiers” obscures critical distinctions that impact organizational security. By embracing semantic intelligence and context-driven categorization, businesses can move beyond labels and regex to achieve a holistic understanding of their data.

The post From Labels to Context: The Evolution of Data Classification with Semantic Intelligence and Why Terminology Matters appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/XNZdJm4
via IFTTT

If enterprise security were a house, most organizations would be living in a poorly maintained fixer-upper—where every door has a different lock, the keys don’t always fit, and there are more than a few windows stuck permanently open. For years, businesses have layered disparate access control tools on top of each other, each solving a specific problem at a specific time. This patchwork approach—comprising a myriad of solutions for access control for networks, applications and infrastructure—has left security teams grappling with complexity, compliance challenges, and dangerous visibility gaps.

It’s time for a change. The future of access control isn’t cobbling together point solutions. It’s in Unified Access Control (UAC)—a consolidated, cloud-native approach that simplifies security, improves compliance, and eliminates the blind spots created by a fragmented ecosystem.

The Access Control Problem: Too Many Tools, Too Little Visibility

Today’s enterprise security leaders are fighting an uphill battle. With hybrid workforces, an explosion of IoT devices, and increasingly sophisticated cyber threats, managing access to networks, applications, and infrastructure has never been more complex. In response, security teams have layered on additional controls, each designed to address a particular gap:

• RADIUS for network authentication and authorization
• Network Access Control (NAC) for device compliance and network security enforcement
• TACACS+ for infrastructure device administration
• Conditional Access to control access to SaaS applications
• ZTNA to replace VPNs for secure remote access

Individually, these tools serve a purpose. Together, they create a tangled mess. Most security teams juggle multiple vendors, overlapping policies, and inconsistent enforcement mechanisms. Worse, the lack of integration between these tools leads to blind spots, where security teams can’t get a unified view of who and what is accessing their environments. That’s a recipe for breaches, compliance failures, and endless operational headaches.

Unified Access Control: A Modern Solution for Modern Challenges

Unified Access Control is a new approach to solving this decades-old problem. Instead of deploying and managing separate solutions for network, infrastructure, and application access, UAC consolidates these functions into a single, cloud-native platform. This approach offers three major benefits:

1. Simplified Security & Management

Security leaders know that complexity is the enemy of security. When access control tools are stitched together, they create unnecessary friction for IT and security teams, leading to misconfigurations, policy inconsistencies, and administrative overhead.

With UAC, policies for network access, infrastructure access, and application access are managed from one place. This ensures uniform enforcement, reduces the risk of misalignment, and makes day-to-day administration easier. Need to update a policy? You do it once, not across five different systems.

2. Improved Compliance & Auditability

Regulatory frameworks like NIST, CISA’s Zero Trust Maturity Model, and industry-specific standards like HIPAA, PCI DSS, and SOC 2 require strict control over who and what has access to critical systems. Achieving compliance with siloed access control tools is a nightmare—organizations often lack a single source of truth for auditing user access and policy enforcement.

UAC changes this. With a unified solution, security teams gain centralized logging and reporting capabilities, making it easier to generate audit trails, demonstrate compliance, and detect anomalies in access patterns. Instead of cobbling together reports from different systems, organizations have a single, comprehensive view.

3. Eliminating Blind Spots & Strengthening Security Posture

Every tool in a patchwork approach introduces integration gaps. If an attacker finds a way into the network via an unsecured IoT device, traditional NAC may catch it—but that visibility might not extend to application access controls. If an administrator’s credentials are compromised, TACACS+ might flag suspicious activity on network devices, but Conditional Access won’t necessarily reflect that risk in real-time.

With UAC, organizations gain end-to-end visibility across all access points. Security teams can see all users, all devices, and all access attempts in one place, allowing them to spot threats faster and respond more effectively. This eliminates the piecemeal approach that attackers often exploit to move laterally within an environment.

The Cloud-Native Advantage: Agility, Scalability & Future-Proofing

As enterprises continue their cloud migration journeys, it’s clear that legacy, on-premises security solutions are no longer viable. Traditional NAC appliances, RADIUS servers, and TACACS+ implementations are difficult to maintain, leading to reduced reliability and security. The complexity of maintenance results in frequent downtime, while the lack of timely patching leaves organizations exposed to vulnerabilities. These limitations also impact agility, making it difficult to adapt to new threats efficiently.

A cloud-native Unified Access Control solution offers:

• Agility – Instant updates and security patches without downtime.
• Scalability – Seamless support for thousands of users, devices, and endpoints without adding infrastructure.
• Interoperability – Easy integration with existing security stacks, identity providers, and endpoint management tools.

By shifting access control to the cloud, organizations can move away from the never-ending cycle of maintaining disparate on-premises tools, allowing security teams to focus on what really matters: protecting their users, data, and business operations.

The Time for Unified Access Control is Now

The days of juggling multiple disconnected access control solutions are numbered. Enterprises can no longer afford the operational inefficiencies, security blind spots, and compliance challenges that come with a fragmented approach.

With Unified Access Control, organizations can consolidate their security stack, simplify policy enforcement, and gain unparalleled visibility into access across their networks, applications, and infrastructure.

The future of access control isn’t about adding more tools. It’s about unifying them. And for security leaders looking to stay ahead of evolving threats, that future can’t come soon enough.

The post The Future of Access Control: Why It’s Time to Ditch the Patchwork Approach appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/MGYeKPd
via IFTTT

Machine-to-machine (M2M) communication is a cornerstone of model digital infrastructure that helps machines connect without human intervention. M2M is the word used to describe the automatic, human-free flow of information between machines using direct communication.  

Key advancements in security will be crucial for M2M growth to maintain the reliability of wireless data transfers. This market is rapidly expanding led by the growing importance of secure communication, a rise in data theft and cyberattacks, and the accessibility of cloud-based security solutions. In this blog, let’s explore the future growth prospects of the M2M security market.

1.Penetration of High-Speed Internet Connectivity

According to recent data from the International Telecommunication Union (ITU), there were 5.5 billion internet users in 2024, up 227 million from updated forecasts for 2023. The adoption of M2M solutions is significantly influenced by the growing need for dependable and seamless communication across a range of industries such as manufacturing, automotive, and logistics. The high performance of these industries depends on constant data flow and system interconnectivity. As a result, there is a growing need for M2M services with improved security features as protecting data from breaches, cyber threats, and unauthorized access is becoming crucial.

2.Growth of Smart Home Solutions

Consumers’ acceptance of smart home solutions is being enhanced by the expanding geriatric population, especially in developed nations. As reported by the United Nations, there will be 265 million people 80 years of age and older by the middle of the 2030s, surpassing the number of newborns. These technologies address the demand for elder care by offering several benefits including remote health monitoring. Consequently, M2M services are growing in demand as these services guarantee dependable performance and connectivity by facilitating the easy integration and control of several smart home appliances.  M2M solutions provide centralized control, automation, and real-time monitoring with smart technology like climate management, intelligent lighting, and security systems.  

3.Growing Adoption of IoT Devices

Over the past ten years, IoT use has been gradually increasing which will advance the fields of industrial automation, digital payments, security applications, and more. For instance, globally, there were more than 18 billion linked IoT devices in 2024, and by 2030, it is predicted to reach over 30 billion. The demand for M2M services that can connect, manage, and secure IoT devices is increasing. M2M is advanced by IoT technologies, which enable companies to use machine data to improve decision-making.

4.M2M Services in Healthcare

The growth of telemedicine is opening up new possibilities in the healthcare industry for controlled M2M services. For instance, according to the International Trade Administration, by the end of 2025, the telemedicine market in Japan is expected to have grown from USD 243 million in 2020 to USD 404.5 million. Telemedicine platforms rely on M2M technology to enable safe and dependable communication and make it possible to track patients’ vital signs in real time. M2M services play an increasingly important role as healthcare organizations embrace digital solutions to enhance the provision of healthcare and alleviate medical issues. 

5.Adoption of Blockchain

The future is ushered in by the combination of blockchain technology with the IoT as it enables safe and effective device-to-device connection. M2M communications are made secure by using blockchain technology due to its decentralized and tamper-proof nature. In January 2025, SEALCOIN announced a partnership with WISeSat AG for the introduction of a new generation of satellites supporting autonomous M2M transactions from space. This launch will demonstrate how blockchain and space technologies may facilitate more secure and scalable global IoT networks. 

6.Rise in Cyberthreats

As reported by the Center for Strategic & International Studies, in 2024, Russian cyberattacks against Ukraine increased by about 70%, with 4,315 occurrences that targeted vital infrastructure, such as government services, the oil industry, and organizations involved in defense. Cybersecurity trends change along with technology, propelling the need for M2M solutions. These solutions are highly scalable for safeguarding vital infrastructure and facilitating secure information sharing. Moreover, with cyberthreats on the rise companies are investing heavily in M2M security. Let’s explore the market dynamics to get deeper insights into industry growth.

By the end of 2037, the M2M Security Market is expected to have grown from its 2024 size of USD 30.6 billion to USD 66.8 billion. Leading market players including Digi International, Eurotech, Kore Wireless, NetComm Wireless are investing heavily in R&D to support the continued growth of the M2M Security industry.  Market participants are also taking part in a variety of strategic efforts to launch new goods, through research and development. 

1.In April 2024, OXIO, the leading telecom-as-a-service (TaaS) platform declared a global expansion to meet the connectivity needs of international M2M clients in North America. With this international growth, M2M businesses may benefit from robust network coverage through a single user-friendly cloud-based platform, eliminating the need to collaborate with numerous providers in various nations.

2.In October 2023, M2M Services, a provider of universal alarm panel communicators, connectivity, and interactive services announced a partnership with Alula. The merger represents a major milestone for the industry, establishing a business with goods and services that meet the constantly changing needs of the smart security market and the experts who work in it.

In addition, by region, this market will be dominated by North America. The growth is driven by the presence of leading businesses that are investing heavily in R&D to broaden their product ranges.   The market’s performance in the region is also expected to be positively impacted due to the rise in cyberattacks and data theft cases, and the availability of cloud-based security solutions. Based on a report by the Internet Crime Complaint Center, an unprecedented 880,418 complaints with possible losses of over USD 12.5 billion were filed by the American public in 2023. 

In a Nutshell,

The m2m security market is rapidly evolving to ensure a safer and more connected world. The market may witness tremendous growth due to the increasing significance of M2M communication, an increase in cyberattacks and data theft, and the availability of cloud-based security solutions. Towards the end, the future of M2M security looks promising with strong industries that are also engaging in a range of strategic initiatives to introduce new products. 

Source : https://www.researchnester.com/reports/m2m-security-market/6924

 

The post M2M Security Market: Endless Opportunities to Ensure a Secured Future appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/inuAKL6
via IFTTT

As cyberattacks surge, businesses face unprecedented pressure to fortify defenses. Simultaneously, governments are tightening regulations to combat evolving threats, turning compliance from a checkbox exercise into a strategic imperative. Organizations must now harmonize cybersecurity practices with global standards to avoid penalties, protect reputations, and ensure resilience.

The Evolving Landscape of Cybersecurity Regulations

The regulatory environment is shifting rapidly. Europe’s General Data Protection Regulation (GDPR) mandates strict data protection and 72-hour breach notifications, while the California Consumer Privacy Act (CCPA) empowers consumers to control their data. Globally, frameworks like ISO 27001 provide blueprints for risk management, emphasizing proactive threat mitigation. In the U.S., the Securities and Exchange Commission (SEC) now requires public companies to disclose material cyber incidents within four days—a rule reshaping corporate transparency.

These regulations share a common thread: accountability. However, multinational organizations face complexity when standards conflict. For example, GDPR’s “right to be forgotten” clashes with data retention laws in sectors like healthcare. To adapt, businesses must adopt agile compliance strategies, prioritizing scalable frameworks that accommodate regional nuances. The rise of AI-driven threats and quantum computing vulnerabilities will likely spur stricter rules, making regulatory foresight a competitive advantage.

The Role of Infrastructure in Cybersecurity and Compliance

A robust digital infrastructure is the backbone of compliance. Cloud environments, data centers, and IoT devices require rigorous vulnerability assessments to meet standards like ISO 27001. Yet physical infrastructure is equally critical. 

Secure network cabling installation, for instance, prevents “eavesdropping” via unauthorized taps, a requirement under Annex A.9 of ISO 27001. Properly shielded cables and segmented networks limit lateral movement during breaches, aligning with GDPR’s “data protection by design” principle.

Encryption protocols for data-at-rest and in-transit further safeguard sensitive information, addressing mandates like CCPA’s security obligations. Endpoint security tools, coupled with zero-trust architectures, ensure only authenticated users access critical systems—a core expectation of NIST’s Cybersecurity Framework.

Compliance frameworks increasingly demand layered defenses. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires firewalls and intrusion detection systems for payment data, while the Health Insurance Portability and Accountability Act (HIPAA) emphasizes audit controls for healthcare networks. Organizations that integrate these technical measures with physical safeguards—such as restricted server room access—create a holistic security posture that satisfies regulators and deters attackers.

Challenges in Aligning Cybersecurity with Compliance

Organizations face multifaceted hurdles when integrating cybersecurity practices with compliance mandates. These challenges stem from evolving threats, fragmented regulations, and operational limitations—all requiring strategic balancing to avoid penalties, data breaches, or operational disruptions. 

Rapidly Changing Threats

Cybercriminals continuously evolve tactics, exploiting new vulnerabilities before organizations can respond. Regulatory frameworks struggle to keep pace, often lagging behind emerging threats. Businesses must implement adaptive security strategies, such as real-time monitoring and threat intelligence, to stay compliant while effectively mitigating evolving cyber risks.

Compliance Complexity 

Organizations operating across multiple jurisdictions face overlapping and sometimes conflicting cybersecurity regulations. Navigating GDPR, CCPA, PCI DSS, and other standards requires extensive legal and technical expertise. Compliance across various frameworks demands robust governance structures, risk assessments, and adaptable security policies tailored to different regulatory requirements.

Resource Constraints

Small and medium-sized businesses often lack the financial and human resources necessary for comprehensive cybersecurity and compliance programs. Implementing security tools, hiring compliance specialists, and conducting audits can be costly. Prioritizing risk-based security investments and leveraging automation can help bridge the gap while maintaining regulatory compliance.

Third-Party Risks

Vendors, supply chain partners, and cloud providers introduce security risks that organizations must manage. Regulations increasingly require businesses to ensure third-party compliance, yet enforcing security standards across external entities is challenging. Regular risk assessments, contractual security clauses, and continuous monitoring help mitigate vulnerabilities external partners introduce.

Balancing Security and Usability

Strict security measures can hinder productivity, leading employees to bypass controls, weakening compliance efforts. Overly restrictive access controls, authentication mechanisms, and encryption requirements may frustrate users. Organizations must strike a balance between security and usability by implementing user-friendly security solutions that maintain compliance without disrupting daily operations.

Best Practices for Preparing for Global Standards

Staying compliant with evolving cybersecurity regulations requires a proactive approach. Organizations must integrate security measures that align with global standards while remaining adaptable to new threats.

• Adopt a Risk-Based Approach: Prioritize security efforts based on the most significant threats. Conduct regular risk assessments to identify vulnerabilities and allocate resources effectively.
• Implement Continuous Monitoring: Use automated security tools to detect anomalies, log security events, and provide real-time alerts. Continuous monitoring helps maintain compliance and reduces the risk of breaches.
• Enhance Employee Training: Human error is a major security risk. Regular training on phishing, data protection, and regulatory requirements ensures employees understand their role in maintaining compliance.
• Automate Compliance Processes: AI-driven compliance tools simplify policy enforcement, track regulatory updates, and generate real-time compliance reports, reducing administrative burdens.
• Conduct Regular Audits and Assessments: Internal and third-party audits identify security gaps and verify compliance with global regulations. Penetration testing and security reviews help prevent violations and data breaches.

Wrapping Up 

Cybersecurity and compliance are no longer siloed concerns but interconnected pillars of organizational resilience. By embedding regulatory requirements into infrastructure design, adopting agile frameworks, and fostering cross-industry collaboration, businesses can future-proof operations. In a world where cyber risks and regulations evolve daily, proactive alignment isn’t just strategic—it’s survival.

 

The post The Intersection of Cybersecurity and Regulatory Compliance – Preparing for Global Standards appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/kzdyJBP
via IFTTT

Boston, USA, March 11th, 2025, CyberNewsWire

GitGuardian, the security leader behind GitHub’s most installed application, today released its comprehensive “2025 State of Secrets Sprawl Report,” revealing a widespread and persistent security crisis that threatens organizations of all sizes. The report exposes a 25% increase in leaked secrets year-over-year, with 23.8 million new credentials detected on public GitHub in 2024 alone.

Most concerning for enterprise security leaders: 70% of secrets leaked in 2022 remain active today, creating an expanding attack surface that grows more dangerous with each passing day.

“The explosion of leaked secrets represents one of the most significant yet underestimated threats in cybersecurity,” said Eric Fourrier, CEO of GitGuardian. “Unlike sophisticated zero-day exploits, attackers don’t need advanced skills to exploit these vulnerabilities—just one exposed credential can provide unrestricted access to critical systems and sensitive data.”

Eric Fourrier points to the 2024 U.S. Treasury Department breach as a warning: “A single leaked API key from BeyondTrust allowed attackers to infiltrate government systems. This wasn’t a sophisticated attack—it was a simple case of an exposed credential that bypassed millions in security investments.”

Key Findings for Security Leaders

The report identifies several critical trends that demand immediate attention:

The Blind Spot: Generic Secrets

Despite GitHub’s Push Protection helping developers detect known secret patterns, generic secrets—including hardcoded passwords, database credentials, and custom authentication tokens—now represent more than half of all detected leaks. These credentials lack standardized patterns, making them nearly impossible to detect with conventional tools.

Private Repositories: A False Sense of Security

The analysis reveals a startling truth: a full 35% of all private repositories scanned contained at least one plaintext secret, shattering the common assumption that private repositories are secure:

• AWS IAM keys appeared in plaintext in 8.17% of private repositories—over 5× more frequently than in public ones (1.45%)
• Generic passwords appeared nearly 3× more often in private repositories (24.1%) compared to public ones (8.94%)
• MongoDB credentials were the most frequently leaked secret type in public repositories (18.84%)

“Leaked secrets in private code repositories must be treated as compromised,” emphasized Eric Fourrier. “Security teams must recognize that secrets should be treated as sensitive data regardless of where they reside.”

Beyond Code: Secrets Sprawl Across the SDLC

Hardcoded secrets are everywhere, but especially in security blind spots like collaboration platforms and containers environments where security controls are typically weaker:

• Slack: 2.4% of channels within analyzed workspaces contained leaked secrets
• Jira: 6.1% of tickets exposed credentials, making it the most vulnerable collaboration tool
• DockerHub: 98% of detected secrets were embedded exclusively in image layers, with over 7,000 valid AWS keys currently exposed

The Non-Human Identity Crisis

Non-human identities (NHIs)—including API keys, service accounts, and automation tokens—now vastly outnumber human identities in most organizations. However, these credentials often lack proper lifecycle management and rotation, creating persistent vulnerabilities.

A security leader at a Fortune 500 company acknowledged this challenge: “We aim to rotate secrets annually, but enforcement is difficult across our environment. Some credentials have remained unchanged for years.”

Secrets Managers: Not a Complete Answer

Even organizations using secrets management solutions remain vulnerable. A study of 2,584 repositories leveraging secrets managers revealed a 5.1% secret leakage rate —far from the near-zero we anticipate. This surpasses the overall GitHub average of 4.6%.

Common issues include:

• Secrets extracted from secrets managers and hardcoded elsewhere
• Insecure authentication to secrets managers exposing access credentials
• Fragmented governance due to secrets sprawl across multiple secrets managers

The Path Forward: Comprehensive Secrets Security

As AI-generated code, automation, and cloud-native development accelerate, the report forecasts that secrets sprawl will only intensify. While GitHub’s Push Protection has reduced some leaks, it leaves significant gaps—particularly with generic secrets, private repositories, and collaboration tools.

“For CISOs and security leaders, the goal isn’t just detection—it’s the remediation of these vulnerabilities before they’re exploited,” said Eric Fourrier. “This requires a comprehensive approach that includes automated discovery, detection, remediation, and stronger secrets governance across all enterprise platforms.”

The report concludes with a strategic framework for organizations to address secrets sprawl through:

• Deploying monitoring for exposed credentials across all environments
• Implementing centralized secrets detection and remediation
• Establishing semi-automated rotation policies for all credentials
• Creating clear developer guidelines for secure vault usage

To read the full 2025 State of Secrets Sprawl Report, users can visit GitGuardian.com.

Additional resources

GitGuardian – Website

The State of Secrets Sprawl 2025

About GitGuardian

GitGuardian is an end-to-end NHI security platform that empowers software-driven organizations to enhance their Non-Human Identity (NHI) security and comply with industry standards. With attackers increasingly targeting NHIs, such as service accounts and applications, GitGuardian integrates Secrets Security and NHI Governance. This dual approach enables the detection of compromised secrets across your dev environments while also managing non-human identities and their secrets’ lifecycles. The platform is the world’s most installed GitHub application and supports over 450+ types of secrets, offers public monitoring for leaked data, and deploys honeytokens for added defense. Trusted by over 600,000 developers, GitGuardian is the choice of leading organizations like Snowflake, ING, BASF, and Bouygues Telecom for robust secrets protection.

Contact

Media Contact
Holly Hagerman
Connect Marketing
hollyh@connectmarketing.com
+1(801) 373-7888

The post GitGuardian Report: 70% of Leaked Secrets Remain Active for Two Years, Urging Immediate Remediation appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/QNdz9uj
via IFTTT

For over one month, newspaper publishing giant Lee Enterprises has been suffering the ramifications of a ransomware attack. Allegedly conducted by the Qilin ransomware group, the incident has caused ongoing disruptions to operations and significant delays to contractor and freelancer payments.  

Lee Enterprises released a statement noting that critical applications were left encrypted, affecting distribution of products, billings, collections, and more. It’s likely that Qilin ransomware group encrypted the files after sensitive files were exfiltrated in a tactic known as “double extortion ransomware.” This technique is a type of attack where the threat actor extracts sensitive data in addition to encrypting it, which gives the attacker extra leverage for the company to force its hand and pay ransom.  

To mitigate double extortion tactics and similar threats or detect them early, organizations should implement key protective measures. Data security posture management (DSPM) provides visibility into sensitive data across the data estate, helping improve risk posture. It also enables continuous assessment and prioritization of risk based on data sensitivity, ensuring remediation efforts are focused where they matter most.   

Additionally, Data Access Governance (DAG) helps enforce least privilege access controls by determining who has access to sensitive data and integrating with Identity and Access Management (IAM) or Cloud-Native

Application Protection Platforms (CNAPP) systems. Finally, Data Detection and Response (DDR) continuously monitors for emerging threats, alerting on suspicious access or data movement—such as exfiltration to unknown third parties—that may violate security policies or compliance requirements. This minimizes the impacts of double extortion attempts – making the attempts less fruitful by providing early warning before damages occur.” 

The post Strengthening Data Security: Mitigating Double Extortion Ransomware Attacks appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/UbY8p3W
via IFTTT