Database expert Dominik Tomicevic highlights the limitations of traditional cybersecurity defense methods and why knowledge graphs could be a better avenue for the CISO to pursue 

Data shows that the global cost of cybercrime will soar by four trillion dollars over the next four years, rising from $9.2 trillion in 2024 to an estimated $13.9 trillion by 2028. Does this mean organizations must simply accept cyberattacks, malware, phishing, and other threats as endemic and ever-growing challenges?

Not necessarily. Greater vigilance and innovation in cybersecurity strategies can change the trajectory. While embracing digital technologies and the cloud has undeniably boosted convenience and productivity, it has also introduced significant vulnerabilities. Increasing reliance on open-source libraries to speed development—rather than building all code in-house—has, in turn, exposed organizations to new and serious risks.

Traditional cyber methods don’t work anymore

But the benefits are simply too great to ignore. The drive toward digital, online, and cloud-based operations is unstoppable, as is the growing reliance on externally sourced or AI-generated code. The problem is that most current cybersecurity methods fall short because they rely on models that are too rigid—both in how they represent the world and how they adapt to change. This is where developers we work with have identified a better way to help curb these dangers, at least to some extent.

The reason current systems of record for cyber vulnerabilities often falter is that they are built on the relational data model, which functions much like a “phonebook.” A phonebook offers a static, alphabetical list of individuals—but real life is far more complex, shaped by friendships, families, workgroups, rivalries, and constantly evolving relationships. Static models simply can’t capture the dynamic nature of modern digital environments.

Attackers understand this. They don’t exploit static lists—they target the living, breathing web of human connections. In other words, they aren’t studying organizational charts or formal hierarchies; they focus on the real-world links between people, creeping through systems to exploit user permissions not in isolation, but as gateways into broader networks.

This is why social engineering is so effective. If one person is compromised, who else might be vulnerable? What systems do they access? Who do they interact with daily? Attackers are disturbingly good at tracing these pathways—and exploiting them to devastating effect.

There’s another key limitation with the phonebook model—or more technically, with traditional relational approaches to cybersecurity: speed. Moving fast is essential, but modeling real-world complexity with relational databases requires many JOIN operations, which quickly become computationally expensive. In a multi-step attack, it might take 10 to 20 JOINs just to assemble a clear picture, and by then, the process could either time out or consume so many resources that it becomes impractical.

Trying to defend against adversaries who map and exploit dynamic relationship networks is incredibly challenging. A bad actor can quietly slip in a change request to open port 40 in a cloud security configuration, and in a highly connected system, that single move could silently unlock 1,000 other doors—with no clear way of knowing where they are.

The key element in the security war is relationships

That’s not just a vulnerability. That’s a nightmare. What’s becoming clear is this: a better way to understand the complex relationships and interdependencies within cyberspace could not only strengthen defensive postures, but also enable faster, more decisive action.

In response, more and more organizations—whether protecting their own systems or building cybersecurity solutions—are turning to graph-based approaches to model relationships and information. After all, every employee’s access to business services and systems creates a connection—a relationship—between individuals and the resources they use.

Player No 2 has entered the game

Which is why graph technology matters: it models systems clearly and powerfully by representing users, systems, and data as nodes, and the permissions and connections between them as edges. This “graph thinking” isn’t new—it’s exactly how attackers view your environment during penetration testing. They don’t see a flat network; they see a connected web of relationships and look for paths they can exploit to move laterally.

Graph technology allows defenders to adopt the same perspective before threats emerge. At its core, graph technology is about relationships—and whether it’s employees and devices, users and applications, or systems and services, a graph database can accurately capture the complex way your organization truly operates.

Crucially, graph technology doesn’t just deliver better visibility—it also dramatically improves speed of response. Because graphs eliminate the need for complex queries and costly JOIN operations, problems can be solved on a linear, not logarithmic, timescale. Connections can be mapped in seconds, not hours, giving security teams the clarity and agility they need to stay ahead of threats.

So where does AI fit into this picture? The next natural evolution is leveraging machine learning, AI, and advanced data techniques. A graph-based approach not only strengthens cybersecurity today, it also lays a powerful foundation for future AI initiatives, enabling faster, smarter, and more adaptive defenses.

The potential of a graph-based approach to navigating the intricate network of relationships that underpin cybersecurity challenges is immense. However, without adopting smarter, more adaptive cybersecurity strategies, both businesses and society will continue to fall behind in the relentless battle against cyber threats—threats that often understand our systems and vulnerabilities better than we do ourselves.

The author is the CEO of knowledge graph leader Memgraph

The post It’s Time to Move Away from the “Phonebook” Approach to Cybersecurity first appeared on Cybersecurity Insiders.

The post It’s Time to Move Away from the “Phonebook” Approach to Cybersecurity appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/kDhscjp
via IFTTT

[Part 2 of 2 – Based on an interview with Zscaler CSO Deepen Desai]

By Holger Schulze, Cybersecurity Insiders

“Zero Trust isn’t a feature,” Deepen Desai told me during our RSA Conference interview. “It’s an architectural decision to stop trusting the network. You’re either enforcing that by design—or you’re pretending.”

In Part 1 of this series, we explored the failure of VPNs—how attackers exploit them, how they collapse under patching pressure, and how they expand risk instead of containing it. But our conversation in San Francisco didn’t stop at diagnosis. It turned toward what comes next.

The answer is Zero Trust. But not the watered-down, checkbox version.

“If your users connect and get placed on the network—even in the cloud—you’re not doing Zero Trust,” Desai said. “You’ve just moved your VPN to a new address.”

This isn’t about branding. It’s about architecture. And at Zscaler, that architecture is built on one foundational idea: attack surface reduction in the first place.

The Invisible Attack Surface

If the core flaw of VPNs is that they make applications reachable, then Zero Trust flips that completely. Desai described it as eliminating network presence altogether.

With Zscaler Private Access (ZPA), users never access the network. There is no IP assignment. No shared subnet. No inbound access to anything.

Instead, both users and applications establish outbound-only connections to the Zscaler Zero Trust Exchange. If identity, policy, and posture align, Zscaler stitches the user and app connections together.

“If you can scan the network, you’re on the network,” Desai said. “And if you’re on the network, the attacker can be too.”

This approach removes the need for VPN concentrators, inbound firewall rules, or exposed IPs. Applications go dark. And attackers can’t target what they can’t see.

The Philosophy That Replaces the Perimeter

At its core, Zero Trust is a framework built on three non-negotiable principles, defined by NIST and echoed in Zscaler’s architecture:

1. Never trust, always verify
   Every user, device, and workload must be authenticated and validated continuously—not just at login. Trust is not a location or a certificate. It’s earned, and it expires.
2. Enforce least-privilege access
   Users don’t need broad network access—they need specific access to specific applications, at specific times. Permissions should be as narrow as possible, always.
3. Assume breach
   Compromise is inevitable. The architecture must contain and isolate it. Lateral movement should not just be blocked—it should be impossible by design.

“Every one of those ideas breaks the legacy model,” Desai told me. “That’s why you can’t just rebrand your VPN and call it Zero Trust. It either enforces these tenets—or it doesn’t.”

At Zscaler, these principles are enforced not by firewalls, not by segmentation rules, but by the architecture itself. With ZPA, applications aren’t directly reachable, users aren’t on the network, and policies are enforced every time a connection is made.

From this foundation, the rollout begins.

The Four-Stage Shift to Zero Trust

Zscaler doesn’t advocate a forklift replacement of legacy systems. Instead, Desai laid out a four-stage adoption path—one that starts where the risk is highest and compounds benefit over time.

1. Secure Internet Egress with ZIA

Before private apps, start with outbound traffic. Zscaler Internet Access (ZIA) enforces consistent policy and TLS inspection across all users—without backhauling traffic to a central datacenter.

This removes the need for on-prem proxies and applies protection close to the user. It’s the foundation that makes the rest of Zero Trust scalable.

2. Replace Inbound VPN with ZPA

The next move is to eliminate VPN tunnels altogether. ZPA makes private applications invisible to the internet—no public IPs, no exposed services, no inbound firewall rules.

“It’s not just blocking access,” Desai said. “It’s removing the ability to even knock on the door.”

Access is determined by who the user is, what device they’re using, and what policy allows. Not where they’re connecting from or what network they’re on.

3. Segment User to Application Access 

This is where most organizations truly begin to understand the power of Zero Trust.

Instead of segmenting by subnet, VLAN, or NAC, Zscaler segments by user-to-app relationships. Policies are built around identity, not infrastructure. And Zscaler’s machine learning engine can detect real access patterns to suggest adaptive policies over time.

Desai shared one example where a customer believed they had 300 internal applications. Zscaler discovered over 10,000.

“You can’t segment what you don’t know exists,” he said. “But you also don’t have to do it all at once. Start with your crown jewels. Then isolate your riskiest users.”

That might include employees who routinely fail phishing simulations, users on unmanaged devices, or accounts showing anomalous behavior.

4. Trap the Attacker Before the Damage Spreads

Even with segmentation in place, breaches happen. But Zero Trust doesn’t stop at prevention—it extends into containment.

Zscaler integrates deception directly into the access layer: decoy applications, seeded with breadcrumbs, are presented to users just like real apps. If touched, access to the real environment is immediately revoked—and the attacker is isolated.

“They don’t even know they’ve been shut out,” Desai said. “But they’ve already lost.”

This eliminates the lateral movement that VPNs so often enable—and turns the attacker’s playbook against them. 

This is what makes Zero Trust more than prevention. It’s containment by design.

What Doesn’t Work: NAC and Cloud VPNs

Desai was unequivocal about what Zero Trust is not.

“Putting a VPN in the cloud doesn’t change what it does,” he told me. “If users still get placed on the network, you’ve changed the address, not the architecture.”

Network Access Control (NAC) solutions are equally limited. They may inspect device posture at the edge, but they can’t prevent what happens inside a session—especially if the attacker has valid credentials. They can’t block data exfiltration from within an approved connection. And they certainly can’t make applications invisible.

The Real Benefit: Simplicity That Scales

While the security benefits are clear, Desai pointed out that Zero Trust is also an operations win—especially for organizations struggling with VPN overhead.

According to the VPN Risk Report:

• 54% of security teams say VPNs cause recurring incidents
• 41% say they drain resources from higher-value projects
• ManpowerGroup cut 97% of remote access support tickets after moving to ZPA

“It’s not just your security team that benefits,” Desai said. “It’s your IT team. It’s your users. It’s your CFO who doesn’t want to keep buying concentrators or renewing patching contracts.”

When infrastructure goes away, complexity and resulting cost follows it out the door.

Making the Case to the Board

Desai wrapped our conversation with advice for CISOs working to bring Zero Trust to the boardroom. His recommendation: don’t talk about controls. Talk about containment.

“The question isn’t whether you’ll be breached,” he said. “It’s what happens next. VPNs let that breach spread. Zero Trust stops it where it starts.”

With VPNs, the breach spreads. With Zero Trust, the breach is contained—access is limited by default, and even successful compromise can’t move laterally.

Desai advises CISOs to lead with these three points:

1. Zero Trust shrinks breach impact
2. It scales with distributed users and cloud adoption
3. It replaces assumptions with proof—every time a connection is made

In a security climate where prevention is imperfect, containment is king.

A Shift That’s Already Happening

According to the 2025 VPN Risk Report, the transition is already happening. 65% of organizations are moving away from VPNs. 81% are investing in Zero Trust architecture.

This isn’t about buzzwords. It’s about control.

“VPNs make you reachable,” Desai said as we stood to leave. “Zero Trust makes your network and applications invisible to attackers. That’s the future.”

The post The End of VPNs — Part 2: Beyond the Buzz of Zero Trust first appeared on Cybersecurity Insiders.

The post The End of VPNs — Part 2: Beyond the Buzz of Zero Trust appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/pDOtJMx
via IFTTT

High-pressure incidents can be defining moments for organizations, demanding immediate, coordinated, and often high-stakes responses. In the realm of cybersecurity, where threats evolve rapidly and stakes include sensitive data, reputational damage, and financial loss, the pressure to act quickly is intense. While technical tools and expertise often take center stage in incident response, an equally critical and sometimes underestimated component is effective communication. As leadership expert Simon Sinek famously said, “Leadership is not about being in charge. It is about taking care of those in your charge.” In the heat of a cyber crisis, that care manifests through structured, empathetic, and timely communication that aligns teams, reduces confusion, and drives action.

This article explores practical communication strategies drawn from real-world incident response experiences to help security teams navigate the complexities of an active cyber crisis with clarity, calm, and confidence.

The Role of Communication in Cybersecurity Incidents

In cybersecurity, high-pressure incidents frequently involve fast-moving and complex threats such as ransomware outbreaks, data breaches, supply chain compromises, or insider threats. Each minute during an incident counts, delays in containment can amplify damage exponentially. The ability to communicate clearly both within technical teams and with non-technical stakeholders is crucial to mitigating impact and accelerating recovery.

Consider the handling of the 2020 SolarWinds supply chain compromise, often cited as a textbook example of effective crisis communication in cybersecurity. The victim organization faced a highly sophisticated attack that silently compromised thousands of customers. Rather than resorting to silence or obfuscation, the company published transparent, technically detailed blog posts outlining what was known about the attack, how it was being investigated, and practical mitigations customers could apply. Alongside public communications, internal teams maintained continuous updates and alignment across engineering, security, and leadership functions. This dual internal-external communication approach helped build customer trust and enabled rapid adoption of defensive measures, containing the damage faster than might otherwise have been possible.

Done right, communication transforms incident response from a frantic scramble into a coordinated, focused effort where everyone understands their role, priorities, and next steps. It establishes a rhythm and clarity that reduces panic, eliminates duplicative work, and enable swift decision-making.

Key Elements of Effective Communication During an Incident

Effective communication can make or break an organization’s response to a cybersecurity incident. The following core practices have proven vital in maintaining clarity, control, and confidence during high-pressure moments:

a. Structured Communication Cadence

One of the first lessons is to establish a predictable rhythm for communications. When uncertainty and chaos abound, a set cadence of updates brings much-needed stability. For example, during a ransomware outbreak at a global manufacturing company, the response team instituted two-hourly technical syncs where engineers shared progress on containment and forensics. Meanwhile, a separate briefing for executives occurred every four hours, providing strategic context and business impact summaries. This predictable cadence ensured tactical teams and decision-makers were aligned, and no critical information fell through the cracks.

Choosing appropriate communication channels and intervals is essential. For example, chat platforms work well for rapid-fire technical updates, while email or video calls suit broader leadership briefings. The key is consistency; team members should know when and where to expect updates.

b. Audience-Centric Messaging

Another fundamental principle is tailoring communication to the audience’s needs. Not all stakeholders require or want the same level of technical detail. For instance, during a cloud misconfiguration incident that exposed customer data, the security engineers needed detailed packet captures and logs to identify root causes and patch vulnerabilities. Meanwhile, the executive board required a concise summary outlining the incident’s impact, legal obligations, and remediation timelines.

In a real-world scenario, a financial services company experienced a similar breach where technical teams worked around the clock analyzing system logs and firewall rules. Simultaneously, the C-suite received simplified updates focusing on risk exposure, regulatory reporting deadlines, and customer notification plans. This bifurcated communication approach prevented information overload for executives and ensured engineers had the detailed data they needed to act decisively.

Crafting messages with clarity and purpose for each audience helps avoid confusion, reduces unnecessary alarm, and builds trust. Technical teams value accuracy and completeness, while leadership prioritizes business risk and next steps. Separating these messages and customizing tone and depth helps keep everyone informed and aligned without overwhelming anyone.

c. Cross-Functional Coordination

Cyber incidents ripple beyond the technical realm. They affect legal compliance, public relations, human resources, and customer experience teams. In a recent phishing attack targeting a multinational’s workforce, the incident response team ensured early involvement of HR to notify affected employees and assist with password resets. Legal counsel was looped in promptly to assess breach notification requirements under GDPR. Meanwhile, communications teams prepared customer-facing statements to manage external reputation.

Such cross-functional integration avoids conflicting messages, ensures regulatory compliance, and fosters a unified organizational response. Predefined roles and communication pathways, documented well before incidents occur, enable this coordination to happen smoothly under pressure.

d. Clear Escalation Paths

Time is the most precious resource during a cyber crisis, and ambiguity about decision-making authority can cost valuable minutes or hours. In one incident involving suspected data exfiltration, lack of a clear escalation matrix caused a six-hour delay before containment approvals were obtained. This delay extended the exposure window and increased damage.

Following that event, the company implemented a role-based decision tree that clearly defines who can authorize containment actions, legal escalations, or public disclosures at each incident severity level. This clarity reduced response latency in subsequent drills and real incidents alike, emphasizing the importance of predefined escalation paths in the communication plan.

e. Calm, Concise Communication Style

How information is communicated during a crisis influences team morale and effectiveness as much as what is communicated. During a distributed denial-of-service (DDoS) attack on a major retail platform, the incident commander kept all updates short, factual, and evenly toned, avoiding panic-inducing language. This steady tone helped the engineering teams remain focused on mitigation efforts without distraction, while leadership maintained a clear understanding of progress.

Training teams to communicate calmly and assertively rather than reactively or emotionally can significantly improve performance under pressure. Consistent messaging with a measured tone reduces misunderstandings and builds confidence in the response process.

Recap Putting Communication into Practice

To illustrate these principles, consider a mid-sized financial services company responding to a ransomware infection:

Structured Cadence: The incident manager set up hourly updates via group chat for technical responders, while business leaders received consolidated briefings every four hours via video conference.

Audience-Centric Messaging: Technical teams received detailed logs and mitigation steps, while executives got high-level summaries focusing on customer impact and regulatory notifications.

Cross-Functional Coordination: Legal and compliance teams joined briefings to advise on breach reporting timelines; customer support prepared scripts for incoming inquiries; HR alerted and supported affected employees.

Clear Escalation Paths: Predefined roles ensured that authorization for network isolation and public communications moved quickly from technical leads to CISO and then CEO without delay.

Calm, Concise Style: Incident communications remained steady and factual, avoiding speculation or alarmist language, which helped maintain team focus and stakeholder confidence.

This integrated communication approach allowed the company to contain the attack within 24 hours, minimize business disruption, and meet all regulatory obligations on time.

Conclusion

Senior engineering leaders must recognize that communication is as vital as the technical response during incidents. Clear, timely, and targeted communication helps contain threats, reduces confusion, and enhances decision-making. Structured updates, predefined escalation paths, and cross-functional alignment transform chaos into coordinated action. The tone and clarity set by leaders directly influence team performance under pressure. Communication is infrastructure, not just support, and must be woven into incident response plans to safeguard systems and maintain organizational trust.

 

 

The post Engineering Calm in Crisis: Lessons from the Frontlines of Security first appeared on Cybersecurity Insiders.

The post Engineering Calm in Crisis: Lessons from the Frontlines of Security appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/SeHnrcN
via IFTTT

In 2024, browser security faced some of the most advanced cyber threats to-date. As enterprises continue to transition to and from remote work environments, relying on SaaS platforms, cloud-based applications, hybrid work setups, and BYOD policies, attackers have become hyperfocused on the browser as the connective tissue linking and supporting almost all work and personal activities.  

The rise of AI-powered attacks, abusive cloud hosting services, phishing-as-a-service (PhaaS), and zero-day vulnerabilities that focus on enterprise browsers have underscored the need for a new approach to browser security. Traditional network and endpoint security tools alone are no longer enough. Menlo Security’s annual “State of Browser Security Report” reveals a significant surge in browser-based attacks, particularly those utilizing artificial intelligence (AI) and sophisticated impersonation methods. 

Key Research Findings 

The modern browser transcends its traditional role as a web access tool; it’s now a primary entry vector for advanced cyberattacks. Attackers are increasingly leveraging browser vulnerabilities to pilfer sensitive data and circumvent conventional security measures. Menlo researchers identified a dramatic 140% surge in browser-based phishing attacks year-over-year, coupled with a 130% increase in zero-hour phishing incidents specifically. 

Credential phishing continued to run rampant in 2024, largely because traditional security measures like firewalls, secure web gateways, and antivirus tools remain ineffective against these, and other sophisticated techniques used by cybercriminals. In fact, six days is the average window of exposure before legacy security tools can detect threats from zero-hour phishing attacks. While many enterprises have endeavored to improve browser security, they tend to focus on security at the network or endpoint level, which are not equipped to combat evasive threats like obfuscating malicious code, fileless malware and memory-only payloads. These techniques hide malicious activity within seemingly legitimate web traffic, making detection more difficult.  

Cloud-network services have attempted to mitigate the growing problem of browser-based attacks, but they often introduce added complexity and significant management costs without delivering robust protection against advanced phishing tactics. Compounding these challenges is the escalating trend of attackers exploiting cloud services themselves to host malicious content, including phishing sites and ransomware. Notably, AWS and CloudFlare accounted for nearly 50% of all instances of abused cloud hosting in 2024. This concentration underscores the allure of major cloud providers as targets for malicious actors who seek to leverage their extensive infrastructure for illicit activities, highlighting a critical security gap that existing solutions are failing to adequately address. 

Continuing Trends 

The data in the Menlo State of Browser Security Report is a clear indication of the current threat landscape, and what enterprises can expect in 2025 and beyond. Here are our research-based predictions for the months to come: 

1.Ransomware will continue to reign supreme. Ransomware will remain a highly prolific attack type, with cybercriminals targeting critical infrastructure to extract financial gains. We expect threat actors to increasingly use browser-based attacks to deploy ransomware, targeting sectors like healthcare, energy and transportation, and using the advanced techniques described above to bypass traditional defenses. The significant impact of ransomware attacks, such as the phishing campaign against Change Healthcare in 2024, highlights the need for organizations to prioritize browser security, adopt strong security measures and stay updated with the latest threat intelligence and business continuity protocols.  

2.AI-driven deepfakes will aid in bypassing traditional security tools. The volume of AI-driven cyber fraud has not yet reached its peak – we will see this attack type continue to rise in 2025 and beyond. Scam activities such as fake AI tools posing as legitimate platforms offering premium AI services will be used to steal login credentials and personal data, or direct users to phishing forms. Exploitation of user trust through sophisticated social engineering techniques will be key to targeting social media platforms and search engines.  

3.The cyber gap between small and large businesses will continue, leaving smaller businesses more vulnerable to attack. Larger enterprises are among the first to begin incorporating browser security strategies and security tooling that incorporates AI, helping with defenses that leave too much room for human error. On the other hand, we will see a larger proportion of small businesses continue to be affected by ransomware and other browser-based threats due to fewer resources, lack of dynamic security controls in the browser, and their inability to effectively monitor user behavior. Organizations will also start to leverage AI to level out their Security Operations Centers (SOCs), so that they don’t need as many resources to run it. Regardless of size, browser security is no longer optional but a fundamental survival strategy requiring proactive protection and preventative security.  

4.Threats to edge and IoT devices will rise. Edge and Internet of Things (IoT) devices are becoming prime targets for cybercriminals, particularly due to their often-limited security measures and widespread use in both personal and corporate settings. From smart cameras and wearables to home assistants, there will be more zero-day vulnerabilities exploited in the wild, with threat actors identifying and exploiting these weaknesses to gain control of these devices, use them for DDoS attacks and other malicious activities. 

5.Left unsecured, remote and hybrid environments will exacerbate insider threats. In the months to come, insider threats will increasingly originate from well-intentioned users who fall victim to sophisticated targeted attacks, exacerbated by remote and hybrid work environments. New tools and technologies will emerge to assist users in avoiding these risks, removing the burden of identifying and mitigating potential risks on their own. These tools will be able to detect malicious activity and perform far above the capacity of manual human analysis.  

Browser security will remain a critical area of focus for both security teams and end users, affecting both equally. The cyber threat landscape is shifting quickly, driven by advancements in technology such as AI and also changes in how and where people work. Cybercriminals are constantly refining their attack tactics – organizations must be doing the same on the defensive side, looking to implement robust security measures, prioritizing browser safety, and leveraging innovative tools to detect and thwart threats.  

The post Recent Evolution of Browser-based Cyber Threats, and What to Expect Next first appeared on Cybersecurity Insiders.

The post Recent Evolution of Browser-based Cyber Threats, and What to Expect Next appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/59gpdTR
via IFTTT

As a website owner, one of my top priorities is to ensure that my website is protected from cyber threats. After trying various web application firewalls (WAFs), I recently discovered SafeLine WAF, and I’m thoroughly impressed. If you’re looking for an affordable, yet powerful WAF solution, SafeLine is the perfect choice.

What is SafeLine WAF?

SafeLine WAF is a web application firewall designed to protect websites from a variety of attacks, including SQL injections, cross-site scripting (XSS), and zero-day attacks. It acts as a shield between your website and malicious traffic, ensuring that your website remains secure while still allowing legitimate users to interact with your site.

How SafeLine Works

 

What sets SafeLine apart from other WAF solutions is its semantic analysis engine, which goes beyond traditional signature-based detection. Instead of just identifying known attack patterns, SafeLine analyzes the behavior and context of incoming traffic to detect even sophisticated, zero-day attacks. This makes it not only effective but also highly adaptable to evolving threats.

Key Features of SafeLine WAF

1.Semantic Analysis for Advanced Threat Detection

SafeLine’s semantic analysis engine sets it apart from other WAFs. Unlike traditional signature-based firewalls that can only detect known threats, SafeLine looks at the behavior and context of traffic, enabling it to detect sophisticated attacks that are not yet widely recognized. This means your website is protected from both known and unknown threats.

2.Bot Protection

SafeLine provides multi-layered defense against bot attacks like malicious crawlers through CAPTCHA verification, dynamic protection, and anti-replay protection.

3.HTTP Flood DDoS Protection

The most common way to defend against HTTP flood DDoS attacks is to limit the rate of visits from source IPs. But it’s not enough. Skilled attackers will find ways to bypass detection. Therefore, in addition to rate limiting, SafeLine also supports Waiting Room, to limit user traffic.

4.Identity and Access Management

SafeLine provides unified identity management for both on-premise and cloud applications through standard protocols.

5.Customizable Security Rules

SafeLine provides the ability to customize security rules based on your specific needs. Whether it’s blocking certain types of traffic or monitoring suspicious activity, you can fine-tune the firewall to provide the exact level of protection your website needs. 

6.User-Friendly Setup and Management

Not only is SafeLine one of the most affordable WAF solutions, but it is also incredibly easy to use. The setup process is fast and straightforward, making it perfect for those who don’t have extensive technical knowledge. 

Once installed, the intuitive dashboard (See SafeLine Demo here) makes managing and monitoring your website’s security effortless. You can easily access attack logs, view real-time alerts, and make custom adjustments without a steep learning curve.

Why SafeLine is the Best Choice for Small Businesses

When it comes to WAFs, price can often be a limiting factor, especially for small businesses or personal websites. Many high-quality WAFs can cost hundreds of dollars per month, making them inaccessible to those with limited budgets. 

However, SafeLine is a game-changer in this regard. It provides a Free edition for personal use. The Lite edition costs $10 per month. For users needing more advanced features, the Pro edition is also available at a competitive price of $100 per month, giving you full flexibility and powerful protection.

The key takeaway here is that SafeLine offers the best value for the features it provides. Whether we’re a small business, an individual site owner, or an enterprise, SafeLine is here to keep our websites safe from cyber threats. 

 

 

 

 

 

 

The post SafeLine WAF: Best Security Choice for Small Businesses first appeared on Cybersecurity Insiders.

The post SafeLine WAF: Best Security Choice for Small Businesses appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/z5lp08b
via IFTTT

Coinbase, one of the largest cryptocurrency exchanges, has disclosed a significant data breach that exposed sensitive customer information, including government-issued IDs. The attackers contacted Coinbase on May 11, demanding a $20 million ransom to prevent the public release of the stolen data.

The breach could result in losses of up to $400 million, depending on regulatory fines, legal actions, and customer compensation. Coinbase has launched an internal investigation and is cooperating with law enforcement. It has also notified affected customers and offered support.

The implications of the Coinbase breach are significant for crypto users and investors, spanning financial, regulatory, and trust-related concerns.

For crypto users, the risks are substantial. If government-issued IDs and personal data were stolen, users could face identity theft, phishing attacks, or SIM swapping. This could lead to unauthorized access to other financial accounts or crypto wallets. Users may lose confidence in Coinbase’s ability to protect their data, prompting them to move assets to other platforms or cold storage. Coinbase might implement stricter security protocols or temporarily limit certain services, affecting user experience. Affected users might be eligible for compensation or become part of class-action lawsuits.

For investors, the breach could lead to stock price volatility. Publicly traded companies like Coinbase (COIN) often see sharp stock price drops after breaches due to shaken investor confidence. The breach could trigger investigations by the SEC or other regulators, potentially leading to fines or new compliance requirements. Coinbase will likely need to invest heavily in cybersecurity upgrades, legal defense, and customer support. Long-term brand damage could reduce user acquisition and retention, impacting revenue growth.

David Stuart, Cybersecurity Evangelist at Sentra, commented on the breach, saying, “The Coinbase breach highlights the growing challenge of protecting sensitive customer data in highly interconnected digital ecosystems. Financial platforms, in particular, carry an outsized responsibility to safeguard personal and financial information against increasingly sophisticated threats. Full visibility into where sensitive data resides, how it moves, and who can access it is essential, especially as data spans cloud, SaaS, and third-party environments. Without continuous monitoring, access governance, and proactive risk management, even well-defended systems can become vulnerable. Organizations must prioritize a data-first security model that ensures sensitive information remains protected at every layer, beyond just perimeter defenses.”

Clyde Williamson, Senior Product Security Architect at Protegrity, added, “Coinbase says the affected customer base impacted in this attack is less than 1% of its 9.7 million customers to minimize the impact. That’s still around 1 million people whose sensitive information has been compromised, and the financial damage to Coinbase itself isn’t small. Malicious actors can do significant damage with your name and contact information; imagine what they’ll do with masked bank information and Social Security numbers. This attack was only possible because contractors and support personnel were allowed access to this information. This was an entirely avoidable situation on Coinbase’s part, and now they’re expecting the customers who trusted the organization with their highly sensitive information to perform damage control. It’s great that Coinbase was legally required to disclose this attack quickly, but those customers will be haunted by this breach. Disclosure without real action is data security’s ‘thoughts and prayers.’ Consumers deserve better than to live in constant fear of their data.”

The breach underscores the critical need for robust cybersecurity measures to protect sensitive customer information..

 

The post Experts React: Coinbase Discloses Breach, Faces Up to $400 Million in Losses first appeared on Cybersecurity Insiders.

The post Experts React: Coinbase Discloses Breach, Faces Up to $400 Million in Losses appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/6pvwqiS
via IFTTT

Do you know that the average cost of a data breach is expected to reach over USD 4 million by the end of 2025, having already reached around USD 4.86 million globally in 2024. Data leaks and cyberattacks have increased in frequency, affecting more than 342 million people in 2023. Here are a few recent data breach cases in prominent fields.

Thus, in the modern world, data protection becomes crucial to protect individual rights, foster trust in digital interactions, and preserve personal integrity. According to Research Nester’s analysis, the market for data protection is expected to reach USD 1.12 trillion by 2037, up from USD 158.77 billion in 2024. The need for data protection and recovery, the increased organizational awareness of data integrity, and increasing cybersecurity threats are some important factors that will support the growth of the global data protection market. Further, in this blog post, let’s explore evolving trends and identify future opportunities in the data protection market.

1.Growth of Remote Work Culture and Bring Your Own Device (BYOD) Policies

As of March 2025, more than 35 million Americans, or around 21% of all employees, worked remotely to some extent. Due to the growing accessibility of technology and the recognition that working remotely can be more effective and efficient, the workforce is increasingly moving toward remote arrangements. As a result, strong data protection measures are required as remote workers have long been viewed by hackers as weak points in their attempts to access systems and steal data. For instance, in 2023, the average cost of a data breach was around USD 5 million, and breaches related to remote work cost an extra USD 173,073 on average per occurrence. Moreover, fostering a culture of security and compliance in remote work situations is crucial since remote work presents a wide range of cybersecurity challenges.

2.Adoption of Zero Trust Architecture (ZTA)

Zero Trust is an integrated, proactive strategy that offers quick improvements in security controls and risk mitigation. To improve cybersecurity and preserve the integrity of federal agency networks, organizations are increasingly using ZTA in response to the growing prevalence of remote work, cloud computing, and sophisticated cyber threats. Small and medium-sized businesses (SMBs) are exposed to a growing range of security vulnerabilities, making ZTA an essential strategy to protect SMBs. For instance, SMBs were the target of over 60% of cyberattacks in 2023. In fact, in 2023, about 94% of cybersecurity events that affect SMBs cost between USD 825 and USD 653,586. 

3.Shift to Cloud Computing

According to the European Commission, in 2023, 45.2% of EU businesses purchased cloud computing services, primarily for office software, electronic file storage, and email system hosting. Moreover, by the end of 2025, more than 90% of all businesses globally will rely on cloud computing services to support their operations, around 13% in 2020. This shift has necessitated robust data protection strategies as it also introduces the risk of data breaches. For instance, data stored on the cloud was the cause of over 75% of data breaches in 2023, making the cloud a susceptible area. This is further boosting spending on cloud security to protect cloud-based systems from changing cyber threats, illegal access, and data breaches. 

4.Presence of Stringent Data Privacy Laws

Almost all nations have passed some kind of data privacy legislation to safely shield data from breaches, illegal access, and online dangers. Businesses that prioritize data privacy should adhere to legal requirements, protect assets, build trust, and promote sustainability. With rising concerns over data breaches, countries around the world are doubling down on data privacy regulations. Let’s look at how several nations are emphasizing data privacy laws.

1. The Indian Parliament passed the Digital Personal Data Protection (DPDP) Act, 20236, at the beginning of August 2023, which is the country’s first data protection law. The fines for breaking the DPDP Act can range from around ₹49 crore to over ₹240 crore for each infraction.
2. Under the California Privacy Rights Act (CPRA), the state government of California established the California Privacy Protection Agency (CPPA) to strengthen consumer data rights while informing customers by encouraging openness, enforcement, and education. For a single CCPA violation, civil penalties can vary from over USD 2400 to USD 7400.
3. The General Data Protection Regulation (GDPR) went into force throughout the European Union on May 25, 2018, impacting any organization that handles the data of people who reside in EU member states. Those that break the GDPR’s privacy and security rules might face severe fines of around 9 million euros, or over 1% of a company’s global yearly turnover from the prior year, whichever is higher.

In a Nutshell,

Every business should place a high premium on data protection to maintain the confidentiality and integrity of the data. As a result of increased rules, technical improvements, and an increasing emphasis on individual rights and control, data privacy is set to undergo major change in the future. Towards the end, the global data protection market is poised for significant growth in the evolving cybersecurity landscape.

Source: https://ift.tt/cFf9Qd7 

 

The post Data Protection Market: Endless Possibilities to Ensure a Secure Future first appeared on Cybersecurity Insiders.

The post Data Protection Market: Endless Possibilities to Ensure a Secure Future appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/3tWwAsO
via IFTTT

[Part 1 of 2 – Based on an interview with Zscaler CSO Deepen Desai]

By Holger Schulze, Cybersecurity Insiders

The 2025 RSA Conference floor was buzzing earlier this month—every booth promising maximum security, every vendor claiming AI. But when I sat down with Deepen Desai in a quieter room to talk about secure access, he cut straight to the point: 

“VPNs are exposed by design,” he said. “And anything exposed is exploitable.”

Desai is the Chief Security Officer at Zscaler. He leads ThreatLabz, one of the most recognized research teams in cloud security. His team had just released the 2025 VPN Risk Report, an unflinching assessment of how legacy remote access infrastructure is failing the modern enterprise.

The numbers alone signal a turning point:

• 65% of organizations plan to eliminate VPNs within 12 months
• 81% are moving toward a Zero Trust architecture
• 92% are concerned that unpatched VPNs will lead to ransomware attacks

But those numbers weren’t the headline. The real story was what Desai said next.

“The problem with VPNs isn’t misconfiguration. It’s that they work exactly as designed—by placing users on the network. That’s the flaw.”

From Access to Attack Surface – The Blast Radius Is the Network

For years, VPNs served as the default answer to remote access. They were familiar, deployable, and “secure enough.” But the world they were built for no longer exists. And in today’s hybrid work and cloud-first environment, that familiarity is dangerous as they create tunnels from users into internal environments: because once authenticated, VPNs grant network-level access.

“VPNs don’t connect you to an application,” Desai explained. “They put you on the network—and once you’re there, the entire routing table is fair game.”

Between 2020 and 2025, Zscaler ThreatLabz tracked over 400 CVEs tied to VPN appliances as reported by the MITRE CVE Program. In 2024 alone, 60% of new VPN vulnerabilities were rated high or critical. These flaws allowed attackers to bypass authentication, execute code remotely, or hijack sessions outright. And the adversaries aren’t waiting around. 

And as Desai pointed out, attackers are often exploiting them faster than vendors can patch.

“We’ve seen ransomware groups reverse-engineer VPN vendor patches within hours of release,” he said. “They don’t need to wait for the next zero-day exploit. They just need to watch the update notes.”

Once inside, VPNs offer no built-in segmentation. No identity-aware access. No containment. 

We’ve seen this play out repeatedly. In the past 24 months, attacks targeting Citrix, Pulse Secure, and Ivanti VPNs forced urgent patch cycles, major outages, and—in at least one case— U.S. federal agencies were ordered to physically disconnect appliances to prevent a breach.

“When a government agency tells you to unplug your VPN device,” Desai said, “that’s not a security advisory. That’s an obituary.”

The Breach Blueprint: Four Stages of Exploitation

What makes VPNs so dangerous today is not just that they’re reachable—it’s what they enable after compromise. Desai broke it down like a blueprint, because that’s exactly how attackers see it:

1. Find an exposed VPN endpoint—scan the internet or query an LLM trained on CVE metadata.
2. Compromise the device—via credentials, phishing, or a known exploit.
3. Move laterally—because VPNs place you on the internal network with broad access.
4. Exfiltrate or encrypt—steal data or detonate ransomware.

“If your device is compromised,” Desai warned, “the blast radius is everything your VPN can reach on the network. And with most VPNs, that’s a lot.”

AI Is Changing the Rules—and Breaking the Old Model

Desai also emphasized that attackers aren’t just adapting to old defenses. They’re automating past them.

“We’re already seeing threat actors use AI to scale reconnaissance,” he said. “They use GPT models to query CVE databases, plan attacks, and generate working exploits faster than most teams can patch.”

In this new era, attackers no longer need weeks of manual research. They can run 1,000 automated scans, find the exposed systems, and strike—at scale.

“They don’t care about an 80% failure rate,” Desai added. “If 20 out of 100 attacks succeed, they win. But we can’t operate that way. We have to defend everything.”

And while defenders have AI too—risk scoring, anomaly detection, automated policy generation—Desai made it clear that defensive AI only works when the architecture is simplified.

“Use AI to fight AI,” he said. “But don’t rely on AI to clean up after a broken access model. You need Zero Trust first—because if your infrastructure is reachable, you’ve already lost.”

This is where Zero Trust does more than reduce risk. It removes visibility. It denies entry. It breaks the attacker’s playbook before they press ‘Enter.’

The Quiet Cost: Normalized Fragility, Institutional Risk

Desai’s view isn’t just about external threats. He pointed to what he called the “quiet failure” of VPNs: the day-to-day cost they impose on IT, security, and end users.

“We’ve normalized the fragility,” he told me. “Dropped sessions, sluggish performance, endless helpdesk tickets—it’s all seen as just the price of remote work. But it doesn’t have to be that way.”

According to the VPN risk report:

• 54% of teams say VPNs are a recurring source of outages or support escalations
• 41% call VPN maintenance a major drain on internal resources
• 51% of users report degraded application performance
• 23% say slowdowns directly impact their productivity

The problem isn’t just the VPN tunnel. It’s the architecture around it—one that demands constant patching, exposes public IPs, and assumes any authenticated user is trustworthy enough to be on the network.

“Security teams are stuck patching appliances,” Desai said. “Helpdesk teams are buried in tickets. Meanwhile, attackers are using AI to scale recon. It’s not a fair fight.”

Inheriting Risk: Third-Party and M&A Exposure

There’s another failure mode that Desai considers just as dangerous—and far less visible: VPNs as backdoors for third-party risk.

“If your contractors connect over VPN, you’re not just exposing your apps,” he said. “You’re inheriting whatever vulnerabilities exist in their environments.”

In one 2024 incident cited in the report, a financial services firm suffered a breach after attackers exploited a third-party VPN connection, exposing data from nearly 20,000 clients.

And the risk is amplified during mergers and acquisitions.

“Attackers monitor the news,” Desai said. “When an acquisition is announced, they target the smaller company. It’s lean, underprotected, and usually connected by VPN to the parent. That’s the bridge—and no one’s watching it.”

What Happens When the VPN Is Gone

So what does life after VPN actually look like?

Desai offered a clear example: ManpowerGroup, a global enterprise with over 30,000 users, fully transitioned from traditional VPN to Zscaler Private Access (ZPA)—in just 18 days.

The impact wasn’t just faster logins or simplified administration. It was architectural.

• No exposed IP addresses
• No lateral network access
• 97% reduction in helpdesk tickets related to remote access
• Application access based on identity and policy—not network level routing

“When you eliminate the idea of being ‘on the network,’” Desai said, “you eliminate the attacker’s playground.”

Coming Next: The End of VPNs —Beyond the Buzz of Zero Trust

In Part 2 of this series, we’ll go deeper into how Zero Trust replaces VPNs—not just in branding, but in architecture. We’ll walk through how Zscaler applies Zero Trust in practice, why identity—not subnet—is the new perimeter, and how organizations are using app-segmentation and deception to stop lateral movement before it starts.

Because the future of secure access isn’t about building safer tunnels. It’s about removing the need for VPN tunnels altogether.

The post The End of VPNs — Part 1: Why Reachability is the New Risk first appeared on Cybersecurity Insiders.

The post The End of VPNs — Part 1: Why Reachability is the New Risk appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/dvLqhG9
via IFTTT

In today’s sophistication driven world, ransomware attacks have become one of the most pervasive and damaging forms of cybercrime. These attacks, which involve hackers encrypting a victim’s data and demanding a ransom for its release, can cripple businesses, institutions, and individuals alike. 

According to recent statistics, ransomware attacks are on the rise, with cybercriminals employing more sophisticated techniques to extort victims. In light of this growing threat, businesses are looking for innovative ways to safeguard their critical data.

One solution that is gaining traction is immutable data storage. This technology provides a robust defense against ransomware by ensuring that data cannot be altered, encrypted, or deleted once it’s written. In the event of a ransomware attack, immutable storage acts as a critical line of defense, offering several unique benefits that can significantly reduce the impact of an attack.

What is Immutable Data Storage?

Immutable data storage refers to a data storage system in which information is made permanent and cannot be changed, deleted, or altered once it has been written. This immutability is typically achieved through features like write-once-read-many (WORM) protection or blockchain-based technologies. The idea is simple: data is locked down to prevent malicious actors from tampering with it, even if they gain access to the system.

In the context of ransomware, immutable storage acts as a safeguard against the encryption of critical files. Since attackers typically rely on being able to alter or delete data, immutable storage renders that attack vector useless, as the data remains untouchable.

Key Benefits of Immutable Data Storage in Ransomware Defense

1. Protection from Data Encryption

Ransomware attacks often involve encrypting the victim’s files, making them inaccessible without a decryption key, which is usually provided only after paying a ransom. With immutable data storage, once data is written to the storage medium, it cannot be encrypted or modified. This ensures that, even if attackers manage to infiltrate the system and deploy ransomware, the critical backup data remains unaffected and accessible.

For instance, if a company’s sensitive data and backup files are stored in an immutable format, they cannot be encrypted by ransomware, even if the main systems are compromised. The organization can then restore its data from the unaltered copies, without having to pay the ransom.

2. Data Integrity and Reliability

Immutable storage offers a high level of data integrity, ensuring that the data cannot be tampered with or corrupted. In the aftermath of a ransomware attack, this guarantees that businesses have access to a clean, unmodified version of their files. This reliability is crucial for maintaining business continuity, as it allows for a quicker and smoother recovery process.

For example, many organizations rely on backup systems to recover from cyberattacks, but if backups themselves are compromised or deleted, recovery becomes almost impossible. Immutable storage prevents this from happening, ensuring that backups remain secure and viable for recovery even in the worst-case scenario.

3. Increased Resilience to Insider Threats

While ransomware attacks are often associated with external cybercriminals, insider threats—such as disgruntled employees or compromised accounts—are also a significant risk. In such cases, malicious insiders may attempt to alter, delete, or encrypt critical data.

Immutable data storage, however, blocks any attempt to modify or delete data, even by trusted internal users. The security model ensures that data is always preserved in its original form, thereby mitigating the risks posed by insider threats.

4. Facilitating Regulatory Compliance

Many industries are subject to strict data protection regulations that require businesses to keep secure, unaltered copies of their data for specific periods. This is especially true for sectors like finance, healthcare, and legal services, where data integrity and availability are paramount. Immutable storage helps businesses meet these compliance requirements by ensuring that data is stored securely and cannot be tampered with, offering a clear audit trail in the event of an investigation.

By implementing immutable data storage solutions, organizations can demonstrate that they are following best practices for data security and regulatory compliance, protecting themselves from both legal and financial repercussions.

5. Cost-Effective and Fast Recovery

One of the biggest challenges of a ransomware attack is the cost of downtime and the expense of restoring data. Businesses may spend days or even weeks trying to recover from the attack, especially if they lack a reliable backup system. Immutable storage mitigates these recovery costs by ensuring that backup data remains intact and readily available.

In addition, since immutable storage prevents data modification or deletion, there is no need for costly and time-consuming efforts to verify the integrity of the backup. The data is already safe, reducing both recovery time and financial losses. This enables businesses to return to normal operations faster, minimizing the operational disruption that comes with ransomware attacks.

How Immutable Storage Works

To fully understand the effectiveness of immutable storage, it’s important to know how it operates in practice. There are two main approaches to implementing immutability:

1.Write Once, Read Many (WORM): WORM is a feature that locks down data once it’s written to a storage medium, making it read-only. Any subsequent attempts to modify, delete, or encrypt the data are blocked. Many modern cloud providers offer WORM-enabled storage as a feature in their backup and archival systems.

2.Blockchain Technology: Some organizations are exploring the use of blockchain technology to create immutable records of data. Blockchain provides a decentralized ledger where each block contains a cryptographic record of data that cannot be altered once it is added to the chain. This offers a tamper-proof system for storing important records, which could play a critical role in preventing ransomware attacks.

Conclusion: A Crucial Layer of Defense

As ransomware attacks continue to evolve in sophistication and frequency, businesses must explore every available defense to protect their critical data. Immutable data storage offers a powerful and proactive solution, helping organizations secure their data against modification, encryption, and deletion.

By implementing immutable storage, businesses can ensure that, in the event of a ransomware attack, they still have access to clean, unaltered backups for recovery. In a time when the cost of a successful ransomware attack can be devastating, adopting immutable storage is an investment in both security and peace of mind.

In the fight against cyber threats, immutability provides one of the most effective weapons available.

The post The Power of Immutable Data Storage in Defending Against Ransomware Attacks first appeared on Cybersecurity Insiders.

The post The Power of Immutable Data Storage in Defending Against Ransomware Attacks appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/vsEg4Qp
via IFTTT

Cary, North Carolina, May 13th, 2025, CyberNewsWire

Comprehensive Training Platform Delivers Solutions for AI Security, Cloud Management, and Incident Response Readiness.

Fresh from a high-impact presence at RSAC 2025, where INE Security welcomed thousands of visitors to its interactive booth at San Francisco’s Moscone Center, the global cybersecurity training and certification provider is addressing some of the top cybersecurity priorities emerging from the industry-leading event. As an exhibitor that engaged with both frontline practitioners and top-level decision makers, INE Security gained firsthand insights into organizations’ most pressing security challenges: the convergence of AI-driven threats, multi-cloud vulnerabilities, and increasingly sophisticated attack vectors. 

Four days of packed session tracks and face-to-face discussions with industry leaders pointed to a clear reality: a large majority of ransomware victims lack effective response plans, and even more security professionals have doubts about their organization’s readiness for zero-day attacks. INE Security is addressing how a comprehensive training platform directly addresses the five most critical security imperatives that dominated this year’s conference conversations.

Top 5 Cybersecurity Imperatives from RSAC 2025

1. AI Risk Management Becomes Business-Critical

AI security solutions dominated RSAC this year, signaling that as organizations adopt advanced response technologies, comprehensive training must keep pace. 72% of leaders report an increase in organizational cyber risks, with ransomware remaining a top concern, according to the World Economic Forum. Organizations deploying AI tools and Large Language Models discover their systems vulnerable to sophisticated exploits that can manipulate AI behaviors, leading to data breaches and system compromises. This shift demands immediate security expertise to protect AI implementations.

2. LLM Vulnerabilities Expose Enterprise Data

Large Language Models (LLMs) emerged as a flashpoint at RSAC, sparking debates on the risks and merits. Despite the variety of strong opinions, what is clear is that LLMs are here to stay. They represent a new frontier for cyber threats, with critical vulnerabilities emerging from AI training data, model manipulation, and prompt injection attacks. The cybersecurity community at RSAC 2025 identified this as one of the year’s most pressing concerns, with a large majority highlighting the advance of adversarial capabilities (such as phishing, malware development, and deep fakes) as their greatest concern regarding generative AI impact on cybersecurity. Organizations must understand and defend against these AI-specific attack vectors to protect their digital assets, creating new specialized job titles such as AI Security Analyst.

3. Multi-Cloud Environment Security Becomes Complex 

Across domains, cloud remains top of mind for industry executives. As businesses adopt multiple cloud platforms, security analysts face new challenges in maintaining consistent security postures across diverse environments. Research presented at RSAC 2025’s cloud security sessions by the Cloud Security Alliance found that although misconfigurations appear in a majority of real-world breaches, over 50% of organizations rate them as a low-to-moderate risk. This gap highlights a growing disconnect between perceived and actual risk in cloud deployments. Researchers emphasized that IAM hygiene is essential, as are regular audits of the security systems in place. 

4. Zero Trust Architecture Needs Proper Implementation 

While zero trust principles are widely recognized as essential, implementing them effectively across modern IT environments proves challenging. The RSAC 2025 conference theme “Many Voices. One Community” emphasized the need for unified approaches to security, including zero trust implementation. According to Zscaler’s ThreatLabz 2025 VPN Risk Report discussed at the conference, 81% of organizations plan to implement zero trust strategies within the next 12 months. Organizations struggle with identity management, access controls, and continuous verification across cloud services, remote workers, and interconnected systems, making it critical for companies to develop talent via cybersecurity certification programs.

5. Crisis Response Requires Comprehensive Preparedness 

When cyber attacks succeed, organizations must maintain critical operations while containing threats. RSAC 2025 sessions on rapid incident response highlighted critical gaps in preparedness, while the Microsoft Digital Defense Report found 76% of organizations which suffered ransomware attacks in 2024 lacked an effective response plan. The role of cybersecurity analyst has evolved to include crisis response capabilities, making effective training in incident management a critical skill. Real world scenario training, such as INE Security’s Skill Dive lab platform, helps build important muscle memory that becomes crucial during a crisis. 

Addressing the Challenges

“After engaging with hundreds of cybersecurity leaders at our booth and participating in thought-provoking discussions throughout RSAC 2025, these five priorities clearly represent fundamental shifts in how organizations must approach cybersecurity,” said Dara Warn, CEO of INE Security. “The conversations we had with practitioners and executives alike confirmed that traditional security approaches cannot adequately address AI vulnerabilities, multi-cloud complexities, or the sophisticated response requirements of modern cyber attacks.”

INE Security provides practical solutions for each critical area:

• AI Security Fundamentals: Training on securing AI systems, understanding LLM vulnerabilities, and implementing AI-specific security controls
• Advanced Cloud Security: Hands-on experience managing multiple-cloud environments, implementing proper configurations, and maintaining security across distributed platforms
• Zero Trust Implementation: Practical guidance on designing and deploying zero trust architecture with proper access controls and verification systems
• Crisis Management Training: Realistic incident response scenarios that prepare teams to maintain operations while containing security breaches
• Continuous Skill Development: Access to 700+ courses and 50+ learning paths, and preparation for credentials from CompTIA Security+ to advanced professional certificates that help secure environments from modern threats

“The energy and insights we gathered at RSAC 2025 reinforced our conviction that the complexity of modern cybersecurity demands organizations invest in comprehensive cybersecurity training,” added Warn. “Our comprehensive training and cybersecurity certification platform ensures teams develop the expertise needed to address these challenges effectively.”

About INE Security

INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity. The company is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.

Contact

Kathryn Brown
INE Security
kbrown@ine.com

The post INE Security Alert: Top 5 Takeaways from RSAC 2025 first appeared on Cybersecurity Insiders.

The post INE Security Alert: Top 5 Takeaways from RSAC 2025 appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/hu4scHb
via IFTTT