CSLATEST

Computing

Security

Secure systems, secure data, secure people, secure business

AUTOMATE NOW!

Time has come for

more systematic

approach to security

and compliance

NEWS

OPINION

INDUSTRY

COMMENT

CASE STUDIES

PRODUCT REVIEWS

EYE OF THE STORM

Email protection is vital

in a world beset with

ever-soaring threats

FUTURE IMPERFECT

AI accelerates into

the dark unknown

RED ALERT

Russia is ‘seizing

on AI to enhance

cyber-attacks’

Computing Security Mar/Apr 2025

What if there was a way to

Adapt to all Email

Security threats...

Libraesva integrates cloud email and a secure email gateway with our unique

adaptive trust engine to provide award winning protection.

Layered security defends your business against spam, malware, phishing, email

fraud, spoofing, zero-day threats, account takeover, social engineering, business

email compromise, inadvertent disclosure of sensitive information and more.

Test your security for FREE with our Email Security Tester

emailsecuritytester.com

libraesva.com

comment

DARK WEB TRADING:

FROM ROCKET LAUNCHERS

TO ANIMAL PARTS

The Dark Web is a hidden marketplace

for illegal goods and it's more

accessible than might be imagined.

From fake IDs and stolen credit cards

to explosives and even rocket launchers,

the variety of items available is chilling,

according to Bitdefender. What's even

more surprising is how these illicit markets

are structured like legitimate e-commerce

platforms - with customer reviews, bulk

deals and even 'warranties'.

Bitdefender's cybercrime unit has

infiltrated these shadowy and alarming

networks, in a bid to uncover how this

underground economy thrives, giving law

enforcement key insights into illegal

activity. Their findings highlight:

Fake IDs and Counterfeit Documents:

As low as $25, fake IDs designed to

bypass bank verification systems

Stolen Streaming Accounts: Netflix,

Amazon Prime and more for just

$5-$15

Explosives and Rocket Launchers:

Starting at $500, with items such as

rocket launchers available for as much

as $35,000

Exotic Animal Parts: Rhinos and

elephants sold for thousands of dollars.

"The accessibility of these products raises

concerns for businesses and consumers

alike," says the company. "Criminals are

using the Dark Web to exploit stolen data,

creating a vicious cycle of scams, phishing

and even cyber-attacks."

Brian Wall

Editor

Computing Security

brian.wall@btc.co.uk

EDITOR: Brian Wall

(brian.wall@btc.co.uk)

LAYOUT/DESIGN: Ian Collis

(ian.collis@btc.co.uk)

SALES:

Edward O’Connor

(edward.oconnor@btc.co.uk)

+ 44 (0)1689 616 000

David Bonner

(dave.bonner@btc.co.uk)

+ 44 (0)1689 616 000

Stuart Leigh

(stuart.leigh@btc.co.uk)

+ 44 (0)1689 616 000

PUBLISHER: John Jageurs

(john.jageurs@btc.co.uk)

Published by Barrow & Thompkins

Connexions Ltd (BTC)

35 Station Square,

Petts Wood, Kent, BR5 1LZ

Tel: +44 (0)1689 616 000

Fax: +44 (0)1689 82 66 22

SUBSCRIPTIONS:

UK: £35/year, £60/two years,

£80/three years;

Europe: £48/year, £85/two years,

£127/three years

R.O.W:£62/year, £115/two years,

£168/three years

Single copies can be bought for

£8.50 (includes postage & packaging).

Published 6 times a year.

© 2025 Barrow & Thompkins

Connexions Ltd. All rights reserved.

No part of the magazine may be

reproduced without prior consent,

in writing, from the publisher.

www.computingsecurity.co.uk Mar/Apr 2025 computing security

@CSMagAndAwards

3


Computing Security Mar/Apr 2025

inside this issue

CONTENTS

Computing

Security

NEWS

OPINION

INDUSTRY

COMMENT

CASE STUDIES

PRODUCT REVIEWS

AUTOMATE NOW!

EYE OF THE STORM

Email protection is vital

Time has come for

in a world beset with

more systematic

ever-soaring threats

approach to security

and compliance

FUTURE IMPERFECT

AI accelerates into

the dark unknown

RED ALERT

COMMENT 3

Dark Web trading

Russia is ‘seizing

on AI to enhance

cyber-attacks’

NEWS 6

Threat detection supercharged

Impact of cyber events targeted

Keep an eye on your (digital) wallet!

Threats over encrypted channels rise

ARTICLES

SPREADING THE MESSAGE 17

Yeo's new solution is staking some bold

claims in the marketplace

THE END GAME 21

Organisations are dependent on their

networks to maintain productivity. How

do they successfully mitigate risk?

A FORCE FOR GOOD.. AND BAD 14

GOLDEN AGE OF SCAMMERS 26

AI is reshaping the cybersecurity landscape,

IBM engineers took 16 hours to generate a

for good and for bad. For example, some see

phishing campaign. AI took 5 minutes

it as helping to connect the dots between

systems and data, while others point to how

ACTION STATIONS! 28

bad actors are using AI to produce convincing

What exactly are the essential elements of an

deep fakes to bypass voice recognition. The

incident response plan and how best to put

gaps in opinion will undeoubtedly widen.

these into effect?

DORA HAS LONG ARMS 29

The Digital Operational Resilience Act

(DORA) has a wide remit. Financial

IGNORE WARNINGS, PAY THE PRICE 18

services organisations need to be aware

Why would organisations simply leave

AUTOMATION NOW 'A NECESSITY' 30

themselves open to the ultra-sophisticated

A more systematic, automated approach to

attacks that now constantly threaten their

security and compliance is being mooted

businesses? Is it a shortage of finance? Is it

inertia? The answers that emerge are both

THE INSIDER MENACE 32

complex and often self-contradictory.

IAM systems not properly integrated or

maintained can pose multiple issues

CRACKING UP 34

Once the first quantum computers are

MAIL-STORM 22

'live', most of our existing encryption

Truly effective email security demands the

algorithms will become obsolete

selection of the correct products, with

the relevant capabilities and configurations,

EVENTS

while also having the right operational

BRIAN COX’S ‘STAR’ R0LE AT INFOSEC 25

procedures in place. It's intricate, demanding,

Professor Brian Cox will be headlining on

but ultimately essential.

day one of this year's Infosecurity Europe

computing security Mar/Apr 2025 @CSMagAndAwards www.computingsecurity.co.uk

4

RED ALERT: KEEP YOUR GUARD UP 10

GenAI is reshaping phishing, enabling

attackers to craft emails that mimic

human-like writing with eerie precision,

with these AI phishing and quishing emails

evading traditional filters. To counteract

these risks, AI/ML-based solutions can play

a pivotal role.

news

Will Mayes, CMC.

THREATS OVER ENCRYPTED CHANNELS RISE

Threats delivered over encrypted channels are becoming

increasingly prevalent. According to the latest Zscaler

ThreatLabz Encrypted Attacks Report, over 87% of all such

threats were delivered over encrypted channels between

October 2023 and September 2024 - a 10% increase yearover-year.

The report offers strategies and best practices to

help organisations tackle these covert threats.

Deepen Desai, Zscaler.

Says Deepen Desai, chief security officer, Zscaler: "With threat

actors focused on exploiting encrypted channels to deliver

advanced threats and exfiltrate data, organisations must

implement a zero-trust architecture with TLS/SSL inspection at

scale. This approach helps to ensure that threats are detected

and blocked effectively, while safeguarding data without compromising performance."

STRESS TAKES ITS TOLL

The Cyber Monitoring Centre (CMC) is

partnering with the British Chambers

of Commerce to gather data and insights

on the impact of cyber events on UK

businesses.

Through this collaboration, the BCC

conducts polls of its members immediately

following significant cyber events

to assess whether and how severely they

have been affected. The data is shared

with the CMC to provide insights into

the impact across various industries and

sizes of company.

"Polling with the British Chambers of

Commerce gives us access to valuable

insights that are not available from our

other data sources," states Will Mayes,

CEO of the CMC. "The partnership not

only provides quantitative data, but also

offers qualitative context on the causes

of disruption and loss."

REPORT HIGHLIGHTS CRITICAL TRENDS

Kiteworks has released its '2025 Forecast for Managing

Private Content Exposure Risk' report. It identifies

12 critical cybersecurity and compliance trends. "With

an unprecedented surge in cyber threats and tightening

regulatory landscapes, the report delivers actionable

strategies for organisations to safeguard sensitive content,

ensure compliance and enhance operational efficiency,"

states the company.

Tim Freestone, Kiteworks.

Adds Tim Freestone, chief marketing officer at Kiteworks:

"2025 presents unique challenges as organisations navigate

the dual pressures of cyber threats and regulatory compliance.

This report empowers businesses to proactively

address vulnerabilities, leverage AI-driven technologies and build resilient security frameworks

that align with their broader strategic goals."

BLUEVOYANT HAS NEW CHIEF OPERATING OFFICER

Michael Montoya has joined BlueVoyant as chief operating officer. In this role, he will take

on the responsibility of overseeing the technology, product and operations organisations.

Montoya joins as the company closed out a record-setting 2024, with new product and service

innovation, and increased customer demand leading to revenue growth, it reports.

Montoya brings more than 25 years of information technology (IT) and cybersecurity leadership

experience. He previously served as senior vice president and chief information security officer at

Equinix, and, prior to that, was chief information security officer at Digital Realty.

Says Montoya: "More than ever, CISOs and their teams need a platform that brings together

risk, compliance and operations in a manner that can help them protect their organisations from

the growing and innovative digital pandemic of cyber-attacks."

6


Building cyber security

awareness together.

Leading the way in personalised

cyber security awareness.

Keep your staff engaged, cyber-secure, and compliant with our award-winning,

personalised cyber security training.

Designed with real people and teams in mind, our expertly crafted content transforms

cyber security into an informative and captivating experience. By making learning

fun and impactful, we maximise engagement and enhance staff security behaviour,

ensuring constant vigilance against cyber threats.

Our staff fully engaged with our

security awareness program, with

completion rates over 85%

Best cyber security awareness

platform available

news

Fredrik Jubran, Logpoint.

KEEP AN EYE ON YOUR WALLET!

The European Commission has approved technical

standards for its digital wallet - with many states

aiming to issue these by 2026. However, phishing,

privacy and security risks raise doubts as to whether

people's personal data will be safe in this new format.

According to Nick France, CTO of identity management

firm Sectigo: "Digital wallets expose a treasure trove

of financial data, if not secured properly. Lost phones

with weak PINs, malware, social engineering scams and

even seemingly secure biometric authentication can be

compromised with sophisticated spoofing techniques.

To truly unlock the potential of these payment methods,

a multi-pronged approach is necessary."

Nick France, Sectigo.

THREAT DETECTION SUPERCHARGED

Logpoint has entered into a new strategic

partnership with Icelandic Managed

Security Service Provider (MSSP) Netheimur,

with the stated aim of helping Icelandic

organisations across the public and private

sectors better detect cyber-attacks.

Netheimur will offer Logpoint SIEM,

enabling the MSSP to "offer a threat

detection platform that gives customers

a simple way to monitor their on-premise,

SaaS and cloud environments, and gain

system visibility". Logpoint SIEM collects and

analyses complex log and event data from

the infrastructure to detect incidents and

meet compliance requirements.

"Netheimur has a strong focus on enabling

their customers through tailored solutions

and support, which aligns closely with

our ambition of making our customers as

successful as possible in detecting threats,"

says Fredrik Jubran, regional manager for

MSSPs at Logpoint.

"Together, we can give Icelandic organisations

a solution that combines solid SIEM

technology with Netheimur's expertise to

help them stay safe in the current threat

and geopolitical landscape."

BAN ON RANSOMWARE PAYOUTS LOOMS

Plans are being discussed to make ransomware

payments illegal for UK national infrastructure

companies and services under new proposals from

the Home Office to tackle cyber-attacks.

Schools, NHS and councils may be banned from

giving into threats from cyber criminals holding their

data hostage. Reporting the ransomware attacks will

also become mandatory, if this law comes into force.

Spencer Starkey, SonicWall.

"Ensuring the cybersecurity of critical national

infrastructure requires a comprehensive and ongoing

effort," warns Spencer Starkey, executive VP of EMEA

at SonicWall. "The ramifications of an attack and ensuing outage on CNI can be

disastrous, and it's important to place the utmost amount of time, money and efforts

on securing them."

MULTI-FACETED STRATEGY A MUST

SolarWinds has released its 2024 State of ITSM Report, which analyses more than 2,000 ITSM

data systems and 60,000 points of anonymised and aggregated SolarWinds customer data.

Overall, the data asserts that organisations cannot streamline their ITSM operations by simply

adding more staff members. Instead, improving operations requires a multi-faceted strategy of

deploying additional effective methods, based on SolarWinds' findings, including:

Employ Automation rules: automation rules save 3 hours per ticket

Use Self-Service portals: leveraging a self-service portal can reduce resolution times by as

many as two hours per ticket

Implement Knowledge Base articles: organisations that implement knowledge base (KB)

articles resolve incidents an average of six hours faster than those that do not

Utilise service-level agreements: utilisation of service-level agreements (SLAs) resolves tickets

an average of two hours faster.

8


Layers aren’t just for cakes; they’re

essential in cybersecurity’s secret

recipe for protection!

Bake it happen with VIPRE Security Group. Secure your

bytes before you take a bite with Email Security, Endpoint

Security and User Protection

www.vipre.com

AI

RED ALERT!!!

AI IS EVOLVING QUICKLY - STAYING AHEAD OF EMERGING THREATS

WILL REQUIRE "A COLLABORATIVE EFFORT FROM ALL STAKEHOLDERS"

Russia and other adversaries of the UK

are trying to use artificial intelligence

to enhance cyber-attacks against the

nation's infrastructure. According to Cabinet

Minister Pat McFadden, there is a danger that

artificial intelligence "could be weaponised

against us," he warned a Nato conference

in London recently, arguing that the UK

is already engaged in the "daily reality" of

a cyberwar, with hacking efforts coming in

particular from Russia.

In response, a research programme has

been created, the Laboratory for AI Security

Research (LASR), to keep on top of emerging

threats. But is that enough? What else could

and should be done to ward off Russian

aggression? And what might be the

consequences for UK businesses, if we fail

to protect ourselves adequately?

At the same time, GenAI is reshaping

phishing, enabling attackers to craft emails

that mimic human-like writing with eerie

precision, it is stated, with these AI phishing

and quishing emails evading traditional filters.

To counteract these risks, AI/ML-based

solutions can play a pivotal role. Technologies

like Natural Language Processing (NLP),

computer vision and social graph analysis

identify subtle inconsistencies in language,

logos and sender history. Might deploying AI

solutions to detect these types of phishing

attempts be the best way to minimise

exposure? If so, how should this be

managed? And what, if any, are the

alternatives?

What is evident about AI is that it will always

raise more questions than can be answered

satisfactorily. In fact, every question generates

several more questions, taking us into a

Pandora-type box where what is concealed

beneath the lid may well be the very answers

you don't want to escape into the outside.

On the plus side, as Sian John MBE, CTO

of global cybersecurity company NCC Group,

points out: "The UK Government's plans for AI

investment is an exciting and much-needed

next step in the country's journey toward

becoming a global leader in AI innovation."

However, as we embrace these advancements,

she warns that we must not overlook

the associated security risks that come with

them. "AI's growing role in areas such as

healthcare and education means that it

will handle vast amounts of sensitive data.

This data, if not adequately protected, will

become a prime target for cybercriminals.

"AI technology itself can even be leveraged

by attackers to create more convincing social

engineering attacks, posing significant risks to

both public and private sectors. While the

opportunities that AI presents are vast, we

must not underestimate the risks. As with any

new technology, advancements in AI come

hand in hand with new vulnera-bilities. It is

critical that we adopt a secure and

responsible approach to its deployment."

John continues: "Frameworks like the EU

AI Act provide a good foundation by categorising

applications by their risk factor for easy

assessment. But we must go further; the UK

needs its own specific regulations, security

framework and proactive security measures

to manage the rapid evolution of AI. The UK

must be resilient in the face of challenges

and, without these safeguards, we risk

jeopardising the very sectors we aim to

improve. Ensuring that users are equipped

to manage these risks is essential, and this

requires collaboration across government,

regulators and industry."

Cybersecurity must be at the forefront of

AI adoption, John says. "We need to develop

the right skills to keep pace with the rapid

advancements in AI technology. Expertise

in areas like AI model security, ethical

governance and regulatory enforcement will

be essential to protecting sensitive data and

systems. AI is evolving quickly, and staying

10


AI

ahead of emerging threats will require a

collaborative effort from all stakeholders."

BEYOND LIMITS

Kyle Hill, CTO of digital transformation

company ANS, sees the UK government's

plans to integrate AI into the public sector,

announced in January, as a vital step toward

positioning the UK as a global AI leader.

"Technological advancement is the cornerstone

of national resilience and AI holds

major potential to transform the day-to-day

roles of workers. For example, in the social

work sector, AI could revive operations by

automating the management of waiting lists

and scheduling crucial appointments. This

will save time for workers across the country,

allowing them to connect with their cases

and focus on making impactful changes."

At the same time, AI it must be approached

with a sense of healthy caution and adopted

responsibly. "While it provides huge benefits,

we need to adopt AI responsibly. One of the

biggest challenges lies in managing the data

that feeds AI systems. The data must be clean,

accurate and relevant; otherwise, flawed

outcomes could come about. Ensuring that

robust cloud and security measures are in

place is also essential. The success of AI

depends on having the right infrastructure

and safeguards to protect sensitive data, and

ensure long-term reliability and security."

At the same time, AI readiness is not just

about having the necessary technology in

place. "It also requires equipping people with

the right skills. Research shows that 35%

of UK businesses struggle with adopting AI

due to a lack of expertise. The widespread

adoption of AI will inevitably lead to the

creation of new jobs, but we must tackle the

skills gap by training workers to safely and

securely use these advanced technologies,"

states Hill. "Dream big, start small and, most

importantly, start now to ensure AI success."

He also points to how the US and EU are

increasing their investments in AI, but

cautions that, while it is important for the UK

to keep pace, we cannot afford to rush AI

development without addressing security

and ethical concerns. "Balancing innovation

with responsibility will ensure that the UK

establishes itself as a global leader in AI.

By investing in the right infrastructure and

focusing on responsible AI practices, we

can unlock the full potential of AI, driving

economic growth and improving public

services."

OVERBLOWN SPECULATION

When we're thinking about AI, it's really

important to take a step back, advises Neil

Roseman, CEO, Invicti. "There is so much

overblown speculation, 'wishcasting', doomsaying

and marketing hype around AI that it

is quite easy to believe that this technology

will either bring about the apocalypse or

deliver us to a near-future utopia. We all

need to calm down. Developments in AI are

exciting, but we're far behind the point that

many say we're barrelling towards, partially

evidenced by the continued mistakes and

errors that we regularly see.

"Current AIs and LLMs regularly hallucinate -

pumping out faulty answers and making

poor choices on the part of users. As we

now see on an almost daily basis, AI generated

news stories make key mistakes, leading

even organisations like the BBC to falsely

report that Rafael Nadal has come out as

gay," he points out.

That's partly because they're often trained

on, and use, imperfect data, adds Roseman.

"The internet is filled with false information

and bias. Many AIs and LLMs use that data,

so, from that point of view, it could be merely

repeating the poor information it finds.

"On top of that, AIs can often be maliciously

manipulated to produce false information.

Prompt Injection attacks allow users to alter

an AIs outputs by inputting a cunning series

of prompts. Threat actors are also actively

trying to get into the supply chain of data

Sian John, NCC Group: UK needs its own

specific regulations, security framework and

proactive security measures to manage AI.

Kyle Hill, ANS: sees the UK government's

plans to integrate AI into the public sector as

a vital step forward.

www.computingsecurity.co.uk @CSMagAndAwards Mar/Apr 2025 computing security

11

AI

Neil Roseman, Invicti: there's a basic

technology bias around AI, in which

we implicitly trust its judgements.

Camya Rose, BigID: AI hallucinations

occur when an AI system generates

incorrect, misleading or entirely

fabricated information.

and code that these AIs run on, turning their

powerful capabilities to nefarious ends. It's

not clear how we'll overcome these problems

either. AI models require huge amounts of

training data, which are often lacking in

quantity and, even worse, in quality; and

companies are now struggling to find

enough of it to adequately train their

models."

Perhaps the most pressing problem, says

Roseman, is that there's a basic technology

bias around AI, in which we implicitly trust

its judgements. "This will be particularly

important when it comes to the news,

a fundamentally important democratic

institution on which millions rely to make

basic decisions in their everyday lives. From

that point of view, we need to be able to

treat AI - and the products that employ it -

with due scepticism."

AI HALLUCINATIONS

Mistakes like the false report about Luke

Littler's darts victory (an AI-generated news

summary from Apple falsely claimed he’d

won the PDC World Championship, before

he even played in the final) might seem

harmless, states BigID's product manager

Camya Rose, but AI hallucinations are not just

a concern for media accuracy. "They also have

serious security implications. If an AI-driven

security tool misinterprets a cyber threat or

fails to detect one at all, it could open the

door to a major breach.

"AI hallucinations occur when an AI system

generates incorrect, misleading or entirely

fabricated information. While errors in news

summaries can be quickly corrected, AI

misjudgments in cybersecurity can have farreaching

consequences, including from failing

to detect security threats to incorrect risk

classification where AI might misinterpret

access requests and grant permissions to

an unauthorised user, exposing sensitive data

to insider threats or external attackers."

What causes these hallucinations? Several

factors, from the limitations in training data

where the AI models are trained on incomplete

or biased datasets, poorly defined

policies or conflicting rules in cybersecurity

systems can confuse AI decision-making

processes. "To mitigate AI hallucinations and

enhance security, organisations should adopt

proactive strategies that include security

teams to continuously retrain AI models with

up-to-date and diverse datasets," says Rose.

"This ensures that the AI is exposed to a wide

range of scenarios and information, helping it

to make more accurate and context-aware

decisions. Regular updates also reduce the

likelihood of the model relying on outdated

or biased information, which can contribute

to hallucinations."

Security leaders should also implement

thorough data validation checks before

feeding information into AI systems to ensure

that the input data is accurate, relevant and

of high quality, she adds. "This minimises the

chances of the AI making incorrect inferences

based on flawed or misleading data, which

can lead to hallucinations. Lastly, leaders need

to enforce stringent access controls and AI

data management policies to ensure that

AI systems only process high-quality and

relevant data. By restricting access to sensitive

or inappropriate data, organisations can prevent

AI models from generating hallucinations,

due to exposure to incorrect or irrelevant

information."

The missteps of AI in generating false news

stories highlight the larger challenge of AI

hallucinations across industries, particularly in

cybersecurity, Rose concludes. "While minor

inaccuracies in sports headlines are harmless,

similar hallucinations in security settings could

be catastrophic. By taking proactive steps

today, businesses can harness AI's power

responsibly, making it a true winner, rather

than a potential security risk."

LEGACY HEADACHES

As businesses invest heavily in AI technologies

and initiatives, CIOs face a critical challenge:

12


AI

legacy network infrastructure. These outdated

systems are becoming a major obstacle for

AI deployment, threatening to derail digital

transformation efforts and, most importantly,

impact ROI, warns said Jawaid Iqbal, head

of pre-sales & solutions at VCG, a provider of

network transformation services. "Managing

and securing dispersed multi-cloud infrastructures

is a complex challenge and AI is

playing an increasingly critical role in addressing

it," says Iqbal. "By utilising AI, businesses

can achieve higher performance, robust

security and operational efficiency - which

is essential in harnessing the full potential

of both AI and multi-cloud technologies."

However, a stark reality remains: many

organisations are unprepared to reap the

benefits. Without modernised networks,

the promise of AI often goes unfulfilled.

According to Cisco's 2024 AI-Readiness Index,

while 98% of businesses are accelerating AI

deployment timelines, 79% lack the network

and GPU infrastructure necessary for largescale

AI operations. Furthermore, 51%

of IT leaders have identified infrastructure

modernisation as their top priority to facilitate

AI success. Admiral, a FTSE100 insurance

provider, for example, realised it was time to

upgrade its network after experiencing many

roadblocks due to its limitations.

"Our ageing network was limiting our ability

to fully embrace multi-cloud environments

and the latest technology," comments Chris

Bevan, head of platform services at Admiral.

"Security and performance issues were making

it increasingly difficult to support our hybrid

workforce. Maintaining and securing our

legacy infrastructure consumed far too much

of our IT team's focus, which left little time

for exploring opportunities that AI and

automation could bring." VCG lays claim

to addressing this infrastructure gap with

scalable, secure network solutions designed

for AI workloads and multi-cloud

environments.

For businesses adopting AI within multicloud

environments, the challenge extends

somedistance beyond performance itself.

Security and compliance have become equally

critical. As sensitive data moves across distributed

systems, maintaining robust protection

while encouraging innovation is a growing

concern for CIOs.

Explains Elliot Sandall, principal architect at

VCG: "Modern AI applications require a

fundamentally different approach to network

security. We're helping IT leaders implement

zero-trust architectures that maintain strict

compliance, while facilitating AI innovation

across distributed cloud environments."

To stay competitive and secure, organisations

must integrate advanced security

measures tailored to multi-cloud environments,

according to Sandall. These include

DNS-layer security to block malicious

domains, secure web gateways to filter out

malware and cloud-based firewall solutions

that eliminate the need for on-premises

hardware. "Cloud Access Security Brokers

(CASB) provide visibility and control over

sensitive data, while Zero Trust Network

Access (ZTNA) ensures secure, identity-based

access to applications," he points out.

Despite the clear advantages of modernising

their networks, many businesses slam the

brakes on transformation, once they are

faced with the upfront costs, disruption

to operations and the complexity involved in

transitioning from legacy systems. "However,

as Admiral discovered, the rewards of

upgrading far outweigh the challenges."

SEEK AND YE SHALL FIND

The AI breakthrough of Chinese artificial intelligence startup DeepSeek has exposed the limits of Trump's tariffs, challenging

Washington's ability to restrain China's technological rise, says Nigel Green, CEO of global financial advisory and asset

management organisation deVere Group.

The Chinese fledgling has developed a cost-effective AI model that operates on less-advanced chips, proving that innovation

can outmanoeuvre trade restrictions. For years, the Trump administration deployed tariffs as a tool to curb Beijing's progress

and protect US dominance, particularly in key industries like semiconductors and AI. DeepSeek's success suggests that strategy

is losing its edge.

"This is a wake-up call for markets," states Green. "The assumption that tariffs could contain China's technological ambitions is

being dismantled in real time. DeepSeek's breakthrough is proof that innovation will always find a way forward, regardless of

economic barriers.

"By restricting China's access to high-end semiconductors, Washington sought to slow its progress in AI. Instead of this,

he argues, it has fuelled an acceleration in domestic innovation, forcing Chinese firms to find alternatives - and that DeepSeek's

achievement is a direct result of this shift.


13

industry insights

HAVING A BLAST!

AI HAS ALREADY RESHAPED THE CYBERSECURITY LANDSCAPE AND THIS

WILL ONLY ACCELERATE AS WE MOVE THROUGH THE REST OF 2025

It's reached that point where the New Year

predictions we made just a few months

ago regarding our industry's likely future are

coming back to haunt many of us. Hopefully,

they will mostly be forgotten and already a

distant memory; or, best-case/worst-case

scenario, already on the way to being fulfilled.

With that in mind, Computing Security has

been asking for feedback on how 2025 has

been 'progressing' so far and, based on this,

some reasonable assumptions about how the

rest of the year might pan out.

We asked Chrystal Taylor, evangelist &

product marketing manager at SolarWinds,

the following question: "What emerging

technologies do you see gaining the most

traction in IT over the next year?", to which

she responded very clearly: "AI and machine

learning are becoming essential tools in IT,

helping teams connect the dots between

systems and data. Whether it's automating

correlation, supporting root cause analysis

or indeed spotting seasonal anomalies, AI is

taking on the heavy lifting that used to be

manual. It's not perfect, but it's making a big

difference in how quickly and effectively we

can solve problems.

"We're also seeing AI integrate more deeply

into tools like monitoring, observability and

incident response systems. For example, it

can pull data from observability solutions

and generate clear, concise summaries for

technicians, saving them the time of sifting

through raw data. Generative AI is also

helping draft responses and even forecast

capacity needs, like predicting when storage

will run low, which keeps everything running

smoothly.

"Of course, with all this excitement, there's

still a learning curve. Like any new tech-think

back to assembly lines-it's about adapting and

evolving your skillset. The people who take

the time to understand AI and figure out how

to work with it will be the ones who thrive.

Prompt engineering is already becoming a hot

skill and, as AI keeps evolving, we'll need to

keep improving how we manage data and

handle new regulations.

"AI isn't taking over jobs - it's changing

them," Taylor insists. "And for those willing

to embrace the change, the opportunities

in 2025 are endless."

INNOVATION IS KEY

Qasim Bhatti, CEO of Meta1st, points to how

AI's dual-edged application proved to be

2024's most impactful development. "Threat

actors leveraged AI to automate and refine

their strategies, enabling more sophisticated

attacks, such as AI-driven phishing campaigns,

adaptive malware and the use of

deepfake technology," he says. "These

advancements have not only increased the

scale of threats, but have also challenged

defenders to innovate rapidly to keep pace."

As the industry adapted, AI-driven defensive

mechanisms are now indispensable for

combating these evolving risks. The response

demonstrated the critical importance of

innovation in maintaining robust cybersecurity,

but it also highlighted the pressing

need for organisations to stay ahead of

adversaries that continue to evolve their

tactics. Bhatti anticipates several pivotal

developments across 2025. The further

maturation of AI technologies is expected

to amplify both cyber threats and defensive

capabilities, with organisations adopting

increasingly sophisticated solutions to

safeguard their digital assets. State-sponsored

cyber activities are also likely to escalate,

he predicts, targeting critical infrastructure

and sensitive data.

These attacks are already heightening

geopolitical tensions and driving international

collaboration on cybersecurity policies. And

the emergence of quantum computing as

a practical technology is set to disrupt the

industry. He notes that organisations must

begin preparing for this shift by implementing

quantum-resistant cryptographic solutions to

secure their data.

"Cybersecurity strategies are evolving rapidly,"

Bhatti explains. "Zero-trust architecture, AIenhanced

threat detection and a growing

focus on regulatory compliance will define

how organisations build resilience against

sophisticated attacks. At the same time,

traditional models, like perimeter-based

security and manual threat response

processes, will become obsolete, replaced

by more dynamic, automated approaches."

14


industry insights

He also highlights a surprising trend on the

horizon: the convergence of cybersecurity and

physical security measures. He believes that,

as IoT devices and smart infrastructure

become ever more pervasive, organisations

will increasingly adopt unified strategies to

address both digital and physical risks. "The

interconnected nature of these systems

demands an integrated approach and this

will be a game-changer in how organisations

think about security."

Sustainability is another area where he sees

transformation, with the cybersecurity sector

expected to prioritise environmentally friendly

practices, such as energy-efficient data centres

and green computing, as part of a broader

commitment to sustainability. "Sustainability

is becoming a core focus, not just as a corporate

value, but as an operational necessity,"

Bhatti remarks.

AI has fundamentally reshaped the cybersecurity

landscape, serving as both a powerful

tool for defenders and a significant weapon

for adversaries. He emphasises how the

remainder of 2025 will bring a wealth of new

challenges and opportunities as the industry

adapts to technological advancements,

regulatory changes and also to the growing

importance of sustainability.

SUPPLY AND DEMAND

Patrick Spencer, VP of corporate marketing

and research at Kiteworks, sees the cybersecurity

landscape in 2025 characterised by

a rapid escalation in the complexity and

frequency of threats, coupled with increasingly

stringent regulatory requirements. He says:

"Sophisticated attacks targeting supply chains,

the widespread misuse of artificial intelligence

and the global surge in data privacy regulations

are among the top concerns for organisations.

75% of the world's population will

have their personal data protected under

privacy laws in 2025, underscoring the

urgency for businesses to implement robust,

compliant data management strategies to

mitigate risks and safeguard operations."

There will be several pivotal cybersecurity

and compliance trends shaping the rest of

the year ahead, he adds, emphasising the

convergence of data privacy, compliance and

technology-driven security measures. "From

the transformative impact of AI in both

offensive and defensive cyber tactics, to the

critical vulnerabilities inherent in third-party

partnerships and supply chains, organisations

must proactively address these developments

to stay ahead of adversaries."

HYPERGRAPH UPSURGE

Christian Have, CTO, Logpoint, believes

hypergraphs will become a powerful way to

make sense of detections and validate alerts.

"This will be the year of hypergraphs and

graphs in general. Using hypergraphs in

a security detection context enables security

analysts to connect disparate detections

that share an observable, such as a user,

transaction-ID or CTI that points to the same

malware group. Hypergraphs can use various

parameters to combine this information,

enabling visual presentation and, more

importantly, the analysis and correlation of

events."

We're seeing that attackers are increasingly

living off the land of binaries and scripts

(LOLBAS), which essentially translates to using

the tools and functionality of the victim

operating system to further the attack, he

comments. "These behaviours are difficult to

determine as malicious, but being seen in a

larger context via graphs makes it possible,"

adds Have. "Multiple disparate events can

be correlated into a single incident object.

Making sense of all the influx of detections

generated will require the security analyst to

think differently about correlating, connecting

and analysing this data. Graphs are an

incredibly powerful way of doing that."

We're now entering,he states, the "trough

of disillusionment" for AI within Cyber, with

many questioning if it has any real application

in the Security Operations Centre (SOC)

outside of helping write a summary of the

Chrystal Taylor, SolarWinds: those who take

the time to understand AI and figure out

how to work with it will be the ones who

thrive.

Qasim Bhatti, Meta1st: organisations must

begin implementing quantum-resistant

cryptographic solutions to secure their data.


15

industry insights

Patrick Spencer, Kiteworks: foresees

a rapid escalation in the complexity

and frequency of threats, coupled

with increasingly stringent regulatory

requirements.

Christian Have, Logpoint: hypergraphs

will become a powerful way to make

sense of detections and validate alerts.

attack, he adds. "However, AI is much more

than just large language models [LLMs]. AI

will [once again] be regarded as an umbrella

term for learning algorithms, agents, graphs

and many other approaches that can all see

their application in the SOC, as per the

definition of Gartner.

"Instead of following the marketing hype,

CISOs need to look at the foundational

problems of the SOC," argues Have.

"Breaches are still happening, despite using

30-40 tools in the average business and high

alert volumes. Part of the problem is that

there is a dashboard for every one of those

tools, all vying for our attention. As organisations

struggle to rise beyond the security

poverty line, SOARs have failed to fuse

signals and automate the investigation.

Graphs will help resolve this issue by constructing

meaningful relationships, from a

security perspective. They will provide data

of sufficient quality to allow LLMs and

generative AI to make sense of, and turn,

that data into meaningful information."

DOUBLING UP ON DEEP FAKES

As we look ahead, Britain's National Crime

Agency director Alex Murray has warned that

the amount of deepfake images produced is

"doubling every six months". This alarming

statistic will continue to prove to be a major

issue, especially in regard to personal

information leakage and hacks. As Nick

France, CTO of Sectigo, comments: "People

don't realise how far along AI deep fake

technology has come and how democratised

the technology is. AI is being increasingly

used by bad actors to produce convincing

deep fakes to bypass voice recognition.

"As passwords are used less and less,

biometrics have risen as a trusted form of

identity validation. It makes sense. But, as

deepfakes become more common, some

biometric authentication methods may be

rendered useless. Voice authentication may

still be considered as a valuable data point,

but it may no longer be significant."

With businesses quickly adopting generative

AI capabilities, we are sprinting to a loss

of confidentiality, making it difficult to put

the AI genie back in the bottle, France adds.

"Businesses must be careful of the long-term

implications of AI. One of the best solutions

that can evade the potential of phishing with

AI deep fakes is PKI-based authentication. PKI

does not rely on biometric data that can be

spoofed or faked, by using public and private

keys, PKI ensures a high level of security that

can withstand tomorrow's threats."

GHOSTLY GOINGS-ON

Benjamin Barrier, co-founder and chief

strategy officer at DataDome, says the rise

of cyber 'ghost' bots will spark a high-stakes

cat-and-mouse game. "The cyber arms race

between bot developers and defenders will

escalate as cybercriminals increasingly deploy

'anti-detectable' bots with advanced evasion

tactics. DataDome's Advanced Threat Research

found that fewer than 5% of businesses

can adequately protect themselves and their

customers from these ghost bots.

"Bot developers are using anti-fingerprinting

headless browsers, a new tool that makes

detection much more challenging," explains

Barrier. "For example, this year Chrome's

Headless mode was updated to achieve a

near-perfect browser fingerprint, making

these automated sessions nearly indistinguishable

from real user sessions. In response,

bot mitigation teams turned to CDP [Chrome

DevTools Protocol] detection as a countermeasure,

but bot creators quickly adapted,

incorporating anti-CDP detection techniques

and advanced anti-detect frameworks to

evade these defences.

"These anti-detect browsers excel at

randomising fingerprints, enabling bots to

bypass basic security checks. Defenders will

need to proactively stay ahead of these

advancements, constantly adapting to

anticipate the next wave of bot attacks and

maintain robust protection against

increasingly stealthy bot traffic," he warns.

16


business communications

SPREADING THE MESSAGE

YEO MESSAGING HAS LAUNCHED YEO FOR BUSINESS, DESCRIBED AS A SECURE INVITE-ONLY MESSAGING

PLATFORM OFFERING END-TO-END ENCRYPTION, CONTINUOUS USER AUTHENTICATION AND GEOFENCING

TO PROTECT BUSINESS COMMUNICATIONS

With cyber threats now reaching an

all-time high, businesses, especially

those within regulated industries,

are under immense pressure to secure

communications, while staying compliant.

YEO Messaging, a British tech innovator, says

it is "redefining business communications"

with the launch of its YEO for Business

platform. "It is the first platform to combine

end-to-end encryption with continuous user

authentication, geofencing and crisis

resilience," states the company.

Developed amidst a sharp rise in data

breach risks, YEO For Business responds to

the threats outlined in GCHQ's latest National

Cyber Security Centre report. The report

highlights a 16% surge in cyber breaches

and a threefold increase in severe attacks

on critical sectors like healthcare. As a result,

YEO's platform has been designed from the

ground up to protect sensitive data.

"YEO for Business offers complete control

over data sovereignty without fear of thirdparty

interference, enabling businesses to

dictate who, where and how communications

occur," states YEO Messaging. To

simplify compliance and auditability, the

platform's admin panel provides businesses

with an easy way to trace all communications,

empowering businesses from SMEs to highly

regulated industries such as healthcare,

finance and defence to communicate

securely, knowing an audit trail is always at

their fingertips. In 2024, the global average

cost of a data breach was USD 4.88M, a

10% increase over the previous year. "YEO

Messaging for Business eliminates these risks

with its end-to-end encryption and real-time

authentication."

Right at its core, YEO Messaging's platform

integrates cutting-edge patented technology

to ensure real-time, authenticated communications.

Indeed, YEO Messaging is end-toend

encrypted for total surety. "Our mission

has always been to set new standards for

digital privacy," says Alan Jones, co-founder

and CEO of YEO Messaging. "With the

launch of our private, secure communication

platform designed for Business, we're offering

a solution that secures your data and

gives you total control. YEO for Business isn't

just another messaging platform; it's a secure

ecosystem that helps businesses navigate

modern compliance demands, while protecting

their most valuable assets - their people

and their data."

YEO Messaging for Business's key features

include the following benefits:

Continuous Facial Recognition: Real-time

AI-powered authentication ensures that

only authorised users can view messages

sent to them

End-to-End Encryption: Secure messaging

from sender to recipient, with robust

encryption protocols

Burn After Read Messages: Self-destructing

messages, leaving no data traces

behind

Geofencing: Allows users to control

access to messages based on location,

making the platform ideal for industries

such as finance and healthcare

Invite-Only Access: Ensure only authorised

users join the platform

Complete User Management: Admins can

add, edit, suspend or remove users

instantly.

CMO and co-founder of YEO Messaging,

Sarah Bone comments: "YEO's Secure

Messaging for Business is more than a

technological advance; it's a strategic move

towards building trust and giving businesses

the foundation to take control of their

communication strategy. With this level

of verification and control, businesses can

now decisively meet existing and emerging

governance requirements with confidence

and ease."


17

risk management

IGNORE ALL THE WARNINGS …

… AND YOU WILL PAY THE PRICE

WHY WOULD ORGANISATIONS LEAVE THEMSELVES OPEN TO THE ULTRA SOPHISTICATED ATTACKS THAT

CONSTANTLY THREATEN THEIR BUSINESSES? THE ANSWER IS COMPLEX AND OFTEN SELF-CONTRADICTORY

Risk management - not at all surprisingly

- involves identifying risks. That means

assessing those risks for impact and the

likelihood of occurring - and then perhaps the

ability to recover - and developing management

strategies, grounded on one of the four

basic approaches (mitigate, eliminate, transfer

or accept). Organisations also understand

that things change over time, so they need

to review those risks on a regular basis.

Question: are all of the above happening

across most organisations? Do they typically

measure risk to their operations and take all

the necessary steps to prevent/eliminate

them? If not, why would they actually leave

themselves open to the kind of attacks that

are rapidly being scaled up and growing ever

more sophisticated?

THE BIGGER YOU ARE…

Businesses with revenues exceeding $50

million (£40.5m) are 2.5x more likely to face

cyber incidents - that's according to a new

Cyber Roundup Report published by Cowbell,

a provider of cyber insurance for small and

medium-sized enterprises (SMEs) and middlemarket

businesses.

Drawing on a three-year data set from more

than 46 million SMEs across the US, UK and

Japan, Cowbell's new report spotlights the

frequency of attacks among larger organisations.

The report also sheds light on the

heightened vulnerability of smaller SMEs, due

to limited cybersecurity resources, and the

escalating threat of supply chain attacks and

industry-specific cyber exposure.

Between 2021 and 2023, the volume of

supply chain attacks grew more than five

times (431%), according to the report, with

further growth projected by 2025. "These

attacks are effective, because they exploit the

trust between interconnected organisations

and their vendors or suppliers, and can

potentially compromise multiple entities

through a single breach," states Cowbell.

The dramatic rise in supply chain attacks can

be attributed to several factors, it says:

Increased digitisation and interconnectivity

of business operations

Growing complexity of supply chains,

making them harder to secure

The potential for high-value targets

through a single point of entry

The challenge of maintaining visibility and

control over third-party security practices.

"This trend highlights the need for robust

third-party risk management," adds Cowbell.

According to the analysis, the manufacturing

sector emerges as the most vulnerable to

cyber threats, with risk scores 11.7% below

the global average. This elevated risk is

manifested in both the frequency and severity

of cyber incidents, with manufacturers facing

claims that are not only 1.6 times more

frequent, but also 1.2 times more severe,

compared to the average across all sectors.

Key factors contributing to this heightened

risk identified in the report include:

The sector's heavy reliance on automation

and interconnected devices (Internet of

Things)

Presence of legacy systems and bespoke

software that may lack modern security

features

High sensitivity of data, including

intellectual property and design plans

Increasing digitisation of manufacturing

processes without corresponding security

18


risk management

measures

Complex supply chains that introduce

potential points of vulnerability.

"The combination of these factors creates a

perfect storm of cyber risk for manufacturing

companies, making them attractive targets for

cybercriminals seeking to exploit valuable

intellectual property or disrupt critical

operations."

INTRICATE GALAXY

To state the obvious, says Aleksi Helakari,

head of technical office, EMEA, Spirent,

"Enterprise Technology is getting more

complex. As we enjoy all the benefits of rapid

digital transformation, we also need to

understand those benefits as a product of an

intricate galaxy of stakeholders, actors and

services working together to deliver them".

This is a particularly modern problem, points

out Helakari, on account of to the levels of

interconnection that modern enterprise

networks and digital transformation require

as a baseline. "Enterprise networks are no

longer 'castles and moats' where access and

connection can be tightly controlled by a

central IT team. The enterprise network of

today is wide open to - and relies on - third

parties through the use of technologies like

the Cloud. That openness is the foundation

for incredible innovation in recent decades;

and it's also a huge source of risk."

Those risks can emanate anywhere throughout

the long software supply chains that

characterise modern IT - a chain along which

any of the myriad links and moving parts

can act as single points of failure. "Last year,

a technology failure paralysed 8.5 million

systems with a faulty update to CrowdStrike

software. Estimates judge that financial fallout

from this simple technology failure cost the

global economy tens of billions. That was

merely the product of a failure, but malicious

attacks are increasingly common on the

software supply chain. In only the last few

years, we've seen software providers become

active targets. In cases such as the SolarWinds

attack, thousands of enterprise and government

customers were compromised, due to

malicious code inserted into SolarWinds'

Orion IT management software."

Wherever the risk may riginate from,

responsibility ultimately redounds to the

individual organisations that might be

affected by such an event. "Myriad

regulations, including NIS2 and DORA,

mandate that compliance means accounting

for the risks of their third-party providers, or

risk being deemed non-compliant and thus

subject to the various penalties and

restrictions therein," Helakari points out.

"As such, companies need to anticipate the

multivariate risks that will threaten them

within the supply chain. That will begin with

testing - under granular, specific and realistic

conditions - the various components that

make up an organisation's infrastructure. To

manage third-party risk, that may involve

vulnerability scanning and penetration testing

to offer an outside-in view of how that thirdparty

risk might be exploited. On top of that,

testing should also be deployed against the

various standards and regulations that an

organisation will be expected to comply with,

as regards that third-party risk."

THREATS LIE EVERYWHERE

In an era where data moves constantly

between employees, partners and systems,

organisations must fundamentally reimagine

their approach to third-party risk management

through a comprehensive, multi-layered

strategy, advises John Lynch, director,

Kiteworks. "Traditional security approaches

focusing solely on the network perimeter are

no longer sufficient. Every data access now

represents a potential risk, whether from

external threats or internal users."

The foundation of modern vendor risk

management rests on implementing zerotrust

data exchange principles, where no

entity - internal or external - is automatically

Aleksi Helakari, Spirent: companies need to

anticipate the multivariate risks that will

threaten them within the supply chain.

John Lynch, Kiteworks: Traditional security

approaches focusing solely on the network

perimeter are no longer sufficient.


19

risk management

Jon Fielding, Apricorn: many organisations

are still failing to prioritise effective

data backup strategies and appropriate

insurance coverage.

trusted. "This means moving beyond

perimeter-focused security to data-centric

protection, where every access request

undergoes rigorous authentication, authorisation

and encryption before access is

granted. Through continuous verification,

least privilege access and complete visibility,

organisations can ensure every interaction

with sensitive data is properly validated and

audited," he states.

Beyond zero-trust architecture, organisations

need to fortify their security posture through

hardened security measures. "This means

deploying multiple protective layers, including

advanced firewalls, sophisticated intrusion

detection systems and double encryption at

both file and disk levels," says Lynch. "These

overlapping security measures create a

formidable barrier against potential threats,

while comprehensive audit trails ensure

organisations can prove their data is always

protected and compliant."

Next-generation digital rights management

(DRM) technology represents another crucial

component, enabling organisations to

maintain granular control over their digital

assets through attribute-based access controls

and dynamic, context-aware permissions.

"Such control is essential when sharing

sensitive data with third-party vendors,

ensuring that critical information remains

protected, even when it leaves the organisation's

immediate sphere of control."

However, technology alone is not sufficient,

he cautions. "Advanced governance must

form the backbone of any effective third-party

risk management strategy. This involves

establishing comprehensive policies and

procedures for vendor relationships, coupled

with regular security audits and assessments.

These governance frameworks ensure

consistent monitoring and risk evaluation

across all vendor relationships, helping

organisations maintain visibility and control

over their extended digital ecosystem."

The stakes for getting this wrong are

extraordinarily high. "Beyond the immediate

financial impact of a breach, organisations

face potentially devastating reputational

damage and legal consequences," adds Lynch.

"Organisations must move beyond traditional

trust-based data access to a model where

trust is never assumed, and every interaction

is verified, monitored and controlled."

DISREGARD FOR INSURANCE

Findings from Apricorn's annual survey and

FoI (Freedom of Information) requests have

revealed a concerning disregard for cyber

insurance across both public and private

sectors. Despite the escalating risks of

ransomware, phishing and insider threats,

many organisations, including government

entities, remain unprepared for cyber

incidents, with inadequate backup strategies

and a lack of cyber insurance coverage.

Cyber insurance offers a vital layer of

protection in the wake of a breach, says

Apricorn, yet there is a persistent lack of

understanding and investment, particularly in

the public sector. In a series of FoI requests

made to 41 UK local councils and government

departments, only two questioned had a

cyber insurance policy in place: Flintshire

County Council, which adopted its policy in

October 2022, and London Councils, whose

policy covers the period 2021 to 2024.

Additionally, only two others - Ards and

North Down Borough Council and Greater

Manchester Combined Authority (GMCA) -

mentioned plans to invest in such policies

within the next year. This leaves the vast

majority of local authorities without sufficient

cyber coverage, despite the high stakes.

Comments Jon Fielding, managing director

EMEA at Apricorn: "Local councils and

government departments are responsible for

large amounts of sensitive data and should

lead by example by adopting stronger cyber

insurance policies and more robust data

protection measures."

The lack of government uptake contrasts

with the private sector's recognition of the

growing need for insurance. According to

findings from Apricorn's 2024 research, 78%

of IT security decision makers surveyed

confirmed they have cyber insurance in place.

Yet it would seem that their trust in the

insurance cover is not in line with its adoption

rates, with just 28% stating they have cyber

insurance in place and trust that they will be

covered in the event of a breach.

"Data breaches not only pose a financial

threat, but can severely disrupt operations. Yet

our research shows that many organisations

are still failing to prioritise effective data

backup strategies and appropriate insurance

coverage," adds Fielding. "Ransomware

and phishing attacks are only increasing in

frequency and sophistication. Organisations

need to ensure that they have a robust multilayered

approach to backups and security

measures to recover swiftly from such

incidents," he advises.

20


network security

THE END GAME

ORGANISATIONS ARE DEPENDENT ON THEIR NETWORKS TO MAINTAIN PRODUCTIVITY.

MITIGATING RISK IS ABOUT ADOPTING A PROACTIVE NETWORK SECURITY STRATEGY

Organisations depend on their

networks to maintain connectivity

and productivity. Any network

issue can lead to substantial interruptions

in their workflow, harming their

business reputation and the ability to

serve their customers well. How can

organisations proactively detect and

resolve network problems before they

become major business disruptions?

Getting this right will ultimately improve

their clients' uptime and build upon their

reputations as trusted advisors.

According to Victoria Dimmick, CEO

of Titania, any disruption, whether it

comes from cyber threats, misconfigurations

or software update failures,

can result in catastrophic operational,

financial and reputational consequences.

PROACTIVE STRATEGY

"To mitigate these risks, businesses must

adopt a proactive network security

strategy focused on readiness, resilience

and recoverability, underpinned by

effective network segmentation, which,

in turn, aligns with new regulatory

mandates such as CORA, DORA, and

NIS 2," she points out.

Segmentation can mean the difference

between a minor incident and a major

outage. Identifying and isolating critical

systems and data from enterprise IT,

using least-privilege access, is a crucial

first step. "Success requires rigorous

configuration of routers, switches and

firewalls to prevent lateral movement,

containerise threats and avoid networkwide

failures, like the CrowdStrike

incident."

Clients cannot respond to network

disruptions - innocent mistakes, nor

nefarious activity - without full visibility

into their network architecture,

configurations and activity. "Help them

by implementing solutions to establish

configuration baselines, and then

proactively monitor configuration changes

to differentiate between planned,

unplanned and unauthorised changes,"

advises Dimmick. "This will ensure visibility

of anomalies and potential indicators of

compromise that require investigation,

including macro segmentation violations

(IPs, Ports and Users)."

Armed with an accurate, real-time view

of network vulnerabilities, clients can

overlay this with their threat intelligence

to understand their network exposure to

industry-specific attack tactics, techniques

and procedures. "This is essential for

informing workflows to address their

most critical risks, first. Combined with

network segmentation data to further

hone remediation prioritization, this

approach helps clients enhance their risk

management strategy to minimise

preventable disruptions."

In order to achieve readiness and

resilience, accurate and up-to-date

configuration repositories (eg, CMDBs)

are essential. "Implementing the

technology needed to automate

repository updates for your client also

delivers a whole host of operational

benefit that can be leveraged." This,

she states, includes the following:

Swift rollback and disaster recovery,

using the CMDB as the 'source of truth'

Root cause analysis, identifying

Victoria Dimmick, Titania.

configuration changes behind

incidents

Pre-production change testing,

minimising live environment

disruptions

Post-change validation, to ensure new

configurations enforce a secure state.

LAYERED PROTECTION

Network security is not just about

strengthening defenses against threats;

it's about proactively protecting

connectivity and productivity.

"By implementing network segmentation,

visibility, risk-based prioritisation

and automated configuration management,

organisations can quickly detect

network problems of all kinds, reduce

their risk to the business, improve uptime

and strengthen security posture," states

Titania’s CEO.


21

email protection

MAIL-STORM

EFFECTIVE EMAIL SECURITY DEMANDS THE SELECTION OF THE

CORRECT PRODUCTS, WITH THE RELEVANT CAPABILITIES AND

CONFIGURATIONS, WHILE ALSO HAVING THE RIGHT OPERATIONAL

PROCEDURES IN PLACE. IT'S COMPLEX, BUT ESSENTIAL

Email security encompasses the

prediction, prevention, detection and

response solutions used to provide

attack protection and access protection.

Email security spans gateways, email systems,

user behaviour, content security, along with

the various supporting processes, services and

adjacent security architecture. Effective email

security requires not only the selection of the

correct products, with the relevant capabilities

and configurations, but also having the right

operational procedures in place. "Email systems

are an organisation's primary communication

tool, containing large volumes of highly

sensitive information," says David Spillane,

systems engineering director at Fortinet. "This

makes them a prime target for cyber-attacks."

In Fortinet's 2024 State of Operational

Technology and Cybersecurity Report,

phishing emails were identified as now being

one of the most common forms of intrusion

for businesses. Nearly one-third (31%) of

respondents reported 6-plus intrusions,

compared to only 11% in the previous year.

"In particular, organisations with advanced

maturity levels reported high intrusions for

this cycle," states the company report. "All

intrusion types increased, compared to the

previous year, except for a decline seen in

malware. Phishing and compromised business

email intrusions were the most common

types, while the most common techniques

used were mobile security breaches and web

compromise."

Another clear sign of increasing maturity

comes from steady growth in organisations

that have already rolled OT security under a

CISO, from only 10% in 2022 to 17% in 2023

to 27% in 2024. However, there was a reversal

of the trend with organisations that were not

planning to move OT security under the CISO

in the next 12 months, which went from 11%

in 2022 down to 4% in 2023, but back up to

12% in 2024. The latest findings also show

the ultimate responsibility for OT cybersecurity

is moving away from the OT director of cybersecurity,

in favour of a VP/director of networking

engineering/ operations role. This elevation

into the executive ranks may suggest that OT

security is becoming a higher-profile topic at

the board level, comments Fortinet.

Fortinet's David Spillane adds: "Regardless of

attack type, the consequences for affected

organisations can be severe, including loss

of employee and company data, damage

to reputation and widespread operational

disruption. Getting email security right today

is crucial for all companies - regardless of size

or industry."

The negative effects caused by an OT

intrusion were also said to be getting worse

across the board in all impact categories.

More than half of respondents (52%) saw

a steep increase in degradation of brand

awareness, up from only 34% in 2023. Loss

of business-critical data and productivity was

another notable trend [increasing from 34%

to 43% year-over-year].

"Implementing multi-factor authentication

makes it instantly more difficult for cyber

criminals to gain unauthorised access to email

accounts and the wider network, even if they

have the correct password," says Spillane.

"Regularly updating and patching systems can

also help protect against threats, alongside

conducting regular cybersecurity training for

employees. Ensuring staff can spot the signs

of a phishing email or malicious attempt and

know to report it to their IT team is also key.

Finally, developing a clear response strategy

in the event of an attack is vital, and should

include steps for containment, threat mitigation

and elimination - alongside clear

communications to all affected parties."

He feels Artificial intelligence (AI) can also

enhance email security by improving the

detection of, and response to, threats.

"Algorithms trained to identify unusual

patterns and anomalies in email data make it

easier to detect potential threats such as zeroday

attacks now. The technology can quickly

neutralise threats before they begin targeting

the wider organisation, too, allowing

businesses to adopt a proactive approach

towards network protection. Beyond email

protection, AI is also improving the security

of work-placed apps where sensitive data

is frequently shared and stored, as well

as helping to meet the evolving security

demands of hybrid working environments."

COHESIVE STRATEGY

Email security goes beyond deploying

individual tools, of course - it also requires

a "cohesive strategy encompassing prediction,

prevention, detection and response solutions,

all tailored to an organisation's specific needs",

states Dean Coclin, senior director, digital trust

specialist, DigiCert. "To get it right, organisations

must focus on both the technology

they use and the operational processes that

support it."

Recent findings that a massive 3.3 million

email servers lack encryption emphasise the

urgency for stronger email security measures,

he adds. "Just as the web adopted 100% TLS

22


email protection

encryption to secure online communications,

email systems must follow suit. Securing

POP/IMAP connections with TLS is not just

a recommendation - it's a baseline necessity.

Beyond this, implementing S/MIME [Secure/

Multipurpose Internet Mail Extensions] is

essential for adding authenticated identities

and strengthening the protection of email

communications. "Organisations should adopt

protocols like DMARC [Domain-based

Message Authentication, Reporting and

Conformance]," adds Coclin, "which helps

prevent domain spoofing and phishing.

Pairing DMARC with BIMI/VMC [Brand

Indicators for Message Identification/Verified

Mark Certificates] enhances trust by visibly

verifying email authenticity. S/MIME provides

additional layers of protection by ensuring the

integrity of email messages and encrypting

their contents."

However, selecting the right products is

only part of the equation, he continues.

"Configuring these tools correctly and

establishing robust operational procedures

are just as important. This includes regular

monitoring, staff training on phishing

awareness and periodic reviews of email

system configurations. By integrating email

security into a broader cybersecurity

framework, organisations can ensure that

their systems are resilient against evolving

threats."

Prioritising email security standards and

aligning them with an organisation's operational

needs creates a safer communication

environment for employees, partners and

customers," Coclin concludes. "Through

the adoption of these best practices and

technologies, organisations can build

a trusted email ecosystem that not only

prevents attacks, but also strengthens

overall security posture."

CONSTANT BATTLE

Zachary Travis, threat hunter II at Fortra,

describes email security as a constant battle

between evolving threats and the defences

designed to stop them. "Attackers are

continuously refining their techniques; to stay

ahead, organisations must take a multilayered

approach that balances AI-driven

automation with human expertise. This way,

they can ensure that security policies remain

dynamic and adaptive to emerging threats.

"Prediction and prevention begin with

staying current on threat actor behaviours. By

monitoring phishing infrastructure, tracking

newly registered domains and analysing dark

web discussions, organisations can anticipate

attack patterns before they materialise. AI

excels at processing large datasets, identifying

anomalies and flagging potential threats at

scale. However, human analysts are essential

for contextual interpretation, distinguishing

between a legitimate domain registration and

an adversary preparing an attack, or recognising

emerging social engineering tactics that

fall outside existing detection models. Security

teams that integrate AI-powered analysis

with human-curated intelligence can refine

detection rules and adjust security policies in

real time, improving their ability to preemptively

block threats."

JOINT INITIATIVE

Detection and response are precisely where

automation and human expertise must work

in concert, states Travis. "AI-powered anomaly

detection, secure email gateways and

machine learning-based filters provide the first

line of defence, efficiently blocking known

threats and suspicious patterns. Yet attackers

exploit AI's weaknesses by crafting contextaware

phishing emails, leveraging generative

models to mimic natural human conversation

and bypassing rigid detection thresholds."

Here is the point at which human analysts

step in - investigating flagged emails,

identifying false positives and analysing

sophisticated attacks that evade automation.

"Their judgment and experience enable them

to detect the intent behind an email, making

nuanced determinations that technology

alone cannot. This feedback loop between

David Spillane, Fortinet: regularly updating

and patching systems can help to protect

against threats.

Dean Coclin, DigiCert: focus should be on

both the technology organisations use and

the operational processes that support this.


23

email protection

Zachary Travis, Fortra: organisations

must create a balance between AI-driven

automation and human expertise.

Usman Choudhary, VIPRE Security Group:

implement robust email security and foster

a culture of highly vigilant security awareness

among employees.

human insight and AI-driven security

continuously refines detection models and

strengthens overall protection."

A successful email security strategy, Travis

insists, is not built on AI or human expertise

alone, but through a balance of both.

"Organisations that combine automated

efficiency with expert-driven adaptability can

better predict, prevent, detect and respond

to evolving threats. By continuously refining

security policies, leveraging intelligence

from both technology and human analysis,

and adapting to emerging attack trends,

organisations can create an email security

framework that is resilient, proactive and

capable of countering even the most

sophisticated cyber threats."

SPAM BLITZ

VIPRE Security Group recently released its

annual email threat landscape report, titled

'Email Security in 2025: What to Expect from

the Evolving Email Threat Landscape',

highlighting what it regards as the most

significant trends in email-based attacks that

shaped enterprise security in 2024. "This

comprehensive analysis of global real-world

data reveals the advanced strategies and

techniques employed by cybercriminals in the

past year, enabling evidence-based projections

of the emerging email security threats in

2025," says the company. VIPRE processed

a total of 7.2 billion emails globally, of which

858 million were spam.

Of the never-seen-before spam emails, 37%

fell into the commercial, 32% into the scam

and 21% into the phishing categories of

spam. Across each quarter of 2024, the US

tops the 'spam senders' list, followed by the

UK. Interestingly, many other countries that

feature in the most 'spam senders' list are

also considered amongst the most trusted,

such as Switzerland, Sweden and Norway,

among others.

Most of the malware encountered in the

last quarter of 2024 were infostealers and

remote access trojans (RATs), designed to spy

on victims' machines and gather sensitive

information to send back to the attacker, as

well as deliver threats, such as ransomware.

Furthermore, all the malware encountered

was Windows-based, such as Stealc, Lumma

and AgentTesla.

CRIMINAL MINDS

Cybercriminals deployed a variety of phishing

tactics with links (70%) as the top favourite,

followed by attachments (25%) and QR codes

(5%). Noteworthy is that the use of QR codes

peaked at 12% in Q4 of 2024. Regarding

phishing links, URL redirection was the most

employed tactic (51%), followed by

compromised websites (19%) and newly

created domains (7%).

Business email compromise (BEC) remained

the favoured social engineering ploy,

reiterating that, despite security software

becoming more effective, people continue to

be the weakest link. "Threat actors leveraged

'impersonation' as a tactic in an average of

88% of all cases - followed by diversion, email

hijacking, and account takeover," VIPRE

reports. "Also, executive spoofing persists as a

serious threat, worsened by the use of AI.

74% of the time, CEOs and executives were

the roles that were compromised."

"This annual email landscape analysis

provides valuable insight into the

cybersecurity threats that will challenge

businesses in 2025", says Usman Choudhary,

chief product and technology officer, VIPRE

Security Group.

"To counter the increasingly automated and

AI-enhanced email-based threats," advises

Choudhary, "organisations need to implement

robust email security technologies and foster

a culture of highly vigilant security awareness

among employees, in equal measure. This

dual approach presents the most realistic and

effective approach to surmount the everadvancing

and difficult-to-spot, email-based

threats."

24


industry events

BRIAN COX TO HEADLINE AT INFOSECURITY EUROPE!

UK CYBERSECURITY BUDGETS SET TO SURGE BY MORE THAN 30% IN 2025, ACCORDING TO NEW EVENT REPORT

Professor Brian Cox will be the headline

act on day one of this year’s Infosecurity

Europe. He will deliver the opening

keynote on Tuesday, 3 June, at 10:00 am,

delving into Black Holes and Quantum

Computers, exploring whether 'Quantum

computers might change everything,

eventually ….'

The show, which runs from the 3-5 June

2025 at ExCeL London, will have a sharp eye

on quantum computing,which has fast

become one of the most pressing security

concerns of the modern era. And yet

Infosecurity Europe's 2025 Cybersecurity

Trends Report found that only 23% of

cybersecurity professionals who were

surveyed believe their organisations are

very prepared and have already implemented

robust quantum-resistant security measures.

When broken down, just 23% within

the financial sector cited that they are

in a real state of readiness to address the

potential cybersecurity threats posed by

quantum computing. Further to this, a mere

9% of those within the medical/healthcare

sector highlighted their preparedness. This

is concerning, given that the financial and

healthcare sectors are notoriously high risk.

While fully-functional quantum computers

are not yet commercially available, some

recent rapid advances have changed the

narrative to ‘when’ and not ‘if’.

Best estimates are we could start to see an

impact at the end of this decade. The speed

at which this technology is advancing raises

critical questions. PQC (Post Quantum

Cryptography) algorithms and framework

from NIST are now available, but are they

well enough understood as yet; and being

implemented correctly? How soon will

quantum capabilities disrupt existing security

protocols? Does the way in which blackholes

store information hold the key to speeding

up the development of stable quantum

computing? Cox's keynote will tackle these

questions head-on, offering his unique

perspective on the incredible science of how

black holes and quantum mechanics hold

the answer to the future of computing

and cyber security. He will discuss the mindbending

challenges involved in quantum

computing and the surprising insights

gained from the structure of black holes

and how they store information, concepts

that could hold the key to the next era of

cybersecurity.

"Quantum computing pushes the

boundaries of physics and the principles

are mind-blowing - trying to understand

the mechanics behind it is an exciting and

daunting challenge. There are multiple

theories around quantum physics and

we are on the cusp of a breakthrough

as we see its principles being applied to

computing in ways that could transform

the digital world," says Cox.

"Quantum computing promises huge

potential and possibility, but it also presents

fundamental challenges, particularly when it

comes to cybersecurity. I'm looking forward

to exploring these ideas and the concept of

black holes in quantum information storage

and what they mean for the future of

technology."

Meanwhile, the latest Cybersecurity Trends

Report reveals that three-quarters of organisations

expect their budgets to grow, with

20% anticipating increases of more than

50%. Investment priorities include application

security, network security, cloud

security and DevSecOps, as organisations

strive to stay ahead of evolving threats.

Brian Cox - an otherworldly view

of the Universe.

Also, just over 7 in 10 (71%) believe they

have the budgets required to ensure their

organisation is cyber-safe; another 18% said

their budgets were nearly enough; and 8%

said they don't have the funding they need

to cover what they want. The remaining 2%

hadn't yet costed their needs.

Despite this, almost half (47% in alll) of

cybersecurity professionals are struggling to

engage at board level, highlighting a gap

between technical teams and strategic

decision-making. The most-cited barriers

to building a strong cybersecurity culture

include insufficient resources (now 40%,

up from 22.5% in 2024) and lack of a clear

cybersecurity strategy aligned with organisational

goals (45%, up from 20.5%).

Visitor registration for Infosecurity Europe

2025 is now open. Register here to secure

your place.


25

email security

NEW DAWN:

THE GOLDEN AGE

OF SCAMMERS

A PHISHING CAMPAIGN DELIBERATELY GENERATED BY IBM ENGINEERS TOOK TECHNICALLY ADVANCED

HUMANS 16 HOURS - GENERATIVE AI DID IT IN 5 MINUTES

Spencer Starkey, SonicWall: crucial for

companies of all sizes to have a solution that

covers email security.

AI bots are being used to create

increasingly sophisticated and

convincing phishing scams, it is widely

reported, making it harder to detect and

potentially leading to more successful attacks.

These AI-powered scams can personalise

messages, mimic legitimate organisations,

and even generate deepfake videos and

images to build trust and manipulate victims.

According to customer communications

company Sinch Mailgun, scammers - using

generative AI - can now send phishing emails

to remove language barriers, reply in real

time and almost instantly automate mass

personalised campaigns that make it easier to

spoof domains and gain access to sensitive

data. It calls this worrying development 'The

golden age of scammers'.

AI phishing harnesses AI technology to

make it easier for scammers to mass-execute

scams that are more convincing to potential

victims. And it's working, says Sinch Mailgun.

"In the last few years, AI has streamlined and

escalated phishing tactics, allowing scammers

to rake in over $2 billion in 2022 alone." Since

the fourth quarter of 2022 (around ChatGPT

arriving), there's been a "1,265% increase in

malicious phishing emails", according to

cyber security firm SlashNext.

How do scammers implement AI? "The

availability of AI spans a broad spectrum,

from AI-generated copy to free hacker tools

like WormGPT - a dark version of the OpenAI

tool, or its paid counterpart FraudGPT,

available on the dark web. Both tools are

generative AI without safeguards and will

happily generate requests to create phishing

emails, generate code to spoof specific

websites or any other number of nefarious

requests," states Sinch Mailgun.

An AI phishing attack leverages artificial

intelligence to make the phishing emails

more convincing and personalised. "A bad

actor could use AI algorithms to analyse vast

amounts of data on a target segment, such

as social media profiles, online behaviour and

26


email security

publicly available information, which allows

them to create personalised campaigns. The

phishing message could even include familiar

touches, such as references to a user's recent

purchases, interests or interactions. This level

of personalisation increases the likelihood of

success. AI can also easily generate

convincing replicas of legitimate websites,

making it difficult for the recipient to

distinguish between the fake and real sites.

And here's the really bad news. "AI

generates output faster than humans. The

end. We can debate (and have in other posts)

the quality and best uses of the outputs, but

scammers aren't stopping to have that

conversation. A group of engineers at IBM

recently raced AI to create a phishing

campaign. What they discovered is that AI

performed better in an incredibly small

amount of time."

And from this experiment came the 5/5 rule.

"The 5/5 rule says that it takes 5 prompts and

just 5 minutes to create a phishing campaign

nearly as successful as a phishing campaign

generated by IBM engineers. What took

technically advanced humans 16 hours,

generative AI did in 5 minutes - and AI tools

will iterate to become faster and more

efficient, possibly exponentially. Humans have

their limits."

EVERYONE A POSSIBLE VICTIM

Statistics show that more than 90% of

successful cyber-attacks begin with a phishing

email and global companies are increasingly

victims of this type of scam. Huge concern

arises as technological advancements of the

kind highlighted above are dramatically

improving the ease of highly advanced cyberattacks:

as well as corporate executives,

anyone could be a victim of these dangerous

emails.

Spencer Starkey, executive VP EMEA at

SonicWall, says that, with email being one of

the most common vectors for cyberattacks,

including phishing, malware and

ransomware, that it's crucial for companies of

all sizes to have a solution that covers email

security. "Neglecting email security can expose

a company to significant risks, including data

breaches, financial losses and reputational

damage. In fact, smaller companies may be

more vulnerable to email-based attacks, as

they often lack the resources and expertise to

implement effective security measures.

"A comprehensive email security solution

should include features such as spam

filtering, malware scanning, link protection

and data loss prevention. By implementing

such a solution, companies can protect their

employees, customers and partners from

email-based threats and ensure the integrity

and confidentiality of their communications."

QUANTUM QUESTIONED

At the same time, developments in quantum

computers are constant - and AI has the

potential to play a huge role in its progress,

something that is concerning for global

security systems, as quantum technology puts

our threat landscape at huge risk, warns Tim

Callan, chief experience officer at Sectigo.

"The quantum paradox is evident. While the

remarkable processing power of quantum

holds boundless potential, it simultaneously

poses a significant threat to the foundation

of all encryption. We must not forget the

security challenges associated with this

advanced technology. It is imperative that

businesses take their own proactive measures

to prepare for this eventuality by transitioning

to quantum-safe algorithms before it is too

late."

Enterprises will "sit up and take notice" of

the threat quantum computers pose to the

cryptography that enables and secures nearly

all our digital operations today, he adds.

"Large enterprises, those in particularly

sensitive industries [such as financial, medical

or military contractors], and businesses with

high value intellectual property will begin

building roadmaps for deployment of postquantum

cryptography (PQC) to keep their

assets and operations safe from this new

computing paradigm This accompanies a

general increase in focus on automation of

cryptography and certificates, certificate

lifecycle management and crypto agility."

OPPORTUNITY KNOCKS

The UK's AI Opportunities Action Plan,

recently unveiled by the government, is seen

as an important step forward by Dr Shweta

Singh, assistant professor of information

systems and management at The University

of Warwick. "The UK's AI Opportunities

Action Plan offers significant benefits,

including enhanced efficiency in public

services, the creation of AI Growth Zones and

improved healthcare through faster

diagnoses. It also aims to position the UK as a

global leader in AI innovation, potentially

adding £47bn annually to the economy.

"However, this action plan faces several

major challenges despite its promise. One

significant issue is regional inequality; while

growth zones aim to spread benefits,

historically tech innovation has often been

concentrated in specific regions like London

or the Southeast, leaving others behind.

Additionally, the UK's reliance on foreignowned

AI firms, such as Google-owned

DeepMind, raises concerns about domestic

innovation and intellectual property

retention.

"Regulatory and ethical challenges also

loom, as the government must balance

innovation with safeguarding privacy,

ensuring fair data use and preventing

misuse." She points to how The New York

Times has highlighted how facial recognition

technologies disproportionately misidentify

people of colour, resulting in wrongful arrests

and false criminal accusations.

"Lastly, the skills gap in the UK's workforce

could hinder the adoption of AI technologies,

requiring substantial investment in education

and retraining programs to ensure

widespread accessibility and equity."


27

incident response

ACTION STATIONS!

WHAT EXACTLY ARE THE ESSENTIAL ELEMENTS OF AN INCIDENT

RESPONSE PLAN AND HOW BEST TO PUT THESE INTO EFFECT?

Sergio Bertoni, SearchInform.

Setting up an incident response plan

that encompasses both internal

and external processes, in order

to respond effectively to cybersecurity

incidents, is a must for any organisation.

The main goal here is to swiftly minimise

damage to systems and data, restore

services and processes, reduce recovery

time and cost, control damage to brand

reputation and mitigate the likely risk of

future incidents.

So, what are the essential elements

that need to be included in such a plan

and how best to put these into effect?

As Sergio Bertoni, lead analyst at

SearchInform, points out, a data leak

can occur when you least expect it, so

it's crucial to be prepared. "Let's go over

the steps to take, if you experience one,"

he suggests.

CONTAINING THE LEAK

"Identify the data leak source and shut it

down immediately. Ensure that the database

doesn't remain publicly accessible

to prevent further exposure. Confirm

that the hacker or the malicious insider

responsible no longer has access."

ASSESSING THE SCOPE OF THE LEAK

"Determine whether any other sensitive

data has been compromised beyond

what is visibly leaked. Hackers may have

access to a sensitive data that appears

untouched at first glance."

NOTIFYING REGULATORS

"Notification periods vary by jurisdiction.

Some regulations don't set strict time

limits. Others set clear deadlines, such

as the GDPR, which mandates a personal

data breach to be notified to the supervisory

authority within 72 hours."

INVESTIGATING THE LEAK

"A preliminary analysis can be done,

based on the external characteristics

of the leaked data. A specific pattern

of records might indicate whether the

data leaked from your organisation or a

contractor. However, identifying the root

cause requires a full investigation, using

specialised software. If the company had

poor data management from the start -

no logging of actions or access controls

- the investigation process will be

difficult." To keep data organised and

prevent incidents, Bertoni adds, it's

worth considering the implementation

of DCAP and DLP systems now."

MITIGATING REPUTATIONAL

DAMAGE

"You must provide clarity to your

customers. This is not just an ethical

obligation, but, in some cases, a legal

one. For example, GDPR mandates

communicating affected individuals, if

the breach 'is likely to result in a high

risk to their rights and freedoms'. Be

transparent: explain what happened,

how it happened and what information

was exposed. Offer guidance on mitigating

risks, and outline the company's

incident response and future security

measures."

The PR team should monitor media

coverage, and articulate the company's

stance and actions taken.

ASSESSING LEGAL RISKS

"There is a risk of regulatory fines. For

example, HIPAA penalties range from

141 USD to 2 million USD, depending

on the level of culpability. Another legal

risk comes from potential lawsuits filed

by customers, employees or business

partners whose data was compromised.

The legal team must be prepared for

such scenarios. To be able to mitigate

legal consequences, it is critical to

document the timeline of the leak

discovery and all actions taken."

28


regulations

ADORE DORA OR NOT, IT'S HERE TO STAY

THE DIGITAL OPERATIONAL RESILIENCE ACT (DORA) HAS A WIDE REMIT. ANY FINANCIAL SERVICES

ORGANISATIONS BASED OUTSIDE THE EU, BUT PROVIDING SERVICES TO EU CITIZENS OR BANKING

ENTITIES, FALL WITHIN ITS GRASP

The Digital Operational Resilience Act

(DORA), which came into force on 17

January this year, is primarily focused on

driving operational resilience improvements

across the EU's 22,000 financial entities. The

Act covers five key areas:

IT risk management

Incident management and reporting

Digital operational resilience testing

Third-party IT risk management

Information sharing.

"DORA applies not just to banks, but to

credit institutions, payments providers,

insurance companies, investment firms,

fund managers, pension funds, crypto-asset

services, IT third-party service providers,

crowdfunding services, and more," points

out Michelle DeBella, CFO of JumpCloud.

"Therefore, any financial services organisation

operating in the EU - or based outside the

EU, but providing services to EU citizens or

banking entities - that is under the illusion

that DORA doesn't apply to their business,

should think again.

"To comply with DORA, financial organisations

and critical third-party IT providers

will be required to define, approve, oversee

and be accountable for the implementation

of all arrangements related to DORA's riskmanagement

framework. One of the ways

to meet these requirements is to have robust

identity and access management (IAM) in

place.

"Modern IAM ensures that only the right

people have access to the right information at

the right time from trusted devices, networks

and endpoints," she adds. "Access management

can be defined from a departmental

level down to an individual role-based level

with different attributes that define what they

can access based on their functional roles and

responsibilities. This allows people to access

data and make changes in ways that are

crucial to their jobs, and nothing else."

DORA mandates firms to adopt IT governance

and control frameworks, including an IT

risk management framework that is documented

and regularly reviewed. "With this

mandate, it's critical that an organisation's

IAM provides visibility across all levels of

access in the information, communication

and technology (ICT) environment," states

DeBella.

CRUCIAL PARTNERS

Osca St Marthe, executive VP global solutions

engineer at SonicWall, offers this further

advice:

Banks should lean on MSPs: "As regulatory

requirements like DORA become more

stringent, banks face increasing pressure to

bolster their cybersecurity, data protection

and operational resilience. Managed Service

Providers (MSPs) are crucial partners in this

effort. MSPs are a vital resource for banks

aiming to meet regulatory standards,

enhance cybersecurity and also maintain

business continuity."

Implement Robust Cybersecurity Controls:

"Under DORA, banks must have solid

cybersecurity frameworks in place to detect,

respond to and recover from operational

disruptions. Ensure systems are equipped

with next-gen firewall protections, encryption

Michelle DeBella, JumpCloud: having

robust identity and access management

(IAM) in place is a must.

and real-time monitoring," St Marthe states.

Establish Incident Reporting Procedures and

Timelines: "DORA requires banks to have

clear protocols for reporting and managing

incidents. This includes establishing a

reporting timeline [within four hours of

detection], and notifying regulators and

clients."

Third-party risk management reminder: "It's

also important to remember that, in an

interconnected world, DORA extends to thirdparty

risk management across a bank's value

chain, helping them maintain regulatory

compliance and avoid potential penalties,"

he concludes.


29

cyber automation

AUTOMATION NOW 'A NECESSITY'

STRICT REGULATORY REQUIREMENTS, SOPHISTICATED CYBER THREATS AND

THE SOARING GROWTH OF SENSITIVE DATA DEMANDS A MORE SYSTEMATIC,

AUTOMATED APPROACH TO SECURITY AND COMPLIANCE

As organisations are having to navigate

through an increasingly complex digital

landscape, the automation of data

security and compliance processes has become

not just an advantage, but a real necessity.

That is the contention of John Lynch, director,

Kiteworks, who argues: "The convergence of

strict regulatory requirements, sophisticated

cyber threats and the exponential growth of

sensitive data demands a more systematic,

automated approach to security and

compliance."

Modern enterprises face a challenging reality,

he states: namely, that they must protect

sensitive data across multiple channels, while

ensuring compliance with various regulations

such as GDPR, HIPAA, and industry-specific

requirements. "Manual oversight of these

processes is no longer feasible, given the

volume and velocity of data movement in

today's digital operations.

"At the heart of modern security automation

lies intelligent content analysis and automated

data tagging. Advanced systems can now

automatically classify and tag data based on

content type, sensitivity level and regulatory

requirements. This automated categorisation

ensures that appropriate security controls and

governance policies are consistently applied

without manual intervention, significantly

reducing the risk of misclassification and

potential compliance violations.

The automation, Lynch points out, extends

to sophisticated governance controls, where

systems dynamically manage viewing, editing

and sharing permissions based on data classification

and user roles. "These automated

governance frameworks ensure that sensitive

information remains accessible only to authorised

personnel, while maintaining detailed

audit trails of all interactions with protected

data."

Organisations implementing these

automated solutions can significantly reduce

human error, accelerate response time and

maintain consistent security protocols across

their digital infrastructure, he adds. "The

systems continuously monitor data transfers,

automatically encrypt sensitive information

and enforce compliance policies in real time.

All while maintaining granular control over

data access and sharing permissions."

The benefits of automation extend way

beyond basic security measures, he says.

"Advanced platforms now provide comprehensive

audit trails, automated compliance

reporting and intelligent threat detection.

This systematic approach allows organisations

to prove compliance more effectively, while

simultaneously strengthening their security

posture through automated content

awareness and governance controls."

Looking ahead, the role of automation

in security and compliance will only grow

more critical. "As regulations become more

complex and cyber threats more sophisticated,

organisations that embrace automated

solutions - particularly those leveraging

intelligent data tagging and automated

governance - will be better positioned to

protect their sensitive data and maintain

compliance, without sacrificing operational

efficiency."

SPENDING IS UP

In timely fashion, intelligence platform

company ThreatQuotient has released its

'Evolution of Cybersecurity Automation

Adoption 2024' report. Based on survey

results from 750 senior cybersecurity professionals

at companies in the UK, Australia and

the US from a range of industries, the report

examines the progress senior cybersecurity

professionals are making towards adopting

automation, its key use cases and the

challenges they face.

Eight-in-ten respondents (80%) now say

cybersecurity automation is important, up

from 75% last year and 68% the previous

year. Additionally, budget for cybersecurity

automation has increased every year and this

year's survey is no different, with 99% of

respondents increasing spend on automation.

Significantly, 39% of respondents now have

net new budget specifically for automation,

a significant rise on the 18.5% who said

this previously, when decision-makers were

diverting budget from other cybersecurity

tools or reallocating unused headcount funds.

Key research findings in the report also

include:

Key use cases: Incident response was the

top-use case for automation (32%), rising

consistently through the course of the

study. This was followed by phishing

analysis (30%) and threat hunting (30%),

which has also continued to rise

Challenges are evolving: Most survey

participants reported problems with

cybersecurity automation: the top three

challenges were technological issues, lack

of budget and lack of time. As automation

deployments mature, trust in outcomes of

automated processes has increased

Growth in threat intelligence-sharing:

99% of cybersecurity professionals say they

share cyber threat intelligence through at

least one channel; 54% share cyber threat

30


cyber automation

intelligence with their direct partners and

suppliers; and 48% share with others in

their industry through official threatsharing

communities

Integration is key: Two-thirds (67%) of

respondents integrate best-of-breed

solutions into their architecture to deliver

their cybersecurity strategy effectively

AI gathers momentum: Fifty eight per cent

of respondents say they are using AI in

cybersecurity. Half are using it everywhere

and half in specific use cases. A further

20% say they are planning deployments

in the year ahead

Expected attack vectors in the year ahead:

Cyber-physical attacks are considered most

likely in the year ahead, followed by

phishing and ransomware.

"It is tough for cybersecurity professionals

who now face fast-changing cyber and

cyber-physical threats of unprecedented

sophistication, volume, velocity and variety,"

says Leon Ward, vice president, product

management, ThreatQuotient. "Defending

their business is an enormous task and

cybersecurity professionals must become

more resilient. What we are seeing in this

'new normal' landscape is the need for

more automation, scale and better threat

intelligence sharing. A collaborative approach

to cybersecurity helps organisations better

defend, as industries scale their knowledge

to respond to attacks."

TARGETING THE MONEY

Meanwhile, businesses with revenues

exceeding $50 million (£40.5m) are 2.5x

more likely to face cyber incidents, according

to a Cyber Roundup Report published by

cyber insurance company business Cowbell.

Drawing on a three-year data set from over

46 million SMEs across the UK, Japan and

the US, the report, as well as spotlighting

the frequency of attacks among larger

organisations, also sheds light on the

heightened vulnerability of smaller SMEs,

due to limited cybersecurity resources, and the

escalating threat of supply chain attacks and

industry-specific cyber exposure. Discussing

the report findings, Cowbell founder and CEO

Jack Kudale comments: "The digital age has

opened up some incredible avenues for

business growth. But, in the same breath, it's

also brought a complex set of cyber risks.

Across the board, we're seeing cybercriminals

capitalise on interconnectivity, automation

and emerging tools like AI to launch

increasingly sophisticated attacks."

Key findings include:

Supply chain attacks have surged by 431%

since 2021, indicating a growing

vulnerability in interconnected business

ecosystems

The manufacturing sector emerges as the

most at risk, with cyber risk scores 11.7%

below the global average - a finding driven

by the sector's reliance on automation and

the sensitivity of its intellectual property

Public administration and educational

services also face elevated risks, particularly

from ransomware attacks, with a 70%

increase in attacks on educational

institutions over the past year

Five risky technology categories were

identified: operating systems, content

management tools, virtualisation

technologies, server-side technologies and

business applications.

Kudale continues: "This report underscores

one particularly critical reality: no business -

large, small, or niche - is immune to cyber

threats. Larger organisations are key targets,

because of their vast data and complex

operations, while smaller businesses are at

risk, due to supply chain vulnerabilities and

limited cybersecurity resources. The latter

may face a lower frequency of attacks overall.

However, the consequences of a single

incident can be devastating, including

significant financial losses, crippling downtime

and business interruption and, in some cases,

closure. The stark 70% rise in attacks on educational

institutions, many under-resourced,

highlights how vulnerable underprepared

sectors can be."

John Lynch, Kiteworks: Manual oversight

is no longer feasible, given the volume

and velocity of data movement in today's

digital operations.

Leon Ward, ThreatQuotient: cybersecurity

professionals now face fast-changing

cyber and cyber-physical threats of

unprecedented sophistication, volume,

velocity and variety.


31

employee threat

THE INSIDER MENACE

IAM SYSTEMS THAT ARE NOT PROPERLY INTEGRATED OR MAINTAINED POSE MULTIPLE ISSUES,

SUCH AS ACCESS CREEP OR UNCHECKED PERMISSIONS THAT ARE RIPE FOR EXPLOITATION

Insider threats remain a top concern for

organisations in 2025, with the potential

to escalate as networks become more

intricate and employees more dispersed.

Whether malicious or negligent, employees

pose significant risks, exposing businesses

to data breaches, financial losses, operational

disruptions and the potential for

long-term reputational damage. Nearly

80% of IT professionals express concern

about breaches originating internally, with

almost half having already experienced one.

Such threats are expected to rise, as both

remote and hybrid work continue to expand,

increasing access to cloud services and

complicating user access management,

says Chase Doelling, principal strategist,

JumpCloud. "As organisations scale their

digital infrastructure, managing user access

becomes a complex challenge. IT admins

are tasked with managing user access

across a variety of devices and tools, whilst

ensuring sensitive data remains protected.

Identity Access Management (IAM) plays

a crucial role in this by providing only

authorised individuals access to the

resources within an organisation."

However, when IAM systems are not

properly integrated or maintained,

organisations risk multiple issues, such

as access creep (employees accumulate

unnecessary privileges) or unchecked

permissions that are ripe for exploitation.

According to JumpCloud's Q1 2025 SME

IT Trends Report, 37% of cyber-attacks on

UK SMEs were the result of stolen or lost

credentials, while 30% were attributed to

excessive permissions.

"The shift to remote and hybrid work has

made it clear that identities are the new

perimeter," adds Doelling. "Employees now

have constant access to sensitive systems

from multiple devices and networks,

which introduces new security challenges.

Implementing an integrated approach to

IAM across the business ensures that IT

administrators have visibility and control

over who has access to sensitive data and

resources. Implementing the Principle of

Least Privilege (PoLP) is also beneficial in

ensuring that employees only have access

to the data and tools necessary for their

specific roles."

Multi-factor Authentication (MFA) is

recommended for high-risk activities, such

as accessing sensitive data, transferring

funds or modifying critical infrastructure.

Applying single sign-on (SSO) helps to

centralise and simplify user authentication,

while employing consistency across

multiple applications.

"It's essential that regular access reviews

are conducted, enabling application

access to be revoked throughout an

employee's career lifecycle," he states,

"beginning with onboarding through

different role changes and finally

departing the business." Also, IT teams

should prioritise user experience by

choosing user-friendly tools and providing

adequate training for employees.

"Complex IAM systems will continue to

pose a significant risk for organisations

managing insider threats effectively,

whether intentional or accid-ental.

Therefore, it's critical to execute proactive

prevention strategies, like stricter IAM

governance and streamlined access

control, to combat this growing risk."

LOSS OF CONTROL

As Darren Guccione, CEO and co-founder

of Keeper Security, also points out: "With

employees accessing company systems from

various locations and devices, organisations

lose the visibility and control they once had,

expanding the attack surface for

cybercriminals. Hackers are no longer just

infiltrating systems - they are logging in. By

exploiting weak passwords, shared

credentials and poorly managed access

controls, they can bypass traditional

defences and wreak havoc from within.

Organisations without robust Identity and

Access Management (IAM) remain

vulnerable to credential theft, phishing

schemes and unauthorised data access."

Consider the fallout from a single mistake,

he suggests. "An employee receives an

email that appears to be from IT, requesting

an urgent password reset. Without verifying

the source, they click the link, input their

credentials into a fraudulent site and

unwittingly hand cybercriminals access to

internal systems. Once inside, attackers can

escalate privileges, gather sensitive data and

move laterally across the network,

potentially causing millions in damages

before the breach is even detected."

To address these risks, organisations must

adopt a proactive approach, states

Guccione. "Privileged Access Management

(PAM) ensures that only those who need

access to certain systems can get it,

dramatically limiting exposure. Regular

audits, credential rotations and leastprivilege

access policies make it harder for

cybercriminals to exploit stolen credentials.

Multi-Factor Authentication (MFA) adds a

crucial layer of defence, even if passwords

32


employee threat

are compromised. Additional tools like

biometric scans or one-time passcodes help

further secure critical systems."

AI-powered threat detection offers realtime

monitoring and early warnings of

unusual activity, enabling swift responses

to prevent breaches, he adds. "However,

technology alone isn't enough. Continuous

employee training on cybersecurity best

practices - such as password hygiene,

phishing awareness and data protection -

is essential. Human error remains a leading

cause of breaches, making it vital to

empower employees to identify and

respond to threats. Solutions must also

be user-friendly and easy-to-deploy to

encourage user-adoption across the

organisation.

Security must be a shared responsibility,

Guccione says. "A proactive, comprehensive

strategy is key to protecting sensitive data

and ensuring business continuity in 2025."

‘PERSONA’ POINTERS

Stephen Smithers, head of cyber security,

Xalient, believes the first 'persona' to

highlight when it comes to insider threats

is the employee with a limited awareness

of security. "These individuals are more

likely to be at risk of phishing attacks,

social engineering and credential

compromise, due to poor password

hygiene, both within the company's

systems, but also in their personal life,

which increases the risk of password

compromise significantly."

The second persona is an individual

who knowingly bypasses existing security

controls and processes, he explains. "This

can be motivated by a need to address

operational challenges or to gain more

freedom from scrutiny. Whatever the

cause, their actions can introduce malware

into the business, expose credentials or

sensitive data, and reduce the effectiveness

of exist-ing security services by limiting

visibility into business activity and data."

The third persona can be classed as a

disgruntled employee, whose motivation is

malicious with an intent to disrupt or steal

business data. "The extent of the damage

or data they can access will depend on the

combination of the permissions associated

with their and any other credentials they

have access to," comments Smithers.

Across all of these, it is clear that identity

is a key factor in limiting the risks associated

with insider threats. "For the first and

second insider threat personas, multifactor

authentication can impair the ability

for threat actors to utilise compromised

credentials, which can be combined with

monitoring capabilities to detect credential

compromise and initiate response activity

to protect the business and the users.

"For all the personas, the definition and

maintenance of permissions assigned to

an identity based on business need can

significantly reduce the at-risk services and

data. While simple to state, the complexity

of permissions management across a

complex hybrid application and data

landscape requires investment in solutions

designed to address this challenge."

While the implementation of these

identity controls can helpto limit the many

risks of insider threats, they cannot simply

remove them, he cautions. "The implementation

of monitoring solutions to detect

abnormal activity, such as UEBA [user

entity and behavioural analytics], is necessary

to identify malicious activity within

business sanctioned communications - for

example, the unusual extraction of large

amounts of data."

While identity is a key security control

in addressing insider threats, Smithers

concludes, security awareness training

and staff engagement on security projects

should also be considered.

Chase Doelling, JumpCloud: the shift to

remote and hybrid work has made it clear

that identities are the new perimeter.

Darren Guccione, Keeper Security:

hackers are no longer just infiltrating

systems - they are logging in.


33

quantum

CRACKING UP

ONCE THE FIRST QUANTUM COMPUTERS ARE 'LIVE', MOST OF OUR EXISTING ENCRYPTION

ALGORITHMS WILL BECOME OBSOLETE. HOW WORRIED SHOULD WE BE?

Chris Hickman, e92plus.

While most cyber threats feel

immediate, as they evolve at

pace quickly, the need for Post-

Quantum Cryptography (PQC) seems to

be more existential. Quantum computing

is coming and, while no one knows with

any certainty when it will arrive, the fact

is, once the first quantum computers

are live, most of our existing encryption

algorithms will become obsolete.

"It's comparable to the Y2K fear," says

e92plus chief security officer Chris

Hickman: "potentially catastrophic, but

no one knows how bad it could be."

While there is no discernible deadline,

the timelines are becoming clearer. "NIST

released the PQC algorithms to transition

to last year, with legacy encryption

algorithms being officially deprecated by

2030 and disallowed after 2035."

With that in mind, are organisations

ready for PQC? Findings from Keyfactor's

State of Quantum Readiness Report in

2024 highlighted that most respondents

(57%) believe it will take 2-5 years to get

their organisations ready to transition to

PQC. "However, it's important to note

that most studies now estimate the

timeline may take closer to 10-15 years

to transition in reality," adds Hickman.

RISKS AND CHANGES

"The same report found that 80% of

respondents agree they are concerned

about the ability to adapt to risks and

changes in cryptography. Clearly, it's a

long process and, with a timeline of five

years to move to a new technology, it's

becoming a concern, especially as many

projects can easily suffer from delays,

budgeting constraints and supply chain

issues, resulting in lengthening

timescales."

Yet the threat is not to be contained by

timelines: it is actually more immediate.

There is a widely acknowledged trend

that can be described as 'steal now,

decrypt later' where encrypted content

is stolen and stored to be accessed at

a later time. once quantum computing

reaches maturity. "In a Deloitte survey,

over 50% of quantum-aware organisations

believe they are 'at risk' from it.

That brings the important deadline

forward to today," he cautions.

However, there simply are not enough

conversations happening, adds Hickman.

"PQC is low down on the list of cybersecurity

priorities [if it even makes the

list] and is only being discussed by the

largest enterprises - and, even then, the

focus on quantum computing is the

potential performance advantage

through data processing and calculation

speed, rather than the future threat."

Where should you even start? "The

common entry for many organisations

will be discovery of keys and certificates

to gain a complete inventory," Hickman

suggests. "Public Key Infrastructure (PKI)

Code signing, machine identity and

document encryption are good first

steps, as well as understanding the

current scope and reviewing where

quantum-safe cryptography could be

deployed. Keyfactor has found that 93%

of organisations acknowledge that their

current PKI is insufficient - so, if they are

unprepared for today's threats, they'll be

even more vulnerable to tomorrow's."

QUANTUM TELEPORTATION

To spice things up even further, Oxford

University is reported to have built a

quantum computer that can achieve

teleportation. The researchers say that

quantum teleportation can result in a

future of the quantum internet - which

would change the technological landscape

as we know it.

"The quantum paradox is evident," says

Tim Callan, chief experience officer at

Sectigo. "While the remarkable processing

power of quantum holds boundless

potential, it simultaneously poses a

significant threat to the foundation of all

encryption."

34


Computing

Security


Product Review Service

VENDORS – HAS YOUR SOLUTION BEEN

REVIEWED BY COMPUTING SECURITY YET?

The Computing Security review service has been praised by vendors and

readers alike. Each solution is tested by an independent expert whose findings

are published in the magazine along with a photo or screenshot.

Hardware, software and services can all be reviewed.

Many vendors organise a review to coincide with a new launch. However,

please don’t feel that the service is reserved exclusively for new solutions.

A review can also be a good way of introducing an established solution to

a new audience. Are the readers of Computing Security as familiar with

your solution(s) as you would like them to be?

Contact Edward O’Connor on 01689 616000 or email

edward.oconnor@btc.co.uk to make it happen.

Computing

Security


e-newsletter

Are you receiving the Computing Security

monthly e-newsletter?

Computing Security always aims to help its readers as much as possible to do

their increasingly demanding jobs. With this in mind, we've now launched a

Computing Security e-newsletter which is produced every month and is available

free of charge. This will enable us to provide you with more content, more

frequently than ever before.

If you are not already receiving this please send your request to

christina.willis@btc.co.uk and advise her of the best email address for the

newsletter to be sent to.

CSLATEST

Transform your PDFs into Flipbooks and boost your revenue!

Delete template?

Save as template ?