CS Sep-Oct 2025

Computing

Security

Secure systems, secure data, secure people, secure business

RAGE OF THE MACHINE

Is AI now poised to

weaponise its own

output, in obedience

to an attacker's

request?

NEWS

OPINION

INDUSTRY

COMMENT

CASE STUDIES

PRODUCT REVIEWS

Facing the future

New encryption tools

have arrived to help fight

off a quantum computer

attack

THE BATTLE IS NEVER OVER

Cybercriminal strikes

soar in sophistication

and number

SPACED OUT

As space becomes the next frontier

for innovation, exploration and commerce,

it's also turning into a new

battleground for cyber threats

Computing Security September/October 2025

Building cyber security

awareness together.

Leading the way in personalised

cyber security awareness.

Keep your staff engaged, cyber-secure, and compliant with our award-winning,

personalised cyber security training.

Designed with real people and teams in mind, our expertly crafted content transforms

cyber security into an informative and captivating experience. By making learning

fun and impactful, we maximise engagement and enhance staff security behaviour,

ensuring constant vigilance against cyber threats.

Our staff fully engaged with our

security awareness program, with

completion rates over 85%

Best cyber security awareness

platform available

comment

THE BIGGER YOU ARE…

Robert Hann,

Entrust.

The reality that there is no

organisation too powerful

to become the victim of an

attack is regularly reinforced by

events, none more so than the

security flaw that was uncovered

in Microsoft software - a flaw

that enabled attackers to steal

sensitive data from governments

and organisations worldwide.

It's a humbling and, all too

often, devastating experience for

whomever becomes the victim

of an attack, but the bigger you

are, the harder you fall, when it

comes to public exposure and

embarrassment. What lessons

can 'lesser mortals' extract from

the Microsoft experience?

Robert Hann, global VP

technical solutions at Entrust,

warns that, without a Zero Trust

approach and better protection

for cryptographic assets, organisations will remain dangerously exposed. "Cryptographic

asset theft is the new 'phishing', in that bad actors have learnt, like stealing passwords,

that getting an important cryptographic asset like API Keys or a Machine Identity is

much easier than brute force methods. Once stolen, the power of these credentials

means they get broad and often deep access to the most sensitive data and systems in

one or many organisations."

This is why enterprises must embrace a Zero Trust mindset and assume that breaches

will occur, he warns. "Continuously assessing cryptographic asset risks to find vulnerabilities

by way of automated compliance profiling provides actionable insights that are

critical to minimising damage and preventing a breach in the first place."

No doubt Microsoft is now following its own path to prevent any recurrence of a

similar espionage operation to the one that targeted its Sharepoint server software,

compromising about 100 organisations. China-based threat actors were blamed,

though Microsoft succumbing to these attacks has drawn its own share of criticism.

Brian Wall

Editor

Computing Security

brian.wall@btc.co.uk

EDITOR: Brian Wall

(brian.wall@btc.co.uk)

LAYOUT/DESIGN: Ian Collis

(ian.collis@btc.co.uk)

SALES:

Edward O’Connor

(edward.oconnor@btc.co.uk)

+ 44 (0)1689 616 000

David Bonner

(dave.bonner@btc.co.uk)

+ 44 (0)1689 616 000

Stuart Leigh

(stuart.leigh@btc.co.uk)

+ 44 (0)1689 616 000

PUBLISHER: John Jageurs

(john.jageurs@btc.co.uk)

Published by Barrow & Thompkins

Connexions Ltd. (BTC)

Suite 2, 157 Station Road East

Oxted. RH8 0QE

Tel: +44 (0)1689 616 000

Fax: +44 (0)1689 82 66 22

SUBSCRIPTIONS:

UK: £35/year, £60/two years,

£80/three years;

Europe: £48/year, £85/two years,

£127/three years

R.O.W:£62/year, £115/two years,

£168/three years

Single copies can be bought for

£8.50 (includes postage & packaging).

Published 6 times a year.

© 2025 Barrow & Thompkins

Connexions Ltd. All rights reserved.

No part of the magazine may be

reproduced without prior consent,

in writing, from the publisher.

www.computingsecurity.co.uk Sept/Oct 2025 computing security

@CSMagAndAwards

3

Secure systems, secure data, secure people, secure business

Computing Security September/October 2025

inside this issue

CONTENTS

Computing

Security

NEWS

OPINION

INDUSTRY

COMMENT

CASE STUDIES

PRODUCT REVIEWS

RAGE OF THE MACHINE

Facing the future

Is AI now poised to

New encryption tools

have arrived to help fight

weaponise its own

off a quantum computer

output, in obedience

attack

to an attacker's

request?


Cybercriminal strikes

soar in sophistication

and number

SPACED OUT

COMMENT 3

NHS cash injection can't quell attack fears

As space becomes the next frontier

for innovation, exploration and commerce,

it's also turning into a new

battleground for cyber threats

NEWS 6

AI-powered data control at MoD

Hidden risk in AI adoption

SonicWall expands cyber solutions

'Open Window' to cyber-attacks fear

Jailbreak alert

Eyes on Delinea Iris AI

ARTICLES

CSA AWARDS: CAST YOUR VOTES! 10

The Computing Security Awards 2025 are

almost upon us. This is your LAST chance

to vote for the finalists that you believe

deserve to take the laurels on the night

at a gala event in London

FILTERING OUT THE BAD STUFF 18

HOW INDUSTRY COLLABORATION

A skilled analyst can dissect an email,

HELPS TO SHAPE CYBER SECURITY 16

recognise subtle patterns and feed that

Computing Security has been talking to

intelligence back into security systems, points

Mark Hendry, Partner and Cyber Risk

out one industry observer. “Machines can

Specialist at UK accountancy firm S&W,

catch yesterday's scams; humans are what

for his inside views on cyber risk

keep organisations ready for tomorrow's,” is

the mantra that he says should be embraced.

TIME TO DITCH FORTRESS MODEL? 25

The old way of making a business safe

isn't working any more, states the CTO

of one leading security company

POST-QUANTUM THREAT FIGHTBACK 22

LIVING OFF THE LAND 26

The average cost of a data breach has

Quantum technology is advancing rapidly

fallen, but cybercriminal attacks continue

and organisations risk falling behind. With

to increase in sophistication and number

such threats in mind, the National Institute

of Standards and Technology (NIST) has

THE BATTLE FOR OUTER SPACE 28

now released a set of encryption tools that

The systems that make space operations

have designed specifically to withstand the

possible are increasingly vulnerable to

attack of a quantum computer.

hacking, interference and espionage

PRODUCT REVIEW

ENDPOINT PROTECTION ESSENTIALS 26

Defending endpoints now calls for a rapid

KEEPER SECURITY KEEPERPAM 21

shift in both mindset and strategy. Real-time

An "essential cybersecurity strategy that

behavioural analysis must be included in any

allows businesses to significantly reduce

their attack surface".

protection strategy, ensuring that suspicious

activity can be identified as soon as it occurs,

even if the threat that is being faced has

never been encountered before.

computing security Sept/Oct 2025 @CSMagAndAwards www.computingsecurity.co.uk

4

AGE OF THE MACHINE RAGE 12

Are we nearing the point where machines

don't just mishandle data, but actively

weaponise their own outputs in obedience

to an attacker's request? AI-generated

documents, for instance, that might contain

embedded scripts delivered downstream to

unsuspecting enterprise users.

20

20YEARS OF

THE INTERSECTION OF

REAL-WORLD

CASE STUDIES

SOLUTIONS

THAT FIT

INTERACTIVE

WORKSHOPS

PEER-TO-PEER

ROUNDTABLES

ITSM &

OPERATIONS

IT INFRASTRUCTURE

& CLOUD

CYBER

SECURITY

DATA

MANAGEMENT

COMMUNICATIONS

& COLLABORATION

CUSTOMER

EXPERIENCE

news...news...news

MOD EMBRACES AI-POWERED DATA CONTROL

The Ministry of Defence (MoD) has selected Australian dualuse

technology company Castlepoint Systems to prevent

data leaks with AI-powered data control. Castlepoint's

proprietary Explainable AI technology will provide real-time,

automated control over complex datasets to reduce the risk

of human-led errors when handling sensitive data.

Rachael Greaves.

"Securing this contract with the Ministry of Defence as our

first UK account is a key milestone for Castlepoint, underscoring

the critical importance of sophisticated data control for any

organisation, not just national security," says Rachael Greaves,

CEO of Castlepoint Systems. "The MoD faces a complex

challenge in managing vast and sensitive datasets in the

knowledge that even a single case of data leak or loss can be catastrophic."

Neil Roseman.

THE HIDDEN RISK IN AI ADOPTION

Businesses are investing in AI at breakneck

speed, both for the efficiencies it already

delivers and for the potential it promises.

"Yet, for all the hype and budget allocation,

most organisations are struggling to show

clear, company-wide ROI from these

initiatives," cautions Neil Roseman, CEO,

Invicti. "At the same time, security and

privacy concerns are coming to the fore."

Companies are integrating AI-powered

applications into their ecosystems faster

than they can secure them. "The new tools

carry new risks and are often built or

adopted outside standard development

pipelines, bypassing traditional software

security and quality processes. We're already

learning to address AI security gaps and

privacy concerns, but overreliance is a

different beast.

"The companies that will thrive in an AIdriven

economy aren't those that adopt AI

fastest or most extensively-they're the ones

that deploy it most thoughtfully. Right now,

the biggest threat isn't AI going rogue. It's

us outsourcing our thinking to it," he states.

ADVANTECH APPOINTS ARCOBEL AS A CHANNEL PARTNER

Advantech's new strategic partner Arcobel will,

it states, "accelerate the delivery of scalable,

customer-specific solutions for the transportation

sector across Germany and Benelux".

In particular, it will open up new opportunities

in the smart moblility sector, where Arcobel has

more than five decades' experience.

Bart Meesterburrie, senior channel manager at

Advantech, comments: "Our goal is to deliver

cutting-edge technologies to meet the demands

of the modern transport sector. The appointment

of Arcobel as a channel partner helps us achieve just that." Adds Douwe Schoenmakers,

managing director of Arcobel: "This is a major development for us as we partner with a

company recognised as a global leader in IoT intelligent systems and embedded platforms."

SONICWALL EXPANDS CYBERSECURITY SOLUTIONS

SonicWall has introduced nine new firewalls as part of

its Generation 8 portfolio. This announcement, says the

company, underscores SonicWall's complete commitment

to delivering integrated cybersecurity solutions that address

today's threat landscape from the endpoint to the local

network to the cloud.

"We're not just delivering a new set of high-performance

firewalls; we're preparing our partners and their customers for

the latest threats and market requirements," says Bob VanKirk,

president and CEO of SonicWall. "Our new firewall line-up is

just one part of a broader, unified platform strategy."

Douwe Schoenmakers, Arcobel

(left) with Bart Meesterburrie,

Advantech.

Bob VanKirk.

6


What if there was a way to

Adapt to all Email

Security threats...

Libraesva integrates cloud email and a secure email gateway with our unique

adaptive trust engine to provide award winning protection.

Layered security defends your business against spam, malware, phishing, email

fraud, spoofing, zero-day threats, account takeover, social engineering, business

email compromise, inadvertent disclosure of sensitive information and more.

Test your security for FREE with our Email Security Tester

emailsecuritytester.com

libraesva.com

news...news...news

Spencer Starkey.

CONFIDENCE IN OPERATIONAL RESILIENCE QUESTIONED

SolarWinds' 2025 IT Trends Report demonstrates the rising Sascha Giese.

confidence in operational resilience amongst European IT

leaders, but also highlights that day-to-day issues continue to

drain time and resources. Despite their optimism, the data

suggests that much of this confidence could be superficial.

In the UK, 44% of IT leaders spend a quarter of their working

month resolving critical issues and service disruptions.

Sascha Giese, tech evangelist at SolarWinds, comments:

"Teams are dedicating real budget and effort to resilience,

but many remain trapped in reactive mode. "Technology alone

cannot solve problems - it needs people with the knowledge

and expertise, plus investment, to be able to succeed."

'OPEN WINDOW' TO

CYBER-ATTACKS FEAR

Microsoft's U-turn on its plans to kill off

Windows 10 in October might seem like

good news, but it has been slammed for

leaving roughly 250 million users stuck

on legacy hardware and vulnerable to

cyberattack. The UK's National Cyber Security

Centre (NCSC) has also issued a stark

warning: devices running Windows 10 are

now "fundamentally vulnerable to attack".

States Spencer Starkey, executive VP EMEA

at cybersecurity firm SonicWall: "Cybersecurity

arrangements must be agile and

constantly updated to keep up with the

evolving threat landscape. Cybercriminals

are constantly developing new tactics,

techniques and procedures (TTPs) to exploit

vulnerabilities and bypass security controls,

and companies must be able to quickly

adapt and respond to these threats.

"This requires a proactive and flexible

approach to cybersecurity, which includes

regular security assessments, threat

intelligence, vulnerability management and

incident response planning. It also requires

ongoing training and awareness programs

to ensure that employees are aware of

the latest threats and best practices for

cybersecurity," adds Starkey.

JAILBREAK ALERT

Zimperium is warning organisations about the growing

risks posed by rooting and jailbreaking tools, which

continue to expose mobile devices to severe security vulnerabilities.

These tools, often developed by independent

developers without proper security oversight, enable

unauthorised access to mobile systems and can be exploited

by cybercriminals.

Zimperium's research has highlighted how modern rooting

frameworks, such as KernelSU, APatch and SKRoot, can often

bypass traditional security measures, giving attackers deep

access to compromised devices. "These vulnerabilities put

millions of users at risk, as attackers can exploit them to steal

sensitive data or take full control of compromised devices," advises Nico Chiaraviglio, chief

scientist at Zimperium.

EYES ON DELINEA IRIS AI

As organisations face mounting pressure to secure every

human and machine identity across increasingly complex

hybrid environments, traditional tools are failing to keep pace

with today's sophisticated threats and compliance demands.

Delinea's Iris AI has been released in response to this, the

company states, addressing such challenges by putting IT and

security teams in control, enabling them to create a resilient

identity security architecture.

Says Phil Calvin, chief product officer at Delinea: "This launch

reinforces Delinea's mission to provide a smarter, faster, more

efficient way to adapt to changing identity risks."

Nico Chiaraviglio.

Phil Calvin.

8


2025 CS Awards

CAST YOUR VOTES NOW!

THE COMPUTING SECURITY AWARDS 2025 ARE ALMOST UPON US. THIS IS YOUR

LAST CHANCE TO VOTE FOR THE FINALISTS YOU FEEL SHOULD TAKE THE LAURELS

The Computing Security Awards 2025

are only a matter of few weeks away…

with the Awards ceremony taking place

in central London on 9 October. And there is

already a buzz in the air as the countdown

commences to these industry landmarks.

The Computing Security Awards play a

crucial role across the cyber security industry

in recognising - and commending - those

companies, products and services that

protect the critical digital infrastructure of

organisations around the world.

Since 2010, the industry has come together

each year to celebrate the success of their

peers and their solutions at these Awards.

They are a major occasion in our industry's

calendar. And as the many challenges that

industry faces continue to grow - and

organisations everywhere look to our industry

for the solutions that will help to keep them

protected - 2025 promises to be the biggest

Awards celebration yet!

MAKE YOUR OPINION COUNT

The good news for our readers is that you

still have time to vote for the companies,

products and services that you feel most

deserve to be recognised as the winners in

their categories. But hurry! Voting closes on

1 October. Click here to cast your votes now!

10


2025 CS Awards

THE CATEGORIES -

COMPUTING SECURITY AWARDS 2025

EMAIL SECURITY SOLUTION OF THE YEAR

ENDPOINT SECURITY SOLUTION OF THE YEAR

INCIDENT RESPONSE & INVESTIGATION SECURITY SERVICE PROVIDER OF THE YEAR

NETWORK SECURITY SOLUTION OF THE YEAR

ENCRYPTION SOLUTION OF THE YEAR

ADVANCED PERSISTENT THREAT (APT) SOLUTION OF THE YEAR

DLP SOLUTION OF THE YEAR

COMPLIANCE AWARD - SECURITY

RISK MANAGEMENT SOLUTION/SERVICE PROVIDER OF THE YEAR

AI SECURITY SOLUTION OF THE YEAR

IDENTITY AND ACCESS MANAGEMENT SOLUTION OF THE YEAR

SECURE DATA & ASSET DISPOSAL COMPANY OF THE YEAR

CLOUD SECURITY SOLUTION OF YEAR

MOBILE SECURITY SOLUTION OF THE YEAR

PENETRATION TESTING SOLUTION OF THE YEAR

BREACH AND ATTACK SIMULATION SOLUTION OF THE YEAR

SECURITY SOFTWARE SOLUTION OF THE YEAR

SECURITY HARDWARE SOLUTION OF THE YEAR

SECURITY EDUCATION AND TRAINING PROVIDER OF THE YEAR

THREAT INTELLIGENCE AWARD

SECURITY RESELLER OF THE YEAR

SECURITY DISTRIBUTOR OF THE YEAR

ENTERPRISE SECURITY SOLUTION OF THE YEAR

SME SECURITY SOLUTION OF THE YEAR

INDIVIDUAL CONTRIBUTION TO CYBER SECURITY

CYBER SECURITY CUSTOMER SERVICE AWARD

SECURITY SERVICE PROVIDER OF THE YEAR

BENCH TESTED PRODUCT OF THE YEAR

SECURITY PROJECT OF THE YEAR

NEW PRODUCT/SOLUTION OF THE YEAR

EDITOR'S CHOICE

ONE TO WATCH SECURITY - PRODUCT

ONE TO WATCH SECURITY - COMPANY

SECURITY COMPANY OF THE YEAR

www.computingsecurity.co.uk Sept/Oct 2025 computing security

@CSMagAndAwards

11

artificial intelligence

RAGE OF THE MACHINE

ARE WE NEARING THE POINT WHERE MACHINES DON'T JUST MISHANDLE DATA, BUT

ACTIVELY WEAPONISE THEIR OWN OUTPUTS IN OBEDIENCE TO AN ATTACKER'S REQUEST?

Jurgita Lapienyte, Cybernews: this is the

birth of self-weaponising content - data

generated by AI that doubles as its own

intrusion vector.

When Cybernews security researchers

tricked Lenovo's chatbot 'Lena' into

coughing up session cookies and

happily executing malicious code, they

revealed what may become the defining

security problem of the AI age, suggests chief

editor Jurgita Lapienyte. "Machines that don't

just mishandle data, but actively weaponise

their own outputs in obedience to an

attacker's request."

The headlines may call this a case of 'XSS

returning from the grave', but that misses the

bigger issue she argues. "AI has revived not

just dormant vulnerabilities, but a whole class

of threats we once thought the industry had

left behind. Rather than a simple revival of

Cross-Site Scripting from the mid-2000s,

Lena exemplifies a new paradigm: AIgenerated

attack vectors, carried out not

through adversarial brilliance, but through

the model's uncritical compliance."

Traditionally, an attacker writes malicious

code and injects it into a vulnerable system.

Here, the chatbot itself was the author of the

malicious payload. It crafted the code under

the guise of serving the user. "That's a subtle

but dramatic shift," says Lapienyte. "Attackers

no longer have to hide their exploits inside

obscure data fields or uploaded scripts. They

can simply ask an AI system to produce the

exploit for them. The LLM is now a collaborator

in its own compromise."

This is the birth of what she describes as

"self-weaponising content: data generated

by AI that doubles as its own intrusion vector,

not because the AI is 'evil', but because it

has no concept of safety". And she adds:

"This phenomenon might extend beyond

chatbots - think AI agents writing emails

with hidden payloads, or AI-generated

documents containing embedded scripts

delivered downstream to unsuspecting

enterprise users."

THE WORM MIGHT TURN

The Lena attack chain resembled the early

2000s era of computer worms - where

malicious code spread from one machine

to another at network speed, no human

intervention required. Here's the parallel:

Lena generated HTML + payloads

That output compromised the user's

browser and it persisted in the conversation

history

When a human support agent

reopened it, the malicious code executed

again, stealing their session cookies.

"In other words," points out Lapienyte, "the

AI acted like the worm's first infected host.

By politely answering questions, it also

planted malicious instructions that could

spread inside Lenovo's systems. Tomorrow,

AI-powered helpdesks across industries may

unwittingly serve as the launching pad for

worm-like propagation inside businesses.

The next big worm might not be delivered via

email attachments - it might be co-authored

by a 'helpful' AI tool in a support chat."

WELCOME TO THE 'WILD WEST'

Concerns about AI and what it might be

capable of facilitating against the best

interests of those who are using it, or those

they engage with, are growing. And it is the

speed with which this is happening that is

particularly concerning.

Dave McGrail, head of business consultancy

at Xalient, says that, throughout his career,

he has seen a few technology hype cycles,

but describes the current rush into AI as

unprecedented. "A large majority of global

employees now use AI tools in some capacity

to boost productivity and creativity. However,

just a small fraction of companies has established

any formal AI usage policy. This means

12



millions of workers are integrating AI chatbots

and generative tools into workflows

with virtually no guardrails. The result is a

Wild West of data sharing and automation,

where convenience is stamping out compliance.

"

In the absence of proper governance,

organisations are already suffering the

consequences, he adds. "Recently, hackers

breached a popular AI chatbot service,

exposing thousands of user chat logs, along

with credentials and API keys buried in those

conversations. This kind of data leakage can

be catastrophic to a business, in terms of

potential regulatory penalties and damage

to brand reputation. There are a growing

number of poorly secured chatbots being

used against their owners. Meanwhile, cybercriminals

are exploiting the AI boom with

a fake 'ChatGPT' browser plugin which stole

login credentials [over 4 million in one haul]

from users drawn in by the AI craze. These

incidents, spanning data leakage to credential

theft, highlight the breadth of threats when

AI is adopted without oversight."

The common thread here is that uncontrolled

use magnifies security gaps," states

McGrail. "Organisations must proactively

bring AI usage out of the shadows. This

starts with clear internal policies and training

on what data employees can feed into

AI systems and which tools are approved.

Unsanctioned AI tools should be treated

as the new shadow IT and be subject to

the same scrutiny as any unscreened app

or cloud service. Technical controls to monitor

and restrict sensitive data going into AI

queries should be implemented, and vendor

security due diligence ensured to capture

and treat risk for any AI platforms. "

Fortunately, he adds, guidance is emerging,

with frameworks such as the NIST AI Risk

Management Framework and ISO/IEC

23894:2023 (AI risk management guidance)

offering blueprints for governance and controls.

"At a time when AI innovation and

adoption is outpacing most company

compliance and governance playbooks,

a thoughtful, accountable AI governance

program should be viewed as a business

imperative, rather than a burden.

"The companies that pair enthusiasm for

AI with strong security and ethical guardrails

will not only avoid the next headline-making

breach, but also build the trust needed to

fully realise AI's promise."

PERFECT STORM

Meanwhile, IT leaders are said to be bracing

for a "perfect storm" in cybersecurity, as AI

and quantum computing converge. AIenabled

attacks are already overwhelming

defences, from deepfake phishing to selflearning

malware," reports Sectigo.

"The arrival of practical quantum computing

threatens to unravel decades of cryptographic

safeguards, exposing sensitive data. This dual

front could redefine the security landscape,

forcing organisations to rethink how they

protect both present and future operations."

Adds Jason Soroko, leading voice in quantum

and senior fellow at digital certificates

company Sectigo. "In topics of AI and

quantum computing, it's absolutely no

different than the analogy of why we had

an Apollo project. Every country or group

of countries need to have this technology

at the same time as all of their adversaries

or competitors. To not have a powerful

quantum computer or sovereign AI puts

you at extreme disadvantage. It's a modern

Space Race."

Both AI and quantum can be categorised as

being threats, states Soroko, but clearly both

are also extreme opportunities, depending

on whose hands they're in. "For quantum,

the threat is very clear, in that threat actors

can factorise today's quantum cryptographic

algorithms. The threat is right now; anything

transmitted currently with today's algorithms

is vulnerable.

AI threats are multi-faceted, he points out.

"You can have automation used against you;

you can also utilise AI. The security aspect of

AI is yet to catch up with the innovation of

deploying AI-enabled threat actor tools. With

AI, the problem is spread even wider, but it's

not so fundamentally terrifying as having all

of your cryptography unravelling."

RAPID ADOPTION

AI adoption is growing rapidly and not just

among tech giants. A recent survey carried

out by JumpCloud found that 33% of IT

professionals say AI is having more impact

than they initially expected. "SMEs, often

without large budgets or in-house AI teams,

are increasingly accessing AI through SaaS

platforms," states Chase Doelling, the

company's principal strategist & director.

But with accessibility comes responsibility.

"While AI unlocks productivity and efficiency,

SMEs face real risks: bias in automated decisions,

data exposure, lack of transparency and

compliance challenges. As regulations like

GDPR evolve, and with 76% of consumers

more likely to trust ethical AI use, SMEs can't

afford to ignore governance."

Responsible AI governance should rest on

four key principles, Doelling argues, namely:

Visibility: "You can't govern what you

can't see. SaaS management platforms

(SMPs) give SMEs oversight of which

tools are in use, what data they access,

and who controls them, essential for

risk assessments, audits, and compliance."

Simplicity: "Governance doesn't have to

be complex. Choose tools with intuitive

interfaces, clear documentation and

built-in automation to reduce friction.

Simplicity helps embed responsible

practices into everyday workflows."

Accountability: "Assign clear ownership

for every AI tool. Internal owners should

oversee performance, escalate concerns

and document decisions. Audit trails

and activity logs support transparency

www.computingsecurity.co.uk @CSMagAndAwards Sept/Oct 2025 computing security

13


Chase Doelling, JumpCloud: responsible

AI governance should rest on four key

principles.

Martin Sweeney, Ravelin: company survey

reveals artificial intelligence is now an

established fraud tool.

and continuous improvement."

Privacy & Security: "AI governance must

meet security expectations. Ensure vendors

comply with data protection laws,

use encryption enforce strong access

controls, and have up-to-date certifications.

Recent breaches in the UK underscore

how vital it is to secure SaaS environments."

And he adds: "SaaS may be the fastest route

to AI, but unmanaged use invites risk. SMEs

can take a structured, proactive approach by

mapping their AI landscape, assessing vendor

practices and using SMPs to centralise governance.

Responsible AI isn't just a regulatory

checkbox, it's a chance for SMEs to build

trust, differentiate and futureproof their

businesses."

NEW WAVE OF THREATS

While online fraud for companies has long

been synonymous with payment fraud and

account takeovers, a new wave of threats is

gaining ground led by first-party chargeback

fraud, refund abuse, and, increasingly, AIpowered

attacks. Nearly half of merchants

(47%) now report a rise in fraud perpetrated

by known customers.

These are the findings of Ravelin's annual

Global Fraud Survey 2025, which paints

a picture of escalating fraud. Fraudulent

chargeback requests filed by cardholders

who are misrepresenting the truth in order

to gain money or items for free have now

become the second most costly type of

fraud, just behind online payment fraud,

which uses stolen or cloned cards and is

generally perpetrated by criminals.

The Ravelin survey also reveals artificial

intelligence is now an established fraud tool.

Almost two-thirds (65%) of merchants are of

the belief they have already been targeted by

AI-enabled fraud, which can include criminals

leveraging synthetic identities and AI-generated

phishing attempts.

Concern is remarkably widespread: 92% say

that they are worried about AI being used to

defraud their business, with nearly half of

respondents revealing that they are "very

concerned". However, the level of concern

and activity has not markedly changed since

last year, suggesting that, while AI-facilitated

fraud is serious, it is not escalating at the

same pace as other types of fraud.

"Today, merchants are navigating a more

nuanced threat landscape," comments

Ravelin CEO Martin Sweeney. "However, this

complexity does not mean merchants are

powerless. In fact, companies already have

the first thing they need to take action: their

own data. By better understanding the

individuals behind each transaction - what

constitutes normal behaviour for them and

what does not - they can respond more

confidently with much more precision."

This also enables them to deliver a great

shopping experience to legitimate customers,

without obstacles and friction, he maintains.

"Fraudsters will be blocked, but those who

fall in between, including opportunists and

casual abusers, can be rehabilitated back

into good customers."

The key, he says, is not to treat everyone the

same. "With the help of artificial intelligence,

machine learning and automation, merchants

can use data effectively to make smarter

and fairer decisions."

The report reveals that marketplaces as a

sector have been hit the hardest, with 69%

reporting a significant rise in fraud volume.

Travel and retail are not far behind, while

digital goods companies also face intensifying

threats, particularly from account

takeovers and refund abuse.

Regionally, Canada (28%) and the USA

(18%) reported the most severe increases in

fraud, followed closely by Brazil and Mexico.

UK merchants are also feeling the pressure,

with 14% reporting a significant rise in fraud.

14


Layers aren’t just for cakes; they’re

essential in cybersecurity’s secret

recipe for protection!

Bake it happen with VIPRE Security Group. Secure your

bytes before you take a bite with Email Security, Endpoint

Security and User Protection

www.vipre.com

inside track

THE ROLE OF INDUSTRY COLLABORATION

IN THE SHAPING OF CYBER SECURITY

COMPUTING SECURITY HAS BEEN TALKING TO MARK HENDRY, PARTNER AND CYBER RISK SPECIALIST

AT S&W, A LEADING TOP 10 UK ACCOUNTANCY FIRM, FOR HIS INSIDE VIEWS ON MANAGING CYBER RISK

Computing Security: Why is

collaboration across industries

so critical in tackling cyber risks?

Mark Hendry: First of all, it's important

to highlight that collaborating amongst

adversaries is happening. Threat actors

are working together in increasingly

sophisticated ways - eg, Initial access

brokers gain footholds in networks and

pass or sell access to others who escalate

privileges, then hand off to specialists

in exfiltration or extortion.

It's like a relay race of cybercrime,

operating like a business with training,

scripts and customer support. It's global,

constant and indifferent to sector

boundaries. I think that shows that, unless

Mark Hendry,

S&W

cyber defenders across government, law

enforcement and industry collaborate

to a similar extent, we're handing an

advantage to those who seek to do

us harm. We need to match their

coordination for mutual defence.

CS: What role do industry bodies play

in shaping cyber information-sharing

practices?

MH: Industry bodies have been really

effective in influencing legislation around

operational, tech and data risks, and have

helped to develop practical guidance on

implementation. That said, there's still

progress to be made on how they help

share intel. Some information-sharing

models show promise: eg, Information

Sharing and Analysis Centres [ISACs] offer

structured, sector-specific collaboration,

helping organisations to share threat

intelligence and coordinate responses in

a safe way. However, geographic coverage

and participation vary; future expansion

of ISACs and similar initiatives could have

a real positive impact.

CS: What would you identify as some

of the biggest barriers to effective

collaboration in cyber security?

MH: Trust is a major barrier. Organisations

worry about reputational

risk or regulatory exposure when

sharing sensitive information.

Then there's cost, time, and

effort. Collaboration takes

resources, the benefits are

long-term and collective,

while the costs are

immediate and individual. Finally, instinct

plays a role. Many organisations default

to handling things alone. Changing that

mindset takes leadership and a few positive

experiences that prove collaboration works.

CS: Can you share any examples where

collaboration has made a tangible impact?

MH: An interesting example of how it can go

awry is that, when intel about threat actor

behaviour was shared by a global intel

company in public webinars, those actors

quickly adapted their techniques showing

they were monitoring the sessions and

adapted to make themselves more effective

attackers. A more positive example is the

response to the cross-sector attacks by the

group known as 'Scattered Spider'. ISACs

from various sectors and a number of

national agencies collaborated and published

joint mitigation guidance. That helped all

organ-isations understand and defend

against the group's tactics. A great example

of coordinated defence.

CS: What are your key takeaways for

organisations looking to engage more

collaboratively in cyber security?

MH: Start with purpose. Know what you're

trying to achieve and why it matters. Build

trust through transparency and reciprocity;

you might take more than you give to start

with, that's fine. Use existing frameworks

and groups, rather than creating new ones.

Be patient, but persistent. Collaboration is a

long game, but it builds the type of resilience

that no single entity can achieve alone.

For more information, go to: swgroup.com

16


Technology, Data, and Cyber Security

Broken systems

CAN be fixed

We combine digital, cyber and operational expertise to turn

your data into insights and risks into rewards. Let us unlock the

potential of technology to power your success.

Discover what the power of ‘can’ could do for you at swgroup.com

email security

FILTERING OUT THE BAD STUFF

WHY IT'S TIME FOR EMAIL SECURITY TO EMBRACE A SMARTER, PRIVACY-FIRST APPROACH

Zachary Travis, Fortra: by the time blocking

rules and security have been built up around

a threat, attackers have cashed out, moved

on to a new scam and the cycle repeats.

Cybercriminals are constantly

attempting phishing campaigns or

using nuanced attacks, like social

engineering tactics, to trick users into giving

away valuable information or login credentials.

Lack of appropriate training or email

filters can lead to compromised email

accounts, data breaches and malware

infections. Email filtering automates the

process of analysing, categorising, and

managing incoming and outgoing email

messages, based on predetermined security

and business criteria.

As Zachary Travis, security operations

manager, Fortra, points out: "Email scams

and threat actor tactics are constantly

evolving. By the time blocking rules and

security have been built up around a threat,

attackers have cashed out, moved onto a

new scam and the cycle repeats. Traditional

email security measures can't account for

100% of threats and the use of AI to create

convincing scam emails has changed the

game."

Is it possible to predict what the next

threat style will be and stay ahead of

scammers? "No, probably not with 100%

accuracy. We can, however, study past

threats, familiarise ourselves with common

scam elements employed by attackers and

train employees to recognise them."

Email threats are not limited to phishing

and malware, but also include scams like

419, Vishing, Business Email Compromise

(BEC), Job Scams, Docu-phish, RECON

emails etc, he adds. "Most scam types have

things in common, such as a sense of

urgency, an unfamiliar sender, a subject

that seems overly friendly or a request to

provide data or perform an action. In that

regard, analysis of such emails is mostly

routine. The sender email address and

domain are heavily analysed for legitimacy,

the content of the subject and body are

used to decide on a scam classification

and any IOCs [URLs, email addresses, payloads]

are logged and used to improve

filter and blocking."

Email blocking software and regex rules

can only take you so far, states Travis.

"Scam emails utilise a myriad of antiblocking

techniques to reach their targets.

Scammers don't just send emails; they

actively work to bypass defences. Something

as simple as adding randomised reference

numbers or timestamps to subject lines can

help emails slip past filters. More advanced

methods hide payloads in nested email

attachments, embed malicious code with

base64 encoding or obfuscate links and

scripts. Every trick is designed to evade

detection just long enough to reach the

inbox." In the age of AI, he says, a scammer

can code a bot with an integrated LLM

(Large Language Model) that can craft

flawlessly legitimate-looking corporate

emails effortlessly and then blast them out

to thousands of potential victims.

"The solution for modern email threats is

layered. Spam filters and blocking rules

remain essential, especially for known

threats. But for new and emerging scams,

there's no substitute for human analysis.

A skilled analyst can dissect an email,

recognise subtle patterns and feed that

intelligence back into security systems.

Machines can catch yesterday's scams;

humans are what keep organisations ready

for tomorrow's."

Email remains a primary attack vector

for cybercriminals, and understanding

and mitigating email-based threats has

become critical to preventing financial loss,

maintaining reputation and business

continuity, comments Danny Howett,

technical director - digital forensics and

incident response, CyXcel.

"Modern phishing campaigns have evolved,

with threat actors leveraging AI to generate

convincing phishing emails and bypass

traditional detection methods. Unsuspecting

users are often redirected to spoofed

websites that closely replicate legitimate

global brands, intent on credential harvesting

or financial fraud, with pre-made sites

readily available to threat actors on dark web

markets. Attackers continue to exploit

psychological triggers, expressing urgency,

authority and curiosity to influence

recipients."

Typically, email attacks will fall into either

financially motivated attacks, such as

payment diversions, or attacks intent on

18


email security

exposing personal information or passwords,

which can be sold, or used to

propagate further attacks, Howett adds

"However, Business Email Compromise is

a gateway for other actors who may have

ideological or political motivations, or are

using it as a tool for corporate or economic

espionage, seeking sensitive business

information, strategic plans or intellectual

property."

To help protect from email-based attacks,

organisations must implement protocols

to verify sender authenticity and prevent

spoofing, he says. "These foundational

security measures [see below] can greatly

reduce spoofing when properly configured."

SPF: specifies authorised mail servers

for a domain via DNS, enabling recipients

to verify if an email's sending server

is permitted, helping prevent spoofed

emails by checking the email's origin

DKIM: adds a cryptographic signature

to outgoing emails to verify message

integrity and domain authenticity, ensuring

emails are not altered in transit

DMARC: enforces policies for handling

emails failing SPF/DKIM checks, aligns

sender domains and provides reporting

to domain owners, controlling actions

against suspicious emails like quarantine

or rejection.

"Even when spoofing measures are

enforced, modern email security requires

solutions that combine behavioural analysis,

machine learning and real-time threat intelligence

to identify and prevent threats. In

addition, multi-factor authentication should

be enforced on all accounts, reducing a

threat actor's capabilities, even if passwords

were inadvertently exposed."

Howett points a finger at human error as

the primary source of security breaches still

and argues in favour of comprehensive

security awareness training, with regular

phishing simulations, training on how to

identify phishing emails and a clear, simple

escalation pathway to notify IT departments

of suspicious activity. "Effective email security

requires a comprehensive approach, combining

advanced technology, robust protocols

and ongoing user education to defend

against increasingly sophisticated AIenhanced

threats."

FILTERING OUT THE FOE

Email remains the most exploited attack

vector, emphasises Paolo Frizzi, CEO,

Libraesva, and while the threat landscape

continues to evolve, the fundamentals

remain: "Attackers exploit human trust,

technical blind spots and gaps in detection.

The sophistication of modern phishing,

business email compromise [BEC] and

social engineering campaigns means that

traditional filters - once sufficient - now

need a complete rethink."

Filtering 'bad stuff' is no longer just about

catching spam or known malware signatures,

he says. "Today, it's about understanding

intent. Many phishing emails look

[and feel] legitimate, even coming from

large and well-known brands. They use wellcrafted

AI content, micro-manipulations,

and legitimate infrastructure abuse. Rulesbased

systems miss attacks when no obvious

violations exist - they can't detect malicious

intent hidden within perfectly formatted,

grammatically correct communications."

This requires layered detection that

combines content analysis, behavioral

modelling and relationship context, Frizzi

points out. "The best semantic analysis tools

don't just scan for suspicious words or

patterns-they interpret the meaning and

purpose behind a message, to spot even

the most convincing social engineering

attempts."

Equally important, he continues, is the

ability to detect and neutralise evasive

tactics. "Attackers increasingly hide malicious

content in links that only activate after

Neil Langridge, e92plus: the dangers of

outbound email are just as significant as

in-bound.

Paolo Frizzi, CEO, Libraesva: traditional filters

- once sufficient - now need a complete

rethink.


19

email security

delivery or in documents that trigger

harmful actions on the endpoint. Actively

visiting web destinations at click-time to

identify cloaked or obfuscated phishing

sites and real-time sanitisation of email

attachments to remove active malicious code,

while preserving legitimate content - without

sending sensitive files to the cloud - are

critical for robust email security."

And here's where a new security

consideration becomes critical for privacyconscious

organisations. "Are emails

attachments or threat analysis routed

through any third-party clouds or Large

Language Models or entirely processed

locally? For maximum privacy, ensure no

sensitive content leaves your trusted

environment."

Finally, says Frizzi, security is not only about

technology, but also about the human

element. "Technical defences are significantly

stronger when combined with awareness

training and phishing simulations, giving

users the knowledge to pause, question and

report suspicious emails."

The reality is: email security today is a

constant arms race. "Filtering the 'bad stuff'

requires tools that evolve as quickly as the

threats themselves, while respecting the

privacy and autonomy of the organisations

they protect. At Libraesva, our philosophy is

simple: protect the inbox, empower the user

and never compromise on privacy."

INSIDER-DRIVEN BREACHES SOAR

Neil Langridge, marketing and alliances

director, e92plus, points out how the

statistics on email security are known to show

the danger of inbound phishing as the entry

point on a cyber-attack, but adds that the

dangers of outbound email are just as

significant. "Insider threats remain one of

the top cybersecurity risks for organisations,

with the latest Verizon DBIR [Data Breach

Investigations Report] revealing that insiderdriven

breaches increased by 45% in the past

year. While it's easy to assume malicious

intent for those breaches, the reality is often

simply negligent or accidental behaviour -

human errors that aren't typical malicious

behaviour, and so aren't easily identified by

cybersecurity products or policy rules."

The biggest challenge, he says, is that

accidental email data loss typically stems

from normal user behaviour, not malicious

patterns. "Such errors often do not exhibit

'anomalous' activity, such as unusual login

locations or exfiltration attempts, but are part

of every use: composing emails, accessing

shared documents or forwarding sensitive

information. Research from Proofpoint found

that 33% of employees send 1-2 misdirected

emails per year."

Understanding emails that also appear to

lack any of the usual warning signs around

phishing or containing malicious URLs can

also help prevent BEC. Losses due to Business

Email Compromise (BEC) surpassed $2.9

billion, according to the FBI 2023 Internet

Crime Report, and this is now one of the

biggest threats organisations face. "This

is due to the social engineering approach

that legacy security struggles with; again,

it's simple emails that are often to familiar

contacts or addresses, or on topics previously

discussed."

To address this, states Langridge, organisations

need to evolve their strategy and

ensure their technology stack covers data

loss through email, as well as protecting

against inbound threats. "That is both

through malicious insiders, leveraging

integrated DLP technology, but also using

AI to better understand workflows, behaviour

and company requirements to ensure that

a simple accidental email doesn't incur

significant loss and damage.

"Of course, security awareness training is

also an essential step, but accidental errors

will happen [the report by Proofpoint also

highlighted that 63% of CISOs claimed that

the leading cause of internal breaches was

human error, a number that had grown

nearly 50% in the previous 12 months. So,

with more intense time pressures, overflowing

inboxes and more data being exchanged

and shared than ever before, mistakenly

sending an email to the wrong person is

as easy as falling for a phishing link - so

supporting employees for both scenarios is

essential."

Email remains a cornerstone of organisational

communication, enabling seamless

collabor-ation and the exchange of sensitive

inform-ation, says Rick Goud, co-founder and

chief innovation officer, Zivver, in his foreword

to the company's 'Email Security Trends 2025'

report. "However, we have observed a critical

disconnect between the rapidly growing

compliance requirements related to email

and the development and adoption of the

necessary robust security measures. While

much attention has rightly focused on

combating inbound threats like phishing and

malware, the risks associated with outbound

email deserve equal consideration."

Misaddressed messages, unfit encryption

practices and accidental disclosures pose

challenges that can impact security, trust and

productivity, if not actioned. "The [report]

findings reveal that effective email security

should support - not hinder - the work of

employees. Security solutions should empower

users to operate safely and confidently,

seamlessly integrating into existing workflows

and unobtrusively leveraging suitable protective

measures as needed."

The Zivver report itself acknowledges how

compliance objectives rightly take the form

of internal company security policies; yet its

own findings indicate that, while 73% of

employees are aware of the security policies

pertaining to email, only 52% adhere to

them. This suggests, Goud says, that the

'silent threat' posed by email "isn't necessarily

a fault of a company policy, but how those

policies are adopted and governed".

20


product review

KEEPER SECURITY KEEPERPAM

Privileged access management (PAM)

is an essential cybersecurity strategy

that allows businesses to significantly

reduce their attack surface and Keeper

Security's KeeperPAM offers a sophisticated

solution for protecting access to critical

resources. This cloud-native platform applies

a zero-trust, zero-knowledge architecture

that actively controls, manages and monitors

access to privileged accounts, while

enforcing role-based policies and multifactor

authentication (MFA) across all

assets.

It applies automated credential rotation

for passwords, SSH keys and secrets - and

stores them in a hardened, encrypted cloud

vault. A standout feature is KeeperPAM's

privileged session monitoring, which

provides full keystroke and command

capture, along with visual replays. This

feature is invaluable for forensics analysis

and real-time threat detection by identifying

anomalous or risky activity patterns.

Deployment doesn't get any easier, with

Keeper Security claiming KeeperPAM can

be up and running in one hour. Only three

steps are required as you deploy the cloud

vault, hook it up with your existing identity

provider, create your first policy and install

the lightweight Keeper Gateway component

in each protected environment.

A key feature of the Gateway is it only

uses outbound connections with zeroknowledge,

end to end encryption (E2EE),

so you don't need to create any additional

inbound firewall rules. Management is

a breeze, as all KeeperPAM features are

accessed through a well-designed web

browser console.

You log in using your chosen identity

provider and options include biometric

verification support for native systems,

such as face ID and fingerprint scanners.

Resources are configured in your Keeper

Vault, which can be servers, applications,

databases, RDP sessions, Kubernetes

containers, plus DevOps CI/CD pipelines -

and KeeperPAM offers import tools for

multiple cloud services.

The discovery tool takes all the manual

labour out of importing complex Azure

environments. It finds all accounts and

assets, publishes them in your Keeper Vault

and automatically onboards new accounts

when they are created.

Roles define the permissions and administrative

capabilities for each end user, and

categories include login settings, session

timeouts and platform restrictions. This

allows administrators to strictly control

what users are allowed to access and to

apply the principle of least privilege to

eliminate unnecessary permissions.

Automated end user password rotation is

controlled by enforcement policies. These

are very versatile, as custom schedules can

use a calendar to automatically change the

resource password on specific days and

times, with additional granular control

options for rotation execution.

Users can instantly access permitted

resources from their personal Vault web

console, and the entire process is agentless

and clientless. All requests are handled

by the Gateway and zero knowledge is

assured, as the underlying credentials

are never exposed.

Along with password and secret management,

plus ZTNA to desktops, RDP, VNC and

tunnels, KeeperPAM offers remote browser

isolation. This provides secure access to

web-based applications and mitigates

threats by running sessions in a controlled

remote environment.

A valuable feature is the ability to securely

share resources. With one click in the vault,

users can share them with other KeeperPAM

users and teams or authorised external

vendors and contractors. There's more,

as KeeperPAM's advanced reporting and

alerting delivers complete visibility into all

activities, provides a detailed dashboard of

security events and its advanced logging

seamlessly integrates with all key SIEM

platforms.

The threat landscape is rapidly evolving

beyond the capabilities of legacy PAM

systems - and KeeperPAM offers a modern

solution for securing and protecting access

to on-premises, hybrid and cloud-based

infrastructures. It's incredibly easy to deploy

and to manage, is fully compliant with

a wide range of industry regulations and

Keeper Security's total price transparency

makes it a very affordable choice for

businesses of all sizes.

Product: KeeperPAM

Supplier: Keeper Security

Web site: www.keepersecurity.com

Sales: +353 21 237 5250


21

encryption

BEATING BACK AGAINST THE POST-QUANTUM THREAT

A NEW SET OF ENCRYPTION TOOLS DESIGNED TO WITHSTAND THE ATTACK OF A QUANTUM COMPUTER

HAS BEEN RELEASED. HOW VALUABLE A ROLE MIGHT THEY PLAY IN THE QUEST TO STAY SAFE?

David Trossell, Bridgeworks: quantum

computers can be used to compromise data

integrity and to weaken sure communications.

Quantum technology is advancing

rapidly and organisations risk falling

behind without a proactive strategy.

With such threats in mind, the National

Institute of Standards and Technology (NIST)

has released a set of encryption tools designed

to withstand the attack of a quantum

computer.

The new post-quantum encryption

standards are said to secure a wide range of

electronic information: from confidential

email messages to e-commerce transactions

that propel the modern economy. NIST is

encouraging computer system administrators

to begin transitioning to the new standards.

Is this the right path forward, though, and

are those standards the best solution?

POWERHOUSE - FOR GOOD AND BAD

David Trossell, CEO and CTO of Bridgeworks,

says the power of quantum computing has

the potential to manage, analyse and compute

vast volumes of data to revolutionise drug

discovery and development, while making

a substantial impact in areas such as:

Materials science in the aerospace

sector, at the atomic and molecular

level, in order to design new and

stronger materials

Financial modelling, whenever

complex calculations are required

for portfolio optimisation

To improve artificial intelligence

and machine learning performance

for more accurate data analysis

More efficient cyber-security.

Trossell quotes under secretary of commerce

for standards and technology and NIST

director Laurie E. Locasci, from the institute's

website: 'Quantum computing technology

could become a force for solving many of

society's most intractable problems, and the

new post-quantum cryptography standards

represent NIST's commitment to ensuring it

will not simultaneously disrupt our security.'

That is the rub. "Quantum computing could

be used by bad actors to attack encryption

methods, such as RSA and ECC," he stresses,

"rendering them obsolete by solving the

complex mathematical problems they depend

upon. Quantum computers can be used to

compromise data integrity and to weaken

sure communications." The impact of their

potential ability to decrypt sensitive data -

including military intelligence, financial

records and personal information - is huge,

Trossell states.

"Therefore, the National Institute of

Standards and Technology is right to take

appropriate action now. Over time, the new

tools and standards that are being offered

by NIST will need to evolve as the threats

change. In that sense, the institute is taking

the right path forward, but it's by no means

the final destination."

Organisations should therefore embrace

NIST's Federal Information Processing

Standards (FIPS) FIPS 203, Module-Lattice-

Based Key-Encapsulation Mechanism

Standard, FIPS 204, Module-Lattice-Based

Digital Signature Standard, FIPS 205 and

Stateless Hash-Based Digital Signature

Standards, insists Trossell, on the basis that

prevention is better than a cure. "Falling

behind is a very dangerous prospect for

national security and to organisations

more widely."

Are they the best standards for combatting

any post-quantum cybersecurity threats?

"That remains to be seen," he replies.

"However, the UK's National Cyber Security

Centre writes in its article, 'Next steps in

preparing for post-quantum cryptography',

how many nationals are investing heavily in

quantum computing, with the assumption

that the threats will be overcome. Encryption

is essential for data protection and data

security - including when data is sent over

22


encryption

a Wide Area Network [WAN] The trouble is

that traditional methods, such as WAN

Optimisation, cannot handle encrypted data

in flight, like WAN Acceleration can."

THE DANGER IS ALREADY HERE

While quantum computing promises

significant advantages over traditional

computing, we cannot ignore the looming

risk to digital security, argues Geethika Cooray

- vice president & general manager - identity

& access management, WS02. "The danger

is not theoretical or far off. Bad actors are

already engaging in a tactic known as

'Harvest Now, Decrypt Later' - collecting vast

amounts of encrypted data today, with the

expectation that quantum computing will

eventually give them the power to break

the cryptography protecting it. This means

that sensitive information, such as personal

health records, financial transactions and

government communications, could be in

hostile hands now, waiting to be unlocked."

Widely used algorithms, like RSA and ECC,

which protect everything from personal data

to authentication flows, could be broken

by a powerful quantum computer, he states.

"Recognising this, the National Institute of

Standards and Technology (NIST) has released

new post-quantum cryptographic (PQC)

standards designed to withstand such

attacks. These standards are intended to

protect a wide range of digital communications,

from e-commerce transactions to

government records and identity and access

management (IAM) systems that verify us

online.

"From an IAM perspective, the stakes

are high. Every login flow, authentication,

and token exchange rely on encryption and

digital signatures to ensure that the entity

requesting access is legitimate. If that

cryptography is compromised, attackers

could impersonate users, escalate privileges

or gain long-term access to critical systems.

In other words, the collapse of encryption in

IAM is not just a privacy risk, but a systemic

trust failure." Transitioning to PQC in IAM

environments is not as simple as updating

a certificate, cautions Cooray. "It requires

rethinking how cryptographic keys are

generated, stored and rotated, as well as

ensuring interoperability across federated

identity systems.

"Many organisations operate complex

identity ecosystems with multiple protocols

[such as OpenID Connect, SAML, OAuth 2.0]

and each must be adapted to leverage

quantum-resistant algorithms, without

breaking existing integrations."

A phased migration strategy is widely

considered effective for transitioning to PQC,

Cooray adds. "This typically begins with a

cryptographic inventory across the IAM stack,

followed by identifying critical identity verification

flows and prioritising high-risk assets

for PQC adoption. Hybrid approaches, where

PQC algorithms operate alongside current

standards, can support backward compatibility,

while enabling gradual adoption.

Building crypto agility is also key to ensuring

security standards can adapt and evolve by

swapping or upgrading algorithms, without

disrupting systems. Equally important is

collaboration with partners and vendors to

ensure alignment of protocols and key

management practices."

INFRASTRUCTURE UPGRADE

NIST's comprehensive approach to developing

post-quantum cryptography standards is

both timely and necessary, says Sam Peters,

IO (formerly ISMS.online), as it addresses the

future risks posed by quantum computing.

These standards are a crucial step toward

helping organisations to better prepare for

the future. "Among the most promising

innovations to support these standards are

lattice-based cryptographic schemes, such

as CRYSTALS-Kyber for encryption and

CRYSTALS-Dilithium for digital signatures.

These algorithms offer a strong foundation,

due to their efficiency, strong security proofs

and resistance to known quantum attacks,

Geethika Cooray, WS02: highly sensitive

information could be in hostile hands now,

waiting to be unlocked.

Rik Ferguson, Forescout: NIST's standards

represent today's best understanding, but

they are not the final word.


23

encryption

providing confidence in the resilience of the

new standards. However, while the transition

to quantum-resistant encryption

standards is essential, it is not without its

challenges, he adds, as many organisations

operate on legacy systems that were not

built with quantum threats in mind and,

therefore, a substantial infrastructure

upgrade will be required.

"Upgrading these systems will require

significant time and investment, making

it essential for organisations to begin the

transition process early," advises Peters.

"Organisations transitioning to postquantum

encryption will likely need

to implement hybrid systems which

unite traditional and quantum-resistant

algorithms to protect against risks, while

preserving operational continuity. This

allows businesses to maintain security

and compliance in the short term, while

gradually adapting to the new standards."

By leveraging existing frameworks that

they are already using, such as ISO 27001,

organisations can integrate post-quantum

encryption into their security architecture

with minimal disruption and not disturb

their compliance efforts. "This approach

allows companies to manage short-term

implementation challenges, while also

keeping a strategic focus on long-term

cybersecurity resilience. Incorporating

quantum-resistant encryption as part of an

ongoing risk management strategy enables

organisations to handle both current and

future security threats more effectively."

Although the quantum threat may still

be several years away from materialising,

organisations that take a proactive

approach now ensure readiness for the

inevitable changes to future encryption

standards, regulatory requirements and

security demands." Ultimately, adopting

post-quantum encryption is not just about

mitigating future risks - it's also about

building a sustainable, forward-looking

digital infrastructure.

TRUSTED FOUNDATION

Richard Hall, AVP at DigiCert, believes that

adopting NIST's post quantum encryption

standards is absolutely the right path

forward. "The threat posed by quantum

computing is no longer theoretical and the

timeline for its real-world impact is shrinking

rapidly. Organisations must act now to avoid

a future in which sensitive data stolen today

could be decrypted by quantum capable

adversaries tomorrow. This is not just a

technical concern. It is a long-term business

and national security risk."

The algorithms selected by NIST, including

ML KEM and ML DSA, represent the culmination

of years of global collaboration and

rigorous cryptographic analysis, he points

out. "They offer a trusted, standardised

foundation for securing everything from

financial systems and healthcare records to

government communications and national

infrastructure. These are not simply the best

algorithms currently available. They are the

result of an open and transparent vetting

process that reflects broad industry

consensus," says Hall.

CRYPTO-AGILITY

That said, the transition to post quantum

cryptography is far from straightforward, he

adds. "It demands genuine crypto-agility, the

adoption of protocols such as TLS 1.3 and

thorough performance validation across a

wide range of systems and environments.

Organisations must begin by auditing their

cryptographic inventories, testing quantum

safe implementations in real-world conditions,

and modernising infrastructure to support

secure and future ready operations.

"Waiting for regulation is not a sustainable

strategy. Migration will take years, and those

who delay risk exposure, disruption and

long-term reputational damage. Early movers

will gain not only resilience, but also a strategic

advantage, protecting their data, their

customers and their brand well into the

future." This growing sense of urgency is why

DigiCert launched World Quantum Readiness

Day last year, he adds, an initiative that returns

again this year. The event brings together

global experts to inspire action, and equip IT

and security leaders with the insights and

practical guidance they need.

"The surge in interest around this year's event

makes one thing clear: quantum preparedness

is no longer a theoretical conversation.

It is a business imperative. The path ahead is

clear and it begins with action today. The

longer organisations wait, the more costly

and disruptive the transition will become."

VISIBLE AND CLEAR

The right path forward begins with visibility,

states Rik Ferguson, VP of security intelligence

at Forescout. "Organisations need a clear

inventory of where cryptographic methods

are in use, what algorithms are protecting

what data and how long that data will

matter. Short-lived session tokens or web

traffic have minimal post-quantum risk. Longlived,

high-value data assets are a different

story altogether. Without this context, migration

efforts risk being misdirected and could

patch what looks vulnerable, instead

of what is strategically exposed."

Transitioning to quantum-safe cryptography

also requires agility. NIST's standards represent

today's best understanding, but they are not

the final word, he adds. "Enterprises should

be preparing for modular cryptography, key

rotation and the ability to replace algorithms,

as new research emerges. Hard-coded dependencies

and inflexible architectures will become

liabilities in the post-quantum era."

Perhaps most importantly of all, quantum

resilience is not just a mathematics problem,

it's a governance problem, states Ferguson.

"Poor key management, stale secrets and

lack of ownership already undermine many

cryptographic deployments today. Moving to

post-quantum standards without addressing

these fundamentals risks compounding

weaknesses, rather than resolving them."

24


security controls

TIME TO RETHINK THE FORTRESS MODEL OF SECURITY

THE OLD WAY OF MAKING A BUSINESS SAFE ISN'T WORKING ANY MORE, STATES SRINI ADDEPALLI, CTO, ARYAKA

The traditional security perimeter -

the virtual wall that once protected

a company's network - is gone, argues

Srini Addepalli, CTO, Aryaka. "It's been

replaced by a sprawling landscape of

users, devices and applications scattered

everywhere. Instead of trying to patch up a

crumbling fortress, businesses need a new

battle plan for a world where the 'office' is

anywhere and the 'network' is everywhere."

THE PROBLEM WITH 'ANYWHERE

TO ANYWHERE ACCESS'

Today's workforce is no longer confined to

a single office, he points out. "People work

from home, coffee shops and airports,

and they need seamless, secure access to

company resources. This creates a massive

challenge: how do you apply consistent

security policies when users and applications

are so widely distributed? Companies

are leveraging multiple SaaS services and

deploying their applications across multiple

clouds. This creates an 'anywhere to

anywhere' access pattern, meaning a user

from one location might need to access an

application hosted in a different cloud or

a SaaS service."

To secure this new reality, organisations

need a distributed security approach, he

says. Trying to route all traffic back to

a central data centre for security checks

is slow and inefficient. Instead, security

needs to be delivered from a global

network of Points of Presence (PoPs) or

'edges'. "By deploying security controls

close to where the users and applications

are, businesses can ensure that security

policies are applied with low latency,

providing a uniform, secure experience,

no matter where the user is located. This

move from a centralised to a distributed

model is crucial for keeping up with the

modern, flexible workforce and the multicloud

enterprise."

SECURING THE AI REVOLUTION

Another major challenge is the rise of

Generative AI and natural languagebased

interactions. "We're moving away

from traditional web-form transactions

to conversations with chatbots and AI

agents for everything from customer

service to e-commerce," Addepalli points

out. "Traditional security controls, which

are designed to inspect URLs and specific

data formats like JSON or XML payloads,

are becoming ineffective. These security

systems can't understand the context of

a natural language conversation, making

it difficult to detect malicious intent, data

leakage or policy violations.

The need for GenAI access security is

becoming a requirement, not a luxury.

We need a new class of security controls

that can analyse and understand natural

language traffic to protect sensitive data

and prevent abuse. Whether an employee

is using a public Large Language Model

(LLM) or an internal RAG (Retrieval-

Augmented Generation) system, the

same security guardrails must apply."

Without unified enforcement that can

secure these new types of interactions,

enterprises may well risk critical data

being exposed or compliance violations

occurring, he continues. "Ultimately,

securing the AI frontier requires a shift

in mindset and technology, moving

beyond inspecting traditional web

traffic to understanding the nuances

of conversational data."


25

APTs

LIVING OFF THE LAND

THE AVERAGE COST OF A DATA BREACH HAS FALLEN, BUT CYBERCRIMINAL

ATTACKS CONTINUE TO INCREASE IN SOPHISTICATION AND NUMBER

Advanced persistent threats (APTs)

usually breach organisations through

a wide variety of vectors, even in the

presence of adequately designed cyber

security strategies, warns IT Governance.

These might include:

Internet-based malware infection. For

example, email links or attachments,

phishing and file sharing

Physical malware infection. Such as

infected USBs, CDs and DVDs

Other means of external exploitation

and intrusion. Hacking, rogue Wi-Fi

penetration etc.

"As part of its responsibility for minimising

risk and maximising business opportunities

and return on investment (ROI), an organisation's

leadership needs to prioritise cyber

security," states IT Governance. "Effective

cyber security depends on coordinated

and integrated preparations for rebuffing,

responding to and recovering from possible

attacks. There is no single standalone solution

to cybercrime or APTs. By their very nature,

APTs are designed to evade standard security

controls."

One way to detect and deflect APTs, the

company suggests, is through Penetration

Testing. This involves the simulation of

a malicious attack on an organisation's

information security arrangements, often

using a combination of manual and

automatic methods and tools. "Regular

vulnerability scans and penetration testing

should be fundamental to any organisation's

monthly and quarterly security reviews," says

IT Governance. "These tests ensure that you

can identify and fix vulnerabilities and security

holes as quickly as possible, and that your

cyber controls are working as effectively as

they need to."

MASSIVE RISE IN ATTACKS

How wide scale is the issue? Advanced

persistent threats (APTs) have been detected

in 25% of companies, accounting for over

43% of all high-severity incidents, according

to the latest Kaspersky Managed Detection

and Response (MDR) analyst report. This

marks a remarkable 74% increase, compared

to 2023, and a 43% rise from 2022.

The report sheds light on the most prevalent

attacker tactics, techniques and tools, as well

as the characteristics of detected incidents,

and their distribution across regions and

industry sectors amongst MDR customers.

Despite advancements in automated

detection technologies, determined attackers

continue to exploit vulnerabilities and

circumvent these systems, states the company.

Notably, APTs were identified across every

sector, except telecommunications, with the

IT and government sectors bearing the brunt.

Moreover, incidents characterised as humandriven

attacks confirmed by customers as

cyber exercises comprised more than 17% of

total incidents. Additionally, severe violations

of security policies comprised approximately

12% of high-severity events, with malwarerelated

incidents also accounting for over

12%, predominantly affecting the financial,

industrial and IT sectors.

"In 2024, we observed a significant escalation

in Advanced Persistent Threats and this

alarming trend emphasises that, even with

advancements in automated detection,

determined human-driven attacks continue

to exploit vulnerabilities across various

sectors," says Sergey Soldatov, the head of

Security Operations Center at Kaspersky.

"Organisations must enhance their preparedness

and invest in comprehensive cybersecurity

strategies to counteract these

sophisticated threats."

SHAPE SHIFTING

Ian Robinson, chief product officer, Titania,

says that the nature of APTs has shifted from

smash-and-grab ransomware to long-term

stealthy compromise, using Living off the

Land (LOTL) tactics. "These adversaries, often

state-sponsored, aren't just stealing data,

they're embedding themselves to disrupt,

degrade or destabilise networks over time."

To defend against this level of sophistication,

organisations need to shift from reactive

threat chasing to proactive exposure management.

"That starts with understanding your

network's actual attack surface - not in theory,

but in practice," he advises. "Tools that provide

continuous visibility into configuration changes

across routers, switches and firewalls are

critical. A single misconfiguration can give

an attacker persistence for months."

Detection also hinges on comparing actual

versus intended network states, then crossreferencing

with threat intelligence and MITRE

ATT&CK techniques to identify potential

26


APTs

compromises. "It's no longer enough to lock

the front door," adds Robinson. "Security

teams need to know what's happening in

every room, at all times."

MATURING MENACE

Whilst historically APT has been synonymous

with Nation State level threat actors, points

out Gavin Knapp, cyber threat intelligence

principal lead at Bridewell, recently organised

cybercrime groups are reaching similar levels

of maturity, with respect to their tactics,

techniques and procedures.

"This means that both ideological and financially

motivated threat actors are targeting

organisations globally to pursue their own

specific agendas. Organisations therefore

require a defence in-depth approach that

assumes they will eventually be breached,

preparing and arming themselves with the

capabilities to respond and evict threat actors

before threats can achieve their objectives,

often resulting in data/IP theft, disruption,

extortion and espionage.

"Organisations need to impose additional

cost on threat actors targeting them. To

achieve this, foundational security controls

are a must and frameworks such as the CIS

Critical Controls provide a clear, prioritised

roadmap."

This says Knapp, includes the following:

Maintaining accurate asset and software

inventories, and addressing unauthorised

or non-compliant assets/software

Protecting your data through enforcing

data governance, management, retention

and disposal, robust access controls and

encryption of data at rest and in-transit

Secure configuration of assets, software,

accounts and user management

Robust access control, including user

lifecycle management, MFA and also

privileged users

Patching assets and software regularly

and managing vulnerabilities

Configuring audit policies and collecting

logs centrally, alongside email and

web protection controls

Maintaining up-to-date anti-malware

defences

Data recovery and backups, including

testing

Establishing a security awareness and

training programme

Managing third-party and supply chain

inventories, implementing acceptable

security policies and contractual clauses,

and establishing an incident response

plan with trained personnel.

"Once established, organisations must

continuously test controls to ensure they

remain effective. This can be achieved

through breach and attack simulation

(BAS) tools, penetration tests, and purple

team exercises that emulate real-world

threat behaviours."

Alongside foundational controls, several

other measures can be taken to raise costs,

preventing APT-level adversaries from

launching successful attacks, he continues.

"Organisations without internal capability

should consider an MDR provider experienced

in Microsoft, AWS and GCP. Phishing-resistant

MFA mitigates adversary-in-the-middle attacks

Conditional access policies incorporating

trusted devices, token protection and authentication

flows improve defences against

identity-based attacks. Application and code

execution restrictions help prevent initial

access and execution. Network segmentation

using firewalls and ACLs limits lateral movement

via common protocols, such as SMB,

RDP and SSH."

Additionally, proactive threat hunting is

key to identifying ambiguous behaviours or

anomalies," Knapp points out. "Deception

technology, such as fake services and users,

can act as effective tripwires. Insider risk

programmes, prioritised threat intelligence

and compromised credential monitoring all

contribute to early detection and strategic

resilience."

Gavin Knapp, Bridewell: organisations

need to impose additional cost on threat

actors targeting them.

Ian Robinson, Titania: the nature of

APTs has shifted from smash-and-grab

ransomware to long-term stealthy

compromise.


27

cyberspace race

THE BATTLE FOR OUTER SPACE

SAFEGUARDING SATELLITES IN A DIGITAL ORBIT HAS NEVER BEEN MORE CRUCIAL

As space becomes the next frontier for

innovation, exploration and commerce,

it's also becoming a new battleground

for cyber threats. From satellites powering

GPS and weather forecasts to missions

reaching deep into the cosmos, the systems

that make space operations possible are

increasingly vulnerable to hacking, interference

and espionage.

It's a mighty battleground, not least

financially. The global space cybersecurity

market was valued at USD 4.08 billion in

2024 and is projected to grow at a CAGR

of 11.24% from 2025 to 2034, driven by

increasing satellite launches and rising

defence-sector investments in secure space

infrastructure. With so much at stake, how

do you protect your most prized assets?

WHAT IS SPACE CYBERSECURITY?

Space cybersecurity is the protection of

space-based systems, such as satellites, space

stations and ground control infrastructure

from cyber threats. It ensures the confidentiality,

integrity and availability of data and

communications between space and Earth.

With increasing reliance on satellite services

for navigation, communication, defence

and finance, securing these systems against

hacking, signal spoofing, malware and other

digital attacks has become critical to global

security and stability.

INNOVATIONS AND STRATEGIES

IN SPACE CYBERSECURITY

As satellite networks grow and space missions

become more complex, the need for robust

cybersecurity measures is greater than ever.

Below are some of the key developments and

approaches that are shaping the future of

space cybersecurity.

AI-Powered Threat Detection:

Artificial intelligence is being used to monitor

and analyse satellite communication patterns

in real-time, allowing systems to detect

anomalies and potential cyber intrusions

instantly. These smart systems can respond

autonomously to threats, minimising response

time and reducing human error.

End-to-End Encryption:

To secure data transmissions between space

and ground stations, agencies are implementing

advanced encryption protocols.

End-to-end encryption is employed to ensure

that sensitive information, including satellite

telemetry and control commands, remains

protected from interception or tampering

throughout its journey.

Quantum Key Distribution (QKD):

QKD is emerging as a game-changer in space

communications. By using quantum physics

principles, this technology enables ultra-secure

key exchange between satellites and ground

stations, making it nearly impossible for

attackers to eavesdrop without being

detected.

Zero Trust Architecture (ZTA):

Adopting a zero-trust approach means that

no user or device, whether on Earth or in

orbit, is automatically trusted. Every access

attempt is continuously verified, greatly

reducing the risk of unauthorised entry into

critical space systems.

Cybersecurity-by-Design Approach:

Rather than being an afterthought, security

is now integrated into the design phase of

satellites and space software. This proactive

strategy ensures systems are built with resilient

architectures, secure coding practices and

minimal vulnerability exposure from the start.

Collaborative Threat Intelligence:

Space agencies, defence organisations and

private satellite operators are sharing real-time

cyber threat intelligence. This collective

approach improves response capabilities,

enables faster mitigation of global threats and

fosters a stronger, united defence ecosystem

in space.

WHAT IS DRIVING THE SPACE

CYBERSECURITY MARKET?

Rising satellite activity across commercial and

government missions is rapidly intensifying

cybersecurity needs, making space cybersecurity

solutions more essential than ever.

Growing government defence investments

and the strategic importance of space assets

are driving critical advancements in space

cybersecurity for national security.

The Future of Space Cybersecurity:

The future of space cybersecurity will rely on

advanced technologies such as AI, machine

learning and quantum encryption to protect

growing satellite networks. Collaboration

between governments and the private sector

will be crucial to developing global security

standards. As space becomes more crowded

and contested, cybersecurity will inevitably

evolve into a dynamic defence, ensuring

mission safety, data integrity and strategic

advantage.

Impact of AI on Space Cybersecurity Market:

Enhances real-time threat detection

and response, reducing reaction time

to cyber-attacks

Automates monitoring of satellite

networks, improving efficiency and

reducing human error

Enables predictive analytics to foresee

potential vulnerabilities and prevent

breaches proactively

Supports autonomous decision-making

for rapid mitigation of cyber threats in

space systems

Facilitates advanced encryption techniques,

strengthening data protection across

28


cyberspace race

WEAPONISED BATTLEGROUND

On a separate level, the Space Data

Association (SDA) works to enhance the

safety of space flight via the sharing of

operational data and promotion of best

practices across the industry. The potential

threats to satellites are many, it points out,

and include anti-satellite weapons, RF

weapons, cyber-attacks, jamming, as well as

spoofing the GPS signal to camouflage,

conceal and deceive adversaries.

communication channels

Assists in anomaly detection by

analysing vast data streams from

space assets for unusual patterns

Helps optimise resource allocation

for cybersecurity measures, lowering

operational costs

Promotes continuous learning from

emerging threats, adapting defences

to evolving cyberattack tactics.

As the space sector rapidly evolves

with increasing satellite deployments

and deeper interplanetary missions,

cybersecurity is becoming a foundational

pillar for protecting critical infrastructure

and sensitive data. From defence operations

to global communications, the

need to secure space assets against

sophisticated cyber threats has become

more urgent than ever. With advancements

in AI, encryption and collaborative

security frameworks, the space

cybersecurity market is poised to play

a vital role in ensuring safe, resilient and

uninterrupted operations across the ever

more aptly named ‘final frontier’.

THE QUANTUM FACTOR

As Dr Basel Halak, associate professor

of secure electronics and director of the

Cyber Security Academy at the University

of Southampton, points out, quantum

computing is one key area that poses

a significant and escalating risk to

current encryption methods used in

securing space systems. "As quantum

computers become a reality, they could

potentially break existing encryption,

rendering today's secure systems

vulnerable in the future. While new

encryption standards are being

developed to counteract these threats,

space electronics designers face the

challenge of deploying systems today

that must remain secure for decades."

Also, implementing security measures in

space electronics often incurs additional

resource overhead, such as increased

energy consumption, which is a critical

concern in the resource-constrained

environment of space. "Therefore,

designers must carefully balance the

trade-off between functionality and security."

"Alongside these deliberate threats, there's

also a need to protect against accidental

threats to satellites, such as in-orbit collision

with space objects [eg, another satellite or

space debris]. With rapidly rising numbers of

satellites and debris objects orbiting Earth,

there is an urgent need to improve space

situational awareness [SSA] and develop

accurate space traffic management systems

to protect against this risk."

DATA-SHARING ANXIETY

Information-sharing is imperative when

establishing accurate SSA and Space Traffic

Management systems, points out the SDA.

"Yet there can be reluctance to share data,

because of concerns around political and

commercial sensitivities. From a military

perspective, unwillingness to share data

can also arise out of a desire to prevent

aggressors from accessing SSA information

needed to coordinate an attack on a satellite."

Effective SSA, it states, requires international

cooperation and information-sharing - and

military, governments and commercial

operations all have a part to play in this.

"The NATO strategy calls for increased

collaborative working across nations, and

between government and industry. Higher

levels of collaboration to verify positioning

and orbit of satellites, as well as orbit

determination and tracking of small objects,

will be critical to ensure ongoing in-orbit

safety of satellites, particularly as the number

of satellites and debris objects increases."


29

endpoint security

ENDPOINT PROTECTION - THE ESSENTIALS

COMPUTING SECURITY LOOKS AT THE ENTRY POINTS ATTACKERS USE TO COMPROMISE

BOTH NETWORKS AND DATA - AND HOW ORGANISATIONS CAN PROTECT THEMSELVES

Endpoint security is at a turning point,

states Iratxe Vázquez Rodríguez, senior

product marketing manager, WatchGuard.

"The rapid adoption of remote working, the

rise of AI-powered attack tools and more

sophisticated threats have outpaced the

capabilities of traditional antivirus. They have

even outpaced some endpoint detection

and response [EDR] tools."

Static, signature-based protection wasn't

designed for the threats we face today, she

points out. "Fileless attacks, living-off-theland

binaries and credential-based intrusions

simply do not have the digital fingerprints

that legacy tools expect to find. Many are

operating entirely in memory, abusing

legitimate system processes to avoid

detection. This means that, by the time

a traditional product raises the alarm, the

damage is often already done."

Defending endpoints in 2025 requires

a rapid shift in both mindset and strategy.

"Protection must include real-time

behavioural analysis that can

spot suspicious activity as

soon as it occurs, even if

the threat has never

been seen before. AIdriven

classification,

when implemented

effectively, detects

and stops malicious

behaviour before it

executes. This makes

it possible to block

unknown threats

proactively," says

Rodríguez.

Speed is

critically

important, she adds. "Given the speed of

cyberattacks, there is often no time to wait

for human intervention. Automated isolation,

remediation and policy enforcement need to

happen in seconds to contain the threat and

prevent it from moving through the environment.

Having the ability to respond automatically

and intelligently to threats is now

a baseline expectation of cybersecurity,

rather than a luxury."

Compliance is more of a driving force than

ever before. New regulations, such as NIS 2

and DORA, mandate continuous monitoring,

demonstrable policy enforcement and

readiness to respond to incidents: "meaning

that endpoint security cannot operate in a

silo. It must support compliance, providing

visibility, reporting and evidence".

Embracing Zero Trust principles is right at

the heart of modern endpoint security

approaches, she points out. "Anything that

cannot be verified should be blocked by

default. Security tools must use intelligence

from endpoints, identities and the network

to detect stealthy, multi-stage attacks that

might otherwise go unnoticed. Ensuring

risk-based decision-making is critical when

adversaries are persistent and often already

inside the network."

RETHINKING PROTECTION

Endpoint security has long been a cornerstone

of cyber defence, traditionally focused

on securing desktops, laptops and servers.

"However, today's threat landscape demands

a shift in focus," cautions Kern Smith, VP of

solution engineering, Zimperium.

"Mobile endpoints, smartphones and

tablets are now central to how business

gets done, and corporate identify, yet they

30


endpoint security

remain among the least protected and most

targeted devices in the enterprise.

"As attackers adopt a mobile-first attack

strategy, the definition of endpoint protection

must evolve. Mobile devices are no

longer peripheral - they are critical endpoints

that access sensitive systems, store corporate

data and often operate outside traditional

security perimeters. They've become a

preferred target for attackers, because

they're always on, always connected and

rarely monitored at the same level as other

endpoints."

One of the most prevalent mobile entry

points is 'Mishing': mobile-targeted phishing.

"Unlike traditional email-based phishing,

Mishing includes attacks via SMS, messaging

apps, QR codes and social media, and

targets both iOS and Android platforms with

impunity," adds Smith. "These attacks are

specifically designed to take advantage of

mobile user behaviour and limited device

visibility. Mishing is difficult to detect using

legacy tools and has rapidly become a

leading tactic in mobile compromise."

Add to that risks from malicious apps,

unsecured networks, OS vulnerabilities and

device-level exploits, and the need for real

mobile security becomes clear.

"Organisations must deploy on-device, realtime

mobile threat defence that protects

against both known and unknown threatsincluding

malware, device compromise,

network attack, and phishing-without

violating user privacy or hindering productivity,"

he concludes.

GOOD STARTING POINT

In the first year when self-morphing viruses

appeared, 100 million 'new' virus signatures

were identified, which was a doubling

of all known viruses up until that point,

states Martin Jakobsen, managing director,

Cybanetix. "This created the need for a

completely new strain of protection and

ultimately led to the creation of the first EDR

technologies."

He points to 'The Gartner Magic Quadrant'

for EDR as a good starting point for any

organisation when evaluating the endpoint

security market. "Today, protection against

malwares needs to be real-time and, for the

most part, protect independent of human

interaction.

"The consideration for any organisation,

irrespective of size, should be targeted

only at the top technologies available. If

malware is not detected by your protection

technology, it either leads to undetected

data exfiltration, encryption of all your

devices [ransomware] or both," he warns.

While his personal preference in the EDR

space is SentinelOne, the other leaders of

the MQ are all solid choices, each with

their own merits. "In reviewing the top

EDR vendors, you should consider your IT

footprint and who will be managing the

technology, as complexity of use and

support of older and non-Microsoft

workloads is a key difference between

the leading technologies.

"Generally, I would recommend testing

any technology before any commitment is

made and, in doing so, look out for speed of

detection, complexity/ease of management

and remediation," advises Jakobsen. "Organisations

are often hung-up on ease of

deployment, which I personally find less

important in the evaluation of EDR, as

deployment is a one-off activity, while

ongoing protection is ultimately the key

requirement for assessment.

"Lastly, endpoint technologies are

increasingly becoming holistic platforms,

which include SIEM, cloud protection,

Vulnerability Management, Identity and

more, so your longer-term security

aspirations and strategy should also guide

which EDR technology you choose."

Iratxe Vázquez, WatchGuard: automated

isolation, remediation and policy enforcement

need to happen in seconds.

Martin Jakobsen, Cybanetix: regards

the 'Gartner Magic Quadrant' for EDR as

a good starting point when evaluating

the endpoint security market.


31

breaches


THE AVERAGE COST OF A DATA BREACH HAS FALLEN, BUT CYBERCRIMINAL

ATTACKS CONTINUE TO INCREASE IN BOTH SOPHISTICATION AND NUMBER

AJ Thompson, Northdoor:

with many companies still

investing in frontline defences,

cybercriminals have turned

to using the 'backdoor'.

IBM's annual Cost of a Data Breach report

has revealed that the average cost of

data breaches has, for the first time in

five years, dropped from $4.88 million in

2024 to $4.44million in 2025. However,

despite this drop, the report highlights

several areas that businesses need to focus

on in the coming months, if they are to

keep cybercriminals out and ensure that

they remain compliant.

"Let's start with the good news," says AJ

Thompson, CCO, Northdoor. "The average

cost of a data breach has reduced, for the

first time in five years. 2024 saw the

average global cost rise to a, $4.88 million,

2025's report has revealed that the cost

has dropped to a slightly less staggering,

$4.44 million. This trend is reflected in the

UK too. 2024 saw the average cost in the

UK work out to be £3.40 million with 2025

the number reducing to £3.29 million."

Perhaps not surprisingly, the healthcare

and financial sectors remain the most

expensive sectors for breaches. Globally,

the healthcare sector remained at the top,

with each breach calculated to cost around

$7.42 million, with the financial sector next

at $5.56 million. However, reflecting the

general trend, both had dropped from

2024, with healthcare in particular wiping

off £2.35 million from the average cost of

a breach.

THREAT IS HUGE

"As we have seen from the high-profile

attacks that have taken place in the UK

since the beginning of the year, the threat

from the supply chain, and third and

fourth parties, is now huge," adds Thompson.

"Cybercriminals will always find the path

of least resistance to gain access to their

primary target. With many companies

continuing to invest in frontline defences,

cybercriminals have turned to using the

'backdoor' to secure data and access to

systems."

This has been reflected in the 2025 report

where a supply chain breach in the UK

has been identified as the most expensive

factor that will increase the cost of the

data breach, measured at £241,620. The

32


breaches

global report also highlights the added

complexity of a supply chain attack with

'Third-party vendor and supply chain compromise'

being identified as having the

longest, and therefore most costly, data

breach lifecycle. With costs going up each

day from compromise to resolution, supply

chain attacks took on average 267 days to

resolve: a full week longer than malicious

insider attacks.

"The cost associated with longer containment

times is clear from the report," adds

Thompson. "For those companies in the UK

that can identify a breach and contain it

within 200 days, there is a significant drop

in the average cost, marked at £2.84

million. For those hit by a supply chain

attack or are simply struggling to deal

with the situation, when the breach takes

over 200 days to resolve the cost rises

considerably to £3.74 million.

"The ability to identify where vulnerabilities

lie within supply chains has to be

the critical step for most organisations over

the coming months. Without having such

insight, any spend on frontline defences is

essentially negated as companies leave the

backdoor ajar."

GOOD, BAD AND UGLY

The implementation of AI tools throughout

businesses is rising dramatically and is

expected to continue to do so over the

coming years, he points out. "This has had

some positive outcomes in terms of

security breaches. The global report found

that those organisations who extensively

used AI and automation throughout their

security operations saved on average $1.9

million in breach costs and reduced the

breach lifecycle by 80 days - a significant

reduction in the level of disruption caused

to a business. In the UK, specifically for

companies using AI extensively within their

security networks, the average cost of

a breach is £3.11 million, for those with

no AI or security automation, the average

increases to £3.78 million." However, like

all trends, the implementation of AI and

particularly the unsanctioned use of AI by

employees (shadow AI) can cause real

issues within businesses. This is especially

the case when the security protocols and

governance levels have not kept up with

the implementation of new tools.

"The global report found that 97% of

organisations that had an AI-related

security incident to their models or

applications also lacked proper AI access

controls. In the UK, the report found that

69% of organisations in the UK have little

or no AI or security automation in place,

meaning that they are facing a significant

rise in data breach costs."

It is also AI that seems to be driving the

attacks from the supply chain. "As we have

seen, attacks originating in third parties

are increasing and it is AI that seems to be

allowing cybercriminals the best access in.

Many organisations that reported a security

incident involving AI said the source was

a third-party vendor and delivered via

Software-as-a-Service (29%)."

It is the 'uncontrolled' use of AI that is

causing the most pain for organisations.

With employees using AI tools increasingly

within their day-to-day roles, businesses

must come to grips with controlling what

is used and when.

"The report acknowledged that many

breaches originating within unsanctioned

use of AI by an employee may go undetected

but for those that were identified, incidents

involving shadow AI accounted for 20% of

breaches, seven percentage points higher

than incidents originating from sanctioned

use of AI. It is the 11% of organisations

who remain 'unsure' whether an incident

came from the use of shadow AI that

perhaps points to the reality, with many

companies still struggling to come to grips

with what AI is being used and by who."

LACK OF RESOURCES

Like most trends, it will take some time for

companies to implement the necessary

controls on employees utilising new tools,

Thompson accepts. What they must be

aware of, though, is that in the meantime

cybercriminals will be making the most in

the gap between shadow AI and associated

controls. While the average cost of a data

breach has reduced, IBM's 2025 report

has highlighted several areas that businesses

need to address urgently, if they are

to remain secure and compliant.

"None of these areas will probably come

as a surprise to IT and security teams.

So, if it is not a lack of knowledge of

education within teams, how are cybercriminals

still able to gain access to so

many organisations? The answer, of

course, is resource, with internal teams

struggling with a lack of time and

numbers in dealing with an increasingly

sophisticated and numerous threats."

WELCOME TO THE PARTY

This is where third-party IT consultancies

can help, he believes. "Many are turning

to consultancies to help plug gaps within

their internal teams and to ensure that

they have the right expertise to combat

cybercriminal threats. With attacks coming

from internal and external sources, having

a team of experts on your side who can

help identify threats, highlight what new

threats look like and how to deal with

them, implementing new solutions that

can help secure systems, highlighting

vulnerabilities within your supply chain,

and ensure compliance to an increasingly

complex regulatory landscape, all helps to

reduce the chance of a breach and the

huge associated costs."

The IBM report, conducted on its behalf

by the Ponemon Institute, is based on

data breaches experienced by 600

organisations globally from March 2024

to February 2025.


33

investment news

YORKSHIRE AT FOREFRONT OF AI REVOLUTION

NEW FUND AIMS TO INVEST MILLIONS INTO THE REGION

Yorkshire is positioning itself at

the forefront of the UK's artificial

intelligence drive, as the newly

launched Oberon Yorkshire AI EIS Fund

announces plans to invest millions into

the region. The fund, which has been

developed in association with Yorkshire

AI Labs, reflects the high levels of investor

confidence that exist in the county’s

potential to become a national centre

of AI innovation and economic growth.

Paul Sheehan, Oberon

Yorkshire AI EIS: new

venture will tap into

high-performing,

scalable businesses.

The Oberon Yorkshire AI EIS Fund will

target pioneering AI-driven companies

across Northern England, capitalising on

the region's industrial heritage, strong

technology ecosystem and leading

research institutions. Investments

will focus on transformative

sectors, including manufacturing,

healthcare, transportation and financial

services, where AI integration offers

substantial economic and societal benefits.

UNIQUE MODEL

The fund is delivered in exclusive partnership

with Yorkshire AI Labs (YAIL), which is

a specialist incubator that has already built

and scaled some of the region's most innovative

AI companies. YAIL is known for its

unique model that combines sweat equity,

capital and hands-on commercial strategy

to create investor-ready businesses from

scratch.

"This isn't just a fund," says David Richards,

founder of YAIL. "It's the next phase of a

blueprint that's already working. We've

shown that you can build nationally

significant AI companies right here

in Yorkshire. The Oberon Fund allows

us to take that model and scale it, to

back more founders, accelerate more

platforms and build an ecosystem the

whole country can be proud of."

Adds Paul Sheehan, investment

director of Oberon

Yorkshire AI EIS: "The

Oberon Yorkshire

AI EIS Fund

represents our

belief in the

significant

economic and

technological

potential of

the North of

England. In

collaboration

with YAIL, we

are afforded

early access to

a pipeline of

rigorously selected high-potential growth

companies in the AI space.

ROAD TO SUCCESS

"With Oberon providing the investment

structure and YAIL identifying the regional

talent, this new venture is ripe for success

in transforming untapped talent into highperforming,

scalable businesses."

With a growing pipeline of opportunities

already identified by YAIL, and a proven

track record of success with companies

such as IntelliAM AI Plc (IPO-listed industrial

AI), PureTec (a sustainable orthodontics

platform), and DigitalCNC (a University of

Sheffield spinout applying AI to precision

manufacturing), the fund aims to accelerate

regional growth, boost employment

and solidify Yorkshire's role as a national

and global leader in the AI landscape.

AI COMPANY LAUNCHED

Meanwhile, Yorkshire AI Labs, in partnership

with Dr Rob Ward and the University

of Sheffield's Advanced Manufacturing

Research Centre (AMRC), has launched

DigitalCNC, which is described as a "groundbreaking

AI-driven precision manufacturing

software company". The venture is being

positioned as a significant leap forward in

applying artificial intelligence technologies

to the manufacturing industry.

DigitalCNC's advanced technology has

been extensively developed and validated

through many years of collaborative

research and development with the AMRC

and the School of Electrical and Electronic

Engineering, which have been world

leaders in control and systems engineering

for more than 50 years. The AMRC research

centre itself is renowned on an international

scale for its excellence in translational

manufacturing research.

34


ACCORDING TO JAMF 2024:

Security

Trends Report

39 % of

organisations

had at least one device

with known vulnerabilities

40 % of

mobile users

were running a device

with known vulnerabilities

9 % of

users fell for

a phishing attack

Manage and Secure

Apple at work

With Jamf Trusted Access, you ensure

that only authorised users, on enrolled

devices that are secure and compliant,

can access sensitive data.

REQUEST

Y O U R

F R E E

T R I A L

TODAY

www.jamf.com

CS Sep-Oct 2025

Transform your PDFs into Flipbooks and boost your revenue!

Delete template?

Save as template ?