Latest news with #AIthreats
Forbes
2 days ago
- Business
- Forbes
The Cyber Risk SMBs Can't Afford To Ignore
AI-driven threats are rewriting the rulebook. Here's the new cybersecurity playbook every small business must adopt before it's too late June just marked National Cybersecurity Education Month, an effort to raise awareness and expand the cybersecurity workforce. While public understanding is growing, so is the scale and sophistication of attacks. In the age of AI, threats no longer target only governments and large organizations. Cyberattacks now strike in unexpected places, putting individuals, SMBs, and entire systems at risk. Awareness alone isn't enough. Are we prepared? A recent conference held at Nasdaq by the Digital Evolution Institute explored the digital fabric comprising AI, data, and cybersecurity, and put a fascinating spotlight on the growing and unexpected risks and consequences. Byron Loflin, Nasdaq Board Excellence Center at the conference Digital Evolution Institute founder Julia Valentine stressed throughout the conference the shift from cyber crises as technical incidents to business and leadership-level challenges, and explained why being proactive in cyber crisis preparedness is no longer a luxury but a must-have. Cyber risk is a business risk Valentine, Presidential Lifetime Achievement Award recipient, entrepreneur, and a long time investor, is also the founder of AlphaMille, a global technology consulting firm specializing in digital and physical security, stressed at the conference that 'Companies cannot look to the government to protect them from cyberattacks in the AI era. Digital exposure should be treated as any other initiative that creates revenue, reduces cost, and mitigates risk,' she said, offering a familiar example from 2021, when R.R. Donnelley & Sons (RRD), a global provider of business communication and marketing services, which went through a ransomware attack that exposed sensitive client data. In 2024, the SEC reached a $2.125 million settlement with RRD for violating the internal controls and disclosure controls provisions of federal securities laws. As part of remediation, RRD revised incident response policies and procedures, adopted new cybersecurity technology and controls, updated employee training, and increased cybersecurity personnel headcount - all basic cybersecurity measures that shareholders increasingly expect to be put in place as a normal course of business. 'The 'R.R. Donnelley' case was a wake-up call,' Valentine now says. 'Despite being a data-intensive company, they missed key warning signs. This cost them millions and damaged client trust. Overlooking cybersecurity doesn't just increase risk; it sets a company up for sudden and devastating failure.' Presidential Lifetime Achievement Award recipient, entrepreneur, and a long time investor, Julia ... More Valentine at the conference. While awareness is supposedly on the rise, cybercrime losses have been steadily increasing, and projections indicate a continued upward trend. Globally, cybercrime costs are projected to reach $10.5 trillion annually by 2025, according to Cybersecurity Ventures. The annual cost of cybercrime in the U.S. alone is estimated to be around $639 billion in 2025. According to Valentine, three things need to happen to change the trend: 'Cybersecurity needs to be elevated to the board level. The board needs to calibrate the right amount of information it needs for effective oversight, and the company needs to right-size its cybersecurity defenses.' During the conference, broad discussions by key industry leaders explored this shift in priorities from multiple angles. 'As fiduciaries, we are now responsible for the resilience of our organizations, not just our balance sheets.' From a management and board perspective, it was made clear that the change starts there: 'Cybersecurity must be viewed not as an IT expense, but as a strategic differentiator. Boards need fluency in incident response, third-party risk, threat intelligence, and yes, a solid recovery plan. Because a breach today is no longer just a technical failure, it's a governance failure.' SMBs Are Losing the Battle to Cybercrime In today's digital economy, small and midsize businesses (SMBs) are no longer flying under the radar of cybercriminals. In fact, they've become prime targets. According to recent industry reports, nearly 60% of SMBs experience a cyberattack each year. 'Many SMBs operate under the dangerous assumption that they're too small or insignificant to attract cybercriminals,' she says. 'In reality, attackers often see SMBs as low-hanging fruit, companies with valuable data but weaker defenses. Whether it's financial records, employee data, or client information, your business is a digital goldmine to hackers.' Many small businesses are at serious risk without realizing it. Common signs include not using multi-factor authentication, not knowing what systems or tools are in use, and ignoring alerts or phishing emails. Relying on basic IT support, skipping regular backups, running outdated software, and lacking a clear response plan all leave the door open to attacks. Even being denied cyber insurance can be a red flag. So beyond misconceptions, what's actually preventing SMBs from getting the protection they need? Valentine outlines five practical barriers that prevent SMBs from getting the cybersecurity protection they need: Cyber protection is not out of reach. SMBs need focused, outsourced, and staged solutions, not bloated enterprise packages. "SMBs must treat cybersecurity like a business imperative." With the different views discussed at the conference, a new 'playbook' was created with the critical steps each business, big and small, must take. Valentine is now outlining The New Cybersecurity Playbook for SMBs: 7 Essential Steps: 'Cybersecurity is a boardroom concern and a business imperative,' she concludes. 'A modern, tested cyber playbook is the best line of defense.'
Independent Singapore
7 days ago
- Business
- Independent Singapore
Darktrace appoints Sumit Bansal VP for Asia as APAC faces ‘critical' wave of AI-powered cyberthreats
Photo: LinkedIn/Sumit Bansal Cybersecurity firm Darktrace has appointed Sumit Bansal as vice president for Asia to help meet growing demand for stronger defence against AI-powered cyberthreats, as 77% of organisations in the Asia-Pacific region have already been significantly affected by such attacks, according to a media release on Thursday (June 26). The firm said Mr Bansal will focus on key markets across ASEAN, Hong Kong, Taiwan, and South Korea. Mr Bansal brings more than 25 years of experience in cybersecurity and has held leadership roles at CheckPoint, Symantec, Sophos, and, most recently, as vice president for Asia Pacific and Japan at BlueVoyant. He has also worked closely with cloud service providers like Microsoft and AWS. In his new role, Mr Bansal will lead Darktrace's efforts to grow its customer base, partner footprint, and market presence in the region. The company said his deep understanding of the security landscape and strong networks of chief information security officers (CISOs) and channel partners will support its growth strategy across key Asian markets. Mr Bansal, who is joining Darktrace at a critical time, as businesses across Asia face increasing cyber risks, said, 'I am excited to join Darktrace at such a pivotal time for the company, the cybersecurity industry and for Asian markets undergoing accelerated digital transformation.' Trevor Coetzee, senior vice president for MEA and APJ at Darktrace, said Mr Bansal's appointment reflects the company's focus on strengthening its presence in key Asian markets. He noted, 'His exceptional track record in scaling security businesses and his hands-on approach to leadership will be invaluable as we continue to deliver our AI-powered cybersecurity solutions to organisations across the region.' /TISG Read also: Cybernews researchers urge internet users to change passwords after 'brief' exposure of 16B login records
Yahoo
16-06-2025
- Business
- Yahoo
New CSC Survey Finds Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years
CISOs identify cybersquatting, domain-based attacks, and ransomware as top cybersecurity concerns 87% cite AI-powered domain generated algorithms as a direct threat Only 7% expressed clear confidence in their ability to combat domain attacks WILMINGTON, Del., June 16, 2025--(BUSINESS WIRE)--An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. The report, "CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation," names cybersquatting, domain and DNS hijacking, and distributed denial-of-service (DDoS) attacks as the top three global cyber threats in 2024. These risks are only projected to escalate, as cybercriminals leverage new techniques and capabilities from AI and other modern technologies to launch more sophisticated attacks. Looking ahead, cybersquatting, domain-based attacks, and ransomware top the list of cybersecurity concerns for CISOs over the next three years. "DNS and domain-related infrastructure are prime targets for cybercriminals," says Ihab Shraim, chief technology officer for CSC's Digital Brand Services division. "These attackers conduct extensive reconnaissance to identify vulnerabilities, hijack subdomains, and impersonate brands at a massive scale. With the growing availability of AI-driven tools and off-the-shelf attack kits, these threats are only going to accelerate. A single DNS compromise can take down email, websites, customer portals, and even phone networks. Companies that don't act quickly may find themselves navigating not just technical fallout, but reputation and regulatory consequences as well." AI-powered domain generation algorithms (DGAs) are increasingly worrisome, with 87% of CISOs identifying them as a direct threat. Additionally, 97% of respondents voiced concerns about the potential risks associated with granting third-party AI systems access to company data, underscoring the critical need for robust AI governance frameworks. Despite these escalating concerns, only 7% of CISOs expressed being "very confident" in their ability to mitigate domain-based attacks, and just 22% believe they have the right tools in place. This lack of confidence may reflect deeper gaps in preparedness, and it's possible that many organizations still underestimate the complexity of domain security and the speed at which threats are evolving. "The human element continues to be the biggest security vulnerability," adds Nina Hrichak, vice president of CSC's Digital Brand Services. "As cybercriminals grow more sophisticated, internal education and awareness are falling behind. DNS hijacking and subdomain takeovers have become mainstream concerns, but not every organization possesses the internal expertise to monitor domain activity in real time. That's where experienced partners can offer vital insights and agility to help organizations stay ahead of the curve." To receive a copy of CSC's "CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation," contact us at CSC@ or visit the website. 1CSC, in partnership with Pure Profile, surveyed 300 CISOs, CIOs, and senior IT professionals operating in Europe, the U.K., North America, and Asia Pacific to understand their current concerns and how they are navigating the evolving cybersecurity landscape, regulatory demands, and the rise of AI in cybercrime. About CSC CSC is the trusted security and threat intelligence provider of choice for the Forbes Global 2000 and the 100 Best Global Brands (Interbrand®) with focus areas in domain security and management, along with digital brand and fraud protection. As global companies make significant investments in their security posture, our DomainSec℠ platform can help them understand cybersecurity oversights that exist and help them secure their online digital assets and brands. By leveraging CSC's proprietary technology, companies can solidify their security posture to protect against cyber threat vectors targeting their online assets and brand reputation, helping them avoid devastating revenue loss. CSC also provides online brand protection—the combination of online brand monitoring and enforcement activities—with a multidimensional view of various threats outside the firewall targeting specific domains. Fraud protection services that combat phishing in the early stages of attack round out our solutions. Headquartered in Wilmington, Delaware, USA, since 1899, CSC has offices throughout the United States, Canada, Europe, and the Asia-Pacific region. CSC is a global company capable of doing business wherever our clients are—and we accomplish that by employing experts in every business we serve. Visit View source version on Contacts For more information: W2 Communications Joyson CherianSenior Vice PresidentJoyson@ CSC Laura CrozierPR CSC News Room Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
National Post
04-06-2025
- Business
- National Post
LevelBlue Report Reveals Increasing Risks To Healthcare Organizations Are Driving Cyber Resilience
Article content LevelBlue finds that only 29% of healthcare executives say they are prepared for AI-powered threats. Article content DALLAS — LevelBlue, a leading provider of managed security services, strategic consulting, and threat intelligence, today released its 2025 Spotlight Report: Cyber Resilience and Business Impact in Healthcare. The findings reveal how the healthcare industry is protecting itself from increasingly numerous sophisticated attacks. Article content The new report found that 32% of healthcare executives say their organization suffered a breach in the past 12 months, and nearly half (46%) say they are experiencing a significantly higher volume of attacks. As artificial intelligence (AI) promises healthcare organizations unprecedented levels of efficiency, optimized processes, and enhanced automation, the report reveals that only 29% of healthcare executives say they are prepared for AI-powered threats despite 41% believing they will happen. Article content At the same time, the software supply chain remains a blind spot, with only a small portion of executives recognizing the associated risks. 54% say they have very low to moderate visibility into the software supply chain, and only 21% say they are investing significantly in software supply chain security. Article content However, cyber resilience measures are becoming more integral to business operations, with 61% of healthcare organizations now aligning their cybersecurity teams with lines of business, a sign that resilience is increasingly seen as a shared responsibility across departments. Moreover, nearly half (44%) expect to enlist managed security service providers (MSSPs) in the next two years to help them manage the increasingly complex and dynamic threat landscape, an increase from 30% that have done so over the past 12 months. Additionally, 59% of leadership roles are measured against cybersecurity KPIs, and nearly half (43%) say they allocate cybersecurity budgets at the outset of new initiatives – a critical step toward embedding security into innovation efforts. Article content 'With the rising risk of AI-powered cyberattacks and vulnerabilities in the software supply chain, achieving cyber resilience in healthcare is more critical than ever,' said Theresa Lanowitz, Chief Evangelist of LevelBlue. 'Our research shows that healthcare organizations are no longer viewing cybersecurity as just an IT issue; it's now a business priority. Still, there is work to be done to properly prepare and protect themselves.' Article content Healthcare organizations are making progress in integrating cybersecurity across their operations, but there is still work to be done. When asked to what extent their organization is investing in certain measures to prepare for new and emerging types of cyber threats, healthcare executives say they are most likely to invest significantly in: Article content Based on these findings, LevelBlue recommends four specific steps to achieve cyber resilience, regardless of the industry: Push cyber resilience up the organization, embed cybersecurity responsibilities throughout the organization, be proactive (not reactive), and prioritize resilience in the software supply chain. Article content Download the complete findings of the 2025 LevelBlue Spotlight Report: Cyber Resilience and Business Impact in Healthcare at this link here to learn how healthcare organizations are adapting to the changing threat landscape. This report follows the April 2025 release of the 2025 LevelBlue Futures Report: Cyber Resilience and Business Impact, which can be found here. Article content For more information on LevelBlue and its managed security, consulting, and threat intelligence services, please visit Methodology The research is based on a quantitative survey that was carried out by FT Longitude in January 2025. There were a total of 1,500 C-suite and senior executives surveyed across 14 countries and seven industries: energy and utilities, financial services, healthcare, manufacturing, retail, transportation, and US SLED (state, local government, and higher education). To be counted as a cyber resilient organization, respondents must have met the qualifications listed under 'Five Characteristics of a Cyber Resilient Organization.' The total number surveyed in healthcare is 220. Article content About LevelBlue Article content We simplify cybersecurity through award-winning managed services, experienced strategic consulting, threat intelligence, and renowned research. Our team is a seamless extension of yours, providing transparency and visibility into security posture and continuously working to strengthen it. Article content We harness security data from numerous sources and enrich it with artificial intelligence to deliver real-time threat intelligence- this enables more accurate and precise decision making. With a large, always-on global presence, LevelBlue sets the standard for cybersecurity today and tomorrow. We easily and effectively manage risks so you can focus on your business. Article content Article content Article content Article content Contacts Article content Media Contact Article content Article content Jessica Bettencourt Article content Article content Article content
Zawya
04-06-2025
- Business
- Zawya
Microsoft offers to boost European governments' cybersecurity for free
Microsoft is offering free of charge to European governments a cybersecurity programme, launched on Wednesday, to bolster their defences against cyber threats, including those enhanced by artificial intelligence, it said. After a surge in cyberattacks in Europe, many linked to state-sponsored actors from China, Iran, North Korea and Russia, the programme aims to boost intelligence-sharing on AI-based threats and help to prevent and disrupt attacks. "If we can bring more to Europe of what we have developed in the United States, that will strengthen cybersecurity protection for more European institutions," Microsoft President Brad Smith told Reuters in an interview. "You're going to see other things we are doing later in the month." Increasingly, attackers employ generative AI to amplify the scale and impact of their operations that range from disrupting critical infrastructure to spreading disinformation. Although malicious actors have weaponised AI, Smith said AI also offered defensive tools. "We don't feel that we have seen AI that has evaded our ability to detect the use of AI or the threats more broadly," Smith said. "Our goal needs to be to keep AI advancing as a defensive tool faster than it advances as an offensive weapon," he said. Microsoft tracks any malicious use of AI models it releases and prevents known cybercriminals from using its AI products. AI-driven deepfakes have included a portrayal of Ukrainian President Volodymyr Zelenskiy capitulating to Russian demands in 2022 and a fake audio recording in 2023 that influenced the Slovakian election. Smith said so far audio had been easier to fake than video. (Reporting by Supantha Mukherjee in Stockholm; editing by Barbara Lewis)
