Latest news with #digitaldefense
National Post
02-07-2025
- Business
- National Post
The AI Summit Returns to Black Hat USA 2025 on August 5
Article content One Day Event Hosted at Mandalay Bay in Las Vegas Features Keynotes and Workshops Focused on Future of Digital Defense Article content LAS VEGAS — The second annual The AI Summit at Black Hat USA 2025 is a live, in-person event taking place for one day only on August 5 at the Mandalay Bay Convention Center in Las Vegas. Featuring a packed agenda of featured speakers on topics showcasing cutting-edge AI solutions to better equip Black Hat attendees with innovative strategies to implement these AI products and tools, secure their enterprises, and prepare for future cyber attacks. Article content Article content This groundbreaking event discusses the importance of AI as not only a tool but as the cornerstone of both advanced cyber defense and as the latest weapon in the hands of today's threat actors. It kicks off with keynote presentations and panel discussions on the headliner stage, before breaking into Strategic and Technical workshop tracks. These sessions empower attendees to collaboratively tackle two pivotal forces shaping today's technology landscape – artificial intelligence and cybersecurity. Article content 'We are proud of the diverse and powerful lineup of speakers and presentations at The AI Summit at Black Hat USA 2025,' said Caroline Hicks, Senior Director, The AI Summit Series, Informa Connect. 'Covering everything from GenAI-driven offense and defense to enterprise-grade AI systems, our program showcases the full breadth of today's cybersecurity landscape. Delegates will gain practical strategies and insights from leading global experts to equip them with the knowledge and tools to enhance detection and prevention using the latest AI innovations.' Article content The AI Summit at Black Hat USA will bring together a range of attendees from senior enterprise executives to AI specialists, IT leaders to cybersecurity professionals, for a day of learning, networking, and inspirational moments. Topics will include the use of AI in cybersecurity products and solutions, securing AI applications and models within the enterprise, and the use of AI in cyber attacks. A preview of the stage presentations include: Article content The New Frontier: AI Agents & Security Risks opens the conference with Protect AI's Ian Swanson and Dan McInerney. Addressing Real-World AI Security Challenges features panelists Jyotirmay Gadewadikar (Mitre), Rosalia Hajek (Topgolf Callaway Brands), Chuck Herrin (F5), and Niv Braun (Noma Security), among others, discussing how AI can be trusted and scaled in critical infrastructure and focusing on innovation in automation and threat detection. Debunking AI Myths & Misconceptions: What Security Leaders Need to Know includes Nathan Hamiel (Kudelski Security), Jess Burn (Forrester) and Apostol Vassilev (National Institute of Standards and Technology) separating hype from reality to help security professionals address real risks and practical defenses. Article content The AI Summit at Black Hat USA 2025 is presented by Protect AI as well as sponsors Crogl, Trend Micro, World Wide Technology (WWT), Elastic, GTB Technologies, Microsoft Security, Lockheed Martin, F5, Intezer, Noma Security, and Cranium AI, among others. Article content To learn more about The AI Summit at Black Hat USA 2025, visit for passes, speaker announcements, show agenda, and sponsorship opportunities. Article content The AI Summit at Black Hat USA 2025 takes place on August 5 at the Mandalay Bay Convention Center in Las Vegas. The AI Summit Series smartly integrates into the Black Hat USA 2025 programming to celebrate its 28th anniversary with a live, in-person six-day program from August 2 to August 7. As 2023 saw artificial intelligence explode into the mainstream and land firmly on the boardroom agenda, today it's clear that no AI implementation can truly be successful without understanding, and preparing for, the myriad cybersecurity implications. Article content ABOUT THE AI SUMMIT SERIES Article content In 2016, at a time when AI conferences were geared towards research & academia, Informa launched The AI Summit Series – the first-ever conference and exhibition to explore what AI practically means for enterprises. Every year since then, we've gathered top executives and investors with technology specialists and data scientists from across the globe to network, learn and showcase ground-breaking technology solutions for business. Article content Article content Article content
Zawya
02-07-2025
- Business
- Zawya
AWS rolls out 3 key security capabilities at re:Inforce
New tools will allow customers to better protect their digital assets, identify important security issues, defend against cyberattacks, and more. AWS is introducing three new enhanced security services to help organizations better manage emerging threats in the gen AI era. AWS Security Hub helps teams identify and address critical issues in one unified location. AWS Shield's new proactive network security analysis makes it easier to spot and fix security gaps before attackers can exploit them. Amazon GuardDuty enhances its Extended Threat Detection to container-based environments, identifying complex attack patterns that might otherwise go undetected. United Arab Emirates, Dubai – Amazon Web Services (AWS) unveiled a suite of new security capabilities at AWS re:Inforce, to help customers of all sizes strengthen their digital defenses. AWS re:Inforce, the company's annual cloud security conference, brings together security experts, partners, and builders from around the world to collaborate on addressing emerging security challenges in the generative AI era. As organizations face increasingly sophisticated cyber threats, AWS announced a dozen new capabilities today aiming to simplify security management while providing even more comprehensive protection. Here are three of those key services: AWS Security Hub: helping customers quickly spot and prioritize active threats to their systems AWS Security Hub helps customers identify their most critical security issues and respond quickly to reduce risks. It acts as a kind of 'security command center,' connecting the dots between different types of security alerts and vulnerabilities. This helps security teams quickly spot and prioritize active threats to their cloud systems. By bringing everything together into one place, Security Hub provides a clearer picture of an organization's security status while eliminating the need to manually gather information from multiple security tools. AWS Security Hub is available in preview to AWS customers starting today. AWS Shield: proactively protecting customers' online systems AWS Shield is enhancing how it protects websites and online applications by proactively finding network security configuration mistakes and weaknesses. The service now creates a map of customers' security resources, identifying vulnerabilities to common attacks like SQL injections (when hackers try to access data through website forms) and Distributed Denial-of-Service, or DDoS, attacks (when attackers overwhelm websites with fake traffic to make them crash). AWS Shield provides an easy-to-understand dashboard that highlights issues by severity, along with step-by-step instructions for fixing problems quickly. Customers can even use Amazon Q, the most capable generative AI-powered assistant for work, to get guidance through simple conversations, rather than navigating complex security settings. Amazon GuardDuty: launching Extended Threat Detection for container-based applications AWS announced expanded capabilities for Amazon GuardDuty Extended Threat Detection (XTD), which now protects container-based applications running on Amazon Elastic Kubernetes Service (EKS). GuardDuty connects various security signals across customers' systems to detect sophisticated attack patterns that might otherwise go unnoticed. By monitoring EKS audit logs, runtime behavior, and AWS activity, GuardDuty can identify complex, multi-stage attacks. These improved detection capabilities allow security teams to spend less time investigating potential issues and more time addressing genuine threats, reducing the impact on business operations. Balancing AI innovation with safety concerns is within reach, but it requires unprecedented collaboration between governments and companies. As security challenges continue to evolve, AWS is committed to ensuring organizations stay ahead of potential risks. For example, AWS now has 100% multi-factor authentication enforcement for all root users across all types of AWS accounts. The new security capabilities announced today provide customers with deeper visibility, streamline security operations, and help protect their cloud environments more effectively. By building security capabilities that empower innovation and creating guardrails that give organizations the confidence to scale rapidly, AWS is helping customers build stronger security postures with less effort, allowing them to focus more resources on growth. Learn more about these security topics and what's being discussed at AWS re:Inforce. About Amazon Web Services Since 2006, Amazon Web Services has been the world's most comprehensive and broadly adopted cloud. AWS has been continually expanding its services to support virtually any workload, and it now has more than 240 fully featured services for compute, storage, databases, networking, analytics, machine learning and artificial intelligence (AI), Internet of Things (IoT), mobile, security, hybrid, media, and application development, deployment, and management from 114 Availability Zones within 36 geographic regions, with announced plans for 16 more Availability Zones and five more AWS Regions in Chile, New Zealand, the Kingdom of Saudi Arabia, Taiwan, and the AWS European Sovereign Cloud. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—trust AWS to power their infrastructure, become more agile, and lower costs. To learn more about AWS, visit About Amazon Amazon is guided by four principles: customer obsession rather than competitor focus, passion for invention, commitment to operational excellence, and long-term thinking. Amazon strives to be Earth's Most Customer-Centric Company, Earth's Best Employer, and Earth's Safest Place to Work. Customer reviews, 1-Click shopping, personalized recommendations, Prime, Fulfillment by Amazon, AWS, Kindle Direct Publishing, Kindle, Career Choice, Fire tablets, Fire TV, Amazon Echo, Alexa, Just Walk Out technology, Amazon Studios, and The Climate Pledge are some of the things pioneered by Amazon.
Telegraph
29-05-2025
- Politics
- Telegraph
Britain's building a £1bn ‘army of hackers' – but they have already been outpaced by Russia
'The keyboard has become a weapon of war,' Defence Secretary John Healey announced at MoD Corsham, the UK's military cyber HQ, on Wednesday. Britain's digital defences are facing daily attacks from hostile states, he warned, and the time has come to fight back with a £1 billion injection to fund new artificial intelligence capabilities and an army of hackers. Yet while the money is certainly a welcome boost, the language used has raised a few eyebrows. It's 'talking about cyber operations as if they're new,' scoffed Matthew Savill, director of military science at the Royal United Services Institute (RUSI) on the BBC's Today programme on Wednesday. 'It's been 15 years since Stuxnet.' Savill, who it's fair to say has the inside scoop after several years as a senior civil servant in the Ministry of Defence (MoD), was referring to the highly sophisticated computer virus discovered in 2010 that had been used to sabotage Iran's nuclear facilities, widely attributed to a joint operation between the US and Israel. It was a watershed moment in cyber warfare – proving how nation states could now cause vast damage from behind a computer screen, without a shot being fired. Not only that, but it also revealed – to the concern of many – the impressive cyber operations several countries now had in their locker. Indeed, the US had made dominance in cyber a strategic goal as far back as the mid-1990s. China and Russia had quickly followed in the early 2000s, with Moscow investing heavily in technology to boost its intelligence units and Beijing openly integrating 'information warfare' into its military strategy. Britain, however, was slower off the mark. Despite first being hit by state-sponsored cyber espionage in 2003, when malware designed to steal sensitive data was found on a government employee's device, it wasn't until 2010 that the National Security Strategy officially ranked cyber attacks as a 'Tier 1' threat – on par with terrorism. Some 15 years on, as Savill told the BBC's Jonny Dymond, defence chiefs appear yet again to be 'catching up'. Government systems outpaced by cyber criminals The danger this lack of action and investment has put the UK in was laid bare earlier this month in a report by the House of Commons' Public Accounts Committee (PAC). Crumbling Government computer systems have been outpaced by cyber criminals, MPs warned, with more than a quarter of all public sector IT systems using vulnerable, older 'legacy' technology. Britain's critical infrastructure has already felt the impact of these weaknesses – from the devastating WannaCry ransomware attack on the NHS in 2017 to the recent hits experienced by retailers such as Marks & Spencer, the Co-op and Harrods. Each attack only reaffirms the need to improve resilience. Indeed, the UK Government is in no doubt of the need for – and effectiveness of – a world-leading cyber operation. Just keeping at bay the 90,000 cyber attacks the country has faced from hostile states in the past two years is difficult enough (double the previous number in the same time period up to 2023), less actually going on the offensive. 'One of the reasons you might be seeing a pivot to spending more money on cyber in our armed forces, rather than bombs and bullets, is because it can level the playing field,' says Prof Alan Woodward, cybersecurity expert from the University of Surrey. 'It acts as a force multiplier. 'Smaller countries can get a bigger bang for their buck – there's no longer as much need for an overwhelming physical superiority over the enemy, you can instead just turn off their lights and gas. We are a much smaller military nation than we once were – the armed forces can't even fill Wembley Stadium. So cyber is a way of punching above our weight. 'If you spend the money wisely and you can develop the capability, then there is the possibility you can be ready for some of the threats in what is an increasingly volatile world. It's what allowed Ukraine to make a damn good fist of fighting what on paper should be an overwhelming physical force from Russia.' Why Britain is still behind The UK's armed forces and intelligence agencies do in fact possess significant cyber expertise – Britain's GCHQ being the jewel in its crown, helped by its close allegiance with its counterpart in the US, the National Security Agency. Its offensive cyber unit once conducted a hugely successful cyber campaign against Islamic State in 2017 that made it 'almost impossible' for the terror group to 'spread their hate online, to use their normal channels to spread their rhetoric, or trust their publications,' according to Jeremy Fleming, then-head of GCHQ. A major problem, however, lies in its size. The scale of its cyber teams is modest – numbering in the low thousands – and often relying on contractors or partner support for advanced operations. In contrast, adversaries like China or Russia deploy vast numbers of keyboard warriors. This was spelt out in the recent PAC report, which warned of a shortage of cyber skills experts, particularly in the public sector. Woodward points to two main reasons behind this: firstly, the lack of students opting to study engineering, and secondly, the poor pay on offer for those who opt for the civil service. In China, between 30 to 40 per cent of graduates have a STEM (science, technology, engineering or mathematics) qualification – compared to around 5 per cent 'if you're lucky' in the UK, he says. 'They're hard, complicated subjects and people don't want to do them, even though if you do computer science your chances of getting a job are practically guaranteed, and you'll be earning one of the highest salaries.' Yet the big-money jobs are generally only available in the private sector – where the pay on offer can often be nearly twice as much as their public sector counterparts. 'How do you compete against banks and people like that paying large salaries?' says Woodward. In contrast, other nation states like China are going 'hell for leather' in attracting the best talent to the military and government agencies. Industry insiders have certainly noted the skills shortage. 'Police, security services and government departments need to recruit and accelerate cyber skills and capabilities to stay one step ahead of the bad actors,' says Ed Dolman, head of Europe, Middle East, and Africa at digital forensics firm Cellebrite, which provides the MoD and other government agencies with the technology to carry out cyber investigations. 'Britain cannot afford to play catch up any more and sleepwalk into this increasingly dangerous world. 'Growing volumes of increasingly sophisticated cyber-attacks perpetuated by rogue states and organised criminal groups mean that ramping up the UK's security capabilities should be at the very top of the Government agenda.' A £1bn boost to UK cyber defences The Government has at least been looking to bolster its defences with cyber personnel. In 2020, the Government established a specialist unit called the National Cyber Force to carry out the UK's offensive cyber activity to protect the UK. Its aim is to reach 3,000 cyber experts by the end of the decade. To give a sense of scale of the fight Britain is up against however, estimates for China's own 'hacker army' range between 50,000 to 100,000. The latest £1 billion injection to the UK's cyber defences will fund a new Cyber and Electromagnetic Command, which will upgrade targeting systems using an artificial intelligence 'kill web' that connects military systems. Experts suggest it hints that the UK may start to go on the offensive with its cyber operations, similar to its allies and enemies. 'The UK has been very cagey about talking about its offensive cyber capability,' Savill told the BBC. 'It's only a very slight cracking open of what remains a pretty secretive world. But it sounds like they want to talk a little bit more about their ability to take on hostile states.' Woodward suggests the UK may in fact have far more capability than has been publicly acknowledged. 'The UK has definitely been building its offensive cyber capabilities,' he says. 'Indeed, just because we haven't yet used it, doesn't mean we don't have the technology. It's a bit like saying: 'I've got a nuclear weapon, you've got a nuclear weapon, but I'm behind because I've never used it.'' Instead, unlike Moscow, the UK has to be far more careful – and often it's better not to show your hand until you need to, he says. 'Moscow has been far more aggressive and brazen about it. They like the disruption. Putin's regime is very happy to play fast and loose with these things and takes a lot more risk than the British government is willing to. 'We would never admit to it [offensive cyber operations], because if we did it would be an act of war.' An 'ethical dilemma' For several years, Russia has carried out cyberattacks on Western critical infrastructure through criminal groups – allowing them to deny any involvement. Yet on the battlefield, particularly in Ukraine, they have been far more gung-ho with trying out autonomous AI weapons, such as drones that can recognise targets and fire. In its fight for survival, Ukraine has also tried such technology out. For the UK however, this presents an 'ethical dilemma'. 'Britain finds it hard enough with driverless cars,' jokes Woodward. Neither can it use criminal groups as a proxy for its dirty work. Yet, he suggests the UK has already carried out extensive digital espionage and may well be ready to unleash its own cyber weapons in the near future. 'If you're going for real disruption, like taking energy grids down, you don't want to play your hand,' he says, suggesting that it may have already started the process. Stuxnet, for example, was only discovered years after it had been lying in place. 'We may have already planted the seeds in various places. But actually triggering them is a different proposition – you don't want to use it until you really have to.' So while it might seem like we're late to the party, Woodward believes we may in fact be better prepared than some fear. 'It's not a sudden revolution in thinking, it's an evolution,' he says. 'I just think it's accelerated.'
Forbes
22-05-2025
- Business
- Forbes
Building The Future Of Cybersecurity—One Student At A Time
A cybersecurity intern represents the future of digital defense—growing real-world skills through ... More year-round, paid experience that helps close the talent gap from the inside out. Cybersecurity is a discipline built on trust, precision, and adaptability. As threats evolve, so must the people tasked with defending our systems and data. Yet for all the investment in tools and platforms, one area often remains underdeveloped: the human side of security. Developing strong, skilled professionals isn't just a workforce issue—it's a business imperative. Effective cybersecurity depends on people who understand your environment, your priorities, and your risk tolerance. But growing that kind of talent doesn't happen overnight, and it doesn't happen in a vacuum. It takes strategy, patience, and often, a shift in mindset. That's where a reimagined approach to internships comes into play. As Den Jones, founder and CEO of 909Cyber, puts it, 'When you onboard an employee, it's a couple of months ramp-up. I'd rather pay 35 bucks an hour to ramp them up than 200 bucks an hour.' Traditional internship programs follow a predictable, often inefficient format: a few weeks in the summer, a steep learning curve, and a handshake goodbye just when the intern is hitting their stride. What Jones and others in the space are pushing for is a fundamental shift—treat interns as part-time employees throughout the year. This allows students to grow with the company and hit the ground running during peak periods. It's a model born out of necessity and refined through experience. At Adobe, where Jones once led a robust internship program, he saw firsthand how effective this approach could be. Rather than saying goodbye at the end of summer, he'd invite standout interns to stay on part-time during the school year. That continuity paid off. 'Our hypothesis is: twist this round a bit. You grab a student at any time of the year, then they ramp up in summer, scale back to part-time during the semester, and ramp up again in winter,' Jones explains. 'That rhythm makes them far more valuable and reduces the cost and time of onboarding.' Jones is now putting that philosophy into practice with Intern Connect, a platform from 909Cyber designed to connect employers with valuable cybersecurity interns across the U.S. It's built to make internships easier, more flexible, and more aligned with the real-world needs of both students and businesses. Students benefit by gaining meaningful, paid experience in their field—often with better pay and more flexibility than typical part-time jobs. For employers, it's a cost-effective way to build a pipeline of junior talent who can evolve into full-time contributors. This isn't hypothetical. At a previous startup, Jones had interns conduct research and draft an article on AI and security. 'These are projects you might not have time for,' he said, 'but the interns did the legwork, and the content had real impact.' In other cases, he leveraged interns to cover overnight SOC shifts that full-time analysts didn't want. Hiring is expensive—and risky. Recruiters screen hundreds of candidates. Teams run through multiple rounds of interviews. Onboarding eats up weeks. And after all that, the new hire might still be a poor fit. Intern Connect flips that dynamic. With students working part-time and being paid less during onboarding, the stakes are lower—and the upside is higher. Plus, companies can evaluate talent in real time, with real projects, and decide whether to extend full-time offers based on actual performance—not just résumés and interviews. That makes internships a powerful filtering mechanism in a high-stakes hiring market. Jones isn't stopping at matching employers and students. He envisions a future where Intern Connect becomes a talent ecosystem—integrated with bootcamps, colleges, student chapters, and corporate partners. Discussions are already underway with recruiters, universities, and training platforms to build out this vision. There are even plans to offer short bootcamps to accelerate onboarding and help students ramp up faster. For employers, the cost to join the platform is minimal—$10 a month per user or $100 per year. That low price point reflects a key belief: building the next generation of cybersecurity professionals shouldn't break the budget. The cybersecurity industry doesn't have the luxury of waiting for perfect candidates. It needs to build them. And platforms like Intern Connect provide the tools to do just that. Instead of throwing money at job boards and crossing fingers, companies can nurture talent in-house, grow loyalty, and reduce hiring risk. As the demand for cyber skills continues to surge, the most resilient organizations will be those that learn to invest in the future—one intern at a time.
Daily Mail
07-05-2025
- Business
- Daily Mail
Memorising complex passwords and clunky text message 2-factor ID to be replaced by 'passkeys' in effort to beat hackers and boost web security
Memorising complex passwords and using clunky text message-based login systems are set to be a thing of the past as government departments begin a rollout of smart 'passkeys'. 'Passkeys' – already being used in the NHS - are now being rolled out by the government and promoted to the private sector. IT experts estimate they will save users one minute each time they sign in and be more secure. When a user first logs in, the system sends a digital key to specific devices. This allows a user to log in safely on future occasions without needing a password, text message or other code. The key remains stored on the device and cannot be easily intercepted or stolen – with third parties unable to access accounts using other devices. Feryal Clark, minister responsible for AI and Digital Government, announced the move at the National Cyber Security conference in Manchester today. He said: 'The rollout of passkeys marks another major step forward in strengthening the UK's digital defences while improving user experience for millions. 'Replacing older methods like SMS verification with modern, secure passkeys will make it quicker and easier for people to access essential services — without needing to remember complex passwords or wait for text messages. 'This shift will not only save users valuable but it will reduce fraud and phishing risks that damage our economic growth.' The move is backed by the National Cyber Security Centre, part of GCHQ, which views passkeys as the 'future of online authentication'. NCSC Chief Technical Officer Ollie Whitehouse said: 'We strongly advise all organisations to implement passkeys wherever possible to enhance security… and save significant costs on SMS authentication.' It comes as hackers have ramped up attacks on Britain with 'nationally significant' incidents doubling in recent months, the UK's cyber security agency has revealed. 'Hostile nation states' led by China, Russia, Iran and North Korea are believed to be at the forefront of malign online activity, along with groups using ransomware to extort money. Speaking in the wake of the attacks on Marks and Spencer, the Co-op and Harrods, Dr Richard Horne, chief executive of the National Cyber Security Centre told how Britain faces a 'diverse and dramatic' threat. Dr Horne said: 'We've managed more than 200 incidents since September last year (until the end of March). And that includes twice as many nationally significant incidents as the same period a year ago.' In the year to last September, the NCSC managed 430 incidents including 90 significant and 12 hacks .at the 'top end of severity'. It means Britain is on course for as many as 180 'significant' or 24 of the most severe incidents in the 12 months to the end of August. Dr Horne highlighted the risk from organisations and businesses contracting out IT services. The cyber security expert urged 'every organisation' to plan IT infrastructure 'that seeks to minimise the scale of any attack's impact' and 'to be able to continue and rebuild when an attack gets through'. Dr Horne added hostile nations 'have weaponised their cyber capabilities' and are 'operating daily'. China 'remains the pacing threat in the cyber realm', while he warned of 'acts of sabotage' directed by Russia. The cyber security boss also pointed to an ongoing threat from Iran and revealed how British firms 'are being targeted' by North Korean operatives 'disguising themselves as freelance third-country IT workers'. In order to defeat hackers using ransomware, Dr Horne said organisations must build 'the resilience that's needed to ensure recovery can happen without payment'. Cabinet office minister Pat McFadden told the conference cyber attacks such as those on major retailers were 'serious organised crime' and should be a 'wake-up call for the public sector, for businesses up and down the country'. Mr McFadden also said that while 'critical infrastructure is more interconnected than ever', this 'creates risks and vulnerabilities' as the technology can be 'weaponised'. But as well as the threat, the minister said British IT firms – the third-largest exporter of online security products and services - could turn the situation to their advantage. A survey found cyber attacks may cost UK businesses as much as £64bn a year – with 53 per cent of firms having suffered at least one incident in the last three years. The research published yesterday by cyber security provider ESET also found 43% of affected businesses reported a long-term impact on growth – but 15% of businesses had no cybersecurity budget. Jake Moore, Global Cybersecurity Advisor at ESET, warned: 'Cyber resilience is no longer optional – it's essential.'
