Security Boulevard

via the cosmic humor & dry-as-the-desert wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Drafting’ appeared first on Security Boulevard.

PQC PDQ: Researchers find we’ll need 20 times fewer qubits to break conventional encryption than previously believed.

The post RSA and Bitcoin at BIG Risk from Quantum Compute appeared first on Security Boulevard.

At Seceon, we’re honored to announce that we have been named the “MSP Platform Provider Vendor of the Year” at the Technology Reseller Awards 2025. This recognition is a meaningful milestone that celebrates our ongoing commitment to delivering an innovative, AI-driven cybersecurity platform designed to meet the evolving needs of Managed Service Providers (MSPs) and

The post Seceon Wins “MSP Platform Provider Vendor of the Year” at Technology Reseller Awards 2025 appeared first on Seceon Inc.

The post Seceon Wins “MSP Platform Provider Vendor of the Year” at Technology Reseller Awards 2025 appeared first on Security Boulevard.

As software supply chain threats become more complex, organizations need more than just vulnerability scanning — they need complete visibility into the components that make up their applications.

The post SBOM management and generation: How Sonatype leads in software supply chain visibility appeared first on Security Boulevard.

Discover how Claroty and ColorTokens secure IoMT and prevent lateral movement in healthcare networks with agentless microsegmentation and visibility.

The post Protecting Biomedical Devices in the Large Healthcare Enterprise appeared first on ColorTokens.

The post Protecting Biomedical Devices in the Large Healthcare Enterprise appeared first on Security Boulevard.

An alert from CISA, FBI, EPA and DOE came after CISA observed attacks by “unsophisticated” cyber actors leveraging “basic and elementary intrusion techniques” against ICS/SCADA systems. 

The post Unsophisticated Actors, Poor Hygiene Prompt CI Alert for Oil & Gas  appeared first on Security Boulevard.

Author/Presenter: Per Thorsheim

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – PasswordsCon – Combating Phone Spoofing With STIR/SHAKEN appeared first on Security Boulevard.

Detection as code (DaC) is a powerful way for security teams to streamline rule development, automate threat detection, and respond to attacks with greater speed and precision. The DaC approach applies formal software development practices to write, manage, and deploy rules for detecting security threats.

The post Detection as code: How to enhance your real-time threat detection appeared first on Security Boulevard.

In our last episode, Trace Bannon and Dan Whitliff established the need for certifying critical system software engineers just as we certify engineers in chemical, architectural, mechanical and other safety-critical verticals.  In this show, we dive into when, where, and how critical system engineering certification programs are rolling out. Our guests in this show include…

The post Software Engineering Certifications Rolling Out Soon appeared first on CodeSecure.

The post Software Engineering Certifications Rolling Out Soon appeared first on Security Boulevard.

SSL stripping is a man-in-the-middle attack that downgrades secure HTTPS connections to HTTP, exposing sensitive user data. This article explains how the attack works and outlines the best technical and strategic measures businesses and users can take to defend against it, such as HSTS enforcement, certificate transparency, and automated certificate management.

The post What is an SSL stripping attack and how to prevent it appeared first on Security Boulevard.

Coinbase faces a class action lawsuit over a data breach. Learn about the implications for investors and the importance of secure authentication.

The post Coinbase Hit with Lawsuit Over $400M Data Breach and Stock Loss appeared first on Security Boulevard.

A major data breach exposed 184 million login credentials. Discover the risks and learn how to protect yourself from cyber threats.

The post Massive Data Breach Exposes 184 Million Login Credentials appeared first on Security Boulevard.

Struggling with DMARC alias failures? Learn why your alias emails get blocked and how to fix SPF&DKIM alignment for better deliverability.

The post Why Email Aliases Fail DMARC (And How to Fix Them) appeared first on Security Boulevard.

Azure AI Foundry Agent Service GA launch! Build and manage AI agents seamlessly to enhance enterprise productivity. Learn more today!

The post Azure AI Foundry Agent Service Launches Multi-Agent Orchestration appeared first on Security Boulevard.

Discover how Google's LiteRT enhances on-device inference with GPU and NPU acceleration, making AI applications faster and more efficient. Learn more!

The post Google Boosts LiteRT and Gemini Nano for On-Device AI Efficiency appeared first on Security Boulevard.

Discover JARVIS, Cisco's AI assistant that streamlines platform engineering workflows and enhances AI security with ServiceNow. Learn more now!

The post Cisco Unveils JARVIS: AI Assistant Transforming Platform Engineering appeared first on Security Boulevard.

AI, Quantum and the Evolving Threat Landscape: Key Findings from the Thales 2025 Data Threat Report
madhav
Tue, 05/27/2025 - 04:40

The Thales 2025 Data Threat Report reveals a critical inflection point in global cybersecurity. As the threat landscape grows more complex and hostile, the rapid adoption of generative AI is amplifying both opportunity and risk. While GenAI promises powerful gains, rushed deployments are outpacing security readiness, leaving sensitive data increasingly vulnerable. With most security teams still navigating unfamiliar GenAI architectures, prioritizing data protection is urgent. This year’s report underscores a clear mandate: organizations must refocus their security strategies around the data they collect, process, and safeguard on behalf of customers and stakeholders.

Can Organizations Keep Up with AI Adoption?

As organizations race to embrace AI and capitalize on new capabilities, a new generation of risk is rapidly emerging. This year’s report exposes a troubling gap: while awareness of GenAI threats is growing, true preparedness remains dangerously low. It’s a moment that demands reflection and a reassessment of how ready we really are.

• Nearly 70% cited the fast-moving GenAI ecosystem as their greatest security concern. However, respondents in the more advanced stages of AI adoption aren’t waiting to fully secure their systems or optimize their tech stacks before forging ahead.

Because the drive to achieve rapid transformation often outweighs efforts to strengthen organizational readiness, these organizations may inadvertently create significant security vulnerabilities.

Among the challenges of securing AI-based systems is the growing complexity of application architectures, which necessitates improved application security.

• 34% of businesses have over 500 application programming interfaces (APIs) in use.
• 59% of the respondents are now concerned about code vulnerabilities, and 48% worry about their software supply chain.

However, only 16% identified secrets management as necessary for data protection, despite the high risk associated with secrets management failures, which can expose authentication data such as API keys. This concern is amplified given the high reported number of APIs in use.

Quantum Cuts Both Ways

Those surveyed identified three major quantum computing security threats.

• 63% cited future encryption compromise
• 61% said key distribution, and
• 58% are concerned about the future decryption of today’s data, including the “harvest now, decrypt later” threat.

In response to these concerns, standards bodies have made progress. NIST released a transition guide in 2024. The guide recommends phasing out RSA and ECC by 2030 and entirely discontinuing them by 2035, giving firms a decade to prepare for a quantum-secure future. Encouragingly, businesses are taking steps in the right direction.

• 57% are prototyping or evaluating post-quantum cryptography (PQC) algorithms.
• 48% of the respondents said they are assessing their current encryption strategies.
• 45% focus on improving their crypto agility.
• Only 33% rely on their telco or cloud providers to do the work for them.

Cloud Complexity Threatens Data Sovereignty

The Thales 2025 Data Threat Report highlights the rising importance of digital sovereignty in today’s cloud-driven world. As organizations expand their cloud footprints and navigate tightening data privacy regulations, the need for greater control over data handling has become critical. Businesses now assert control to decide where data resides, who manages it, and how it moves across platforms. Three distinct levels of sovereignty have risen: data sovereignty (control over data residency), operational sovereignty (control over personnel and operations), and software sovereignty (portability across platforms).

In the GenAI era, where sensitive data powers predictive models and automated decisions, sovereignty concerns are legal and operational.

• 33% of respondents said future-proof portability was the top driver behind sovereignty initiatives.
• 50% said they were willing to refactor applications to achieve it.

Complicating these efforts is the continued rise of multicloud environments, with 76% of enterprises saying they now use two or more public clouds. Differences in security models, pricing, and provider integration can lead to fractured implementations and tool sprawl.

Companies reported using five or more tools for data discovery alone, and a similar number of key managers for encryption. This fragmentation clouds visibility and undermines uniform policy enforcement, making simplification and consolidation a priority.

Compliance is More Than a Checkbox

The Thales 2025 Data Threat Report particularly reveals the powerful correlation between regulatory compliance and breach prevention.

• 78% of those surveyed who failed a recent compliance audit had a history of data breaches.

This is nearly four times the rate of those who passed all audits, widening the gap seen in 2021, and shines a clear light on a simple truth:

• Robust compliance processes do more than appease regulators; they dramatically reduce the chance of successful breaches.

However, achieving compliance remains challenging. Nearly half (45%) did not pass a recent audit, a sign of difficulties with manual processes and fragmented tooling. In complex hybrid environments, where data is scattered across clouds and on-premises, having no unified policy enforcement becomes a dangerous vulnerability.

Phishing, Malware, and the Rise of Resilient MFA

Malicious actors continue to hone and improve their tactics. Unsurprisingly, malware and phishing continue to top the list of threat vectors, with ransomware close behind as a rapidly growing concern. While human error is now perceived as a lesser risk, it remains a significant factor in data breaches, particularly when phishing attacks lead to stolen credentials.

One area showing marked improvement is the adoption of phishing-resistant authentication methods.

• Nearly 60% reported using biometrics
• 47% have adopted passwordless systems based on passkeys.

As more cloud applications support this method, passkeys may help neutralize entire classes of attacks, a promising sign of proactive security posture development.

These improvements may justify a sense of optimism:

• The percentage of businesses dealing with breaches dropped from 23% in 2021 to just 14% in 2025.

However, there’s little room for complacency because gaps remain. Only 57% of respondents reported using strong multi-factor authentication (MFA) for cloud applications more than half the time. Alarmingly, 13% of data breaches boiled down to the failure to enforce MFA for privileged users, a reminder that even as tools improve, their effectiveness hinges on consistent implementation.

Toward a Unified Approach to Data Protection

The key takeaway from the 2025 Data Threat Report is that data protection must evolve from a fragmented, siloed function into a cohesive, strategic capability. To meet today’s challenges, organizations must unify disparate security tools, enforce centralized policy controls, and ensure seamless, transparent protection across increasingly complex hybrid environments. Data security posture management, encryption & key management, and improved API visibility have become essential steps toward operational maturity.

Download the Thales 2025 Data Threat Report for in-depth findings, expert insights, and practical guidance on securing modern enterprises in the GenAI, multicloud, and quantum computing age.

Data Security

Krishna Ksheerabdhi | VP, Product Marketing
More About This Author > basic

The post AI, Quantum and the Evolving Threat Landscape: Key Findings from the Thales 2025 Data Threat Report appeared first on Security Boulevard.

Nonprofit employees should strategically recognize and prevent attacks to protect their sensitive data from cybercriminals. 

The post Understanding the Importance of Incident Response Plans for Nonprofits appeared first on Security Boulevard.

The newest extension to LimaCharlie’s SecOps Cloud Platform (SCP) offers users advanced control over Windows endpoint protection at scale. This powerful new capability allows security service providers to easily manage free instances of Microsoft Defender Antivirus (previously Windows Defender) on all Windows endpoints through a single unified interface.

Key Capabilities

This extension is simple to enable, requires no additional integrations, and immediately provides three powerful capabilities to users:

Defender Check: Instantly query Windows machines to verify the presence of an active Defender instance. Easily identify any unprotected workstations across tenants

Defender Alerts: Receive important telemetry from Windows Defender at wire speed. Receive notifications immediately if Windows Defender detects a problem 

Remote AV Scan: Initiate Defender AV scans on Windows endpoints. Perform scans ad-hoc or use the SCP to automate them to occur at regular intervals.

Strategic Benefits

The new extension delivers significant operational advantages: 

• Centralized Management: Control Defender across all your endpoints from a single interface

• Robust Telemetry Collection: Gather comprehensive endpoint security data

• Rapid Event Detection: Identify potential threats in your environments

• Powerful Automation Opportunities: Schedule scans or created automated responses

The SCP also creates a starter set of detection and response (D&R) rules that extend beyond simple alerting. These rules can be further customized to meet the broader security needs of your environment(s).

Getting Started with Endpoint Protection

Enabling enterprise and cross-tenant endpoint protection has never been so simple. Read more about enabling the new Endpoint Protection extension in our documentation.

If you’re new to LimaCharlie, try it for free or book a demo with our solutions engineers.

The post LimaCharlie Leaps Ahead With Endpoint Protection appeared first on Security Boulevard.

Discover how PowerDMARC empowered HispaColex Tech Consulting to bolster client email security, enhance customer satisfaction, and gain a competitive edge.

The post MSP Case Study: How PowerDMARC Became a Game-Changer for HispaColex Tech Consulting appeared first on Security Boulevard.