Security headlines distract, but the threats keeping CISOs awake are fundamental gaps and software supply chain risks. Learn why basics and visibility matter most.
The post Sleepless in Security: Whatโs Actually Keeping CISOs Up at Nightย appeared first on Security Boulevard.
As we look at the remainder of 2025 and beyond, the pace and sophistication of cyber attacks targeting the financial sector show no signs of slowing. In fact, based on research from Check Pointโs Q2 Ransomware Report, the financial cybersecurity threat landscape is only intensifying. Gone are the days when the average hacker was a..
The post How Financial Institutions Can Future-Proof Their Security Against a New Breed of Cyber Attackers appeared first on Security Boulevard.
ํต์ ๋คํธ์ํฌ๋ ์ด์ ์ด๋์๋ ์๋ค. ๋ฐ์ดํฐ ๊ด๋ฆฌ๋ถํฐ ๋น์ฆ๋์ค ๊ตฌ๋, ๋๋ฅ์ ๊ฐ๋ก์ง๋ฅด๋ ์ฌ๋ ์ฐ๊ฒฐ๊น์ง ์ธ์์ ์์ง์ด๋ ๊ธฐ๋ฐ์ด ๋๋ค. ์ค๋ซ๋์ ์ด ๋ถ์ผ์ ๋ณด์ ๋ฐฉ์์ ๋น๊ต์ ๋จ์ํ๋ค. ๋ฒฝ์ ์ธ์ฐ๊ณ , ์ํ์ ๋ฐ์ ๋๊ณ , ๋ด๋ถ๋ ์ ๋ถ ์ ๋ขฐํ๋ ๋ฐฉ์์ด์๋ค. ๋คํธ์ํฌ๊ฐ ํ์์ ์ผ๋ก ์ ๊ฒจ ์์ ๋๋ ์ด๋ฐ ๋ฐฉ์์ด๋ฉด ์ถฉ๋ถํ๋ค.
ํ์ง๋ง ๊ทธ๋ฐ ์๋๋ ๋๋ฌ๋ค. ์ด์ ์ํฌ๋ก๋๋ ํ์ด๋ธ๋ฆฌ๋ ํด๋ผ์ฐ๋ ์ ์ญ์ผ๋ก ํผ์ง๊ณ ์ฃ์ง ๊ธฐ๊ธฐ๋ ํญ๋ฐ์ ์ผ๋ก ๋๊ณ , ์๋ง์ ์๋ํํฐ ์๋ฃจ์ ์ ์ฒด๊ฐ ํต์ ๋ง์ ์ฐ๊ฒฐ๋๋ค. ์์ ์ ๊ฒฝ๊ณ์ ๊ฐ๋ ์ ์ฌ์ค์ ์ฌ๋ผ์ก๋ค.
๊ทธ๋์ ์ ๋ก ํธ๋ฌ์คํธ๊ฐ ํ์ํด์ก๋ค. ๊ทธ์ ์ต์ ์ ํ์ด์ ๊ทธ์น๋ ๊ฒ์ด ์๋๋ผ ์์กด์ ์ํ ํ์ ๋๊ตฌ๊ฐ ๋๋ค. ๋ง์ ๊ธฐ์ ์ด ์ ๋ก ํธ๋ฌ์คํธ๋ฅผ ๋ง์น ์ฌ์ ๋์ ํ ์ ์๋ ์ ํ ์ ๋๋ก ์คํดํ๋ค๋ ์ ์ด๋ค. ์ ๋ก ํธ๋ฌ์คํธ๋ ๊ทธ๋ฐ ๋ฐฉ์์ผ๋ก ์๋ํ์ง ์๋๋ค.
ํต์ ์ ๊ณ๋ฅผ ๋ณด๋ฉด ์ด๋ ๊ณณ์์๋ ์ ๋ก ํธ๋ฌ์คํธ๋ผ๋ ๋จ์ด๊ฐ ๋์จ๋ค. ์ด์ฌํ, ์ ๋ต ๋ฌธ์, ์๋ฃจ์ ์ ์ฒด ํ๋ ์ ํ ์ด์ ๋ฑ ์ด๋์๋ ๋ฑ์ฅํ๋ค. ๊ทธ๋ฐ ๊ณผ์ ์์ ์ ๋ก ํธ๋ฌ์คํธ์ ๋ณธ๋ ์๋ฏธ๊ฐ ๋ง์ด ํฌ์๋๋ค. ๋ง์ ๊ฒฝ์์ง์ด ์ ๋ก ํธ๋ฌ์คํธ๋ฅผ ๊ท์ ์ค์ ์ฒดํฌ๋ฆฌ์คํธ ํ ์ค, ๋๋ ๋ ํ๋์ ์ํํธ์จ์ด ๊ตฌ์ถ ์ฌ์ ์ ๋๋ก ์ฌ๊ธด๋ค.
ํ์ค์ ํจ์ฌ ๋์ ํ๋ค. ์ ๋ก ํธ๋ฌ์คํธ๋ ์ฌ๊ณ ๋ฐฉ์์ด๋ค. ๊ฐ์ ์ ๋ฒ๋ฆฌ๊ณ ๋์์์ด ๊ฒ์ฆํ๋ ์ชฝ์ผ๋ก ์ ํํ๋ ๊ด์ ์ด๋ค. ์ด๋ฐ ์ฌ๊ณ ๋ฐฉ์์ด ์กฐ์ง ๋ฌธํ์ ์ค๋ฉฐ๋ค์ด์ผ ๋ณด์์ด โํด์ผ ํ๋ ์ผโ ์์ค์ ๋ฒ์ด๋ ์ค์ ์ด์ ๋ฐฉ์์ผ๋ก ์๋ฆฌ ์ก๋๋ค. ํ์ง๋ง ๋๋ถ๋ถ ํต์ ์ฌ๋ ์ด๋ฐ ์ธ์ ์ ํ์ ์์ง ์ด๋ฅด์ง ๋ชปํ๋ค. ํ๋ฉด์ ์ธ ์์ ๋ง ๋ฏฟ๊ณ ์๊ณ , ๊ณต๊ฒฉ์๋ ์ด๋ฐ ํ์ ์ ์ ๊ตํ๊ฒ ํ๊ณ ๋ ๋ค.
์์ฆ OT(์ด์๊ธฐ์ ) ํ๊ฒฝ์ ๋ ธ๋ฆฌ๋ ๊ณต๊ฒฉ์ ๋๋ถ๋ถ IT ํ๊ฒฝ์์ ์ถ๋ฐํ๋ค. ๊ณต๊ฒฉ์๊ฐ ๊ด๋ฆฌ์ ๊ณ์ ์ ํ์ทจํ๊ฑฐ๋ ํ์ ํ ์ธํฐํ์ด์ค๋ฅผ ์ฐพ์ผ๋ฉด, ๋คํธ์ํฌ ์ฅ๋น๋ ๊ธฐ์ง๊ตญ ์ปจํธ๋กค๋ฌ ๊ฐ์ ํต์ฌ ์ค๋น ์ชฝ์ผ๋ก ๋ฐ๋ก ์ด๋ํ ์ ์๋ค.
IT์ OT์ ๊ฐ๊ทน์ ์ค์ด๋ ํด๋ฒ์ ์กฐ์ง๋๋ฅผ ๋ฐ๊พธ๋ ์ผ์ด ์๋๋ค. ๋ชจ๋ ๊ฒ์ ํ๋์ ๋ณด๊ณ , ๋จ์ผํ ๊ท์น ์งํฉ์ผ๋ก ๋ค๋ฃจ๋ ์ผ์ด๋ค. ์ ๊ทผ ๊ถํ ์ ์ฑ ์ ๊ณต์ ํ๊ณ ํจ์น ์ฐ์ ์์๋ฅผ ๋ช ํํ ์ ํ๊ณ , ์ํ ํ์ง๋ฅผ ํตํฉํด์ผ ํ๋ค. ์ด๋ฐ ์์๊ฐ ํ๋๋ก ๋ง๋ฌผ๋ ค ๋์๊ฐ ๋ ๋น๋ก์ ์ ๋ก ํธ๋ฌ์คํธ๊ฐ ํ์ค์ ์ธ ๋ณด์ ๋ชจ๋ธ๋ก ๊ตฌํ๋๋ค.
ํต์ ์ฌ์ ์๋ ์ด์ ๊ฐ์ธ ํด์ปค๋ ๋์ฌ์จ์ด ๋ฒ์ฃ์กฐ์ง๋ง ์๋ํ์ง ์๋๋ค. ์ค๋๋ ๊ฐ์ฅ ํฐ ์ํ์ ์ถฉ๋ถํ ์๊ธ๊ณผ ์ธ๋ ฅ์ ๊ฐ์ถ ์ง์ํ ๊ณต๊ฒฉ ๊ทธ๋ฃน์ด๋ค. ๊ตญ๊ฐ ์ฐจ์์ ๊ณต๊ฒฉ ์กฐ์ง์ด ๋ณด์ด์ง ์๊ฒ ์ ๋ณตํ๋ ๋ฐฉ์์ด๋ค. ์ํธ ํ์ดํผ(Salt Typhoon)๊ณผ ๊ฐ์ ๊ณต๊ฒฉ ์ฌ๋ก๋ ์ด๋ฐ ๊ทธ๋ฃน์ด ํต์ ๋ง ์์ ๋ช ๋ฌ์ฉ ๋จธ๋ฌด๋ฅด๋ฉฐ ๋ฏผ๊ฐํ ๋ฐ์ดํฐ๋ฅผ ๋นผ๋ด๊ณ , ๊ทธ ๊ฒฐ๊ณผ๊ฐ ์ค์ ์ง์ ํ์ ์ํ์ผ๋ก ์ด์ด์ง ์ ์์์ ๋ณด์ฌ์คฌ๋ค.
๋ฏธ๊ตญ ์ฌ์ด๋ฒ๋ณด์ยท์ธํ๋ผ๋ณด์๊ตญ(CISA)์ 2021๋ ์ดํ ์ ์ธ๊ณ ํต์ ์ฌ์ ์๋ฅผ ์นจํฌํ ๊ณต๊ฒฉ ์ฌ๋ก์ ๊ด๋ จํด ๋ณผํธ ํ์ดํผ(Volt Typhoon)์ ํฌํจํ ์ค๊ตญ ์ฐ๊ณ ๊ทธ๋ฃน์ ์ํ์ ๊ณต์ ๊ฒฝ๊ณ ํ๋ค.
์ ๋ก ํธ๋ฌ์คํธ๋ ๋จ์ํ ๊ธฐ์ ์ ๊ทธ๋ ์ด๋๊ฐ ์๋๋ผ ์ต๊ด์ ๋ฌธ์ ๋ค. ๊ทธ ์ค์์๋ ์ธ ๊ฐ์ง ์ต๊ด์ด ํต์ฌ์ด๋ค. ํญ์ ๊ฒ์ฆํ๊ณ , ํ์ํ ๋งํผ๋ง ๊ถํ์ ์ฃผ๊ณ , ๋ฌธ์ ๊ฐ ํผ์ง์ง ๋ชปํ๊ฒ ๋ง๋ ์ผ์ด๋ค.
์์งํ ๋งํด ๋ ๊ฑฐ์ ์ธํ๋ผ๋ ์ฌ๋ผ์ง์ง ์๋๋ค. ์์ญ ๋ ์ ์ ๊ตฌ์ถํ ๋คํธ์ํฌ ํ๋์จ์ด๊ฐ ์ง๊ธ๋ ํต์ ๋ง์ ์งํฑํ๋ค. ๋น์ ์ฅ๋น๋ 24์๊ฐ ๊ฐ๋๊ณผ ๋ด๋ถ ์๋ ์ ๋ขฐ๋ฅผ ์ ์ ๋ก ์ค๊ณ๋๋ค. ์ ๋ถ ์ ์ฅ๋น๋ก ๊ต์ฒดํ๋ ์ผ์ ์ํ ๋ถ๋ด์ด ํฌ๊ณ ๋น์ฉ๋ ๋ง๋ํ๋ค. ๊ทธ๋๋ก ๋๋ ์ ํ์ง๊ฐ ์กฐ๊ธ ๋ ์ํํ ๋ฟ์ด๋ค.
ํ์ค์ ์ธ ํด๋ฒ์ ๊ธฐ์กด ์์คํ ์ ํ๋์ ์ธ โ๋ณด์ ์ ธโ๋ก ๊ฐ์ธ๋ ์ผ์ด๋ค. ๋ณด์ ๊ฒ์ดํธ์จ์ด, ์ค์์ง์คํ ์ธ์ฆ, ์ธ์ ๋ชจ๋ํฐ๋ง ๊ฐ์ ๊ณ์ธต์ ๋ง์์ฐ๋ ๋ฐฉ์์ด๋ค. ์ด๋ฐ ๊ณ์ธต์ ์ถ๊ฐํ๋ฉด ๋๊ท๋ชจ ๊ต์ฒด๋ก ์ธํ ์๋น์ค ์ค๋จ ์ํ ์์ด๋ ์ง๊ธ ๋น์ฅ ๋ณด์ ์์ค์ ๋์ด์ฌ๋ฆด ์ ์๋ค.
์ ๋ก ํธ๋ฌ์คํธ์ ๋ชฉํ๋ ์๋ฒฝํ ์ด์ํฅ์ ์ข๋ ์ผ์ด ์๋๋ค. ์ ์ฒด ๋ณด์ ์์ค์ ํ ๋จ๊ณ์ฉ ๋์ด์ฌ๋ฆฌ๋ ๊ณผ์ ์ด๋ค. ๋งค ์ฐ๊ฒฐ์ ๊ฒ์ฆํ๊ณ , ํ๋์ฉ ์ํฌ๋ก๋๋ฅผ ๋ถ๋ฆฌํ ๋๋ง๋ค ๋คํธ์ํฌ๋ ์กฐ๊ธ์ฉ ๋ ๋จ๋จํด์ง๋ค.
์ ๋ก ํธ๋ฌ์คํธ๋ ๊ธฐ์กด ์ปดํ๋ผ์ด์ธ์ค ๊ท์ ์ ๋ฌด์ํ๋ ๊ฐ๋ ์ด ์๋๋ค. ๊ทธ๋ฐ ๊ท์ ์ ํ ๋๋ก ์์ ์ฌ๋ฆฌ๋ ์ ๋ต์ด๋ค. ISO 27001, ๋ฏธ๊ตญ ๊ตญ๋ฆฝํ์ค๊ธฐ์ ์ฐ๊ตฌ์์ ์ฌ์ด๋ฒ๋ณด์ ํ๋ ์์ํฌ(NIST Cybersecurity Framework), ์ ๋ฝ์ฐํฉ์ NIS2 ์ง์นจ(EU NIS2 Directive), ๊ฐ๊ตญ ํต์ ๊ท์ ๋ฑ ์ด๋ค ๊ท์ ๋ฅผ ์ ์ฉํ๋๋ผ๋ ํต์ฌ์ ๊ฐ๋ค. ์ํ์ ๊ณ์ ์ ๊ฒํ๊ณ , ๋๊ฐ ๋ค์ด์ค๋์ง ํต์ ํ๊ณ , ๊ด๋ฆฌ ์ํ๋ฅผ ์ฆ๋ช ํ๋ ์ผ์ด๋ค.
์ ๋ก ํธ๋ฌ์คํธ ๊ด์ ์ ์ด๋ฐ ํ๋ ์์ํฌ์ ๋ น์ฌ ๋ฃ์ผ๋ฉด ์ปดํ๋ผ์ด์ธ์ค๋ ๊ณจ์นซ๊ฑฐ๋ฆฌ๊ฐ ๋์ง ์๋๋ค. ๋จ์ํ ์๊ฑด์ ์ฑ์ฐ๋ ์์ ์ด ์๋๋ผ ์ผ์์ ์ธ ๋ณด์ ํ๋์ ์ผ๋ถ๊ฐ ๋๋ค. ์ํ ์์์ด ๋ฐ๋๋ฉด ๋ณดํธ ์ฒด๊ณ๋ ํจ๊ป ๋ฐ๋๋ค. ๋คํธ์ํฌ๊ฐ ์ด๋์ ์์นํ๋ ์ ๊ฒ์ ๋ฐ๊ธฐ์ ์ถฉ๋ถํ ์ค๋น ์ํ๋ฅผ ์ ์งํ ์ ์๋ค.
๊ฒฝ์์ง์ ๋ง์ฐํ ์ฝ์์ด ์๋๋ผ ์ฆ๊ฑฐ๋ฅผ ์ํ๋ค. ์ ๋ก ํธ๋ฌ์คํธ๋ฅผ ๋์ ํด ์ฒ์ 6๊ฐ์ ๋์ ์ค์ ๋ก ์ดํด๋ด์ผ ํ ์งํ๋ ๋ค์๊ณผ ๊ฐ๋ค.
์ด๋ค ์งํ๋ ๋ณด์ฌ์ฃผ๊ธฐ์ฉ ์์น๊ฐ ์๋๋ค. ์ ๋ก ํธ๋ฌ์คํธ๊ฐ ์ ํ์ด๋ฅผ ๋์ด ์ค์ ๋ก ํจ๊ณผ๋ฅผ ๋ด๊ณ ์์์ ์ฆ๋ช ํ๋ ์งํ๋ค. ์ดํ ์ ๋ต์ ๊ณ์ ๊ณ ๋ํํ ์ ์๋ ๊ธฐ๋ฐ์ด ๋๋ค.
์ ๋ก ํธ๋ฌ์คํธ๋ ๋ ์ด์ ๋ง๋ฟ์ธ ๊ฐ๋ ์ด ์๋๋ค. ๋คํธ์ํฌ ๋ณด์ ์์ค์ ํ๊ฐํ๋ ๊ธฐ์ค์ผ๋ก ์๋ฆฌ ์ก์๋ค. ํต์ ์ฐ์ ์์ ์ ๋ก ํธ๋ฌ์คํธ ๋์ ์ ์ด๋ฏธ์ง ๊ด๋ฆฌ๊ฐ ์๋๋ผ ์์กด ์ ๋ต์ด๋ค.
์์ฅ์กฐ์ฌ๊ธฐ๊ด ๊ฐํธ๋๋ 2027๋ ๊น์ง ๊ธฐ์ ์ 70%๊ฐ ๋ณด์ ์ ๋ต ์๋ฆฝ์ ์ ๋ก ํธ๋ฌ์คํธ ๊ด์ ์์ ์์ํ ๊ฒ์ผ๋ก ์ ๋งํ๋ค. ํ์ฌ ์์น๋ 20%์๋ ๋ชป ๋ฏธ์น๋ค.
์ฌ์ ํ ๋ก์ ๊ฒฝ๊ณ ๋ฐฉ์ด์ ๋งค๋ฌ๋ฆฌ๋ฉด ๊ณผ๊ฑฐ ์ ์์ ์น๋ฅด๋ ์
์ด๋ค. ์ ๋ ์ฌ์
์๋ ์ ๋ก ํธ๋ฌ์คํธ๋ฅผ ์ฌ์ ์ผ๋ก ๋ฐ์๋ค์ด๊ณ ์๋ค. ์ด ๊ธฐ์
์ด ์์ผ๋ก ๋ชจ๋๊ฐ ์์กดํ๊ฒ ๋ ํต์ ๋คํธ์ํฌ๋ฅผ ์ฐจ๊ทผ์ฐจ๊ทผ ๊ตฌ์ถํ๊ณ ์๋ค.
dl-ciokorea@foundryco.com
The World Economic Forum calls trust โthe new currencyโ in the agentic AI era and thatโs not just a metaphor: An increase of 10 percentage points in trust directly translates to 0.5% GDP growth. But hereโs what makes trust as a currency fundamentally different from any thatโs come before: you canโt borrow it, you canโt buy it and you canโt simply mint more.
When it comes to AI, trust used to mean one thing โ accuracy. Does the model predict correctly? Then we started asking harder questions about bias, transparency and whether we could explain the AIโs reasoning. Agentic AI changes the equation entirely. When a system doesnโt just analyze or recommend, but actually takes action, trust shifts from โDo I believe this answer?โ to โAm I still in full control of what this system does?โ
In the agentic era, trust must evolve from ensuring accurate results to building systems that can ensure continuous control and reliability of AI agents. As a result, trust is now the foundational architecture that separates organizations capable of deploying autonomous agents from those perpetually managing the consequences of systems they cannot safely control. My question for enterprise leaders is: Are you building that infrastructure now or will you spend next several years explaining why you didnโt?
The numbers tell a story of eroding confidence at precisely the moment when trust matters most. According to Stanford Universityโs Institute for Human-Centered Artificial Intelligence, globally, as AI-related incidents surged 56.4%, confidence that AI companies protect personal data fell from 50% in 2023 to 47% in 2024.
This isnโt just a perception problem. One out of six enterprise security breaches now involves AI, yet 97% of affected companies lacked proper access controls. By 2028, Gartner estimates a quarter of enterprise breaches will trace to AI agent abuse.
Hereโs the paradox: while 79% of companies have already adopted AI agents and another 15% are exploring possibilities, according to PwC, most companies have no AI-specific controls in place. In short, as companies rush to adopt agentic AI, weโre witnessing a fundamental readiness gap between vulnerabilities and defenses. Trust is eroding faster than companies can catch up.
Ironically, AI will also be your best defense, whether itโs against AI-amplified attacks by external parties or against AI agents behaving maliciously. An IBM report found that โorganizations using AI and automation extensively throughout their security operations saved an averageย $1.9 millionย in breach costs and reduced the breach lifecycle by an average of 80 days.โ Leveraging AI to enhance security delivers both monetary and efficiency ROI, with breaches solved an average of 80 days faster than non-automated operations. Thatโs not hypothetical risk management but measurable competitive advantage, especially because it enables use cases that competitors canโt risk deploying.
Traditional security was built on static trust: verify identity at the gate, then assume good behavior inside the walls. Agentic AI demands we go further. Unlike traditional applications, AI agents adapt autonomously, modify their own behavior and operate at machine speed across enterprise systems; this means yesterdayโs trusted agent could potentially be todayโs compromised threat that immediately reverts to normal behavior to evade detection.
Trust cannot be established and maintained just at the perimeter; our focus must shift to inside the walls as well. Securing these dynamic actors requires treating them less like software and more like a workforce, with continuous identity verification, behavioral monitoring and adaptive governance frameworks.
Successful trust architecture rests on three foundational pillars, each addressing distinct operational requirements while integrating into a cohesive security posture.
Every AI agent requires cryptographic identity verification comparable to employee credentials. Industry leaders recognize this imperative: Microsoft developed Entra Agent ID for agent authentication, while Oktaโs acquisition of Axiom and Palo Alto Networksโ $25 billion CyberArk purchase signal market recognition that agent identity management is critical.
Organizations must register agents in configuration management databases with the same rigor applied to employee vetting and physical infrastructure, establishing clear accountability for every autonomous actor operating within enterprise boundaries.
Traditional security tools monitor network perimeters and user behavior but lack mechanisms to detect anomalous agent activity. Effective trust infrastructure requires purpose-built observability platforms capable of tracking API call patterns, execution frequencies and behavioral deviations in real time.
Gartner predicts guardian agents, which are AI systems specifically designed to monitor other AI systems, will capture 10% to 15% of the agentic AI market by 2030, underscoring the necessity of layered oversight mechanisms.
Effective governance transforms policies from static documents into executable specifications that define autonomy boundaries, such as which actions agents can execute independently, which operations require human approval and which capabilities remain permanently restricted. Organizations with mature responsible AI frameworks achieve 42% efficiency gains, according to McKinsey, demonstrating that governance enables innovation rather than constraining it โ provided the governance operates as an architectural principle rather than a compliance afterthought.
Research from ServiceNow and Oxford Economicsโ AI Maturity Index reveals that pacesetter organizations that are achieving measurable AI benefits have established cross-functional governance councils with genuine executive authority, not technical committees relegated to advisory roles.
In sum, trust infrastructure isnโt defensive. Itโs the prerequisite for deploying AI agents in high-value workflows where competitive advantage actually resides, separating organizations capable of strategic deployment from those perpetually constrained by risks they cannot adequately manage.
Gartner predicts 40% of agentic AI projects will be canceled by 2027, citing inadequate risk controls as a main factor. By then, there will be a clear divide between organizations that can safely deploy ambitious agentic use cases and those that cannot afford to. The former will have built trust as infrastructure; the latter will be retrofitting security onto systems already deployed and discovering problems through costly incidents.
Trust canโt be borrowed from consultants or bought from vendors. Unlike traditional currencies that flow freely, trust in the age of agentic AI must be earned through verifiable governance, transparent operations and systems designed with security as a core principle, not an afterthought. As the gap between those who have it and those who donโt widens, the architectural decisions you make today will determine which side of the divide youโre on.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
Tycoon 2FA proves that the old promises of โstrong MFAโ came with fine print all along: when an attacker sits invisibly in the middle, your codes, pushes, and one-time passwords become their codes, pushes, and one-time passwords too. Tycoon 2FA: Industrial-Scale Phishing Comes of Age Tycoon 2FA delivers a phishing-as-a-service kit that hands even modestly..
The post The Death of Legacy MFA and What Must Rise in Its Place appeared first on Security Boulevard.
Explore secure methods for signing into online accounts, including SSO, MFA, and password management. Learn how CIAM solutions enhance security and user experience for enterprises.
The post Signing In to Online Accounts appeared first on Security Boulevard.
Identityโs New Frontier: How CISOs Can Navigate the Complex Landscape of Modern Access Management The cybersecurity battlefield has shifted. No longer are perimeter defenses and traditional identity management sufficient to...
The post Innovator Spotlight: Oleria appeared first on Cyber Defense Magazine.
ย Unifying IT Management and Security with ManageEngine In todayโs digital landscape, IT can feel like juggling flaming torches, one wrong move and the consequences can be costly. From managing endpoints,...
The post Innovator Spotlight: ManageEngine appeared first on Cyber Defense Magazine.
Organizations that donโt put in the extra effort needed to secure their Azure Active Directory leave themselves vulnerable and open to data leaks, unauthorized data access, and cyberattacks targeting their infrastructure.
Cybercriminals can decrypt user passwords and compromise administrator accounts by hacking into Azure AD Connect, the service that synchronizes Azure AD with Windows AD servers. Once inside the system, the attackers can exfiltrate and encrypt an organizationโs most sensitive data.
Azure AD users often overlook crucial steps, such as implementing multi-factor authentication for all users joining the Active Directory with a device. Failure to require MFA makes it easier for an attacker to join a malicious device to an organization using the credentials of a compromised account.
Increased security risk isnโt the only consequence of a poorly set up AD. Misconfigurations can cause process bottlenecks leading to poor performance. The following guide was created by CQUREโs cybersecurity expert โ Michael Graffneter specialized in securing Azure Active Directory, to help you detect and remedy some of the most common Azure AD misconfiguration mistakes.
ย
During security assessments, we often see production tenants being used by developers for testing their โHello Worldโ apps. We recommend that companies have standalone tenants for testing new apps and settings. Needless to say, the amount of PII accessible through such tenants should be minimized.
User accounts that are assigned the Global Adminโs role have unlimited control over your Azure AD tenant and in many cases also over your on-prem AD forest. Consider using less privileged roles to delegate permissions. As an example, security auditors should be fine with the Security Reader or Global Reader role.
Company administrators tend to create โtemporaryโ MFA exclusions for selected accounts and then forget about them, making them permanent. And due to misconfigurations, trusted IP address ranges sometimes include guest WiFi networks. Even with the free tier of Azure AD, one can use Security defaults to enable multi-factor authentication for all users. And users assigned the Global Administrator role can be configured to use multi-factor authentication at all times.
Many applications registered in Azure AD are assigned much stronger privileges than they actually require. It is also not obvious that app owners can impersonate their applications, which sometimes leads to privilege escalation. Registered applications and service principals should be regularly audited, as they can be used by malicious actors as persistent backdoors to the tenant.
Azure AD is constantly evolving and new security features are introduced regularly. But many of these newly added features need to be enabled and configured before they can be used, including the super-cool passwordless authentication methods. Azure AD deployment should therefore not be considered a one-time operation but rather a continuous process.
Azure AD Connect servers are used to synchronize Azure AD with on-premises AD, for which they need permissions to perform modifications in both environments. This fact is well-known to hackers, who might misuse AAD Connect to compromise the entire organization. These servers should therefore be considered Tier 0 resources and only Domain Admins should have administrative rights on them.
Even with an Azure AD Premium plan, user activity logs are only stored for 30 days. Is this default behavior really enough for your organization? Luckily, custom retention policies can be configured when Azure AD logs are forwarded to the Azure Log Analytics service, to the Unified Audit Log feature of Microsoft 365, or to 3rd-party SIEM solutions. And components like Azure AD Identity Protection or Azure Sentinel can automatically detect anomalies in user activity.
Not all default settings provide the highest security possible. Users can register 3rd party applications in Azure AD, passwordless authentication methods are disabled and ADFS endpoints with NTLM authentication that bypasses the Extranet Smart Lockout feature are published on proxies. These and other settings should be reviewed during Azure AD deployment and adjusted to fit organizational security policies.
Azure AD is a critical attack surface that needs continuous monitoring for misconfigurations. We hope this guide makes managing the security of your AD easier by helping you to detect and resolve vulnerabilities.
The post 8 Things to Avoid In Azure Active Directory appeared first on CQURE Academy.
The need to achieve responsible enterprise security has taken center stage in enterprise IT management in recent years, precipitated by a deluge of public data breaches that damaged company reputations. However, lacking information on the most critical modern attack vectors, many organizations continue to rely solely on traditional virus scanning tools as their sole method of enabling endpoint security.
Many business professionals seem to cling to a common misconception that the implementation of a malware protection tool provides blanket protection against all potential security risks. The broad availability of free scanning tools and Windowโs native Defender software has lulled individuals who are not particularly risk-conscious into a false sense of security when it comes to protecting their IT resources.
To be clear, it is certainly true that scanning and remediation tools for malware โ including viruses, Trojans, ransomware and adware โ continue to be critical components of any security arsenal. According to Enterprise Management Associates (EMA) research, 73 percent of surveyed organizations indicated they have been affected by a malware attack, and only 58 percent reported a high level of confidence that they can detect a malware incident before it causes a business-impacting event.
These challenges are only accelerating due to a new generation of advanced malware attacks that are designed to target specific environments or conditions and are more resistant to removal or cleanup. However, it is important to recognize that these threats represent only a portion of the total risks posed by the use of endpoint devices in modern business environments.
Learn more about endpoint security and mobile threat defense
Beyond the threat of malware infection, the broad reliance on distributed endpoint devices โ including desktops, laptops, tablets, smartphones and wearables โ poses a number of challenges to enterprise security assuredness. In traditional environments, endpoint devices (primarily desktops) and the applications and data they utilized were kept contained on controlled business networks.
Today, however, critical business IT services are distributed across numerous public and private cloud, web, and server-hosting environments. Additionally, the โmobile revolution,โ which began a decade ago, introduced more portable endpoint devices, allowing users to access business IT services from any location at any time. The consequence of these foundational changes to IT service delivery is that there is no longer a secure perimeter within which business devices, applications and data can be protected. Instead, all IT services must be considered continuously at risk.
Unfortunately, many bad actors are far ahead of the curve in figuring out how to exploit a world of interconnected and poorly secured software and devices. Cryptojacking is a prime example of this. It occurred to some resourceful individuals that it would be much cheaper and easier to secretly leverage the processing power of millions of end-user devices by embedding code in common websites to perform free cryptocurrency mining activities, rather than to purchase and manage a dedicated server farm for this purpose.
As a result, the performance of business devices and, by extension, the productivity of business workers are being diminished to line the pockets of clandestine entrepreneurs. Additionally, the eminent portability of the most commonly used endpoint devices (tablets and smartphones) further reduces their inherent security. EMA research indicated that one out of every eight mobile devices and one out of every 20 laptops containing business data ends up lost or stolen.
These are only two examples of rapidly evolving endpoint security challenges that plague enterprise operations teams, and this trend is expected to accelerate with cyberterrorists leveraging the power of intelligence technologies such as machine learning to identify new weaknesses they can exploit.
EMA recently noted that the most frequent consequence of a security breach is not a malware infection, but compromised business data. We live in an age when information is a commodity that can be bought and sold through both legal markets and shadowy outlets. The latter, of course, is the greater concern with critical data โ such as user access credentials, Social Security numbers, bank account information and other sensitive information โ regularly being auctioned on the dark web. Cyberattacks are no longer designed just to be a nuisance; they are the cornerstone of a high revenue-generating industry.
There are three principal methods through which data is compromised on an endpoint:
Antivirus and other malware protection solutions can certainly help protect endpoint devices from related attacks, but they do very little natively to prevent data loss from other attack vectors. To responsibly ensure endpoint devices can securely perform business tasks, organizations must adopt a multifaceted approach to security that continuously monitors for inappropriate device activities and effectively controls access to enterprise data and resources.
To enable holistic visibility, configuration, status and contextual information should be collected on devices, processes and network activities. Intelligence technologies, such as analytics, language processing and machine learning, should be applied to collected details so that any potential security risks can be rapidly identified, and policy-based automated responses can be immediately implemented.
Of course, enterprise data is not a risk at all if it is never removed from secured locations in the first place. This can be accomplished with the use of resource isolation technologies, such as containerization, app wrapping, virtualization and browser isolation solutions. Data access and distribution controls are also enhanced with the introduction of strong identity and access management (IAM) capabilities. IAM platforms that are risk-based and governed by policy controls provide a strong first line of defense in any security implementation, particularly if they holistically leverage device information collected by endpoint and security management tools, as well as common intelligence technologies to accurately determine the level of risk associated with allowing an access event to occur.
Unified endpoint management (UEM) solutions designed to support all endpoints across an entire IT ecosystem offer the optimal platform from which to manage a diverse range of security processes. Comprehensive UEM solutions centrally support capabilities for data collection, reporting and alarming, data analysis, and automated response that are the hallmark of a responsible endpoint security approach. Solutions in this field are greatly advantaged if they can extend their security management capabilities through direct integrations with related platforms or by enabling integrations with the use of an API.
Effective endpoint security management requires a broad spectrum of key functionality that goes far beyond just malware detection, but with the right resources in place, organizations can ensure the secure utilization of enterprise IT services without unnecessarily limiting workforce productivity.
Discover new approaches to endpoint security
The post What Is the Biggest Challenge Facing Endpoint Security? Hint: Itโs Not Malware appeared first on Security Intelligence.
Login