Security headlines distract, but the threats keeping CISOs awake are fundamental gaps and software supply chain risks. Learn why basics and visibility matter most.
The post Sleepless in Security: What’s Actually Keeping CISOs Up at Night appeared first on Security Boulevard.
As we look at the remainder of 2025 and beyond, the pace and sophistication of cyber attacks targeting the financial sector show no signs of slowing. In fact, based on research from Check Point’s Q2 Ransomware Report, the financial cybersecurity threat landscape is only intensifying. Gone are the days when the average hacker was a..
The post How Financial Institutions Can Future-Proof Their Security Against a New Breed of Cyber Attackers appeared first on Security Boulevard.
통신 네트워크는 이제 어디에나 있다. 데이터 관리부터 비즈니스 구동, 대륙을 가로지르는 사람 연결까지 세상을 움직이는 기반이 됐다. 오랫동안 이 분야의 보안 방식은 비교적 단순했다. 벽을 세우고, 위협은 밖에 두고, 내부는 전부 신뢰하는 방식이었다. 네트워크가 폐쇄적으로 잠겨 있을 때는 이런 방식이면 충분했다.
하지만 그런 시대는 끝났다. 이제 워크로드는 하이브리드 클라우드 전역으로 퍼지고 엣지 기기는 폭발적으로 늘고, 수많은 서드파티 솔루션 업체가 통신망에 연결된다. 예전의 경계선 개념은 사실상 사라졌다.
그래서 제로 트러스트가 필요해졌다. 그저 최신 유행어에 그치는 것이 아니라 생존을 위한 필수 도구가 됐다. 많은 기업이 제로 트러스트를 마치 사서 도입할 수 있는 제품 정도로 오해한다는 점이다. 제로 트러스트는 그런 방식으로 작동하지 않는다.
통신 업계를 보면 어느 곳에서나 제로 트러스트라는 단어가 나온다. 이사회, 전략 문서, 솔루션 업체 프레젠테이션 등 어디에나 등장한다. 그런 과정에서 제로 트러스트의 본래 의미가 많이 희석됐다. 많은 경영진이 제로 트러스트를 규제 준수 체크리스트 한 줄, 또는 또 하나의 소프트웨어 구축 사업 정도로 여긴다.
현실은 훨씬 냉정하다. 제로 트러스트는 사고방식이다. 가정을 버리고 끊임없이 검증하는 쪽으로 전환하는 관점이다. 이런 사고방식이 조직 문화에 스며들어야 보안이 ‘해야 하는 일’ 수준을 벗어나 실제 운영 방식으로 자리 잡는다. 하지만 대부분 통신사는 이런 인식 전환에 아직 이르지 못했다. 표면적인 안전만 믿고 있고, 공격자는 이런 허점을 정교하게 파고든다.
요즘 OT(운영기술) 환경을 노리는 공격은 대부분 IT 환경에서 출발한다. 공격자가 관리자 계정을 탈취하거나 허술한 인터페이스를 찾으면, 네트워크 장비나 기지국 컨트롤러 같은 핵심 설비 쪽으로 바로 이동할 수 있다.
IT와 OT의 간극을 줄이는 해법은 조직도를 바꾸는 일이 아니다. 모든 것을 한눈에 보고, 단일한 규칙 집합으로 다루는 일이다. 접근 권한 정책을 공유하고 패치 우선순위를 명확히 정하고, 위협 탐지를 통합해야 한다. 이런 요소가 하나로 맞물려 돌아갈 때 비로소 제로 트러스트가 현실적인 보안 모델로 구현된다.
통신 사업자는 이제 개인 해커나 랜섬웨어 범죄조직만 상대하지 않는다. 오늘날 가장 큰 위협은 충분한 자금과 인력을 갖춘 집요한 공격 그룹이다. 국가 차원의 공격 조직이 보이지 않게 잠복하는 방식이다. 솔트 타이푼(Salt Typhoon)과 같은 공격 사례는 이런 그룹이 통신망 안에 몇 달씩 머무르며 민감한 데이터를 빼내고, 그 결과가 실제 지정학적 위험으로 이어질 수 있음을 보여줬다.
미국 사이버보안·인프라보안국(CISA)은 2021년 이후 전 세계 통신 사업자를 침투한 공격 사례와 관련해 볼트 타이푼(Volt Typhoon)을 포함한 중국 연계 그룹의 위험을 공식 경고했다.
제로 트러스트는 단순한 기술 업그레이드가 아니라 습관의 문제다. 그 중에서도 세 가지 습관이 핵심이다. 항상 검증하고, 필요한 만큼만 권한을 주고, 문제가 퍼지지 못하게 막는 일이다.
솔직히 말해 레거시 인프라는 사라지지 않는다. 수십 년 전에 구축한 네트워크 하드웨어가 지금도 통신망을 지탱한다. 당시 장비는 24시간 가동과 내부 자동 신뢰를 전제로 설계됐다. 전부 새 장비로 교체하는 일은 위험 부담이 크고 비용도 막대하다. 그대로 두는 선택지가 조금 더 위험할 뿐이다.
현실적인 해법은 기존 시스템을 현대적인 ‘보안 셸’로 감싸는 일이다. 보안 게이트웨이, 중앙집중형 인증, 세션 모니터링 같은 계층을 덧씌우는 방식이다. 이런 계층을 추가하면 대규모 교체로 인한 서비스 중단 위험 없이도 지금 당장 보안 수준을 끌어올릴 수 있다.
제로 트러스트의 목표는 완벽한 이상향을 좇는 일이 아니다. 전체 보안 수준을 한 단계씩 끌어올리는 과정이다. 매 연결을 검증하고, 하나씩 워크로드를 분리할 때마다 네트워크는 조금씩 더 단단해진다.
제로 트러스트는 기존 컴플라이언스 규정을 무시하는 개념이 아니다. 그런 규정을 토대로 쌓아 올리는 전략이다. ISO 27001, 미국 국립표준기술연구소의 사이버보안 프레임워크(NIST Cybersecurity Framework), 유럽연합의 NIS2 지침(EU NIS2 Directive), 각국 통신 규제 등 어떤 규제를 적용하더라도 핵심은 같다. 위험을 계속 점검하고, 누가 들어오는지 통제하고, 관리 상태를 증명하는 일이다.
제로 트러스트 관점을 이런 프레임워크에 녹여 넣으면 컴플라이언스는 골칫거리가 되지 않는다. 단순히 요건을 채우는 작업이 아니라 일상적인 보안 활동의 일부가 된다. 위협 양상이 바뀌면 보호 체계도 함께 바뀐다. 네트워크가 어디에 위치하든 점검을 받기에 충분한 준비 상태를 유지할 수 있다.
경영진은 막연한 약속이 아니라 증거를 원한다. 제로 트러스트를 도입해 처음 6개월 동안 실제로 살펴봐야 할 지표는 다음과 같다.
이들 지표는 보여주기용 수치가 아니다. 제로 트러스트가 유행어를 넘어 실제로 효과를 내고 있음을 증명하는 지표다. 이후 전략을 계속 고도화할 수 있는 기반이 된다.
제로 트러스트는 더 이상 말뿐인 개념이 아니다. 네트워크 보안 수준을 평가하는 기준으로 자리 잡았다. 통신 산업에서 제로 트러스트 도입은 이미지 관리가 아니라 생존 전략이다.
시장조사기관 가트너는 2027년까지 기업의 70%가 보안 전략 수립을 제로 트러스트 관점에서 시작할 것으로 전망한다. 현재 수치는 20%에도 못 미친다.
여전히 낡은 경계 방어에 매달리면 과거 전쟁을 치르는 셈이다. 선도 사업자는 제로 트러스트를 여정으로 받아들이고 있다. 이 기업이 앞으로 모두가 의존하게 될 통신 네트워크를 차근차근 구축하고 있다.
dl-ciokorea@foundryco.com
The World Economic Forum calls trust “the new currency” in the agentic AI era and that’s not just a metaphor: An increase of 10 percentage points in trust directly translates to 0.5% GDP growth. But here’s what makes trust as a currency fundamentally different from any that’s come before: you can’t borrow it, you can’t buy it and you can’t simply mint more.
When it comes to AI, trust used to mean one thing — accuracy. Does the model predict correctly? Then we started asking harder questions about bias, transparency and whether we could explain the AI’s reasoning. Agentic AI changes the equation entirely. When a system doesn’t just analyze or recommend, but actually takes action, trust shifts from “Do I believe this answer?” to “Am I still in full control of what this system does?”
In the agentic era, trust must evolve from ensuring accurate results to building systems that can ensure continuous control and reliability of AI agents. As a result, trust is now the foundational architecture that separates organizations capable of deploying autonomous agents from those perpetually managing the consequences of systems they cannot safely control. My question for enterprise leaders is: Are you building that infrastructure now or will you spend next several years explaining why you didn’t?
The numbers tell a story of eroding confidence at precisely the moment when trust matters most. According to Stanford University’s Institute for Human-Centered Artificial Intelligence, globally, as AI-related incidents surged 56.4%, confidence that AI companies protect personal data fell from 50% in 2023 to 47% in 2024.
This isn’t just a perception problem. One out of six enterprise security breaches now involves AI, yet 97% of affected companies lacked proper access controls. By 2028, Gartner estimates a quarter of enterprise breaches will trace to AI agent abuse.
Here’s the paradox: while 79% of companies have already adopted AI agents and another 15% are exploring possibilities, according to PwC, most companies have no AI-specific controls in place. In short, as companies rush to adopt agentic AI, we’re witnessing a fundamental readiness gap between vulnerabilities and defenses. Trust is eroding faster than companies can catch up.
Ironically, AI will also be your best defense, whether it’s against AI-amplified attacks by external parties or against AI agents behaving maliciously. An IBM report found that “organizations using AI and automation extensively throughout their security operations saved an average $1.9 million in breach costs and reduced the breach lifecycle by an average of 80 days.” Leveraging AI to enhance security delivers both monetary and efficiency ROI, with breaches solved an average of 80 days faster than non-automated operations. That’s not hypothetical risk management but measurable competitive advantage, especially because it enables use cases that competitors can’t risk deploying.
Traditional security was built on static trust: verify identity at the gate, then assume good behavior inside the walls. Agentic AI demands we go further. Unlike traditional applications, AI agents adapt autonomously, modify their own behavior and operate at machine speed across enterprise systems; this means yesterday’s trusted agent could potentially be today’s compromised threat that immediately reverts to normal behavior to evade detection.
Trust cannot be established and maintained just at the perimeter; our focus must shift to inside the walls as well. Securing these dynamic actors requires treating them less like software and more like a workforce, with continuous identity verification, behavioral monitoring and adaptive governance frameworks.
Successful trust architecture rests on three foundational pillars, each addressing distinct operational requirements while integrating into a cohesive security posture.
Every AI agent requires cryptographic identity verification comparable to employee credentials. Industry leaders recognize this imperative: Microsoft developed Entra Agent ID for agent authentication, while Okta’s acquisition of Axiom and Palo Alto Networks’ $25 billion CyberArk purchase signal market recognition that agent identity management is critical.
Organizations must register agents in configuration management databases with the same rigor applied to employee vetting and physical infrastructure, establishing clear accountability for every autonomous actor operating within enterprise boundaries.
Traditional security tools monitor network perimeters and user behavior but lack mechanisms to detect anomalous agent activity. Effective trust infrastructure requires purpose-built observability platforms capable of tracking API call patterns, execution frequencies and behavioral deviations in real time.
Gartner predicts guardian agents, which are AI systems specifically designed to monitor other AI systems, will capture 10% to 15% of the agentic AI market by 2030, underscoring the necessity of layered oversight mechanisms.
Effective governance transforms policies from static documents into executable specifications that define autonomy boundaries, such as which actions agents can execute independently, which operations require human approval and which capabilities remain permanently restricted. Organizations with mature responsible AI frameworks achieve 42% efficiency gains, according to McKinsey, demonstrating that governance enables innovation rather than constraining it — provided the governance operates as an architectural principle rather than a compliance afterthought.
Research from ServiceNow and Oxford Economics’ AI Maturity Index reveals that pacesetter organizations that are achieving measurable AI benefits have established cross-functional governance councils with genuine executive authority, not technical committees relegated to advisory roles.
In sum, trust infrastructure isn’t defensive. It’s the prerequisite for deploying AI agents in high-value workflows where competitive advantage actually resides, separating organizations capable of strategic deployment from those perpetually constrained by risks they cannot adequately manage.
Gartner predicts 40% of agentic AI projects will be canceled by 2027, citing inadequate risk controls as a main factor. By then, there will be a clear divide between organizations that can safely deploy ambitious agentic use cases and those that cannot afford to. The former will have built trust as infrastructure; the latter will be retrofitting security onto systems already deployed and discovering problems through costly incidents.
Trust can’t be borrowed from consultants or bought from vendors. Unlike traditional currencies that flow freely, trust in the age of agentic AI must be earned through verifiable governance, transparent operations and systems designed with security as a core principle, not an afterthought. As the gap between those who have it and those who don’t widens, the architectural decisions you make today will determine which side of the divide you’re on.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
Tycoon 2FA proves that the old promises of “strong MFA” came with fine print all along: when an attacker sits invisibly in the middle, your codes, pushes, and one-time passwords become their codes, pushes, and one-time passwords too. Tycoon 2FA: Industrial-Scale Phishing Comes of Age Tycoon 2FA delivers a phishing-as-a-service kit that hands even modestly..
The post The Death of Legacy MFA and What Must Rise in Its Place appeared first on Security Boulevard.
Explore secure methods for signing into online accounts, including SSO, MFA, and password management. Learn how CIAM solutions enhance security and user experience for enterprises.
The post Signing In to Online Accounts appeared first on Security Boulevard.
Identity’s New Frontier: How CISOs Can Navigate the Complex Landscape of Modern Access Management The cybersecurity battlefield has shifted. No longer are perimeter defenses and traditional identity management sufficient to...
The post Innovator Spotlight: Oleria appeared first on Cyber Defense Magazine.
Unifying IT Management and Security with ManageEngine In today’s digital landscape, IT can feel like juggling flaming torches, one wrong move and the consequences can be costly. From managing endpoints,...
The post Innovator Spotlight: ManageEngine appeared first on Cyber Defense Magazine.
Organizations that don’t put in the extra effort needed to secure their Azure Active Directory leave themselves vulnerable and open to data leaks, unauthorized data access, and cyberattacks targeting their infrastructure.
Cybercriminals can decrypt user passwords and compromise administrator accounts by hacking into Azure AD Connect, the service that synchronizes Azure AD with Windows AD servers. Once inside the system, the attackers can exfiltrate and encrypt an organization’s most sensitive data.
Azure AD users often overlook crucial steps, such as implementing multi-factor authentication for all users joining the Active Directory with a device. Failure to require MFA makes it easier for an attacker to join a malicious device to an organization using the credentials of a compromised account.
Increased security risk isn’t the only consequence of a poorly set up AD. Misconfigurations can cause process bottlenecks leading to poor performance. The following guide was created by CQURE’s cybersecurity expert – Michael Graffneter specialized in securing Azure Active Directory, to help you detect and remedy some of the most common Azure AD misconfiguration mistakes.
During security assessments, we often see production tenants being used by developers for testing their “Hello World” apps. We recommend that companies have standalone tenants for testing new apps and settings. Needless to say, the amount of PII accessible through such tenants should be minimized.
User accounts that are assigned the Global Admin’s role have unlimited control over your Azure AD tenant and in many cases also over your on-prem AD forest. Consider using less privileged roles to delegate permissions. As an example, security auditors should be fine with the Security Reader or Global Reader role.
Company administrators tend to create “temporary” MFA exclusions for selected accounts and then forget about them, making them permanent. And due to misconfigurations, trusted IP address ranges sometimes include guest WiFi networks. Even with the free tier of Azure AD, one can use Security defaults to enable multi-factor authentication for all users. And users assigned the Global Administrator role can be configured to use multi-factor authentication at all times.
Many applications registered in Azure AD are assigned much stronger privileges than they actually require. It is also not obvious that app owners can impersonate their applications, which sometimes leads to privilege escalation. Registered applications and service principals should be regularly audited, as they can be used by malicious actors as persistent backdoors to the tenant.
Azure AD is constantly evolving and new security features are introduced regularly. But many of these newly added features need to be enabled and configured before they can be used, including the super-cool passwordless authentication methods. Azure AD deployment should therefore not be considered a one-time operation but rather a continuous process.
Azure AD Connect servers are used to synchronize Azure AD with on-premises AD, for which they need permissions to perform modifications in both environments. This fact is well-known to hackers, who might misuse AAD Connect to compromise the entire organization. These servers should therefore be considered Tier 0 resources and only Domain Admins should have administrative rights on them.
Even with an Azure AD Premium plan, user activity logs are only stored for 30 days. Is this default behavior really enough for your organization? Luckily, custom retention policies can be configured when Azure AD logs are forwarded to the Azure Log Analytics service, to the Unified Audit Log feature of Microsoft 365, or to 3rd-party SIEM solutions. And components like Azure AD Identity Protection or Azure Sentinel can automatically detect anomalies in user activity.
Not all default settings provide the highest security possible. Users can register 3rd party applications in Azure AD, passwordless authentication methods are disabled and ADFS endpoints with NTLM authentication that bypasses the Extranet Smart Lockout feature are published on proxies. These and other settings should be reviewed during Azure AD deployment and adjusted to fit organizational security policies.
Azure AD is a critical attack surface that needs continuous monitoring for misconfigurations. We hope this guide makes managing the security of your AD easier by helping you to detect and resolve vulnerabilities.
The post 8 Things to Avoid In Azure Active Directory appeared first on CQURE Academy.
The need to achieve responsible enterprise security has taken center stage in enterprise IT management in recent years, precipitated by a deluge of public data breaches that damaged company reputations. However, lacking information on the most critical modern attack vectors, many organizations continue to rely solely on traditional virus scanning tools as their sole method of enabling endpoint security.
Many business professionals seem to cling to a common misconception that the implementation of a malware protection tool provides blanket protection against all potential security risks. The broad availability of free scanning tools and Window’s native Defender software has lulled individuals who are not particularly risk-conscious into a false sense of security when it comes to protecting their IT resources.
To be clear, it is certainly true that scanning and remediation tools for malware — including viruses, Trojans, ransomware and adware — continue to be critical components of any security arsenal. According to Enterprise Management Associates (EMA) research, 73 percent of surveyed organizations indicated they have been affected by a malware attack, and only 58 percent reported a high level of confidence that they can detect a malware incident before it causes a business-impacting event.
These challenges are only accelerating due to a new generation of advanced malware attacks that are designed to target specific environments or conditions and are more resistant to removal or cleanup. However, it is important to recognize that these threats represent only a portion of the total risks posed by the use of endpoint devices in modern business environments.
Learn more about endpoint security and mobile threat defense
Beyond the threat of malware infection, the broad reliance on distributed endpoint devices — including desktops, laptops, tablets, smartphones and wearables — poses a number of challenges to enterprise security assuredness. In traditional environments, endpoint devices (primarily desktops) and the applications and data they utilized were kept contained on controlled business networks.
Today, however, critical business IT services are distributed across numerous public and private cloud, web, and server-hosting environments. Additionally, the “mobile revolution,” which began a decade ago, introduced more portable endpoint devices, allowing users to access business IT services from any location at any time. The consequence of these foundational changes to IT service delivery is that there is no longer a secure perimeter within which business devices, applications and data can be protected. Instead, all IT services must be considered continuously at risk.
Unfortunately, many bad actors are far ahead of the curve in figuring out how to exploit a world of interconnected and poorly secured software and devices. Cryptojacking is a prime example of this. It occurred to some resourceful individuals that it would be much cheaper and easier to secretly leverage the processing power of millions of end-user devices by embedding code in common websites to perform free cryptocurrency mining activities, rather than to purchase and manage a dedicated server farm for this purpose.
As a result, the performance of business devices and, by extension, the productivity of business workers are being diminished to line the pockets of clandestine entrepreneurs. Additionally, the eminent portability of the most commonly used endpoint devices (tablets and smartphones) further reduces their inherent security. EMA research indicated that one out of every eight mobile devices and one out of every 20 laptops containing business data ends up lost or stolen.
These are only two examples of rapidly evolving endpoint security challenges that plague enterprise operations teams, and this trend is expected to accelerate with cyberterrorists leveraging the power of intelligence technologies such as machine learning to identify new weaknesses they can exploit.
EMA recently noted that the most frequent consequence of a security breach is not a malware infection, but compromised business data. We live in an age when information is a commodity that can be bought and sold through both legal markets and shadowy outlets. The latter, of course, is the greater concern with critical data — such as user access credentials, Social Security numbers, bank account information and other sensitive information — regularly being auctioned on the dark web. Cyberattacks are no longer designed just to be a nuisance; they are the cornerstone of a high revenue-generating industry.
There are three principal methods through which data is compromised on an endpoint:
Antivirus and other malware protection solutions can certainly help protect endpoint devices from related attacks, but they do very little natively to prevent data loss from other attack vectors. To responsibly ensure endpoint devices can securely perform business tasks, organizations must adopt a multifaceted approach to security that continuously monitors for inappropriate device activities and effectively controls access to enterprise data and resources.
To enable holistic visibility, configuration, status and contextual information should be collected on devices, processes and network activities. Intelligence technologies, such as analytics, language processing and machine learning, should be applied to collected details so that any potential security risks can be rapidly identified, and policy-based automated responses can be immediately implemented.
Of course, enterprise data is not a risk at all if it is never removed from secured locations in the first place. This can be accomplished with the use of resource isolation technologies, such as containerization, app wrapping, virtualization and browser isolation solutions. Data access and distribution controls are also enhanced with the introduction of strong identity and access management (IAM) capabilities. IAM platforms that are risk-based and governed by policy controls provide a strong first line of defense in any security implementation, particularly if they holistically leverage device information collected by endpoint and security management tools, as well as common intelligence technologies to accurately determine the level of risk associated with allowing an access event to occur.
Unified endpoint management (UEM) solutions designed to support all endpoints across an entire IT ecosystem offer the optimal platform from which to manage a diverse range of security processes. Comprehensive UEM solutions centrally support capabilities for data collection, reporting and alarming, data analysis, and automated response that are the hallmark of a responsible endpoint security approach. Solutions in this field are greatly advantaged if they can extend their security management capabilities through direct integrations with related platforms or by enabling integrations with the use of an API.
Effective endpoint security management requires a broad spectrum of key functionality that goes far beyond just malware detection, but with the right resources in place, organizations can ensure the secure utilization of enterprise IT services without unnecessarily limiting workforce productivity.
Discover new approaches to endpoint security
The post What Is the Biggest Challenge Facing Endpoint Security? Hint: It’s Not Malware appeared first on Security Intelligence.
Login