The global threatscape is becoming dominated by all forms of weaponized LLMs, AI, and conversational agents, all aimed at launching lethal attacks that cripple companies and entire supply chains in minutes.
Nation‑state actors and organized eCrime groups now use artificial intelligence, including generative AI (GenAI), to automate reconnaissance, weaponize access, and strike faster than most defenses can respond. To keep pace, enterprises and the CISOs leading them are turning to GenAI as a defensive multiplier.
Yet, despite early hurdles, cybersecurity leaders remain optimistic. Nearly every CISO I’ve spoken with sees GenAI as pivotal for transforming threat detection, proactive hunting, rapid incident response, and extracting actionable insights from terabytes of telemetry data streaming from endpoints and events. They recognize GenAI as crucial to decoding adversary tradecraft, particularly as identity-based threats and weaponized machine-learning attacks accelerate, reshaping the global threatscape in real time.
Key takeaways
Code Analysis leads the pack. GenAI‑assisted code analysis is the most mature use case: 22% of enterprises use it today, and another 30% are piloting it. It addresses a persistent gap, as 69% of software‑engineering leaders cite insecure code remediation as a critical skills bottleneck.
GenAI shows potential in helping SOC teams spot vulnerabilities faster. Currently, 21% of organizations actively leverage GenAI to enhance vulnerability detection and remediation, with another 26% piloting these capabilities. Adoption is driven by GenAI’s ability to automate vulnerability identification and prioritize remediation workflows, addressing longstanding security bottlenecks and resource constraints. Despite intense interest, widespread implementation remains challenged by integration complexity and skepticism about AI-generated accuracy, emphasizing the need for incremental deployment aligned with existing cybersecurity metrics.
CISOs Shift from Ambition to Execution Gartner finds that the leaders gaining traction are those adopting “bite‑sized” implementations or use cases that fit into current processes, deliver quantifiable ROI, and build trust among analysts and engineers.
CISOs are dealing with a threatscape moving at machine speed
Given how lethal machine-driven attacks are becoming, exacerbated by the growing sophistication of weaponized AI, going on the offensive with GenAI is a choice more CISOs are considering.
Nearly every cybersecurity team wants to have a Gen AI pilot either complete or in process to see how it integrates with their planned arsenal for 2026. Most CISOs want some form of AI in their arsenals going into the new year, as many expect the intensity, ingenuity, and lethal impact of automated attacks will reach new levels next year. One told me confidentially she fully expects machine-on-machine breach attempts to grow six times over in 2026 as her financial services firm handles highly speculative assets, including cryptocurrency ETFs and investment products.
Breakout speed hits critical mass.CrowdStrike’s2025 Global Threat Report reveals the alarming acceleration of attacks: the fastest observed eCrime intrusion took just 51 seconds to escalate from initial access to lateral movement, virtually eliminating defenders’ window to respond.
Living-off-the-Land tactics dominate and often evade legacy cyberdefense systems: Malware-free intrusions surged significantly, now comprising 81% of interactive attacks in 2025. This trend is corroborated by findings from Mandiant and IBM X-Force, indicating adversaries are bypassing traditional signature-based controls by exploiting legitimate tools native to the enterprise environment.
Nation-state activity reaching new record levels as weaponized tradecraft gains stealth and sophistication:CrowdStrike, Mandiant have documented triple-digit increases in operations linked to China, Iran, and North Korea. These attacks predominantly target telecommunications and critical infrastructure, reflecting geopolitical tensions and nation-states’ strategic prioritization of cyber-espionage.
Global threat consensus is clear and compelling:ENISA’s Threat Landscape 2025 report aligns precisely with intelligence from CrowdStrike, Mandiant, and IBM X-Force, verifying that nation-state actors now leverage AI-driven automation to execute attacks faster than enterprises can detect, let alone defend.
CrowdStrike Founder and CEO George Kurtz underscored the urgency clearly in a recent CNBC interview on October 23rd, stating, “Well, this is something that we’ve really been focused on for the last number of years is being able to protect agentic AI. And if you think about agentic AI, it has the capabilities to interact with data. It has the capabilities to interact with Compute. It has identities, non-human identities, but it operates at superhuman speed. So all of the challenges that we’ve seen over the many years of humans getting themselves into trouble is only going to be exasperated by agentic AI, and we need security like CrowdStrike is delivering to protect it”.
Practical guidance from CISOs adding GenAI to their arsenals
Gartner’s latest research, combined with interviews and discussions with CISOs, security leaders, and SOC leaders who are piloting and in some cases using GenAI-based platforms today, offers this advice:
Go deep on integration on pilots to see how strong the GenAI solution is as a contributor to your security tech stack: CISOs and SOC leaders tell me that this is the most reliable test of whether a GenAI platform or app will make the cut and get to production on their tech stack. Solid APIs that have been battle-tested by vendors who have a strong API management history have the inside track.
Outcome-driven use cases are a must-have:At its core, cybersecurity is a business decision. And in a digital-first world, protecting your brand is essential. Any Gen AI pilot needs to contribute to a use case that makes a solid contribution to solidifying a business’s ability to compete.
Start with time-tested, established metrics: Getting to a level of trust in GenAI is core to seeing if it is ready to progress from pilot into production. Evaluating GenAI effectiveness using established KPIs, including mean time to detect (MTTD) and mean time to respond (MTTR), at table stakes. CISOs and others running pilots caution about creating entirely new metrics just for GenAI. It obfuscates the total business impact of the technology.
Parallel human trust and governance: Gartner emphasizes investing in employee enablement and robust governance frameworks like NIST’s AI Risk Management Framework to foster confidence in GenAI adoption. Human oversight remains a vital layer of control. Human-in-the-middle is essential for any workflow.
Bottom Line
Nation-state adversaries measure their innovation in how lethal their attacks are, how stealth their tradecraft is, and how easily they can evade legacy security techniques. It’s a full cyberwar just a few steps away from a full-on kinetic war. Research from CrowdStrike, IBM, Mandiant, and many other companies shows machine-to-machine attacks orchestrated with Gen AI are accelerating, so much so that Forrester predicts an imminent AI breach next year. GenAI’s ability to identify new threats and stop them makes the technology work a look.
CISOs are being asked to do a lot more with less as their businesses are going all-in on new digital businesses that demand identity-based security while keeping budgets tight for securing infrastructure against attacks.
Cybersecurity budgets are, on average, just 5.7% of IT annual spending. That’s tight for many security teams. CISOs are rising to the challenge, however, and delivering revenue gains by protecting new digital businesses while keeping infrastructure safe. Achieving that is a quick way for CISOs to advance their careers.
Cybersecurity needs funding to match its business growth potential
The good news is that more CEOs and boards see cybersecurity as a business enabler. The challenge for CISOs, however, is that cybersecurity still gets funded purely for its defensive value – not its upside potential to drive growth.
Many security teams struggle to make ends meet in their budgets while still staying responsive to internal teams’ needs. Forrester’s 2024 Cybersecurity Benchmarks Global Report shows just how tight budgets can get for a CISO and their team. Project-related work and incident management are a constant balancing act for security teams, and keeping them both in check is key to staying under budget.
Top Ten Insights
Cybersecurity budgets are on the low side compared to the growing complexity of threats and risks organizations face.
That’s forcing CISOs to be selective about what they spend on and how they allocate limited resources. Add to that the average spend of $1,070 per enterprise user and $157,000 per cybersecurity employee, and cybersecurity teams have little, if any, room for inefficiencies.
The following are the top ten insights from Forrester’s latest cybersecurity benchmark report:
CISOs need to move out of the IT organization and report to their CEOs and board of directors to have a chance at a more realistic budget. Forrester finds that cybersecurity budgets increase when CISOs report directly to the CEO or board of directors. CISOs who can articulate the business value of cybersecurity, demonstrating how it can drive revenue and support strategic goals, are more likely to secure the necessary funding. This shift also reflects a growing recognition of cybersecurity’s strategic importance beyond mere IT operations.
Software will dominate cybersecurity budgets in 2024. The report reveals that 35.9% of cybersecurity budgets globally are allocated to software. This trend is particularly pronounced in large enterprises with up to 74,999 employees, where 39.4% of the budget is dedicated to software. Smaller organizations, conversely, spend a higher percentage on outsourcing services due to limited in-house capabilities, which underscores the scalability challenges smaller firms face in maintaining robust cybersecurity defenses.
Source: Forrester 2024 Cybersecurity Benchmarks Global Report
Cybersecurity spending per user keeps climbing, reaching $1,070. This is another budget constraint CISOs have to factor into their total operations plans for a given year. Forrester notes that “the cybersecurity spend per enterprise user ranges from an average of $947 at extra-large organizations (75,000 or more users) to $1,210 at small organizations (fewer than 10,000 users).
Personnel costs consume 28% of the typical security budget. The report highlights that organizations are spending an average of $157,593 per cybersecurity employee. Full-time employees make up 73.5% of security teams, with the global average cost per contracted full-time equivalent (FTE) reaching $194,613. This significant expenditure on personnel underscores the critical role of skilled professionals in maintaining effective cybersecurity defenses.
Source: Forrester 2024 Cybersecurity Benchmarks Global Report
System Defense is the leading functional spend category in 2024. Forrester finds that 29% of functional spending is in System Defense alone. The funding levels approved for this category reflect the critical need to protect endpoints and mobile devices against increasingly sophisticated attacks. With adversaries innovating faster than enterprises can keep up, System Defense is a must-have to protect new digital businesses and infrastructure. The following graphic shows cybersecurity spending by functional domain.
Source: Forrester 2024 Cybersecurity Benchmarks Global Report
Identity and Access Management (IAM) takes up 21% of functional spending in the typical budget. Identity-driven attacks take many forms, from mass phishing to whale phishing, where senior executives of a company are targeted with tailored campaigns IAM also enhances operational efficiency and fraud reduction, making it a strategic investment for many organizations. Its broad applicability across both internal and customer-facing applications drives its substantial share of the cybersecurity budget.
Security analytics and incident handling reach 13% and 14%, respectively. Forrester notes that each of these separate services accounts for a relatively low percentage of the overall cybersecurity budget. Still, most organizations combine spending on these two categories into “detection and response.” Both areas combined equal 26% of the overall security budget, on average.
Getting compliance and governance right is a growing concern for many CISOs who are willing to spend their budget to stay in good standing with the SEC. The Security and Exchange Commission’s Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure adopted on July 26, 2023. The rules adopted by the SEC define a standardized process for cybersecurity disclosures for public companies. These rules require companies to disclose material cybersecurity incidents on Form 8-K or Form 6-K within four business days of determining the incident’s materiality. Additionally, companies must include cybersecurity risk management, strategy, and governance information in their annual reports (Forms 10-K and 20-F). The rules also mandate the use of Inline XBRL for tagging these disclosures.
Incident handling is on average, 13.5% of a global cybersecurity budget. This category is the most unpredictable, as it deals with responding to intrusions and breaches that cannot be forecasted. Spending on incident handling varies by company size, with small organizations (fewer than 10,000 employees) aligning with the global average of 13.5%. Larger organizations tend to allocate slightly less, likely due to more extensive preventative measures and diversified cybersecurity resources.
Privacy is core to customer trust today and gets funded, even in tough budgeting cycles. The two departments that use privacy-related solutions the most frequently are legal and marketing, which dedicate on average 12% of a cybersecurity budget to them. Forrester notes that this 12% figure is not the total privacy spend of an organization. Rather, the report says, “Data privacy spans multiple areas of the organization, including marketing and legal. Its share of the security budget doesn’t represent the total spending on privacy-related initiatives across the entire technology estate.
Balancing the scales of cybersecurity budgeting
The bottom line is that cybersecurity is a business decision and needs to be funded with that mindset. Organizations need to see the CISO role as a more board-level one so they can share their technology expertise in helping to manage risk.
It’s time for cybersecurity to be funded as a growth engine, not just one used for deterrence alone.
CISOs can balance the scales by looking for an opportunity to elevate their role to a CEO direct report and, ideally, be on the board to help guide their companies through an increasingly complex threat landscape.
Stolen identity and privileged access credentials now account for 61% of all data breaches. This figure continues to increase as nation-state attackers, cybercrime groups, and rogue attackers integrate AI into their attack tradecraft.
Adversarial AI is taking aim at identities
80% or more of breach attempts aim first at identities and the systems that manage them. CrowdStrike’s2024 Global Threat Report found that identity-based and social engineering attacks are reaching a new level of intensity. CrowdStrike found that attackers are using AI to launch advanced phishing attacks to impersonate legitimate users and infiltrate secure accounts. Attackers have long sought account credentials, but in 2023, their goals centered on authentication tools and systems, including API keys and OTPs.
“What we’re seeing is that the threat actors have really been focused on identity, taking a legitimate identity. logging in as a legitimate user. And then laying low, staying under the radar by living off the land by using legitimate tools,” Adam Meyers, senior vice president counter adversary operations at CrowdStrike, told VentureBeat in an interview early this year. Two of the most infamous Russian nation-state attackers, Fancy Bear and Cozy Bear, led these efforts, with the former exploiting a Microsoft Outlook vulnerability (CVE-2023-23397) for unauthorized server access.
Top ten trends defining identity and access management (IAM) in 2024
Forrester’s recent report, The Top Trends Shaping Identity And Access Management In 2024, provides an insightful view into the future of Identity and Access Management (IAM) and Privileged Identity Management (PIM). The report predicts that threat detection and remediation will improve with the help of A.I. Forrester also predicts that FIDO passkey authentication will go mainstream. In contrast, biometric authentication will slow down due to concerns regarding deepfakes.
Here is a summary of the top ten trends Forrester believes will shape IAM in 2024:
Trend 1: AI Will Improve Identity-Based Threat Detection and Remediation. Generative AI (genAI) is helping to redefine the future of IAM by improving outlier behavior analysis, increasing alerts’ accuracy, and streamlining administrative tasks while guarding against new threats.
98% of security professionals believe AI and machine learning (ML) will be beneficial in fighting identity-based breaches and see it as a pivotal technology in unifying their many identity frameworks. The majority, 63%, predict AI’s leading use case will be greater accuracy in identifying outlier behavior. 56% believe AI will help improve the accuracy of alerts, and 52% believe AI will help streamline administrative tasks.
Forrester asserts that AI will help short-staffed security teams triage alerts and automate time-consuming, mundane aspects of their jobs. Forrester also envisions genAI being used to query, “Which five applications are the riskiest from an identity entitlement perspective?” CrowdStrike announced at RSAC 2024 that Charlotte AI, CrowdStrike’s Generative AI security analyst, can automatically correlate all related contexts into a single incident and generate an LLM-powered incident summary for security analysts.
Trend 2: IAM Platforms Face Increased Scrutiny Of Their Underlying Security. High-profile breaches that began with impersonation leading to identity theft, including MGM and Okta, reflect how social engineering can still bypass IAM safeguards. CISOs are pushing back on their IAM vendors to improve operational processes and security practices and prioritize security for cloud-based SaaS applications and multi-cloud configurations. Forrester writes that their clients running IAM systems expect their vendors to comply with standards like SOC 2, FedRAMP, ISO 27002, and PCI. CISOs and security teams are also asking to vet a vendor’s workforce, including both employees and contractors and understand how the vendor communicates about and addresses security issues.
Forrester’s advice to security and risk management professionals is to “Demand multifactor authentication for all workforce business and admin users, without exception. Prioritize IAM vendors that embrace secure-by-design and secure-by-default principles and value continuous two-way customer engagement to improve their overall cybersecurity posture.”
Trend 3: IAM And Non-IAM Vendors Respond To Identity-Centric Threats. More CISOs and their security teams are taking a zero trust mindset to breaches. They see them as inevitable, and as part of their zero trust frameworks, they’re looking to shut down lateral movement after an intrusion. Forrester observes that “both IAM vendors and non-IAM cybersecurity vendors keep making advances in identity threat detection and response (ITDR). As a result of organic development and acquisitions, ITDR capabilities are being incorporated in platforms from privileged identity management (PIM) vendors like ARCON, BeyondTrust, CyberArk, and Delinea, as well as XDR vendors, such as Cisco, CrowdStrike, Proofpoint, and SentinelOne.”
Trend 4: FIDO Passkey Authentication Goes Mainstream For Workforce And B2C Uses. Forrester notes that a large number of customer-facing sites, including H&R Block, PayPal, and Verizon, are moving to passwordless authentication. At the same time, smaller financial institutions like coinbase.com offer optional fast identity online (FIDO) Authentication and FIDO passkey-based authentication. The research firm expects 30% of B2C websites and apps to offer FIDO passkeys by the end of 2024.
Trend 5: Biometric Adoption Slows Due To Concerns Around Deepfakes. Despite biometric authentication being a security standard on smartphones, CISOs and consumers alike are becoming more concerned about deepfakes. Designing liveness detection and other advanced features for facial and fingerprint recognition systems reduces the threat of spoofing generated by deepfake technology.
As multiple breach attempts have proven, voice biometrics are more susceptible to attack. Forrester notes that in response, the FTC set a Voice Cloning Challenge to “encourage the development of multidisciplinary solutions—from products to procedures—aimed at protecting consumers from artificial intelligence-enabled voice cloning harms, such as fraud and the broader misuse of biometric data and creative content.” Vendors will add additional deepfake detection to their solutions in 2024, resulting in a rebound in biometrics adoption in 2025.
Trend 6: IMG And PIM Vendors Expand Coverage Of Cloud Administrator Identities. Getting multicloud and hybrid cloud security right is getting more challenging and complex to achieve at scale due to configuration complexity. Forrester notes that “zero trust in the cloud starts with understanding the data access entitlements of identities like cloud infrastructure administrators, SaaS administrators, and business users.” Security and risk management professionals need to review cloud administrators’ entitlements that grant access to sensitive data assets and, when necessary, cancel them. Forrester writes, “While tools offer detection and remediation automation, they are no substitute for documented and consistent identity governance processes.”
Trend 7: Government-Issued Digital Identities Continue To Spread. Forrester believes acceptance of government-issued decentralized digital identities (DDIDs) beyond government use cases will grow in 2024. Mobile digital identities, including driver’s licenses, are now available in the US states of Arizona, California, Florida, and Iowa. Jurisdictions that have or will soon issue mobile driver’s licenses include the European Union (based on the eIDAS 2.0 approved set of standards), Estonia, Hungary, and Sweden. Nigeria and the Philippines have digital identities active today. .
Trend 8: B2B IAM Becomes A Differentiating Feature. Security teams and CISOs running them who are operating without an extended IAM ecosystem for partners like contractors, suppliers, and resellers face more severe security risks. B2B IAM involves managing joiner, mover, and leaver (JML) processes differently than internal employees. Forrester predicts that in 2024, IAM vendors will enhance platforms with features like simplified federation onboarding, verifiable credentials for ID verification, and improved access review processes for the extended enterprise.
Trend 9: Commercial and homegrown IAM Solutions Face Growing Demand For Upgrades. Maintaining on-premises IAM systems is becoming more costly and inefficient, making it more attractive to move to a cloud-based platform. Forrester is finding that the brittle, less secure nature of on-premise legacy systems also makes them more difficult to upgrade. Demand is so high for replacing legacy systems that a recent Forrester survey found that the intention to replace homegrown solutions jumped from 4% in 2022 to 18% in 2023.
Trend 10: The Fine-Grained Authorization Market Heats Up. As digital platforms and business app creation continue to proliferate, the need for dynamic and fine-grained access controls is extending beyond security. Forrester says that the IAM market is moving toward centralized and external authorization patterns because of B2B2E and B2B2C relationships and the possibility that genAI could make it easier to create and manage authorization policies.
Over the past year, 66% of organizations experienced at least one ransomware attack, with many suffering repeated breaches. According to Deloitte’s Annual Cyber Threat Trends report, ransomware, identity-based attacks, and sophisticated attack methods like zero-day exploits and AI-driven cyber espionage dominate a rapidly changing threat landscape.
Ransomware attackers specialize in making chaos pay
Attackers are using ransomware as a smash-and-grab strategy, often to finance other illegal operations. Cybercrime gangs, including those that are state-funded, rely on ransomware as a primary source of revenue as well.
Ransomware attackers aim to create widespread chaos across supply chains, amplifying the impact of their attacks. For example, United Healthcare paid a $22 million ransom in Bitcoin, demonstrating how greater disruption often leads to higher payouts.
“Sophisticated ransomware operators are increasingly using zero-day exploits as their initial access vector, with 36 percent of victims ransomed in this way. Valid credential compromise was the second most common entry point for ransomware attacks,” says Deloitte in the report.
“Phishing, remote attacks on public-facing infrastructure, and unauthorized remote desktop connections continue to be the primary sources of infiltration for ransomware,” writes Paul Furtado, Gartner vice president analyst, in a recent research report, How to Prepare for Ransomware Attacks.
Furtado notes that “bad actors are mining exfiltrated data to identify other potential sources of revenue,” further increasing the urgency to harden cyberdefenses against ransomware attacks. The following is a typical ransomware attack pattern as defined in the Gartner report.
Source: Gartner, How to Prepare for Ransomware Attacks, 16 April 2024
CrowdStrike’s threat intelligence teams regularly monitor every known ransomware variant. “RaaS kits are easy to find on the dark web, where they are advertised in the same way that goods are advertised on the legitimate web,” writes Kurt Baker in a blog post explaining RaaS. The post continues, “a RaaS kit may include 24/7 support, bundled offers, user reviews, forums, and other features identical to those offered by legitimate SaaS providers.”
The 2024 Annual Threat Assessment of the U.S. Intelligence Community found that “transnational organized criminals involved in ransomware operations are improving their attacks, extorting funds, disrupting critical services, and exposing sensitive data. Important U.S. services and critical infrastructure such as health care, schools, and manufacturing continue to experience ransomware attacks.”
Adversarial AI’s growing tradecraft
Deloitte’s research uncovered the growing use of adversarial AI for cyber espionage, finding it’s driving new forms of tradecraft in influence operations, social engineering, underground services, and collaboration.
Adversarial AI’s goal is to deliberately mislead AI and machine learning (ML) systems so they are ineffective for the use cases they’re being designed for. Adversarial AI refers to “the use of artificial intelligence techniques to manipulate or deceive AI systems. It’s like a cunning chess player who exploits the vulnerabilities of their opponent. These intelligent adversaries can bypass traditional cyber defense systems, using sophisticated algorithms and techniques to evade detection and launch targeted attacks.”
Influence operations are the most active threat vector of the three Deloitte is tracking. AI image deception and deepfake accuracy are accelerating faster than many existing detection technologies can keep up with.
Telesign’s2024 Trust Index found just how wide the trust gap is becoming due to deep fakes and broader influence operations. 87% of Americans hold businesses accountable for digital privacy, yet only 34% trust them to use AI effectively to protect against fraud. Deepfakes and misinformation are driving a wedge of distrust between companies, the customers they serve, and citizens participating in elections this year.
Deloitte found that social engineering-based attacks are becoming more challenging to identify and stop. Nation-states are weaponizing LLMs and using genAI to improve their ability to launch large-scale social engineering attacks aimed at harvesting privileged access credentials and gaining control of thousands of identities in an enterprise at once.
The rapid growth of Voice Cloning-as-a-Service (VCaaS) tools powered by AI, which is used for vishing attacks to clone voices for financial fraud and unauthorized access, continues to defy easy detection. Cybercriminals and nation-state adversaries are quick to invest in new technologies that yield tradecraft that existing cybersecurity systems can’t decipher, and deepfakes are among the most undetectable today.
Preventing a ransomware attack
Start with a zero-trust mindset. Any trust-based connections in a network are a liability—a ransomware attack waiting to happen. Furtado advises, “Build and execute on a zero-trust strategy that reduces the risk of attackers abusing implicit trust in environments to achieve lateral movement, employ available exploits, and gain privilege escalation to deploy ransomware.”
Furtado’s recommendations reflect a strong zero-trust mindset that seeks to eliminate lateral movement, enforce least privilege access, and monitor all network activity while hardening identity and access management (IAM) security. In short, he’s advising having as strong of a zero-trust framework as possible in place to withstand a ransomware attack.
One of the core concepts of zero trust is to assume an attack has already penetrated the network. Furtado’s key takeaways from his recent report on ransomware include the following:
Have a complete preincident prevention strategy that includes workspace and endpoint protection, data protection, immutable backup, asset management, end-user awareness training, and strong identity and access management.
Implement a reliable asset management process to identify what needs to be protected and who is responsible, paying particular attention to legacy systems.
Establish a risk-based vulnerability management process that includes threat intelligence (TI) to address unpatched systems.
Implement both macro and micro network segmentation to minimize the blast radius of ransomware attacks.
Build and execute a zero-trust strategy to reduce the risk of attackers abusing implicit trust in environments.
Remove local administrative privileges on endpoints and limit access to sensitive applications, including email, to prevent account compromise.
Prevent access to the command prompt and block the execution of PowerShell scripts on all user endpoints.
Implement strong authentication for privileged users, such as database and infrastructure administrators and service accounts, and log and monitor their activity.
Bottom Line: Every business needs to resolve in 2022 to treat cybersecurity as a business decision first because the risk to operations and revenue are too great if they don’t.
Predictions don’t protect businesses, professional guidance does. Intending to provide every business, especially startups, with insights they can use to protect themselves in 2022, I’ve interviewed several cybersecurity CEOs. Their recommendations on what every business can do to improve their cybersecurity and avert a potential breach, ransomware attempt, or worse are provided below:
BOS Framework Founder and CEO Sashank Purighalla
Before BOS, Sashank founded and served as the CEO of 5Y Solutions, Inc., a DevOps company that provides SaaS and enterprise-class technology solutions based in the cloud, AR, VR, IoT, Media Streaming, and Big Data spaces. 5Y has offices in the US, Australia, and India. Much of Sashank’s 20+ years of experience has involved developing enterprise-class technology solutions, strong strategic and long-range planning, setting business and technology strategies in B2B and B2C environments, and leading and motivating diverse teams to build high-impact SaaS and PaaS products. Sashank has a bachelor’s degree in Mechanical Engineering and a master’s degree in Computer Science.
Advice from Sashank Purighalla Founder and CEO at BOS Framework
“The biggest problem that enterprises are dealing with is with fractured technology architectures. The playbook for how technology systems are designed and maintained has fundamentally changed over the past 5 years with the advent of DevOps as a new disciple geared toward bringing efficiency to the PDLC process. To help meet this growing demand, there has been nearly a 570% increase in the number of known niche tools. Here’s the strange dichotomy: In the same timeframe, there has been an over 630% increase in the number of cyber breaches and over 600% increase in technology management and maintenance costs.
The fact is that you cannot patch disparate systems with non-standardized implementations using niche tools and expect to achieve security. Breach resilience and systemic integration can only result from sound systemic architectures that are based on best practices.
Enterprises must shift their focus from thinking of the next tool for efficiency or patching gaps to consistent architectures for effective holistic outcomes. This is an ecosystem problem and can only be addressed at an organizational architecture level”.
Founder Shield Co-Founder & CEO Benji Markoff
Benji Markoff is the Co-Founder & CEO of Founder Shield. He has an obsession with culture and the science behind it. He wants his legacy to be the success and positivity that everyone who works at Founder Shield brings to the world, whether at Founder Shield or in any their future endeavors. He hopes that Founder Shield provides a platform for unlimited success and happiness for all that work there.
Advice from Benji Markoff, Co-Founder & CEO of Founder Shield
“It’s old news that cybercriminals have beefed up their attacks, with ransomware and phishing topping every bad actor’s to-do list, it seems. The pandemic spotlighted weak links in cybersecurity systems nationwide, and hackers didn’t waste one minute to attack — back door, front door, didn’t matter. Hybrid work schedules and burnt-out IT specialists make the waters even murkier. Naturally, cyber liability insurance is a hot commodity currently, and the insurance industry plays a significant role in helping companies stay protected. Unfortunately, the attacks keep coming. Flip the script, though, and all these negative headlines can serve as lessons learned. For starters, let’s remember that cross-functionality value also translates to cybersecurity training. The more employers raise awareness and implement in-depth training, the lower they’ll fall on a hacker’s checklist. Keep cybersecurity top-of-mind throughout your entire company. Also, don’t be shy about relying more heavily on your managed service provider (MSP). These companies are ever-broadening their scope of services. If eyes and ears are what you need, start negotiating new MSP contracts.”
Hexnode Founder and CEO Apu Pavithran
Apu Pavithran is the founder and CEO of Hexnode. Recognized in the IT management community as a consultant, speaker, and thought leader, Apu has been a strong advocate for IT governance and Information security management. In addition, he’s passionate about entrepreneurship and spends significant time working with startups and empowering young entrepreneurs.
Advice from Apu Pavithran, founder and CEO of Hexnode
“Enterprise customers in 2022 are looking for a seamless digital experience that they can adopt immediately. Unfortunately, while catering to this need businesses tend to overlook the cybersecurity risks involved in making this possible.
In practice, cybersecurity decisions mostly take the backseat when associated with budgetary needs and business priorities, however, what comes with that is a successful ransomware attack that can completely turn the equation upside down. So, while adopting a flexible working environment in a constantly changing IT landscape, I would strongly recommend having a device security policy and a UEM in place. This helps keep your sensitive information safe by making sure employee devices are always compliant.
A patch management solution that comes along with the UEM solution will monitor your devices to make sure that there are no security vulnerabilities. The solution will also make sure that your device is running on the latest OS update and protected from threat actors.
Endpoint security solutions like UEM’s will help secure businesses to an extent, But having the right tools can’t always ensure that your businesses are 100% secure. The biggest threat is always the human element in cyber security. So make sure that in your flexible work environment your employees are cyber aware with regular cyber awareness classes that cover updated cybersecurity best practices.”
Ivanti CEO Jeff Abbott
As CEO of Ivanti, Jeff Abbott oversees all aspects of the company’s growth strategy and direction. Before becoming CEO of Ivanti in October 2021, Jeff served as Ivanti’s President since January 2020. Jeff has over 25 years of experience working for enterprise software and services companies, including Accenture, Oracle, and Infor. Jeff holds degrees from the University of Tennessee and Georgia State University. He sits on the National Alumni Board at the University of Tennessee and has previously held board positions with the Georgia Leukemia and Lymphoma Society and the Posse Foundation.
Advice from Ivanti CEO Jeff Abbott:
The rapid shift to remote work has accelerated growth in new digital systems and workflows, leading to expanded enterprise attack surfaces. At the same time, threat actors have matured their tactics and targeted enterprise security gaps. For example, attackers have increasingly waged phishing attacks at mobile devices, which remote workers are using more than ever before, via text and SMS messages, instant messages, social media, and other modes of communication, beyond just corporate email. Ransomware has also continued to evolve, with attackers increasingly leveraging known vulnerabilities that have remote code execution and privilege escalation capabilities. Ransomware is a business, and threat actors are incentivized to find companies that are more likely to pay.
Organizations are struggling to proactively combat these growing cyber threats. A new study by Ivanti revealed that 71% of IT and security professionals found patching to be overly complex and time-consuming. 57% of respondents stated that the global transition towards a decentralized workspace has made patch management more complex to deal with. And 53% said that organizing and prioritizing vulnerabilities takes up most of their time. This is alarming because the longer vulnerabilities remain unpatched, the more exposed a business is at risk of an attack or ransomware.
To effectively mitigate risk, companies should implement a Zero Trust security strategy. At its simplest, Zero Trust provides organizations continuous evaluation of their employee devices, endpoints, assets, and networks that business relies on. As part of an overall Zero Trust strategy, companies should invest in automated controls that proactively perform cyber hygiene tasks and reduce security risk across infrastructure and applications. This includes leveraging a combination of risk-based vulnerability prioritization and automated patch intelligence to identify and prioritize vulnerability weaknesses and then accelerate remediation. A proactive, end-to-end risk-based assessment strategy can drive business value and further reduce the mean time to detect, discover, remediate, and respond to cyber threats.
Orchestral Founder and EVP Dale Smith As Orchestral’s Head of Revenue Technology & Operations, Dale leads the digital infrastructure team responsible for integrating customer-facing operations across marketing, sales, and customer success to deliver extraordinary customer experiences that accelerate revenue performance. Dale has over 30+ years of experience in the tech industry, including several roles that include engineering, marketing, business development, and product management. His current startup, Orchestral.ai, provides AI-enabled IT workflow automation & orchestration technologies that facilitate digital transformation for some of the world’s largest enterprises.
Advice from Orchestral Founder and EVP Dale Smith
“Although there is an increasing amount of attention given to automation within the cybersecurity sector, there are still many gaps between the countless tools and SOAR/SIEM platforms found in a typical enterprise’s cybersecurity infrastructure.
To be sure, cybersecurity automation is a welcome and necessary focus for innovation in threat intelligence and response. But, as organization’s adopt cybersecurity automation, they are likely to discover that significant human intervention is still required to bridge the “silos of automation” that naturally develop around highly specialized security tools and platforms. It is at this point when the focus should shift to “cybersecurity orchestration”. Cybersecurity orchestration intelligently integrates all of the different and disparate tools, platforms and siloed automations so that information is shared across the entire cybersecurity infrastructure. In this context, cybersecurity automation and cybersecurity orchestration are complimentary stages of focus for developing security infrastructure capable of coordinating a truly “autonomous” threat response.”
Prometeo Co-Founder and CEO Rodrigo Tumaián
Rodrigo Tumaián is co-founder of Prometeo, a startup in the fintech area. He is also a co-founder of Truss, a company that provides information security services in the financial sector. His extensive experience working with national and international companies has enabled him to learn to adapt to any type of environment and help customers across a broad spectrum of business models, industries and revenue levels.
Advice from Prometeo Co-Founder and CEO Rodrigo Tumaián
“When we talk about Cybersecurity month to encourage awareness around the topic, we should keep in mind that it is something we must take action on every day. The repercussions that are caused when we find ourselves in the middle of a problem or a serious cybersecurity issue, profoundly impact our digital ecosystem. Constantly promote cybersecurity awareness – that’s what we’re focused on internally and with every customer – and we’re product of what we’re accomplishing with them and seeing them and we are very proud of what we have accomplished.”
Rapid.Space Founder and CEO Jean Paul Smets
Jean Paul is an entrepreneur, with 20 year experience and success in enterprise open source software for B2B markets. As Founder and CEO At Rapid.Space, he leads product and business development . Before Rapid.Space, Jean Paul founded Nexedi S.A the largest FLOSS publisher in the EU (4 M€ income). He founded VIFIB which invented edge computing in 2009 and contributed its technology to Rapid.Space. He holds a PhD in computer science, graduated from ENS Ulm and joined “corps des mines”.
Advice from Jean Paul Smets, Founder and CEO at Rapid.Space
“If you use a cloud service, make sure your cloud provider does not have access to your passwords or credentials (most have access and password leaks happen in average every year, as we all experienced). If you use containers, make sure you understand that they do not provide strong isolation (containers from other users on the same host may be able to access your sensitive data through security escalation, such as the one which happened to Azure in 9/2021)”
ThycoticCentrify CEO Art Gilliland
Art Gilliland is CEO at Centrify and brings proven success in the global enterprise software industry-leading large organizations in product development, enterprise infrastructure, cybersecurity, go-to-market strategy, and SaaS operations. He most recently was SVP/GM of the Symantec Enterprise Division of Broadcom, reporting to the CEO, where he led the integration and business operations post-acquisition. Before Symantec, Art held executive positions at Skyport Systems, HP, Symantec, and IMlogic.
Advice from ThycoticCentrify CEO Art Gilliland:
“As organizations execute on their digital transformations to adopt cloud and SaaS infrastructure it will become more essential to adopt tighter control over who has access to what. Investments in tighter controls over privileged access by using multi-factor authentication, centralizing identities, and enforcing least privilege can go a long way to securing modern infrastructure. This investment can not only make the user experience more seamless for those who need and should have access, but can also simultaneously harden defenses to reduce risk of becoming the next hack or ransomware victim.” — Art Gilliland, CEO, ThycoticCentrify
76% of enterprises increased their use of endpoint devices since the beginning of the COVID-19 pandemic, supporting their remote, work-from-home (WFH) and hybrid workforces globally.
66% of enterprises believe securing their networks and infrastructure requires a more focused, proactive approach to endpoint resilience that doesn’t leave endpoint security to chance.
Cybersecurity leader’s top challenges today are maintaining compliance, enforcing security standards, and understanding the health of security controls on each endpoint.
Just 38% of IT leaders can track the ROI of their cybersecurity investments, accentuating the need for more resilient, persistent endpoints that provide greater visibility and control.
These and many other fascinating insights are from Forrester Consulting’s latest study on endpoint security, Take Proactive Approach To Endpoint Security, completed in collaboration with Absolute Software. The study is noteworthy for its impartial, accurate view of the current state of endpoint security and the challenges IT teams face in creating greater endpoint resilience. The study’s methodology is based on 157 interviews with IT and security professionals located in the U.S. and Canada who are decision-makers in endpoint protection, with interviews completed in November and December 2020.
Key insights from the study include the following:
Security leaders are reprioritizing endpoint automation efforts with a strong focus on sensitive or at-risk data. In 2021 automation efforts will focus on sensitive or at-risk data (60%), geolocation (52%), security control health (48%), web-based application usage (36%), patch management (35%), and hardware inventory (32%). Each of these technologies is integral to supporting remote workers. There’s also a significant shift from how automation strategies were prioritized before the pandemic, as the graphic from the study below illustrates:
Maintaining compliance, enforcing security standards, understanding security controls’ health, and measuring security investments are the top challenges to managing endpoint security today. The majority of enterprises, 59%, cannot maintain or prove compliance of endpoints at any given time. Lack of compliance drags down the efficiency of endpoint security efforts, making an entire network more vulnerable. Just over half of enterprises can’t enforce security standards across endpoints or don’t know today’s health. The most surprising finding of the study: 62% of enterprises cannot measure the ROI of their security investments – with half (31%) – strongly disagreeing with how measurable security ROI spend is.
Enterprises see four key areas where endpoint management could improve today.Forrester asked enterprise IT and security leaders which capabilities need to be added to endpoint management systems to make them more effective. The executives first focused on securing sensitive and at-risk data, a sure sign enterprises are moving to a more data-centric cybersecurity model in the future. That’s good news as cyber attackers want to penetrate software supply chains and take control of systems managing data assets. Managing devices remotely at scale is second, which is also a frequent challenge IT and security teams encounter when attempting to patch endpoints. Having an unbreakable digital tether to devices is solving the scale issue while also providing greater endpoint resiliency, visibility, and control.
Conclusion
The pandemic forced every business to become more innovative in supporting work-from-home and hybrid work environments, improving endpoint security an immediate priority. What’s needed is an unbreakable digital tether to all devices, capable of delivering complete visibility and control, enabling real-time insights into the state of those devices, and allowing them to repair security controls and productivity tools autonomously. Of the many solutions available for securing endpoints today, the ones that take a firmware-embedded approach to secure endpoints are proving the most reliable. The more integrated an endpoint is to firmware, the more likely self-healing agents will be reliable while also providing complete visibility across every device on or off the network. Absolute’s firmware-embedded approach is noteworthy in its track record of securing endpoints during the pandemic.
Cybersecurity, privacy and security startups have raised $1.9 billion in three months this year, on pace to reach $7.6 billion or more in 2021, over four times more than was raised throughout 2010 ($1.7 billion), according to a Crunchbase Pro query today.
22,156 startups who either compete in or rely on cybersecurity, security and privacy technologies and solutions as a core part of their business models today, 122 have pre-seed or seed funding in the last twelve months based on a Crunchbase Pro query.
From network and data security to I.T. governance, risk measurement, and policy compliance, cybersecurity is a growing industry estimated to be worth over $300B by 2025, according to C.B. Insight’s Emerging Trends Cybersecurity Report downloadable here.
Today, 680 cybersecurity, privacy, and security startups have received $6.8 billion in funding over the last twelve months, with $4 million being the median funding round and $12.6 million the average funding round for a startup. The number of startups receiving funding this year, funding amounts and the methodology to find the top 20 cybersecurity startups are all based on Crunchbase Pro analysis done today.
New startups and established vendors are attracting record levels of investment as all organizations look to thwart increasingly complex, costly and unpredictable cyberattacks. There is an arms race going on between cyber attackers using A.I. and machine learning and the many startups and existing vendors whose goal is to contain them. CBInsights and PwC recently published their latest quarterly joint study of the venture capital landscape, MoneyTree™ Report, Q4, 2020. The study finds that monitoring and security deals were the third fastest-growing vertical in 2020, with Q4 being exceptional for all verticals, as the heat map below shows:
The 20 Best Cybersecurity Startups To Watch In 2021
Based on a methodology that equally weighs a startup’s ability to attract new customers, current and projected revenue growth, ability to adapt their solutions to growing industries and position in their chosen markets, the following are the top 20 cybersecurity startups to watch in 2021:
Axis Security – Axis Security’s Application Access Cloud™ is a purpose-built cloud-based solution that makes application access across networks scalable and secure. Built on zero-trust, Application Access Cloud offers a new agentless model that connects users online to any application, private or public, without touching the network or the apps themselves. Axis Security is a privately held company backed by Canaan Partners, Ten Eleven Ventures, and Cyberstarts. Axis is headquartered in San Mateo, California, with research and development in Tel Aviv, Israel.
Bitglass – What makes Bitglass unique and worth watching is how they are evolving their Total Cloud Security Platform to combine cloud access security brokerage, on-device secure web gateways, and zero-trust network access to secure endpoints across all devices. Its Polyscale Architecture is delivering uptimes of 99.99% in customer deployments. Bitglass’s 2020 Insider Threat Report has several interesting insights based on their recent interviews with a leading cybersecurity community. One interesting takeaway is 61% of those surveyed experienced an insider attack in the last 12 months (22% reported at least six).
Cado Security – Cado Security’s cloud-native forensics and response platform helps organizations respond to security incidents in real-time, averting potential breaches and security incidents. The Cado Response platform is built on analytics components that perform thorough forensic analyses of compromised systems. Cado’s platform, Cado Response, is an agentless, cloud-native forensics solution that allows security professionals to quickly and comprehensively understand an incident’s impact across all environments, including cloud and containers as well as on-premise systems. “Finding the root cause of security incidents in cloud or container environments is incredibly difficult. Traditional tools don’t support these new environments, and there is a shortage of people who know both forensics and cloud security,” said CEO James Campbell, formerly Director, Cyber Threat Detection and Response at PricewaterhouseCoopers. “Our Cado Response platform completely changes how security professionals can respond to incidents in the cloud.”
Confluera – Originally mentioned as one of the 20 Best Cybersecurity Startups To Watch In 2020, Confluera’s sustained innovation pace in the middle of a pandemic deserves special mention. They are one of the most resilient startups to watch in 2021.Confluera is a cybersecurity startup helping organizations find sophisticated security attacks going on inside of corporate infrastructures. The startup delivers autonomous infrastructure-wide cyber kill chain tracking and response by leveraging the ‘Continuous Attack Graph’ to stop and remediate cyber threats in real-time deterministically. Confluera’s platform is designed to detect and prevent attackers from navigating infrastructure. Confluera technology combines machine comprehended threat detection with accurately tracked activity trails to stop cyberattacks in real-time, allowing companies to simplify security operations radically. It frees up human security personnel to focus on more important work instead of spending hours trying to join the dots between the thousands of alerts they receive daily, many of which are false positives. The following is a video that explains how Confluera XDR for Cloud Infrastructure works:
DataFleets – DataFleets is a privacy-preserving data engine that unifies distributed data for rapid access, agile analytics, and automated compliance. The platform provides data scientists and developers with a “data fleet” that allows them to create analytics, ML models, and applications on susceptible data sets without direct access to the data. Each data fleet has easy-to-use APIs, and under-the-hood, they ensure data protection using advances in federated computation, transfer learning, encryption, and differential privacy. DataFleets helps organizations overcome data privacy and innovation struggle by maintaining data protection standards for compliance while accelerating data science initiatives.
DefenseStorm – DefenseStorm’s unique approach to providing cybersecurity and cyber-compliance for the banking industry make them one of the top startups to watch in 2021. Their DefenseStorm GRID is the only co-managed, cloud-based and compliance-automated solution of its kind for the banking industry. It monitors everything on a bank’s network. It matches it to defined policies for real-time, complete and proactive cyber exposure readiness, keeping security teams and executives updated on bank networks’ real-time security status. The company’s Threat Ready Active Compliance (TRAC) Team augments its bank customers’ internal teams to protect business continuity and skills availability while ensuring cost-effective coverage and management.
Enso Security – Enso is an application security posture management (ASPM) platform startup known for the depth of its insights and expertise in cybersecurity. With Enso, software security groups can scale and gain control over application security programs to protect applications systematically. The Enso ASPM platform discovers application inventory, ownership, and risk to help security teams quickly build and enforce security policies and transform AppSec into an automated, systematic discipline.
Ethyca – Ethyca is an infrastructure platform that provides developers and product teams with the ability to ensure consumer data privacy throughout applications and services design. It also provides your product, engineering, and privacy teams with unmatched ease of use and functionality to better care about your user’s data. The company helps companies discover sensitive data and then provides a mechanism for customers to delete, see, or edit their data from the system. Ethyca’s mission is to increase trust in data-driven business by building automated data privacy infrastructure. Ethyca’s founder and CEO Cillian Kiernan is a fascinating person to speak with on the topics of privacy, security, GDPR, and CCPA compliance. He continues to set a quick pace of innovation in Ethyca, making this startup one of the most interesting in data privacy today. Here’s an interview he did earlier this year with France 24 English:
Havoc Shield – Havoc Shield reduces the burden on small and medium businesses (SMBs) by giving them access to advanced security technology that protects against data breaches, phishing, dark web activity, and other threats. The Havoc Shield platform offers comprehensive security and compliance features that meet the standards of Fortune 100 companies, making it easier for businesses working to win deals with those companies. “For a long time, cybersecurity technology has been virtually inaccessible to small businesses, who largely can’t afford those resources,” said Brian Fritton, CEO and co-founder of Havoc Shield. “We created Havoc Shield because we believe in democratizing cybersecurity for the little guy. Small businesses deserve the ability to protect what they’ve built, just as much as larger companies that have dedicated cybersecurity staff.” Since the end of Q2 2020, Havoc Shield has quadrupled its client list. In the coming months, the company aims to grow its team to help more small businesses protect themselves from threats and achieve customer trust.
Illumio – Widely considered the leader in micro-segmentation that prevents the spread of breaches inside data centers and cloud environments, Illumio is one of the most interesting cybersecurity startups to watch in 2021. Enterprises such as Morgan Stanley, BNP Paribas, Salesforce, and Oracle NetSuite use Illumio to reduce cyber risk and achieve regulatory compliance. The Illumio Adaptive Security Platform® uniquely protects critical information with real-time application dependency and vulnerability mapping coupled with micro-segmentation that works across any data center, public cloud, or hybrid cloud deployment on bare-metal, virtual machines, and containers. The following video explains why Illumio Core is a better approach to segmentation.
Immuta – Immuta was founded in 2015 based on a mission within the U.S. Intelligence Community to build a platform that accelerates self-service access to and control sensitive data. The Immuta Automated Data Governance platform creates trust across data engineering, security, legal, compliance, and business teams to ensure timely access to critical data with minimal risk while adhering to global data privacy regulations GDPR, CCPA, and HIPAA. Immuta’s automated, scalable, no-code approach makes it easy for users to access the data they need when they need it while protecting sensitive information and ensuring customer privacy. Selected by Fast Company as one of the World’s 50 Most Innovative Companies, Immuta is headquartered in Boston, MA, with offices in College Park, MD, and Columbus, OH.
Isovalent – Isovalent makes software that helps enterprises connect, monitor and secure mission-critical workloads in modern, cloud-native ways. Its flagship technology, Cilium, is the choice of leading global organizations, including Adobe, Capital One, Datadog, GitLab, and many more. Isovalent is headquartered in Mountain View, CA, and is backed by Andreessen Horowitz, Google and Cisco Investments. Earlier this month, Isovalent announced that it had raised $29 million in Series A funding, led by Andreessen Horowitz and Google with participation from Cisco Investments. Google recently selected Cilium as the next-generation dataplane for its GKE offering calling Cilium “the most mature eBPF implementation for Kubernetes out there” in its “New GKE Dataplane V2 increases security and visibility for containers” blog: https://cloud.google.com/blog/products/containers-kubernetes/bringing-ebpf-and-cilium-to-google-kubernetes-engine.
JupiterOne – JupiterOne, Inc. reduces cloud security cost and complexity, replacing guesswork with granular data about cyber assets and configurations. The company’s software helps security operations teams shorten the path to security and compliance and improve their overall posture through continuous data aggregation and relationship modeling across all assets. JupiterOne customers include Reddit, Databricks, HashiCorp, Addepar, Auth0, LifeOmic, and OhMD. Earlier this year, JupiterOne received $19 million in venture funding. The Series A round was led by Bain Capital Ventures, with additional investment from Rain Capital, LifeOmic, and individual investors. “JupiterOne has developed a compelling product that integrates quickly, has applicability across enterprise segments, and is highly reviewed by current customers,” said Enrique Salem, partner at Bain Capital Ventures and former CEO at Symantec. Salem now joins the JupiterOne board. “We see a multibillion-dollar market opportunity for this technology across mid-market and enterprise customers. Asset management is the first step in building a successful security program, and it’s currently a tedious, imperfect process that’s well-suited for automation.”
Lightspin – Lightspin is a pioneer in contextual cloud security protecting native, Kubernetes, and microservices from known and unknown risks and has recently announced a $4 million seed funding round on November 24th. They will use the proceeds of the round to finance continued R&D on how to secure cloud infrastructures. The financing round was led by Ibex Investors LLC, the firm’s first global investment from its new $100 million early-stage fund, and also included participation from private angel investors. Lightspin’s technology uses graph-based tools and algorithms to provide rapid, in-depth visualizations of cloud stacks, analyze potential attack paths and detect the root causes, all of which are the most critical vulnerabilities that attackers can exploit.
Orca Security – Orca Security is noteworthy for its innovative approach to providing instant-on, workload-deep security for AWS, Azure, and GCP without the gaps in agents’ coverage and operational costs.Orca integrates cloud platforms as an interconnected web of assets, prioritizing risk based on environmental context. Delivered as SaaS, Orca Security’s patent-pending SideScanning™ technology reads cloud configuration and workloads’ runtime block storage out-of-band, detecting vulnerabilities, malware, misconfigurations, lateral movement risk, weak and leaked passwords, and unsecured PII.
SECURITI.ai – SECURITI.ai is an AI-Powered PrivacyOps company that helps automate all significant functions needed for privacy compliance on a single platform. It enables enterprises to grant individual and group rights to data and comply with global privacy regulations like CCPA and bolster their brands. They collect and manage consent from multiple sources, including web properties, web forms, and SaaS applications. Their AI-Powered PrivacyOps platform is a full-stack solution that operationalizes and simplifies privacy compliance using robotic automation and a natural language interface. SECURITI.ai was founded in November 2018 and is headquartered in San Jose, California.
SecureStack – SecureStack helps software developers find security & scalability gaps in their web applications and offers ways to fix those gaps without forcing them to become security experts. The results are faster time to business and a 60%-70% reduction in the app attack surface.
The SecureStack platform’s intelligent automation manages security controls across distributed infrastructures using rules and profiles customizable by customers. SecureStack is noteworthy for its analytics and logging expertise in helping enterprises scale applications across cloud infrastructures.
Stairwell – What makes Stairwell one of the top startups to watch in 2021 is its unique approach to cybersecurity built around a vision that all security teams should be able to determine what alerts are threat-related or not and why. Mike Wiacek, the founder of Google’s Threat Analysis Group and co-founder and former Chief Security Officer of Alphabet moonshot Chronicle, leads the company as its CEO and founder. Wiacek is joined by Jan Kang, former Chief Legal Officer at Chronicle, as COO and General Counsel. Stairwell is backed by Accel Venture Partners, Sequoia Capital, Gradient Ventures, and Allen & Company LLC.
Ubiq Security – What makes Ubiq Security one of the top cybersecurity startups to watch in 2021 is how rapidly their API-based developer platform is maturing while gaining traction in the market. Ubiq Security recently signed commercial agreements with the United States Army and the Department of Homeland Security. This month, the startup announced it had raised $6.4 million in a seed equity investment round. Okapi Venture Capital, an early investor in Crowdstrike, led the round with participation from TenOneTen Ventures, Cove Fund, DLA Piper Venture, Volta Global, and Alexandria Venture Investments. Ubiq will use the funds to accelerate platform development, developer relations, and customer acquisition.
Unit21 – Unit21 helps protect businesses against adversaries through a simple API and dashboard to detect and manage money laundering, fraud, and other sophisticated risks across multiple industries. Former Affirm and Shape Security employees Trisha Kothari and Clarence Chio founded Unit21 in 2018 and work with customers like Intuit, Coinbase, Gusto, and Line to create a powerful & customizable rules engine for risk and compliance teams. Unit21’s highly flexible, customizable, and intelligent cloud-based system provides a configurable engine for transaction monitoring, identity verification, case management, operations management, and analytics and reporting. On October 19th of this year, Unit21 announced a $13 million funding round led by A.Capital Ventures. Additional participation includes investors such as Gradient Ventures (Google’s A.I. venture fund), Core V.C., South Park Commons, Diane Greene (founder of VMWare), William Hockey (founder of Plaid), Chris Britt and Ryan King (founders of Chime), Sumit Agarwal (founder of Shape Security), and Michael Vaughan (former COO of Venmo). Unit21 will use the new capital to grow its product and distribution-focused management team, increase sales and marketing efforts, and sell into new industries.
30% of US and UK remote workers say their organizations don’t require them to use a secure access tool, including VPN, to log into corporate databases and systems, according to Ivanti’s 2021 Secure Consumer Cyber Report.
Plus, 25% of remote workers in the US and UK aren’t required to have specific security software running on their devices to access certain applications while working remotely.
And one in four US remote workers use their work email and passwords to log in to consumer websites and apps.
Cybersecurity gaps have continued to widen during the pandemic. A noteworthy survey by Ivanti illustrates exactly how remote workers are putting organizations at risk and where enterprise security is falling short, making those cybersecurity gaps challenging for CISOs to close. Ivanti’s 2021 Secure Consumer Cyber Report outlines the challenges that cybersecurity and IT teams have faced when securing remote workers in what’s being described as the “Everywhere Workplace.” Based on interviews with more than 2,000 US and UK respondents working from home in November 2020, the survey shows that authentication and endpoint security needs to improve across all devices that employees use.
IT Organizations Need Help Closing Their Cybersecurity Gaps
Of the many lessons learned from 2020, among the most valuable are how virtual workforces need self-diagnosing and self-remediating endpoints, while IT organizations need improved unified endpoint management (UEM) as part of a zero-trust strategy. Bad actors continue to target remote workers’ privileged access credentials to gain access and exfiltrate customer, financial and proprietary data, including intellectual property. Ivanti’s survey provides insights into where cybersecurity gaps need attention first:
The most challenging threat surface to protect is a person’s identity because it’s exposed across so many threat surfaces, including personal and work devices, consumer websites, and IoT devices in homes. The pandemic is proving identities are the new security perimeter. A person’s cell phone, personal tablet, and laptop is a real-time digital definition of a person’s identity. Nearly half (49%) of US remote workers use personal devices for their jobs, often without two-factor authentication enabled. The graphic below shows how organizations can close this cybersecurity gap by adopting UEM as part of their go-forward initiatives in 2021 and beyond:
Lack of consistent security software and password standards is a big contributor to US and UK organizations’ cybersecurity gaps today. One in four remote workers can access enterprise resources without any security software in place. An even more surprising finding is that 30% of remote workers in the US and UK can access corporate data without a secure access tool or VPN connection. If a remote worker’s identity is compromised, there’s a one in three chance that their organization will be breached, enabling cyberattackers to move laterally through the company’s systems:
Protecting remote workers’ identities & devices at scale requires Zero Trust. Automating as many tasks as possible while providing a continuous and seamless user experience is the surest way to close cybersecurity gaps. Getting rid of passwords and automating two-factor authentication using Zero Sign-On (ZSO), a core part of the Ivanti platform, is proving essential today. Zero Sign-On relies on proven biometrics, including Apple’s Face ID, as a secondary authentication factor to gain access to work email, unified communications and collaboration tools, and corporate-shared databases and resources. CISOs and their teams also need to consider how mobile threat defense can better secure personal devices against phishing, device, network, and malicious app threats. Late last year, MobileIron (now part of Ivanti) received its second mention in two years in the Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q3 2020. The Forrester Wave graphic is shown below:
In conclusion, enterprise cybersecurity gaps are widening due to a combination of risky consumer behavior and a lack of consistent security for mobile workforces. And these gaps will only increase as employees increasingly work from anywhere, using their personal devices to connect to corporate resources. To secure and enable the future of work, organizations need to start implementing and maturing an end-to-end zero trust security model today by leveraging new technologies and protecting their current security technology investments.
The Pharma industry has lost $14 billion through Intellectual Property (IP) cyber theft worldwide, according to the United Kingdom Office of Cyber Security and Information Assurance.
53% of pharmaceutical IP thefts and related breaches are carried out by someone with insider access, also according to the United Kingdom Office of Cyber Security and Information Assurance.
The pharma industry’s average total cost of a data breach is $5.06 million, with one of the highest costs of remediating the breach at $10.81 million across all industries, according to a recent ProofPoint study.
Over 93% of healthcare organizations experienced a data breach in the past three years, and 57% have had more than five data breaches, according to the Cybersecurity Ventures 2020 Healthcare Cybersecurity Report.
Gartner predicts the privileged access management (PAM) market will grow at a compound annual growth rate (CAGR) of 10.7% from 2020 through 2024, reaching $2.9 billion by 2024.
Bottom Line: Having developed COVID-19 vaccines in a fraction of the time it takes to create new treatments, pharmaceutical companies need to protect the priceless IP, supporting data, and supply chains from cyberattacks.
Showing how powerful global collaboration between pharmaceutical industry leaders can be, the world’s leading vaccine producers delivered new vaccines in record time. The IP behind COVID-19 vaccines and their supporting supply chains need state-of-the-art protection comprised of cybersecurity technologies and systems, as the vaccines’ IP is an asset that cyber attackers have already tried to obtain.
Pharmaceutical’s Growing Number of Threat Surfaces Make Cybersecurity a Priority
The report provides specifics about how cyber attackers could impersonate an executive from a Chinese biomedical company known for having end-to-end cold chain expertise, which is essential for delivering vaccines reliably. The cyber attackers conducted spear-phishing attacks against global companies who support the global cold chain needed for distributing vaccines. There were credential harvesting attempts against global organizations in at least six countries known today to access vaccine transport and distribution sensitive information.
Launching a phishing campaign with the goal of harvesting details on key executives and access credentials across the cold chain is just the beginning. According to Lookout’s Pharmaceutical Industry Threat Report, some of the most significant threat surfaces are the most problematic today, including the following:
Research & Development & Clinical Trials
Collaborative research teams across pharmaceutical manufacturers globally
Scientists creating initial compounds and completing primary research to define a vaccine.
Integration of study sites at the test device and reporting system level
Manufacturing and Distribution
Plant workers’ systems, including tablets with build instructions on them
Physician & Pharmacist Networks
Distribution Channels and their supporting IT systems
Cyber attackers are taking a more synchronized, multifaceted approach to attacking Covid-19 supply chains, reiterated in CISA’s report. There’s evidence that state-sponsored cyber attackers attempt to move laterally through networks and remain there in stealth, allowing them to conduct cyber espionage and collect additional confidential information from victim environments for future operations. Cyber attackers are initially focused on phishing, followed by malware distribution, registration of new Covid-specific domain names, and always looking for unprotected threat surfaces.
10 Ways Cybersecurity Can Protect COVID-19 Vaccine Supply Chains
By combining multiple cybersecurity best practices and strategies, pharmaceutical companies stand a better chance of protecting their valuable IP and vaccines. Presented below are ten ways the pharmaceutical industry needs to protect the COVID-19 vaccine supply chain today:
Prioritize Privileged Access Management (PAM) across the vaccine supply chain, ensuring least privilege access to sensitive data starting with IP. CISA’s note finds that there have been multiple attempts at capturing privileged credentials, which often have broad access privileges and are frequently left standing open. PAM is needed immediately to institute greater controls around these privileged accounts across the supply chain and only grant just enough just-in-time access to sensitive IP, shipping and logistics data, vaccination schedules, and more. Leaders include Centrify, which is noteworthy for cloud-based PAM implementations at the enterprise and supply chain levels. Additional vendors in this area include BeyondTrust, CyberArk, Ivanti, Thycotic, Ping Identity, and Senhasegura.
Assess every supplier’s security readiness in vaccine supply chains, defining minimum levels of compliance to security standards that include a single, unified security model across all companies. In creating a secured vaccine supply chain, it’s imperative to have every supplier network member on the same security model. Taking this step ensures accountability, greater clarity of roles and responsibilities, and a common definition of privileged roles and access privileges. Leaders in this area include BeyondTrust, Centrify, CyberArk, Ivanti, and Thycotic.
Taking a Zero Trust-based approach to secure every endpoint across the vaccine manufacturer’s R&D, Clinical Trials, Manufacturing, and Distribution networks is necessary to shut down cyber attackers taking advantage of legacy security weaknesses approaches. The pharmaceutical companies and myriad logistics providers see a much faster than the expected proliferation of endpoints today. Trusted and untrusted domains from legacy server operating systems are a time sink when it comes to securing endpoints – and proving unreliable despite the best efforts that Security Operations teams are putting into them. Worst of all, they leave vaccine supply chains vulnerable because they often take an outdated “trust but verify” cybersecurity approach. Leaders include Illumio, Ivanti (MobileIron), Cisco, Appgate, Palo Alto Networks, and Akamai Technologies.
Extend the Zero Trust framework across the entire supply chain by implementing microsegmentation and endpoint security requirements across all phases of the vaccine’s development cycles. This will ensure cyber attackers don’t have the opportunity to embed code to activate later. The goal is to push Zero Trust principles to all related processes integrating with the vaccines’ pipeline, including all dependencies across the entire development lifecycle.
Incorporating Multi-Factor Authentication (MFA) across every system in the vaccine supply chain is a given. Usernames and passwords alone are not enough, and MFA is low-hanging fruit to authenticate authorized users. MFA is based on two or more factors that can authenticate who you are based on something you know (passwords, PINs, code works), something you have (a smartphone, tokens devices that produce pins or pre-defined pins), or something you are (biometrics, facial recognition, fingerprints, iris, and face scans). For example, Google provides MFA as part of their account management to every account holder and has a thorough security check-up, which is useful for seeing how many times a given password has been reused.
Alleviate the conflicts of who will pay for increasing cybersecurity measures by making supplier-level security a separate line item in any CISOs and CIO’s budget. Today certain pharma supply chain CISOs are expected to ramp up cybersecurity programs with the same budget before Covid-19. While there are slight increases in cybersecurity budget levels, it’s often not enough to cover the higher costs of securing a broader scope of supply chain operations. CISOs need to have greater control over cybersecurity budgets to protect vaccine IP and distribution. Relying on traditional IT budgets controlled by CIOs isn’t working. There needs to be a new level of financial commitment to securing vaccine supply chains.
Consider using an AIOps platform adept at unifying diverse IT environments into a single, cohesive AI-based intelligence system that can identify anomalous network behavior in real-time and take action to avert breaches. Based on conversations with CIOs across the financial services industry, it is clear they’re leaning in the direction of AIOps platforms that provide real-time integration to cloud platforms combined with greater control over IT infrastructure. LogicMonitor’s prioritizing IT integration as a core strength of their platform shows, as they have over 2,000 integrations available out of the box. Relying on Collectors’ agentless system, LogicMonitor retrieves metrics such as cloud provider health and billing information. This collector then pulls metrics from different devices using various methods, including SNMP, WMI, perf Mon JMX, APIs, and scripts.
Unified Endpoint Security (UES) needs to become a standard across all vaccine supply chains now. Vendors who can rapidly process large amounts of data to detect previously unknown threats are needed today to stop cyberattacks from capturing IP, shipment data, and valuable logistics information. Absolute Software’s approach to leveraging its unique persistence, resilience, and intelligence capabilities is worth watching. Their approach delivers unified endpoint security by relying on their Endpoint Resilience platform, which includes a permanent digital tether to every enterprise’s endpoint. Absolute is enabling self-healing, greater visibility, and control by having an undeletable digital thread to every device. Based on conversations with their customers in Education and Healthcare, Absolute’s unique approach gives IT complete visibility into where every device is at all times and what each device configuration looks like in real-time.
Pharma supply chains need to have a strategy for achieving more consistent Unified Endpoint Management (UEM) across every device and threat surface of the vaccine supply chain. UEM’s many benefits, including streamlining continuous OS updates across multiple mobile platforms, enabling device management regardless of the connection, and having an architecture capable of supporting a wide range of devices and operating systems. Another major benefit enterprises mention is automating Internet-based patching, policy, configuration management. Ivanti is the global market leader in UEM, and their recent acquisition of Cherwell expands the reach of their Neurons platform, providing service and asset management from IT to lines of business and from every endpoint to the IoT edge. Neurons are Ivanti’s AI-based hyper-automation platform that connects Unified Endpoint Management, Security, and Enterprise Service Management. Ivanti is prioritizing its customers’ needs to autonomously self-heal and self-secure devices and self-service end-users.
Track-and-traceability is essential in any vaccine supply chain, making the idea of cyber-physical passports that include serialization for vaccine batches more realistic given how complex supply chains are today. Passports are an advanced labeling technology that provides the benefits of virtual tracking, verification of specific compounds, and yield rates of key materials. Serialization is a must-have for ensuring greater traceability across vaccine supply chains proving effective in stopping counterfeiting. Having digital passports traceable electronically can further help thwart cyber attackers.
Conclusion
By closing the cybersecurity gaps in vaccine supply chains, the world’s nations can find new, leaner, more efficient processes to distribute vaccines and protect their citizens. It’s evident from the results achieved so far in the U.S. alone that relying on traditional supply chains and means of distribution isn’t getting the job done fast enough, and cyber attackers are already looking to take advantage. By combining multiple cybersecurity tactics, techniques, and procedures, the vaccine supply chain stands to improve and be more secure from threats.
Bottom Line: Bad actors quickly capitalize on the wide gaps in machine identity security, creating one of the most breachable threat surfaces today.
Why Machines Are the Most Challenging Threat Surface To Protect
Forrester’s recent webinar on the topic, How To Secure And Govern Non-Human Identities, estimates that machine identities (including bots, robots and IoT) are growing twice as fast as human identities on organizational networks. Forrester defines machine, or non-human, identities as robotic process automation (bots), robots (industrial, enterprise, medical, military) and IoT devices.
The webinar points out that one of the fastest-growing automation types is software bots, with 36% used in finance and accounting, 15% used in business line and 15% in IT. The webinar also points out that in 2019, there were 2.25 million robots in the global workforce, twice as many as in 2010 and 32% of global infrastructure decision-makers expect their firms to use robotic process automation (RPA) over the next 12 months.
According to the Forrester Consulting white paper, Securing The Enterprise With Machine Identity Protection, over 50% of organizations find it challenging to protect their machine identities today. Unprotected machine identities are making it easy for bad actors to take control of entire networks of devices. Bad actors rely on organizations’ bots to provide the cover they need to attack networks and devices, often undetected for months or years.
Forrester found that machine identities are left exposed to bad actors because organizations aren’t adopting the tools they need to create and manage a centralized Identity Access Management (IAM) strategy across all machines. This includes defining and enforcing policies, auditing each machine and endpoint and better integrating support across machines and monitoring systems.
Furthermore, by adopting a more modern Privileged Identity Management (PIM) approach, organizations could solve many of these challenges. Leading PIM solutions providers include Centrify, which has succeeded in adapting to the ephemeral nature of securing machine identities by delivering machine identity and credential authentication based on a centralized trust model.
The Forrester report’s bottom line is that machines are isolated, exposed and more vulnerable than any other endpoint on a network. The following graphic compares protection strategies and finds a majority of organizations struggling to deliver them:
Machine Identities Are Networks’ Weakest Security Link
According to a Venafi study, machine identity attacks grew 400% between 2018 and 2019, increasing by over 700% between 2014 and 2019. Malware capable of compromising machine identities continues to gain momentum, doubling between 2018 and 2019 and growing 300% over the five years leading up to 2019. According to Kount’s 2020 Bot Landscape and Impact Report, 81% of enterprises are regularly dealing with malicious bots today and one in four say a single bot attack has cost them $500,000 or more. Furthermore, many organizations may not realize how many bots and machine identities they have – and bad actors capable of creating hundreds using automated scripting tools.
Forrester provided the following data points underscoring how vulnerable machines are to botnet and identity-based attacks today:
The 2017 Mirai botnet attack is a cautionary tale of the dangers of using default security credentials on machines and IoT devices. Using botnets to automate scans of vast blocks of IP addresses for potential telnet ports to log into, the Mirai botnets were programmed to rapidly try a series of basic usernames and passwords to gain access to IoT devices and machines. The Mirai botnets were successful, gaining control of thousands of machines and orchestrating them to deliver one of the largest DDOS attacks in history.
It’s common for enterprises to lose track of how many bots they’ve created, giving malicious actors the perfect cover to mask their movements. Instead of creating their bots, malicious actors look to disguise their movements across a network with a company’s bots. Forrester’s webinar mentioned how a large North American insurance provider deployed 400 software bots for customer-facing digital chatbots and processing claims, among other tasks.
There’s often no oversight of who has the rights to create and launch bots internally, leading to potentially thousands of bots without secured identities. One of the most troubling findings presented during the webinar is how loose the process is to create a bot – with no checks and balances in place or means of achieving consistent identity management.
How To Strengthen Machine Security
The more challenging any machine threat surface is to protect, the more opportunity it provides bad actors to breach them. A good place to start is by clarifying who owns keeping Transport Layer Security (TLS) and previous-generation Secured-Sockets Layer (SSL) client and server certificates, code signing certificates, Secure Shell (SSH) host and cryptographic keys so they are kept up to date. Letting those fall through the cracks will leave thousands of machines exposed and exploitable on networks.
Prioritizing machine identities and securing machine credentials is a must-have in 2021, as botnet attacks are quickly increasing due to bad actors’ being able to spin up thousands of them in days. The following are key steps to get started:
Taking a Zero Trust approach to managing every machine identity authentication on a network now could save thousands of hours and dollars in the future. Taking a least privilege access approach to managing machines now will pay off in the future, as the workloads of machines and non-human entities continue to grow more complex. The Forrester webinar expands on this point by explaining how new, more complex inter-machine relationships are evolving quicker than legacy approaches to endpoint governance and security can keep up.
Privileged access controls need to be more adaptive, secure and scalable than many organizations’ static-based approaches to securing machines are today. Forrester recommends replacing long-standing hardcoded credentials with session-based ones assigned via API calls from a vault. Machines are being used 24/7 and have access patterns completely different from humans using the network, making dynamically-assigned, ephemeral credentials even more important to protect a network. Privileged Identity Management (PIM) proves effective at providing privileged access controls for machine identities, with Forrester mentioning Centrify, HashiCorp and others as leaders in this area. Centrify’s approach is noteworthy in enrolling machines with its platform via a client to establish a trust relationship, so applications running on that machine can also be authenticated using a short-lived, scoped token.
Monitoring more machines on a network often leads to a transition from legacy to integrated log monitoring systems that can capture, analyze and report anomalous activity across a network. Log Monitoring systems are proving invaluable in identifying machine endpoint configuration and performance anomalies in real-time. AIOps is proving effective in identifying anomalies and performance event correlations in real-time, contributing to greater business continuity. One of the leaders in this area is LogicMonitor, whose AIOps-enabled infrastructure monitoring and observability platform have proven successful in troubleshooting infrastructure problems and ensuring business continuity.
Perform periodic audits to track all bots and machines in use across an organization, using Microsoft Active Directory to inventory and manage all of them. One of the most valuable take-aways from the Forrester webinar is the need to manage machine identities and their credentials centrally. Forrester mentions Microsoft Active Directory as one option. The companies providing services in this area include Centrify, which pioneered Active Directory bridging to authenticate human and machine identities based on a centralized model from a single identity repository.
Conclusion
Machines, or as Forrester calls them in their webinar, non-human identities require more precise, adaptive and ephemeral identity structures and access controls. CISOs and CIOs need to take greater ownership of machine identity authentication and provide Identity Access Management (IAM) and Privileged Access Management (PAM) down to the bot and non-human identity level. With the exponential growth of malicious bots tracking machine identities, now is the time to place machine identities among the highest priority of any cybersecurity strategy in 2021.
