Posts tagged ‘Zero Trust Security’

Feb 26

Roundup of agentic AI forecasts and market estimates, 2026

Agentic AI spending is projected to reach $201.9 billion in 2026 (Gartner), overtaking chatbot spending by 2027. Four independent firms size the standalone market at $7–8 billion with 40%+ CAGRs. But adoption lags the money: only 23% of organizations have scaled agent deployments (McKinsey), and 40% of projects face cancellation by 2027 (Gartner).

Fortune Business Insights projects $7.29 billion in 2025, reaching $139.19 billion by 2034 at 40.5% CAGR. Precedence Research sizes it at $7.55 billion in 2025, growing to $199.05 billion by 2034 at 43.84% CAGR. MarketsandMarkets puts the figure at $7.06 billion in 2025, reaching $93.20 billion by 2032 at 44.6% CAGR. Deloitte’s TMT Predictions 2025 estimates $8.5 billion in 2026, growing to $35 to $45 billion by 2030.

Every major forecast agrees on direction. None agrees on scale. The standalone agentic AI market lands between $7 billion and $8.5 billion. Gartner’s broader view, counting agentic capabilities embedded across enterprise software, reaches $201.9 billion in 2026. That 25x gap is not a contradiction. It is a measurement problem, and the takeaways below reflect both realities. The following are the key takeaways from agentic AI forecasts published in 2026 so far:

Key takeaways

Worldwide AI spending will reach $2.52 trillion in 2026, growing 44% year-over-year. That number jumped roughly $500 billion from the September forecast, which had pegged the market just above $2 trillion. Infrastructure takes $1.37 trillion, 54% of total spend. AI software follows at $452.5 billion, up 60%. AI services add $588.6 billion. AI-optimized servers alone account for $421.6 billion, growing to 49%. Gartner expects spending to grow by another 30% in 2027 and surpass $3 trillion. I have tracked these forecasts through multiple iterations. The revisions keep going in one direction. Source: Gartner press release, January 15, 2026

Gartner projects $4.71 trillion in global AI spending by 2029. The fastest growth isn’t in infrastructure. Synthetic data generation leads all categories at 178% CAGR, followed by the broader AI Data market at 155%. Agentic AI compounds at 119%, expanding from $15 billion to $753 billion by 2029. AI Infrastructure, the largest category by dollars, grows at just 29%. The money is following the bottlenecks. Source: Gartner 4Q25: $4.71T AI Market Proves Agentic AI and Data Readiness Are the Only Race That Matters, Software Strategies Blog, January 22, 2026 Link: https://softwarestrategiesblog.com/2026/01/22/gartner-4q25-agentic-ai-data-readiness-4-71t-market/

The AI cybersecurity market is predicted to hit $51.3 billion in 2026, nearly doubling from $25.9 billion in 2025. But the category masks a structural imbalance. AI-amplified security, where AI defends the enterprise, captures 94.5% of spending at $48.5 billion. Securing AI, where the enterprise defends its own AI systems, gets $2.8 billion. Enterprises are investing 17x more in using AI as a security tool than in protecting the AI itself. Both sub-segments grow at similar CAGRs (74% vs. 72%), which means the dollar gap widens every year. By 2029, AI-amplified security reaches $160.4 billion, while securing AI hits just $11.6 billion. One is a tool. The other is the thing that needs protecting. Source: Gartner Forecasts Agentic AI Will Overtake Chatbot Spending by 2027, Software Strategies Blog, February 16, 2026 Link: https://softwarestrategiesblog.com/2026/02/16/gartner-forecasts-agentic-ai-overtakes-chatbot-spending-2027/

AI Data sits alone in the upper-right quadrant of Gartner’s spending map, compounding at 155% CAGR with 277% growth in 2026. AI Cybersecurity and AI Models cluster above 67% CAGR. AI Infrastructure anchors the chart as the largest bubble, but grows at just 29%. Global AI spending reaches $1.8 trillion in 2025 and $4.7 trillion by 2029. The acceleration is not in compute. It is in data readiness, security architecture, and agentic capabilities. By 2028, software with agentic capabilities crosses 50% of total application software spend, up from 2% in 2024. Non-agentic software spending starts declining in 2027. Source:Data Readiness and Security Are Driving AI’s $4.7 Trillion Run, Software Strategies Blog, December 22, 2025 Link: https://softwarestrategiesblog.com/2025/12/22/data-readiness-security-driving-ai-4-7-trillion/

Gartner’s AI spending forecast reaches $2.53 trillion in 2026 and $4.71 trillion by 2029. Eight markets. One pattern. AI Infrastructure dominates absolute dollars at $1.37 trillion in 2026 but grows at just 29% CAGR. AI Data, the smallest segment at $3.1 billion, compounds at 155%. AI Cybersecurity nearly doubles to $51.3 billion. AI Software hits $452.5 billion, growing 60% year-over-year as agentic capabilities reshape the category. The growth rates tell you where the bottlenecks are breaking. Source: Data Readiness and Security Are Driving AI’s $4.7 Trillion Run, Software Strategies Blog, December 22, 2025 Link: https://softwarestrategiesblog.com/2025/12/22/data-readiness-security-driving-ai-4-7-trillion/

Nearly nine in ten organizations now use AI in at least one business function, up from 78% a year ago, but nearly two-thirds have not begun scaling it across the enterprise. Only 6% qualify as high performers where AI contributes more than 5% to EBIT. Sixty-two percent of organizations are at least experimenting with AI agents, yet in no individual business function are more than 10% scaling them. High performers are three times more likely than peers to fundamentally redesign workflows and three times more likely to have senior leaders demonstrating ownership of AI initiatives. More than one-third of high performers commit over 20% of their digital budgets to AI, and about three-quarters have reached the scaling phase, versus one-third of other organizations. Source: McKinsey / QuantumBlack, The state of AI in 2025: Agents, innovation, and transformation, November 2025

Valued at $638.23 billion in 2024, the global AI market is projected to reach $3,680.47 billion by 2034, expanding to a CAGR of 19.20%. North America holds 31.80% market share. The software segment dominates at 51.40%, while machine learning leads by technology at 36.70%. Healthcare is expected to record the highest CAGR of 36.50% across end-use segments. Among regions, Asia-Pacific is expected to grow at 19.8% CAGR from 2025 to 2034, with AI projected to add up to $3 trillion to the region’s GDP by 2030, driven by national AI strategies in China, India, and Japan. Source: Precedence Research, AI Market Size, Growth & Trends, September 2025

Nearly $7 trillion. That’s the capital outlay data centers will require by 2030 to keep pace with demand for compute power. Of that, $5.2 trillion goes toward AI-ready facilities and $1.5 trillion toward traditional IT workloads. Global demand for data center capacity could almost triple by 2030, with about 70% of new demand coming from AI workloads. Three investment scenarios range from $3.7 trillion (constrained demand) to $7.9 trillion (accelerated demand, adding 205 incremental GW). The 60% majority of investment—$3.1 trillion—flows to technology developers and designers producing chips and computing hardware. Source: McKinsey, The cost of compute: A $7 trillion race to scale data centers, April 2025

Inference already consumed half of all AI compute in 2025. That number will grow to two-thirds in 2026 and reach 75% of all AI compute needs by 2030. Global data center capacity is projected to nearly double from 103 gigawatts to 200 GW by 2030, yet U.S. data centers already face a capacity shortfall exceeding 11 GW, with the cumulative gap expected to exceed 40 GW by 2028. North American data center capacity alone will increase eightfold, from 5.6 GW in 2024 to 44 GW by 2030. Operators are increasingly deploying edge facilities closer to end users to reduce latency as inference-dominated workloads drive a fundamental redesign of data center architectures. Source: Avid Solutions, 13 Data Center Growth Projections, January 2026

Generative AI could add the equivalent of $2.6 trillion to $4.4 trillion annually to the global economy, increasing the projected impact of all AI by 15 to 40%. About 75% of the value falls across four areas: customer operations, marketing and sales, software engineering, and R&D. Half of today’s work activities could be automated between 2030 and 2060, with a midpoint in 2045—roughly a decade earlier than previously estimated. When embedding effects in existing software are included, the total economic benefit rises to $6.1 trillion to $7.9 trillion annually. Source: McKinsey, The economic potential of generative AI, June 2023

The global AI market hit $294.16 billion in 2025 and is projected to grow to $2,480.05 billion by 2034, at a CAGR of 26.60%. The Banking, financial services and insurance (BFSI) segment holds 18.90% market share, while healthcare is expected to record the highest CAGR of 36.50%. In the U.S. alone, the AI market was estimated at $146.09 billion in 2024 and is predicted to reach $851.46 billion by 2034. The number of AI companies funded globally in 2024 totaled 2,049, with U.S.-funded companies accounting for 1,143, signaling strong investor confidence in the sector’s expansion potential. Source: Fortune Business Insights, AI Market Size, Growth & Trends by 2034

Big Tech’s AI capex hit $405 billion in 2025, up from a $250 billion estimate at the start of the year. Sell-side analysts have underestimated AI spending every quarter for two years running. A decade ago, Big Tech’s trailing-twelve-month capex was $24 billion—15x less than today. AI data center costs are projected at $3 trillion to $8 trillion, with gigawatt capacity expected to grow 3.5x by 2030. Source: IO Fund, Big Tech’s $405B Bet, November 2025

The global AI market was valued at $371.71 billion in 2025 and is projected to reach $2,407.02 billion by 2032, growing at a CAGR of 30.6%. Hyperscalers accounted for 53% of chip purchases in 2023, spurring 156% market growth from 2023 to 2024. While demand from hyperscalers is expected to moderate, growth of 41% is still forecast from 2025 to 2026. Enterprises are moving from cloud reliance to in-house AI infrastructure investments, particularly for cost-effective inference solutions, as edge AI gains traction through AI-enabled PCs and mobile devices. Source: Markets and Markets, AI Market Report 2025-2032

At $602 billion projected for 2026, hyperscaler capex has entered uncharted territory. Amazon, Microsoft, Google, and Meta will each exceed $100 billion individually, pushing capital intensity to 45-57% of revenue. Total hyperscaler capex from 2025-2027 is projected at $1.15 trillion, more than double the $477 billion spent from 2022-2024. Morgan Stanley and JP Morgan suggest the technology sector may need to issue $1.5 trillion in new debt over the next few years to finance AI infrastructure construction. The sheer scale of debt issuance mirrors patterns seen during the fiber-optic buildout of the late 1990s. Source: Multiple sources compiled by Introl, January 2026

The number of software companies using consumption-based pricing more than doubled between 2015 and 2024, as AI introduces new variable costs that make traditional perpetual licenses obsolete. SaaS remains dominant, but the next wave is outcome-aligned pricing that scales with actual AI usage. Software businesses that successfully adopt consumption-based pricing aligned with usage and outcomes may be better positioned to capture AI-driven value and differentiate themselves in a rapidly evolving market where the cost of each AI inference adds a new variable to the P&L. Source: McKinsey, AI adjusts the software bill, January 27, 2026

Data center capacity needs for AI and non-AI workloads could almost triple by 2030, with AI capacity increasing 3.5 times and making up roughly 70% of the total. Under a continued-momentum scenario, total capacity demand rises from 82 GW in 2025 to 219 GW by 2030, with incremental AI capacity ranging from 13 GW in 2025 to 31 GW in 2030, totaling 124 GW of new AI capacity. Non-AI workloads grow from 38 GW to 64 GW over the same period. Average power densities in AI-ready data centers have more than doubled in just two years and are expected to rise nearly four times by 2027. Source: McKinsey, Data center demands (Week in Charts), May 2025

U.S. data-center spending exceeded half a trillion dollars in 2025. The U.S. and China drove a massive expansion in AI-related computing capacity through 2024, with the U.S. pulling further ahead in the first half of 2025. AI-related trade accounted for nearly half of all merchandise trade growth in that period, despite representing only 15% of total trade volume. The infrastructure boom is reshaping international commerce, with surging demand for servers, graphics cards, and related components essential to AI training and inference now a dominant force in global supply chains. Source: Federal Reserve Board, FEDS Notes: The Global Trade Effects of the AI Infrastructure Boom, February 2026

The generative AI market is expanding from $71.36 billion in 2025 to $890.59 billion by 2032, at a CAGR of 43.4%. North America accounted for 43.05% of global revenue in 2025. Text remains the dominant data modality due to its foundational role in enterprise workflows, while the services segment is gaining traction for scalability and cost-effectiveness. Foundation model delivery platforms verticalized adoption across industries, and the rapid scaling of AI-native infrastructure are the three key forces driving the market as of 2025. The 43.4% CAGR makes this one of the fastest-expanding technology subsegments in history. Source: MarketsandMarkets, Generative AI Market Report, Global Forecast to 2032

The generative AI market reached $37.89 billion in 2025 and is projected to hit $1.2 trillion by 2035, a 37% compound annual growth rate. Transformer architectures account for more than 42% of technology revenue, driven by text-to-image and text-to-video applications. Software captures over 65% of total revenue. North America holds 41% of the market. Asia-Pacific is the fastest-growing region at a 27.6% CAGR through 2035. Financial services is expected to lead sector growth at 36.4%, fueled by fraud detection, risk management, and regulatory compliance demands. Source: Precedence Research, Generative AI Market Size, January 2026

GPUs captured 89% of AI processor revenue in 2025, but FPGA and ASIC alternatives are growing at a 17% CAGR through 2031. Hardware accounted for 68% of all AI infrastructure spending last year. North America held 40% of the market, backed by $52.7 billion in CHIPS Act grants and hyperscalers operating roughly 60% of global AI compute capacity. Liquid cooling reached 18% of AI server racks as power densities crossed 100 kilowatts per rack, the threshold where air cooling fails. Asia-Pacific is projected to grow fastest at 16.4% CAGR through 2031, driven by China’s $50 billion semiconductor fund and $15 billion in hyperscaler commitments across India. Source: Mordor Intelligence, AI Infrastructure Market Size, Trends & Growth Drivers 2031

Nearly one in four Americans has already made a purchase through AI. Morgan Stanley Research estimates agentic shoppers will drive $190 billion to $385 billion in U.S. e-commerce spending by 2030, capturing 10% to 20% of market share. Grocery and consumer packaged goods lead adoption, with 49% of AI-assisted buyers transacting in those categories. AI shopping agent users are projected to reach 126 million by 2030, up from near zero today, while traditional e-commerce users decline from 264 million to 149 million over the same period. Source: Morgan Stanley Research, Agentic Commerce Market Impact Outlook, December 2025 Link: https://www.morganstanley.com/insights/articles/agentic-commerce-market-impact-outlook

Feb 16

1 Comment

Gartner forecasts agentic AI will overtake chatbot spending by 2027

Agentic AI spending grows 141% in 2026 to $201.9 billion. By 2027, it will overtake chatbot and assistant spending for the first time. Then chatbot spending starts declining. I’ve tracked Gartner’s AI forecasts through multiple iterations. This crossover changes where security risk concentrates for every security professional reading this.

The crossover is in the segment-level data tables of Gartner’s Forecast: AI Spending, Worldwide, 2024–2029, 4Q25. The headline number is well known: $2.53 trillion in 2026, $4.7 trillion by 2029 at 33% CAGR. The segment breakdowns are not. Eight markets. Nineteen sub-segments. The sub-segment data tells a different story than the top line.

This is Gartner’s first dedicated AI spending forecast, and I’ve been waiting for it. Gartner states that comparisons to previous AI estimates are not meaningful because the scope widened, adding AI cybersecurity, agentic AI as a separate segment from chatbots, AI data technology, and expanded infrastructure coverage. Gartner writes, “This is the first iteration of the forecast on AI spending that Gartner has published. Gartner has significantly expanded and modified its AI forecast coverage. Spending comparisons to previous iterations are therefore not meaningful as the scope has widened. This includes both coverage of new markets and broadened definitions of the types of AI spending that are reflected in some market segments.”

Forrester’s Predictions 2026: Cybersecurity and Risk arrives at the same warning from a different angle: an agentic AI deployment will cause a publicly disclosed breach in 2026, leading to employee dismissals. Two firms. Same conclusion. The spending data explains why.

CAPTION: Total worldwide AI spending, 2024–2029. $1.14T to $4.71T. 33% CAGR. Growth decelerates from 54% (2025) to 16% (2029) as the base expands. Source: Gartner Forecast: AI Spending, 4Q25 (December 2025).

The full market breakdown

AI infrastructure dominates at $1.37 trillion, 54% of the total. AI software follows at $452.5 billion, growing 60% year-over-year. AI services add $588.6 billion. AI cybersecurity and AI data are the outliers: growing at 74% and 155% CAGR, respectively, rates that dwarf everything else in the forecast.

Source: Gartner Forecast: AI Spending, Worldwide, 2024–2029, 4Q25 (December 19, 2025). All figures in U.S. dollars. CAGR = 2024–2029. Gartner press release: https://www.gartner.com/en/newsroom/press-releases/2026-1-15-gartner-says-worldwide-ai-spending-will-total-2-point-5-trillion-dollars-in-2026

Infrastructure takes 54% of every AI dollar

AI-optimized servers alone account for $421.6 billion in 2026, growing to $699.7 billion by 2029. AI processing semiconductors add $289.4 billion. AI-optimized IaaS hits $38.3 billion at 71% CAGR, the fastest-growing infrastructure sub-segment. AI network fabric, a new category in this forecast, reaches $28.7 billion.

Infrastructure’s share drops from 54% to 48% by 2029 as software and services scale faster. The capital-intensive build-out phase is not over.

The agentic crossover nobody is planning for

Gartner now splits AI software into chatbots/assistants and agentic AI. The spending lines cross in 2027.

CAPTION: Agentic AI spending overtakes chatbot/assistant spending by 2027. Chatbots peak at $264.7B then decline. Agentic AI grows at 119% CAGR to $752.7B by 2029. Source: Gartner Forecast: AI Spending, 4Q25 (December 2025). AI Software segment, Table 1-2.

Source: Gartner Forecast: AI Spending, 4Q25 (December 2025). CAGR = 2024–2029.

Chatbots talk to people. Agents act on behalf of people. They access databases, execute transactions, chain multi-step workflows without human approval at each step. The attack surface has moved well beyond conversation windows. Agents are autonomous decision engines with production access.

Gartner’s Top Trends in Cybersecurity for 2026 lists agentic AI oversight as the number-one trend. Forrester’s Predictions 2026: Cybersecurity and Risk goes further: an agentic AI deployment will cause a public breach this year, and employees will lose their jobs for it. Forrester senior analyst Paddy Harrington calls it a “cascade of failures,” not a single point of error. Two analyst firms. Different methodologies. Same conclusion. Security strategies built for chatbot-era risk have a shelf life measured in quarters, not years.

AI cybersecurity is two markets, not one

Gartner created a dedicated AI cybersecurity market for the first time in this forecast. It nearly doubles in 2026. But the category name hides a structural split that matters more than the growth rate.

Source: Gartner Forecast: AI Spending, 4Q25 (December 2025). CAGR = 2024–2029.

Two sub-segments. Two very different problems.

AI-amplified security ($48.5 billion, 94.5% of the market) is what most enterprises mean when they say “AI cybersecurity.” This is AI working for your security team. Machine learning models that analyze network traffic patterns and flag anomalies faster than a human analyst can. Natural language processing that reads threat intelligence feeds and correlates indicators of compromise across millions of data points in seconds. Automated triage systems that prioritize which of the 11,000 daily alerts actually need a human response. AI-powered endpoint detection that identifies malware variants that signature-based tools miss. Behavioral analytics that learn what normal looks like for each user and flag deviations. Security orchestration platforms that automate incident response playbooks, reducing mean time to containment from hours to minutes.

This is the category where enterprises are spending aggressively. And for good reason. The math on analyst workloads demands it. Security operations centers are drowning in alerts, facing a persistent talent shortage, and defending attack surfaces that expand every quarter. AI-amplified tools address all three.

Securing AI ($2.8 billion, 5.5% of the market) is the other problem. AI-amplified security puts AI to work defending the enterprise. Securing AI reverses the relationship entirely — defending the AI itself. Protecting the models, the training data, the inference pipelines, the agent workflows, and the decision outputs that enterprises are deploying at $2.53 trillion in 2026. Prompt injection defenses. Model access controls. Training data poisoning detection. Output validation. Agent permission boundaries. Audit trails for autonomous decisions.

The distinction matters because they protect different things. AI-amplified security protects your enterprise using AI. Securing AI protects the AI itself. One is a tool. The other is the thing that needs protecting. Enterprises are investing 17 times more in the tool than in protecting the thing the tool runs on.

Shadow AI is not just employees using ChatGPT

Gartner names the mechanism driving AI software growth: vendor push. Software providers are integrating GenAI and agentic AI into existing product lines. AI software grows from $143 billion in 2024 to $981 billion by 2029 at 47% CAGR.

For CISOs, vendor push changes the equation. AI capabilities are being added to tools already in production. Often without explicit procurement decisions. The AI features embedded in your existing ERP, CRM, and developer platforms may already exceed what your security team has inventoried. Shadow AI is vendors activating AI inside products you already own.

The smallest market with the biggest growth rate

AI data technology: $134 million in 2024. $3.1 billion in 2026. $14.6 billion by 2029. The 155% CAGR is the highest in the forecast. The 277% year-over-year growth in 2026 is the steepest single-year jump of any segment.

Synthetic data generation is the standout sub-segment, going from $41 million to $6.8 billion by 2029. Gartner is direct: enterprises need AI-ready data with proper labeling, quality checks, and compliance. For organizations running AI projects on ungoverned data, the readiness gap compounds every quarter.

CAPTION: AI spending markets ranked by five-year CAGR. AI Data (155%) and AI Cybersecurity (74%) lead. AI Infrastructure is the largest by absolute dollars. Source: Gartner Forecast: AI Spending, 4Q25 (December 2025).

Indirect services are the governance blind spot

Indirect AI services, where AI is a supporting component in a larger project, grow from $78.4 billion in 2024 to $255.9 billion in 2026 at 50% CAGR. Direct AI services hit $332.8 billion. By 2028, indirect overtakes direct.

Indirect AI means capabilities embedded in consulting and implementation projects that procurement does not classify as AI. If you cannot see it in your AI inventory, you cannot govern it.

Servers are a bigger market than AI software

AI-optimized servers alone hit $421.6 billion in 2026, just below the entire AI software market at $452.5 billion. By 2029, servers reach $699.7 billion. Cloud providers are building capacity for AI workloads that have not materialized at scale. The infrastructure is ahead of the applications.

The enterprise agentic stack is showing up in spending data

Gartner’s DSML segment includes a dedicated agent builder platforms sub-segment at $5.0 billion in 2026, reaching $13.7 billion by 2029. AI observability and governance adds $1.3 billion, growing to $4.0 billion. The xOps sub-segment (MLOps, DataOps, ModelOps) is the largest at $15.0 billion.

Together, these form the tooling layer for building, monitoring, and governing agents in production. The enterprise agentic stack is materializing in the spending data. Most organizations have not formalized it in their architecture.

The numbers that belong in your next board deck

If you take one thing from this forecast into a budget meeting, take this table. I built it from the raw spreadsheet data. Six years of AI deployment spending next to AI security spending. The bottom row is the one that gets the questions.

Source: Gartner Forecast: AI Spending, 4Q25 (December 2025). All percentages derived from Gartner’s published data tables (Tables 1-1 and 1-2).

The ratio improves over time. Securing AI goes from 0.07% in 2024 to 0.25% by 2029. But watch the absolute numbers. In 2029, enterprises will spend $4.71 trillion deploying AI and $11.6 billion securing it. The percentage gets better. The dollar gap gets wider. Every year, the market grows its way into a larger exposure.

Where I think this lands

Three things worth tracking from the segment data:

The agentic crossover. Agentic AI overtakes chatbot spending in 2027. The enterprise risk profile shifts from conversational data leakage to autonomous decision-making at scale. CISOs who build agentic governance frameworks in 2026 position themselves before the inflection. The spending curve says the window is narrowing.

The securing-AI gap. $2.8 billion to protect AI systems in a year when $2.53 trillion deploys them. Enterprises are enthusiastic about using AI for defense. The investment in defending AI itself has not caught up.

Data readiness is the bottleneck. The 277% growth in AI data spending confirms that AI without governed data delivers diminished returns. Data classification investments directly enable or constrain AI ROI.

If your security budget is growing at 12% and AI deployment inside your enterprise is growing at 44%, the gap compounds every quarter. You cannot close it by holding steady. The organizations getting this right treat AI security as a proportion of AI deployment, not a fixed line item.

—

Sources

Gartner, Forecast: AI Spending, Worldwide, 2024–2029, 4Q25, December 19, 2025, ID G00843179.

Gartner press release (January 15, 2026): https://www.gartner.com/en/newsroom/press-releases/2026-1-15-gartner-says-worldwide-ai-spending-will-total-2-point-5-trillion-dollars-in-2026

Gartner, Top Trends in Cybersecurity for 2026 (February 5, 2026): https://www.gartner.com/en/newsroom/press-releases/2026-02-05-gartner-identifies-the-top-cybersecurity-trends-for-2026

Gartner, IT Spending Forecast 1Q26 (February 3, 2026): https://www.gartner.com/en/newsroom/press-releases/2026-02-03-gartner-forecasts-worldwide-it-spending-to-grow-10-point-8-percent-in-2026-totaling-6-point-15-trillion-dollars

Forrester, Predictions 2026: Cybersecurity and Risk (October 2025): https://www.forrester.com/blogs/predictions-2026-cybersecurity-and-risk/

All dollar figures in U.S. dollars. Growth rates and CAGR derived from Gartner’s published data tables (Tables 1-1 and 1-2).

Feb 10

Top 6 cybersecurity trends from Gartner’s 2026 Security Forecast

Over 57% of employees are using personal GenAI accounts for work. A third of them admit to uploading sensitive data into tools their security teams haven’t approved. Meanwhile, agentic AI is proliferating through no-code platforms and vibe coding, creating attack surfaces most CISOs can’t see, let alone govern. And quantum computing? No longer a 10-year planning horizon. It’s a 2030 action deadline.

Gartner’s Top Trends in Cybersecurity for 2026 report, released February 5, 2026, identifies six forces reshaping how CISOs must operate. These cut across governance, AI adoption, identity, workforce, and cryptographic strategy simultaneously. None of them is incremental.

The trends report lands alongside Gartner’s updated Forecast: Information Security, Worldwide, 2023–2029, 4Q25 (G00843183, December 18, 2025) and the Forecast Analysis: Information Security, Worldwide, 2026 (G00838442, February 5, 2026), which together project global information security spending reaching $244.2 billion in 2026, up 13.3% in current U.S. dollars. I’ve tracked this forecast through multiple quarterly updates. The trajectory keeps steepening. The six trends below explain where that money is going and why.

“Cybersecurity leaders are navigating uncharted territory this year as these forces converge, testing the limits of their teams in an environment defined by constant change,” said Alex Michaels, Director Analyst at Gartner. “This demands new approaches to cyber risk management, resilience, and resource allocation.”

The spending backdrop: $244 billion and accelerating

Before getting into the six trends, context matters. Gartner’s 4Q25 forecast shows the three major security segments all growing at double-digit constant currency rates in 2026:

Source: Gartner Forecast: Information Security, Worldwide, 2023–2029, 4Q25 Update (G00843183). Constant currency rates.

Cloud security remains the fastest-growing subsegment at 28.8% growth in 2026. Nothing else comes close. The combined cloud security market (cloud security posture management, cloud access security brokers, and cloud workload protection platforms) is projected to reach $32.4 billion by 2029, with a 25% CAGR in constant currency. I’ve been watching this subsegment accelerate for three quarters straight. CSPM alone is growing at a 31.30% CAGR.

Cloud security spending reaches $32.4 billion by 2029. CSPM leads at 31.30% CAGR. Source: Gartner 4Q25 Forecast. (Please click on the image to expand for easier reading)

Trend 1: Agentic AI demands cybersecurity oversight

This is the trend that touches everything else on this list. Employees and developers are deploying AI agents through no-code/low-code platforms and “vibe coding” at a pace that outstrips security governance. Unmanaged AI agent proliferation. Unsecured code. Compliance violations that most security teams don’t even have visibility into yet. That’s the picture Gartner is painting.

Gartner’s recommendation is blunt: cybersecurity leaders must identify both sanctioned and unsanctioned AI agents operating within their environments, enforce access controls and data guardrails, and develop incident response playbooks specific to agent-driven threats.

“While AI agents and automation tools are becoming increasingly accessible and practical for organizations to adopt, strategic cybersecurity planning for these technologies is essential,” said Michaels. “Cybersecurity leaders must work cross-functionally to manage agentic AI adoption, identifying sanctioned and unsanctioned AI agents, enforcing data access controls, and developing incident response playbooks.”

The spending data backs this up. Gartner’s 4Q25 forecast projects the AI-amplified security market reaching $160 billion by 2029, up from $49 billion in 2025. Gartner is clear that this isn’t additive spending. It represents the portion of existing security products that now embed AI capabilities. But the expectation tells the story: over 75% of enterprises will use AI-amplified cybersecurity products by 2028, up from less than 25% in 2025. Vendors that don’t embed AI will lose shelf space. (For more on AI security platforms, see Gartner’s Top Strategic Technology Trends for 2026, which predicts that over 50% of enterprises will use AI security platforms to protect their AI investments by 2028.)

Trend 2: Global regulatory volatility drives cyber resilience efforts

Regulators are getting personal. Boards and executives now face direct liability for compliance failures. Not just organizational fines, but individual accountability. The penalties for inaction have moved from theoretical to career-ending. Across multiple jurisdictions simultaneously.

Gartner advises cybersecurity leaders to formalize collaboration across legal, business, and procurement teams to establish clear accountability for cyber risk. Align control frameworks to recognized standards. Address data sovereignty concerns before they become enforcement actions. The organizations doing this well are treating regulatory preparedness as a core security function, not an annual compliance checkbox.

This is where the spending data gets interesting. Gartner’s forecast shows security consulting services growing from $24.2 billion (2024) to $36.6 billion (2029), adding $12.4 billion in five years. Security professional services follow a similar trajectory: $27.3 billion to $40.8 billion, adding $13.5 billion. Organizations are buying outside expertise because they can’t build regulatory competence fast enough in-house. I’ve been covering these numbers for three quarters, and the services growth is the part of the forecast that keeps surprising me.

Infrastructure protection adds $26.4 billion between 2024 and 2029, the largest absolute growth of any subsegment. Source: Gartner 4Q25 Forecast. (Please click on the image to expand for easier reading)

Trend 3: Post-quantum computing moves into action plans

Gartner predicts advances in quantum computing will render the asymmetric cryptography that organizations rely on unsafe by 2030. Four years. That’s the window to adopt post-quantum cryptography alternatives before “harvest now, decrypt later” attacks start cashing in on data that adversaries are collecting today.

Organizations need to identify their cryptographic deployments, assess data sensitivity and lifespan, and prioritize cryptographic agility. That last phrase keeps coming up in my conversations with CISOs. The ability to swap encryption methods without re-architecting entire systems. Swapping an algorithm is one thing. Doing it across a production environment without downtime is an entirely different problem.

“Post-quantum cryptography is reshaping cybersecurity strategies by prompting organizations to identify, manage, and replace traditional encryption methods, while prioritizing cryptographic agility,” said Michaels. “By investing in these capabilities and prioritizing migration now, assets will be secured when quantum threats become a reality.“

The encryption market in Gartner’s 4Q25 forecast grows from $1.04 billion in 2023 to $2.04 billion by 2029 at an 11.95% CAGR. A 2.0x increase. For what has historically been one of the slower-growing security subsegments, that’s a significant acceleration. Quantum urgency is changing the math.

Trend 4: Identity and access management adapts to AI agents

AI agents are breaking traditional IAM models. Plain and simple. Identity registration and governance, credential automation, and policy-driven authorization weren’t designed for autonomous machine actors that can initiate actions, access data, and interact with systems without human intervention. The scale problem compounds fast: when every employee can deploy dozens of AI agents, the identity surface area explodes.

Gartner recommends a targeted, risk-based approach. Invest where gaps and risks are greatest. Leverage automation where possible. The practical starting point is understanding which AI agents carry the most privilege and the least oversight. Those are your highest-risk identities right now, and most organizations haven’t inventoried them.

The identity market is already significant. Gartner’s 4Q25 forecast shows identity access management growing from $18.7 billion (2024) to $29.0 billion (2029), adding $10.3 billion in five years. That’s before the full scale of agentic AI identity requirements hits the market. IAM vendors that solve machine-actor identity at scale will capture a disproportionate share of that $10.3 billion growth.

Trend 5: AI-driven SOC solutions destabilize operational norms

AI-enabled security operations centers are enhancing alert triage and investigation workflows. The technology works. But deploying AI into a SOC doesn’t automatically reduce headcount needs. It changes the skill mix. Analysts who excelled at manual triage need different capabilities to oversee AI-driven workflows. Organizations are discovering this the hard way. That’s an organizational transformation challenge, and throwing more technology at it doesn’t help.

“To realize the full potential of AI in security operations, cybersecurity leaders must prioritize people as much as technology,” said Michaels. “Strengthening workforce capabilities, implementing human-in-the-loop frameworks into AI-supported processes and aligning adoption with clear strategic objectives will be critical to maintaining resilience as SOCs evolve.”

The talent dimension makes this harder than it already sounds. ISC2’s 2024 Cybersecurity Workforce Study, published in October 2024, documented a global workforce gap of 4.8 million professionals, a 19% year-over-year increase. The active workforce flatlined at 5.5 million (up just 0.1%). The numbers are brutal: 25% of organizations reported cybersecurity layoffs in 2024. 37% faced budget cuts. 90% report skills shortages. 58% believe the shortage puts their organization at significant risk. On the spending side, managed security services are growing at 11.1% in 2026, the fastest rate in the services segment. Organizations can’t hire fast enough, so they’re buying managed SOC capacity instead.

Trend 6: GenAI breaks traditional cybersecurity awareness tactics

Existing security awareness programs are failing. Full stop. A Gartner survey of 175 employees conducted between May and November 2025 found that 57% use personal GenAI accounts for work purposes, while 33% admit to uploading sensitive information to tools their organizations haven’t sanctioned. Those numbers should alarm every CISO reading this. A third of your workforce is actively feeding proprietary data into tools you can’t audit.

Gartner recommends shifting from general awareness training to adaptive behavioral programs that include AI-specific tasks. Generic compliance videos won’t cut it here. The organizations getting this right are making approved GenAI tools easy to access and unsanctioned tools hard to justify. Trying to ban GenAI outright just drives usage underground and costs you talent.

Strengthening governance, embedding secure practices, and establishing clear policies for authorized GenAI use will reduce exposure to privacy breaches and intellectual property loss. The governance gap on GenAI usage is, in my view, the most underestimated risk on this entire list. Every other trend has a spending line item attached to it. This one requires behavioral change, which is harder to buy.

Total market trajectory: $173.5 billion to $323.5 billion

Gartner’s year-by-year spending trajectory shows the acceleration curve these six trends are riding:

Source: Gartner Forecast: Information Security, Worldwide, 2023–2029, 4Q25 Update (G00843183, December 18, 2025). Current U.S. dollars.

CSPM and CASB lead all security categories with 31% and 26% CAGR through 2029. Source: Gartner 4Q25 Forecast. (Please click on the image to expand for easier reading)

What this means for CISOs

Three of the six trends (agentic AI oversight, IAM for machine actors, and GenAI awareness) are fundamentally about the same problem: autonomous AI systems operating inside enterprise environments without adequate governance. The other three (regulatory volatility, post-quantum readiness, and AI-driven SOCs) are the structural forces those governance failures will collide with. That convergence is the signal about where 2026 budgets need to go.

The organizations that will navigate this environment successfully are doing three things simultaneously:

Mapping their AI agent footprint now. If you don’t know how many AI agents are operating across your environment, sanctioned and unsanctioned, you can’t govern what you can’t see. Gartner’s 75% AI-amplified product adoption projection by 2028 means this window for establishing control is narrow.

Building cryptographic agility into their architecture. The 2030 quantum deadline means migration planning starts in 2026, not 2028. The encryption market’s 2.0x growth reflects early movers. Late movers face rip-and-replace costs that compound every quarter they wait.

Investing in people alongside AI tooling. AI-enabled SOCs work when human operators have the skills to oversee them. The ISC2 data is unambiguous: a 4.8 million professional gap growing at 19% year-over-year. Managed security services growth at 11.1% tells you where CISOs are finding capacity.

Gartner’s numbers aren’t projections anymore. They’re procurement trends already hitting finance systems. The $244.2 billion flowing into information security this year will fund agentic AI governance, quantum migration, and SOC transformation, whether your organization participates or not.

Bottom line: CISOs planning for 2027 are watching their competitors buy the tools they’ll be scrambling for in 18 months. The data says move now.

Jul 7

Deloitte shares latest research into adversarial AI, ransomware in new report

Over the past year, 66% of organizations experienced at least one ransomware attack, with many suffering repeated breaches. According to Deloitte’s Annual Cyber Threat Trends report, ransomware, identity-based attacks, and sophisticated attack methods like zero-day exploits and AI-driven cyber espionage dominate a rapidly changing threat landscape.

Ransomware attackers specialize in making chaos pay

Attackers are using ransomware as a smash-and-grab strategy, often to finance other illegal operations. Cybercrime gangs, including those that are state-funded, rely on ransomware as a primary source of revenue as well.

Ransomware attackers aim to create widespread chaos across supply chains, amplifying the impact of their attacks. For example, United Healthcare paid a $22 million ransom in Bitcoin, demonstrating how greater disruption often leads to higher payouts.

“Sophisticated ransomware operators are increasingly using zero-day exploits as their initial access vector, with 36 percent of victims ransomed in this way. Valid credential compromise was the second most common entry point for ransomware attacks,” says Deloitte in the report.

“Phishing, remote attacks on public-facing infrastructure, and unauthorized remote desktop connections continue to be the primary sources of infiltration for ransomware,” writes Paul Furtado, Gartner vice president analyst, in a recent research report, How to Prepare for Ransomware Attacks.

Furtado notes that “bad actors are mining exfiltrated data to identify other potential sources of revenue,” further increasing the urgency to harden cyberdefenses against ransomware attacks. The following is a typical ransomware attack pattern as defined in the Gartner report.

Source: Gartner, How to Prepare for Ransomware Attacks, 16 April 2024

CrowdStrike’s threat intelligence teams regularly monitor every known ransomware variant. “RaaS kits are easy to find on the dark web, where they are advertised in the same way that goods are advertised on the legitimate web,” writes Kurt Baker in a blog post explaining RaaS. The post continues, “a RaaS kit may include 24/7 support, bundled offers, user reviews, forums, and other features identical to those offered by legitimate SaaS providers.”

The 2024 Annual Threat Assessment of the U.S. Intelligence Community found that “transnational organized criminals involved in ransomware operations are improving their attacks, extorting funds, disrupting critical services, and exposing sensitive data. Important U.S. services and critical infrastructure such as health care, schools, and manufacturing continue to experience ransomware attacks.”

Adversarial AI’s growing tradecraft

Deloitte’s research uncovered the growing use of adversarial AI for cyber espionage, finding it’s driving new forms of tradecraft in influence operations, social engineering, underground services, and collaboration.

Adversarial AI’s goal is to deliberately mislead AI and machine learning (ML) systems so they are ineffective for the use cases they’re being designed for. Adversarial AI refers to “the use of artificial intelligence techniques to manipulate or deceive AI systems. It’s like a cunning chess player who exploits the vulnerabilities of their opponent. These intelligent adversaries can bypass traditional cyber defense systems, using sophisticated algorithms and techniques to evade detection and launch targeted attacks.”

source: Deloitte Annual Cyber Threat Trends report

Influence operations are the most active threat vector of the three Deloitte is tracking. AI image deception and deepfake accuracy are accelerating faster than many existing detection technologies can keep up with.

Telesign’s 2024 Trust Index found just how wide the trust gap is becoming due to deep fakes and broader influence operations. 87% of Americans hold businesses accountable for digital privacy, yet only 34% trust them to use AI effectively to protect against fraud. Deepfakes and misinformation are driving a wedge of distrust between companies, the customers they serve, and citizens participating in elections this year.

Deloitte found that social engineering-based attacks are becoming more challenging to identify and stop. Nation-states are weaponizing LLMs and using genAI to improve their ability to launch large-scale social engineering attacks aimed at harvesting privileged access credentials and gaining control of thousands of identities in an enterprise at once.

The rapid growth of Voice Cloning-as-a-Service (VCaaS) tools powered by AI, which is used for vishing attacks to clone voices for financial fraud and unauthorized access, continues to defy easy detection. Cybercriminals and nation-state adversaries are quick to invest in new technologies that yield tradecraft that existing cybersecurity systems can’t decipher, and deepfakes are among the most undetectable today.

Preventing a ransomware attack

Start with a zero-trust mindset. Any trust-based connections in a network are a liability—a ransomware attack waiting to happen. Furtado advises, “Build and execute on a zero-trust strategy that reduces the risk of attackers abusing implicit trust in environments to achieve lateral movement, employ available exploits, and gain privilege escalation to deploy ransomware.”

Furtado’s recommendations reflect a strong zero-trust mindset that seeks to eliminate lateral movement, enforce least privilege access, and monitor all network activity while hardening identity and access management (IAM) security. In short, he’s advising having as strong of a zero-trust framework as possible in place to withstand a ransomware attack.

One of the core concepts of zero trust is to assume an attack has already penetrated the network. Furtado’s key takeaways from his recent report on ransomware include the following:

Have a complete preincident prevention strategy that includes workspace and endpoint protection, data protection, immutable backup, asset management, end-user awareness training, and strong identity and access management.
Implement a reliable asset management process to identify what needs to be protected and who is responsible, paying particular attention to legacy systems.
Establish a risk-based vulnerability management process that includes threat intelligence (TI) to address unpatched systems.
Implement both macro and micro network segmentation to minimize the blast radius of ransomware attacks.
Build and execute a zero-trust strategy to reduce the risk of attackers abusing implicit trust in environments.
Implement compliance scanning, penetration testing, and breach attack simulation (BAS) tools.
Remove local administrative privileges on endpoints and limit access to sensitive applications, including email, to prevent account compromise.
Prevent access to the command prompt and block the execution of PowerShell scripts on all user endpoints.
Implement strong authentication for privileged users, such as database and infrastructure administrators and service accounts, and log and monitor their activity.

Mar 27

The Top 20 Cybersecurity Startups To Watch In 2021

Cybersecurity, privacy and security startups have raised $1.9 billion in three months this year, on pace to reach $7.6 billion or more in 2021, over four times more than was raised throughout 2010 ($1.7 billion), according to a Crunchbase Pro query today.
22,156 startups who either compete in or rely on cybersecurity, security and privacy technologies and solutions as a core part of their business models today, 122 have pre-seed or seed funding in the last twelve months based on a Crunchbase Pro query.
From network and data security to I.T. governance, risk measurement, and policy compliance, cybersecurity is a growing industry estimated to be worth over $300B by 2025, according to C.B. Insight’s Emerging Trends Cybersecurity Report downloadable here.

Today, 680 cybersecurity, privacy, and security startups have received $6.8 billion in funding over the last twelve months, with $4 million being the median funding round and $12.6 million the average funding round for a startup. The number of startups receiving funding this year, funding amounts and the methodology to find the top 20 cybersecurity startups are all based on Crunchbase Pro analysis done today.

New startups and established vendors are attracting record levels of investment as all organizations look to thwart increasingly complex, costly and unpredictable cyberattacks. There is an arms race going on between cyber attackers using A.I. and machine learning and the many startups and existing vendors whose goal is to contain them. CBInsights and PwC recently published their latest quarterly joint study of the venture capital landscape, MoneyTree™ Report, Q4, 2020. The study finds that monitoring and security deals were the third fastest-growing vertical in 2020, with Q4 being exceptional for all verticals, as the heat map below shows:

The 20 Best Cybersecurity Startups To Watch In 2021

Based on a methodology that equally weighs a startup’s ability to attract new customers, current and projected revenue growth, ability to adapt their solutions to growing industries and position in their chosen markets, the following are the top 20 cybersecurity startups to watch in 2021:

Axis Security – Axis Security’s Application Access Cloud™ is a purpose-built cloud-based solution that makes application access across networks scalable and secure. Built on zero-trust, Application Access Cloud offers a new agentless model that connects users online to any application, private or public, without touching the network or the apps themselves. Axis Security is a privately held company backed by Canaan Partners, Ten Eleven Ventures, and Cyberstarts. Axis is headquartered in San Mateo, California, with research and development in Tel Aviv, Israel.

Bitglass – What makes Bitglass unique and worth watching is how they are evolving their Total Cloud Security Platform to combine cloud access security brokerage, on-device secure web gateways, and zero-trust network access to secure endpoints across all devices. Its Polyscale Architecture is delivering uptimes of 99.99% in customer deployments. Bitglass’s 2020 Insider Threat Report has several interesting insights based on their recent interviews with a leading cybersecurity community. One interesting takeaway is 61% of those surveyed experienced an insider attack in the last 12 months (22% reported at least six).

Cado Security – Cado Security’s cloud-native forensics and response platform helps organizations respond to security incidents in real-time, averting potential breaches and security incidents. The Cado Response platform is built on analytics components that perform thorough forensic analyses of compromised systems. Cado’s platform, Cado Response, is an agentless, cloud-native forensics solution that allows security professionals to quickly and comprehensively understand an incident’s impact across all environments, including cloud and containers as well as on-premise systems. “Finding the root cause of security incidents in cloud or container environments is incredibly difficult. Traditional tools don’t support these new environments, and there is a shortage of people who know both forensics and cloud security,” said CEO James Campbell, formerly Director, Cyber Threat Detection and Response at PricewaterhouseCoopers. “Our Cado Response platform completely changes how security professionals can respond to incidents in the cloud.”

Confluera – Originally mentioned as one of the 20 Best Cybersecurity Startups To Watch In 2020, Confluera’s sustained innovation pace in the middle of a pandemic deserves special mention. They are one of the most resilient startups to watch in 2021.Confluera is a cybersecurity startup helping organizations find sophisticated security attacks going on inside of corporate infrastructures. The startup delivers autonomous infrastructure-wide cyber kill chain tracking and response by leveraging the ‘Continuous Attack Graph’ to stop and remediate cyber threats in real-time deterministically. Confluera’s platform is designed to detect and prevent attackers from navigating infrastructure. Confluera technology combines machine comprehended threat detection with accurately tracked activity trails to stop cyberattacks in real-time, allowing companies to simplify security operations radically. It frees up human security personnel to focus on more important work instead of spending hours trying to join the dots between the thousands of alerts they receive daily, many of which are false positives. The following is a video that explains how Confluera XDR for Cloud Infrastructure works:

DataFleets – DataFleets is a privacy-preserving data engine that unifies distributed data for rapid access, agile analytics, and automated compliance. The platform provides data scientists and developers with a “data fleet” that allows them to create analytics, ML models, and applications on susceptible data sets without direct access to the data. Each data fleet has easy-to-use APIs, and under-the-hood, they ensure data protection using advances in federated computation, transfer learning, encryption, and differential privacy. DataFleets helps organizations overcome data privacy and innovation struggle by maintaining data protection standards for compliance while accelerating data science initiatives.

DefenseStorm – DefenseStorm’s unique approach to providing cybersecurity and cyber-compliance for the banking industry make them one of the top startups to watch in 2021. Their DefenseStorm GRID is the only co-managed, cloud-based and compliance-automated solution of its kind for the banking industry. It monitors everything on a bank’s network. It matches it to defined policies for real-time, complete and proactive cyber exposure readiness, keeping security teams and executives updated on bank networks’ real-time security status. The company’s Threat Ready Active Compliance (TRAC) Team augments its bank customers’ internal teams to protect business continuity and skills availability while ensuring cost-effective coverage and management.

Enso Security – Enso is an application security posture management (ASPM) platform startup known for the depth of its insights and expertise in cybersecurity. With Enso, software security groups can scale and gain control over application security programs to protect applications systematically. The Enso ASPM platform discovers application inventory, ownership, and risk to help security teams quickly build and enforce security policies and transform AppSec into an automated, systematic discipline.

Ethyca – Ethyca is an infrastructure platform that provides developers and product teams with the ability to ensure consumer data privacy throughout applications and services design. It also provides your product, engineering, and privacy teams with unmatched ease of use and functionality to better care about your user’s data. The company helps companies discover sensitive data and then provides a mechanism for customers to delete, see, or edit their data from the system. Ethyca’s mission is to increase trust in data-driven business by building automated data privacy infrastructure. Ethyca’s founder and CEO Cillian Kiernan is a fascinating person to speak with on the topics of privacy, security, GDPR, and CCPA compliance. He continues to set a quick pace of innovation in Ethyca, making this startup one of the most interesting in data privacy today. Here’s an interview he did earlier this year with France 24 English:

Havoc Shield – Havoc Shield reduces the burden on small and medium businesses (SMBs) by giving them access to advanced security technology that protects against data breaches, phishing, dark web activity, and other threats. The Havoc Shield platform offers comprehensive security and compliance features that meet the standards of Fortune 100 companies, making it easier for businesses working to win deals with those companies. “For a long time, cybersecurity technology has been virtually inaccessible to small businesses, who largely can’t afford those resources,” said Brian Fritton, CEO and co-founder of Havoc Shield. “We created Havoc Shield because we believe in democratizing cybersecurity for the little guy. Small businesses deserve the ability to protect what they’ve built, just as much as larger companies that have dedicated cybersecurity staff.” Since the end of Q2 2020, Havoc Shield has quadrupled its client list. In the coming months, the company aims to grow its team to help more small businesses protect themselves from threats and achieve customer trust.

Illumio – Widely considered the leader in micro-segmentation that prevents the spread of breaches inside data centers and cloud environments, Illumio is one of the most interesting cybersecurity startups to watch in 2021. Enterprises such as Morgan Stanley, BNP Paribas, Salesforce, and Oracle NetSuite use Illumio to reduce cyber risk and achieve regulatory compliance. The Illumio Adaptive Security Platform® uniquely protects critical information with real-time application dependency and vulnerability mapping coupled with micro-segmentation that works across any data center, public cloud, or hybrid cloud deployment on bare-metal, virtual machines, and containers. The following video explains why Illumio Core is a better approach to segmentation.

Immuta – Immuta was founded in 2015 based on a mission within the U.S. Intelligence Community to build a platform that accelerates self-service access to and control sensitive data. The Immuta Automated Data Governance platform creates trust across data engineering, security, legal, compliance, and business teams to ensure timely access to critical data with minimal risk while adhering to global data privacy regulations GDPR, CCPA, and HIPAA. Immuta’s automated, scalable, no-code approach makes it easy for users to access the data they need when they need it while protecting sensitive information and ensuring customer privacy. Selected by Fast Company as one of the World’s 50 Most Innovative Companies, Immuta is headquartered in Boston, MA, with offices in College Park, MD, and Columbus, OH.

Isovalent – Isovalent makes software that helps enterprises connect, monitor and secure mission-critical workloads in modern, cloud-native ways. Its flagship technology, Cilium, is the choice of leading global organizations, including Adobe, Capital One, Datadog, GitLab, and many more. Isovalent is headquartered in Mountain View, CA, and is backed by Andreessen Horowitz, Google and Cisco Investments. Earlier this month, Isovalent announced that it had raised $29 million in Series A funding, led by Andreessen Horowitz and Google with participation from Cisco Investments. Google recently selected Cilium as the next-generation dataplane for its GKE offering calling Cilium “the most mature eBPF implementation for Kubernetes out there” in its “New GKE Dataplane V2 increases security and visibility for containers” blog: https://cloud.google.com/blog/products/containers-kubernetes/bringing-ebpf-and-cilium-to-google-kubernetes-engine.

JupiterOne – JupiterOne, Inc. reduces cloud security cost and complexity, replacing guesswork with granular data about cyber assets and configurations. The company’s software helps security operations teams shorten the path to security and compliance and improve their overall posture through continuous data aggregation and relationship modeling across all assets. JupiterOne customers include Reddit, Databricks, HashiCorp, Addepar, Auth0, LifeOmic, and OhMD. Earlier this year, JupiterOne received $19 million in venture funding. The Series A round was led by Bain Capital Ventures, with additional investment from Rain Capital, LifeOmic, and individual investors. “JupiterOne has developed a compelling product that integrates quickly, has applicability across enterprise segments, and is highly reviewed by current customers,” said Enrique Salem, partner at Bain Capital Ventures and former CEO at Symantec. Salem now joins the JupiterOne board. “We see a multibillion-dollar market opportunity for this technology across mid-market and enterprise customers. Asset management is the first step in building a successful security program, and it’s currently a tedious, imperfect process that’s well-suited for automation.”

Lightspin – Lightspin is a pioneer in contextual cloud security protecting native, Kubernetes, and microservices from known and unknown risks and has recently announced a $4 million seed funding round on November 24^th. They will use the proceeds of the round to finance continued R&D on how to secure cloud infrastructures. The financing round was led by Ibex Investors LLC, the firm’s first global investment from its new $100 million early-stage fund, and also included participation from private angel investors. Lightspin’s technology uses graph-based tools and algorithms to provide rapid, in-depth visualizations of cloud stacks, analyze potential attack paths and detect the root causes, all of which are the most critical vulnerabilities that attackers can exploit.

Orca Security – Orca Security is noteworthy for its innovative approach to providing instant-on, workload-deep security for AWS, Azure, and GCP without the gaps in agents’ coverage and operational costs.Orca integrates cloud platforms as an interconnected web of assets, prioritizing risk based on environmental context. Delivered as SaaS, Orca Security’s patent-pending SideScanning™ technology reads cloud configuration and workloads’ runtime block storage out-of-band, detecting vulnerabilities, malware, misconfigurations, lateral movement risk, weak and leaked passwords, and unsecured PII.

SECURITI.ai – SECURITI.ai is an AI-Powered PrivacyOps company that helps automate all significant functions needed for privacy compliance on a single platform. It enables enterprises to grant individual and group rights to data and comply with global privacy regulations like CCPA and bolster their brands. They collect and manage consent from multiple sources, including web properties, web forms, and SaaS applications. Their AI-Powered PrivacyOps platform is a full-stack solution that operationalizes and simplifies privacy compliance using robotic automation and a natural language interface. SECURITI.ai was founded in November 2018 and is headquartered in San Jose, California.

SecureStack – SecureStack helps software developers find security & scalability gaps in their web applications and offers ways to fix those gaps without forcing them to become security experts. The results are faster time to business and a 60%-70% reduction in the app attack surface.

The SecureStack platform’s intelligent automation manages security controls across distributed infrastructures using rules and profiles customizable by customers. SecureStack is noteworthy for its analytics and logging expertise in helping enterprises scale applications across cloud infrastructures.

Stairwell – What makes Stairwell one of the top startups to watch in 2021 is its unique approach to cybersecurity built around a vision that all security teams should be able to determine what alerts are threat-related or not and why. Mike Wiacek, the founder of Google’s Threat Analysis Group and co-founder and former Chief Security Officer of Alphabet moonshot Chronicle, leads the company as its CEO and founder. Wiacek is joined by Jan Kang, former Chief Legal Officer at Chronicle, as COO and General Counsel. Stairwell is backed by Accel Venture Partners, Sequoia Capital, Gradient Ventures, and Allen & Company LLC.

Ubiq Security – What makes Ubiq Security one of the top cybersecurity startups to watch in 2021 is how rapidly their API-based developer platform is maturing while gaining traction in the market. Ubiq Security recently signed commercial agreements with the United States Army and the Department of Homeland Security. This month, the startup announced it had raised $6.4 million in a seed equity investment round. Okapi Venture Capital, an early investor in Crowdstrike, led the round with participation from TenOneTen Ventures, Cove Fund, DLA Piper Venture, Volta Global, and Alexandria Venture Investments. Ubiq will use the funds to accelerate platform development, developer relations, and customer acquisition.

Unit21 – Unit21 helps protect businesses against adversaries through a simple API and dashboard to detect and manage money laundering, fraud, and other sophisticated risks across multiple industries. Former Affirm and Shape Security employees Trisha Kothari and Clarence Chio founded Unit21 in 2018 and work with customers like Intuit, Coinbase, Gusto, and Line to create a powerful & customizable rules engine for risk and compliance teams. Unit21’s highly flexible, customizable, and intelligent cloud-based system provides a configurable engine for transaction monitoring, identity verification, case management, operations management, and analytics and reporting. On October 19^th of this year, Unit21 announced a $13 million funding round led by A.Capital Ventures. Additional participation includes investors such as Gradient Ventures (Google’s A.I. venture fund), Core V.C., South Park Commons, Diane Greene (founder of VMWare), William Hockey (founder of Plaid), Chris Britt and Ryan King (founders of Chime), Sumit Agarwal (founder of Shape Security), and Michael Vaughan (former COO of Venmo). Unit21 will use the new capital to grow its product and distribution-focused management team, increase sales and marketing efforts, and sell into new industries.

Mar 23

What Enterprises Need To Plan For In 2021 When It Comes To Endpoint Security

Bottom Line: Today’s largely-distributed enterprises need to make sure they are putting endpoint security first in 2021– which includes closely managing every stage of the device lifecycle, from deployment to decommission, and ensuring all sensitive data remains protected.

There’s a looming paradox facing nearly every organization today of how they’ll secure thousands of remote endpoints without having physical access to devices, and without disrupting worker productivity. Whether there’s the need to retire hardware as part of down-sizing or cost-cutting measures, or the need to equip virtual teams with newer equipment more suitable for long term work-from-home scenarios, this is one of the most pressing issues facing CISOs and CIOs today.

Wanting to learn more about how their customers are tackling their endpoint security challenges and how their companies are helping to solve it, I sat down (virtually) with Absolute Software’s President and CEO Christy Wyatt and Matthew Zielinski, President of North America Intelligent Devices Group at Lenovo. The following is my interview with both of them:

Louis Columbus: Christy and Matt, thanks so much for your time today. To get started, I would like each of you to share what you’re hearing from your customers regarding their plans to refresh laptops and other endpoint devices in 2021.

Christy Wyatt: We’re seeing a strong desire from organizations to ensure that every individual is digitally enabled, and has access to a screen. In some cases, that means refreshing the hardware they already have in the field, and in other cases, that means buying or adding devices. From the endpoint security standpoint, there’s been a shift in focus around which tools matter the most. When laptops were primarily being used on campus, there was a certain set of solutions to monitor those devices and ensure they remained secure. Now that 90% of devices are out of the building, an entirely different set of capabilities is required – and delivering those has been our focus.

Matt Zielinski: We are seeing historic levels of demand from consumers, as many are transitioning from having maybe one or two devices per household to at least one device per person. We’re also seeing the same levels of demand on both the education and enterprise side. The new dynamic of work-from-anywhere, learn-from-anywhere, collaborate-from-anywhere underscores that the device hardware and software need to be current in order to support both the productivity and security needs of hugely distributed workforces. That’s our highest priority.

Louis: Where are CISOs in their understanding, evaluation, and adoption of endpoint security technologies?

Christy: The journey has been different for the education market than for the enterprise market. Most enterprise organizations were already on the digital path, with some percentage of their population already working remotely. And because of this, they typically have a more complex security stack to manage; our data shows that the total number of unique applications and versions installed on enterprise devices is nearly 1.5 million. What they’ve seen is a trifecta of vulnerabilities: employees taking data home with them, accessing it on unsecured connections, and not being aware of how their devices are protected beyond the WiFi connection and the network traffic.

In the education space, the challenges – and the amount of complexity – are completely different; they’re managing just a small fraction of that total number of apps and versions. That said, as the pandemic unfolded, education was hit harder because they were not yet at a point where every individual was digitally connected. There was a lot of reliance on being on campus, or being in a classroom. So, schools had to tackle digital and mobile transformation at the same time – and to their credit, they made multiple years of progress in a matter of weeks or months. This rapid rate of change will have a profound effect on how schools approach technology deployments going forward.

Matt: Whether in enterprise or education, our customers are looking to protect three things: their assets, their data, and their users’ productivity. It’s a daunting mission. But, the simplest way to accomplish it is to recognize the main control point has changed. It’s no longer the server sitting behind the firewall of your company’s or school’s IT environment. The vulnerability of the endpoint is that the network is now in the user’s hands; the edge is now the primary attack surface. I think CISOs realize this, and they are asking the right questions… I just don’t know if everyone understands the magnitude or the scale of the challenge. Because the problem is so critical, though, people are taking the time to make the right decisions and identify all the various components needed to be successful.

Louis: It seems like completing a laptop refresh during the conditions of a pandemic could be especially challenging, given how entire IT teams are remote. What do you anticipate will be the most challenging aspects of completing a hardware refresh this year (2021)?

Matt: The PC has always been a critical device for productivity. But now, without access to that technology, you are completely paralyzed; you can’t collaborate, you can’t engage, you can’t connect. Lenovo has always been focused on pushing intelligent transformation as far as possible to get the best devices into the hands of our customers. Beyond designing and building the device, we have the ability to distribute asset tags and to provide a 24/7 help desk for our customers whether you’re a consumer, a school, or a large institution. We can also decommission those devices at the end, so we’re able to support the entire journey or lifecycle.

The question has really become, how do you deliver secure devices to the masses? And, we’re fully equipped to do that. For example, every Lenovo X1 Carbon laptop comes out of the box with Lenovo Security Assurance, which is actually powered by Absolute; it is in our hardware. Our customers can open a Lenovo PC, and know that it is completely secure, right out of the box. Every one of our laptops is fortified with Absolute’s Persistence technology and self-healing capabilities that live in the BIOS. It’s that unbreakable, secure connection that makes it possible for us to serve our customers throughout the entire lifecycle of device ownership.

Louis: Why are the legacy approaches to decommissioning assets falling short / failing today? How would you redesign IT asset-decommissioning approaches to make them more automated, less dependent on centralized IT teams?

Christy: There have been a few very visible cases over the past year of highly regulated organizations, experiencing vulnerabilities because of how they decommissioned – or did not properly decommission – their assets. But, I don’t want anyone to believe that that this is a problem that is unique to regulated industries, like financial services. The move to the cloud has given many organizations a false sense of security, and it seems that the more data running in the cloud, the more pronounced this false sense of security becomes. It’s a mistaken assumption to think that when hardware goes missing, the security problem is solved by shutting down password access and that all the data is protected because it is stored in the cloud. That’s just not true. When devices aren’t calling in anymore, it’s a major vulnerability – and the longer the device sits without being properly wiped or decommissioned, the greater the opportunity for bad actors to take advantage of those assets.

The other piece that should be top of mind is that once a device is decommissioned, it’s often sold. We want to ensure that nothing on that device gets passed on to the next owner, especially if it’s going to a service or leasing program. So, we’ve concentrated on making asset decommissioning as precise as possible and something that can be done at scale, anytime and anywhere.

Matt: Historically, reclaiming and decommissioning devices has required physical interaction. The pandemic has limited face-to-face encounters, so , we’re leveraging many different software solutions to give our customers the ability to wipe the device clean if they aren’t able to get the asset back in their possession, so that at least they know it is secure. Since we’re all now distributed, we’re looking at several different solutions that will help with decommissioning, several of which are promising and scale well given today’s constraints. Our goal is to provide our enterprise customers with decommissioning flexibility, from ten units to several thousand.

Louis: Paradoxically, having everyone remote has made the business case for improving endpoint security more compelling too. What do you hear from enterprises about accelerating digital transformation initiatives that include the latest-generation endpoint devices?

Christy: The same acceleration that I spoke about on the education side, we absolutely see on the enterprise side as well, and with rapid transformation comes increased complexity. There has been a lot of conversation about moving to Zero Trust, moving more services to the cloud and putting more controls on the endpoint – and not having these sort of layers in between. Our data tells us that the average enterprise device today has 96 unique applications, and at least 10 of them are security applications. That is a massive amount of complexity to manage. So, we don’t believe that adding more controls to the endpoint is the answer; we believe that what’s most important is knowing the security controls you have are actually working. And we need to help devices and applications become more intelligent, self-aware, and capable of fixing themselves. This concept of resiliency is the cornerstone of effective endpoint security, and a critical part of the shift to a more modern security architecture.

Matt: I think there are two major forcing functions: connection and security. Because we are all now remote, there’s a huge desire to feel connected to one another even though we aren’t sitting in the same room together. We’re modifying our products in real-time with the goal of removing shared pain points and optimizing for the new reality in which we’re all living and working. Things like microphone noise suppression and multiple far field microphones, so that if the dog barks or kids run into a room, the system will mute before you’ve even pressed the mute button. We’re improving camera technology from a processing standpoint to make things look better. Ultimately, our goal is to provide an immersive and connected experience.

Security, however, transcends specific features that deliver customer experiences – security is the experience. The features that make hardware more secure are those that lie beneath the operating system, in the firmware. That is why we have such a deep network of partners, including Absolute. Because you need to have a full ecosystem, and a program that takes advantage of all the best capabilities, in order to deliver the best security solution possible.

Louis: How is Absolute helping enterprise customers ensure greater endpoint security and resiliency in 2021 and beyond?

Christy: We spend a lot of time sitting with customers to understand their needs and how and where we can extend our endpoint security solutions to fit. We believe in taking a layered approach – which is the framework for defense in-depth, and an effective endpoint security strategy. The foundational piece, which we are able to deliver, is a permanent digital tether to every device; this is the lifeline. Not having an undeletable connection to every endpoint means you have a very large security gap, which must be closed fast. A layered, persistence-driven approach ensures our customers know their security controls are actually working and delivering business value. It enables our customers to pinpoint where a vulnerability is and take quick action to mitigate it.

Lenovo’s unique, high value-add approach to integrated security has both helped drive innovation at Absolute, while also providing Lenovo customers the strongest endpoint security possible. Their multilayer approach to their endpoint strategy capitalizes on Absolute’s many BIOS-level strengths to help their customers secure every endpoint they have. As our companies work together, we are both benefitting from a collaboration that seeks to strengthen and enrich all layers of endpoint security. Best of all, our shared customers are the benefactors of this collaboration and the results we are driving at the forefront of endpoint security.

Louis: How has the heightened focus on enterprise cybersecurity in general, and endpoint security specifically, influenced Lenovo’s product strategy in 2021 and beyond?

Matt: We have always been focused on our unique cybersecurity strengths from the device side and making sure we have all of the control points in manufacturing to ensure we build a secure platform. So, we’ve had to be open-minded about endpoint security, and diligent in envisioning how potential vulnerabilities and attack strategies can be thwarted before they impact our customers. Because of this mindset, we’re fortunate to have a very active partner community. We’re always scouring the earth for the next hot cybersecurity technology and potential partner with unique capabilities and the ability to scale with our model. This is a key reason we’ve standardized on Absolute for endpoint security, as it can accommodate a wide breadth of deployment scenarios. It’s a constant and very iterative process with a team of very smart people constantly looking at how we can excel at cybersecurity. It is this strategy that is driving us to fortify our Lenovo Security Assurance architecture over the long-term, while also seeking new ways of providing insights from existing and potentially new security applications.

Louis: What advice are you giving CISOs to strengthen endpoint security in 2021 and beyond?

Christy: One of our advisors is the former Global Head of Information Security at Citi Group, and former CISO of JP Morgan and Deutsche Bank. He talks a lot about his shared experiences of enabling business operations, while defending organizations from ever-evolving threats, and the question that more IT and security leaders need to be asking – which is, “Is it working?” Included in his expert opinion is that cybersecurity needs to be integral to business strategy – and endpoint security is essential for creating a broader secure ecosystem that can adapt as a company’s needs change.

I believe there needs to be more boardroom-level conversations around how compliance frameworks can be best used to achieve a balance between cybersecurity and business operations. A big part of that is identifying resiliency as a critical KPI for measuring the strength of endpoint controls.

Mar 21

The Pandemic Is Teaching Enterprises How To Mind The Cybersecurity Gap

30% of US and UK remote workers say their organizations don’t require them to use a secure access tool, including VPN, to log into corporate databases and systems, according to Ivanti’s 2021 Secure Consumer Cyber Report.
Plus, 25% of remote workers in the US and UK aren’t required to have specific security software running on their devices to access certain applications while working remotely.
And one in four US remote workers use their work email and passwords to log in to consumer websites and apps.

Cybersecurity gaps have continued to widen during the pandemic. A noteworthy survey by Ivanti illustrates exactly how remote workers are putting organizations at risk and where enterprise security is falling short, making those cybersecurity gaps challenging for CISOs to close. Ivanti’s 2021 Secure Consumer Cyber Report outlines the challenges that cybersecurity and IT teams have faced when securing remote workers in what’s being described as the “Everywhere Workplace.” Based on interviews with more than 2,000 US and UK respondents working from home in November 2020, the survey shows that authentication and endpoint security needs to improve across all devices that employees use.

IT Organizations Need Help Closing Their Cybersecurity Gaps

Of the many lessons learned from 2020, among the most valuable are how virtual workforces need self-diagnosing and self-remediating endpoints, while IT organizations need improved unified endpoint management (UEM) as part of a zero-trust strategy. Bad actors continue to target remote workers’ privileged access credentials to gain access and exfiltrate customer, financial and proprietary data, including intellectual property. Ivanti’s survey provides insights into where cybersecurity gaps need attention first:

The most challenging threat surface to protect is a person’s identity because it’s exposed across so many threat surfaces, including personal and work devices, consumer websites, and IoT devices in homes. The pandemic is proving identities are the new security perimeter. A person’s cell phone, personal tablet, and laptop is a real-time digital definition of a person’s identity. Nearly half (49%) of US remote workers use personal devices for their jobs, often without two-factor authentication enabled. The graphic below shows how organizations can close this cybersecurity gap by adopting UEM as part of their go-forward initiatives in 2021 and beyond:

Lack of consistent security software and password standards is a big contributor to US and UK organizations’ cybersecurity gaps today. One in four remote workers can access enterprise resources without any security software in place. An even more surprising finding is that 30% of remote workers in the US and UK can access corporate data without a secure access tool or VPN connection. If a remote worker’s identity is compromised, there’s a one in three chance that their organization will be breached, enabling cyberattackers to move laterally through the company’s systems:

Protecting remote workers’ identities & devices at scale requires Zero Trust. Automating as many tasks as possible while providing a continuous and seamless user experience is the surest way to close cybersecurity gaps. Getting rid of passwords and automating two-factor authentication using Zero Sign-On (ZSO), a core part of the Ivanti platform, is proving essential today. Zero Sign-On relies on proven biometrics, including Apple’s Face ID, as a secondary authentication factor to gain access to work email, unified communications and collaboration tools, and corporate-shared databases and resources. CISOs and their teams also need to consider how mobile threat defense can better secure personal devices against phishing, device, network, and malicious app threats. Late last year, MobileIron (now part of Ivanti) received its second mention in two years in the Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q3 2020. The Forrester Wave graphic is shown below:

In conclusion, enterprise cybersecurity gaps are widening due to a combination of risky consumer behavior and a lack of consistent security for mobile workforces. And these gaps will only increase as employees increasingly work from anywhere, using their personal devices to connect to corporate resources. To secure and enable the future of work, organizations need to start implementing and maturing an end-to-end zero trust security model today by leveraging new technologies and protecting their current security technology investments.

Mar 14

10 Ways Cybersecurity Can Protect COVID-19 Vaccine Supply Chains

The Pharma industry has lost $14 billion through Intellectual Property (IP) cyber theft worldwide, according to the United Kingdom Office of Cyber Security and Information Assurance.
53% of pharmaceutical IP thefts and related breaches are carried out by someone with insider access, also according to the United Kingdom Office of Cyber Security and Information Assurance.
The pharma industry’s average total cost of a data breach is $5.06 million, with one of the highest costs of remediating the breach at $10.81 million across all industries, according to a recent ProofPoint study.
Over 93% of healthcare organizations experienced a data breach in the past three years, and 57% have had more than five data breaches, according to the Cybersecurity Ventures 2020 Healthcare Cybersecurity Report.
Gartner predicts the privileged access management (PAM) market will grow at a compound annual growth rate (CAGR) of 10.7% from 2020 through 2024, reaching $2.9 billion by 2024.

Bottom Line: Having developed COVID-19 vaccines in a fraction of the time it takes to create new treatments, pharmaceutical companies need to protect the priceless IP, supporting data, and supply chains from cyberattacks.

Showing how powerful global collaboration between pharmaceutical industry leaders can be, the world’s leading vaccine producers delivered new vaccines in record time. The IP behind COVID-19 vaccines and their supporting supply chains need state-of-the-art protection comprised of cybersecurity technologies and systems, as the vaccines’ IP is an asset that cyber attackers have already tried to obtain.

Pharmaceutical’s Growing Number of Threat Surfaces Make Cybersecurity a Priority

In the race to create a COVID-19vaccine by collaborating across the industry, pharmaceutical companies have exposed more threat surfaces than existed before the pandemic. In R&D, Clinical Trials, Manufacturing, and Distribution, there’s a proliferation of new threat surfaces cyber attackers are targeting today, as evidenced by threat analysis reports from the U.S. Homeland Security Department’s Cybersecurity & Infrastructure Security Agency (CISA).

The report provides specifics about how cyber attackers could impersonate an executive from a Chinese biomedical company known for having end-to-end cold chain expertise, which is essential for delivering vaccines reliably. The cyber attackers conducted spear-phishing attacks against global companies who support the global cold chain needed for distributing vaccines. There were credential harvesting attempts against global organizations in at least six countries known today to access vaccine transport and distribution sensitive information.

Launching a phishing campaign with the goal of harvesting details on key executives and access credentials across the cold chain is just the beginning. According to Lookout’s Pharmaceutical Industry Threat Report, some of the most significant threat surfaces are the most problematic today, including the following:

Research & Development & Clinical Trials

Collaborative research teams across pharmaceutical manufacturers globally
Scientists creating initial compounds and completing primary research to define a vaccine.
Integration of study sites at the test device and reporting system level

Manufacturing and Distribution

Plant workers’ systems, including tablets with build instructions on them
Physician & Pharmacist Networks
Distribution Channels and their supporting IT systems

Cyber attackers are taking a more synchronized, multifaceted approach to attacking Covid-19 supply chains, reiterated in CISA’s report. There’s evidence that state-sponsored cyber attackers attempt to move laterally through networks and remain there in stealth, allowing them to conduct cyber espionage and collect additional confidential information from victim environments for future operations. Cyber attackers are initially focused on phishing, followed by malware distribution, registration of new Covid-specific domain names, and always looking for unprotected threat surfaces.

10 Ways Cybersecurity Can Protect COVID-19 Vaccine Supply Chains

By combining multiple cybersecurity best practices and strategies, pharmaceutical companies stand a better chance of protecting their valuable IP and vaccines. Presented below are ten ways the pharmaceutical industry needs to protect the COVID-19 vaccine supply chain today:

Prioritize Privileged Access Management (PAM) across the vaccine supply chain, ensuring least privilege access to sensitive data starting with IP. CISA’s note finds that there have been multiple attempts at capturing privileged credentials, which often have broad access privileges and are frequently left standing open. PAM is needed immediately to institute greater controls around these privileged accounts across the supply chain and only grant just enough just-in-time access to sensitive IP, shipping and logistics data, vaccination schedules, and more. Leaders include Centrify, which is noteworthy for cloud-based PAM implementations at the enterprise and supply chain levels. Additional vendors in this area include BeyondTrust, CyberArk, Ivanti, Thycotic, Ping Identity, and Senhasegura.
Assess every supplier’s security readiness in vaccine supply chains, defining minimum levels of compliance to security standards that include a single, unified security model across all companies. In creating a secured vaccine supply chain, it’s imperative to have every supplier network member on the same security model. Taking this step ensures accountability, greater clarity of roles and responsibilities, and a common definition of privileged roles and access privileges. Leaders in this area include BeyondTrust, Centrify, CyberArk, Ivanti, and Thycotic.
Taking a Zero Trust-based approach to secure every endpoint across the vaccine manufacturer’s R&D, Clinical Trials, Manufacturing, and Distribution networks is necessary to shut down cyber attackers taking advantage of legacy security weaknesses approaches. The pharmaceutical companies and myriad logistics providers see a much faster than the expected proliferation of endpoints today. Trusted and untrusted domains from legacy server operating systems are a time sink when it comes to securing endpoints – and proving unreliable despite the best efforts that Security Operations teams are putting into them. Worst of all, they leave vaccine supply chains vulnerable because they often take an outdated “trust but verify” cybersecurity approach. Leaders include Illumio, Ivanti (MobileIron), Cisco, Appgate, Palo Alto Networks, and Akamai Technologies.
Extend the Zero Trust framework across the entire supply chain by implementing microsegmentation and endpoint security requirements across all phases of the vaccine’s development cycles. This will ensure cyber attackers don’t have the opportunity to embed code to activate later. The goal is to push Zero Trust principles to all related processes integrating with the vaccines’ pipeline, including all dependencies across the entire development lifecycle.
Incorporating Multi-Factor Authentication (MFA) across every system in the vaccine supply chain is a given. Usernames and passwords alone are not enough, and MFA is low-hanging fruit to authenticate authorized users. MFA is based on two or more factors that can authenticate who you are based on something you know (passwords, PINs, code works), something you have (a smartphone, tokens devices that produce pins or pre-defined pins), or something you are (biometrics, facial recognition, fingerprints, iris, and face scans). For example, Google provides MFA as part of their account management to every account holder and has a thorough security check-up, which is useful for seeing how many times a given password has been reused.
Alleviate the conflicts of who will pay for increasing cybersecurity measures by making supplier-level security a separate line item in any CISOs and CIO’s budget. Today certain pharma supply chain CISOs are expected to ramp up cybersecurity programs with the same budget before Covid-19. While there are slight increases in cybersecurity budget levels, it’s often not enough to cover the higher costs of securing a broader scope of supply chain operations. CISOs need to have greater control over cybersecurity budgets to protect vaccine IP and distribution. Relying on traditional IT budgets controlled by CIOs isn’t working. There needs to be a new level of financial commitment to securing vaccine supply chains.
Consider using an AIOps platform adept at unifying diverse IT environments into a single, cohesive AI-based intelligence system that can identify anomalous network behavior in real-time and take action to avert breaches. Based on conversations with CIOs across the financial services industry, it is clear they’re leaning in the direction of AIOps platforms that provide real-time integration to cloud platforms combined with greater control over IT infrastructure. LogicMonitor’s prioritizing IT integration as a core strength of their platform shows, as they have over 2,000 integrations available out of the box. Relying on Collectors’ agentless system, LogicMonitor retrieves metrics such as cloud provider health and billing information. This collector then pulls metrics from different devices using various methods, including SNMP, WMI, perf Mon JMX, APIs, and scripts.
Unified Endpoint Security (UES) needs to become a standard across all vaccine supply chains now. Vendors who can rapidly process large amounts of data to detect previously unknown threats are needed today to stop cyberattacks from capturing IP, shipment data, and valuable logistics information. Absolute Software’s approach to leveraging its unique persistence, resilience, and intelligence capabilities is worth watching. Their approach delivers unified endpoint security by relying on their Endpoint Resilience platform, which includes a permanent digital tether to every enterprise’s endpoint. Absolute is enabling self-healing, greater visibility, and control by having an undeletable digital thread to every device. Based on conversations with their customers in Education and Healthcare, Absolute’s unique approach gives IT complete visibility into where every device is at all times and what each device configuration looks like in real-time.
Pharma supply chains need to have a strategy for achieving more consistent Unified Endpoint Management (UEM) across every device and threat surface of the vaccine supply chain. UEM’s many benefits, including streamlining continuous OS updates across multiple mobile platforms, enabling device management regardless of the connection, and having an architecture capable of supporting a wide range of devices and operating systems. Another major benefit enterprises mention is automating Internet-based patching, policy, configuration management. Ivanti is the global market leader in UEM, and their recent acquisition of Cherwell expands the reach of their Neurons platform, providing service and asset management from IT to lines of business and from every endpoint to the IoT edge. Neurons are Ivanti’s AI-based hyper-automation platform that connects Unified Endpoint Management, Security, and Enterprise Service Management. Ivanti is prioritizing its customers’ needs to autonomously self-heal and self-secure devices and self-service end-users.
Track-and-traceability is essential in any vaccine supply chain, making the idea of cyber-physical passports that include serialization for vaccine batches more realistic given how complex supply chains are today. Passports are an advanced labeling technology that provides the benefits of virtual tracking, verification of specific compounds, and yield rates of key materials. Serialization is a must-have for ensuring greater traceability across vaccine supply chains proving effective in stopping counterfeiting. Having digital passports traceable electronically can further help thwart cyber attackers.

Conclusion

By closing the cybersecurity gaps in vaccine supply chains, the world’s nations can find new, leaner, more efficient processes to distribute vaccines and protect their citizens. It’s evident from the results achieved so far in the U.S. alone that relying on traditional supply chains and means of distribution isn’t getting the job done fast enough, and cyber attackers are already looking to take advantage. By combining multiple cybersecurity tactics, techniques, and procedures, the vaccine supply chain stands to improve and be more secure from threats.

Feb 28

Securing Machine Identities Needs To Be A Top Cybersecurity Goal In 2021

Bottom Line: Bad actors quickly capitalize on the wide gaps in machine identity security, creating one of the most breachable threat surfaces today.

Why Machines Are the Most Challenging Threat Surface To Protect

Forrester’s recent webinar on the topic, How To Secure And Govern Non-Human Identities, estimates that machine identities (including bots, robots and IoT) are growing twice as fast as human identities on organizational networks. Forrester defines machine, or non-human, identities as robotic process automation (bots), robots (industrial, enterprise, medical, military) and IoT devices.

The webinar points out that one of the fastest-growing automation types is software bots, with 36% used in finance and accounting, 15% used in business line and 15% in IT. The webinar also points out that in 2019, there were 2.25 million robots in the global workforce, twice as many as in 2010 and 32% of global infrastructure decision-makers expect their firms to use robotic process automation (RPA) over the next 12 months.

According to the Forrester Consulting white paper, Securing The Enterprise With Machine Identity Protection, over 50% of organizations find it challenging to protect their machine identities today. Unprotected machine identities are making it easy for bad actors to take control of entire networks of devices. Bad actors rely on organizations’ bots to provide the cover they need to attack networks and devices, often undetected for months or years.

Forrester found that machine identities are left exposed to bad actors because organizations aren’t adopting the tools they need to create and manage a centralized Identity Access Management (IAM) strategy across all machines. This includes defining and enforcing policies, auditing each machine and endpoint and better integrating support across machines and monitoring systems.

Furthermore, by adopting a more modern Privileged Identity Management (PIM) approach, organizations could solve many of these challenges. Leading PIM solutions providers include Centrify, which has succeeded in adapting to the ephemeral nature of securing machine identities by delivering machine identity and credential authentication based on a centralized trust model.

The Forrester report’s bottom line is that machines are isolated, exposed and more vulnerable than any other endpoint on a network. The following graphic compares protection strategies and finds a majority of organizations struggling to deliver them:

Securing Machine Identities Needs To Be a Top Cybersecurity Goal In 2021

Machine Identities Are Networks’ Weakest Security Link

According to a Venafi study, machine identity attacks grew 400% between 2018 and 2019, increasing by over 700% between 2014 and 2019. Malware capable of compromising machine identities continues to gain momentum, doubling between 2018 and 2019 and growing 300% over the five years leading up to 2019. According to Kount’s 2020 Bot Landscape and Impact Report, 81% of enterprises are regularly dealing with malicious bots today and one in four say a single bot attack has cost them $500,000 or more. Furthermore, many organizations may not realize how many bots and machine identities they have – and bad actors capable of creating hundreds using automated scripting tools.

Forrester provided the following data points underscoring how vulnerable machines are to botnet and identity-based attacks today:

The 2017 Mirai botnet attack is a cautionary tale of the dangers of using default security credentials on machines and IoT devices. Using botnets to automate scans of vast blocks of IP addresses for potential telnet ports to log into, the Mirai botnets were programmed to rapidly try a series of basic usernames and passwords to gain access to IoT devices and machines. The Mirai botnets were successful, gaining control of thousands of machines and orchestrating them to deliver one of the largest DDOS attacks in history.
It’s common for enterprises to lose track of how many bots they’ve created, giving malicious actors the perfect cover to mask their movements. Instead of creating their bots, malicious actors look to disguise their movements across a network with a company’s bots. Forrester’s webinar mentioned how a large North American insurance provider deployed 400 software bots for customer-facing digital chatbots and processing claims, among other tasks.
There’s often no oversight of who has the rights to create and launch bots internally, leading to potentially thousands of bots without secured identities. One of the most troubling findings presented during the webinar is how loose the process is to create a bot – with no checks and balances in place or means of achieving consistent identity management.

How To Strengthen Machine Security

The more challenging any machine threat surface is to protect, the more opportunity it provides bad actors to breach them. A good place to start is by clarifying who owns keeping Transport Layer Security (TLS) and previous-generation Secured-Sockets Layer (SSL) client and server certificates, code signing certificates, Secure Shell (SSH) host and cryptographic keys so they are kept up to date. Letting those fall through the cracks will leave thousands of machines exposed and exploitable on networks.

Prioritizing machine identities and securing machine credentials is a must-have in 2021, as botnet attacks are quickly increasing due to bad actors’ being able to spin up thousands of them in days. The following are key steps to get started:

Taking a Zero Trust approach to managing every machine identity authentication on a network now could save thousands of hours and dollars in the future. Taking a least privilege access approach to managing machines now will pay off in the future, as the workloads of machines and non-human entities continue to grow more complex. The Forrester webinar expands on this point by explaining how new, more complex inter-machine relationships are evolving quicker than legacy approaches to endpoint governance and security can keep up.
Privileged access controls need to be more adaptive, secure and scalable than many organizations’ static-based approaches to securing machines are today. Forrester recommends replacing long-standing hardcoded credentials with session-based ones assigned via API calls from a vault. Machines are being used 24/7 and have access patterns completely different from humans using the network, making dynamically-assigned, ephemeral credentials even more important to protect a network. Privileged Identity Management (PIM) proves effective at providing privileged access controls for machine identities, with Forrester mentioning Centrify, HashiCorp and others as leaders in this area. Centrify’s approach is noteworthy in enrolling machines with its platform via a client to establish a trust relationship, so applications running on that machine can also be authenticated using a short-lived, scoped token.
Monitoring more machines on a network often leads to a transition from legacy to integrated log monitoring systems that can capture, analyze and report anomalous activity across a network. Log Monitoring systems are proving invaluable in identifying machine endpoint configuration and performance anomalies in real-time. AIOps is proving effective in identifying anomalies and performance event correlations in real-time, contributing to greater business continuity. One of the leaders in this area is LogicMonitor, whose AIOps-enabled infrastructure monitoring and observability platform have proven successful in troubleshooting infrastructure problems and ensuring business continuity.
Perform periodic audits to track all bots and machines in use across an organization, using Microsoft Active Directory to inventory and manage all of them. One of the most valuable take-aways from the Forrester webinar is the need to manage machine identities and their credentials centrally. Forrester mentions Microsoft Active Directory as one option. The companies providing services in this area include Centrify, which pioneered Active Directory bridging to authenticate human and machine identities based on a centralized model from a single identity repository.

Conclusion

Machines, or as Forrester calls them in their webinar, non-human identities require more precise, adaptive and ephemeral identity structures and access controls. CISOs and CIOs need to take greater ownership of machine identity authentication and provide Identity Access Management (IAM) and Privileged Access Management (PAM) down to the bot and non-human identity level. With the exponential growth of malicious bots tracking machine identities, now is the time to place machine identities among the highest priority of any cybersecurity strategy in 2021.

Jan 4

Dissecting The SolarWinds Hack For Greater Insights With A Cybersecurity Evangelist

Bottom Line: Cyberattacks enter a new era of lethal impact when threat actors are sophisticated enough to compromise SolarWind’s software supply chain with infected binary code while mimicking legitimate protocol traffic to avoid detection.

To gain greater insights into the SolarWinds breach, its implications on cybersecurity strategy in the future and what steps enterprises need to take today, I contacted Andy Smith, Cybersecurity Evangelist and an industry expert with Centrify. He explained the attack’s specifics, referencing the Cybersecurity and Infrastructure Security Agency’s (CISA) Alert AA20-352A, which details how sophisticated the attack is, citing the sobering fact that it is unknown if all attack vectors are identified. Active since at least March 2020, the advanced persistent threat (APT) has been identified by FireEye, SolarWinds, Microsoft and several other cybersecurity firms.

SolarWinds’ Security Advisory lists 18 known products that have been affected by the attack, including their Application Centric Monitor (ACM), Server Configuration Monitor (SCM) and Network Performance Monitor (NPM). Earlier this month, SolarWinds says the malicious code may have been delivered to nearly 18,000 customers.

Insights Into The SolarWinds Hack

Interested in dissecting the hack from a cybersecurity standpoint, I spent some time investigating the SolarWinds hack with Andy, a leading authority on Identity and Access Management (IAM), particularly around securing and managing privileged access credentials. The following is my interview with Andy:

Louis: There have been large-scale breaches before; why is this particular cybersecurity attack getting so much attention? Why is it so enormous?

Andy: What’s interesting about this particular attack is a couple of things. It follows a very traditional cyber-attack kill chain as many attacks, but the start of this one is impressive. Usually, there’s a vulnerability that allows threat actors to get into the network. What’s unique about this is the initial vulnerability is in vendor software, so it’s often now being referred to as a supply chain hack because the vulnerability was embedded as code.

The exposure to federal agencies and the attackers’ focus going after emails is especially troubling. It appears like it’s a nation/state-related incident that always heightens the exposure and is another reason it’s so large in scale. Some tools that FireEye uses for Red Team evaluation of people’s networks got exposed, so now those tools are in the hands of threat actors to do nefarious activities with them.

That’s one aspect of this hack that makes it remarkable, as sophisticated tools from FireEye are in nefarious actors’ hands. That’s one reason it’s enormous: you just gave something that was being used for good to threat actors intent on gathering as much intelligence across a supply chain of customers as they can.

Louis: How are the cyber-attack methods used in the SolarWinds hack particularly unique?

Andy: It follows a very common cyber-attack kill chain we’ve seen at Centrify for years. We ran the Anatomy of a Hack webinar earlier this year and it always starts with that initial vulnerability and getting in. What’s unique was this case is that the initial vulnerability wasn’t just, “Hey, I phished somebody’s password and logged in.” It was a vulnerability in the software build process for SolarWinds. So that’s a bit unique about how that initial vulnerability was there.

Still, once the attackers are in, the breach starts to look very traditional in the sense that they settle in, sit there for a while, scan the network, move laterally in that environment and hunt for privileged access.

All those things happened precisely by the people who investigated and then you find the data you’re going after. In some cases, it’s been software, as is the case with FireEye, or email servers, as is the case with government agencies. Attackers are patient and they wait to extract the data and then cover their tracks.

Louis: You and many others are an advocate of a layered approach to security. What is that and how would it have helped in the SolarWinds case?

Andy: For me, the biggest takeaway of this hack is that a layered approach to security is the way to go in the future in light of this hack’s sophistication. There’s no silver bullet to stop a hack this sophisticated, though. No one strategy or approach could have prevented it.

When you investigate this attack, it is pretty sophisticated and has multiple vectors to it and one has to assume there will be certain threat vectors compromised. That initial vulnerability will be there and you need those layers of security to prevent it, so you need to look at preventive controls, predictive controls and detective controls. All those need to be combined into a single, unified strategy.

For every organization looking at this hack and considering how future attacks of this sophistication will impact them, it’s a good idea to use this event as a way to get your board and executives thinking about a more resilient, hardened multilayer approach and not relying on a single solution to protect you. I see organizations using this opportunity to evaluate how a layered approach will work for their projects when it might not have been feasible to fund in the past.

It’s an extreme attack that shows how vulnerable the exposures are out there. It’s a good time to shore up your defenses. The Federal Information Processing Standard 200, or FIPS 200, the standard offers excellent guidance, including discussing the different types of layers and controls available today. Minimum Security Requirements for Federal Information and Information Systems defines the minimum security controls for federal information systems and the processes by which risk-based selection of security controls occurs.

If you dig into the National Institute of Standards and Technology (NIST) Special Publication 800-53, that gets a little deeper into the particular cyber controls you have in place. There is guidance available. You’re not out there on your own about what the layers should be and you can evaluate yourself against these standards.

Louis: What are some layers specific to privileged access management? Are there any particular PAM best practices that enterprises should be thinking about right now?

Andy: Absolutely and I’ll start with Privileged Access Management (PAM), which is one of the core layers. Investigations into this hack found specific evidence where they got in and created new accounts with elevated privileges to access data. It’s all over this.

We typically state the Forrester stat that 80% of hacks involve compromised privileged access. This SolarWinds example is no exception: that’s what happened.

Additional points to keep in mind include the following:

Before our interview, we talked about how vulnerable passwords are and how using the company’s name, followed by 123, is not a good idea – that ties into going pro with preventive controls rather than just relying on a password. That’s a perfect example of what not to do. Organizations can design preventive privileged access controls and detective controls and both are typically provided in Privileged Access Management solutions. Best practices call for multiple preventive controls – strong passwords, multi-factor authentication, password rotation, maybe use a federated credential and have privileged users log in as themselves for better auditing and accountability.
Rethink enterprise cybersecurity from a preventive control perspective that includes least privileged access. Simplistic preventive controls aren’t enough, as the sophistication of this hack shows. Preventive controls need to be strengthened with least privilege. The account creation process needs to provide as little privilege as possible to the server level. Workflows to request additional access need to be used to provide resources for a predefined period. If these types of controls had been in place, malicious code disguised in executable files and dynamic linked libraries would not have traveled as far down the supply chain.
Lastly, even if threat actors get through or you don’t have enough of those layers in place, you want detective controls. PAM solutions should have audit capabilities that watch what privileged users do. In the financial markets, there are things like the “four-eye principle,” where people are watching what other people are doing and so you can watch a privileged session in real-time and verify what users are doing. Of course, all that’s audited in the recording. You can send that information off to a SIEM to be correlated with other data to look for compromise indicators. Recent articles I’ve read pointed out the attackers were in the FireEye network for months before being detected. FireEye detected that they had been attacked thanks to detective controls.

Louis: The SolarWinds attack seems to have rejuvenated the case for Zero Trust. How can companies adopt a Zero Trust mindset and take stock of their security layers today?

Andy: Definitely and I see organizations accelerate their Zero Trust initiatives today. Organizations can get started on their Zero Trust frameworks by reviewing the FIPS and NIST publications. Review the layers of your security stack with a Zero Trust mindset. Don’t configure your network to trust someone just because they gained access. That’s how these attackers got in, laying in the network for plenty of time. Zero Trust says, “Don’t trust that authenticated network access. That could still be a compromised credential or a threat actor,” and this is a perfect example of that. This is why Zero Trust is critical: just because they’re on your network doesn’t mean they’re trustworthy.

The concept of least privilege, of authenticating at each step, introduces segmentation. When I give access, it’s just to that machine or that service that I need access to and not broad access across the network a network segment. That’s how you prevent that lateral movement. A Zero Trust mindset that Zero Trust philosophy of security is critical in this case.

Louis: What do you think will happen from the perspective of micro-segmentation and how does this hack change the balance of security relative to ongoing operations of a business?

Andy: I think it’s another evidence of our current breach culture and brings forth more awareness. More and more, events like this will make cybersecurity a higher priority in an organization – one essential to excel at to keep a business operating. So from that perspective, it is a business enabler.

If you do it right, you can start to do things like moving to the cloud and start to do things that make you more agile. The more we can think of security as a business enabler instead of a business blocker, the better we are. Taking the lessons learned from this hack and using them to create a more resilient, hardened organization is a start.

Conclusion

80% of hacks involve the use of compromised privileged credentials and this one is no exception. An important layer of control is Privileged Access Management (PAM) solutions such as Centrify, which typically involve predictive, preventive and detective controls.

In the end, it is security layers and vigilance that make the difference in minimizing the impact of a breach. NIST’s guidance can be constructive in cybersecurity planning, which can also be informed by Zero Trust’s principles. Remember, it’s not a question of if you will be hacked. It’s a matter of when and what you can do to limit the impact through layers.

Researching the intersection of AI, machine learning and cybersecurity in the enterprise

Posts tagged ‘Zero Trust Security’

Roundup of agentic AI forecasts and market estimates, 2026

Key takeaways

Like this:

Gartner forecasts agentic AI will overtake chatbot spending by 2027

The full market breakdown

Infrastructure takes 54% of every AI dollar

The agentic crossover nobody is planning for

AI cybersecurity is two markets, not one

Shadow AI is not just employees using ChatGPT

The smallest market with the biggest growth rate

Indirect services are the governance blind spot

Servers are a bigger market than AI software

The enterprise agentic stack is showing up in spending data

The numbers that belong in your next board deck

Where I think this lands

Like this:

Deloitte shares latest research into adversarial AI, ransomware in new report

Ransomware attackers specialize in making chaos pay

Adversarial AI’s growing tradecraft

Preventing a ransomware attack

Like this:

The Top 20 Cybersecurity Startups To Watch In 2021

Like this:

What Enterprises Need To Plan For In 2021 When It Comes To Endpoint Security

Like this:

The Pandemic Is Teaching Enterprises How To Mind The Cybersecurity Gap

Like this:

10 Ways Cybersecurity Can Protect COVID-19 Vaccine Supply Chains

Like this:

Securing Machine Identities Needs To Be A Top Cybersecurity Goal In 2021

Like this:

Dissecting The SolarWinds Hack For Greater Insights With A Cybersecurity Evangelist

Like this:

Email Subscription

Top Posts

This Blog’s Purpose

Categories

Search

Researching the intersection of AI, machine learning and cybersecurity in the enterprise

Posts tagged ‘Zero Trust Security’

Key takeaways

Share this:

Like this:

The full market breakdown

Infrastructure takes 54% of every AI dollar

The agentic crossover nobody is planning for

AI cybersecurity is two markets, not one

Shadow AI is not just employees using ChatGPT

The smallest market with the biggest growth rate

Indirect services are the governance blind spot

Servers are a bigger market than AI software

The enterprise agentic stack is showing up in spending data

The numbers that belong in your next board deck

Where I think this lands

Share this:

Like this:

The spending backdrop: $244 billion and accelerating

Trend 1: Agentic AI demands cybersecurity oversight

Trend 2: Global regulatory volatility drives cyber resilience efforts

Trend 3: Post-quantum computing moves into action plans

Trend 4: Identity and access management adapts to AI agents

Trend 5: AI-driven SOC solutions destabilize operational norms

Trend 6: GenAI breaks traditional cybersecurity awareness tactics

Total market trajectory: $173.5 billion to $323.5 billion

What this means for CISOs

Share this:

Like this:

Ransomware attackers specialize in making chaos pay

Adversarial AI’s growing tradecraft

Preventing a ransomware attack

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Email Subscription

Top Posts

This Blog’s Purpose

Categories

Search