It’s easy to focus on technology when talking about cybersecurity. However, the best prevention measures rely on the education of those who use technology. Organizations training their employees is the first step. But the industry needs to expand the concept of a culture of cybersecurity and take it from where it currently stands as an organizational responsibility to a global perspective.

When every person who uses technology — for work, personal use and school — views cybersecurity as their responsibility, it becomes much harder for cyber criminals to successfully launch attacks. Achieving this goal starts with taking precautions to reduce personal risk through securing devices and data. However, each of us also needs to recognize and report all potential cyber threats we run across.

A global culture of cybersecurity is only possible when corporate organizations, nonprofits and universities all work to spread the message and include outreach in their mission. Here are four ways to take cybersecurity into the community to help create a global culture of cybersecurity:

1. Launch a mentorship initiative

A key element of a global culture of cybersecurity is making sure the industry has a pipeline of diverse and skilled professionals. Because cybersecurity offers non-traditional career pathways, including badging and certifications, job seekers often struggle to determine the best route. When cybersecurity professionals provide support to those who are interested in joining our ranks, we can remove barriers to new cybersecurity professionals entering the field.

For example, the nonprofit Women in Cybersecurity offers a formal nine-month mentorship program that helps members strengthen their skills in areas such as influence, negotiation, leadership, work/life harmony and communication. In 2021, the program matched 1,115 mentees from entry-level to senior level with experienced mentors to help them navigate their journey.

Organizations launching mentorship programs should start by determining their target audiences, such as underserved communities, university students or entry-level professionals. Next, they should determine the framework for the program, including creating a curriculum for mentors, determining how to recruit mentors and matching mentors with mentees. After launching the initiative, it’s important to monitor the program and make changes based on feedback provided by participants.

Build your cybersecurity skills

2. Focus on the next generation

Reaching out to students, especially those in high school and middle school, is a great way to help fill the professional pipeline by targeting young people who are making future career decisions. At the same time, members of this demographic are heavy users of technology and can help spread the education they receive to their families and peers. Iowa State University’s Center for Cybersecurity Innovation & Outreach (CyIO) offers several programs for high schoolers. Since 2007, CyIO has sponsored Innovate-IT clubs, which focus on either game design or cyber defense, at Iowa high schools. The Iowa Cyber Hub also hosts the Youth Cyber Summit every October, which provides activities such as a Capture the Flag challenge, interactive security demos, discussions about career pathways and panel discussions regarding cybersecurity careers.

Organizations looking to nurture the next generation should start by determining their key message and goals, such as educating or encouraging kids to become cybersecurity professionals. Next, decide how to get the message across to the right audience, such as clubs or events. Then, partner with schools or nonprofits that focus on kids to create the programming and get the word out.

3. Look for ways to add humor and fun

Instead of presenting lectures and offering dry information, look for fun ways to get your message out to the community. Balancing humor with information encourages people to pay attention and, most importantly, remember your message. Start with the core message you want to communicate, and then identify your specific target audience. Next, brainstorm ways that will appeal to your audience so you can get your message across while captivating their attention. Be sure to test out your idea with several people in your target audience before going live to make sure you are hitting the mark.

Videos are a great method of reaching people in a lighthearted way. In honor of Cybersecurity Month, Iowa State University created a catchy video called Cyber House Rock!, which encourages people to “encrypt your data, make passwords strong, to keep away all the malware, spam and email scams.” BuzzFeed’s Internet Privacy Prank uses the “show, not tell” approach to help people see how easy it is for cyber criminals to find their information.

Events are also a great way to add humor and fun. Princeton’s cybersecurity team got decked out for its “War Games” showing with an 80s dress-up night. After the show was over, attendees talked about what had changed in terms of information security since the movie was released in 1983. At other events, the team adds fun by bringing a Wheel of Fortune so people can spin it to win prizes while learning about cybersecurity.

4. Create an ambassador program to help friends and families

While mentorships help future and current professionals, Iowa State helps fill a big educational void. The Cybersecurity Ambassador Program, offered through the Iowa Cyber Hub, empowers Iowans by reaching out to businesses, communities, schools, friends and families. The Ambassadors provide the knowledge and tools to help others safely navigate the internet, such as avoiding scams, bullying and privacy breaches.

Focusing on helping residents and students as well as businesses, organizations can use these types of programs to provide education that is often overlooked. Launching an ambassador program is similar to the process of creating a mentorship program, but organizations need to focus on how to reach people who are most in need, such as retired adults and teenagers. Ambassador programs can also offer events to the community on specific topics, like keeping your data private and what to do if your computer is attacked by ransomware.

While it’s easy for organizations to focus on reducing their own vulnerabilities, the digital world is safer when everyone is educated and engaged about cybersecurity. By actively working to achieve this culture, organizations, nonprofits and universities can make big strides to make the internet and technology safer for all.

The post 4 ways to bring cybersecurity into your community appeared first on Security Intelligence.

2024 continued the trend of ransomware attacks in the education sector making headlines. The year opened with Freehold Township School District in New Jersey canceling classes due to a ransomware attack. Students at New Mexico Highlands University missed classes for several days while employees experienced disruption of their paychecks after a ransomware attack. The attack on the Alabama Department of Education served as a reminder that all school systems are vulnerable.

Ransomware attacks in education decreasing

The year closes with some positive news about ransomware in the education sector. Sophos State of Ransomware in Education 2024 found that ransomware attacks on educational institutions decreased in 2024. Attacks on higher-education institutions dropped from 79% reporting attacks in 2023 to 66% in 2024. Lower education saw a similar decrease, from 80% in 2023 to 63% in 2024. However, the attack rates for both are still higher than the global cross-sector average of 59%.

Ransomware affects education quality

Not surprisingly, a recent study also found that students are impacted by ransomware attacks on the education sector. A study from Action1 found that the majority (64%) of education IT workers report that ransomware impacts education quality. Researchers found the reasons for the attacks are multifold, including that 44% devote only 10% of their IT budget to cybersecurity and the majority of schools (78%) do not employ cybersecurity specialists.

In an NPR article, Noelle Ellerson Ng with the School Superintendents Association said that the reason for targeting the education sector is that schools are often low-hanging fruit. Additionally, she points to the fact that school systems, which collect a lot of valuable data from both students and employees, often are the largest employers in a community.

“That makes it very, very ripe,” says Ng. “And then you layer on the fact that [the data] is so sensitive and so longitudinal and so personal, and there’s a huge vulnerability.”

Read the Cost of a Data Breach Report

Reducing cyber risks in the education sector

Even with the decline, schools should continue to focus on reducing their vulnerabilities.

Here are some ways schools can reduce ransomware risk:

• Install antivirus and anti-malware software on all devices. Be sure to also include tablets and phones. Make sure that updates and patches are installed on a timely basis.
• Provide training to all employees and students. Teach good cybersecurity practices, including choosing strong passwords and how to avoid being a victim of phishing. Continually send reminders on not clicking on unknown links or downloading suspicious files.
• Install filtering software. By filtering out potentially malicious links and files, you can reduce the chance of students or employees falling victim to a phishing scheme.
• Use multi-factor authentication (MFA). Because ransomware attacks can start with unauthorized access, educational organizations should take extra steps to ensure that every user who logs in is who they claim to be. With MFA, users must use email, text or token in addition to a password, adding an extra layer of security.

Recovery costs have increased

While the decrease in attacks was positive, Sophos’ report found a troubling trend — the recovery costs have more than doubled for ransomware attacks in education. Lower-education organizations reported a mean cost of $3.76 million to recover from a ransomware attack in 2024, compared to $1.59 million. Researchers found the increase even higher in higher education, more than four times higher from 2023 to 2024 ($1.06 million to $4.02 million).

Here are ways to reduce recovery costs:

• Back up your data. In addition to backing up data in real-time, educational institutions should take precautions to secure the backups, such as by using air-gapped backups as well as immutable backups that cannot be erased. Sophos found that costs for lower-education institutions whose backups were compromised were five times higher ($3 million versus $562,500) than those who had a backup to revert to.
• Segment the network. When a ransomware attack happens on a segmented network, cyber criminals can encrypt only the portion of the network that they accessed. By reducing the amount of data breached and the systems impacted, schools can significantly reduce recovery time and costs.
• Create an incident response plan. Often, the recovery is extended due to schools not containing the ransomware quickly enough. Additionally, business disruption also adds to the recovery time. With an incident response plan, employees know exactly what to do when a ransomware attack occurs by including the four fundamentals of a response plan — planning, detection, recovery and post-incident actions.

Propensity for paying ransom has increased

Recovery costs are also increasing due to the changes in the ransom payment patterns and amounts. When an educational organization pays the ransom to gain access to their data, that exponentially increases the recovery costs.

The Sophos Report found that the decision to pay the ransom has increased in both higher and lower education. In 2023, 56% of educational organizations attacked by ransomware paid the ransom, compared with 67% in 2024. The number of higher-education institutions paying the ransom also increased from 47% to 62%.

Additionally, the amount of the ransom has increased, which also adds to the rising recovery costs. The average ransom in lower education was $3.9 million, with 44% of demands of more than $5 million. Higher education demands also increased to $4.4 million. Ransoms in critical infrastructure sectors, such as education, tend to be higher due to the urgency of restoring operations as well as the sensitive nature of the data. Additionally, cyber criminals increasingly use double extortion, demanding a ransom to unencrypt the data and then a second ransom to not make the data public, which increases recovery costs.

The future of ransomware attacks in education

While the decrease in attacks is positive, educational organizations must pay attention to the rising recovery costs. Because every dollar spent in education towards recovering from an attack means money is not available for learning, the costs of ransomware recovery are even more impactful than other sectors. By proactively taking steps to both reduce risks and reduce recovery costs, educational organizations can keep their focus on what matters most — educating students.

The post Reducing ransomware recovery costs in education appeared first on Security Intelligence.

Have you ever wished you had an assistant at your security operations centers (SOCs) — especially one who never calls in sick, has a bad day or takes a long lunch? Your wish may come true soon. Not surprisingly, AI-driven SOC “co-pilots” are topping the lists for cybersecurity predictions in 2025, which often describe these tools as game-changers.

“AI-driven SOC co-pilots will make a significant impact in 2025, helping security teams prioritize threats and turn overwhelming amounts of data into actionable intelligence,” says Brian Linder, Cybersecurity Evangelist at Check Point. “It’s a game-changer for SOC efficiency.”

What is an AI-driven SOC co-pilot?

AI-driven SOC co-pilots are generative AI tools that use machine learning to help security analysts run and manage the SOC. Common co-pilot tasks include detecting threats, managing incidents, triaging alerts, predicting new trends and patterns for attacks and breaches and automating responses to threats. Co-pilots may be proprietary tools built by the company for their specific needs or commercially available cybersecurity co-pilots such as Microsoft Copilot.

For example, a co-pilot can review alerts and use AI to predict which are most likely to be a high priority. This reduces a common issue in SOCs: false positives. The analysts can then focus on the alerts that are most likely to be a real threat. Because they are not chasing down noncritical alerts, analysts have more time to spend on actual threats and are more likely to be successful in containing the threat.

Co-pilots can take many different forms in a SOC. Analysts can use the co-pilot similarly to how many people use ChatGPT, assigning it a specific task such as incident response. The analyst enters information about a specific incident, and the co-pilot analyzes data to suggest possible causes as well as how the organizations should respond to the incident. However, you can also use co-pilots to automate parts of the workflow without human intervention, such as monitoring current firewalls and detecting vulnerabilities.

Explore AI cybersecurity solutions

Benefits of using AI-driven SOC co-pilots

Businesses that turn to AI-driven co-pilots to help manage their SOC see a wide range of benefits. Common benefits include:

• Improved productivity: Because it can process a much higher volume of data than even the most efficient cybersecurity analyst, a co-pilot gets significantly more work done in less time. With humans and machines working together, co-pilots are able to more effectively monitor the SOC with fewer human resources.
• Additional time for cybersecurity professionals to complete high-level tasks: When co-pilots handle manual and repetitive tasks, analysts have more time for higher-level tasks such as strategy and analytics. Analysts are more likely to be fully engaged when their day is filled with more interesting work, which reduces burnout.
• Fewer errors: Humans make mistakes, especially with manual tasks such as reviewing logs. While AI tools are only as “smart” as the algorithm and the training data used for the algorithm, they are often able to spot patterns that may be undetectable to humans. This reduces errors and prevents issues that can lead to a breach or attack.
• Quicker response to threats: Whereas humans may not recognize an area of vulnerability or may be slower to respond, a co-pilot uses automation to respond and send a notification immediately. Co-pilots also don’t take bathroom or lunch breaks; they are always “at their desk,” leading to faster response times.
• Reduced impact of worker shortage and skills gaps: When cybersecurity positions are not filled or the analyst does not have the right skills for the job, the company’s risk increases. AI-driven co-pilots can help reduce open positions by taking on various manual tasks, which means greater coverage by the SOC.

Will AI-driven SOC co-pilots replace humans?

Like many AI tools, co-pilots can take over many manual and repetitive tasks currently done by humans. However, the fear of AI replacing the need for humans in the SOC is not likely to become reality. Setting up co-pilots to operate without human oversight or intervention would likely be a mistake. But businesses that have analysts and co-pilots work together can see a reduction in risk, better responses and higher employee satisfaction.

While co-pilots can be the first line of defense in the SOC, companies should set up gen AI tools so that humans remain the ultimate decision-makers. For example, an analyst may set up an automation with an AI-driven co-pilot to monitor and prioritize alerts based on set criteria. Yet, as threat actors begin using new tactics, the analyst may need to change the criteria to catch the latest threats. Once the co-pilot identifies a high-priority alert, the human can ask the tool to analyze the situation and provide recommended next steps. The analyst then uses human judgment to make the best decisions in the situation and instructs the tool to take the next action, such as shutting down systems or taking the network temporarily offline.

Putting AI-driven co-pilots into action in the SOC

When it comes to putting co-pilots in action, consider starting on a small scale with a limited use case. Many organizations use a commercial product to start, leaving open the option to create a proprietary tool in the future. Creating a list of time-consuming tasks in the SOC, especially those that are error-prone or frustrating for analysts, will help you determine which use case to start with. After launching the tool, a single analyst can gather feedback and make changes.

Upon seeing success, your team can begin expanding the use of co-pilots to additional analysts and use cases. By taking a measured approach to using co-pilots and continuously soliciting feedback from the analysts, businesses can create a partnership between analysts and co-pilots that improves human job satisfaction while also keeping the organization more secure.

The post How AI-driven SOC co-pilots will change security center operations appeared first on Security Intelligence.

As organizations increasingly measure environmental impact towards their sustainability goals, many are focusing on their data centers.

KPMG found that the majority of the top 100 companies measure and report on their sustainability efforts. Because data centers consume a large amount of energy, Gartner predicts that by 2027, three in four organizations will have implemented a data center sustainability program, which often includes implementing a green data center.

“Responsibilities for sustainability are increasingly being passed down from CIOs to infrastructure and operations (I&O) leaders to improve IT’s environmental performance, particularly around data centers,” said Autumn Stanish, Senior Principal Analyst at Gartner. “This has led many down the path of greater spending and investment in environmental solutions, but environmental impact shouldn’t be the only focus. Sustainability can also have a significant positive impact on non-environmental factors, such as brand, innovation, resilience and attracting talent.”

Organizations increasingly building green data centers

The International Energy Agency (IEA) found data centers account for 1 to 1.5 percent of global electricity consumption. Reducing energy consumption is often a top priority when designing and building a green data center. Because AI uses more computing power than traditional methods, data centers are increasingly using more energy, which is only predicted to increase as use cases for AI continue to expand.

The term green data center does not refer to a single technology, but instead a strategic approach designed to more efficiently use resources that starts at the very beginning of the process. Every decision regarding processes, environment and technology is made with sustainability as a top priority. For example, green data centers often use a smaller physical space and typically use low-emission materials in construction.

However, green data centers add new cybersecurity risks as well as increase known risks. Organizations must keep cybersecurity at the center of each green data center decision.

Here are five green data center trends to consider in terms of cybersecurity when designing and implementing a green data center.

1. Advanced cooling technologies

Many green data centers reduce their reliance on traditional air conditioning by using advanced cooling techniques, liquid cooling or precision cooling. These techniques often use IoT devices for monitoring temperatures and energy use. However, IoT devices can provide entry points for cyber criminals to access the network and all connected systems. Additionally, IoT devices expand the potential attack surface area.

 By proactively taking steps for each IoT device, organizations can effectively use advanced cooling techniques without significantly increasing their risk. As part of the installation process for each IoT device, administrators should change the preinstalled passwords with complex passwords. Many organizations also use a VPN local virtual private network for IoT devices to limit access to other systems in case of a cybersecurity incident.

2. Extending life of equipment

Purchasing new equipment regularly for a data center increases its environmental impact as well as costs. Many organizations are using upgrades, refurbishments and efficient maintenance to extend the lifespan. However, older equipment may have more cybersecurity vulnerabilities and be less likely to use the latest (and most secure) technologies and techniques. By regularly evaluating the benefits of continuing to use a piece of equipment for sustainability reasons with its cybersecurity risk, organizations can make a balanced decision. Additionally, installing all updates in a timely manner also reduces risk.

Explore cybersecurity services

3. Virtualization

A common technique to reduce resources in data centers is virtualization. Because virtualization involves creating an abstract layer over computer hardware, organizations can use less physical equipment, resulting in lower energy consumption. A single physical server often runs multiple servers. Because virtual servers consume less energy, this often significantly reduces energy consumption.

However, virtual servers contain more entry points for breaches and attacks than physical servers. Additionally, cyber criminals often target the hypervisor that manages the virtual machines. By compromising the hypervisor, threat actors take control of a large portion of the data center and can inflict significant damage, especially through a ransomware attack.

Organizations can reduce their virtualization risk by ensuring that the user privileges for the virtual machines and hypervisor are appropriate for each person’s work-related tasks. By using segmentation in virtualized environments, cyber criminals can only access a small portion of the network and systems, which limits damage. Additionally, organizations should regularly audit which users have escalated privileges in a domain controller to reduce attackers waiting in the wings.

4. Renewable energy sources

By shifting from such as fossil fuels to renewable sources like solar, wind or hydropower, data centers can decrease their reliance on non-renewable energy and reduce the emission of greenhouse gasses. Because solar and wind farms are often in different locations than the data centers themselves, using these energy sources creates a larger attack area that increases the risk. Additionally, each system used for the new energy source adds to the surface area as well. Renewable energy sources also often use the power grid and the internet, which creates new sources of vulnerability. Because these energy sources often contain a high volume of sensitive data, organizations must proactively mitigate the risk of a data breach and compliance issues.

5. Data center infrastructure management (DCIM)

Green data centers typically use a DCIM to monitor and manage all aspects of the data center infrastructure, including power distribution and cooling systems, from a single location. Because of the real-time monitoring of power consumption, organizations can identify issues and make changes quickly to reduce the environmental impact instead of waiting until after the impact has occurred.

Due to its integration with other systems, the DCIM creates a target for attackers to gain access to other data. The high level of integration makes it possible for threat actors to gain access to the DCIM from other interconnected systems. Organizations must focus on creating strong access controls to make sure that only authorized users gain access to reduce data leaks and breaches.

Balancing security and sustainability

Because sustainability is the top concern with a green data center, organizations can inadvertently make decisions that increase cybersecurity vulnerabilities. With a balanced approach that considers both sustainability and cybersecurity, organizations can reduce the environmental impact of their data center while also reducing the risk of a breach or attack.

The post How secure are green data centers? Consider these 5 trends appeared first on Security Intelligence.

Many times a day worldwide, a boss asks one of their team members to perform a task during a video call. But is the person assigning tasks actually who they say they are? Or is it a deepfake? Instead of blindly following orders, employees must now ask themselves if they are becoming a victims of fraud.

Earlier this year, a finance worker found themselves talking on a video meeting with someone who looked and sounded just like their CFO. After the meeting was over, they then dutifully followed their boss’s instructions to send $200 million Hong Kong dollars, which equals $25 million.

But it wasn’t actually their boss — just an AI video representation called a deepfake. Later that day, the employee realized their terrible mistake after checking with the corporate offices of their multinational firm. They had been a victim of a deepfake scheme that defrauded the organization out of $25 million.

Businesses are often deepfake targets

The term deepfake refers to AI-created content — video, image, audio or text — that contains false or altered information, such as Taylor Swift promoting cookware and the infamous fake Tom Cruise. Even the recent hurricanes hitting the U.S. led to multiple deepfake images, including fake flooded Disney World photos and heartbreaking AI-generated pictures of people with their pets in floodwaters.

While deepfakes, also referred to as synthetic media, targeted at individuals typically serve to manipulate people, cyber criminals targeting businesses are looking for monetary gain. According to the CISA Contextualizing Deepfake Threats to Organizations information sheet, threats targeting businesses tend to fall into one of three categories: executive impersonation for brand manipulation, impersonation for financial gain or impersonation to gain access.

But the recent incident in Hong Kong wasn’t just one employee making a mistake. Deepfake schemes are becoming increasingly common for businesses. A recent Medus survey found that the majority (53%) of finance professionals have been targeted by attempted deepfake schemes. Even more concerning is the fact that more than 43% admitted to ultimately falling victim to the attack.

Watch Unmask the Deepfake

Are deepfake attacks underreported?

The key word from the Medus research is “admitted.”  And it raises a big question. Do people fail to report being a victim of a deepfake attack because they are embarrassed? The answer is probably.  After the fact, it seems obvious it was a fake to other people. And it’s tough to admit that you fell for an AI-generated image.  But the underreporting only adds to the shame and makes it easier for cyber criminals to get away with it.

Most people assume that they could spot a deepfake. But that’s not the case. The Center for Humans and Machines and CREED found a wide gap between people’s confidence in identifying a deepfake and their actual performance. Because many people overestimate their ability to identify a deepfake, it adds to the shame when someone falls victim, which likely leads to underreporting.

Why people fall for deepfake schemes

The employee who was tricked by the deepfake of the CFO to the tune of $25 million later admitted that when they first got the email supposedly from his CFO, the mention of a secret transaction made them wonder if the email was actually a phishing email. But once he got on the video, they recognized other members of his department in the video and decided it was authentic. However, the employee later learned that the video images of his department members were also deepfakes.

Many people who are victims overlook their concerns, questions and doubts. But what makes people, even those educated on deepfakes, push their concerns to the side and choose to believe an image is real? That’s the $1 million — or $25 million — question that we need to answer to prevent costly and damaging deepfake schemes in the future.

Sage Journals asked the question about who was more likely to fall for deepfakes and didn’t find any pattern around age or gender. However, older individuals may be more vulnerable to the scheme and have a hard time detecting it. Additionally, the researchers found that while awareness is a good starting point, it appears to have limited effectiveness in preventing people from falling for deepfakes.

However, computational neuroscientist Tijl Grootswagers of Western Sydney University likely hit the nail on the head as to the challenge of spotting a deepfake: it’s a brand new skill for each of us. We’ve learned to be skeptical of news stories and bias, but questioning the authenticity of an image we can see goes against our thought processes. Grootswagers told Science Magazine “In our lives, we never have to think about who is a real or a fake person. It’s not a task we’ve been trained on.”

Interestingly, Grootswagers discovered that our brains are better at detection without our intervention. He discovered that when people looked at a picture of a deepfake, the image resulted in a different electrical signal to the brain’s visual cortex than a legitimate image or video. When asked why, he wasn’t quite sure — maybe the signal never reached our consciousness due to interference from other brain regions, or maybe humans don’t recognize the signals that an image is fake because it’s a new task.

This means that each of us must begin to train our brain to consider that any image or video that we view could possibly be a deepfake. By asking this question each and every time we begin to act on content, we may be able to begin detecting our brain signals that are spotting the fakes before we can. And most importantly, if we do fall victim to a deepfake, especially at work, it’s key that each of us reports all instances. Only then can experts and authorities begin to curb the creation and proliferation.

The post Are successful deepfake scams more common than we realize? appeared first on Security Intelligence.

Grocery store shoppers at many chains recently ran into an unwelcome surprise: empty shelves and delayed prescriptions. In early November, Ahold Delhaize USA was the victim of a cyberattack that significantly disrupted operations at more than 2,000 stores, including Hannaford, Food Lion and Stop and Shop. Specific details of the nature of the attack have not yet been publicly released.

Because the attack affected many digital systems, some stores were not able to accept credit/debit cards, while others had to shut down online ordering. Additionally, Hannaford’s website was offline for several days. Food supply issues have lasted several weeks in some cases, especially in the New England area, illustrating the impact cyberattacks have on people’s everyday lives.

Cybersecurity in the agrifood industry

The importance of cybersecurity in the food supply chain continues to increase as the agrifood industry becomes increasingly digitized. The increase in smart farming means a cybersecurity attack can even impact growing and harvesting. In addition to the production and distribution processes, a cyberattack can even impact food safety. For example, a cyberattack could interfere with technology that monitors food temperature during production, which can lead to contamination.

Cybersecurity is especially key in this industry because one issue in one segment can quickly compound across the globe. Because of the complex process of bringing food from farm to table, a single vulnerability in one small company can have a major impact on the food supply chain. Additionally, many agrifood companies rely heavily on third-party vendors.

“One challenge with ransomware attacks is that they can cause consequences for suppliers or partners of the victim company, in addition to the direct impact on the victim company itself. Considering the integrated and interconnected nature of the food and agriculture industry, a disruption in one company likely will have a cascading [effect],” according to the Farm to Table Ransomware Report by Food Ag ISAC.

For example, many grocery store chains hire vendors to transport products from warehouses to stores. A cyberattack on the transportation company can shut down critical systems, meaning that food does not arrive as scheduled, which leads to empty shelves.

“Attacks targeting suppliers, distributors or logistics providers can lead to delays in product delivery, shortages or the introduction of counterfeit products. Disruptions in the supply chain can have far-reaching consequences, affecting not only the profitability of companies but also impacting food availability and increasing prices for consumers,” reports Food Safety magazine.

According to Forbes, FBI Special Agent Gene Kowel, speaking at the August FBI Agriculture Threats Symposium in Nebraska, said: “The cyber risk and national security threat to farms, ranches and food processing facilities is growing exponentially. The threats are evolving, becoming more complex and severe.” He also stated that the four key threats facing the agriculture sector are ransomware attacks, foreign malware, data and intellectual property theft and bioterrorism impacting food production and the water supply. Additionally, he warned that foreign entities are actively attempting to destabilize the U.S. agriculture industry.

Explore cybersecurity services

Recent agrifood cyberattacks

While grocery stores have dominated the headlines lately regarding agrifood cyberattacks, other companies faced cybersecurity attacks in recent years.

In October 2021, Schreiber Foods, a milk processing company, was the victim of a ransomware attack. According to ZDNET, the attack disrupted the entire milk supply due to a change in the digital processes for milk processing. Wisconsin State Farmer reported that milk deliveries resumed five days after the attack. Additionally, milk transporters were unable to access the building and the company faced a $2.5 million ransomware demand.

The highly publicized attack on JBS, the world’s largest meat-packing company, also happened in 2021. Business was disrupted at 47 locations in Australia and nine locations in the U.S. for five days after Russian hacker group Revil encrypted the organization’s systems. JBS reportedly paid $11 million in ransomware following the attack. The attack also led to some meat shortages as well as temporarily higher meat prices.

Farm and Food Cybersecurity Act

To strengthen cybersecurity in the agrifood industry, the Farm and Food Cybersecurity Act is currently in committee in both the U.S. House of Representatives and the U.S. Senate. A key component of the act is that the secretary of agriculture will conduct a study every two years on cybersecurity threats and vulnerabilities within the agriculture and food sectors.

Additionally, the secretary of agriculture will work with other agencies to conduct an annual cross-sector crisis simulation exercise for food-related cyber emergencies or disruptions.

“Food security is national security, so it’s critical that American agriculture is protected from cyber threats,” says Rep. Elissa Slotkin, D-Mich. “No longer just some tech issue, cyberattacks have the potential to upend folks’ daily lives and threaten our food supply — as we saw a couple of years ago when the meat-packing company JBS was taken offline by a ransomware attack. This legislation will require the Department of Agriculture to work closely with our national security agencies to ensure that adversaries like China can’t threaten our ability to feed ourselves by ourselves.”

Reducing the risk of agrifood cyberattacks

Because of the critical nature of their services in relation to the food supply, all companies involved in the agrifood industry should make cybersecurity a high priority. To help improve cybersecurity in the industry, the Cybersecurity and Infrastructure Security Agency (CISA) recently released a Food and Agriculture Cybersecurity Checklist.

Tips from the sheet include:

• Use strong passwords
• Turn on multi-factor authentication
• Recognize and report phishing
• Update software with new versions and patches
• Use cybersecurity tools to mitigate exposure
• Back up your data
• Develop cybersecurity incident response and recovery plans
• Report cybersecurity incidents to www.cisa.gov/report

While the recent empty shelves in grocery stores are a stark reminder of the importance of cybersecurity, the agrifood industry must stay proactive about addressing cybersecurity risks every day of the year.

The post How cyberattacks on grocery stores could threaten food security appeared first on Security Intelligence.

Organizations often set up security rules to help reduce cybersecurity vulnerabilities and risks. The 2024 Cost of a Data Breach Report discovered that 40% of all data breaches involved data distributed across multiple environments, meaning that these best-laid plans often fail in the cloud environment.

Not surprisingly, many organizations find keeping a robust security posture in the cloud to be exceptionally challenging, especially with the need to enforce security policies consistently across dynamic and expansive cloud infrastructures. The recently released X-Force Cloud Threat Landscape 2024 Report delved into which specific rules are most commonly failing. By understanding key vulnerabilities, organizations can then figure out the best approach for reducing their risks.

“Regulations are increasing, requiring organizations to implement more compliance policies with security top of mind, which puts a lot of overhead on these organizations,” says Mohit Goyal, Product Management at Red Hat Insights. “The Compliance service within Red Hat Insights provides a more elegant way to manage and deploy these policies on systems to get ahead of any gaps.”

Environment influences failure of security rules

During the research, X-Force analyzed two sets of data across the cloud — one set operating in 100% cloud-only environments and the other with a hybrid of 50% to 99% of their Red Hat Enterprise Linux (RHEL) systems in the cloud. Interestingly, researchers found a different set of most failed rules for each of the two different groups.

Goyal says that the team intentionally looked at both environments because Red Hat caters to customers across the hybrid cloud. During the research, the team discovered that in the 100% cloud group, security rules often failed due to misconfiguring assets, meaning that organizations should focus on configuration guidelines. Meanwhile, in the hybrid environment, most failed rules revolved around authentication and cryptography policies.

When asked who is often responsible for the configurations, Goyal says it varies at different organizations. At smaller companies, a single employee often wears multiple hats. However, at larger organizations, the roles are typically well defined with multiple people involved — for example, a system administrator, a security/risk administrator and a compliance administrator.

Top failed rules in organizations with 100% cloud systems

Researchers found that in situations where all data was stored in the public cloud, the most commonly failed rule was configuration and security guidelines for Linux systems. Researchers described this rule as focusing on configuring essential security and management settings in Linux systems. Examples include setting the default zone for the firewall and isolating the /tmp directory on a separate partition to enhance security and manage disk space effectively. The mitigation is configuring the default zone for the firewall service to make sure the network security is properly configured in Red Hat-based systems.

Other top failed rules include:

• Secure mount options for critical directories
• User home directory management
• Service management
• NFS service management

Read the Cloud Threat Landscape Report

Top failed rules in organizations with hybrid environments

After analyzing data within a hybrid environment, researchers found that authentication and cryptography policies often failed. These rules focus on standardizing and securing authentication mechanisms and cryptographic requirements in a given policy. Organizations set these rules to ensure consistent and strong security practices across the system. The mitigation involves authselect to standardize and simplify the management of authentication settings.

Other commonly failed rules in hybrid environments include:

• Account and SSH configuration
• SSH security measures
• Umask configuration
• Process debugging restrictions

Why mitigation commonly fails

Because each rule contains mitigation, a common question from the report was why mitigations so often fail. But the answer is not a simple one. The reasons can include a wide range of factors, including misconfiguration, lack of training and different environments.

“Security, in general, is a complex area, and with the threat landscape constantly changing and evolving, it’s hard to maintain the status quo,” Goyal says. “As new technologies and new requirements come into play and the footprint increases, it ultimately leads to a lot of complexity.”

Goyal predicts that the policies are going to increase in number and only become more complex. Organizations need solutions to keep their head wrapped around the complexities in a way that reduces the burden of operational overhead. By highlighting the gaps, leaders can understand where the risk lies and create a plan to close those gaps.

Reducing rule failures

Confirming that all rules are followed and the mitigation is used correctly when a rule fails is time-consuming, explains Goyal. At large enterprises, cybersecurity professionals bear a lot of burden with complex processes. Team members must constantly optimize and check for security while also completing other tasks. Organizations are increasingly turning to Ansible automation, such as with Red Hat Insights, for more effective and efficient remediation.

With Red Hat Insights, an organization can deploy its compliance policies (i.e.: a PCI or HIPAA data governance policy, etc.) on RHEL systems. After analyzing these systems, Insights then displays the level of compliance/non-compliance of the systems to the organization’s policies; it also recommends actions to address the non-compliance. Organizations can select to deploy the Ansible playbook on the systems with just a few clicks to become compliant again. Because the process is automated, it’s more effective and efficient than manually identifying and remediating each system separately.

“Large enterprises need this ability to help keep their costs in control and prevent security gaps from being exploited by bad actors,” says Goyal.

Cloud security: A shared responsibility

Because multiple organizations are involved in a cloud environment, a key question is often about who bears the responsibility for security — the organization or the vendor. Goyal says that security is a dual responsibility.

“As a vendor to our customer, there is a responsibility to make sure they have a product that is built with its security posture front-and-center and has feature-rich functionality that allows organizations to effectively manage their organizational IT security strategy. However, they have to also configure and deploy the product correctly,” says Goyal. “Additionally, organizations need to make sure that their cloud provider emphasizes operational security. At the same time, organizations also need to take ownership for the security of the configurable components of their environment.”

The post 2024 Cloud Threat Landscape Report: How does cloud security fail? appeared first on Security Intelligence.

The focus on data privacy started to quickly shift beyond compliance in recent years and is expected to move even faster in the near future. Not surprisingly, the Thomson Reuters Risk & Compliance Survey Report found that 82% of respondents cited data and cybersecurity concerns as their organization’s greatest risk. However, the majority of organizations noticed a recent shift: that their organization has been moving from compliance as a “check the box” task to a strategic function.

With this evolution in data privacy, many organizations find that they need to proactively make changes to their approach to set themselves up for the future. Here are five key considerations to get ready for the future of data privacy.

1. Create a process for staying up to date on new and evolving regulations

While data privacy is more than simply compliance, your organization must comply with all regulations first and foremost — or else risk fines and reputational damage. However, regulations are constantly being passed and changed, making it exceptionally challenging to stay up to date. As of September 2024, 20 states had consumer data privacy laws, with legislation pending in numerous other states. While the U.S. does not currently have a federal data privacy law, the American Privacy Rights Act is in the first stage of legislation.

As the data privacy regulation landscape continues to change, organizations must create a process to manage all pertinent regulations, which can be challenging for global companies. Because organizations must comply with the regulations of their customer locations, not the company’s locations, global businesses often find themselves bound by many different regulations. Organizations are increasingly turning to artificial intelligence (AI) with tools that monitor all relevant regulations and ensure compliance, which saves time and reduces fines.

2. Focus on balancing data privacy with analytics and AI goals

AI at the University of Pennsylvania’s Wharton School found that the percentage of employees who used AI weekly increased from 37% in 2023 to 73% in 2024. However, this significant and rapid increase in AI adoption has created significant data privacy issues. Top concerns include a lack of data transparency, new endpoints for vulnerabilities, third-party vendors and potential regulatory gaps. At the same time, businesses not using AI will likely quickly fall behind competitors in productivity and personalization.

Because not using AI is rarely the right business decision, organizations must take a strategic approach to creating a balance between business value and data security. While technology is part of the solution, platforms and systems cannot solve the challenges without a balanced approach. By creating processes and a framework that helps organizations evaluate risks and benefits, businesses can make smart business decisions with regard to data privacy. For example, a company may adopt automation throughout their organization using AI except in use cases that involve sensitive customer and employee data.

Explore data privacy solutions

3. Consider privacy-preserving machine learning (PPML)

By using specific techniques in AI and analytics, organizations can reduce data privacy risks. Many organizations are turning to PPML, which is an initiative started by Microsoft to protect data privacy when training large-capacity language models. Here are the three components of PPML defined by Microsoft:

1. Understand: Organizations should conduct threat modeling and attack research while also identifying properties and guarantees. Additionally, leaders need to understand regulatory requirements.
2. Measure: To determine the current status of data privacy, leaders should capture vulnerabilities quantitatively. Next, teams should develop and apply frameworks to monitor risks and mitigation success.
3. Mitigate: After gaining a full picture of data privacy, teams must develop and apply techniques to reduce privacy risks. Lastly, leaders must meet all legal and compliance regulations.

4. Focus on data minimization

In the past, many businesses defaulted to keeping all — or at least most of — their data for a lengthy period of time. However, all data stored and saved must follow compliance regulations, causing many organizations to use a strategy referred to as data minimization.

Deloitte defines data minimization as taking steps to determine what information is needed, how it’s protected and used and how long to keep it. By taking this measured approach and determining which data to keep, organizations can reduce costs, make it easier to find the right data and improve compliance. Additionally, it’s easier and takes fewer resources to secure a smaller volume of data.

5. Create a culture of data privacy

Just like cybersecurity, data privacy is not simply the job of specific employees. Instead, organizations need to instill the mindset that every employee is responsible for data privacy. Creating a data privacy culture doesn’t happen overnight or with a single meeting. Instead, leaders must work to instill the values and focus over time. The first step is for leaders to become champions, express the shift in responsibility and “walk the walk” in terms of data privacy.

Because data privacy depends on team members following the processes and requirements specified, organizations must not simply dictate the rules but instead must explain the importance of data privacy. When employees understand the risks of not following the processes as well as the consequences to the organization and its consumers, they are more likely to comply.

Additionally, leaders should measure compliance with the processes to determine the current state and then the goal. By then offering incentives, organizations can help encourage compliance as well as stress its overall importance.

Start crafting your data privacy approach now

As your team focuses on planning for 2025 and beyond, now is the time to pause to make sure that your approach and goals align with where the industry is moving. Organizations that understand where data privacy is likely headed and take the steps needed to align their goals with the future of data privacy can be better prepared to more effectively gain business value from their data while still ensuring compliance.

The post Preparing for the future of data privacy appeared first on Security Intelligence.

The new year always kicks off with a flood of prediction articles; then, 12 months later, our newsfeed is filled with wrap-up articles. But we are often left to wonder if experts got it right in January about how the year would unfold. As we close out 2024, let’s take a moment to go back and see if the crystal balls were working about how the year would play out in cybersecurity.

Here are five trends that were often predicted for 2024.

1. The use of artificial intelligence in cybersecurity will increase

As the year began, there was no doubt that artificial intelligence (AI) would be a main character in the year’s events — and that was right on the money. Many organizations began to use or continue using AI in their cybersecurity operations in a wide range of ways. For example, Microsoft’s internal response teams use a large language model to manage requests and tickets based on how they were handled previously, saving 20 hours per person each week.

As the world turned its attention over the summer to the Paris Olympics, the team responsible for keeping the Paris Olympics data, apps, systems and even physical buildings protected turned to AI. While 140 cyberattacks were linked to the Olympics, the teams’ efforts resulted in no disruption of the competitions.

Throughout the entire life cycle of the games, from before the opening ceremony to after the torch left Paris, cybersecurity teams used AI to secure critical information systems, protect sensitive data and raise awareness within the games’ ecosystem. Additionally, algorithmic video surveillance based in AI scanned video to detect abandoned bags, the presence of weapons, unusual crowd movements and fires.

2. Organizations will see more AI-based threats and attacks

Unfortunately, experts were right about cyber criminals also turning to AI technology to more effectively conduct attacks. Threat actors are using AI in a wide range of ways for data breaches and cyberattacks, including improved reconnaissance, better target profiling and lowering expertise required for conducting an attack. Because AI can automate many processes required for an attack, such as vulnerability scanning, exploitation and data exfiltration processes, more cyber criminals now have the skills for even more damaging attacks.

“Since the release of gen AI, attackers are increasingly employing tools along with large language models to carry out large-scale social engineering attacks, and Gartner predicts that by 2027, 17% of total cyberattacks/data leaks will involve generative AI,” wrote Gartner in an August 2024 press release.

IBM distinguished engineer Jeff Crume has no doubt that the trend of cyber criminals using AI for attacks will continue in 2025. He says that cyber professionals do a better job of authentication because attackers are finding it easier to log in than to hack in. While looking for bad grammar and spelling errors now works to spot phishing attacks, he expects that this will no longer work as AI-based phishing attacks hit mass distribution.

Explore cybersecurity services

3. An increase in deepfakes and deceptions

While experts correctly predicted that deepfakes would become more of a threat in 2024, it’s likely no one expected the scale of arguably the most shocking deepfake story of the year. At the beginning of 2024, attackers created a deepfake video call that led to an employee giving the cyber criminals $25 million, which showed the power and damage that deepfakes can cause. But the World Economic Forum expects that the trend will only increase, even declaring that over the next two years, AI-fueled disinformation will be the number one threat in the world.

Throughout the year, other deepfake incidents made headlines. Quantum AI, an AI company, was suspected by the Securities and Exchange Commission of using AI to generate deepfakes on social media to deceive the public that Elon Musk developed the company’s technology. Even the well-received Paris Olympics were not immune to deepfakes, with Russian Group Storm-1679 suspected of creating AI content to discredit the International Olympic Committee. As the year closed out, German citizens saw an increase in AI-based propaganda regarding the upcoming German elections in 2025, including text, images and video.

4. A growing impact of quantum computing on cybersecurity

Ray Harishankar, IBM Fellow, IBM Quantum Safe, predicted that in 2024, “harvest now, decrypt later” attacks would become more common. As the year moved forward, quantum computing became an increasingly top concern, especially the harvest-now attacks. In July, the Office of Management and Budget released the Report on Post-Quantum Cryptography, which urged organizations to prepare their systems and processes for advancements in quantum computing.

During the fall of 2024, the predictions of the quantum’s impact became even more urgent, as symmetric cryptography would be unsafe by 2029, with even asymmetric cryptography fully breakable by quantum technology by 2034.

“That does not mean, however, that the risks are five years away. The prospect of harvest-now, decrypt-later attacks is already a concern, making the post-quantum cryptography transition an urgent priority,” wrote Gartner.

 5. Recession of ransomware attacks

John Dwyer, former Head of Research at IBM X-Force, predicted we might face a ransomware recession as more companies pledged not to pay the ransom. While we wish we could declare this came true, the jury is still out, and likely, we won’t know for sure until all the data is collected from 2024.

However, Wired declared in the summer of 2024 that “ransomware showed no signs of slowing down in 2024 — despite increasing police crackdowns.” In December, Heather Wishart-Smith wrote in her Forbes article The Persistent Ransomware Threat: 2024 Trends and High-Profile Attacks about the increasing dual extortion technique of cyber criminals as an increasing trend in 2024.

All in all, the experts were largely on target with their 2024 predictions. And in the next few weeks, we will start the prediction game all over again as we wonder what’s in the cards for cybersecurity in 2025.

The post 2024 trends: Were they accurate? appeared first on Security Intelligence.

CISA and the FBI recently released a joint statement that the People’s Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat.

According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well as compromised private communications of a limited number of people. Sen. Mark R. Warner (D-Virginia) told the Washington Post that the threat actors listened on audio calls and even moved between networks. As a result, many media sources reported that texts between Android and Apple devices are not secure.

Historic and sophisticated cyberattack

The headlines of the Washington Post deemed it the worst telecom hack in our nation’s history, per a top U.S. senator. On the surface, this seems a bit melodramatic, with only 150 identified victims. However, experts predict the affected number of people will go into the millions. Warner, who serves as chairman of the Senate Intelligence Committee, went as far as to say that Salt Typhoon makes Colonial Pipeline and SolarWinds “look like child’s play.”

The data collected during the attack falls into two categories, reported NBC. The first included call records showing the time and number called, with most records in the Washington, D.C. area. The other included listening to live calls of specific targets, which may include Donald Trump and Kamala Harris.

However, the most concerning aspect of the attack is the national security implications. Richard Forno, Principal Lecturer in Computer Science and Electrical Engineering at UMBC, explained in UMBC Magazine that Salt Typhoon compromised the portals used by U.S. intelligence and law enforcement. As a result, he says that the attackers may have gotten information about which Chinese spies and informants counterintelligence agencies were monitoring, which those targets can then use to avoid detection.

“U.S. officials have said that many of the ways Salt Typhoon penetrated its targets was through existing weaknesses with the infrastructure. As I’ve written previously, failing to implement basic cybersecurity best practices can lead to debilitating incidents for organizations of all sizes. Given how dependent the world is on networked information systems, it is more important than ever to maintain cybersecurity programs that make it difficult for attacks to succeed, especially for critical infrastructure like the phone network,” wrote Forno.

Reducing the risk of Salt Typhoon

With words like espionage and intercepting texts thrown around, the biggest question on people’s minds is how to protect themselves from this threat. Many experts are currently recommending using encrypted apps, such as WhatsApp and X, instead of traditional texting.

“Encryption is your friend, whether it is on text messaging or if you have the capacity to use encrypted voice communications, even if the adversary is able to intercept the data if it is encrypted, it will make it impossible, if not really hard, for them to detect it. So, our advice is to try to avoid using plain text,” said Jeff Greene, CISA Executive Assistant Director for Cybersecurity, during a press briefing reported by USA Today.

Forbes also reported that an FBI official recommended citizens use a cell phone that automatically receives timely operating system updates. Additionally, the phone should have responsibly managed encryption and phishing-resistant multi-factor authentication (MFA) for email, social media and collaboration tool accounts.

“So it’s somewhat ironic that one of the countermeasures recommended by the government to guard against Salt Typhoon spying is to use strongly encrypted services for phone calls and text messages – encryption capabilities that it has spent decades trying to undermine so that only ‘the good guys’ can use it,” wrote Forno.

To learn how IBM X-Force can help you with anything regarding cybersecurity including incident response, threat intelligence, or offensive security services schedule a meeting here.

If you are experiencing cybersecurity issues or an incident, contact X-Force to help: US hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034.

The post FBI, CISA issue warning for cross Apple-Android texting appeared first on Security Intelligence.

December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.

Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment expecting the most spending growth, with security software coming in second and network security as the third area of growth.

“The continued heightened threat environment, cloud movement and talent crunch are pushing security to the top of the priorities list and pressing chief information security officers (CISOs) to increase their organization’s security spend,” said Shailendra Upadhyay, Senior Research Principal at Gartner in a recent press release. “Furthermore, organizations are currently assessing their endpoint protection platform (EPP) and endpoint detection and response (EDR) needs and making adjustments to boost their operational resilience and incident response following the CrowdStrike outage.”

Factors contributing to the increase in spending

While spending decisions and increases are likely due to many different reasons, Gartner points to two main reasons for the predicted increase.

• Generative AI: Garter said that because of organizations using Generative AI, they will need to take additional steps to secure their environment. The IBM Framework for Securing Generative AI lays out five steps: Securing the data, securing the model, securing the usage, securing AI model infrastructure and establishing sound AI governance. Many organizations will need to purchase additional software, such as application security, data security and privacy and infrastructure protection, due to the increased use of generative AI.
• The global skills shortage: Many organizations are facing a skills shortage where they do not have the in-house talent to manage their cybersecurity needs. As a solution, many are hiring help to reduce their risks, such as security consulting services, security professional services and managed security services. Gartner points to the costs of these services as a driving factor in high predicted spending, making services a high-growth area of cybersecurity.

Explore cybersecurity services

Creating your cybersecurity budget

Instead of simply making a single line item on your organization’s budget that encompasses cybersecurity, accurate budgeting starts with breaking out all of the components of an effective cybersecurity program.

Consider the following in your budget:

• Labor costs: Besides salaries for all full-time employees, consider any additional services you need to purchase. For example, outsourcing penetration testing falls into this line item. Additionally, consider if you need to hire managed services for any portion of your cybersecurity.
• Technology: Think about all types of software needed, which includes antivirus, encryption tools and firewalls. Consider if you will be using generative AI for cybersecurity as well as additional tools needed to protect the organization from attacks on generative AI tools used for daily business tasks. Be sure to also include hardware costs, such as any infrastructure upgrades needed to run any new technological tools, especially generative AI.
• Training: Many organizations only consider the budget for training and certifications for their cybersecurity staff. However, be sure to allocate funds for cybersecurity training for the entire organization. By thinking outside the box and setting aside sufficient funds, you can make a big impact in reducing cyberattacks caused by employee errors.
• Incident Response: After a breach or attack happens, organizations need funds to contain the breach and manage the response. Costs that often occur include legal fees, PR firms, overtime, data breach notification, identity theft protection and loss of revenue.

Budget can affect employee stress

While many organizations consider business disruption and potential risk when creating their cybersecurity budget, many overlook how the budget impacts the cybersecurity team.

The ISACA State of Cybersecurity 2024 and Beyond found that 66% of cybersecurity professionals stated their role is more stressful. Not surprisingly, the top reason (81%) stated was that the threat landscape is increasingly complex. However, the budget being too low (45%) tied for second with worsened hiring retention challenges and staff not being skilled/trained.

The report found that more than half (51%) felt that their budgets were underfunded, an increase from 47% sharing that sentiment in 2023. Additionally, only 37% expect that their budgets will increase in 2025. Adding to the stress, only 40% had a high confidence that their team was prepared to handle a cyberattack. While at the same time, 47% expect a cyberattack on their organizations.

Reducing employee stress while budgeting for 2025

As business leaders are working on budgets, here are some ways to reduce employee stress related to the 2025 budget.

• Include your hands-on cybersecurity team members in the budget discussions. When employees feel that their perspectives and ideas are heard, they are less likely to be resentful. Additionally, they can see first-hand the tradeoffs involved in budgeting as well as the impact of each decision on other line items. 
• Ask employees to share their current challenges. By starting with understanding their problems, you can then use these issues to drive the budget decisions. If team members jump to the technology solutions, steer them back to first discussing the problems.
• Have your cybersecurity team research and get estimates. Once you move to the solution portion of budgeting, ask cybersecurity team members to research tools and get estimates. Since they will be the ones using the tools on a daily basis, getting their buy-in on specific solutions can help increase satisfaction as well as improve the accuracy of the budget.
• Show team members the draft budget. Budgeting often means making hard decisions. By showing the team the draft budget and asking for their input, they feel heard and also can see the tradeoffs that are necessary as part of the budgeting process.

While the increase in cybersecurity spending is a positive trend overall, the most important thing is how companies use their higher investments. By making the right choices for your specific organization, you can reduce risk while also improving employee satisfaction.

The post Making smart cybersecurity spending decisions in 2025 appeared first on Security Intelligence.