Tag: Security

Akamai Research Shows AI-Powered Attacks are Targeting Undersecured APIs

by Amy Larsen DeCarlo, posted in Secure
Headshot of a woman with long blonde hair, wearing a black jacket over a beige sweater, smiling against a light blue background.
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• APIs are an alluring target for threat actors now with the average number of daily API attacks soaring by 113% versus last year.

• More than 60% of the attacks in 2025 were affiliated with unauthorized workflows and activity that veered from the norm; indicators that are cybercriminals shifted from conventional web breaches to behavior-based incidents.

AI is changing the threat landscape, and it is doing so at lightning speed. Aggressive threat actors are putting the technology to work to expedite endpoint discovery and improve overall efficiencies. This has left enterprises flat-footed, often missing breaches until the real losses are finally discovered.

Continue reading “Akamai Research Shows AI-Powered Attacks are Targeting Undersecured APIs”

EY Survey Reveals Enterprises are Investing in AI to Repel Adversaries Weaponizing the Very Same Technology

by Amy Larsen DeCarlo, posted in Secure
A professional portrait of a woman with long blonde hair, wearing a black jacket and a light-colored top, smiling against a soft blue background.
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• Ninety-six percent of the security leaders surveyed see AI as a core element in their cybersecurity strategy that they are already deploying

• However, that same number perceive AI-driven attacks as serious threats to their organization

Cybersecurity is a delicate balancing act, requiring organizations to mount multi-layered defenses without causing the kind of friction that can impede productivity. An effective defense also requires the adequate funding to ensure the appropriate technical and personnel resources are in place to protect enterprise assets. With AI as an active part of the cybersecurity conversation, there are more angles for IT organizations to consider as both a proactive tool and an offensive weapon.

Continue reading “EY Survey Reveals Enterprises are Investing in AI to Repel Adversaries Weaponizing the Very Same Technology”

Geopolitical Conflicts Driving New Resilience Imperative for Critical Infrastructure

by Dustin Kehoe, posted in Secure
A smiling middle-aged man in a suit and tie, standing in front of a blue background with digital patterns.
D. Kehoe

Summary Bullets:

• Geopolitical conflicts are forcing providers of critical national infrastructure to revisit and double down on the securing of supply chain to reduce operational risks and improve auditability.

• This is forcing businesses to unify cyber security with enterprise-wide operational resiliency. This is both the highest priority and greatest challenge.

In times of war, a rise of nationalism, global tariffs, and market volatility, mixed in with unhealthy doses of geopolitical tensions, state-assisted cyber-attacks targeting critical national infrastructure (CNI) are on the rise. Unlike other sectors, CNI are the core systems that underpin the functioning or delivery of essential services. CNI is also vital for the running of the economy. Major sectors such as transportation, utilities (e.g., energy, water), banking, health care, government services, telecoms, etc. fall within this group. While these sectors have always been required to guarantee confidentiality, integrity, and availability of information crucial to their operations at a higher standard compared to other sectors, it is the supply chain which is the weakest link. This has the greatest number of threat vectors from brute-force attacks, exploitation of software vulnerabilities to various strains of malware and ransomware attacks happens here.

Continue reading “Geopolitical Conflicts Driving New Resilience Imperative for Critical Infrastructure”

OpenText Survey Shows AI is Driving MSP Growth but a Skill Deficit Remains an Issue

by Amy Larsen DeCarlo, posted in Secure
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• In its annual Global Managed Security survey of 1,019 managed services providers (MSPs) in the US, Canada, and the UK, security vendor OpenText uncovered a big delta between the desire to exploit SMB demand for AI-driven solutions and the capability of these providers to deliver the essential support.

• Approximately 92% said they are seeing growth driven by client interest in AI but only half have the adequate resources and expertise to help clients deploy these solutions.

Organizations of all sizes are boarding the AI bandwagon. For smaller businesses lacking internal AI expertise, adoption often requires the support of an external provider. Unfortunately, that same resource limitation also plagues many of the MSPs SMBs seek out for AI support. In a recent OpenText survey of 1,019 security practitioners, IT managers, and customer relationship managers, in the coming year 96% expect to see growth in demand driven by interest in AI. However, half said a combination of factors leaves them under-prepared to support SMB AI needs, including a lack of internal expertise, too many disparate tools to manage, and the lack of standardization across different client environments.

Continue reading “OpenText Survey Shows AI is Driving MSP Growth but a Skill Deficit Remains an Issue”

Enterprises Take Up Arms Against Perilous Threats but Still Struggle with Unwieldy Security Tools

by Amy Larsen DeCarlo, posted in Secure
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

  • Enterprises are under constant threat with no signs of abatement. The Verizon 2025 Data Breach Investigations Report (DBIR) notes a 37% rise in ransomware versus 2024.
  • Cisco’s May 2025 State of Security Report found that 59% of the 2,058 security professionals surveyed spend excessive resources maintaining tools and affiliated workflows.

The nature of cybersecurity is dynamic, as the threat landscape is in constant flux, making the discipline a daunting exercise environment for security practitioners. Even well-resourced organizations struggle to manage risk effectively as bad actors apply a combination of advanced technology and sophisticated techniques to exploit enterprise vulnerabilities. Verizon’s 2025 Database Investigations Report (DBIR), an examination of 22,052 security incidents, 12,195 of which were verified to be data breaches, found that in 20% of all breaches, vulnerabilities were the entryway for a breach. This makes it the second most common initial avenue for a breach, just behind credential abuse.

Continue reading “Enterprises Take Up Arms Against Perilous Threats but Still Struggle with Unwieldy Security Tools”

IoT Security is Still a Major Barrier to Adoption

by Kitty Weldon, posted in Mobilize

Kathryn Weldon – Research Director, Business Network and IT Services – Americas

Summary Bullets:

• IoT security still comes up as the number one deterrent to IoT adoption, year after year (after year!).

• While point solutions abound, the complex supplier ecosystem coupled with the diversity of IoT use cases and device types makes this a hard nut to crack.

Considering the fact that every survey ever conducted among enterprises over the last five years about IoT has shown that the number one barrier to adoption is lack of security, we would have expected the supplier ecosystem to finally “fix” this problem once and for all. But instead, with the advent of massive proliferation of IoT devices upon us, coupled with an occasional high-profile breach, enterprises are more cautious than ever and rightly so. Continue reading “IoT Security is Still a Major Barrier to Adoption”

Deutsche Telekom’s Car SOC is Ready to Protect Drivers—Is the Auto Industry?

by John Marcus, posted in Secure

J. Marcus

Summary Bullets:

• Connected cars are vulnerable to the same threats facing any Internet user or device

• Deutsche Telekom proposes its Car SOC to the industry, but as of today no one is responsible for protecting drivers from cyber attacks

Connected cars, like anything else using the Internet, are exposed to a range of vulnerabilities most drivers dare not even contemplate. Even without being connected, the digital technology in place is at risk from attackers, whether through the cloning of remote control key entry and engine starting, or from malware introduced to internal systems via infected diagnostic tools at the local garage. Continue reading “Deutsche Telekom’s Car SOC is Ready to Protect Drivers—Is the Auto Industry?”

Dear Intel, Here’s Why Selling Intel Security Would be a Huge Mistake

by Eric Parizo, posted in Secure
Summary Bullets:
• A rumored sale of its security business would be a major mistake for Intel.

• Intel Security has strong legacy products, promising new ones, winning leadership and strategy, and presents synergistic opportunities key to Intel’s future.

I’m not sure what surprised me more: Sunday’s Financial Times report that Intel was exploring a sale of its security division, or that industry observers and partners alike seem to be either indifferent or actually in favor of such a dramatic move.

Current Analysis believes a sale of Intel Security or its assets would be a mistake, for a variety of reasons. Here’s a brief look at the value Intel Security provides its parent:

Continue reading “Dear Intel, Here’s Why Selling Intel Security Would be a Huge Mistake”

Google’s New “Android for Work” Program Actually Puts BYOD to Work

by , posted in Big Data

Brad Shimmin
Brad Shimmin

Summary Bullets:

  • Google has at last launched its Android for Work program, prioritizing Android devices within the workplace through the separation of personal and professional data profiles.
  • But don’t look for Google to secure this data on its own; instead customers can look to partners AirWatch, MobileIron, SAP, Soti, MaaS360, Citrix, and others for full bore data security in the workplace.

Forget the Apple iOS and Google Android user wars. It doesn’t matter which one wins a user’s heart. In the enterprise, any enterprise willing to embrace the BYOD mindset, such questions just don’t matter. What’s important is the ability to make manageable and secure whatever crazy device users decide to bring into the workplace. But that’s never been an easy proposition. Continue reading “Google’s New “Android for Work” Program Actually Puts BYOD to Work”

Marking HTTP Sites as Insecure: The Emperor’s New Clothes Indeed!

by , posted in Network

Mike Fratto
Mike Fratto

Summary Bullets:

  • Users don’t have a way for readily knowing when a site should be protected using SSL/TLS or not, and Google engineers are proposing yet another indicator.
  • A better use of their time would be in working with existing standards efforts – or starting a new one – that let site owners indicate when a site should be protected.

Google is using its size in the web arena to affect changes in how users view the relative “security” of websites. I put security in scare quotes because that word has a dubious meaning at best and more likely doesn’t mean what the company intends. The short story is that Google wants a way to indicate to end users that a page which is not properly protected using TLS – the current, improved version of SSL – is not secure. Continue reading “Marking HTTP Sites as Insecure: The Emperor’s New Clothes Indeed!”