Here is collection of some cyber security trends and predictions for 2025 from various sources:
Pimeän verkon keskustelut paljastavat: Tällaista kyytiä on luvassa vuonna 2025
Keskustelut paljastavat ensi vuoden uhkakuvat.
https://www.is.fi/digitoday/tietoturva/art-2000010908617.html
VPN provider NordVPN has partnered with researchers at NordStellar to predict the cyber threats of 2025. The companies analyzed the largest dark web forums to identify the most talked about and trending topics. These include:
Advanced disinformation services
Stolen digital identities
AI-based social engineering
Smart home vulnerabilities
The state of connected homes is already fragile, NordVPN warns.
Kyberturvallisuuden ja tekoälyn tärkeimmät trendit 2025
https://www.uusiteknologia.fi/2024/11/20/kyberturvallisuuden-ja-tekoalyn-tarkeimmat-trendit-2025/
Security firm Palo Alto Networks has released a comprehensive list of emerging threats and the impact of advances in artificial intelligence (AI) for the coming year. While they present their own risks, they also help malicious actors seek help to exploit the new capabilities of AI.
Cyber infrastructure is focused on one unified security platform
Large amounts of data give an advantage against new entrepreneurs
Businesses are increasingly adopting secure enterprise browsers
In 2025, more attention will be paid to the energy impacts of artificial intelligence
The realities of quantum technology will become clearer in 2025
Security and marketing directors work more closely together
Kyberhyökkäykset ovat entistä laajempia, röyhkeämpiä ja vahingollisempia.
https://www.verkkouutiset.fi/?p=694453#9c1dc2d3
Cybersecurity company Fortinet has published a cyber threat forecast for 2025. According to it, threat actors will continue to rely on many traditional tactics that have been used for decades.
According to the report, the following cyber threats will be increasingly seen around the world starting next year.
Cybercriminals specialize in certain stages of the attack chain
Attacks on cloud environments are becoming more common
Automated hacking tools on dark web sales platforms
Real-life threats become part of attackers’ tactics
Anti-attack groups expand cooperation
A grim forecast for 2025
Security company warns of new-age cyberattacks.
https://www.iltalehti.fi/digiuutiset/a/3ba5142e-f0ee-43fe-8bd2-4468a9d2d5bd
According to security company Fortinet, many cybercriminals are making better attacks than before, which is not a good thing at all. In addition, old protection methods may not be enough as criminals find new ways to attack.
The company’s Fortiguard Labs team has compiled an updated threat forecast report for 2025, which underlines that cyberattacks are becoming more targeted and harmful, for example, as turnkey cyberattack services become more common.
1 Specialization
2 Cloud and artificial intelligence as themes
3 Real-life threats are part of the tactic
Fortinet reminds us that the responsibility for ensuring information security lies with everyone, not just corporate security and IT teams.
– No single organization or security team can prevent cybercrime on its own, it underlines.
Guidance to survive 2025:
Product Security Bad Practices
https://www.cisa.gov/resources-tools/resources/product-security-bad-practices
MITRE shares 2024′s top 25 most dangerous software weaknesses
https://www.bleepingcomputer.com/news/security/mitre-shares-2024s-top-25-most-dangerous-software-weaknesses/
Six password takeaways from the updated NIST cybersecurity framework
https://www.bleepingcomputer.com/news/security/six-password-takeaways-from-the-updated-nist-cybersecurity-framework/
140 Comments
Tomi Engdahl says:
Uusi tunnistuskeino korvaamaan perinteiset salasanat
https://www.uusiteknologia.fi/2025/02/14/uusi-tunnistuskeino-korvaa-perinteiset-salasanat/
Jyväskylän yliopiston tutkijat ovat kehittäneet uuden monivaiheisen tunnistautumismenetelmän, joka voi korvata nykyiset perinteiset salasanat. Uuden menetelmän kehittäneen SAFE-tiimin mukaan kyseessä on yksi maailman ensimmäisistä inklusiivisista tunnistautumisratkaisuista. Menetelmän kehitystyö jatkuu uuden startup-yrityksen Sala Secure Oy:ssa.
Jyväskylän yliopiston tutkijoiden kaksivuotisen hankkeen tavoitteena oli kehittää uusi monivaiheisen tunnistautumisen (MFA) menetelmä. SAFE-nimellä kulkenut hanke on nyt päättynyt, ja tiimi on rakentanut sen aikana toimivaksi osoittautuneen konseptin nimeltään SalaLogin. Hanke kehitettiin Business Finlandin Research to Business -rahoituksella.
Tutkijoiden kehittämässä SalaLogin-nimisessä ratkaisussa perinteiset salasanat korvataan luotetun laitteen, biometriikan sekä vihjeiksi ja salaisuuksiksi nimettyjen koodien avulla. Rekisteröitymisen yhteydessä luodaan yhteensä kuusi salaista koodia, jotka käyttäjä muistaa lopun elämäänsä.
Uudessa tunnistautumismenetelmää voidaan käyttää yhtäaikaisesti useilla digitaalisilla tileillä niin henkilökohtaisessa elämässä kuin työelämässä. Tällöin useiden salasanojen muistaminen ja vanhojen salasanojen uudelleen käyttäminen tulee tarpeettomaksi.
Voisiko uusi suomalaistekniikka korvata salasanat?
https://etn.fi/index.php/13-news/17156-voisiko-uusi-suomalaistekniikka-korvata-salasanat
Jyväskylän yliopiston tutkijat ovat kehittäneet uudenlaisen monivaiheisen tunnistautumismenetelmän, joka voi mullistaa digitaalisen tunnistautumisen. SalaLogin-niminen ratkaisu korvaa perinteiset salasanat biometriikan sekä käyttäjän itse luomien vihjeiden ja salaisuuksien avulla, mikä tekee siitä turvallisemman ja helpomman käyttää.
Salasanat ovat edelleen yleisin tunnistautumismenetelmä, mutta niiden käyttöön liittyy merkittäviä ongelmia. Vuonna 2024 internetin käyttäjällä on keskimäärin 168 salasanaa, ja monien on vaikea hallita niitä kaikkia. Tämä johtaa riskialttiiseen käyttäytymiseen, kuten heikkojen salasanojen luomiseen ja saman salasanan uudelleenkäyttöön eri palveluissa.
Tilastojen mukaan jopa 80 prosenttia tietoturvaloukkauksista johtuu heikoista tai uudelleenkäytetyistä salasanoista. Tietomurrot aiheuttavat vuosittain merkittäviä taloudellisia menetyksiä sekä yksityishenkilöille että yrityksille. Jyväskylän yliopiston SAFE-projektin tutkijoiden tavoitteena on ollut kehittää ratkaisu, joka eliminoi nämä riskit.
Miten SalaLogin toimii?
Perinteisten salasanojen sijaan SalaLogin käyttää kolmiportaista tunnistautumista:
Käyttäjä antaa sähköpostinsa palveluun kirjautuessaan.
Biometrinen tunnistautuminen – Käyttäjä tunnistautuu esimerkiksi sormenjäljellä tai kasvojentunnistuksella.
Käyttäjä valitsee oikean vaihtoehdon kuudesta aiemmin luodusta salaisesta koodista.
Ratkaisun etuna on, ettei käyttäjän tarvitse jatkuvasti muistaa uusia salasanoja tai käyttää monimutkaisia salasananhallintasovelluksia. Rekisteröitymisen yhteydessä luotavat kuusi salaista koodia on suunniteltu pysymään käyttäjän muistissa vihjeiden ansiosta.
- Halusimme kehittää tunnistautumismenetelmän, joka on sekä helppokäyttöinen että turvallinen. Testikäyttäjät kertoivat yllättyneensä siitä, miten helposti he muistivat salaiset koodinsa vihjeiden avulla. Lisäksi moni koki tunnistautumisen hauskana ja stressittömänä, kertoo SAFE-projektin johtava tutkija Naomi Woods.
Tomi Engdahl says:
The cybersecurity crossroads: AI and quantum computing could save or endanger us
AI enhances cybersecurity by detecting threats in real-time, yet hackers exploit it for advanced attacks; meanwhile, quantum computing threatens encryption, risking sensitive data; the future of cybersecurity depends on how quickly defenses evolve to counter these threats
https://www.ynetnews.com/business/article/bjpsrj9y1g
Tomi Engdahl says:
NIS2-direktiivissä on korkeakoulujen kokoinen vuotava aukko
https://etn.fi/index.php/13-news/17159-nis2-direktiivissae-on-korkeakoulujen-kokoinen-vuotava-aukko
Euroopan unionin uusi NIS2-direktiivi tiukentaa kyberturvallisuusvaatimuksia monilla sektoreilla, mutta jättää korkeakoulutuksen ja tutkimuksen suojauksen huolestuttavan kevyelle tasolle. Tampereen korkeakouluyhteisön CISO-johtaja Juha Malmivaaran mukaan tämä on vakava turvallisuusriski, sillä korkeakoulut ovat jo nyt kansainvälisen tiedustelun ja kyberhyökkäysten kohteena.
Malmivaara esitti perjantaina Disobey-hakkeritapahtuman Prevent-esiseminaarissa, että korkeakoulut eivät ole virallisesti huoltovarmuuskriittisiä toimijoita, mutta niiden kautta kulkee valtava määrä sensitiivistä tietoa, joka kiinnostaa kansainvälisiä toimijoita. Malmivaaran mukaan erityisesti Venäjä, Kiina, Iran ja Pohjois-Korea ovat aktiivisesti kiinnostuneita suomalaisista tutkimuslaitoksista.
Tämä ei ole yllättävää – suomalaisissa yliopistoissa kehitetään teknologiaa, jolla voi olla myös sotilaallisia käyttötarkoituksia. Esimerkkejä ovat 6G-verkot, droonitekniikka ja signaaliviestintä. Lisäksi EU:n Chips Act -hanke, jolla pyritään vähentämään riippuvuutta Kiinan ja Taiwanin siruvalmistuksesta, tekee suomalaisista tutkimuslaitoksista entistä houkuttelevamman kohteen ulkomaisille toimijoille.
Tomi Engdahl says:
Nykyisellään NIS2-direktiivi ei velvoita korkeakouluja tiukkoihin kyberturvallisuuskäytäntöihin, vaikka ne kehittävät kriittistä teknologiaa. Tämä on aukko, joka voi osoittautua kohtalokkaaksi.
Tomi Engdahl says:
Rising Tides: Lesley Carhart on Bridging Enterprise Security and OT—and Improving the Human Condition
In the latest edition of “Rising Tides” we talk with Lesley Carhart, Technical Director of Incident Response at Dragos.
https://www.securityweek.com/rising-tides-lesley-carhart-on-bridging-enterprise-security-and-ot-and-improving-the-human-condition/
Lesley’s takes are hot but also realistic and attainable. For example, if we can come together to bridge the critical complexities that often put enterprise security and operational technology (OT) at odds, something Lesley is extremely passionate about, we can accelerate security progress.
As a very open nonbinary and trans person, Lesley says, that while our cybersecurity industry is “much better than a lot of IT fields in support for neurodiverse, LGBTQIA+, and other non-traditional members of the workforce,” there is still sometimes threatening levels of backlash, especially for the queer community.
And, of course, we had to touch on the potential need for increased cybersecurity diligence overall with the new U.S. presidential administration, especially from an industrial controls systems perspective, and their overall “magic genie” wish for more critical thinking skills about biases, gauging cause and effect, identifying disinformation, and threat modeling.
Tomi Engdahl says:
Russian Seashell Blizzard Hackers Have Access to Critical Infrastructure: Microsoft
A subgroup of the Russia-linked Seashell Blizzard is tasked with broad initial access operations to sustain long-term persistence.
https://www.securityweek.com/russian-seashell-blizzard-hackers-gain-maintain-access-to-high-value-targets-microsoft/
Tomi Engdahl says:
According to the current OWASP Top 10 for LLM Applications 2025 (PDF), the number one risk for gen-AI applications comes from ‘prompt injection’, while the number two risk is ‘sensitive information disclosure’ (data leakage). With large organizations each developing close to 1,000 proprietary AI apps, Pangea’s new products are designed to prevent these apps succumbing to their major risks.
OWASP Top 10 for LLM Applications 2025
https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/
Tomi Engdahl says:
ICS/OT
Free Diagram Tool Aids Management of Complex ICS/OT Cybersecurity Decisions
https://www.securityweek.com/free-diagram-tool-aids-management-of-complex-ics-ot-cybersecurity-decisions/
Admeritia has launched Cyber Decision Diagrams, a free tool designed to help organizations manage complex decisions related to ICS/OT cybersecurity.
Admeritia has announced the availability of a new tool designed to help organizations manage complex cybersecurity decisions related to industrial control systems (ICS) and other operational technology (OT).
The newly launched tool, named Cyber Decision Diagrams (CDD), is available for free as a web-based application. The tool allows users to create simple diagrams that can enable them to more easily communicate cybersecurity thoughts and decisions.
Admeritia, a Germany-based ICS/OT cybersecurity company, says it does not track or save any data provided by the user to create the diagrams. Diagrams can be downloaded in PDF format.
The tool walks the user through five steps. In the first step, the user is asked to define a high-consequence event (HCE), which represents the worst case scenario that a cyberattack can cause to the organization, such as a reactor exploding, a power blackout, a customer data leak, loss of production, or inadequate product quality.
The user is then instructed to set a real-world anchor, which represents the cyber system that is closest to the HCE. This can be a device such as an IT client, a field device, a SCADA system, or a controller.
https://cyber-decision-diagrams.com/
Tomi Engdahl says:
Using Linux at the Endpoint: Taking Zero Trust to a New Level
https://www.networkcomputing.com/network-management/using-linux-at-the-endpoint-taking-zero-trust-to-a-new-level
As cyber threats continue to evolve, the need for secure endpoint operating systems becomes paramount. Linux, with its robust security features and alignment with Zero Trust frameworks, offers a compelling solution for organizations aiming to enhance their cybersecurity posture.
In the realm of cybersecurity, the concept of Zero Trust is more critical than ever. As organizations strive to protect their digital assets from a myriad of threats, the operating systems (OS) they choose for their endpoints play a significant role in their overall security posture. Linux, with its robust security features, lightweight, and flexibility, is increasingly becoming a preferred choice for endpoints used for end-user computing. Consider the following security advantages of using a Linux-based OS at the endpoint to elevate your organization’s security posture.
The Rise of Linux in Endpoint Security
Linux has long been associated with servers and enterprise environments, but its adoption at the endpoint is on the rise. According to a report by IDC, the market for Linux-based desktops and laptops is expected to grow by 12% annually through 2025. This growth is driven by the increasing recognition of Linux’s security benefits and the need for more secure operating systems in the face of rising cyber threats. These benefits include:
Open-Source Nature: One of the primary security advantages of Linux is its open-source nature. This transparency allows for continuous peer review by a global community of developers, which helps quickly identify and patch vulnerabilities. Enterprise-grade premium Linux OS solutions for the endpoint benefit greatly from this open-source transparency, enabling rapid community escalation and resolution of any identified security gap.
Reduced Attack Surface: Enterprise Linux distributions, particularly those built to be secure by design, offer a minimal attack surface and read-only architecture. By default, unnecessary applications, services, and ports are disabled, reducing the opportunities for attackers to exploit vulnerabilities.
Enhanced Privilege Management: Linux employs a strict user privilege model. Users operate with limited permissions, and administrative tasks require explicit elevation of privileges (using commands like sudo). This reduces the risk of malware gaining high-level access.
Customizable Security Frameworks: Tools like SELinux (Security-Enhanced Linux) and AppArmor provide robust mechanisms for enforcing security policies and isolating applications. These frameworks can be tailored to the specific needs of an organization, offering granular control over system behavior.
Regular Security Updates: The Linux community and major distributions like Ubuntu, Fedora, and Debian are diligent about releasing regular security updates. Commercial endpoint Linux OS solutions also consistently deliver security updates “over the air” for rapid updates and deployment. This proactive approach helps promptly mitigate new threats.
Centralized Management: In an enterprise endpoint deployment leveraging a Linux OS, it is critical to have the ability to centrally manage, update, and control all aspects of the security of the system and the overall user experience and workflows. From a Zero Trust perspective, this system should only allow things explicitly enabled by the management system, more of an as-needed, opt-in approach.
Implementing Zero Trust with Linux Endpoints
Zero Trust is a security model that operates on the principle of “never trust, always verify.” Linux’s inherent security features make it an excellent fit for implementing a Zero Trust architecture. In fact, a study by the Ponemon Institute revealed that organizations using Linux at the endpoint experienced 60% fewer security incidents compared to those using other operating systems. Furthermore, Linux’s open-source nature contributed to a 40% faster response time in patching vulnerabilities, reducing the window of exposure to potential threats.
The most advanced Linux OS solutions for the endpoint employ a preventative approach to security, which is optimized for SaaS, DaaS, and VDI environments to deliver a great cloud-first user experience without the security risk. Using a read-only OS, every system reboot undergoes a series of integrity checks to ensure the OS is delivered in a known good state. Further, no local data is stored or persists across reboots, and by default, limits the ability to use externally connected USB storage, which can be a pathway for exfiltration of corporate data. Finally, advanced Linux OS solutions for the endpoint are tested and validated with a full range of authentication, SSO, networking, DEX, and SASE partners to further secure devices from cyber risk.
The resulting secure endpoint OS is ideally suited for a range of vertical industries.
Superior Endpoint Security Using the Power of Linux
As cyber threats continue to evolve, the need for secure endpoint operating systems becomes paramount. Linux, with its robust security features and alignment with Zero Trust frameworks, offers a compelling solution for organizations aiming to enhance their cybersecurity posture. By adopting Linux at the endpoint, businesses can take their Zero Trust strategy to a new level, ensuring a more secure and resilient IT environment.
The security of using a Linux-based OS at the endpoint is not just a theoretical advantage but a practical reality demonstrated by real-world use cases. As more organizations recognize these benefits, the adoption of Linux for endpoint security is poised to grow, setting a new standard in the fight against cyber threats.
Tomi Engdahl says:
https://www.networkcomputing.com/network-management/10-free-network-analysis-tools
https://opensource.com/article/19/2/network-monitoring-tools
Tomi Engdahl says:
https://www.metricfire.com/blog/9-best-open-source-network-monitoring-tools/
Tomi Engdahl says:
Role-based access control (RBAC) vs. Attribute-based access control (ABAC)
https://www.youtube.com/watch?v=rvZ35YW4t5k
Exploring the realms of access control, authentication, and authorization as you attempt to choose the best access control model for your organization? In this video, IBM Distinguished Engineer and Adjunct Professor Jeff Crume explains the pros and cons of Roles-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC), and how they shape access decisions in real-world scenarios.
00:06 – Access control defines who you are and what you can do.
01:03 – Access control defines user permissions in a hospital environment.
01:56 – Introducing roles simplifies user access management in RBAC.
02:57 – RBAC simplifies access by assigning roles to users.
03:47 – ABAC considers various user attributes for access control.
04:45 – Attribute-based access control (ABAC) provides dynamic access compared to RBAC’s fixed roles.
05:44 – A hybrid approach combines RBAC and ABAC for effective access control.
06:44 – Access is granted or denied based on decisions made by RBAC or ABAC.
Tomi Engdahl says:
RBAC vs. ABAC vs. ReBAC in under 5 minutes
https://www.youtube.com/watch?v=enztHVaMiMc
Tomi Engdahl says:
What Is Single Sign-on (SSO)? How It Works
https://www.youtube.com/watch?v=O1cRJWYF-g4
Tomi Engdahl says:
https://en.wikipedia.org/wiki/Zero_trust_architecture
Tomi Engdahl says:
https://www.xda-developers.com/use-prebuilt-hardware-firewall-instead-of-making-one/
Tomi Engdahl says:
https://blog.cloudflare.com/helping-civil-society-monitor-attacks-with-the-cyberpeacetracer-and-cloudflare-email-security/
Tomi Engdahl says:
China launches hunt for ways to protect data from quantum computers
Efforts to develop next-generation cryptography algorithms that can’t be broken by quantum computers are already underway in the US, but now China has announced it will seek its own solutions
https://www.newscientist.com/article/2467574-china-launches-hunt-for-ways-to-protect-data-from-quantum-computers/
Tomi Engdahl says:
https://www.hackster.io/news/madlab-s-enigma-machine-kit-brings-a-piece-of-cryptographic-history-to-life-via-a-raspberry-pi-pico-571b16b23c42
Tomi Engdahl says:
https://www.helpnetsecurity.com/2025/02/19/kunai-open-source-threat-hunting-tool-for-linux/
Tomi Engdahl says:
https://cybersecuritynews.com/purplelab/
Tomi Engdahl says:
https://www.hakukonemestarit.fi/blogi/tee-nama-asiat-heti-kun-asennat-wordpressin/
Tomi Engdahl says:
https://seura.fi/asiat/ajankohtaista/kauppojen-turvaportit-halyttavat-muillekin-kuin-myymalavarkaille-selvitimme-miksi-turhia-halytyksia-tapahtuu/
Tomi Engdahl says:
1970-luvulla keksitty idea voi mullistaa tietoturvan – Toimivuus on jo todistettu
Tivi18.2.202522:05Data ja analytiikkaSalaus
Luottamukselliset tiedot suojataan salausalgoritmeilla. Homomorfinen salaus mahdollistaa datan käytön salausta purkamatta.
https://www.tivi.fi/uutiset/1970-luvulla-keksitty-idea-voi-mullistaa-tietoturvan-toimivuus-on-jo-todistettu/7ddc5736-7f9d-45a0-942f-d5f42b315343
Perinteiset salaustekniikat suojaavat dataa sen tallennuksen ja siirron aikana. Kun dataa halutaan käsitellä, sen salaus täytyy ensin purkaa, ja silloin data muuttuu haavoittuvaksi. Järjestelmään pääsyn hakkeroinut tai käyttäjäoikeuksia luvattomasti korottanut hyökkääjä näkee luottamukselliset tiedot ja voi kopioida ne itselleen.
Tomi Engdahl says:
Dubai: Man with 11 chip implants can hack phone, access details in just 4 seconds
Len Noe offers a glimpse into potential future of human-computer integration
https://gulfnews.com/uae/people/dubai-man-with-11-chip-implants-can-hack-phone-access-details-in-just-4-seconds-1.500041131
Dubai: Len Noe, an ethical hacker from the US, has taken cybersecurity to an entirely new level. With 11 microchips embedded in his body, Noe has become a walking security expert, capable of accessing private information with a mere handshake.
He has implants from his elbows to his fingers, including a magnet among others.
The 50-year-old grandfather, who boasts a past filled with motorcycle club affiliations, ‘mischievous’ hacking, and body modifications, now spends his time sharing his knowledge on augmented humans and cybersecurity threats.
From being a black hat hacker, he has mended his ways following the birth of his granddaughter.
“I was black hat, but not a malicious hacker. I’ve never compromised any places that I’ve worked.”
Noe noted that he can with a simple touch, hack a phone in as little as four seconds.
“Just by you putting your phone into my hand, I can download Trojan viruses onto your phone. I can connect you to a website with BeEF (the Browser Exploitation Extension Framework). And I can hack your phone while it’s in my hand, and I’m already in your phone before I give it back to you. The quickest I’ve ever done it is about four seconds.”
His expertise doesn’t stop at phones as he can also bypass physical security systems.
“I can skim data from a badge [office ID] and write it onto my implant, allowing me to unlock doors or access restricted areas. And when security checks me, they won’t find anything because I’m not carrying any tools,” he said.
What’s more, if someone flashes a ticket to Coldplay concert or an India-Pakistan cricket match, he can get access to that digital ticket as well.
“Yes, there’s a little process. There’s some skill involved here, but yes, I can do that.”
Noe’s implants are not just for hacking, though. As an ethical hacker, he uses them to enhance his own security, such as storing his one-time passwords (OTPs).
With the rise of artificial intelligence and cybersecurity threats becoming increasingly sophisticated, Noe believes that the next generation of hackers might not rely on traditional tools but on implants and augmented capabilities. “In five years, people will look at what I’m doing and think, ‘That’s nothing,’” Noe predicted. “I’m just the first to come out and say it: augmented humans are here.”
Tomi Engdahl says:
WordPress Offers New 100-Year Domain Name Registrations
WordPress announced a new lower-cost plan that enables a 100-year domain name registration with one payment.
https://www.searchenginejournal.com/wordpress-offers-new-100-year-domain-name-registrations/540195/
Tomi Engdahl says:
3 reasons to consider a data security posture management platform
https://www.infoworld.com/article/3826186/3-reasons-to-consider-a-data-security-posture-management-platform.html
Data must be protected no matter where it’s stored or how it’s being used. Here’s how DSPM platforms prevent data breaches—whether the data is stored, in transit, or used by AI.
A week rarely goes by without a major data security breach. Recent news includes a breach impacting an energy company’s 8 million customers, another compromising the information on 450,000 current and former students, and one more exposing 240,000 credit union members. Fines for data security breaches can be steep; for example, the Irish Data Protection Commission recently fined Meta, Facebook’s parent company, $263.5 million for a 2018 breach impacting 29 million Facebook users.
Recent research indicates the challenges in data security, with 60% of organizations reporting that at least a fifth of their data stores contain personally identifiable information (PII) or other sensitive data. Protecting this data is complex for larger organizations, with 39% of sensitive data stored in data centers, 27% on public clouds, 18% in SaaS, and 14% in edge infrastructure, while 58% of organizations report over 20% annual growth in their data.
There are many best practices and solutions to help organizations address data security risks, and the 2024 Gartner hype cycle for data security identifies over 30 to consider. One of the newer entrants is data security posture management or DSPM, a term Gartner introduced in 2022 as a proactive approach to monitor and manage data security continuously.
What is data security posture management?
DSPM aims to bring several data security practices into one management framework. Tools often include data discovery capabilities that integrate with data across clouds and classification capabilities that categorize data based on sensitivity and compliance requirements. As data is classified, DSPM platforms aid in crafting access controls, performing risk assessments, monitoring sensitive data usage, and capturing data movements. For risk and security leaders, platforms provide visibility, controls, and policy enforcement to different regulatory requirements, such as GDPR, HIPAA, California Consumer Privacy Act (CCP), or PCI data security standard (PCI-DSS).
“Data environments are only getting more complex, and regulations aren’t getting any easier to comply with,” says Amer Deeba, GVP of Proofpoint DSPM Group. “Real-time knowledge of what data you have, where it is, and how it’s being accessed is no longer optional—it’s required to report data breaches from the outset accurately. DSPM is the map that pinpoints the location of all the data that regulations care about, then overlays it with applicable rules so you can see exactly where things are out of line—whether it’s how the data is stored, accessed, or handled.”
DSPM solutions are already a big market, estimated at $94 billion in 2023 and projected to grow to $174 billion by 2031. These solutions aim to be horizontal data security platforms that discover, assess, and manage sensitive data wherever it’s stored, moved, or accessed.
Top DSPM solutions include Concentric AI, Cyera, Microsoft Purview, Securiti, Sentra, Spirion, Symmetry Systems, Theom, Varonis, and Wiz. DSPM solutions are a hot space for mergers and acquisitions—events such as Crowdstrike buying Flow Security, Formstack buying Open Raven, IBM buying Polar Security, Proofpoint buying Normalyze, Palo Alto Networks buying Dig Security, Rubrik buying Laminar, and Tenable acquiring Eureka Security.
What’s driving IT, security, and data leaders’ rising interest in DSPM platforms? Here are three big factors.
DSPM extends data compliance to dark data
DSPM safeguards data in complex and hybrid infrastructures
DSPM protects data exposed to AI models
“Having control over your data—knowing where it is, what’s in it, who has access to it, and how it’s protected—has always been important. And now, in this new age of AI, control and visibility can no longer be ignored,” says Amit Shaked, GM & VP of DSPM strategy, growth and monetization at Rubrik. “AI can make data available instantly to anyone with the right access, which is why right-sizing permissions is critical—not only for employees who shouldn’t be able to access sensitive files but also in case of a compromised identity.”
As more organizations seek faster and more scalable business value from AI, they can’t let data security become a lagging risk-management practice. DSPM platforms provide a centralized and consistent approach to discovering, classifying, and managing sensitive information.
Tomi Engdahl says:
Miten käy amerikkalaisille pilvipalveluille Euroopassa seuraavan neljän vuoden aikana? Tuleeko sellainen hetki, että vaikka palvelut pyörivät Irlannissa, niitä ei uskalleta enää käyttää, koska ne ovat USA:n hallinnassa? EU:n olisi pitänyt kehittää omat kilpailukykyiset pilvialustansa, mutta se ei ole onnistunut. Herää kysymys, mitä palveluille tapahtuu, jos maat ajautuvat erimielisyyksiin.
It is no longer safe to move our governments and societies to US clouds
https://berthub.eu/articles/posts/you-can-no-longer-base-your-government-and-society-on-us-clouds/?fbclid=IwY2xjawItM4RleHRuA2FlbQIxMQABHTwfHVjdC9wolq5vkeFwzjThU1o4fzvMRhSZpkYo8vS_CBK2uZ-hKSVu_Q_aem_jqGi9v4dMyhlcmVtrkeZ9w
The very short version: it is madness to continue transferring the running of European societies and governments to American clouds. Not only is it a terrible idea given the kind of things the “King of America” keeps saying, the legal sophistry used to justify such transfers, like the nonsense letter the Dutch cabinet sent last week, has now been invalidated by Trump himself. And why are we doing this? Convenience. But it is very scary to make yourself 100% dependent on the goodwill of the American government merely because it is convenient. So let’s not.
Tomi Engdahl says:
Zeek
https://zeek.org/
An Open Source Network Security Monitoring Tool
Zeek has been a cornerstone of the open-source and cybersecurity communities for decades. Originally developed by Vern Paxson in the 1990s under the name “Bro,” Zeek was designed to provide deep insights into network activity across university and national lab networks. In 2018, the project was renamed Zeek to reflect its growing role and evolution in the world of network security. Today, Zeek remains a highly sought after open source solution thanks to the development and financial support of Corelight.
Unlike traditional security tools such as firewalls or intrusion prevention systems, Zeek is not an active defense mechanism. Instead, it operates quietly on a sensor—whether hardware, software, virtual, or cloud-based—analyzing network traffic in real-time. Zeek captures high-fidelity transaction logs, file contents, and customizable data outputs, which are ideal for manual review or integration into SIEM systems for security analysts.
Tomi Engdahl says:
https://www.darkreading.com/vulnerabilities-threats/top-10-most-probable-ways-company-can-be-hacked
Tomi Engdahl says:
https://cybersecuritynews.com/free-security-incident-response-program/
In a significant development for cybersecurity professionals and organizations worldwide, SecTemplates has announced the release of its Incident Response Program Pack 1.5, a free, open-source toolkit designed to streamline the implementation of robust security incident response protocols.
This release provides enterprises, particularly resource-constrained teams, with a structured framework for efficiently detecting, containing, and remediating security incidents.
Tomi Engdahl says:
https://www.xda-developers.com/raspberry-pi-projects-ethical-hackers/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17226-mistae-tietaeae-ettae-oma-reititin-on-kaapattu
Internetin hidastelu, oudot laitteet verkossasi ja tuntemattomat IP-osoitteet voivat olla merkkejä siitä, että reitittimesi on joutunut hakkereiden käsiin. Panda Security esittelee kirjoituksessaan merkkejä, jotka voivat kertoa reitittimen olevan vaarassa.
Mitä tehdä, jos reititin on hakkeroitu?
Jos huomaat jonkin edellisistä merkeistä, noudata seuraavia ohjeita:
Katkaise virta reitittimestä
Irrottamalla laitteen pistorasiasta estät hakkereita jatkamasta toimintaa.
Palauta tehdasasetukset
Resetoi reititin, jotta kaikki haitalliset muutokset poistuvat.
Vaihda kaikki salasanat
Päivitä Wi-Fi:n, reitittimen hallintapaneelin ja muiden käyttämiesi palveluiden salasanat.
Päivitä reitittimen ohjelmisto
Varmista, että laitteessa on uusin mahdollinen suojauspäivitys.
How to Tell If Someone Hacked Your Router: 10 Signs + Tips
https://www.pandasecurity.com/en/mediacenter/how-to-tell-if-someone-hacked-your-router/?utm_source=newsletter&utm_medium=email&utm_campaign=media_alert&utm_term=wifi-hacked&utm_content=uk&row
Tomi Engdahl says:
Artificial Intelligence
AI Asset Inventories: The Only Way to Stay on Top of a Lightning-fast Landscape
Unauthorized AI usage is a ticking time bomb. A tool that wasn’t considered a risk yesterday may introduce new AI-powered features overnight.
https://www.securityweek.com/ai-asset-inventories-the-only-way-to-stay-on-top-of-a-lightning-fast-landscape/
CISOs are having to adapt at lightning speed to the rapidly changing AI landscape. DeepSeek is just the latest example of this in practice – a new ‘latest and greatest’ tool emerges and quickly tops download charts. Employees start using it at work despite the data policy explicitly stating all information will be held in China. Even the Pentagon is forced to tell its employees to stop using it. And of course DeepSeek is just the latest in what will be a long lineup of AI tools from China and elsewhere.
Unauthorized AI usage is a ticking time bomb. Employees are integrating AI tools into their work, sometimes unknowingly exposing sensitive data to third-party models. And it’s also highly dynamic – a tool that wasn’t considered a risk yesterday may introduce new AI-powered features overnight. So what to do about it?
It starts with forming an AI asset inventory since without it, organizations are flying blind, exposing sensitive data and missing critical compliance risks. And it’s now becoming mandated since regulatory frameworks such as the EU AI Act, ISO 42001, and the NIST AI Risk Management Framework (AI RMF) make this a foundational requirement.
Identifying Shadow AI
It’s not just regulation, third-party vendor assessments are also increasingly requiring AI inventories, often referring to them as “audits” or “service catalogs.” However, beyond compliance, organizations cannot establish meaningful governance without a clear understanding of the AI tools employees are using. Effective governance goes beyond officially purchased tools—it involves identifying the shadow AI that has already become part of daily workflows.
Tomi Engdahl says:
ICS/OT
ICS/OT Security Budgets Increasing, but Critical Areas Underfunded: Report
The SANS Institute and OPSWAT have published their 2025 ICS/OT Cybersecurity Budget Report.
https://www.securityweek.com/ics-ot-security-budgets-increasing-but-critical-areas-underfunded-report/
The SANS Institute and OPSWAT on Tuesday published the 2025 ICS/OT Cybersecurity Budget Report.
The report, based on a survey of 180 individuals representing critical infrastructure sectors around the world, shows that over a quarter of organizations have experienced one or more security incidents involving OT or control systems in the past year. It’s worth noting that the actual percentage is likely higher considering that 11% were unsure and nearly 20% were unable to answer due to company policy.
The most common initial attack vector was a compromise in the IT environment that allowed the attacker to move to the OT network (57%). Other common initial attack vectors were internet-accessible devices (33%), and hacked engineering workstations (30%).
The survey showed that 55% of organizations saw a budget increase — including a significant raise in 23% of cases — in the past two years. Only 5% reported a minor decrease in their ICS/OT security budget.
https://info.opswat.com/hubfs/OT%20-%20Assets/Survey_2025-ICS-OT-Budget.pdf
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17236-monen-hakkeriryhmaen-takana-on-valtio
Tomi Engdahl says:
Government
Federal Contractor Cybersecurity Bill Passes House
The House of Representatives has passed a bill aimed at requiring federal contractors to have a Vulnerability Disclosure Policy (VDP).
https://www.securityweek.com/federal-contractor-cybersecurity-bill-passes-house/
Tomi Engdahl says:
Government
Financial Organizations Urge CISA to Revise Proposed CIRCIA Implementation
https://www.securityweek.com/financial-organizations-urge-cisa-to-revise-proposed-circia-implementation/
A group of financial organizations is asking CISA to rescind and reissue its proposed implementation of CIRCIA.
A group of financial organizations sent an open letter to the US cybersecurity agency CISA, urging it to rescind and reissue the proposed implementation of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).
CIRCIA, which was signed into law in March 2022, requires covered entities to report any major cybersecurity incident within 72 hours, and to report ransomware payments within 24 hours of making the payment.
Last year, CISA asked for public comment on a proposed rulemaking, saying that CIRCIA would lead to better understanding of cyber threats and that the cyber incident reporting rule would likely impact roughly 316,000 entities.
CISA’s proposed rules to implement CIRCIA are set to enter effect in October 2025, but the American Bankers Association, Bank Policy Institute, Institute of International Bankers, and the Securities Industry and Financial Markets Association believe that it would have detrimental repercussions in its current form.
Tomi Engdahl says:
ICS/OT
Organizations Still Not Patching OT Due to Disruption Concerns: Survey
https://www.securityweek.com/organizations-still-not-patching-ot-due-to-disruption-concerns-survey/
Cyber-physical systems security company TXOne Networks has published its 2024 Annual OT/ICS Cybersecurity Report.
Many organizations are still concerned that patching operational technology (OT) systems can lead to equipment downtime and operational disruptions, and consequently they do not conduct regular patching, according to cyber-physical security firm TXOne Networks.
The data comes from TXOne’s 2024 Annual OT/ICS Cybersecurity Report, which is based on a survey of 150 C-level executives in North America, Europe, the Middle East and Asia.
The survey found that 85% of organizations don’t conduct regular patching. A majority install patches quarterly or less often, which leaves them exposed to attacks for extended periods of time.
This is despite a vast majority experiencing cybersecurity incidents affecting their OT environments in the past year, and 37% of OT security incidents involving exploitation of software vulnerabilities.
When asked about the main challenges to regular OT patching, the most commonly cited reason was the lack of personnel or expertise (48%), followed by concerns about operational disruptions or downtime (47%), and the lack of vendor support or patch testing (43%). In fact, 41% of organizations delay patching until vendor support is available.
Tomi Engdahl says:
Government
The Hidden Cost of Compliance: When Regulations Weaken Security
https://www.securityweek.com/the-hidden-cost-of-compliance-when-regulations-weaken-security/
The current state of regulation and the overwhelming burden it brings to most enterprises is a discussion worth having
One topic that comes up repeatedly, especially in the Banking, Financial Services, and Insurance (BFSI) vertical is that of regulatory compliance and audit. Now, you might think that this is not particularly surprising, given that BFSI is one of the more tightly regulated verticals. What might be a bit surprising, however, is one particular pain point that customers in this vertical bring up repeatedly.
What is this mysterious pain point? I’m not sure if it has an official name or not, but many people I meet with share with me that they are spending so much time responding to regulatory findings that they hardly have time for anything else. This is troubling to say the least. It may be an uncomfortable discussion to have, but I’d argue that it is long since past the time we as a security community have this discussion.
First off, let’s take a look at why we find ourselves in this situation. There are likely many reasons why, but here are just a few of them:
Unintended Consequences: While the intentions of different regulations might be noble and good, those noble and good intentions are almost always overshadowed by a fair number of unintended consequences. I’ll discuss some of those in the next section of this article.
Rigidity: Regulations are, most often, quite rigid. There isn’t generally a lot of space given to enterprises to get creative when looking to solve security problems. I understand that regulations need to set up firm boundaries, rules, and guidance. At the same time, however, it is important to remember that not every enterprise is the same and that there can be more than one way to accomplish a set of desired goals. I think that for regulations to be effective, regulatory agencies need to make them more flexible and adaptable to real-world scenarios – a more pragmatic approach, if you will.
Lack of Timeliness: The threats enterprises face change and evolve quickly – even rapidly I might say. Regulations often have trouble keeping up with the pace of that change. This means that enterprises are often forced to solve last year’s or even last decade’s problems, rather than the problems that might actually pose a far greater threat to the enterprise. In my opinion, regulatory agencies need to move more quickly to keep pace with the changing threat landscape.
Lack of Agility: Regulations are often produced by large, bureaucratic bodies that do not move particularly quickly. This means that if some part of the regulation is ineffective, overly burdensome, impractical, or otherwise needs adjusting, it may take some time before this change happens. In the interim, enterprises have no choice but to comply with something that the regulatory body has already acknowledged needs adjusting. It seems to me that more effective regulation can only happen when additional agility is introduced.
Subjectivity: Ideally, regulatory findings would be entirely objective. Unfortunately, in practice, a lot depends on the auditor. There is far more subjectivity in the regulatory compliance exercise than there should be. This is unfortunate and does no one a service. I would think that ensuring more objectivity in the regulatory process should be a priority for regulatory agencies.
As promised above, what are some of the unintended consequences of this situation?
Burdensome: Enterprises generally find regulations burdensome. Most enterprises are quite happy to follow guidance that improves their security postures. Unfortunately, that is not the reality of the situation with most regulations.
Time Sink: Sadly, compliance has become a huge time sink for most enterprises. A tremendous amount of people, money, and time are dedicated to satisfying various regulatory requirements. Generally, far more resources than one might reasonably expect an enterprise to devote to this purpose.
Checkbox Approach: Perhaps the worst of the unintended consequences is that most enterprises are forced to take a checkbox approach to compliance. Whereas in theory, regulations have the potential to bring about real changes and significant improvements, in practice, they bring about a checkbox approach to security.
Fire Fighting: When there is a regulatory finding, enterprises are forced to shift into fire fighting mode. This means that other initiatives, no matter how important or strategic they are, need to be put on the back burner. After all, there are a limited number of resources available to address the multiple tasks at hand.
Deteriorating Security Posture: The travesty in all of the above is that it often works against the security interests of the enterprise. In other words, rather than being able to prioritize efforts that would improve the enterprise’s security posture, those efforts are de-prioritized in a constant juggling effort. This most often results in a deteriorating security posture for the enterprise, which is exactly the opposite of the desired outcome of the regulation.