Latest news with #AIthreats
Yahoo
7 days ago
- Business
- Yahoo
New CSC Survey Finds Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years
CISOs identify cybersquatting, domain-based attacks, and ransomware as top cybersecurity concerns 87% cite AI-powered domain generated algorithms as a direct threat Only 7% expressed clear confidence in their ability to combat domain attacks WILMINGTON, Del., June 16, 2025--(BUSINESS WIRE)--An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. The report, "CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation," names cybersquatting, domain and DNS hijacking, and distributed denial-of-service (DDoS) attacks as the top three global cyber threats in 2024. These risks are only projected to escalate, as cybercriminals leverage new techniques and capabilities from AI and other modern technologies to launch more sophisticated attacks. Looking ahead, cybersquatting, domain-based attacks, and ransomware top the list of cybersecurity concerns for CISOs over the next three years. "DNS and domain-related infrastructure are prime targets for cybercriminals," says Ihab Shraim, chief technology officer for CSC's Digital Brand Services division. "These attackers conduct extensive reconnaissance to identify vulnerabilities, hijack subdomains, and impersonate brands at a massive scale. With the growing availability of AI-driven tools and off-the-shelf attack kits, these threats are only going to accelerate. A single DNS compromise can take down email, websites, customer portals, and even phone networks. Companies that don't act quickly may find themselves navigating not just technical fallout, but reputation and regulatory consequences as well." AI-powered domain generation algorithms (DGAs) are increasingly worrisome, with 87% of CISOs identifying them as a direct threat. Additionally, 97% of respondents voiced concerns about the potential risks associated with granting third-party AI systems access to company data, underscoring the critical need for robust AI governance frameworks. Despite these escalating concerns, only 7% of CISOs expressed being "very confident" in their ability to mitigate domain-based attacks, and just 22% believe they have the right tools in place. This lack of confidence may reflect deeper gaps in preparedness, and it's possible that many organizations still underestimate the complexity of domain security and the speed at which threats are evolving. "The human element continues to be the biggest security vulnerability," adds Nina Hrichak, vice president of CSC's Digital Brand Services. "As cybercriminals grow more sophisticated, internal education and awareness are falling behind. DNS hijacking and subdomain takeovers have become mainstream concerns, but not every organization possesses the internal expertise to monitor domain activity in real time. That's where experienced partners can offer vital insights and agility to help organizations stay ahead of the curve." To receive a copy of CSC's "CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of AI and Tightening Regulation," contact us at CSC@ or visit the website. 1CSC, in partnership with Pure Profile, surveyed 300 CISOs, CIOs, and senior IT professionals operating in Europe, the U.K., North America, and Asia Pacific to understand their current concerns and how they are navigating the evolving cybersecurity landscape, regulatory demands, and the rise of AI in cybercrime. About CSC CSC is the trusted security and threat intelligence provider of choice for the Forbes Global 2000 and the 100 Best Global Brands (Interbrand®) with focus areas in domain security and management, along with digital brand and fraud protection. As global companies make significant investments in their security posture, our DomainSec℠ platform can help them understand cybersecurity oversights that exist and help them secure their online digital assets and brands. By leveraging CSC's proprietary technology, companies can solidify their security posture to protect against cyber threat vectors targeting their online assets and brand reputation, helping them avoid devastating revenue loss. CSC also provides online brand protection—the combination of online brand monitoring and enforcement activities—with a multidimensional view of various threats outside the firewall targeting specific domains. Fraud protection services that combat phishing in the early stages of attack round out our solutions. Headquartered in Wilmington, Delaware, USA, since 1899, CSC has offices throughout the United States, Canada, Europe, and the Asia-Pacific region. CSC is a global company capable of doing business wherever our clients are—and we accomplish that by employing experts in every business we serve. Visit View source version on Contacts For more information: W2 Communications Joyson CherianSenior Vice PresidentJoyson@ CSC Laura CrozierPR CSC News Room Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
National Post
04-06-2025
- Business
- National Post
LevelBlue Report Reveals Increasing Risks To Healthcare Organizations Are Driving Cyber Resilience
Article content LevelBlue finds that only 29% of healthcare executives say they are prepared for AI-powered threats. Article content DALLAS — LevelBlue, a leading provider of managed security services, strategic consulting, and threat intelligence, today released its 2025 Spotlight Report: Cyber Resilience and Business Impact in Healthcare. The findings reveal how the healthcare industry is protecting itself from increasingly numerous sophisticated attacks. Article content The new report found that 32% of healthcare executives say their organization suffered a breach in the past 12 months, and nearly half (46%) say they are experiencing a significantly higher volume of attacks. As artificial intelligence (AI) promises healthcare organizations unprecedented levels of efficiency, optimized processes, and enhanced automation, the report reveals that only 29% of healthcare executives say they are prepared for AI-powered threats despite 41% believing they will happen. Article content At the same time, the software supply chain remains a blind spot, with only a small portion of executives recognizing the associated risks. 54% say they have very low to moderate visibility into the software supply chain, and only 21% say they are investing significantly in software supply chain security. Article content However, cyber resilience measures are becoming more integral to business operations, with 61% of healthcare organizations now aligning their cybersecurity teams with lines of business, a sign that resilience is increasingly seen as a shared responsibility across departments. Moreover, nearly half (44%) expect to enlist managed security service providers (MSSPs) in the next two years to help them manage the increasingly complex and dynamic threat landscape, an increase from 30% that have done so over the past 12 months. Additionally, 59% of leadership roles are measured against cybersecurity KPIs, and nearly half (43%) say they allocate cybersecurity budgets at the outset of new initiatives – a critical step toward embedding security into innovation efforts. Article content 'With the rising risk of AI-powered cyberattacks and vulnerabilities in the software supply chain, achieving cyber resilience in healthcare is more critical than ever,' said Theresa Lanowitz, Chief Evangelist of LevelBlue. 'Our research shows that healthcare organizations are no longer viewing cybersecurity as just an IT issue; it's now a business priority. Still, there is work to be done to properly prepare and protect themselves.' Article content Healthcare organizations are making progress in integrating cybersecurity across their operations, but there is still work to be done. When asked to what extent their organization is investing in certain measures to prepare for new and emerging types of cyber threats, healthcare executives say they are most likely to invest significantly in: Article content Based on these findings, LevelBlue recommends four specific steps to achieve cyber resilience, regardless of the industry: Push cyber resilience up the organization, embed cybersecurity responsibilities throughout the organization, be proactive (not reactive), and prioritize resilience in the software supply chain. Article content Download the complete findings of the 2025 LevelBlue Spotlight Report: Cyber Resilience and Business Impact in Healthcare at this link here to learn how healthcare organizations are adapting to the changing threat landscape. This report follows the April 2025 release of the 2025 LevelBlue Futures Report: Cyber Resilience and Business Impact, which can be found here. Article content For more information on LevelBlue and its managed security, consulting, and threat intelligence services, please visit Methodology The research is based on a quantitative survey that was carried out by FT Longitude in January 2025. There were a total of 1,500 C-suite and senior executives surveyed across 14 countries and seven industries: energy and utilities, financial services, healthcare, manufacturing, retail, transportation, and US SLED (state, local government, and higher education). To be counted as a cyber resilient organization, respondents must have met the qualifications listed under 'Five Characteristics of a Cyber Resilient Organization.' The total number surveyed in healthcare is 220. Article content About LevelBlue Article content We simplify cybersecurity through award-winning managed services, experienced strategic consulting, threat intelligence, and renowned research. Our team is a seamless extension of yours, providing transparency and visibility into security posture and continuously working to strengthen it. Article content We harness security data from numerous sources and enrich it with artificial intelligence to deliver real-time threat intelligence- this enables more accurate and precise decision making. With a large, always-on global presence, LevelBlue sets the standard for cybersecurity today and tomorrow. We easily and effectively manage risks so you can focus on your business. Article content Article content Article content Article content Contacts Article content Media Contact Article content Article content Jessica Bettencourt Article content Article content Article content
Zawya
04-06-2025
- Business
- Zawya
Microsoft offers to boost European governments' cybersecurity for free
Microsoft is offering free of charge to European governments a cybersecurity programme, launched on Wednesday, to bolster their defences against cyber threats, including those enhanced by artificial intelligence, it said. After a surge in cyberattacks in Europe, many linked to state-sponsored actors from China, Iran, North Korea and Russia, the programme aims to boost intelligence-sharing on AI-based threats and help to prevent and disrupt attacks. "If we can bring more to Europe of what we have developed in the United States, that will strengthen cybersecurity protection for more European institutions," Microsoft President Brad Smith told Reuters in an interview. "You're going to see other things we are doing later in the month." Increasingly, attackers employ generative AI to amplify the scale and impact of their operations that range from disrupting critical infrastructure to spreading disinformation. Although malicious actors have weaponised AI, Smith said AI also offered defensive tools. "We don't feel that we have seen AI that has evaded our ability to detect the use of AI or the threats more broadly," Smith said. "Our goal needs to be to keep AI advancing as a defensive tool faster than it advances as an offensive weapon," he said. Microsoft tracks any malicious use of AI models it releases and prevents known cybercriminals from using its AI products. AI-driven deepfakes have included a portrayal of Ukrainian President Volodymyr Zelenskiy capitulating to Russian demands in 2022 and a fake audio recording in 2023 that influenced the Slovakian election. Smith said so far audio had been easier to fake than video. (Reporting by Supantha Mukherjee in Stockholm; editing by Barbara Lewis)
Globe and Mail
26-05-2025
- Business
- Globe and Mail
3 Top Cybersecurity Stocks to Buy in May
When it comes to cybersecurity, I don't know much about how it works from an experiential perspective. So, I suppose one could say I'm an outsider. But even an outsider like me understands that businesses must invest in cybersecurity in 2025. And I can appreciate that the need for cybersecurity will only get bigger in the coming years. Research firm Gartner predicts that spending for cybersecurity will increase by 15% in 2025 alone, which is huge when looking at an entire market. Gartner further predicts that the cybersecurity threat will increasingly come from generative artificial intelligence (AI) applications, highlighting how the threat evolves over time. Cybersecurity companies, consequently, must be fast-changing as well. When it comes to the future of cybersecurity, I believe that CrowdStrike (NASDAQ: CRWD), Rubrik (NYSE: RBRK), and Palo Alto Networks (NASDAQ: PANW) are three cybersecurity stocks that investors should consider here in May. Here's why. 1. CrowdStrike: The top dog When it comes to cloud-based cybersecurity, CrowdStrike is routinely recognized as a top player in the space. The company provides a subscription platform for its products, providing it with recurring revenue. It completed its fiscal 2025 on Jan. 31. And it ended the year with annualized recurring revenue (ARR) of $4.2 billion, which was up 23% from the end of fiscal 2024. CrowdStrike's Falcon platform isn't a single cybersecurity product but is composed of 29 separate software modules that customers can use to meet their needs. The company is currently modifying its business model with this. Before, customers would select what they wanted and pay the subscription price. Now, customers can agree to a certain level of spending and use it on the module they want. It's called Falcon Flex, and the hope is that this will lower the bar when it comes to experimentation with CrowdStrike's modules. As customers try new modules for the first time, the hope is that they'll see the value and use them regularly. In other words, CrowdStrike plans to boost growth by making it easier for existing customers to adopt more software modules, which sounds like a good idea to me. As of the end of its fiscal 2025, only 21% of CrowdStrike's customers used eight or more of its software modules. Getting its customers to use more modules is quite significant for its long-term growth. The recent launch of Falcon Flex could help it get there, and it's one reason I like CrowdStrike stock today. 2. Rubrik: The niche up-and-comer Many investors know about CrowdStrike, but far fewer have heard about Rubrik. That's understandable. It only went public about 13 months ago, so it's a new company for most investors. Moreover, with $887 million in trailing-12-month revenue, it's considerably smaller than other publicly traded cybersecurity companies. Whereas CrowdStrike tries to prevent attacks, Rubrik gives customers a secure way to prepare for an attack beforehand and get back to normal after it happens. The reality is that even if cybersecurity players stop most attacks, they don't stop all of them. And the risk of one getting through might only increase with advances in AI. The good thing about Rubrik's focus on this aspect of the market is that it's not a direct competitor with CrowdStrike or others -- in fact, it partners with CrowdStrike. This gives the up-and-coming company its own little corner of the market, and it's growing fast. Like CrowdStrike, Rubrik's fiscal 2025 ended on Jan. 31. It ended fiscal 2025 with an ARR of just over $1 billion, which was up a strong 39%. Investors should consider Rubrik stock now, not only because it's fast-growing. The company also just started generating positive free cash flow. This profitability metric suggests that management can scale its business while maintaining operational excellence. This combination could soon start elevating the attention it receives from the investment community. 3. Palo Alto Networks: The relentless consolidator Rubrik is a niche player, but even CrowdStrike could be considered niche compared to how broad Palo Alto Networks is with its vision. It has both hardware and software solutions. Its software products can be used on the cloud or on-premises. It's a large portfolio of products that have been both built and acquired over many years, which makes it one of the best cybersecurity stocks for investors interested in covering all the bases. Indeed, Palo Alto Networks is always eager to acquire another business -- it already acquired one in 2025 by buying Protect AI for $700 million. While there are risks to being a company that makes a lot of acquisitions, the company has historically done it well, and it is paying off with growth. For example, it just completed its fiscal third quarter of 2025, showing good growth in its newer products. Specifically, Palo Alto Networks grew its ARR for Next-Generation Security by 34% year over year to over $5 billion. And demand for its products overall is promising. In Q3, its remaining performance obligations (its future revenue under contract) grew by 19% to a whopping $13.5 billion. In short, the outlook for this company is as strong as ever, making Palo Alto Networks another cybersecurity stock to consider here in May. In closing, the subject of valuation for these companies is also important, but that's a completely different subject from the things that I've discussed here. But allow me to say that the valuation for Rubrik stock is far lower than that for CrowdStrike stock, and it's comparable to the valuation for Palo Alto Networks. But I believe that Rubrik, being a smaller company, has a chance for a better growth rate from here. Rubrik is probably the riskiest of these three stocks, given its size and newcomer status. But for investors willing to take a shot with a less-proven player, Rubrik might be the best value for long-term investors. Should you invest $1,000 in CrowdStrike right now? Before you buy stock in CrowdStrike, consider this: The Motley Fool Stock Advisor analyst team just identified what they believe are the 10 best stocks for investors to buy now… and CrowdStrike wasn't one of them. The 10 stocks that made the cut could produce monster returns in the coming years. Consider when Netflix made this list on December 17, 2004... if you invested $1,000 at the time of our recommendation, you'd have $639,271!* Or when Nvidia made this list on April 15, 2005... if you invested $1,000 at the time of our recommendation, you'd have $804,688!* Now, it's worth noting Stock Advisor 's total average return is957% — a market-crushing outperformance compared to167%for the S&P 500. Don't miss out on the latest top 10 list, available when you join Stock Advisor. See the 10 stocks » *Stock Advisor returns as of May 19, 2025
Tahawul Tech
26-05-2025
- Business
- Tahawul Tech
91% of Security Leaders Admit to Cloud Security Trade-Offs
Gigamon, a leader in deep observability, recently released its 2025 Hybrid Cloud Security Survey, revealing that hybrid cloud infrastructure is under mounting strain from the growing influence of artificial intelligence (AI). The annual study, now in its third year, surveyed over 1,000 global Security and IT leaders across the globe. As cyberthreats increase in both scale and sophistication, breach rates have surged to 55 percent during the past year, representing a 17 percent year-on-year (YoY) rise, with AI-generated attacks emerging as a key driver of this growth. Security and IT teams are being pushed to a breaking point, with the economic cost of cybercrime now estimated at $3 trillion worldwide according to the World Economic Forum. As AI-enabled adversaries grow more agile, organisations are challenged with ineffective and inefficient tools, fragmented cloud environments, and limited intelligence. Key Findings Highlight How AI Is Reshaping Hybrid Cloud Security Priorities AI's role in escalating network complexity and accelerating risk is evident. The study reveals that 46 percent of Security and IT leaders say managing AI-generated threats is now their top security priority. One in three organisations report that network data volumes have more than doubled in the past two years due to AI workloads, while nearly half of all respondents ( 47 percent ) are seeing a rise in attacks targeting their organisation's large language model (LLM) deployments. More than half ( 58 percent ) say they've seen a surge in AI-powered ransomware—up from 41 percent in 2024 underscoring how adversaries are exploiting AI to outpace and outflank existing defences. The study reveals that of Security and IT leaders say managing AI-generated threats is now their top security priority. organisations report that network data volumes have more than doubled in the past two years due to AI workloads, while nearly half of all respondents ( ) are seeing a rise in attacks targeting their organisation's large language model (LLM) deployments. More than half ( ) say they've seen a surge in AI-powered ransomware—up from underscoring how adversaries are exploiting AI to outpace and outflank existing defences. Compromises highlight continued trade-offs in foundational areas of hybrid cloud security nine out of ten ( 91 percent) Security and IT leaders concede to making compromises in securing and managing their hybrid cloud infrastructure. The key challenges that create these compromises include the lack of clean, high-quality data to support secure AI workload deployment (46 percent) and lack of comprehensive insight and visibility across their environments, including lateral movement in East-West traffic (47 percent) . nine out of ten ( Security and IT leaders concede to making compromises in securing and managing their hybrid cloud infrastructure. The key challenges that create these compromises include the lack of clean, high-quality data to support secure AI workload deployment and lack of comprehensive insight and visibility across their environments, including lateral movement in East-West traffic . Public cloud risks prompt industry recalibration. Once considered an acceptable risk in the rush to scale post-COVID operations, the public cloud is now coming under increasingly intense scrutiny. Many organizations are rethinking their cloud strategies in the face of their growing exposure, with 70 percent of Security and IT leaders now viewing the public cloud as a greater risk than any other environment. As a result, 70 percent report their organization is actively considering repatriating data from public to private cloud due to security concerns and 54 percent are reluctant to use AI in public cloud environments, citing fears around intellectual property protection. Once considered an acceptable risk in the rush to scale post-COVID operations, the public cloud is now coming under increasingly intense scrutiny. Many organizations are rethinking their cloud strategies in the face of their growing exposure, with of Security and IT leaders now viewing the public cloud as a greater risk than any other environment. As a result, report their organization is actively considering repatriating data from public to private cloud due to security concerns and are reluctant to use AI in public cloud environments, citing fears around intellectual property protection. Visibility is top of mind for Security leaders. As cyberattacks become more sophisticated, the limitations of existing security tools are coming sharply into focus. Organisations are shifting their priorities toward gaining complete visibility into their environments, a capability now seen as crucial for effective threat detection and response. More than half (55 percent) of respondents lack confidence in their current tools' ability to detect breaches, citing limited visibility as the core issue. As a result, 64 percent say their number one focus for the next 12 months is achieving real-time threat monitoring delivered through having complete visibility into all data in motion. Deep Observability Becomes the New Standard With AI driving unprecedented traffic volumes, risk, and complexity, nearly nine in 10 (89 percent) Security and IT leaders cite deep observability as fundamental to securing and managing hybrid cloud infrastructure. Executive leadership is taking notice, as boards increasingly prioritise complete visibility into all data in motion, with 83 percent confirming that deep observability is now being discussed at the board level to better protect hybrid cloud environments. 'Security teams are struggling to keep pace with the speed of AI adoption and the growing complexity and vulnerability of public cloud environments', said Mark Jow, technical evangelist, EMEA, at Gigamon. 'Deep observability addresses this challenge by combining MELT data with network-derived telemetry such as packets, flows, and metadata, delivering increased visibility and amore informed view of risk. It enables teams to eliminate visibility gaps, regain control, and act proactively with increased confidence. With 88 percent of Security and IT leaders agreeing it is critical to securing AI deployments, deep observability is fast becoming a strategic imperative'. 'With nearly half of organisations saying attackers are already targeting their large language models, AI security can't be an afterthought, it needs to be a top priority', said Mark Walmsley, CISO at Freshfields. 'The key to staying ahead? Visibility. When we can clearly see what's happening across AI systems and data flows, we can cut through the noise and manage risk more effectively. Deep observability helps us spot vulnerabilities early and put the right protections in place before issues arise'. Image Credit: Gigamon
