Expert Analysis – Help Net Security

Cybersecurity professionals may be concerned about the constantly shifting threat landscape. From the increased use of artificial intelligence (AI) by malicious actors to the expanding attack surface, cybersecurity risks evolve, and defenders need to mitigate them. Despite a period of cybersecurity budget growth between 2021 and 2022, this growth has slowed in the last few years, meaning that cybersecurity leaders need to carefully consider how their purchases improve their current security and compliance posture. To … More → The post 6 considerations for 2025 cybersecurity investment decisions appeared first on Help Net Security.

The United Kingdom government has secretly requested that Apple build a backdoor into its iCloud service, granting the government unrestricted access to users’ private data. This revelation deeply concerns me – it is a blatant overreach that threatens privacy, security and civil liberties. I have been using Apple devices and services since 2006 and I trust the company. Apple has built its reputation on user privacy and is unlikely to comply. The company has previously … More → The post The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance appeared first on Help Net Security.

Organizations’ increasing reliance on third-party software and services has created an environment with more vulnerabilities and harder-to-detect risks. Attackers know they can increase efficiency and profitability by compromising the supply chain and are focusing their efforts accordingly. The commoditization of the cloud has only exacerbated this challenge. Companies are rapidly increasing the number of cloud-based services they rely upon, often without fully understanding how they connect to their broader network. How regulations are piling on … More → The post It’s time to secure the extended digital supply chain appeared first on Help Net Security.

February 2025 Patch Tuesday is now live: Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) The new year has started with a whirlwind of activity, and one of the hottest topics in the news is the increasing emphasis on AI. DeepSeek ad Stargate DeepSeek took the world by storm as millions of copies were downloaded to personal devices, but soon security concerns arose as to how the chatbot used personal data. As research continues, many … More → The post February 2025 Patch Tuesday forecast: New directions for AI development appeared first on Help Net Security.

Security validation has officially turned a corner. Once considered a “nice-to-have” it’s now a top priority for security leaders worldwide. This shift has been accelerated by frameworks like Gartner’s Continuous Threat Exposure Management (CTEM), introduced in 2022, which emphasizes the need for continuous testing and validation of security controls. But what exactly is security validation, and why has it become so critical? In simple terms, it’s the process of “battle-testing” your security defenses to ensure … More → The post Security validation: The new standard for cyber resilience appeared first on Help Net Security.

The way we manage digital identity is fundamentally broken. The root of the problem lies in traditional, centralized identity models, where a single organization holds and controls a user’s credentials, creating an attractive target for attackers. The bigger the database, the bigger the prize. Self-sovereign identity (SSI) presents a radical shift in how we think about digital identity. Instead of relying on centralized authorities, SSI puts control directly into the hands of individuals. Users store … More → The post Self-sovereign identity could transform fraud prevention, but… appeared first on Help Net Security.

While organizations have long experimented with various facets of digital transformation, the journey toward crypto-agility is one of the most significant technological transitions of our time. Success in the emerging quantum era will require technical expertise, strategic foresight, careful planning, and an unwavering commitment to security. The challenges Perhaps the most pressing challenge in the quest towards cryptographic agility is encryption key sprawl, where visibility into organizations’ encryption key ecosystem becomes cloudy. Many companies struggle … More → The post Aim for crypto-agility, prepare for the long haul appeared first on Help Net Security.

As I’m currently knee deep in testing agentic AI in all its forms, as well as new iterations of current generative AI models such as OpenAI’s O1, the complexities of securing AI bot frameworks for enterprise security teams are beginning to crystallize. The post AI security posture management will be needed before agentic AI takes hold appeared first on Help Net Security.

We’ve entered a new era where verification must come before trust, and for good reason. Cyber threats are evolving rapidly, and one of the trends getting a fresh reboot in 2025 is the “scam yourself” attacks. These aren’t your run-of-the-mill phishing scams. They are a sophisticated evolution of social engineering designed to deceive even the most tech-savvy users. Attackers exploit our routines, trust, and overconfidence, and complacency to manipulate us into becoming unwitting accomplices in … More → The post Scam Yourself attacks: How social engineering is evolving appeared first on Help Net Security.

The twin cryptocurrency and digital identity revolutions are supposed to be building a better future, where anybody can take charge of their sovereignty and security in a world where both face unprecedented threats. Yet at one crucial level, the decentralization ecosystem has a glaring vulnerability: consumer hardware wallets. Devices like Ledger sell themselves as the last word in security for the crypto economy. Most end users will accept those marketing messages, hook, line, and sinker. … More → The post Decentralization is happening everywhere, so why are crypto wallets “walled gardens”? appeared first on Help Net Security.