Connect with us

Market Research

Forescout Releases First Ransomware Vulnerability Study Converging IT and OT Networks

Published

on

Forescout’s Vedere Labs has launched new research titled R4IoT (Ransomware for IoT), a proof-of-concept study demonstrating how next-generation ransomware can exploit IoT devices for initial access and lateral movement to IT and OT assets, with the intention to cause physical disruption to business operations. The R4IoT study is an information report that includes a detailed playbook describing how organizations can protect themselves against a new type of ransomware attack that leverages IoT devices, such as video cameras, to deploy ransomware.

The rapid expansion in the number of connected devices in organizations exponentially increases the risk posture of nearly every business across the globe, all related to the growth of IoT devices in corporate networks, converging IT and OT networks, and the rise of supply-chain vulnerabilities. This is the first work to combine the worlds of IT, OT, and IoT ransomware and to have a full proof-of-concept from initial access via IoT to lateral movement in the IT network and then impact in the OT network. Beyond just encryption, the proof-of-concept on IT equipment includes deployment of crypto-miner software and data exfiltration.

The proof-of-concept ransomware described in the R4IoT report exploits the first trend by using exposed vulnerable devices, such as an IP video camera or network-attached storage (NAS) device, as the initial access point to the network, and the second trend to hold OT devices hostage, thus adding another layer of extortion to an attack. A video by Vedere Lab demonstrates how IoT and OT exploits can be combined with a traditional attack campaign. The impact on OT is not limited to standard operating systems (e.g., Linux) or device types (e.g., building automation), does not require persistence or firmware modification on the targeted devices, and works at a large-scale on a wide variety of devices impacted by TCP/IP stack vulnerabilities.

It also shows that to mitigate this type of attack, organizations need solutions that allow for extensive visibility and enhanced control of all the assets in a network with three important observations – First, Identification and Protection are possible because hundreds of very similar attacks happen simultaneously. For instance, Conti had more than 400 successful attacks on US and international organizations in 2021.

That means it is possible to identify devices and vulnerabilities being actively exploited so their protection can be prioritized. Second, Detection is possible because most tools and techniques these actors use are well-known. It presents the top Tactics, Techniques and Procedures (TTPs) used by malware in 2021. Third, Response and Recovery are possible because attacks are not immediate and fully automated. The average dwell time of ransomware attackers was 5 days in 2021.

Implementing this mitigation requires extensive visibility and enhanced control of all assets in a network.

Market Research

SoftServe Study: 58% of Leaders Report Companies Using Inaccurate Data for Big Decisions

Published

on

SoftServe has released survey results on the state of data management in 2025, unveiling significant benefits of strong data foundations while exposing the widespread deficits in data maturity affecting most businesses. The majority of the 750 business leaders surveyed barely grasp the value of their data as 65% of all respondents believe no one at their organization understands all the data collected and how to access it. Further, 58% say key business decisions are based on inaccurate or inconsistent data – most of the time, if not always – raising concerns for companies across industries and borders.

This study, commissioned by SoftServe and conducted by Wakefield Research, assesses data readiness in enterprises by the degree of data quality, strategy, organization, investment, and governance implemented. Responses indicate a lack of knowledge in data management is coupled with an internal disconnect and noticeable divide between the C-suite, VPs, and senior management, putting entire organizations at odds when it comes to how data is used, acquired, and funded.

Key survey findings include:

  • Outdated or Misaligned Strategies: Many think it’s time to hit ‘refresh’ on their data strategy as 73% report major updates or a complete overhaul is needed, and nearly all (98%) believe an updated data strategy would be required for strategic initiatives like Gen AI.
  • Leadership Divide: While less visibility among leaders can lead to skewed perceptions of data comprehension, the division grows with 78% of VPs and 61% of directors — but just 44% of those at C-level — claim their organization’s investment priorities are negatively impacted by leaders not fully understanding how data can generate value.
  • Data on Demand: For 60%, decision-makers getting access to data when they need it is a challenge – and one that may not be an easy fix, as the majority (51%) of the 58% whose organization makes most or all decisions using inaccurate or inconsistent data now believe a significant increase in data management investment is needed to meet their goals.
  • Misallocated Investments: Nearly three-fourths (73%) believe poor prioritization has diverted needed funds and talent away from valuable data projects to broad Gen AI initiatives with weaker ROI.

All deficits aside, the survey results include a silver lining: strong data management has allowed organizations to open new revenue streams (44%) or monetize their data (38%) with the right infrastructure and governance to transform information into a vital source of income. Organizations also attributed increases in productivity and efficiency (54%), as well as improved decision-making and forecasting abilities (49%), to having strong data foundations. Most respondents hope to follow suit this year as the bulk (85%) prepare to slightly or significantly increase their data budget and nearly half (42%) of those with a fully mature data strategy expect to significantly increase their overall data investments.

“An impactful data strategy is not about perfection, but prioritization,” said Rodion Myronov, AVP of Technology at SoftServe. “It’s about gaining maturity where it matters most for your business by prioritizing the missing piece of the whole data puzzle, not tossing it aside for the next shiny new toy. Establishing a mature data strategy helps reinforce organizational foundations, so you can pursue bigger and better puzzles and projects in the future.”

Survey respondents included 750 business or technology leaders responsible for data management or AI use at global companies spanning eight countries and eight industries with $1 billion or more in annual revenue.

Continue Reading

Market Research

Gartner Forecasts Spending on Information Security in MENA to Grow 14% in 2025

Published

on

Information security spending by Middle East and North Africa (MENA) enterprises is projected to total $3.3 billion in 2025, an increase of 14% from 2024, according to the latest forecast from Gartner, Inc. Security software will remain the largest spending category in MENA, forecast to reach nearly $1.5 billion in 2025.

“Enhancing cyber resilience, regulatory compliance, and securing digital transformation are pivotal drivers prompting MENA chief information security officers (CISOs) to boost their security investments in 2025,” said Shailendra Upadhyay, Sr Principal at Gartner.

“As enterprises in the MENA region drive digital transformation and integrate AI, they must focus on the cybersecurity threat landscape, protect critical infrastructure, and address insider threats to fortify their systems and enhance resilience against cyber threats.”

Gartner analysts are exploring ways in which security and risk management leaders can enhance their cybersecurity strategies at the Gartner Security & Risk Management Summit, taking place here through today. Spending on security services is projected to grow 16.6% in 2025, representing the highest growth among all segments, driven by factors such as cost efficiency, skill shortages, and access to advanced tools and technology (see Table 1).

“The challenge of sourcing staff with specialized skills for threat hunting and intelligence in advanced security operations is considerable,” said Upadhyay. “Managed services – a subset of security services, including managed detection and response (MDR) – offer solutions to bridge this skill gap. As a result, organizations are investing more in security services, driving growth in this segment.”

Security software spending is projected to account for nearly 45% of total information security spending in MENA, maintaining its position as the largest category for end-user spending in 2025, driven by an expanding threat landscape and increased adoption of cloud technologies.

“MENA CIOs are boosting their investments in the integrated capabilities of generative AI (GenAI) applications, cloud services, and cybersecurity software to securely accelerate innovation for competitive differentiation, thereby intensifying their focus and spending on sub-segments, such as infrastructure protection, identity access management, and cloud security,” said Upadhyay.

“As AI becomes integral to mainstream operations, organizations must acknowledge both the opportunities for enhanced resilience and the potential threats,” said Sam Olyaei, Vice President at Gartner. “Gartner predicts that by 2027, 60% of organizations will fail to embrace organizational resilience principles, leaving them vulnerable to global technology threats. Therefore, CISOs in the region should proactively prepare for complex cyberthreats by taking a collaborative approach to resilience planning.”

To deliver a sustainable cybersecurity program, security leaders in MENA must prioritize two key cybersecurity trends:

Trend 1: GenAI is Driving Data Security Programs
The rise of GenAI is shifting focus to unstructured data security and preference for synthetic data over obfuscated data in training. Gartner recommends that organizations invest in synthetic data generation tools to replace traditional anonymization, effectively mitigating privacy risks and ensuring compliance.

“Security leaders must leverage technologies such as data security posture management (DSPM) to catalog, monitor, and govern both structured and unstructured data,” said Olyaei. “Reallocating resources and budgets to fortify data security across all forms of unstructured data is crucial, as these elements are becoming increasingly valuable in GenAI applications.”

Trend 2: Extend the Value of Security Behavior and Culture Programs
Security behavior and culture programs (SBCPs) have reached a point of inflection for most organizations. By focusing on cultural and behavior-driven activities, organizations are embedding security into their culture, addressing cyber-risk awareness and responsibility at the human level.

This trend is gaining traction as organizations increasingly recognize that human behavior is crucial to cybersecurity, with GenAI significantly influencing this shift. Gartner predicts that by 2026, enterprises that integrate GenAI with a platforms-based architecture in their SBCPs will experience 40% fewer employee-driven cybersecurity incidents.

“Well-designed SBCPs enhance employee engagement and satisfaction by actively involving them in their organization’s security initiatives,” said Olyaei. “These programs not only ensure compliance with global regulations mandating employee training and awareness but also cultivate a resilient security culture that can adapt to future regulatory changes.”

Continue Reading

Market Research

Trade Surveillance Systems Spend to Reach $4.9 Billion by 2029

Published

on

A new study from Juniper Research, the foremost experts in fintech and payment markets, has found spend on third-party trade surveillance systems will grow by 82% globally by 2029, from $2.7 billion in 2025. Trade surveillance systems are deployed to capture and analyse trade data to identify and flag potential instances of market abuse, such as insider trading or creating false impressions of supply and demand in financial markets.

Juniper Research anticipates this growth will be driven by an acceleration in the adoption of trade surveillance tools. Tightening regulations require financial firms to capture a wider scope of trade data and pre-emptively prevent illegal trading activities. The study emphasised the need for accurate and complete data integration; crucial for understanding the context behind trades.

Juniper Research urges stakeholders to shift to preventing illegal trading activity rather than reacting to it. Trade surveillance systems must have greater access to data from employee communications channels and external news sources; helping AI more accurately detect patterns of abnormal trading behaviour.

Research Author Daniel Bedford explained, “To capitalise on a shifting regulatory environment, we urge vendors to leverage AI at the core of their operations. Vendors who fail to implement robust, proactive AI models will lose out to more agile competitors.”

The research also identified communication monitoring tools as vital to vendor success; as integrating pattern detection tools allows firms to detect subtle signs of market manipulation which go unnoticed when analysing trade data alone. Surveillance vendors must prioritise fostering partnerships with a wide range of news outlets, trading exchanges, and messaging providers, to boost prevention performance.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.