Cybersecurity Innovation Trends

As I’ve been digging into the #CybersecurityFramework 2.0, and helping clients navigate the changes, I’ve found several areas where the new additions feel pretty significant. If you’re already using the #CSF and trying to figure out where to focus first, take note of these new Categories: ◾ The POLICY (GV.PO) Category was created to encompass ALL cybersecurity policies and guidance. Now, on one hand it might seem like a "well, of course" moment to consolidate all cybersecurity policies into one place - on the other hand, policies were previously sprinkled throughout the CSF, and were tied to specific actions like Asset Management or Incident Response. Now, it's all in one area, which makes a ton of sense and simplifies things, but also means we've got to remember that this one Category covers everything! ◾ Another significant addition is the PLATFORM SECURITY (PR.PS) Category which largely pulls together key topics from the previous Information Protection Processes & Procedures (PR.IP) and Protective Technology (PR.PT) focusing on security protections around broader platform types (hardware, software, virtual, etc.). If you’re looking for things like configuration management, maintenance, and SDLC – you’ll now find them here.  ◾ The TECHNOLOGY INFRASTRUCTURE RESILIENCE (PR.IR) Category pulls largely from the previous Information Protection Processes & Procedures (PR.IP) and Protective Technology (PR.PT) as well, but also pulls in key aspects from Data Security (PR.DS). This new Category highlights the need for managing an organization’s security architecture and includes security protections around networks as well as your environment to ensure resource capacity, resilience, etc. So, what does all this mean for your organization? Whether you're just starting out, or you're looking to refine your existing cybersecurity strategies, CSF 2.0 offers a more streamlined framework to use to bolster your cyber resilience. Remember, staying ahead in cybersecurity is a continuous journey of adaptation and improvement. Embrace these changes as an opportunity to review and enhance your cybersecurity posture, leveraging the expanded resources and guidance provided by #NIST! Have you seen the updated mapping NIST released from v1.1 to v2.0? Check it out here to get started and “directly download all the Informative References for CSF 2.0” 👇 https://lnkd.in/e3F6hn9Y

INCIDENT RESPONSE: NEW LIFE CYCLE MODEL BASED ON CSF 2.0 WITH THREAT INTELLIGENCE INTEGRATION ℹ️ NIST SP 800-61r3 provides updated guidance on how organizations should integrate incident response into their broader cybersecurity risk management strategy, aligning with the NIST Cybersecurity Framework (CSF) 2.0. ℹ️ This version significantly restructures the incident response approach by replacing the older cyclical model with a CSF 2.0-aligned life cycle. It emphasizes continuous improvement, cross-functional collaboration, and a shared taxonomy for incident response across sectors. 📍 KEY TAKEAWAYS ■ Incident Response as Risk Management: Incident response is no longer a standalone reactive process; it is now a core component of enterprise risk management, closely tied to all CSF 2.0 functions. ■ Cyber Threat Intelligence Integration: Emphasizes the importance of cyber threat intelligence (CTI) in detection, analysis, and response phases, particularly in improving early detection and proactive decision-making. 📍 CTI ELEMENTS ■ DE-AE-07: CTI and other contextual information are integrated into the analysis. Integrate up-to-date CTI and other contextual information into adverse event analysis to improve detection accuracy and characterize threat actors, their methods, and IoC. ■ ID-RA-02: CTI is received from information-sharing forums and sources, obtaining information on new threats, improving the accuracy of cybersecurity technologies with incident detection or response capabilities, and understanding TTPs used by attackers. ■ ID-RA-03: Internal and external threats to the organization are identified and recorded #csf2 #csirt #incidentresponse #riskmanagement #threathunting #threatdetection #threatanalysis #threatintelligence #cyberthreatintelligence #cyberintelligence #cybersecurity #cyberprotection #cyberdefense

🥳 ....aaand it's official: The Cyber Resilience Act (CRA) has been adopted by the EU Council today! (Here's your reading list.) 🥳 The CRA will enter into force this year (once it's published in the EU's official journal), and apply 36 months after that date. This is a milestone: the CRA is the first regulation of its kind in the world, making product cybersecurity mandatory. Up to now, cybersecurity regulation focused primarily on critical infrastructures USING these products. Unlike the NIS-2 directive, which needs to be translated into national law at the member states (a lengthy process that is currently delayed in most states), the CRA is EU legislation, and directly applicable in all member states. So if you're selling a "product with digital elements" (yes, the scope is actually as wide as it sounds) in the EU and want to continue selling it in 2027, you will have to affix a CE marking to your product (similar to the one you may know from sunglasses, pressure vessels, or children's toys) and make sure it complies with the essential cybersecurity requirements in the CRA. I've been closely following the process since the first draft was published in 2022. Here's a list of my blog posts to get your CRA knowledge up to speed: 1️⃣ Introduction to the CRA, the CE marking, and the regulatory ecosystem around it (2022, in fact one of the most-read articles on my blog): https://lnkd.in/enBpvEDN 2️⃣ Explanation how the standards ("harmonised European norms, hEN") are defined that will detail the actual cybersecurity requirements in the CRA (2023): https://lnkd.in/evenyNgW 3️⃣ Overview of the essential requirements outlined in the CRA (2024): https://lnkd.in/e872mabW 4️⃣ Overview of the global product security regulation landscape and how the CRA fits into it (2024): https://lnkd.in/ej9BTMVU 5️⃣ Good-practice example for the "information and instructions to the user," one of the central documentations that need to be written for CRA compliance and the only one that must be provided to the product's users (2024): https://lnkd.in/eXaVpTHT Official links: ⭐ Today's EU press release announcing the adoption: https://lnkd.in/e5Teuzzm ⭐ Adopted CRA text: https://lnkd.in/en73cHDE

What a few years ago seemed like science fiction, is becoming today common place: #payments with the wave of our hand. Let’s take a look. We are in the middle of a paradox: the more payments gain importance, the more they take a back seat and become invisible. Nowhere is this statement more applicable than in biometric payments, which is the ability to use biometrics such as our face, our fingerprint or even our voice to authenticate (identify) ourselves so that we can make a payment. These are real-life examples: -   Canada’s RBC bank allows since years clients to pay their bills using their voice (via the iPhone's Siri assistant).   -   Amazon launched last year to all 500+ Whole Foods Market stores in the US it’s palm recognition service for identification, payment, loyalty membership, and entry.   -   In China tech giant Tencent is going all in on #biometrics: Weixin Palm Payment allows Weixin users to pay on the subway by swiping hovering their hands over a sensor. Infrared cameras then analyze the individual palm prints and unique patterns of veins under the skin, allowing each user to be identified and payment to be processed within seconds (source: CNN).   -   Last year JP Morgan began piloting biometrics-based payments (palm and face identification for payments authentication in-store) with select retailers in the US.   -   Self-service ordering kiosks or payment terminals with biometrical functionalities are one of the main use cases gaining ground. In #China such options are available at selected supermarkets or McDonald’s locations. But why are biometric payments rising? -   In today’s rapidly evolving payments landscape competition has moved from the infrastructure to the front-end. UX is the name of the game and biometrics enable better customer experiences. -   The rise of mobile and contactless payments is driving demand for biometrics. -   Efficiency, which translates into cost benefits. Especially, when it comes to use cases such as self-service kiosks, biometrics are a reliable, 24/7 alternative that saves costs. -   Biometrics are significantly simplifying and enhancing loyalty programs by offering a faster and easier identification and check-out process (Face ID instead of the manual process of pulling out a card and identifying myself). -   Biological characteristics are much more difficult to replicate or steal and therefore offer enhanced security, which translates into reduced frauds. The numbers are indicative: -   Goode Intelligence forecasts that global biometric payments will reach $5.8 trillion and 3 billion users by 2026. -   Juniper Research expects biometrics "will authenticate over $3 trillion of payment transactions in 2025," compared to $404 billion in  2020. If biometric payments can, in the short term, address issues such as privacy & security, #technology, regulation, accessibility, trust & social acceptance, then their longer-term future looks bright. Opinions: Panagiotis Kriaris

The growing complexity of supply chain interdependencies is creating significant cybersecurity risks. In my latest article for the World Economic Forum’s Centre for Cybersecurity, I outline five key risk factors and what organisations must do to mitigate them: 1️⃣ Cyber Inequity – Large organisations are improving cyber resilience, but SMEs remain vulnerable. They must view cybersecurity as a business priority, while industry collaboration and policy support can help bridge the gap. 2️⃣ Limited Supply Chain Visibility – Expanding supply chains make it harder to assess supplier security. Without clear incentives, compliance gaps persist, increasing exposure to cyber threats. 3️⃣ Third-Party Software Vulnerabilities – AI and open-source adoption introduce new risks, yet only 37% of organisations assess AI tool security before deployment. A structured security framework is essential. 4️⃣ Dependence on Critical Providers – Over-reliance on a few key suppliers creates systemic points of failure. Resilient IT architectures and strong business continuity planning are critical. 5️⃣ Geopolitical Risks – Cyber threats are increasingly shaped by global tensions, disrupting supply chains and increasing attack sophistication. Organisations must integrate geopolitical risk assessments into their cybersecurity strategies. 𝗪𝗵𝗮𝘁’𝘀 𝗡𝗲𝘅𝘁? Organisations must prioritize visibility, support smaller partners, and invest in resilience. Strong business continuity planning, robust IT management, and proactive threat detection are non-negotiable. Cybersecurity is not just an IT issue—it’s a strategic imperative. Read the full article here: https://lnkd.in/g-yQ2QRa #CyberSecurity #SupplyChain #AI #RiskManagement

Your biggest cybersecurity threat might not be your employees — it might be your coffee machine. Everyone’s worried about employees clicking phishing emails… …but who’s worried about the smart thermostat leaking your sensitive data? (You should be.) When we talk about human cyber risk, it’s not just laptops and emails. It’s the people who plug in devices they don’t understand — or don’t think about — that open the backdoor. The truth is: The Internet of Things (IoT) is your weakest (and most ignored) security link. 📺 Smart TVs. 🏅 Fitness trackers. ☕ Coffee machines. 🔔 Video doorbells. 💡 Smart lighting. 🌡️ Even that “harmless” Wi-Fi-enabled fish tank thermometer in your lobby. (Yes, that actually happened to a casino in 2019 where the whole high roller database was exfiltrated through an IoT connected fish tank thermometer. Ouch.) If it connects to the internet, it can connect a threat actor to you. ACTIONABLE TAKEAWAYS: ✔️ Audit your IoT Devices: List everything in your business and home that’s internet-connected. If you don’t track it, you can’t protect it. ✔️ Segregate Networks: Keep IoT devices on a separate Wi-Fi network from business operations and sensitive information. ✔️ Change Default Credentials: Most IoT breaches happen because devices are left on factory settings. Change all passwords — immediately. ✔️ Update Firmware: Your smart devices need updates just like your computer does. Patch regularly or retire them if they’re no longer supported. ✔️ Train Your People: If they’re plugging it in, they’re opening a portal. Awareness matters. Train users to think before they connect. Bottom line: Human risk isn’t just about bad passwords and phishing clicks. It’s about our instinct to trust technology we don’t fully understand. If you employ humans, if you use IoT, you have risk. Manage your humans. Manage your tech. Or someone else will. #HumanRisk #Cybersecurity #IoTSecurity #InsiderThreat #CyberHygiene #Leadership #SecurityAwareness

🚀 Agentic AI Identity and Access Management: A New Approach In my View ..... "Architectures are going to change ; Approach to Development is going to change ; In Secure First and Automation First Era , we need to work Digital 1st , Intelligent 1st Approach to avoid rework ..." ▬▬▬▬▬▬▬▬▬▬▬▬▬ 🌍 Let's find how we can it with Identity and Access Management .. #AgenticAI is pushing the boundaries of automation, autonomy, and decision-making at machine speed. But traditional identity and access management (IAM) protocols, designed for static applications and human users, can’t keep up. This publication from the Cloud Security Alliance (CSA) introduces a purpose-built Agentic AI IAM framework that accounts for autonomy, ephemerality, and delegation patterns of AI agents in complex Multi-Agent Systems (MAS). It provides security architects and identity professionals with a blueprint to manage agent identities using Decentralized Identifiers ( #DIDs), Verifiable Credentials ( #VCs), and Zero Trust principles, while addressing operational challenges like secure delegation, policy enforcement, and real-time monitoring. 🞕 Let's understand - ➟ Identify shortcomings of OAuth 2.1, SAML, and OIDC in agentic environments ➟ Define rich, verifiable Agent IDs that support traceable, dynamic authentication ➟ Apply decentralized and privacy-preserving cryptographic architectures Enforce fine-grained, context-aware access control using just-in-time credentials ➟ Build zero trust IAM systems capable of scaling to thousands of agents ▬▬▬▬▬▬▬▬▬▬▬▬▬ 🎯 Bottomline - With detailed guidance on deployment models, governance consideration, and threat mitigation using the MAESTRO framework, this publication lays the foundation for secure identity and access in the next generation of AI systems. ▬▬▬▬▬▬▬▬▬▬▬▬▬ Its wake-up call for existing Identity and Access Management frameworks and companies.... Excellent Read for Weekend !! #Security #Identity #AI #Automation #Technology

Safeguarding information while enabling collaboration requires methods that respect privacy, ensure accuracy, and sustain trust. Privacy-Enhancing Technologies create conditions where data becomes useful without being exposed, aligning innovation with responsibility. When companies exchange sensitive information, the tension between insight and confidentiality becomes evident. Cryptographic PETs apply advanced encryption that allows data to be analyzed securely, while distributed approaches such as federated learning ensure that knowledge can be shared without revealing raw information. The practical benefits are visible in sectors such as banking, healthcare, supply chains, and retail, where secure sharing strengthens operational efficiency and trust. At the same time, adoption requires balancing privacy, accuracy, performance, and costs, which makes strategic choices essential. A thoughtful approach begins with mapping sensitive data, selecting the appropriate PETs, and aligning them with governance and compliance frameworks. This is where technological innovation meets organizational responsibility, creating the foundation for trusted collaboration. #PrivacyEnhancingTechnologies #DataSharing #DigitalTrust #Cybersecurity

Ever feel lost in the crazy number of OT/ICS cybersecurity regulations? I get it. When you're trying to secure critical infrastructure, it's no longer just about firewalls and patches. You’ve got laws, directives, standards, frameworks… and every region has its own flavor. So I put together a handy reference to help you navigate the landscape: 1. ISA/IEC 62443 The global gold standard for securing industrial automation systems. Whether you’re an asset owner, vendor, or integrator — this is where your OT security maturity journey begins. 2. ISO/IEC 27001 Not OT-specific, but almost always expected. Many regulators consider it “state of the art” for managing risk and proving due diligence. 3. NIST CSF (USA) A fantastic foundation — even if you’re outside the U.S. Its Identify–Protect–Detect–Respond–Recover approach maps well to real-world ICS needs. 4. NERC CIP (USA – Power Grid) If you work in electric utilities in North America, this is your gospel. Strict, enforced, and full of lessons for other sectors too. 5. NIS2 (Europe) The EU just raised the bar — mandatory risk management, 24-72 hour incident reporting, and serious penalties. If you’re in energy, transport, healthcare, or even food — you're likely in scope. 6. SOCI Act (Australia) Probably the most ambitious legislation globally. Includes 11 sectors, mandatory reporting, government intervention powers, and a push for resilience. 7. Singapore Cybersecurity Act If your system is classified as CII — it’s serious business. Includes licensing, incident reporting, and audits. 8. China’s Cybersecurity Law Heavy focus on data sovereignty, localization, and supply chain scrutiny. Regulatory compliance here goes deep — and wide. 9. India’s NCIIPC & CERT-In Directions and CEA Guidelines A blend of targeted protection (via Protected Systems) and mandatory incident reporting. Emerging fast — expect tighter rules in the years to come. 10. UK NIS & Telecom Security Act Post-Brexit, the UK retained and upgraded its critical infrastructure cybersecurity laws. Telecom operators, in particular, are under serious scrutiny. Whether you're building a compliance strategy or designing secure architectures understanding these frameworks is critical. It’s not just about passing audits. It’s about knowing how to build secure, resilient systems… wherever you are. I’ve summarized them all in a one-stop guide — easy to reference, updated, and global in scope. P.S. Which ones have you worked with? #OTSecurity #CriticalInfrastructure #CyberRegulations #IEC62443 #NIS2 #NERC #SOCI #NISTCSF #CyberResilience #Compliance #ICSsecurity

I've been seeing more articles about "EDR evasion" tools in my feeds including EDRSilencer, which leverages WFP to obstruct EDR agent communications outbound from the endpoint. This effectively prevents threat detection and other back-end detection assistance, such as IOA correlation or sandbox analysis. Upon reviewing the source code, it's notable that only one of the top 5 leaders in the 2024 Magic Quadrant™ for Endpoint Protection is *𝗻𝗼𝘁* mentioned. Cutting to the chase, here is an excerpt from the version 1.1 release notes: > 𝗥𝗲𝗺𝗼𝘃𝗲𝗱 𝗖𝗿𝗼𝘄𝗱𝗦𝘁𝗿𝗶𝗸𝗲 𝗳𝗿𝗼𝗺 𝘁𝗵𝗲 𝗹𝗶𝘀𝘁. Someone reported to me  > that blocking its service process is insufficient. 𝗪𝗵𝘆 𝘀𝗵𝗼𝘂𝗹𝗱 𝘆𝗼𝘂 𝗰𝗮𝗿𝗲? When I talk about security, I always stress the importance of 𝗼𝘂𝘁𝗹𝗶𝗲𝗿 𝗿𝗶𝘀𝗸 𝘀𝗰𝗲𝗻𝗮𝗿𝗶𝗼𝘀 I operate under the assumption that your security teams are well-versed in primary security risks (CIS Critical Security Controls, formerly SANS Top 20; OWASP Top 10; etc.). One of the most critical outlier risk scenarios that is not on top X lists and security frameworks is EDR tampering. Here’s another take… Approach this like an attacker would. Imagine a sophisticated heist scene in a movie (as imperfect as movie scenes are to inform cyber scenarios) - what's the first move? Cut the power, disable alarms, and spoof the CCTV! Similarly, sophisticated attackers aim to increase your time-to-detect. 𝗧𝗟𝗗𝗥 If accuracy and speed are crucial to threat detection & response, then any endpoint security POC is incomplete without rigorously evaluating a vendor's anti-tampering capabilities. 𝗥𝗲𝗳𝗲𝗿𝗲𝗻𝗰𝗲𝘀: EDRSilencer source code https://lnkd.in/gHHcNFG9 Trend Micro research report https://lnkd.in/g6e96FBp Recent The Hacker News article https://lnkd.in/gTvhBXTV List of products potentially evadable (to be fair, evasion efficacy may depend on how these products are configured, but it’s easy enough to test for yourself) from EDRSilencer.c: • Carbon Black Cloud • Carbon Black EDR • Cisco Secure Endpoint (Formerly Cisco AMP) • Cybereason • Cylance • Elastic EDR • ESET Inspect • FortiEDR • Harfanglab EDR • Microsoft Defender for Endpoint and Microsoft Defender Antivirus • Palo Alto Networks Traps/Cortex XDR • Qualys EDR • SentinelOne • Tanium • Trellix EDR • TrendMicro Apex One