Latest news with #CybersecurityVentures
Forbes
01-08-2025
- Business
- Forbes
Why Unmanaged Network Resources Are A Hacker's Dream
Vincentas Grinius is a tech entrepreneur and cofounder of IPXO, with a focus on internet infrastructure and sustainable digital innovation. Cybersecurity discussions in today's increasingly connected world often emphasize software vulnerabilities, phishing schemes and ransomware threats. However, a more subtle—and equally dangerous—threat lurks beneath the surface: unmanaged digital infrastructure assets that many enterprises, universities and public institutions unknowingly leave exposed. One of the most overlooked assets is IPv4 address blocks—legacy allocations that, if left unmonitored and unnoticed by management systems, provide a hidden playground for cybercriminals to launch attacks, hide their activities and erode trust in internet systems. According to Cybersecurity Ventures, ransomware damages are expected to cost the global economy $275 billion annually by 2031. Organizations must face a new reality: They jeopardize security and value if they aren't actively managing their network resources. The Hidden Risk Of Idle Infrastructure: How Cybercriminals Exploit What We Ignore The IPv4 address space, which was initially distributed freely during the early days of the internet, has become increasingly scarce and valuable. However, many institutions retain large blocks of addresses without active oversight, making them susceptible to hijacking and abuse. IP hijacking occurs when a threat actor illegitimately takes control of an IP address block, often by announcing false routes to internet routers and redirecting traffic meant for the rightful owner. Because these IPs seem valid on the public internet, attackers can use them to send spam, host phishing sites or create botnets—all while staying under the radar. In many instances, the legitimate owner is unaware that their addresses are being exploited. Cybercriminals often scan inactive IP ranges, using them for various malicious activities. Spam distribution remains one of the most common threats: A 2023 report by Statista indicates that spam emails constituted approximately 45.6% of global email traffic. The U.S. and China have emerged as the primary sources of spam emails, sending close to 8 billion spam emails each day per country. Hijacked IP addresses frequently create new, seemingly clean environments to send these messages before detection systems can respond. Phishing campaigns continue to grow, too. The Cybercrime Info Center reported over 1.8 million unique phishing attacks between May 2022 and April 2023, many of which rely on hijacked or misused network blocks to avoid early detection. Botnet hosting also thrives on unmanaged infrastructure. According to Spamhaus, botnet command-and-control servers increased by 16% in Q4 2023, illustrating how cybercriminals exploit abandoned address space to carry out malware and ransomware campaigns. The command-and-control infrastructure for ransomware is especially concerning. The FBI reported a 9% rise in ransomware attacks on U.S. critical infrastructure in 2024, frequently facilitated by compromised or hijacked networks that lack active oversight. Even cryptocurrency fraud is driven by hijacked resources. The FBI's 2023 Internet Crime Report revealed that cryptocurrency-related fraud caused losses exceeding $5.6 billion, a 45% increase from the previous year, as criminals exploited compromised infrastructure to host phishing websites and steal assets. These realities underscore a hard truth: Unmanaged infrastructure isn't just wasted; cybercriminals actively weaponize it. Leasing As A Security Strategy The traditional view of leasing IP addresses focuses on monetization. However, leasing can also act as a strong security mechanism. When an IP block is actively leased through a trusted, structured platform, it's: • Continuously monitored for abuse patterns and dips in reputation. • Protected by know-your-customer (KYC), anti-money laundering (AML) and Office of Foreign Assets Control (OFAC) processes that screen lessees before allocation. • Secured with automated blacklisting detection and rapid incident response protocols. • Actively validated in routing systems, making unauthorized hijacking attempts considerably more difficult. Instead of remaining idle and exposed, the resource becomes a managed and monitored part of the global internet fabric. A New Model For Digital Asset Stewardship Every organization with internet-facing infrastructure must reconsider its stewardship model. It's no longer sufficient to secure servers and patch software—proactive management of network resources has become integral to the cybersecurity mandate. Practical steps forward: • Audit your IPv4 and network assets. Understand exactly what you own, where it's located and if it's in use. • Secure dormant resources. Consider collaborating with reputable leasing platforms that emphasize security, compliance and abuse prevention. • Align IT, finance and cybersecurity teams. Ensure that digital asset management is collaborative, not isolated. • Monitor continuously. Establish real-time visibility over leased or unused space to quickly identify anomalies. Inaction is no longer harmless; it's a liability. Stewardship Or Exposure—The Choice Is Clear The digital economy rewards those who actively manage and optimize their resources. Just as businesses protect financial assets and intellectual property, they must also secure and enhance their network resources. The days of neglecting idle IP address blocks without repercussions are over. Cybercriminals are aware of this. Forward-thinking institutions recognize it. Now, the broader enterprise and public sectors must catch up—or risk facing the consequences. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
USA Today
29-06-2025
- Business
- USA Today
How Kumrashan Indranil Iyer Is Building Trust in the Age of Agentic AI
'The next frontier of AI is not intelligence. It's trust.' With this sentiment, cybersecurity thought leader Kumrashan Indranil Iyer captures the challenges and opportunities of the digital future. Kumrashan believes that cognitive trust, not technical brilliance, will define whether AI becomes a force for resilience or risk. Kumrashan is dedicated to leading a new generation of cyber defense. As a Senior Leader of Information Security at a major multinational bank, he is tasked with overseeing groundbreaking work in AI-driven threat detection and digital trust systems. Building systems people can trust Kumrashan explains that as AI is advancing, it is increasingly able to reason, adapt, and make autonomous decisions. This is called 'agentic AI' and is capable of demonstrating autonomous behavior. 'We're no longer dealing with simple tools. We're interacting with digital agents that pursue goals. These can include goals you didn't explicitly program,' he says. While traditional AI systems follow scripts and models designed by humans, agentic AI is able to interpret broad objectives and figure out the 'how' on its own. 'This evolution brings with it immense promise but also unprecedented risk,' says Kumrashan. According to a 2025 study by Cybersecurity Ventures, global damage from cybercrime is projected to reach $10.5 trillion annually by 2025. Much of this risk is now being shaped by how AI is used, or rather, misused by attackers. Today's cyber threat profile includes new innovations, such as malware that adapts in real-time and attacks that resemble conversations rather than breaches. 'The threat landscape isn't just growing, it's learning,' Kumrashan warns. 'Imagine an adversary deploying an AI agent that doesn't just follow instructions but evolves its own strategy.' These kinds of attacks are no longer science fiction. They are happening now. Introducing 'digital conscience' To meet this challenge, Kumrashan Indranil Iyer has introduced Cognitive Trust Architecture. The novel framework is gaining recognition in cyber defense circles for its focus on adaptive reasoning and trust calibration. Unlike traditional compliance or oversight models, CTA not only observes what AI systems do but also seeks to understand why they behave in a particular way. Kumrashan explains it this way: 'Think of CTA as a digital conscience. It allows us to guide AI behavior based on trustworthiness, accountability, and explainability. If trust is the currency of human-AI collaboration, then CTA is the treasury that regulates it.' His research paper on CTA, 'Cognitive Trust Architecture for Mitigating Agentic AI Threats: Adaptive Reasoning and Resilient Cyber Defense', has been cited widely across industry and academic circles, including by researchers focused on machine ethics, autonomous systems, and national digital defense. In addition, he has authored numerous other influential research papers, including: Lessons from the frontline Kumrashan Indranil Iyer explains the motivation behind the system: 'I've spent my career watching brilliant algorithms fail not because they were wrong, but because they weren't understood, or trusted,' Kumrashan says. 'Most AI failures aren't technical. They're trust failures.' For him, the solution goes beyond better programming. 'AI needs to align more with human intent and ethical reasoning.' In his view, organizations must evolve from AI governance to what he calls AI guardianship. 'Governance gives you a checklist, but guardianship asks: 'Can I predict my AI's behavior? Can I explain it to a regulator? Can I trust it in a crisis?' he explains. 'If the answer to these questions isn't 'yes,' then your system isn't ready.' Kumrashan is also a passionate advocate for AI literacy and ethical tech leadership. He regularly writes posts that translate complex cybersecurity issues into plain language, offering insights for both professionals and everyday readers. His recent speaking appearances include the IEEE Conference on Artificial Intelligence and several panels on responsible AI innovation. He mentors emerging AI professionals and regularly serves as a peer reviewer and research guide in the fields of cybersecurity and artificial intelligence. For his efforts, Kumrashan has earned wide recognition across the cybersecurity industry. In 2025, he was named the winner of the Global InfoSec Award for Trailblazing AI Cybersecurity at the RSA Conference and was also honored with the Fortress Cybersecurity Award for innovation in AI defense. In addition, he has been named a Fellow by both the Hackathon Raptors Association and the Soft Computing Research Society in acknowledgment of his contributions to AI-driven security and the advancement of digital trust frameworks. A future based on trust Future technology is likely to surpass our wildest imaginations, from self-driving cars to AI-driven military defense. As the world barrels towards this widespread adoption of AI-powered autonomy, Kumrashan believes the stakes are only getting higher. 'I'm excited by the idea of AI agents that predict threats before they happen, respond autonomously, and scale defense beyond human limits,' he says. 'However, I'm also concerned about the lack of causational explainability. Assuming that if it's AI, then it has to be right is dangerous.' For Kumrashan Indranil, the goal is simple and urgent: to build systems based on cognitive trust. Disclaimer: This article reflects personal views only and does not represent the views of the individual's employer or affiliates.
Los Angeles Times
22-06-2025
- Business
- Los Angeles Times
Navigating the Current Business Insurance and Employee Health Landscape
As the business environment evolves, leaders in Los Angeles face a complex landscape in business insurance and employee health benefits. Understanding current challenges, essential coverages, cost-saving strategies and emerging trends is crucial for informed decision-making that enhances organizational resilience and employee satisfaction. The business insurance market in Los Angeles is currently facing significant challenges, notably rising premium costs. Insurers are tightening underwriting standards, leading to more exclusions and higher deductibles, prompting businesses to reassess their risk management strategies. Additionally, California's evolving regulatory environment impacts various aspects of business operations, including insurance requirements. 1. Cyber Liability Insurance: Essential for protecting against data breaches and cyberattacks, especially in California's tech-heavy landscape. Cybersecurity Ventures predicts global cybercrime damages will reach $10.5 trillion annually by 2025. 2. Business Interruption Insurance: This coverage helps recover lost income due to unforeseen events, such as wildfires. A study by the Insurance Information Institute found that 40% of small businesses never reopen after a disaster, underscoring its importance. 3. Workers' Compensation Insurance: California continues to experience longer average claim duration and higher average indemnity costs than other states, according to WCIRB California. Ensuring compliance while providing adequate coverage for employees is critical. 4. General Liability Insurance: Vital for protecting against lawsuits related to injury or property damage, particularly in California's litigious environment. Business leaders can consider several cost-saving strategies to combat these challenges: 1. Risk Management Programs: Implementing comprehensive risk management can reduce claims and lower premiums. Organizations that actively manage risk can cut insurance costs by up to 30%, according to a report by Risk Management Society. 2. Bundling Policies: Many insurers offer discounts for bundling multiple policies, potentially leading to savings of 10% to 20% (Insurance Information Institute, 2023). 3. Self-Insurance: Larger organizations may find self-insurance a viable option, allowing them to retain some risk and reduce premium costs. 4. Regular Policy Reviews: Annual reviews of insurance policies can identify areas for cost savings, including coverage limits, deductibles and potential discounts. As competition for talent intensifies in Los Angeles, organizations are exploring innovative employee benefits to attract and retain top talent: 1. Mental Health Support: A 2024 SHRM study found that 45% of US workers expect higher levels of mental health support from employers. Offering Employee Assistance Programs (EAPs), mental health days, and counseling services is becoming common. 2. Flexible Work Arrangements: The shift to remote work has increased demand for flexible arrangements. While many companies have conducted a partial 'return to the office' for their employees, a 2024 McKinsey study revealed that 54% of workers prefer remote or hybrid work. With more remote workers, offerings such as telehealth continue to become more popular. 3. Wellness Programs: Comprehensive wellness programs, including fitness memberships and health screenings, are gaining traction. SHRM reported that 70% of organizations offered some form of wellness program in early 2024, with 65% of employers believing these programs positively impact employee retention. 4. Student Loan Repayment Assistance: As student debt burdens many employees, organizations are beginning to offer repayment assistance, appealing particularly to younger employees in competitive job markets such as LA. The employee benefits market in Los Angeles is influenced by regulatory changes and compliance requirements: 1. Affordable Care Act (ACA) Compliance: Ensuring compliance with ACA regulations, including providing affordable health insurance options, remains a priority. 2. California-Specific Regulations: California has unique laws regarding paid family leave and health benefits. Under the California Family Rights Act (CFRA), employers must provide at least 12 weeks of unpaid family leave with job protection, impacting benefits planning. 3. AI in Benefits Administration: The integration of AI is transforming how organizations manage employee health benefits. AI streamlines enrollment processes, enhances communication, and provides personalized recommendations. However, it also poses risks related to data privacy, security, and compliance that employers must consider. Navigating the current business insurance and employee health benefits landscape requires a proactive approach. By understanding market challenges, prioritizing essential coverages, implementing cost-saving strategies and embracing innovative employee benefits, organizations can enhance resilience and foster a supportive work environment. At Marsh McLennan Agency, we specialize in partnering with our clients to develop tailored insurance solutions and employee benefits strategies that meet unique business needs, control costs and enhance employee satisfaction. Reach out today to learn more about how we can help. Brian Hegarty, Principal & Managing Director, Los Angeles Marsh McLennan Agency
Hans India
15-05-2025
- Business
- Hans India
Future-proofing tech talent : The role of upskilling in workforce resilience
:- Rupinder Kaur Kohli The tech industry is evolving so fast it feels impossible to keep up with it. Advancements in artificial intelligence, machine learning, blockchain, and other emerging technologies are reshaping what businesses do, how they think, and what skills they need to stay ahead. And as the demand for new expertise balloons, the pressure to reskill the entire workforce grows ever stronger. According to the World Economic Forum's Future of Jobs Report 2023, 60% of workers will need to reskill or upskill by 2027. Yet, the report also reveals a stark gap: only half of those employees will have access to the resources necessary to enhance their skills. This creates both a challenge and an opportunity for businesses within the tech sector. The question is no longer whether to reskill employees but how best to prepare them for roles that may not yet even exist. In the past, reskilling often meant preparing workers to switch from roles being phased out. However, today's definition has expanded. Workers must catch up with emerging technologies and stay ahead of trends that continue to disrupt their industry. Businesses are realising that a long-term strategy for employee development is no longer a 'nice-to-have' but a necessity. A proactive approach is now essential for success. Artificial Intelligence and Machine Learning AI and machine learning have become integral to numerous tech-driven sectors, from healthcare and finance to retail and education. As businesses adopt AI solutions to optimize operations, employees must understand how these tools work and how to leverage them. From automating routine tasks to making data-driven decisions, it's becoming an indispensable tool. And as businesses increasingly adopt AI solutions, employees must adapt to this technological shift. This means, to remain relevant in the AI era, individuals should consider upskilling in areas like data science and data analytics, where they understand data, cleaning, and analyzing it to extract valuable insights. Alternatively, machine learning offers many opportunities to develop and deploy ML models to automate tasks and make predictions. Or there's AI ethics and bias, where it's critical that businesses ensure systems are fair, unbiased, and ethical. A report by McKinsey & Company notes that the demand for AI-related roles is growing by 20% each year, with positions such as data scientists and AI specialists seeing a surge in job postings. Cybersecurity As companies increase their digital presence, the risk of cyberattacks grows exponentially. The growing sophistication of cyber threats, coupled with the rise of AI, means the need for a skilled cybersecurity workforce has never been more urgent. According to Cybersecurity Ventures, the global cybersecurity workforce shortage is expected to reach 3.5 million by 2025, emphasizing the importance of reskilling existing employees to fill these gaps. And here's why… AI-powered attacks are becoming increasingly sophisticated, targeting vulnerabilities in systems and networks. This means companies must invest in robust security measures to protect their sensitive data and digital assets and mitigate the risks associated with the evolving threat landscape. All this is presenting workers with great opportunities to transition into cybersecurity roles. And those who to aspire to building a successful career, now need training in risk management, threat analysis, cryptography, network security, cloud security and ethical hacking. Cloud Computing Cloud computing has revolutionized the way businesses operate, offering unprecedented scalability, flexibility, and cost-efficiency. Organizations of all sizes are rapidly migrating to the cloud to leverage its power and accelerate digital transformation. A recent Gartner report found that public cloud services are expected to increase by 21% annually, reaching a market value of $500 billion by 2024. Tech workers reskilling in cloud computing should focus on gaining proficiency in cloud platforms like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud. To be successful, these tech professionals will need to acquire a deep understanding of cloud computing principles and technologies. Key areas of focus include cloud fundamentals, cloud platforms, cloud security, cloud architecture, cloud automation. Blockchain and Distributed Ledger Technologies Blockchain technology is not just for cryptocurrencies anymore. From supply chain management to secure voting systems, blockchain is being adopted across various sectors. As businesses explore how to incorporate this technology, they need workers who can understand blockchain's underlying principles and how to develop and deploy blockchain solutions. The IBM Blockchain Pulse report highlights that the demand for blockchain skills has risen by 520% in the last five years, making it a significant area for reskilling. To pursue a career in blockchain, individuals should focus on acquiring a strong foundation in core blockchain concepts. This includes distributed ledger technology (DLT) fundamentals, blockchain architecture and components, and cryptographic techniques. They'll also need to build blockchain development skills, such as programming languages like Solidity, Ethereum, and Hyperledger Fabric, and API integration for seamless system interactions. Plus, they'll need hands-on experience with blockchain platforms. The Need for a Continuous Learning Mindset One of the most significant challenges in the tech industry today is the rapid pace of change. What's cutting-edge today may be outdated tomorrow. This makes it increasingly difficult for workers to keep up, especially when traditional training programs and degree courses take time to develop and implement. The WEF Future of Jobs Report 2023 stresses the need for businesses to adopt 'always-on' learning and development strategies. So, employers must now foster a culture where continuous learning is encouraged, and employees are empowered to take charge of their development. Offering employees access to online courses, workshops, certifications, and mentorship programmes is an ideal way to help them acquire the necessary skills at their own pace. Looking Ahead As we move into an era dominated by technological change, businesses in the tech sector must recognize that reskilling isn't just about filling immediate skill gaps—it's about preparing for an uncertain and unpredictable future. While no one can anticipate the exact skills needed five or ten years from now, what is clear is that adaptability, continuous learning, and a proactive approach to employee development will be the key to thriving in the face of this change. (The author is Chief Solutions Architect, SkillUp)
Associated Press
28-04-2025
- Business
- Associated Press
Global Cybersecurity Market To Reach $1 Trillion Annually By 2031
Cybersecurity Ventures anticipates 15 percent year-over-year growth over the next five years 'Global spending on cybersecurity products and services is expected to reach $454 billion annually (USD) in 2025, up from $260 billion in 2021.'— Cybersecurity Ventures SAN FRANCISCO, CA, UNITED STATES, April 28, 2025 / / -- The imperative to protect increasingly digitized businesses, governments, schools, Internet of Things (IoT) devices, and consumers from cybercrime will propel global spending (1) on cybersecurity products and services to $1 trillion (USD) annually by 2031, according to the 'Cybersecurity Market Report' due out from Cybersecurity Ventures and Evolution Equity Partners on Jun. 16, 2025. Global spending on cybersecurity products and services is expected to reach $454 billion annually (USD) in 2025, up from $260 billion in 2021. 'In advance of the report, we are releasing our cybersecurity market prediction today at the RSA Conference 2025 in San Francisco' says Steve Morgan, founder of Cybersecurity Ventures. For 32 years, the RSA Conference has been a driving force behind the world's cybersecurity community. AI is expanding a $2 trillion total addressable market or TAM (2) for cybersecurity providers, according to a 2024/2025 study by McKinsey, a global management consulting firm and trusted advisor to the world's leading businesses, governments, and institutions. 'One of the areas that is extremely compelling is the opportunity to build a security layer around agentic AI,' says Richard Seewald, founder and Managing Partner at Evolution Equity Partners. 'If you think about the volume of agents that will be put into the market, the opportunity to create cybersecurity companies that defend and protect that layer are significant.' McKinsey's study is particularly relevant to the CISOs and vendors, the cybersecurity buyers and sellers, who made a pilgrimage to this year's RSA Conference. 'Based on the organizations we have served, cyber budgets are still under tremendous pressure to reduce cost when, in reality, they are often under-budgeting when framed in terms of the organization's risk profile,' says Justin Greis, Partner and North American Cybersecurity Practice Leader at McKinsey. 'More often than not, when we are engaged to analyze and possibly reduce cybersecurity costs, we typically end up increasing the cyber budget because the cyber risks uncovered exceed management's and the board's risk appetite,' adds Greis. 'More and more CISOs are requesting and reporting their budgets, not just in dollars and cents, but framed in terms of risk to critical business processes, products, services, or strategic goals/objectives.' Today, nearly 15 percent of (corporate) cybersecurity spending comes from outside the chief information security office (CISO), and non-CISO cyber spending is expected to grow at a 24 percent CAGR over the next three years, according to the McKinsey study, which goes on to state that this has changed from a decade ago, when almost all cybersecurity spending came from the CISO organization. Going forward, providers will need to increasingly cater to non-CISO customers, the McKinsey study posits, with most non-CISO cyber spending coming from buying centers responsible for cloud, product, network, and audit and compliance. Despite its current market size, cybersecurity has a lot of headroom to grow. 'We are still in the early innings of a secular trend in the cybersecurity space that involves increased spend by large enterprises, smaller businesses and consumers alike, a rapidly expanding attack surface, market consolidation and demand for next generation products and services that makes this a very compelling segment for investment,' says Dennis Smith, Founder and Managing Partner at Evolution Equity Partners. (1) Spending is actual dollars spent, or expected to be spent. The spending prediction figures from Cybersecurity Ventures includes all countries globally, B2B and B2C, plus a portion of any markets that are converged with cybersecurity such as physical security and surveillance, as well as automotive security, medical device security, military cyber defense technology, and others. It also counts in cyberinsurance policies. (2) TAM is the total revenue opportunity available to a product or service if 100 percent market share is achieved. TAM does not represent actual dollars spent, or expected to be spent. The TAM figures from McKinsey are global and primarily focused on B2B, but not B2C or other markets converged with cybersecurity such as physical security and surveillance, automotive security, and others. ABOUT Cybersecurity Ventures is a leading cybersecurity market watcher and the publisher of Cybercrime Magazine, Page ONE for the global cyber economy, and a trusted source for cybersecurity facts, figures, and statistics. Evolution Equity Partners is an international venture capital investor led by technology entrepreneurs who have built software companies around the world and who leverage tremendous operating, technical, product development and go-to-market expertise to help entrepreneurs win. Malcomb Farber Cybersecurity Ventures +1 631-680-8660 email us here Visit us on social media: LinkedIn Instagram YouTube X Legal Disclaimer: EIN Presswire provides this news content 'as is' without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
