Latest news with #JumpCloud
Business Upturn
01-05-2025
- Business Upturn
INE Security Alert: World Password Day 2025 Cybersecurity Training Insights
By GlobeNewswire Published on May 1, 2025, 15:02 IST Cary, NC, May 01, 2025 (GLOBE NEWSWIRE) — INE Security, a leading global provider of hands-on cybersecurity training and cybersecurity certifications, today released expert analysis on the current state of password security and security team training best practices as organizations recognize World Password Day on May 1, 2025. Threat intelligence data shows that password vulnerabilities continue to be the favorite target for hackers worldwide, despite years of warnings from security experts. While companies keep investing in advanced security tech, the humble password remains the front door to most organizations—and too often, it's a door with a broken lock. 'It's concerning to see password-related breaches still dominating security incidents despite all the technological advances,' said Dara Warn, CEO of INE Security. 'What we're finding is that there's a persistent gap between security training and implementation—teams know what they should be doing, but putting that knowledge into practice remains challenging. That's why we're emphasizing practical, hands-on cybersecurity training that transforms security knowledge into meaningful action.' INE Security's analysis reveals three critical password security trends for 2025: Credential Stuffing Attacks Are Getting Worse According to The Hacker News, stolen credentials topped the charts as the #1 attack method in 2023/24, with credential stuffing attacks leaving a trail of damage. These attacks are behind 80% of web application breaches. According to The Hacker News, stolen credentials topped the charts as the #1 attack method in 2023/24, with credential stuffing attacks leaving a trail of damage. These attacks are behind 80% of web application breaches. People Just Aren't Using Password Managers Despite all the evidence showing they work, password manager adoption remains stubbornly low. Analysis from JumpCloud found that 83% of enterprise organizations use MFAs, but that drops to a mere 60% for smaller businesses. Even more concerning, 2024 research shows only 36% of people use password managers at all—just 2% more than last year—while more than half are still relying on their memory to keep track of credentials. Despite all the evidence showing they work, password manager adoption remains stubbornly low. Analysis from JumpCloud found that 83% of enterprise organizations use MFAs, but that drops to a mere 60% for smaller businesses. Even more concerning, 2024 research shows only 36% of people use password managers at all—just 2% more than last year—while more than half are still relying on their memory to keep track of credentials. Hackers Are Getting Better at Bypassing MFA Multi-factor authentication has improved, but phishing campaigns designed to steal those verification codes have gotten much more sophisticated. Keepnet Labs found that 15-20% of phishing attacks are now specifically crafted to get around MFA protection. Addressing these vulnerabilities requires comprehensive cybersecurity training that prepares teams for real-world threats. The Security Training Reality Gap INE Security recommends a fresh approach to security training to fix these problems and strengthen password protection: Make Training Count: Ditch the annual checkbox compliance training for realistic cybersecurity training scenarios that mirror actual credential attacks. IBM found that top-performing companies are 68% more likely to provide effective training compared to low performers. Teams with proper training save around $70,000 annually and are 10% more productive. Get Hands On with Real Practice: Set up security labs and cyber ranges where people can experience simulated password attacks firsthand, building critical skills for their cybersecurity career. Studio found that employees who face simulated attacks develop deeper understanding that sticks with them and keeps them motivated to stay vigilant. Train, Practice, Certify, Repeat: Don't just train once and forget it. Companies with structured, ongoing training see 218% higher income per employee than those that train sporadically according to Keepnet. Build Security Into Your Culture: Close the gap between security knowledge and actual practice by making security part of your company's DNA. A report conducted by INE Security found cybersecurity training programs are the most effective way to keep organizations secure in a cloud-dependent landscape. 'The data consistently shows that organizations investing in comprehensive, hands-on security training achieve measurable improvements in their security outcomes and realize significant returns on that investment,' Warn concluded. 'On World Password Day, I encourage security leaders to thoughtfully evaluate their current training approaches and consider how they might better develop the practical skills their teams need to address today's sophisticated password-based threats.' About INE Security: INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security's suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career. Disclaimer: The above press release comes to you under an arrangement with GlobeNewswire. Business Upturn takes no editorial responsibility for the same. GlobeNewswire provides press release distribution services globally, with substantial operations in North America and Europe.
Forbes
01-04-2025
- Business
- Forbes
How To Secure Non-Human Identities With Modern IAM
Rajat Bhargava is an entrepreneur, investor, author and currently CEO and cofounder of JumpCloud. getty Every second, hundreds of automated processes and service accounts access sensitive data without human oversight. These non-human identities (NHIs)—spanning API keys, secrets, tokens and service accounts—operate behind the scenes to power cloud applications, automation and microservices. NHIs authenticate and execute automated processes between cloud applications and third-party integrations; they allow applications, virtual machines and scripts to access resources securely; and they can generate cryptographic credentials that encrypt and validate communications between automated processes—to name just a few of their uses. The number of NHIs is growing as organizations race to innovate—or just keep pace with digital transformation. NHIs now often outnumber human users, creating a sprawling network of identities that require immediate attention. Modern architectures—from DevOps pipelines to serverless computing—rely heavily on NHIs. This creates opportunities for bad actors, where multiple permissions, when exploited together, can lead to catastrophic breaches. Left unsecured, NHIs become prime targets for cyberattacks. OWASP released its 2025 top 10 risks associated with NHIs, highlighting that a lack of monitoring, excessive permissions and credential mismanagement are just a few of the key issues that can lead to unauthorized access, attacks on infrastructure and data breaches. Unauthorized or poorly managed NHIs can inadvertently grant attackers lateral movement across systems. Such shadow access invites attackers to exploit systems, exposing sensitive data and resources without anyone even knowing. Security teams often struggle to track these interactions due to the complexity of managing NHIs across cloud and on-premises resources. Legacy identity and access management (IAM) systems are typically ill-equipped to handle the nuances of NHIs. Designed primarily for human users, these systems have two key weaknesses in relation to NHI. • Lack Of Visibility: Legacy IAM systems fail to provide insight into how NHIs interact with resources, leaving organizations with significant blind spots. • Focus On A Reactive Approach (Versus Proactive): Vulnerabilities are detected only after exploitation, limiting the ability to proactively secure systems. Modern IAM must evolve to secure NHIs by leveraging automated detection, risk prioritization and real-time analytics to mitigate risks before they escalate. To address the growing risks associated with NHIs, here are five best practices for organizations to adopt proactive strategies: 1. Establish full visibility. Use tools like risk engines and query analytics to map IAM vulnerabilities across NHIs. This approach reveals patterns of cloud data exposure, excessive privileges or overlapping permissions and exploitability. SaaS management capabilities can help reveal which vulnerabilities carry the greatest potential impact. 2. Automate risk detection and remediation. Deploy automated detection mechanisms to identify and address lateral movement, chained access and other high-risk scenarios. Ensure continuous monitoring and timely alerts to reduce reaction times and strengthen overall security posture. 3. Establish governance for NHIs. Implement strict policies to govern NHIs, such as enforcing expiration dates for access keys and conducting regular audits of service accounts. Secure service principles and tokens by aligning with established frameworks that include governance recommendations. 4. Integrate proactive security measures. Adopt a risk-driven IAM strategy that prioritizes areas with the highest exposure and exploitability. Implement a system for monitoring SaaS usage and leverage operational data to predict vulnerabilities and prevent breaches before they occur. 5. Educate and empower security teams. As with all areas of cybersecurity, employees can be a robust bulwark or an extraordinary vulnerability. Regularly provide specialized training on the risks posed by NHIs and equip teams with tools that focus on high-priority threats to minimize alert fatigue. 6. Move to more modern security postures for NHIs. API keys are useful and easy, but there are better ways of providing secure authentication for NHIs. Leverage signed JSON Web Tokens (JWTs) for authentication so that they can't be reused if compromised. Use role-based access where you don't need to have a static credential. The rapid adoption of cloud technologies and automation has made securing NHIs a top priority. It has also made clear that traditional IAM approaches fail to meet the challenges they introduce. Organizations must evolve their strategies to gain visibility, automate remediation and establish robust governance frameworks. Securing NHIs isn't just about reducing risk; it's about future-proofing your organization in an increasingly automated world. Given the acceleration of automation and cloud adoption, adopting an IAM strategy that addresses NHI vulnerabilities isn't just a priority—it's mission critical. The question isn't whether your existing IAM approach is up to the task, but how quickly your organization can rise to the challenge. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Associated Press
28-01-2025
- Business
- Associated Press
IT Under Siege: AI, Shadow IT, and Security Threats
JumpCloud Inc. has unveiled new research from its Q1 2025 SME IT Trends Report, ' From Chaos to Control: Simplifying IT in the Fast Lane of Change.' Now in its eighth edition, the report provides a detailed look at the pressures facing IT teams. IT teams are struggling to keep up with rising costs, fragmented systems, and new security threats. Drawing on insights from IT professionals in the U.S., U.K., and Australia, the report highlights urgent trends shaping the IT landscape: Shadow IT: a silent epidemic – Unauthorized apps are spreading in organizations. They create hidden vulnerabilities and force IT teams to react. AI: the double-edged sword – AI speeds up IT work and innovation. But its rapid adoption threatens to outpace security measures. Teams must now deal with new risks and redefined roles. Hybrid work: a global divide – Dispersed workforces need IT teams to bridge growing gaps in security and support. This adds to operational complexity. MSPs: strategic lifelines – Managed service providers (MSPs) are now critical allies. But, their ability to meet growing security demands is being tested. IT sprawl: a growing crisis – The unchecked growth of IT tools and rising licensing costs are straining teams and budgets. Cybersecurity: an escalating battle – AI-driven attacks are reshaping cybersecurity. They force IT teams to constantly adapt their defenses. 'IT teams are operating in a high-stakes environment where complexity and speed are often at odds with security and control,' said Rajat Bhargava, co-founder and CEO, JumpCloud. '85% of admins are calling for a unified platform to manage devices, identities, and access. Our findings show a need for proactive IT management. We must simplify operations while meeting the growing demands on IT teams.' For the full report, download ' From Chaos to Control: Simplifying IT in the Fast Lane of Change,' here. You can also check out our blog post for select findings from the report. Methodology: JumpCloud surveyed 900 IT decision-makers in the U.S., U.K., and Australia including managers, directors, vice presidents, and executives. Each survey respondent represented an organization with 2,500 or fewer employees across a variety of industries. The online survey was conducted by Propeller Insights, from November 4, 2024 to November 11, 2024. The findings from the JumpCloud Q1 2025 SME IT Trends Report can be found in 'From Chaos to Control: Simplifying IT in the Fast Lane of Change' here. JumpCloud® delivers a unified identity, device, and access management platform that makes it easy to securely manage identities, devices, and access across your organization. With JumpCloud, IT teams and MSPs enable users to work securely from anywhere and manage their Windows, Apple, Linux, and Android devices from a single platform.
