Latest news with #MOVEit
Techday NZ
30-04-2025
- Business
- Techday NZ
Unseen & Unsecured: The machine identity threat you can't ignore
Cybersecurity leaders have spent decades securing human identities through various identity governance measures. Yet, as progress in human identity management becomes clearer, machine identities have emerged as a critical weak point. A 2024 SailPoint special report, Machine Identity Crisis: The Challenges of Manual Processes and Hidden Risks, reveals that 70% of organisations now manage more machine identities than human ones, yet only 38% have real-time visibility into them. This imbalance presents a growing security risk as machine identities proliferate across enterprise environments. With Forrester predicting that global cybercrime will cost $12 trillion in 2025, organisations cannot afford to overlook this rapidly growing threat. Digital entities, from service accounts to bots, APIs, and autonomous AI agents, have become a serious concern in enterprise security. Attackers are already exploiting this vulnerability. Why machine identities are a blind spot for organisations As automation and AI adoption accelerate, machine identities are projected to grow 30% over the next 3–5 years, far outpacing human identity growth. According to the same report, nearly half of organisations (47%) already manage ten times more machine identities than human ones. Unlike human users, these digital identities often operate without oversight. This visibility gap is compounded by a lack of ownership, with 75% of machine identities reportedly having no assigned owner. Without clear accountability, these identities drift across digital environments, accumulating unchecked permissions and increasing security risk. Meanwhile, 66% of organisations still rely on manual processes to manage machine identities, heightening the risk of human error and misconfigurations. Even when security teams identify dormant or unnecessary machine identities, 88% hesitate to delete them for fear of disrupting business-critical systems creating a growing inventory of abandoned but active accounts. The consequence of ignoring machine identity security Failing to secure machine identities poses a direct threat to business resilience and financial performance. Well over half (57%) of organisations admit to having provided inappropriate access to machine identities, creating open pathways for attackers to exploit. These security failures translate directly to compliance issues – 60% of organisations report facing regulatory challenges tied to machine identities. As the 2023-2030 Australian Cyber Security Strategy recommends and enforces tighter controls around identity security, failing to secure machine identities could result in financial penalties and loss of customer trust. A stark example of this vulnerability is the MOVEit data breach. MOVEit, a managed file transfer software developed by Ipswitch (a subsidiary of Progress Software), became the target of a major cyberattack when a vulnerability allowed attackers to steal sensitive files through an SQL injection on public-facing servers. The breach exploited a machine-level vulnerability, highlighting how unmanaged machine identities can become a backdoor for attackers to infiltrate and extract critical data. This risk profile expands with agentic AI. Autonomous agents often hold broad access across systems, making them high-value targets. If compromised, an AI agent could independently escalate permissions, alter business processes, or bypass security controls without triggering traditional alarms. When machine identities control critical workflows, compromise can lead to catastrophic operational disruptions and reputational damage. The complexity of modern digital ecosystems makes isolating and resolving these incidents incredibly difficult, prolonging the recovery process and increasing financial fallout. Why responsible AI-driven machine identity security is the answer Here's where fighting fire with fire becomes essential. While AI may be the source of new threat vectors—from AI-driven impersonation to lifecycle mismanagement of AI agents—it also holds the key to managing these risks effectively. Securing machine identities requires a fundamentally different approach. While most organisations have well-established frameworks for managing human identities, machine identities operate at a scale and speed that traditional methods simply can't match. AI offers a powerful solution. It can detect anomalies, flag risky behaviour, and adjust permissions in real-time, enabling policy-aligned decisions on a scale far beyond human capability. When embedded into identity security, AI not only enhances detection and response but also ensures access decisions are explainable, governed, and visible by design. By treating machine identities with the same rigour as human ones, organisations can transform their greatest vulnerability into a strategic advantage. A zero trust approach—rooted in least privilege—is critical. Machine identities must be continuously verified and granted only the access necessary for their function. As organisations increasingly rely on AI agents, the ability to manage their full identity lifecycle, including enforcing access certifications, becomes essential. The machine identity attack surface will continue to grow in complexity, but with responsible AI and strong governance, it doesn't have to remain a blind spot. With the proper oversight, organisations can turn a potential vulnerability into a strategic advantage, transforming identity security into a frontline defence in the modern enterprise.
Zawya
25-04-2025
- Business
- Zawya
Oman enhances cyber resilience in logistics sector
MUSCAT: In accordance with Oman Vision 2040, which emphasizes economic diversification, digital transformation, and human capital development, the Sultanate reaffirmed its commitment to cybersecurity with the inauguration of the 5th Oman Cybersecurity Conference on Thursday. Focusing on the theme, "Empowering Cybersecurity in the Logistics Sector", the conference was organized by Al-Roya newspaper, in collaboration with the Cyber Defense Centre and the Advanced Cybersecurity Academy. The conference opened under the auspices of Eng Said bin Hamoud al Maawali, Minister of Transport, Communications and Information Technology. In attendance were national and international experts sharing their perspectives on tackling the growing cyber threats to Oman's logistics infrastructure — a cornerstone of the Vision 2040 strategy to transform Oman into a competitive logistics center. Opening the conference, Hatim bin Hamad al Taie, Editor-in-Chief - Al-Roya, emphasized the need to inject cybersecurity into logistics planning, as both are essential to keeping modern economies afloat. "As cyber threats continue to grow globally, it is imperative that our supply chains are efficient and secure," Al Taie said. He mentioned Oman's unique geographical position and continued investment in ports and free zones as evidence of its growing role in regional and global trade. Al Taie also referenced the recent historic agreement on the world's first liquefied hydrogen corridor from the Global South to Europe as evidence of Oman's evolving role in global energy security. Eng Khamis al Hajri, Head of Cyber Defense Centre, delivered the keynote, quoting the vulnerability of global logistics networks to cyberattacks. He referred to the 2023 MOVEit breach that affected more than 93 million individuals as a chilling reminder. Al Hajri called for "Secure by Design" practices for ensuring cybersecurity from the onset. One of the highlights of the event was also the inauguration of the first national cybersecurity simulation exercise tailored to the logistics sector in Oman. The exercise aims at boosting digital preparedness, testing response to threat, and stimulating inter-agency coordination. Singaporean cybersecurity expert Leonard Kahou provided a general overview of how it's becoming increasingly difficult to secure logistics ecosystems. He warned that ransomware, data breaches, and social engineering tactics present increasing threats throughout supply chains — all the way to the end-user. Cyber Defence Centre engineer Hashem al Balushi revealed an alarming trend: Oman's logistics industry alone saw over 80,000 malware attacks and 37 advanced persistent threats within the first quarter of 2025. He advocated for robust protection mechanisms, including encrypted protocols, limited access permissions, and periodic system updates. Wrapping up the event, the Ministry of Labour's "Tashgheel" programme and several local businesses signed a memorandum of understanding to upskill Omani professionals in cybersecurity — doubling down on Vision 2040's focus on developing the workforce. The conference underscored the fact that a secure digital foundation is not a technical necessity alone, but rather a strategic necessity for Oman's sustainable development and economic future. 2022 © All right reserved for Oman Establishment for Press, Publication and Advertising (OEPPA) Provided by SyndiGate Media Inc. (
Observer
24-04-2025
- Business
- Observer
Oman enhances cyber resilience in logistics sector
MUSCAT: In accordance with Oman Vision 2040, which emphasizes economic diversification, digital transformation, and human capital development, the Sultanate reaffirmed its commitment to cybersecurity with the inauguration of the 5th Oman Cybersecurity Conference on Thursday. Focusing on the theme, "Empowering Cybersecurity in the Logistics Sector", the conference was organized by Al-Roya newspaper, in collaboration with the Cyber Defense Centre and the Advanced Cybersecurity Academy. The conference opened under the auspices of Eng Said bin Hamoud al Maawali, Minister of Transport, Communications and Information Technology. In attendance were national and international experts sharing their perspectives on tackling the growing cyber threats to Oman's logistics infrastructure — a cornerstone of the Vision 2040 strategy to transform Oman into a competitive logistics center. Opening the conference, Hatim bin Hamad al Taie, Editor-in-Chief - Al-Roya, emphasized the need to inject cybersecurity into logistics planning, as both are essential to keeping modern economies afloat. "As cyber threats continue to grow globally, it is imperative that our supply chains are efficient and secure," Al Taie said. He mentioned Oman's unique geographical position and continued investment in ports and free zones as evidence of its growing role in regional and global trade. Al Taie also referenced the recent historic agreement on the world's first liquefied hydrogen corridor from the Global South to Europe as evidence of Oman's evolving role in global energy security. Eng Khamis al Hajri, Head of Cyber Defense Centre, delivered the keynote, quoting the vulnerability of global logistics networks to cyberattacks. He referred to the 2023 MOVEit breach that affected more than 93 million individuals as a chilling reminder. Al Hajri called for "Secure by Design" practices for ensuring cybersecurity from the onset. One of the highlights of the event was also the inauguration of the first national cybersecurity simulation exercise tailored to the logistics sector in Oman. The exercise aims at boosting digital preparedness, testing response to threat, and stimulating inter-agency coordination. Singaporean cybersecurity expert Leonard Kahou provided a general overview of how it's becoming increasingly difficult to secure logistics ecosystems. He warned that ransomware, data breaches, and social engineering tactics present increasing threats throughout supply chains — all the way to the end-user. Cyber Defence Centre engineer Hashem al Balushi revealed an alarming trend: Oman's logistics industry alone saw over 80,000 malware attacks and 37 advanced persistent threats within the first quarter of 2025. He advocated for robust protection mechanisms, including encrypted protocols, limited access permissions, and periodic system updates. Wrapping up the event, the Ministry of Labour's "Tashgheel" programme and several local businesses signed a memorandum of understanding to upskill Omani professionals in cybersecurity — doubling down on Vision 2040's focus on developing the workforce. The conference underscored the fact that a secure digital foundation is not a technical necessity alone, but rather a strategic necessity for Oman's sustainable development and economic future.
Associated Press
01-04-2025
- Business
- Associated Press
Progress MOVEit Recognized in G2's Best IT Infrastructure Products List for Third Consecutive Year
Managed file transfer solution recognized for excellence based on user reviews BURLINGTON, Mass., April 01, 2025 (GLOBE NEWSWIRE) -- Progress (Nasdaq: PRGS), the trusted provider of AI-powered digital experience and infrastructure software, today announced that its Progress® MOVEit® managed file transfer (MFT) software has been recognized with a 2025 Best Software Award from G2 in the Best IT Infrastructure Products category. Out of 6,562 total products in this category, and 1,856 eligible for the 2025 awards, MOVEit was one of only 13 products to retain a spot on the list from last year, highlighting its continued leadership in the MFT and IT infrastructure sectors. The G2 Best Software Awards rank the world's best software companies and products based on authentic, timely reviews from real users and publicly available market presence data. The continued recognition of MOVEit software highlights its value in helping organizations transfer sensitive files more securely and efficiently while promoting compliance with industry standards. MOVEit software has continually evolved to meet the growing demands of secure file transfer, providing businesses with a trusted, scalable and efficient solution. It is recognized for its leadership and innovation, offering increased reliability in secure file transfers. In addition to this year's recognition, MOVEit software is: The only MFT solution to make the Best IT Infrastructure list more than once—and for three consecutive years (2023, 2024, 2025). 20-time leader in G2's quarterly MFT report since spring 2020, solidifying its position as the go-to solution for managed file transfer. Trusted by enterprises worldwide to automate and protect sensitive file transfers across highly regulated industries including banking and financial services, healthcare, insurance, and government. Core Features That Set MOVEit Software Apart Security and Compliance: Provides advanced encryption, access controls and compliance certifications, including ISO 27001, SOC 2 Type 2, FIPS 140-2, GDPR, HIPAA and PCI 4.0. File Transfer Automation: Reduces manual errors and increases efficiency through workflow automation. Broad Visibility and Control: Helps organizations maintain consistent oversight—from high-level task tracking to granular audit logs. Scalability and High Availability: Offers flexible cloud and on-premises deployment options with built-in high availability and disaster recovery solutions for secure, uninterrupted file transfers at scale. Unlike traditional methods, such as FTP and email, MOVEit promotes secure, automated and compliant file transfer for businesses looking to reduce inefficiencies and risk. For more information about Progress MOVEit, visit Press Contact: Kim Baker Progress
Yahoo
19-02-2025
- Health
- Yahoo
Government failings exacerbated 2023 breach, says N.S. privacy commissioner
Nova Scotia's information and privacy commissioner says the provincial government did not have reasonable security and information practices in place before a massive security breach in 2023 involving a file transfer service. Tricia Ralph released her investigation report into the MOVEit privacy breach on Wednesday, finding that the province's protocols before the breach exacerbated the impact of the cybersecurity attack, and some of its actions afterward increased stress for the victims. "We, as citizens, must demand more of the public institutions that collect personal information about us," Ralph said in a news release about her report. "Real leadership at the highest level in the Nova Scotia government is needed to ensure that adequate security and information practices, which are required by law, are implemented." The breach came to light in June 2023 and the Nova Scotia government held a rare Sunday afternoon news conference to alert the public of a "global cybersecurity issue" that resulted in the theft of personal information. The cybersecurity attack was part of a huge global breach involving MOVEit, a file transfer service used by the public and private sector to share personal information. The breach affected an estimated 18.5 million people worldwide. 100,000 Nova Scotians affected At the time, Colton LeBlanc, the minister responsible for cybersecurity and digital solutions, told reporters the government didn't know how many Nova Scotians were affected or what information was stolen. In the following days, it became clear that about 100,000 Nova Scotians were affected, including current or past employees of Nova Scotia Health, the IWK and the provincial civil service. The stolen information included banking details, home addresses and social insurance numbers. Later, additional affected groups were identified by the government, including newborns, students, people who received parking tickets, and teachers, among many others. Nova Scotia's information and privacy commissioner launched her investigation into the breach that December. Report findings Ralph's report says basic practices — such as completing a privacy impact assessment, a tool that identifies risks of a system — were not implemented and the government was therefore not in compliance with the Freedom of Information and Protection of Privacy Act or the Personal Health Information Act. The government did not tell users of the MOVEit system how long they should keep files in it, the report says, and MOVEit ended up being used as a "repository for extraneous records." The retention of those unnecessary records in the system made the extent of the breach significantly worse, Ralph's report says. Ralph found that in the wake of the breach, some of the province's actions were reasonable, such as notifying affected people quickly and offering credit monitoring for five years. But she said the notification letters to breach victims did not have enough information, adding to their stress and worry. The government's contact information for victims was also outdated, so many did not even receive notification and could not take steps to protect themselves. The Office of the Information and Privacy Commissioner received 110 complaints from Nova Scotians about the breach. Commissioner's recommendations Ralph issued eight recommendations in her report, including that the government specify the maximum time that files can remain in the MOVEit system, that it monitor the use of MOVEit at least yearly, and that it make public the appropriate portions of its privacy impact assessment on MOVEit. Ralph also recommended that the government consult with the Office of the Information and Privacy Commissioner before issuing any future privacy breach notification letters, and make every effort to update the contact information the government holds on residents. The news release said the government is considering Ralph's report and will have 30 days to decide whether it will follow her recommendations. MORE TOP STORIES
