Latest news with #Secureframe
Techday NZ
08-08-2025
- Business
- Techday NZ
Emerging cyber threats for 2025 target healthcare & industry
New research from Secureframe has identified the five most significant emerging cyber threats for 2025, focusing on the risks posed to critical sectors including healthcare, infrastructure, and small and medium-sized businesses. The report by Secureframe analyses recent high-profile breaches along with global threat trends and highlights an environment increasingly shaped by AI-driven attacks, organised cybercrime groups, and the rapid exploitation of newly discovered vulnerabilities. Rising threats across sectors Findings within the report indicate ransomware attacks on industrial operators grew by 46% in the first quarter of 2025 alone. Healthcare breach costs have reached an average of USD $5.3 million per incident, marking a 25% increase above the next closest industry. AI-driven criminal tools are enabling the widespread use of advanced phishing schemes, deepfakes, and malware that adapts to targets in real-time. Supply chain vulnerabilities are also being targeted more frequently by cybercriminals, with third-party vendor breaches now a primary vector for large-scale attacks. One cited example was the collapse of the 158-year-old KNP Logistics due to a ransomware incident, underscoring the real-world impact on businesses of all sizes. Organised cybercrime syndicates The report lists organised criminal networks as the number one threat, noting that these groups are expanding their activities through tools such as automation and ransomware-as-a-service platforms. LockBit is highlighted as an active player despite international efforts to dismantle such organisations, while new groups, including Interlock, are emerging to mimic these operations. AI-powered attacks Attackers are leveraging generative AI to craft realistic phishing lures, create deepfakes, and generate malware that adapts in real-time. In one case, AI-generated content helped defraud over 500,000 investors in the JuicyFields scam. Such developments signify a shift in the sophistication of cyber threats, demanding equally advanced detection and response capabilities. Advanced persistent threats Nation-state actors are intensifying long-term, covert attacks primarily targeting energy providers and defence contractors. Groups such as APT33 and APT39 were particularly active across North America and Europe in 2025, with campaigns designed to evade traditional security measures for months at a time. Zero-day vulnerabilities The research outlines that previously unknown and unpatched weaknesses are being exploited at a record pace. An example in 2025 was a critical flaw in Microsoft SharePoint (CVE-2025-53770) which was actively targeted globally before vendors released a remedy. Software supply chain attacks Third-party software platforms are being leveraged as a point of entry for cyberattacks against broader enterprise ecosystems. Secureframe notes that attacks involving compromised SAP SuccessFactors providers resulted in breaches extending into sectors from healthcare to consumer goods. Industry-specific warnings The healthcare sector is seen as especially vulnerable. The report states: "With 92% of organizations reporting attacks in 2024, the sector must prioritize HIPAA-compliant training and secure offline backups." Critical infrastructure operators in the defence and energy fields are advised to implement the NIST 800-172 and CMMC 2.0 frameworks to respond to escalating threats from nation-state actors. Financial services continue to face risks associated with investment fraud and business email compromise, prompted by increasingly refined social engineering attacks. Mitigation strategies Secureframe's report includes a recommended 10-step cybersecurity playbook designed to align with NIST CSF 2.0 and ISO 27001 standards. Suggested actions consist of emergency patching, multi-factor authentication enforcement, privileged account monitoring, third-party vendor assessments, continuous threat detection, and regular employee phishing simulations and tabletop crisis exercises. Methodology The findings were generated through the examination of cybersecurity incidents across multiple industries, using case studies of attacks on healthcare organisations, infrastructure systems, and large corporations during 2024 and 2025.
Techday NZ
16-07-2025
- Business
- Techday NZ
Ransomware, AI & vendor risks drive billions in 2025 breaches
New research from Secureframe has identified ransomware, artificial intelligence-powered attacks, and social engineering as the predominant drivers behind the most costly cyberattacks in 2025. Persistent threats The study, which analysed over two years of breach data spanning multiple industries and geographies, found that ransomware continues to top the list of cyber threats. Attackers are increasingly leveraging privilege escalation zero-day vulnerabilities as well as ransomware-as-a-service kits, which has led to a rapid deployment of sophisticated attacks. Social engineering was highlighted as another key vector. Groups such as Scattered Spider have reportedly surged in activity, managing to bypass multi-factor authentication and compromise IT help desks across major airlines and insurance companies. The report stated, "Ransomware remains the #1 threat, with attackers using privilege escalation zero-days and ransomware-as-a-service (RaaS) kits to deploy attacks at record speed." Third-party vulnerabilities The analysis also underscored a significant rise in third- and fourth-party risks. In many cases, vulnerabilities found in vendor systems are exploited as entry points to target larger enterprises. The study described insecure vendors as often serving as the "weakest link in enterprise defences." According to Secureframe, "Third- and fourth-party risks are now a leading attack vector, with insecure vendors often serving as the weakest link in enterprise defenses." Targeted industries Among the sectors monitored, retail emerged as the most targeted in 2025. The research cited a notable breach at Marks & Spencer, where reported damages exceeded USD $27 million and nearly 17 million customers were affected in a coordinated attack. "$27M+ in damages were reported from a single retail breach (Marks & Spencer), with retail emerging as the most targeted industry in 2025," according to the report. Other notable incidents featured in the study include a ransomware breach at National Defence Corporation with 4.2TB of sensitive data leaked, a Microsoft zero-day exploit used in widespread ransomware campaigns against financial and healthcare sectors, and breaches at WestJet and Aflac driven by targeted social engineering tactics and compromised help desk processes. Acceleration of AI-powered threats Researchers found that adversaries are increasingly deploying artificial intelligence to automate and scale attacks. Governments and critical infrastructure are reportedly facing more sophisticated, global threats. The report says, "AI-powered attacks are scaling fast, with governments and critical infrastructure facing sophisticated threats that move globally and at scale." The use of AI and zero-day exploits is influencing the rapid increase in the scale and impact of cyber incidents. Secureframe projects that cybercrime will cause more than USD $15.6 trillion in damages globally by 2029. The report notes, "In 2025 alone, organizations are expected to spend billions on breach recovery and ransomware payouts - not including the reputational toll." Recommended responses To address these threats, Secureframe outlines a series of recommendations mapped to prominent standards such as SOC 2, ISO 27001, NIST 800-53, and CMMC. The report advises organisations to prioritise patch management and privilege escalation prevention, conduct regular cybersecurity tabletop exercises, implement robust third-party risk management programmes, and embrace secure-by-design development principles. Cybercrime is projected to inflict more than $15.6 trillion in global damages by 2029, with AI-driven attacks and zero-day exploits accelerating that curve. In 2025 alone, organizations are expected to spend billions on breach recovery and ransomware payouts - not including the reputational toll. The guidance also refers to the need for businesses to build lasting cyber resilience to counteract the evolving threat landscape. The full report details a prescriptive framework for strengthening defences, intended to help organisations of all sizes maintain compliance and prepare more effectively for emerging security challenges.
Yahoo
26-06-2025
- Business
- Yahoo
Secureframe and Fleet Forge Strategic Partnership to Enhance Open-Source Security Compliance
SAN FRANCISCO, June 26, 2025--(BUSINESS WIRE)--Secureframe, the leading provider of security compliance automation, today announced that it has installed Fleet, the open-source platform for security and IT teams, as the default agent within Secureframe. This collaboration integrates Fleet's capabilities into Secureframe's platform, bringing the power of open device management to thousands of customers, including AngelList, Generali, Rand McNally, and Coda, enhancing their security posture and simplifying compliance at scale. "Our strategic partnership with Fleet delivers unparalleled value to our customers through lightning-fast performance and support across all computing platforms," says Shrav Mehta, Founder and CEO of Secureframe. "This collaboration provides security teams with the access needed to perform effectively, while ensuring complete transparency for employees regarding the code running on their systems." A cornerstone of this partnership is Fleet's open-source foundation. In today's security-conscious landscape, transparency is essential. Fleet's core, built upon the widely adopted open-source osquery project created by Fleet's cofounder, allows customers and the broader community to audit and verify the software's functionality. This commitment to openness fosters trust with employees and aligns with Secureframe's mission to empower businesses with trustworthy security and compliance solutions. "The integration of Secureframe and Fleet represents a significant advancement for our organization," says Thomas Buley, Secureframe customer and CEO at Sightglass. "Having access to the same open-source technology trusted by companies like Stripe gives us confidence in our security infrastructure." This partnership enhances Secureframe's scalability, making it an even more compelling solution for organizations of all sizes looking to automate compliance. As organizations grow, their needs evolve rapidly. They secure deals requiring new compliance standards, teams expand globally, employees require various operating systems, product features demand testing across different platforms, and acquisitions may introduce unique IT and security approaches. "When companies grow, the growth can happen very suddenly," says Mike McNeil, CEO at Fleet, "Secureframe gives companies the immediate compliance wins they need to run their business, while future-proofing the next chapter of their growth so they don't have to rebuild everything from scratch." This strategic alliance between Secureframe and Fleet signals a shift toward a more open, transparent, and automated future for security and compliance built on open-source technologies. About Fleet Fleet is the open-source platform for IT and security teams with thousands of computers. Organizations like MrBeast, Uber, and hundreds more use Fleet to improve and simplify how they manage and secure devices. Fleet's mission is to bring transparency and control to the world of computing devices through its open and extensible platform. Learn more at About Secureframe Secureframe is the leading security and privacy compliance automation platform, helping organizations achieve and maintain continuous compliance with standards like CMMC 2.0, FedRAMP 20x, SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR, and more. Thousands of fast-growing startups and global enterprises trust Secureframe to simplify compliance, reduce risk, and build trust with customers and partners. Backed by top-tier investors including Kleiner Perkins, Gradient Ventures, and Base10 Partners, Secureframe is redefining what's possible in security and compliance. Learn more at View source version on Contacts For media inquiries, please contact:Mike McNeil, CEOFleet Device ManagementEmail: LinkedIn: Shrav Mehta, Founder + CEOSecureframeEmail: support@ LinkedIn: Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Business Wire
26-06-2025
- Business
- Business Wire
Secureframe and Fleet Forge Strategic Partnership to Enhance Open-Source Security Compliance
SAN FRANCISCO--(BUSINESS WIRE)-- Secureframe, the leading provider of security compliance automation, today announced that it has installed Fleet, the open-source platform for security and IT teams, as the default agent within Secureframe. This collaboration integrates Fleet's capabilities into Secureframe's platform, bringing the power of open device management to thousands of customers, including AngelList, Generali, Rand McNally, and Coda, enhancing their security posture and simplifying compliance at scale. "Our strategic partnership with Fleet delivers unparalleled value to our customers through lightning-fast performance and support across all computing platforms,' says Shrav Mehta, Founder and CEO of Secureframe. Share "Our strategic partnership with Fleet delivers unparalleled value to our customers through lightning-fast performance and support across all computing platforms,' says Shrav Mehta, Founder and CEO of Secureframe. "This collaboration provides security teams with the access needed to perform effectively, while ensuring complete transparency for employees regarding the code running on their systems." A cornerstone of this partnership is Fleet's open-source foundation. In today's security-conscious landscape, transparency is essential. Fleet's core, built upon the widely adopted open-source osquery project created by Fleet's cofounder, allows customers and the broader community to audit and verify the software's functionality. This commitment to openness fosters trust with employees and aligns with Secureframe's mission to empower businesses with trustworthy security and compliance solutions. "The integration of Secureframe and Fleet represents a significant advancement for our organization," says Thomas Buley, Secureframe customer and CEO at Sightglass. "Having access to the same open-source technology trusted by companies like Stripe gives us confidence in our security infrastructure." This partnership enhances Secureframe's scalability, making it an even more compelling solution for organizations of all sizes looking to automate compliance. As organizations grow, their needs evolve rapidly. They secure deals requiring new compliance standards, teams expand globally, employees require various operating systems, product features demand testing across different platforms, and acquisitions may introduce unique IT and security approaches. "When companies grow, the growth can happen very suddenly," says Mike McNeil, CEO at Fleet, "Secureframe gives companies the immediate compliance wins they need to run their business, while future-proofing the next chapter of their growth so they don't have to rebuild everything from scratch." This strategic alliance between Secureframe and Fleet signals a shift toward a more open, transparent, and automated future for security and compliance built on open-source technologies. About Fleet Fleet is the open-source platform for IT and security teams with thousands of computers. Organizations like MrBeast, Uber, and hundreds more use Fleet to improve and simplify how they manage and secure devices. Fleet's mission is to bring transparency and control to the world of computing devices through its open and extensible platform. Learn more at About Secureframe Secureframe is the leading security and privacy compliance automation platform, helping organizations achieve and maintain continuous compliance with standards like CMMC 2.0, FedRAMP 20x, SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR, and more. Thousands of fast-growing startups and global enterprises trust Secureframe to simplify compliance, reduce risk, and build trust with customers and partners. Backed by top-tier investors including Kleiner Perkins, Gradient Ventures, and Base10 Partners, Secureframe is redefining what's possible in security and compliance. Learn more at
Techday NZ
18-06-2025
- Business
- Techday NZ
Secureframe unveils Custom Integrations for complex IT compliance
Secureframe has announced the launch of Custom Integrations, a capability enabling organisations to integrate data from any source into its compliance management platform. The new feature is designed to support companies with complex IT environments, including those utilising legacy systems, custom applications, and on-premise infrastructure. Previously, such organisations faced challenges automating compliance processes when using technology stacks that could not be connected through Secureframe's standard integrations. Secureframe currently provides more than 300 native integrations with various tools and systems. Custom Integrations is intended to remove limitations by allowing data ingestion, normalisation, and continuous monitoring from any system using API endpoints or CSV uploads. Shrav Mehta, Chief Executive Officer at Secureframe, commented on the changing needs of businesses managing compliance in intricate environments: "The compliance landscape has evolved far beyond one-size-fits-all solutions. Many enterprises have told us they love our automation capabilities but need support for their unique tech stacks. Custom Integrations represents a fundamental shift in how we approach compliance automation — instead of asking organisations to adapt to our platform, we're enabling our platform to adapt to them." According to Secureframe, the new capability is aimed at directly addressing the compliance difficulties encountered by organisations with sophisticated or unique IT environments. Several features have been introduced as part of Custom Integrations. Features detailed The capability includes automated schema detection, enabling Secureframe to automatically identify resource types and map data fields, thereby reducing manual work for developers. Organisations are able to define custom data models, specifying mandatory and optional fields for each resource type, and have the flexibility to edit as requirements evolve. Teams can utilise self-service debugging features, with clear error messages and request logs to support troubleshooting without requiring external support. Custom Integrations also includes a no-code editor for the creation of automated tests, supporting continuous compliance monitoring across all integrated systems and data sources. Ingested data from any source is normalised and organised within Secureframe's unified asset inventory, providing centralised management. Mehta added further context about the broader trend affecting enterprises and Secureframe's aim to address it: "We're seeing a clear trend where enterprises need compliance solutions that can scale with their complexity, not despite it. Custom Integrations goes beyond solving a technical problem to unlock a new level of compliance automation that was previously impossible for organisations with diverse IT environments." Expanded automation scope Custom Integrations is positioned to extend Secureframe's automation coverage by incorporating data from previously unsupported systems. Organisations are able to monitor mainframe systems, custom databases, and proprietary applications as part of their compliance requirements. Hybrid environments are supported as well, allowing cloud-native and on-premise compliance data to be managed together. The system can also track custom asset types, such as specialised equipment or proprietary software, alongside standard IT assets. In addition, organisations can automate the monitoring of third-party data sources, including training records and vendor assessments. Strategic implications Secureframe expects the new capability to broaden its potential customer base, particularly among enterprises operating in regulated sectors that require complex compliance management. Custom Integrations joins other features in Secureframe's offering, such as custom frameworks, Custom Automated Tests, and Workspaces, aiming to provide flexibility to customers with various policies and requirements. Custom Integrations is available to existing Secureframe customers and can be configured through the platform's interface. Secureframe provides documentation, video tutorials, and additional support resources intended to facilitate smooth implementation by customer organisations.
