Copyright TechTarget - All rights reserved https://cyber.law.harvard.edu/rss/rss.html Techtarget Feed Generator en Mon, 27 Apr 2026 02:40:33 GMT https://www.techtarget.com/searchsecurity editor@techtarget.com <p>A security, incident and event management system collects, centralizes and analyzes data from across the IT environment to uncover cybersecurity and operational problems.</p> <p>As with so many formerly distinct and well-defined cybersecurity systems, "SIEM" is now as often a set of features as it is a separate product or service. In the current era of category drift and <a href="https://www.techtarget.com/searchsecurity/tip/What-cybersecurity-consolidation-means-for-enterprises">tool convergence</a>, an extended detection and response (XDR) platform might include SIEM features, a SIEM offering might include user and entity behavior analytics (UEBA) and so on. &nbsp;</p> <p>Whether in a standalone product or as part of a broader offering, <a href="https://www.techtarget.com/searchsecurity/feature/SIEM-isnt-dead-its-place-in-the-SOC-is-just-evolving">enterprises continue to rely on SIEM functionality</a>. Top SIEM use cases span cybersecurity and IT ops and include log management, attack detection, event detection, event forensics and cybersecurity posture management.</p> <section class="section main-article-chapter" data-menu-title="1. Log management"> <h2 class="section-title"><i class="icon" data-icon="1"></i>1. Log management</h2> <p>This is job No. 1 for a SIEM. In addition to serving as the destination for logs from core security systems such as firewalls and intrusion detection and protection systems, SIEMs also aggregate and normalize streams from more far-flung data sources, such as <a href="https://www.techtarget.com/searchsecurity/tip/EDR-vs-XDR-vs-MDR-Which-does-your-company-need">endpoint detection and response and XDR</a> systems. A centralized repository for security event log data is useful for monitoring, analysis and compliance purposes.</p> <p>SIEMs gather operational logging data -- e.g. performance data on a router's interfaces -- as well as cybersecurity logs, so they are useful to the NOC and IT ops staff as well as to the SOC.</p> </section> <section class="section main-article-chapter" data-menu-title="2. Attack detection"> <h2 class="section-title"><i class="icon" data-icon="1"></i>2. Attack detection</h2> <p>While SIEMs can do a lot to detect attacks on their own, they <a href="https://www.techtarget.com/searchsecurity/tip/Top-10-UEBA-enterprise-use-cases">benefit from integration with UEBA systems</a>. UEBAs are specifically built to apply advanced behavioral analytics to the kinds of real-time activity data that a SIEM provides.</p> <p>Note that a <a href="https://www.techtarget.com/searchsecurity/tip/SIEM-vs-SOAR-vs-XDR-Evaluate-the-differences">SIEM typically does not coordinate the response to an attack</a>. That responsibility traditionally falls to a <a href="https://www.techtarget.com/searchsecurity/feature/Is-SOAR-dead-or-alive-Sort-of">security orchestration, automation and response system</a>, which can also integrate with the SIEM.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">And, of course, AI</h3> <p>SIEM systems have made use of machine learning for more than a decade. Now, like everything else in cybersecurity, they are getting liberal doses of AI. A SIEM infused with LLM capabilities can accept natural-language queries from users and offer them "guide by the side" advisory functionality with natural-language explanations.</p> <p>Agentic AI is finding its way into SIEM systems as well, and SIEMs with AI agents are providing new levels of flexible and context-aware response automation.</p> </div> </div> </section> <section class="section main-article-chapter" data-menu-title="3. Event detection"> <h2 class="section-title"><i class="icon" data-icon="1"></i>3. Event detection</h2> <p>Not all events are attacks. Equipment failures and performance problems can lead to events that show up in logs, and a SIEM can alert IT ops staff and the network operations (NOC) team when such issues occur. For example, when a router stops reporting normal traffic from a branch office, the SIEM might alert the NOC to the problem.</p> </section> <section class="section main-article-chapter" data-menu-title="4. Forensics and root cause analysis"> <h2 class="section-title"><i class="icon" data-icon="1"></i>4. Forensics and root cause analysis</h2> <p>SIEMs are repositories of huge volumes of data relevant to attacks -- whether successful or averted -- and provide search and filter features to help investigators tease out relevant information and patterns. Similarly, IT ops teams searching for <a href="https://www.techtarget.com/searchitoperations/definition/root-cause-analysis">root causes</a> of problems in WANs, campus networks or data centers can benefit from these capabilities.</p> </section> <section class="section main-article-chapter" data-menu-title="5. Cybersecurity posture management -- i.e., breach prevention"> <h2 class="section-title"><i class="icon" data-icon="1"></i>5. Cybersecurity posture management -- i.e., breach prevention</h2> <p>SIEM offers a view not just into performance and alert data but also device configurations, making it useful in monitoring for policy deviations and supporting <a href="https://www.techtarget.com/searchsecurity/feature/Security-posture-management-a-huge-challenge-for-IT-pros">cybersecurity posture management</a>. SIEMs can see and report when running configurations differ from documented ones, whether because of an insider attack or normal configuration drift from ad-hoc changes made in the course of problem solving.</p> <p><i>&nbsp;</i><i>John Burke is CTO and a research analyst at Nemertes Research. Burke joined Nemertes in 2005 with nearly two decades of technology experience. He has worked at all levels of IT, including as an end-user support specialist, programmer, system administrator, database specialist, network administrator, network architect and systems architect.</i></p> </section> In the age of AI everything, SIEM isn't exactly flashy -- but it still matters. Explore top SIEM use cases that span the enterprise, from cybersecurity to IT ops. https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/Data%20security.Getty.jpg https://www.techtarget.com/searchsecurity/tip/Top-SIEM-use-cases-in-the-enterprise Fri, 24 Apr 2026 21:53:00 GMT <p data-end="3972" data-start="3847">E-signature software is now a standard business tool for contracts, approvals and customer-facing forms.</p> <p data-end="4203" data-start="3974">Since the Electronic Signatures in Global and National Commerce, or <a href="https://www.techtarget.com/searchsecurity/definition/Electronic-Signatures-in-Global-and-National-Commerce-Act">ESIGN</a>, Act passed in 2000 and set <a href="https://www.techtarget.com/searchcontentmanagement/answer/Are-electronic-signatures-legally-binding">legal requirements for e-signatures</a>, the market has shown no signs of slowing down. With legal frameworks in place and a mature vendor market, organizations now evaluate e-signature platforms less as a convenience tool and more as part of a broader <a href="https://www.techtarget.com/searchcontentmanagement/tip/7-key-stages-of-enterprise-content-lifecycle-management">document workflow</a>, compliance and customer-experience strategy.</p> <p>E-signature software has various benefits for organizations, like improved performance and reduced costs. <a href="https://www.techtarget.com/searchcontentmanagement/tip/How-to-build-a-successful-paperless-office-strategy">Paper usage also decreases</a>, which is better for the environment, and e-signatures are convenient and avoid having users print out, sign, scan and mail documents.</p> <p>However, not all e-signature software is the same. As organizations evaluate options, they should consider signing volume, integrations, workflow automation, <a href="https://www.techtarget.com/searchcontentmanagement/tip/6-enterprise-content-management-best-practices-for-deployment">compliance features</a>, mobile support and whether the software fits internal approvals, customer-facing transactions or both.</p> <p>The unranked, alphabetical list of platforms below was created based on reports from leading analyst firms, such as Gartner and Forrester, and user reviews on G2 and Capterra, plus additional research by TechTarget editors.</p> <section class="section main-article-chapter" data-menu-title="1. Adobe Acrobat Sign"> <h2 class="section-title"><i class="icon" data-icon="1"></i>1. Adobe Acrobat Sign</h2> <p>Most Adobe Acrobat users understand its e-signature capabilities, but full access to those features requires a purchase. <a href="https://www.techtarget.com/searchcontentmanagement/definition/Adobe-Sign">Adobe Acrobat Sign</a> lets recipients sign documents without downloading anything. Like other e-signature platforms, Adobe Acrobat Sign integrates with various tools, including Salesforce, Zoho CRM, SAP SuccessFactors, Microsoft and Box, among others.</p> <p>Users can create digital forms on their websites and integrate Adobe Acrobat Sign for e-signatures. The software also offers a mobile app to scan and upload PDFs, along with customizable templates, notifications and reminders. Adobe Acrobat Sign is easy to use, has responsive customer support and simplifies how users upload a signature.</p> <p>However, the mobile app can be clunky, and its features can overwhelm some users -- making Adobe Acrobat Sign a better choice for enterprise customers. It also lacks integration capabilities beyond its existing choices.</p> <p>Adobe Acrobat Sign's pricing for the Acrobat Standard for teams starts at $14.99 per user monthly.</p> </section> <section class="section main-article-chapter" data-menu-title="2. Docusign"> <h2 class="section-title"><i class="icon" data-icon="1"></i>2. Docusign</h2> <p>Docusign offers standalone eSignature plans as well as its broader Intelligent Agreement Management platform. Organizations that handle a high volume of contracts should distinguish between Docusign’s basic e-signature plans and its more advanced IAM suite. The software has a mobile-responsive web app to simplify how parties sign agreements. It also supports document routing to multiple parties and lets users create reusable templates with standard and customizable fields.</p> <p>Docusign uses APIs to integrate with over 350 apps, including Microsoft, Salesforce, Zoom, SAP, Google and Oracle products. The platform is user-friendly, offers multilanguage support and enables visibility into who views and signs documents. However, users can't download multiple documents at once with this tool, and it can't integrate with other PDF apps.</p> <p>When billed annually, Docusign’s standalone eSignature pricing starts at $10 per month for the Personal plan and $25 per user monthly for the Standard plan for small-to-medium-sized teams. Docusign’s IAM plans start at a higher price point, with IAM Starter at $40 per user monthly and IAM Standard at $45 per user monthly.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> E-signature software has various benefits for organizations, like improved performance and reduced costs. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> </section> <section class="section main-article-chapter" data-menu-title="3. Dropbox Sign"> <h2 class="section-title"><i class="icon" data-icon="1"></i>3. Dropbox Sign</h2> <p>Formerly known as HelloSign, Dropbox Sign is part of the Dropbox suite. It offers document templates for commonly used forms, like nondisclosure agreements and tax forms, and sends automated reminders so unsigned documents don't fall through the cracks.</p> <p>Dropbox Sign also integrates with Salesforce, HubSpot, Google Workspace, Box and SharePoint. Users can embed e-signatures into websites or apps using APIs, and <a href="https://www.techtarget.com/searchhrsoftware/feature/How-RPA-can-simplify-the-onboarding-process">automate employee onboarding</a> and hiring processes. It also encrypts data during transfer and at rest to protect user privacy.</p> <p>The platform is mobile-friendly, with notification and reminder options. However, some challenges include difficulty editing documents and limited customization.</p> <p>Dropbox Sign’s current pricing centers on an Essentials plan for individuals and a Standard plan for small teams. Essentials is listed at $15 per month, and Standard is listed at $25 per user per month when billed annually.</p> </section> <section class="section main-article-chapter" data-menu-title="4. Jotform Sign"> <h2 class="section-title"><i class="icon" data-icon="1"></i>4. Jotform Sign</h2> <p>Jotform Sign is e-signature software that includes workflow automation to let users sign documents on any device. It also lets users <a href="https://www.techtarget.com/searchcontentmanagement/tip/How-to-add-digital-signatures-to-a-PDF">turn PDFs into documents with e-signature capabilities</a>, automate processes and reuse document templates. Users can create approval workflows, embed documents for signatures in websites and receive alerts about document status through Jotform Sign Inbox.</p> <p>Users said Jotform Sign is easy to use and set up, with an intuitive UI. However, customization is limited, and the number of signatures it collects is limited based on the pricing tier.</p> <p>Jotform Sign offers a free version for users to collect 10 signatures per month. The paid tiers start with Bronze, which starts at $34 per month and is described in terms of broader monthly submission and active-form limits rather than just a simple signature cap.</p> </section> <section class="section main-article-chapter" data-menu-title="5. PandaDoc"> <h2 class="section-title"><i class="icon" data-icon="1"></i>5. PandaDoc</h2> <p>Organizations looking for e-signature software with a lot of features might consider PandaDoc. It <a href="https://www.techtarget.com/searchcustomerexperience/tip/7-reasons-why-businesses-need-mobile-apps">offers a mobile app</a> so users can track documents' statuses and get notified when someone opens, views, comments on or signs a document. The tool also offers a template library with over 450 contract, proposal and invoice templates, and users can drag and drop elements of them into documents to create their own templates.</p> <p>The PandaDoc API lets users integrate with third-party apps, and users can add it to PDFs and Word documents. It offers prebuilt integrations with apps like Salesforce, Zapier, Zoho, HubSpot and Dropbox.</p> <p>The software is easy to use, especially for creating documents. However, the signing space is small and can benefit from more out-of-the-box integrations.</p> <p>PandaDoc still offers a free tier, Starter at $19 per user monthly and Business at $49 per user monthly.</p> </section> <section class="section main-article-chapter" data-menu-title="6. ReadySign"> <h2 class="section-title"><i class="icon" data-icon="1"></i>6. ReadySign</h2> <p>Like its counterparts, ReadySign's e-signature software includes customizable templates and forms. It can also create an AnySign link, which lets signers opt in to sign the forms they need. Other features include bulk sending, notifications, reminders, custom signatures, <a href="https://www.techtarget.com/searchcontentmanagement/tip/Document-management-vs-content-management-How-they-differ">document management to organize signed forms</a> and user management with role-based permissions.</p> <p>ReadySign is easy to use, cost-effective, enables a comprehensive audit trail and offers responsive customer service. However, users might struggle to control the reminders, and the search features are not easy to use. Also, the vendor's website lacks integration information.</p> <p>ReadySign's pricing starts at $25 per user monthly for 10 users. The 40-user plan is $10 per user monthly, and the 100-user plan is $6 per user monthly -- all when billed annually.</p> </section> <section class="section main-article-chapter" data-menu-title="7. SignNow"> <h2 class="section-title"><i class="icon" data-icon="1"></i>7. SignNow</h2> <p>As a <a href="https://www.techtarget.com/searchcloudcomputing/definition/private-cloud">private cloud</a> e-signature software provider, SignNow lets users add e-signatures to various forms, documents and templates, including PDFs, Word documents and contracts. The software uses APIs for website, CRM and other app integrations.</p> <p>SignNow enables conditional documents, which means organizations can set documents to route by role. It also lets teams collaborate to create documents and templates and add custom branding to content. The platform is easy to use and supports e-signature management for multiple documents. It's also easy to sign documents from mobile phones.</p> <p>Yet, the tool presents challenges. The documents don't open immediately and instead prompt the recipient to download the file. It also lacks a commenting feature for users to provide feedback before signing.</p> <p>SignNow’s plans still start at a lower entry price point than many competitors, with current pricing beginning at $8 per user per month.</p> </section> <section class="section main-article-chapter" data-menu-title="8. Zoho Sign"> <h2 class="section-title"><i class="icon" data-icon="1"></i>8. Zoho Sign</h2> <p>Zoho Sign enables users to upload PDFs, Microsoft Word or other documents and add e-signature fields. It also offers reusable templates for frequently used documents and enables public URLs for <a href="https://www.techtarget.com/whatis/definition/customer-self-service-CSS">self-service</a> document signing. The tool also includes features for bulk sending, document status tracking, identity verification and <a href="https://www.techtarget.com/searchcontentmanagement/answer/252523027/What-are-the-pros-and-cons-of-electronic-signatures">regulatory compliance</a>. It can be used on mobile devices.</p> <p>Users said Zoho Sign offers good security, is easy to use and can easily integrate with other products and place e-signatures. However, the tool offers limited customization, and customer support is lacking.</p> <p>Zoho Sign still offers a free tier and entry-level paid pricing starting at $10 per user monthly billed annually. Its current paid tiers extend upward through Professional and Enterprise plans.</p> <p><b>Editor's note: </b><em>This article was originally published in 2022 and was updated in 2026 to reflect current e-signature software pricing, packaging and market positioning.</em></p> <p><i>Christine Campbell is a freelance writer specializing in business and B2B technology.</i></p> </section> E-signature software enhances workflows and reduces paper use. Organizations should compare integrations, workflows, compliance features, and pricing before choosing a platform. https://cdn.ttgtmedia.com/rms/onlineimages/container_g1294273513.jpg https://www.techtarget.com/searchcontentmanagement/tip/Top-e-signature-software-providers Fri, 24 Apr 2026 11:02:00 GMT <p data-end="5614" data-start="5350">Organizations use digital signatures when an agreement needs more than convenience. They use them when a workflow requires <a href="https://www.techtarget.com/searchcontentmanagement/answer/E-signature-vs-digital-signature-Whats-the-difference">stronger signer verification</a>, tamper evidence and a better evidentiary trail than a basic electronic signature provides.</p> <p data-end="5871" data-start="5616">That distinction matters because not every document needs the same level of trust. Routine approvals may only need a simple e-signature, while regulated, high-value or dispute-sensitive transactions often benefit from certificate-based digital signatures.</p> <p data-end="6126" data-start="5873">In practice, the goal is to match the signing method to the risk. The right question is not whether a business can sign electronically. It is whether the transaction needs stronger identity assurance, document integrity controls and compliance support.</p> <section class="section main-article-chapter" data-menu-title="Digital signatures vs. e-signatures"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Digital signatures vs. e-signatures</h2> <p>Organizations must understand the <a href="https://www.techtarget.com/searchcontentmanagement/answer/E-signature-vs-digital-signature-Whats-the-difference">difference between digital signatures and e-signatures</a> so they can implement a level of security that meets their needs.</p> <p>An e-signature is a broad term that includes any signature a user sends electronically. Some e-signatures, such as those retail stores use for small transactions, don't require identity verification. However, other types, such as digital signatures, involve a strict authentication process.</p> <p>In the U.S., the E-SIGN Act gives <a href="https://www.techtarget.com/searchcontentmanagement/answer/Are-electronic-signatures-legally-binding">electronic signatures legal standing </a>when key conditions are met, but organizations still use digital signatures when they need stronger identity assurance and tamper evidence. In the EU, trust-service frameworks make those assurance levels even more explicit.</p> <p>Digital signatures rely on <a href="https://www.techtarget.com/searchsecurity/definition/public-key">public key cryptography</a> and <a href="https://www.techtarget.com/searchsecurity/definition/public-key-certificate">digital certificates</a> to verify authenticity and detect tampering. In a typical workflow, the system creates a hash of the document and signs that hash with the sender's private key. The recipient then uses the corresponding public key and certificate to verify the signature and confirm that the document has not been altered since it was signed.</p> <p>To create a digital signature, organizations typically use an<a href="https://www.techtarget.com/searchcontentmanagement/tip/Top-e-signature-software-providers"> e-signature system</a>. E-signature systems offer digital signature capabilities, but they can also streamline workflows. For example, they can send reminder notifications to late signatories and assign roles to specific individuals.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">When to use a digital signature instead of a basic e-signature</h3> <p>Use a basic e-signature when speed and convenience are the priority and the workflow does not require higher assurance. Use a digital signature when the organization needs certificate-backed signer verification, tamper evidence and a stronger audit trail. In practice, the choice depends on transaction risk, compliance requirements and the evidentiary burden if the agreement is challenged later.</p> </div> </div> </section> <section class="section main-article-chapter" data-menu-title="What are digital signatures used for?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What are digital signatures used for?</h2> <p>Organizations can use digital signatures anywhere a signature is required, but they usually reserve them for transactions where stronger trust, signer verification and document integrity matter most. Common examples include the following:</p> <ul class="default-list"> <li>Real estate purchase and sale agreements</li> <li>Sales contracts</li> <li>Insurance agreements</li> <li>Tax documents and forms</li> <li>Construction change orders</li> <li>Clinical trials</li> <li>Loans</li> <li>Mortgages</li> <li>Leases</li> </ul> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/uw4aTvRDHB4?autoplay=0&amp;modestbranding=1&amp;rel=0&amp;widget_referrer=null&amp;enablejsapi=1&amp;origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> <section class="section main-article-chapter" data-menu-title="How digital signatures work"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How digital signatures work</h2> <p>Digital signatures rely on digital certificates that trust service providers issue to signers. These providers are legal entities that use processes and tools in accordance with a national authority, such as the U.S. government or EU, to verify e-signatures' authenticity.</p> <p>"The trust service provider verifies the identity of the signer prior to the issuance of the digital certificate using various mechanisms, [such as] near-field communication, automated video-based identity documents and biometric verification," Manaila said.</p> <p>After the trust service provider verifies the signer's identity, it issues the digital certificate in the cloud. It stores the required cryptographic keys on a hardware security module (<a href="https://www.techtarget.com/searchsecurity/definition/hardware-security-module-HSM">HSM</a>) and protects it with two-factor authentication (2FA). These security measures let people sign documents and get digital certificates from any type of platform, device or smartphone, Manaila said.</p> <p>Some countries issue electronic identification cards that store the owner's biometric data, such as their fingerprint or facial structure, on a chip. Citizens and organizations can use these cards to prove their identity online and quickly obtain a digital certificate.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/how_digital_signatures_work-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/how_digital_signatures_work-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/how_digital_signatures_work-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/how_digital_signatures_work-f.png 1280w" alt="Diagram showing the digital-signature workflow from document hashing and certificate-backed signing to signature verification and downstream processing." height="260" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>The digital-signature process uses certificates, private/public keys and document hashes to verify signer identity, detect tampering and support downstream workflows. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="How cloud affected the digital signature landscape"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How cloud affected the digital signature landscape</h2> <p>Before the proliferation of cloud services, organizations relied on physical devices, such as <a href="https://www.techtarget.com/searchsecurity/definition/security-token">security tokens</a> or smart cards, to protect their digital certificates with an HSM. This traditional approach posed implementation challenges. For example, the approach isn't user-friendly because it requires users to carry a physical device, Manaila said.</p> <p>Cloud tools, on the other hand, store the cryptographic keys on the cloud provider's HSM so organizations don't need to track physical tokens or replace them over time. Cloud products are also more scalable and require no physical maintenance costs.</p> <p>The digital signature landscape changed after the CSC standardized remote, cloud-based digital signatures with its open source API. This technology offers the following benefits:</p> <ul class="default-list"> <li>Generates remote digital signatures across desktop, web and mobile devices.</li> <li>Protects legally binding signatures with 2FA.</li> <li>Integrates with various <a href="https://www.techtarget.com/searcherp/definition/ERP-enterprise-resource-planning">ERP</a> and <a href="https://www.techtarget.com/searchcontentmanagement/feature/How-to-choose-the-right-document-management-system">digital transaction management systems</a>.</li> <li>Reduces IT governance costs.</li> <li>Ensures compliance with e-signature laws in the U.S. and EU, such as the <a href="https://ico.org.uk/for-organisations/guide-to-eidas/what-is-the-eidas-regulation" target="_blank" rel="noopener">Electronic Identification, Authentication and Trust Services Regulation</a>. <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The right question is not whether a business can sign electronically. It is whether the transaction needs stronger identity assurance, document integrity controls and compliance support. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote></li> </ul> <ul class="default-list"></ul> </section> <section class="section main-article-chapter" data-menu-title="Security benefits of digital signatures"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Security benefits of digital signatures</h2> <p>Digital signature technology can help organizations prevent bad actors from tampering with important transactions. Security benefits include the following:</p> <ul class="default-list"> <li>Links signer's identity to the signature.</li> <li>Makes the signer legally responsible for their actions.</li> <li>Securely stores the digital certificate's cryptographic keys on a certified HSM and protects them with 2FA.</li> <li>Offers <a href="https://www.techtarget.com/searchsecurity/definition/access-control">access control</a> to strengthen security.</li> <li>Can prove a signature's authenticity in court.</li> </ul> <p>Digital signatures add assurance, but they also add process and training overhead. That is why organizations should treat them as a fit-for-purpose control: use them where the business needs higher trust, stronger evidence or stricter compliance, and use simpler e-signatures where speed and convenience matter more.</p> <p><strong>Editor's note:</strong> <em>This article was originally published in 2023 and was updated in 2026 to reflect current digital-signature workflows, legal context and enterprise use cases. </em></p> </section> Digital signatures help organizations verify signer identity and detect tampering, but teams should choose them only when a transaction needs stronger trust, evidence and compliance controls https://cdn.ttgtmedia.com/rms/onlineimages/check_g530502390.jpg https://www.techtarget.com/searchcontentmanagement/tip/How-do-digital-signatures-work Fri, 24 Apr 2026 10:13:00 GMT <p>With nearly half the respondents in a recent survey of CIOs expressing that they wish AI had "never been invented," at least in part because of the risks it introduces, it's fair to say that the relationship between AI and security professionals is a complicated one.<br><br>The April findings from Logicalis are emblematic of a cybersecurity environment in which, on one hand, organizations are racing to embrace AI innovation and, on the other, security teams struggle to manage a swiftly <a href="https://www.techtarget.com/searchsecurity/tip/How-to-implement-an-attack-surface-management-program">expanding attack surface</a>. With more than a quarter of CIOs identifying AI as a significant source for risk, securing the technology has become a top priority. This new focus in an already punishing threat landscape is straining enterprise teams as they rush to address an increased volume of breaches, employee misuse of AI and a host of new vulnerabilities.</p> <p>"AI is a powerful force in cybersecurity, but without the right skills and governance, it can create more vulnerabilities than protection," said Bob Bailkoski, Logicalis Group CEO, in a press release. "CIOs have the challenging task of defending their organizations against AI-driven threats, but also from the risks posed by the very AI tools meant to safeguard them."<br><br>Our latest news round-up is a reminder that AI, in its present state, is both a critical tool and a growing threat.</p> <section class="section main-article-chapter" data-menu-title="Big banks seek to ease security worries as AI push accelerates"> <h2 class="section-title"><i class="icon" data-icon="1"></i><b>Big banks seek to ease security worries as AI push accelerates</b></h2> <p>Major banks are accelerating their AI investments, but the emergence of frontier AI models is raising cybersecurity concerns. During Q1 2026 earnings calls, executives from JPMorgan Chase, Morgan Stanley, Goldman Sachs and BNY highlighted AI's transformative potential while addressing new risks. Anthropic's Claude Mythos Preview frontier model has already uncovered thousands of critical flaws in major browsers and operating systems. Data security, privacy and <a href="https://www.techtarget.com/searchsecurity/tip/Cybersecurity-risk-management-Best-practices-and-frameworks">risk management</a> remain top priorities for banking executives, with 80% incorporating cybersecurity into their AI budgets, according to KPMG's AI Quarterly Pulse Survey.</p> <p><em><a href="https://www.cybersecuritydive.com/news/big-banks-security-worries-ai-push-accelerates/818080/" target="_blank" rel="noopener">Read the full article by Makenzie Holland on Cybersecurity Dive</a>.</em></p> </section> <section class="section main-article-chapter" data-menu-title="Every old vulnerability is now an AI vulnerability"> <h2 class="section-title"><i class="icon" data-icon="1"></i><b>Every old vulnerability is now an AI vulnerability</b></h2> <p>The recently patched CVE-2026-26144 marks a shift in vulnerability exploitation, allowing AI agents to amplify the damage of existing flaws. The <a href="https://www.techtarget.com/searchsecurity/definition/cross-site-scripting">XSS vulnerability</a> in Excel exploits Copilot Agent mode and, unlike typical XSS attacks, permits attackers to embed malicious payloads in Excel files, triggering data exfiltration to attacker-controlled endpoints without user interaction or visual prompts. Traditional classifications like XSS or <a href="https://www.techtarget.com/searchsoftwarequality/definition/SQL-injection">SQL injection</a> no longer define the impact; instead, the AI agent's permissions and capabilities determine the scope of damage.</p> <p><em><a href="https://www.darkreading.com/vulnerabilities-threats/every-old-vulnerability-ai-vulnerability" target="_blank" rel="noopener">Read the full article by Nik Kale on Dark Reading</a>.</em></p> </section> <section class="section main-article-chapter" data-menu-title="CIOs fret over rising concerns amid AI adoption"> <h2 class="section-title"><i class="icon" data-icon="1"></i><b>CIOs fret over rising concerns amid AI adoption</b></h2> <p>A <a target="_blank" href="https://www.logicalis.com/insight/securing-ai-becomes-top-priority" rel="noopener">Logicalis report</a> reveals that securing AI has become a top priority for CIOs, with many identifying AI as a significant risk comparable to malware and ransomware. New concerns straining security teams include employee misuse of AI, limited governance, shadow AI, app sprawl and insufficient oversight. More than one-third of organizations report reduced <a href="https://www.techtarget.com/searchsecurity/tip/How-to-prevent-a-data-breach-10-best-practices-and-tactics">breach detection</a> capabilities and slower incident response times.</p> <p><em><a href="https://www.cybersecuritydive.com/news/AI-security-concerns-CIO-logicalis/817705/" target="_blank" rel="noopener">Read the full article by Scarlett Evans on Cybersecurity Dive</a>.</em></p> <p><b>Editor's note:</b> <i>An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.</i></p> <p><i>Richard Livingston is an editor with Informa TechTarget’s SearchSecurity site, covering cybersecurity news, trends and analysis.</i></p> </section> Check out the latest security news from TechTarget SearchSecurity's sister sites, Cybersecurity Dive and Dark Reading. https://cdn.ttgtmedia.com/rms/onlineimages/ai_g1183318665.jpg https://www.techtarget.com/searchsecurity/news/366641985/News-brief-AI-woes-continue-for-security-leaders Fri, 24 Apr 2026 08:00:00 GMT <p>For decades, cybercriminals have impersonated targets' trusted contacts to convince them to send funds, credentials or sensitive data. Thanks to deepfake and voice cloning technology, however, security awareness training -- the usual countermeasure to social engineering attacks -- is arguably no longer enough.</p> <p>Traditional security awareness training relies on pattern recognition: Does this email look suspicious? Does that link seem off? But <a href="https://www.techtarget.com/searchsecurity/tip/Real-world-AI-voice-cloning-attack-A-red-teaming-case-study">highly convincing deepfake audio</a> and video attacks mean users can no longer rely on instinct or context cues to determine if a message is legitimate.</p> <p>"Recognition-based training breaks down when an employee believes they're talking to an executive with an urgent request," said Diana Rothfuss, director of global strategy for risk, fraud and compliance solutions at data and AI software provider SAS. "To defend against this type of threat, organizations have to get their employees to go beyond 'does this look right?'"</p> <p>The vast majority of fraud professionals -- 77% -- say <a href="https://www.techtarget.com/searchsecurity/tip/Prepare-for-deepfake-phishing-attacks-in-the-enterprise">deepfake attacks are increasing</a>, according to the <a target="_blank" href="https://www.sas.com/en_us/news/press-releases/2026/march/acfe-anti-fraud-technology-study-deepfakes.html" rel="noopener">2026 Anti-Fraud Technology Benchmarking Report</a>, co-published by SAS and the Association of Certified Fraud Examiners (ACFE). Just 7% described their organizations as more than moderately prepared to detect or prevent deepfakes. As a result, some security experts are calling on organizations to implement and normalize proof-based systems, processes and policies to verify that people are who they say they are and short-circuit deepfake attacks.</p> <section class="section main-article-chapter" data-menu-title="Prove it: Separating authority from authentication"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Prove it: Separating authority from authentication</h2> <p>The core principle of a proof-based approach is that no single interaction, whether voice, video or text, can authorize a sensitive action on its own -- what SAS' Rothfuss described as "separating authority from authentication." That sounds straightforward but runs against how most employees are wired to respond to executive requests.</p> <p>Consider, for example, a 2024 incident in which <a target="_blank" href="https://www.cfodive.com/news/scammers-siphon-25m-engineering-firm-arup-deepfake-cfo-ai/716501/" rel="noopener">threat actors used deepfake technology</a> to steal $25 million from global engineering firm Arup. A finance employee, believing he was on a video conference with senior executives, wired the money at the attackers' request.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> To defend against this type of threat, organizations have to get their employees to go beyond 'does this look right?' </figure> <figcaption> <strong>Diana Rothfuss</strong>Director of global strategy for risk, fraud and compliance solutions, SAS </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>While such highly sophisticated deepfake video attacks are still relatively rare, audio cloning is a light lift for cybercriminals. Experts say such incidents present a clear mandate for finance and IT teams to formalize processes for verifying wire transfer requests, rather than handling them on an ad hoc basis.</p> <p>"Proof-based verification policies should not be that hard; frankly, they should already exist," said Ira Winkler, field CISO at cybersecurity company Aisle. "There should now be operational procedures in place, such as email verification of a financial transfer before transferring the money, even with 'visual' instruction."</p> <p>Equally important, Winkler added, staff must be trained on such policies and understand that there are no exceptions -- even if they receive verbal instructions from a senior executive over the phone or on Zoom. "This is not just for deepfakes, but for fraud protections in general," he said.</p> <p>Specific authentication controls that do not depend on a human user's recognition of a voice or face include the following:</p> <h3><b>Out-of-band, two-factor verification</b></h3> <p>Before fulfilling sensitive requests -- e.g., fund transfers, credential resets and privileged access changes -- users require confirmation through two separate, pre-approved channels, such as an internal authentication app and a team messaging platform. Because of the rising prevalence of deepfakes and voice cloning, video calls, phone calls and voicemails do not satisfy this requirement.</p> <h3><b>"How I will contact you" protocols</b></h3> <p>Executives and IT leadership establish in advance specific channels they will use for sensitive requests. Any request arriving outside those channels triggers a mandatory hold and verification through a separate, trusted path.</p> <p>"Employees can no longer rely on instinct to determine whether a message is legitimate," said T. Frank Downs, senior director of proactive services at BlueVoyant, a cybersecurity services provider based in New York. "We need to reinforce the idea that identity is confirmed through process and verification steps."</p> <h3><b>Pre-established verification phrases</b></h3> <p>Known only to authorized parties, these phrases confirm identity in high-stakes communications without relying on voice or video recognition.</p> <h3><b>Designated approvers</b></h3> <p>No single employee can authorize a high-risk transaction. A named secondary approver must confirm before funds move or access is granted.</p> </section> <section class="section main-article-chapter" data-menu-title="The hard part: Executing consistently and under pressure"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The hard part: Executing consistently and under pressure</h2> <p>Policy design is the easier part of proof-based verification. Consistent execution under real conditions is where most programs fall short. Experts suggested the following best practices to improve governance and human follow-through:</p> <h3><b>Treat verification as a safety rail, not a judgment call</b></h3> <p>Deepfake video- and audio-based attacks, <a href="https://www.techtarget.com/searchsecurity/tip/CISOs-guide-How-to-prevent-business-email-compromise">like traditional business email compromise</a>, are designed to generate urgency at precisely the moment verification matters most.</p> <p>"Verification isn't optional," Rothfuss said. "That means instituting proof-based controls that operate as non-negotiable safety rails, not something discretionary that employees can skip when they're feeling pressured or rushed. As with other less sophisticated scams, pressure and urgency is precisely the point."</p> <h3><b>Get executives on record before an incident occurs</b></h3> <p>Staff will not push back on out-of-channel requests unless leadership has made clear in advance that doing so is expected and part of the <a href="https://www.techtarget.com/searchsecurity/tip/5-tips-for-building-a-cybersecurity-culture-at-your-company">organization's cybersecurity culture</a>.</p> <p>"That requires defining the rules well in advance, so executives understand and encourage pushback, and employees don't feel forced to improvise under duress," Rothfuss said.</p> <h3><b>Reinforce continuously, not just once</b></h3> <p>Staff who understand how verification controls protect the organization are more likely to adopt them, but that understanding does not make the behavior automatic.</p> <p>"Under pressure, people tend to fall back into old habits, which is exactly when verification is most important," Downs said. That makes <a href="https://www.techtarget.com/searchsecurity/tip/Cybersecurity-employee-training-How-to-build-a-solid-plan">continuous training</a> and reinforcement a must.</p> <h3><b>Build a culture in which slowing down is the norm</b></h3> <p>Adoption ultimately depends on employees feeling confident that if they pause to verify requests, leaders will reward rather than penalize them for doing so.</p> <p>"Organizations need to normalize 'see something, say something' behavior and make verification frictionless," said Mika Aalto, co-founder and CEO at Hoxhunt, a Helsinki-based human risk management vendor. "The real challenge is cultural: giving employees confidence that slowing down to verify is expected, supported and reinforced through human risk management practices."</p> <p><i>Sean Michael Kerner is an IT consultant, technology enthusiast and tinkerer. He has pulled Token Ring, configured NetWare and been known to compile his own Linux kernel. He consults with industry and media organizations on technology issues.</i></p> </section> Deepfakes are reshaping social engineering attacks, and traditional security awareness training is falling short. Some experts say it's time for proof-based verification policies. https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/Hacker-stereotype-hoodie-code-adobe-hero.jpg https://www.techtarget.com/searchsecurity/feature/Deepfake-era-demands-proof-based-security-not-just-awareness Thu, 23 Apr 2026 21:23:00 GMT <p>"SOAR is dead," a cybersecurity vendor recently proclaimed on its website. But the evolution of <a href="https://www.techtarget.com/searchsecurity/definition/SOAR">security orchestration, automation and response</a> suggests that the supposed death is more about semantics than obsolescence.</p> <p>While some companies experienced success with SOAR technology, many organizations struggled to implement it. Those difficulties harmed SOAR's reputation. In fact, many analysts and vendors now shy away from the term, even though core SOAR functionality -- collecting, coordinating and responding to threat data -- remains vital to security operations.</p> <p>SOAR vendors have rebranded. Companies once considered SOAR providers now describe their offerings as <i>AI SOC</i>, <i>agentic AI</i>, <i>workflow automation</i> or <i>intelligent workflows</i>.</p> <p>"[SOAR] was a little bit of a made-up term," said Thomas Kinsella, co-founder of Tines, a security vendor that is often included in lists of SOAR providers. The company, however, has never identified as such, referring to its primary offering as an <i>AI orchestration platform</i>.</p> <section class="section main-article-chapter" data-menu-title="What is SOAR?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is SOAR?</h2> <p>Gartner coined the term SOAR about 10 years ago to describe a stack of security tools that collects data about detected threats and responds automatically or with minimal human assistance. It was touted as a way to maximize the productivity of security teams.</p> <p>SOAR includes the following three components, which create a deterministic system for identifying and responding to security events:</p> <ul type="disc" class="default-list"> <li><b>Orchestration</b>. The process of getting all necessary security tools, such as endpoint protection, SIEM platforms and firewalls, working together and integrated with a central SOAR application. This is done through custom or built-in integrations.</li> <li><b>Automation. </b>Occurs in response to data signals coming from security orchestration. When a potential threat is detected, SOAR sends an alert and can automatically respond based on predetermined criteria.</li> <li><b>Response.</b> Refers to the actions taken by the SOAR application once it identifies a potential threat, either acting on its own or sending an alert to a human operator. Security teams can see response activity on a dashboard.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="What happened to SOAR?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What happened to SOAR?</h2> <p>The concept of SOAR was compelling to enterprise cybersecurity leaders. Security talent was scarce, and the idea of <a href="https://www.techtarget.com/searchsecurity/tip/Top-6-SOAR-uses-cases-to-implement-in-enterprise-SOCs">reducing stress on security teams through automation</a> was and still is a big selling point. At one point, at least 20 vendors provided standalone SOAR products. Larger security vendors took notice and acquired SOAR providers; most rolled the functionality into broader security platforms to fill gaps in their own offerings.</p> <p>Implementation and maintenance presented challenges, however. As yet another standalone product in the security stack, SOAR vendors had an uphill battle to show that the implementation effort would be worth it.</p> <p>"Organizations struggled to implement SOAR for a number of reasons," said Kevin Schmidt, senior director analyst at Gartner. "You had to write code or scripts or use some sort of an interface to build executable blocks that you would link together."</p> <p>The better an organization understood and maintained its workflows, security playbooks and technology stack, the easier it could <a href="https://www.techtarget.com/searchsecurity/tip/Streamline-SecOps-with-SOAR-workflows-and-playbooks">implement and maintain SOAR</a>. According to Schmidt, the necessary integrations posed short- and long-term maintenance challenges that became harder when people with knowledge of them left the organization. "[With] the nature of [SOAR] being code, at the end of the day, it is sometimes very brittle," he said.</p> <p>To use legacy SOAR technology effectively, added Cody Cornell, CEO and founder of security automation vendor Swimlane, a SecOps team needed experience in incident response, security operations, threat intelligence and the <a href="https://www.techtarget.com/searchsecurity/definition/MITRE-ATTCK-framework">MITRE ATT&amp;CK framework</a>. "Finding someone that was good at [all] that was hard," he said.</p> <p>Teams also had to understand how to codify security domain knowledge into logic and rules -- something Cornell said too few people could do.</p> <p>Then, around 2020, new low-code/no-code SOAR products renewed interest in the technology.</p> <p>"A lot of people jumped on the bandwagon because the demos were great," says Matt Rodriguez, director of service delivery at cybersecurity consultancy Phoenix Cyber. "[They showed] what this platform could do, with just a little bit of simple configuration, for your environment."</p> <p>More sophisticated security programs -- those with a good handle on their workflows and process engineering -- often have positive experiences with low-code/no-code SOAR adoption, said Nelson Conard, director of cybersecurity solutions at Phoenix Cyber. "For those who struggle, they've just not reached that level of maturity, they're too ad hoc," he added. "So, how you remove the human out of the loop becomes more of a challenge."</p> <p>As SecOps teams navigated these <a href="https://www.techtarget.com/searchsecurity/feature/Top-benefits-of-SOAR-tools-plus-potential-pitfalls-to-consider">benefits and challenges</a>, SOAR earned a bit of a reputation in the field.</p> <p>"Everything is easier in the demo," Rodriguez said. "Even though low-code/no-code solutions make it easier to build playbooks and workflows, there are complications. The issue at times is that the client doesn't understand their world close enough for it to be automated."</p> </section> <section class="section main-article-chapter" data-menu-title="What AI means for SOAR"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What AI means for SOAR</h2> <p>Today, AI agents capable of building and maintaining automation pipelines that previously required significant human expertise and oversight can further simplify SOAR implementation and bring more flexibility and adaptability to SOAR environments. For example, an <a href="https://www.techtarget.com/searchsecurity/tip/What-agentic-AI-means-for-cybersecurity">organization could theoretically build agents</a> that reflect its particular risk tolerance or security preferences.</p> <p>The SOAR/AI combination has another benefit: no AI black box. Every action by a user -- whether human or agentic -- should be visible through the SOAR dashboard.</p> <p>A caveat is that AI use is not cheap, and future pricing is uncertain. Organizations must therefore be careful about when and where they use AI agents within their SOAR environments, Kinsella warned, meaning SOAR's deterministic workflows remain a critical part of <a href="https://www.techtarget.com/searchitoperations/definition/security-automation">security automation</a>.</p> <p>"If you've got a security alert and you know the playbook it should follow, there's no reason it should be an AI agent [responding]," Kinsella said. "You should be relying on a deterministic outcome for something that you know is deterministic." He recommended using AI agents on probabilistic outcomes, such as summarizing alerts or evaluating alerts with uncertain severity.</p> <p>Relying on SOAR's underlying automation system will help mitigate AI costs, Cornell agreed. "The cost to do automation is much cheaper than AI tokens," he said. "The beauty of the combination is that leveraging AI to build automation pipelines is a much more predictable, reliable, trustworthy and cost-effective way to do security ops."</p> <p>The decision to supplement or replace SOAR with AI tools should ultimately come down to ROI, suggested Rodriguez. "[With a] fivefold return on investment for [our] clients who are very successful [with SOAR], AI doesn't seem as appealing because it's an unknown cost at the moment," he said. "We know what the real cost is to run automations with APIs and code within cloud infrastructure, and it's less than pennies on the dollar."</p> <p>Conard said SOAR users soon will need to re-evaluate the costs and benefits of AI. "[AI] is a little analogous to the cloud challenges we saw when it first came out," he said. "Everybody was rushing to get to the cloud. Everybody's rushing to have some piece of AI. Once we started getting out into those data centers, we really saw what the cost was."</p> </section> <section class="section main-article-chapter" data-menu-title="What's next for SOAR?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What's next for SOAR?</h2> <p>While SOAR was once a product that was best suited to large enterprises with plentiful resources, disparate systems and mature security programs, it is increasingly accessible. "Now it has evolved [so] that it is obtainable to the middle market and smaller players, and is even being leveraged by MSPs," Conard said.</p> <p>With that in mind, organizations successfully using traditional SOAR are unlikely to abandon it, according to Gartner's Schmidt. "You don't throw out your tool that is working just to go after the new splashy, shiny AI stuff."</p> <p>Instead, organizations that continue to use SOAR might supplement it with AI. For example, experts suggested, AI could support tasks related to change management, audit trails, fail-safes and rollbacks in the SOC.</p> <p>"Look for ways you can plug in a call to a large language model to help with some aspect that you can't do within the playbook or to help verify some texts you're getting from a database," Schmidt said. "Over time, SOAR is going to morph into the agentic software, AI SOC."</p> <p><i>Michael Nadeau is an award-winning journalist and editor who covers IT and energy tech. He has held senior positions at CSO Online, BYTE magazine, SAP Experts/SAP Insider and 80 Micro. Nadeau also writes the PowerTown blog on Substack for stakeholders in local renewable energy initiatives. Follow him on Bluesky at @mnadeau.bsky.social.</i></p> <p>&nbsp;</p> </section> Orchestration and automation capabilities remain critical elements in effective cyber defense. Just don't expect to hear much about SOAR anymore. https://cdn.ttgtmedia.com/rms/onlineimages/security_a254815015.jpg https://www.techtarget.com/searchsecurity/feature/Is-SOAR-dead-or-alive-Sort-of Thu, 23 Apr 2026 17:47:00 GMT <p>The French government in early 2026 announced that its 2.5 million civil servants will ditch Zoom, Microsoft Teams and other video-conferencing platforms from U.S. software makers and instead will use tech developed by its own Interministerial Directorate for Digital Affairs.</p> <p>The move helps France to <i>"mettre fin à l'utilisation de solutions extra-européennes"</i> -- or "end the use of non-European solutions" -- according to the government's official announcement.</p> <p>This headline-making news is only the latest example of how the concept of digital sovereignty is changing how both public and private organizations decide what technology to use and how they architect their tech stacks.</p> <p>Organizations of all kinds around the globe need to take note: "These digital sovereignty requirements are affecting companies now or will in the future," said cybersecurity expert Allie Mellen, author of <i>Code War: How Nations Hack, Spy, and Shape the Digital Battlefield</i> and analyst at Forrester.</p> <section class="section main-article-chapter" data-menu-title="Digital sovereignty is on the rise"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Digital sovereignty is on the rise</h2> <p>Governments around the world are implementing laws and regulations promoting digital sovereignty, a movement that has been bubbling up for a decade.</p> <p>The idea of digital sovereignty stemmed in part from <a href="https://www.techtarget.com/searchsecurity/tip/State-of-data-privacy-laws">data privacy regulations</a> and, more specifically, the EU's <a href="https://www.techtarget.com/whatis/definition/General-Data-Protection-Regulation-GDPR">GDPR</a>, which dictates how EU citizens' data must be treated by businesses and other entities, regardless of where those organizations are headquartered or operate.</p> <p>Such regulations gave rise to <a href="https://www.techtarget.com/whatis/definition/data-sovereignty">data sovereignty</a>, the concept that information generated, processed, converted and stored in digital form is subject to the laws of the country in which it was created.</p> <p>Digital sovereignty moves the needle further. It goes beyond regulating data to regulating the digital infrastructure, innovation and investments purchased, made and used by organizations within a country or government jurisdiction. The model is designed to ensure some or all of those technology sectors are locally sourced and operated.</p> </section> <section class="section main-article-chapter" data-menu-title="Drivers of digital sovereignty"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Drivers of digital sovereignty</h2> <p>Governments are pushing for digital sovereignty to ensure organizations within their borders are resilient and not vulnerable to actions taken by foreign governments that could limit access to or raise the cost of computer components or services, experts said.</p> <p>"It's about being independent from foreign government jurisdictions and influences on your IT stack. That's it in a nutshell. It's about the IT stack being free from foreign jurisdictions, influences and decisions," said Dario Maisto, an analyst with Forrester.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> It's about being independent from foreign government jurisdictions and influences on your IT stack. </figure> <figcaption> <strong>Dario Maisto, analyst, Forrester</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Governments also believe enabling digital sovereignty will help cushion organizations within their jurisdictions against events such as wars and pandemics that disrupt global supply chains, experts said. Governments have seen how companies in recent years scrambled to find new service providers after economic sanctions, war and other political actions shut off existing offshore vendors -- a situation that some digital sovereignty laws aim to prevent in the future.</p> <p>"We're hearing about digital sovereignty being about continuity and availability of services. As the geopolitical environment gets hotter, there is a growing awareness that events have knock-on effects, and there are cases where it's reasonable for governments to think about digital dependencies," said Alexander Botting, senior director of global security and technology strategy at law firm Venable LLP.</p> <p>Economic considerations drive some digital sovereignty laws as well. "There are some cases that are about straight protectionism," Botting added.</p> <p>Some governments are championing digital sovereignty as a way to boost their own economies, as well as to foster technology and AI innovations, thereby ensuring they don't become overly dependent on other countries' tech sectors.</p> </section> <section class="section main-article-chapter" data-menu-title="Digital sovereignty laws reshape tech stack decisions, cloud deployments and vendor selection"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Digital sovereignty laws reshape tech stack decisions, cloud deployments and vendor selection</h2> <p>The number of digital sovereignty laws is increasing, as is the number of countries implementing them, experts said.</p> <p>The U.S., EU, Australia, India, China and Russia all have laws promoting some level of digital sovereignty. These laws vary widely in what they govern, so the impacts they can have on organizations, their tech decisions and their operations vary significantly, too. Considered collectively, the laws impact nearly every part of an organization's digital environment, from the providers it uses to the hardware it buys and where it stores its data.</p> <p>"They really take data sovereignty to the next level to incorporate things like digital and tech operations. They can impact who is able to operate, administer and maintain the systems where the data resides, where the tools you're using have been created and what you use in your tech stack," Mellen explained. "It requires a lot of architectural decisions, especially if you're a multinational, in terms of how you create and service the products you're selling, but also the way you're operating the products and services you're acquiring. You might need hybrid or multi-cloud deployments, and it might change which vendors you will allow to do [what work] because they can't be used in certain regions."</p> <p>Some laws make it harder or illegal to <a href="https://www.techtarget.com/searchsecurity/tip/8-secure-file-transfer-services-for-the-enterprise">transfer data</a> across national borders, experts noted. And some laws affect which cloud service providers organizations can use and where the CSPs' data centers must be located. They're also influencing which SaaS vendors, outsourced providers and hardware makers companies hire.</p> <p>"Global companies now are going to have to be thinking about all this," said Sushila Nair, an independent information security consultant and president of the Greater Washington, D.C., chapter of ISACA.</p> <p>Nair said CIOs, CISOs, chief risk officers, chief compliance officers and corporate counsel typically lead the efforts to comply with digital sovereignty requirements.</p> </section> <section class="section main-article-chapter" data-menu-title="Preparing for digital sovereignty"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Preparing for digital sovereignty</h2> <p>Organizations are already adjusting their technology operations and IT strategies to meet existing laws and in anticipation of more to come, Forrester's Maisto said.</p> <p>He noted that some organizations -- such as defense companies, those in highly regulated sectors and government/public sector entities -- fall under more of these digital sovereignty laws than other commercial enterprises. But he warned that more organizations across more sectors will face such requirements in the future.</p> <p>To comply with this evolving regulatory environment, Maisto said Forrester advises tech leaders to aim for minimum viable sovereignty. Maisto <a href="https://www.forrester.com/blogs/minimum-viable-sovereignty-a-smarter-path-for-tech-leaders/" target="_blank" rel="noopener">wrote</a> in a 2025 post that minimum viable sovereignty is "a pragmatic, risk-based approach that balances legal requirements, budget and business needs."</p> <p>He said this approach recognizes that there is no single standard that defines digital sovereignty and that some technologies "you can't even have as sovereign" because few or no vendors make alternatives to the leading makers.</p> <p>The approach promotes building "workloads that are portable, containerized using Kubernetes," so they can be moved from one CSP to another or even to on-premises environments.</p> <p>Maisto said he also advises organizations to consider digital sovereignty as they evaluate their supply chain and operational risks, noting that it's critical for tech leaders to identify dependencies <a href="https://www.techtarget.com/searchsecurity/tip/API-discovery-best-practices-for-complete-visibility">such as APIs</a>. Furthermore, he advises tech leaders to consider how data sovereignty impacts six domains across the digital chain: data, which sits on infrastructure, that flows through networks, is leveraged by software, is used by AI, and is managed by people.</p> <p>He noted that organizations generally can't achieve equal sovereignty across all six domains. "But there are certainly areas where there is objective sovereignty you can achieve," he said, adding that moving to even minimum viable sovereignty is a multiyear journey.</p> <p><i>Mary K. Pratt is an award-winning freelance journalist with a focus on covering enterprise IT and cybersecurity management.</i></p> </section> Digital sovereignty is reshaping global IT strategies and governments are prioritizing local tech to reduce foreign dependencies. Find out what this means for your organization. https://cdn.ttgtmedia.com/rms/onlineimages/map_globe_g1254837834.jpg https://www.techtarget.com/searchsecurity/feature/The-push-for-digital-sovereignty-What-CISOs-need-to-know Thu, 23 Apr 2026 08:00:00 GMT <p>Security decision-makers face a multipronged challenge when it comes to protecting their organizations' systems and sensitive data.</p> <p>First, the organization's employees pose the greatest cybersecurity risks. Beyond malicious <a href="https://www.techtarget.com/searchsecurity/tip/Insider-threat-hunting-best-practices-and-tools">insider threats</a>, security teams face a host of challenges from phishing attempts, <a href="https://www.techtarget.com/searchsecurity/tip/How-to-avoid-and-prevent-social-engineering-attacks">social engineering</a>, <a href="https://www.techtarget.com/searchsecurity/tip/How-to-detect-deepfakes-manually-and-using-AI">deepfakes</a> and human error.</p> <p>Then, there is the inconvenient truth that <a href="https://www.techtarget.com/searchsecurity/definition/security-awareness-training">traditional security training</a> simply does not work. For decades, employees have grudgingly taken mandatory annual security programs while the number of breaches continues to spiral out of control. There is a data problem, too. Nontechnical leaders point to completion rates for security awareness training success and assume the perimeter is secure. Security professionals, however, know better and struggle to attach any meaningful outcomes to employee training.</p> <p>Forrester Research has <a target="_blank" href="https://www.forrester.com/report/five-steps-to-better-human-risk-management-metrics/RES187030" rel="noopener">proposed</a> an alternative to traditional security awareness that can improve security culture while truly demonstrating a stronger cybersecurity posture: human risk management.</p> <section class="section main-article-chapter" data-menu-title="What is human risk management?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is human risk management?</h2> <p>According to Forrester, human risk management is a <a href="https://www.forrester.com/blogs/the-future-is-now-introducing-human-risk-management/" target="_blank" rel="noopener">set of bespoke activities</a> to manage and reduce the cybersecurity risks posed by the people that security teams strive to protect in an organization. Activities include the following:</p> <ul class="default-list"> <li>Detecting and measuring security behaviors that could lead to vulnerabilities.</li> <li>Initiating targeted policy and training interventions based on identified risks and potential threats.</li> <li>Educating and enabling the workforce to protect themselves and their organizations against cyberattacks.</li> <li>Creating an <a href="https://www.techtarget.com/searchsecurity/tip/5-tips-for-building-a-cybersecurity-culture-at-your-company">organizational culture that prioritizes security</a> and encourages proactive risk management.</li> </ul> <p>While these elements might bear a passing resemblance to traditional security awareness training programs, they represent a broader, data-driven approach that addresses human vulnerabilities in cybersecurity. Human risk management requires security teams to move beyond a cadence of scheduled security trainings that might or might not apply to users and instead embrace interventions based on the risky security behaviors arising from how people actually work.</p> <p>"Human risk management is not security awareness training 2.0," explained Jinan Budge, vice president and research director at Forrester. "It is quite a significant shift in mindset, in strategy and, most importantly, in technology."</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Human risk management is not security awareness training 2.0. It is quite a significant shift in mindset, in strategy and, most importantly, in technology. </figure> <figcaption> <strong>Jinan Budge, vice president and research director, Forrester Research</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> </section> <section class="section main-article-chapter" data-menu-title="A punishing threat landscape"> <h2 class="section-title"><i class="icon" data-icon="1"></i>A punishing threat landscape</h2> <p>In its 2025 annual report, the FBI Internet Crime Complaint Center <a href="https://www.ic3.gov/AnnualReport/Reports/2025_IC3Report.pdf" target="_blank" rel="noopener">reported</a> a sharp upward trend in cybercrime, with financial losses estimated at $20.877 billion, a 397% increase from five years earlier. Human-enabled activities accounted for a significant portion of losses, with business email compromise, <a href="https://www.techtarget.com/searchsecurity/tip/Top-3-ransomware-attack-vectors-and-how-to-avoid-them">ransomware</a>, spoofing and phishing cumulatively costing companies about $3.3 billion.</p> <p>When hacking attempts targeting humans were limited in scope and relatively easy to spot, traditional security training was sufficient for most businesses to remain relatively secure. The number of threat actors has ballooned, however, and their methods have grown <a href="https://www.techtarget.com/searchsecurity/tip/Generative-AI-is-making-phishing-attacks-more-dangerous">vastly more sophisticated</a>. Old-school security awareness is no longer sufficient.</p> <p>Budge contended that too many organizations still rely on outdated indicators to determine whether they are secure. "The purpose stated for security training, this thing that we've been doing for decades, has been to make people aware, which isn't a proper purpose," she said. "If we're standing there telling our boss or executives that completing security training protects us from risk, it does not. Behavior change protects us from human-related breaches, not [security training] completion. Completion is almost irrelevant."</p> </section> <section class="section main-article-chapter" data-menu-title="Better data to reduce human risk"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Better data to reduce human risk</h2> <p>The human risk management approach replaces or augments mandatory checkbox training sessions with proactive interventions that address an employee's risky behaviors. The security interventions are intended to be helpful rather than punitive. By harnessing the rich data streams available to security operations, CISOs can identify which actions create vulnerabilities and address them in near-real time.</p> <p>"Human risk management allows organizations to measure the risk of an individual or team based on that risk, to train them, to nudge them, to adjust the policies based on their actual behavior," Budge said. "So, rather than training you on all the things all of the time, your training becomes very specific to the risk that you actually pose to the organization, which, in turn, is based on your behavior. Do you use strong passwords? Do you email highly classified information? Are you a senior person with access to lots of information? Do you use VPN?"</p> <p>Using such a targeted approach helps employees understand what they're doing wrong, learn how to do it right and why it matters.</p> </section> <section class="section main-article-chapter" data-menu-title="5 steps to identify and operationalize human risk management metrics"> <h2 class="section-title"><i class="icon" data-icon="1"></i>5 steps to identify and operationalize human risk management metrics</h2> <p>Human risk management programs can truly change employee behavior. Selling the C-suite on a new approach, however, is a challenge CISOs must contend with first.</p> <p>Forrester recommends the following five steps to develop meaningful and actionable human risk management metrics that the board will understand and approve.</p> <h3>Step 1. Define goals that align to three metric types</h3> <p>Human risk management metrics start with clearly defined objectives that map to the broader goals of the security program. Teams align metrics to goals such as risk avoidance, more complete training, reduced security friction and higher detection quality. Priorities will vary based on the organization's structure, resourcing model and security maturity. To ensure metrics are meaningful and consumable, segment them into three types:</p> <ol class="default-list"> <li><b>Strategic metrics</b> inform executive leadership and the board, focusing on business risk and program impact.</li> <li><b>Operational metrics</b> support the CISO and security leadership in managing program performance.</li> <li><b>Tactical metrics</b> guide day-to-day activities within the security team.</li> </ol> <p>The three types of metrics are interconnected. Tactical data feeds operational insights, which roll up into strategic reporting. This hierarchy enables security leaders to translate granular activities into business-relevant outcomes and, conversely, trace executive-level metrics back to underlying drivers.</p> <h3>Step 2. Prioritize pragmatic, useful metrics</h3> <p>Once goals are defined, prioritize the relevant metrics that drive action. Metrics should provide clear evidence of change, particularly in user behavior, so teams can determine whether interventions such as training or policy updates are effective. Avoid tracking data points that lack context or fail to inform decision-making. Metrics that are disconnected from outcomes can introduce noise, be misinterpreted or incentivize counterproductive behavior. Retire or refine metrics that no longer add value.</p> <h3>Step 3. Implement data collection mechanisms</h3> <p>Reliable human risk management metrics depend on consistent and scalable data collection. Many organizations use dedicated platforms that integrate with existing security controls -- i.e., endpoint detection and response, data loss prevention, and identity and access management systems -- to capture behavioral signals. <a href="https://www.techtarget.com/searchsecurity/tip/Top-10-UEBA-enterprise-use-cases">Insights gleaned</a> include user activity, behavioral trends, identity attributes and data handling patterns.</p> <h3>Step 4. Report and communicate insights</h3> <p>Customize <a href="https://www.techtarget.com/searchsecurity/tip/CISOs-guide-to-creating-a-cybersecurity-board-report">reporting</a> for the intended audience at each level of the organization:</p> <ul class="default-list"> <li><b>Executives and board members</b> require strategic metrics that highlight business impact, risk exposure and progress in mitigation efforts.</li> <li><b>Security leadership</b> benefits from operational views that reveal program performance and opportunities for optimization.</li> <li><b>Practitioners</b> need tactical metrics to guide activities and execution.</li> </ul> <p>Context is critical. Pair metrics with visualizations and narrative to clarify trends, highlight causality and support decision-making.</p> <h3>Step 5. Establish baselines and targets</h3> <p>Once data collection is in place, define baselines that reflect the organization's current state. This data is the foundation for setting realistic, incremental improvement targets tied to security activities -- such as reducing specific behaviors or improving adoption of security controls. Over time, improvements contribute to broader indicators, such as overall human risk scores or security culture maturity.</p> </section> <section class="section main-article-chapter" data-menu-title="An image makeover for security"> <h2 class="section-title"><i class="icon" data-icon="1"></i>An image makeover for security</h2> <p>With cybersecurity threats evolving so swiftly, organizations cannot afford to rely on outdated security awareness programs that fail to address the root causes of human vulnerabilities. Human risk management offers a transformative approach, shifting the focus from mere awareness to actionable behavior change.</p> <p>Budge said she expects human risk management to help CISOs improve security operations. "It solves a productivity and an image problem for security. Sending people this random training has not helped them. Whereas when you get really targeted at the right person at the right time at the right place, that changes the image of security completely."</p> <p><i>Richard Livingston is an editor with Informa TechTarget's SearchSecurity site, covering cybersecurity news, trends and analysis.</i></p> </section> Traditional security training isn't keeping threat actors out. As employee awareness programs fall short, Forrester Research suggests a better approach. https://cdn.ttgtmedia.com/rms/onlineimages/collab_a362306286.jpg https://www.techtarget.com/searchsecurity/tip/Beyond-awareness-Human-risk-management-metrics-for-CISOs Tue, 21 Apr 2026 07:00:00 GMT <p>With attackers able to move at AI speed, defenders can't rely on the techniques and instincts they've come to trust. Even the best of best practices won't meet the threat, said speakers at the recent SecureWorld conference in Boston.</p> <p>An organization that wants to be resilient in the AI age needs to detect and fend off malicious activity as it occurs.</p> <p>"That means putting in place stronger identity controls," said Jack Butler, a senior enterprise solutions engineer at Sumo Logic, a SecOps vendor. "That means putting in place the more robust logging program and correlation engines to detect across all of these in real time and reassess signals of trust. It needs to be reassessed dynamically."</p> <section class="section main-article-chapter" data-menu-title="Identity protection needs to meet the threat"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Identity protection needs to meet the threat</h2> <p>As for what to do about the substantial challenge of managing identities associated with people, machines and AI agents, panelists at SecureWorld emphasized visibility.</p> <p>"Know what is in your environment, and know what it is doing," recommended Chandra Pandey, CEO of Seceon, a security vendor. "If you know what is in your environment with machines, humans and all that -- in real time -- and you know what you're doing, you have done 80% of your work."</p> <p>Reckoning with all that discovery isn't easy, especially with the nearly incalculable numbers of nonhuman identities (NHIs) in use in modern IT environments. <a href="https://www.techtarget.com/searchsecurity/definition/What-is-machine-identity-management">Machine identity management</a> and <a href="https://www.techtarget.com/searchsecurity/tip/CISOs-guide-to-nonhuman-identity-security">NHI security</a> pose a big and growing challenge for security teams.</p> <p>"Make sure that you're really asking yourself: What systems do you have -- human and nonhuman identities -- and what they have access to," Butler said. "Make sure that you are assuming zero trust. You're going to get pwned, and, when you do, they're going to take access."</p> <p>"Start with AI agents," advised Kelsey Brazill, vice president of market strategy at P0 Security, an identity security vendor. "They're new, so there's less baggage there, and it's easier to implement some best practices and standards. And then that sets you up to extend that to all of the NHIs in your system."</p> <p>SOC analysts have seen AI used against them for a while, but defenders haven't shifted their thinking enough to fully confront AI's weaponization, said Patricia Titus, field CISO at security vendor Abnormal AI.</p> <p>"Stop constantly looking for indicators of compromise," Titus recommended. "By the time somebody gets hit and your SOC analysts write a rule and plug it into your systems, it could already be too late for your organization. We have to start thinking a little bit differently and start looking at attributing behavior."</p> <p>With AI's help, threat actors can be deliberate about who they target. This means attackers rely less on classic, spray-and-pray intrusion attempts, Titus said, and can instead use AI to quickly cull through vast amounts of data to craft specific attacks on a particular individual. Those <a href="https://www.techtarget.com/searchsecurity/tip/Generative-AI-is-making-phishing-attacks-more-dangerous">highly targeted tactics</a> tend to be more successful.</p> <p>Fayyaz Rajpari, senior director of GSI at SaaS security vendor AppOmni, said he has seen many compromises in the past year that had nothing to do with humans and instead involved cloud services, SaaS, NHIs, tokens and AI agents. That type of malicious behavior is hard to defend against, he said. "You have to start figuring out how you can leverage AI against these AI-generated attacks and interconnected systems. It's difficult, but that's just the reality."</p> </section> <section class="section main-article-chapter" data-menu-title="Can AI agents be secured?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Can AI agents be secured?</h2> <p>AI agents are good at evading whatever guardrails cybersecurity teams put in place. "Their job is to finish a workload. If they have to go around to the backdoor and beg another agent to give them access, which we've already seen, they will get granted access," Titus said.</p> <p>To respond, teams need to design AI models that will mask data and take other protective measures, said Peter Steyaert, a senior manager of systems engineering at Fortinet. "You're going to have to limit exposure. It's going to have to be an accepted risk level through accepted LLMs, which means you're going to have to build a trusted model. Ensure what you're using internally is trusted."</p> <p>That trust won't develop easily, Steyaert said, and there will need to be a meeting of the minds involving a CISO, CIO, the legal department and others to agree on <a href="https://www.techtarget.com/searchcio/feature/Risk-appetite-vs-risk-tolerance-How-are-they-different">how much risk an organization is willing to accept</a>.</p> <p>When it comes to risks posed by AI agents, visibility isn't enough. Configuration management tools need to be capable of spotting a suspicious agent as soon as it appears, he said, and security teams need to be prepared to act.</p> <p>"It's not just detecting. You have to discover it, monitor in real time, kill it," Pandey said. Aggressive actions might occasionally disrupt an organization's legitimate use of AI agents, Pandey acknowledged, but the resulting productivity hit is insignificant when compared with the damage a threat actor can do by maliciously using an AI agent.</p> <p>Bart Lenaerts, product marketing manager at Infoblox, a networking and security vendor, said security teams have little appetite for adding new tools and incurring additional costs. Lenaerts touted the usefulness of standards, which could enable users to register an AI agent in ways similar to how a server is registered. That control can change the security equation. "You're going to get the visibility. You're going to be able to make decisions on what you're going to shut down. And you know exactly what data sovereignty you can build into it," he said.</p> <p>To an extent, defenders are being pushed to take more risks with their defensive AI agents, said Lewis Foggie, a sales engineer at SecureFlag, a security code training company. He pointed to a <a target="_blank" href="https://www.cybersecuritydive.com/news/threat-groups-record-speeds-ai-attacks/812965/" rel="noopener">recently observed breakout time</a> of just 27 seconds as an example of how breach response has fundamentally changed. "Humans can't respond to that in time," Foggie said. "Our agents will need to have some level of autonomy to conduct rapid containment."</p> <p>Granting that autonomy, of course, means accepting higher levels of risk. "Who knows when that agent is going to go conduct some other operation that could be catastrophic for the business," Foggie added.</p> <p><i>Phil Sweeney is an industry editor and writer focused on cybersecurity topics.</i></p> </section> Cybersecurity professionals at SecureWorld Boston had a lot to say about identity management, AI threats and the challenges they face in achieving real-time visibility. https://cdn.ttgtmedia.com/rms/onlineimages/security_a303570139.jpg https://www.techtarget.com/searchsecurity/feature/Cybersecurity-in-the-age-of-AI-means-bigger-faster-threats Mon, 20 Apr 2026 13:35:00 GMT <p>According to its most ardent proponents, AI is well on its way to creating a new, nirvana-like SOC, in which exposure and threat detection windows are measured in seconds, and human operators are liberated from endless alert triage and chronic overwork.</p> <p>Its fiercest detractors, on the other hand, warn that AI could create an apocalyptic cyber-hellscape in which organizations' ungoverned use of agentic AI exposes their sensitive data, and attackers find and exploit vulnerabilities at machine speed.</p> <p>The truth likely lies somewhere in the murky middle. AI, like any powerful tool, can be a force for good or evil -- and without proper safety oversight, it can create more problems than it solves.</p> <p>Programming at RSAC 2026 reflected this push and pull between AI optimism and concern. In this Reporters' Notebook video, Rob Wright, senior news director at Dark Reading; Eric Geller, senior reporter at Cybersecurity Dive; and Alissa Irei, senior site editor at TechTarget SearchSecurity, discussed what they saw and heard at the conference -- and what the federal government's notable absence might mean for an industry wrestling with questions about AI governance and compliance.</p> <p>Watch the full discussion now, and check out the following related articles, all part of the Informa TechTarget editorial team's extensive <a href="https://www.techtarget.com/searchsecurity/conference/RSA-Conference-news-and-analysis">coverage of the RSAC 2026 Conference</a>.</p> <p>For more on AI in cybersecurity:</p> <ul class="default-list"> <li><a target="_blank" href="https://www.darkreading.com/application-security/ai-coding-tools-endpoint-security" rel="noopener">How AI coding tools crushed the endpoint security fortress</a></li> <li><a href="https://www.techtarget.com/searchsecurity/feature/How-AI-caught-a-malicious-North-Korean-insider-at-Exabeam">How AI caught a malicious North Korean insider at Exabeam</a></li> <li><a target="_blank" href="https://www.techtarget.com/searchsecurity/feature/Agentic-AIs-role-in-amplifying-and-creating-insider-risks" rel="noopener">Agentic AI's role in amplifying and creating insider risks</a></li> <li><a target="_blank" href="https://www.darkreading.com/application-security/cisos-debate-human-role-ai-powered-security" rel="noopener">CISOs debate human role in AI-powered security</a></li> <li><a target="_blank" href="https://www.cybersecuritydive.com/news/ai-cyberattacks-changes-defense-offense-strategies/815716/" rel="noopener">'Do not shift budgets to AI': How businesses should and shouldn't respond to evolving threats</a></li> <li><a target="_blank" href="https://www.cybersecuritydive.com/news/ai-isacs-threat-intelligence-information-sharing-trust/815499/" rel="noopener">ISACs confront AI's promise and peril for threat intelligence-sharing</a></li> <li><a target="_blank" href="https://www.darkreading.com/cybersecurity-operations/ai-soc-go-wrong" rel="noopener">AI in the SOC: What could go wrong?</a></li> </ul> <p>For more on the U.S. federal government's absence from the conference and the CVE program's uncertain future:</p> <ul class="default-list"> <li><a target="_blank" href="https://www.cybersecuritydive.com/news/rsac-conference-cybersecurity-partnerships-us-government-trump/816157/" rel="noopener">'Missed opportunity': US government's absence from RSAC Conference leaves stark void</a></li> <li><a target="_blank" href="https://www.darkreading.com/cyber-risk/rsac-eu-leads-us-officials-sidelined" rel="noopener">At RSAC, the EU leads while US officials are sidelined</a></li> <li><a target="_blank" href="https://www.cybersecuritydive.com/news/cve-program-ai-vulnerability-reports-funding/815594/" rel="noopener">The CVE Program, a bedrock of global cyber defense, is teetering on the brink</a></li> </ul> <transcript> <p><b>Editor's note:</b><i>&nbsp;The following transcript has been lightly edited for length and clarity by Informa TechTarget's internal AI assistant.</i></p> <p><b>Dark Reading's Rob Wright:</b>&nbsp;Hi, I'm Rob Wright with Dark Reading.</p> <p><b>TechTarget SearchSecurity's Alissa Irei:</b>&nbsp;I'm Alissa Irei with SearchSecurity.</p> <p><b>Cybersecurity Dive's Eric Geller:</b>&nbsp;And I'm Eric Geller with Cybersecurity Dive.</p> <p><b>Wright:</b>&nbsp;And we are here to talk about RSAC Conference 2026. Yes, RSAC, which happened last week. You both were there on the ground in San Francisco. I was covering it from afar. I have my own thoughts on this, but wanted to see what you thought of the show last week, what you heard, and how it stacked up against the theme of the conference, which stood out to all three of us. Alissa, why don't you take it away?</p> <p><b>Irei:</b>&nbsp;Sure.&nbsp;The theme of the conference was community, which was an interesting and pointed choice because the acronym on everyone's lips at the conference and in general is AI. The choice to underscore the importance of community seemed intentional. It emphasized the importance of human operators and human involvement in AI processes. There's anxiety, not just in our field but in every field, about job replacement and AI use. The organizers were making the point that we still need humans. Artificial intelligence is not intelligent without human operators, and for the safety of ourselves and others, humans need to be involved in these processes. Eric, what was your impression of the conference on the ground versus the theme?</p> <p><b>Geller:</b>&nbsp;Everywhere you looked, there was a&nbsp;focus on AI, particularly understanding the threat landscape and trying to get ahead of it with new defensive solutions. That was a common theme in many sessions, even if they weren't explicitly billed as AI talks. For me, the big theme was the tagline on all the posters, "The Power of Community." However, a major part of the community was missing -- the federal government, which pulled out of the conference a few weeks before it began. Every year, government representatives attend to listen to the community and discuss their own plans. This is one of the places where those conversations are the most fruitful, according to many people I spoke to before and during the conference.</p> <p>There's anxiety about what this absence means. It raises questions about whether the government is as interested in participating in these events as it used to be. There have been cuts at agencies that work closely with the business community and security researchers who make up much of the attendance at RSAC and similar events. This absence was a striking contradiction to the emphasis on community. Many people wondered whether it sends a broader signal. We're looking for more information from the government about the cybersecurity strategy they recently released. Many felt RSAC would have been the perfect place to roll out details about what the strategy means in practice. That didn't happen, leaving a void in conversations typically stewarded by federal agencies.</p> <p><b>Wright:</b>&nbsp;That's interesting. My colleague Becky Bracken at Dark Reading wrote about how other governments,&nbsp;such as those in the EU, brought their cybersecurity experts to discuss developments in their regions. However, the gap left by the US government was noticeable. I wrote a story a few weeks ago about spyware policies and a potential shift in US policy. Many opponents of spyware, including civil society organizations, cybersecurity researchers and vendors specializing in this area, expressed concern about a lack of communication and cooperation with the government. They felt they were flying blind, with no clear strategy or direction. Eric, to your point, this absence has made a major impact.</p> <p><b>Irei:</b>&nbsp;It's an interesting moment of unprecedented change. Ideally, this would be a time for&nbsp;public-private partnerships, cooperation and input from the private sector on public regulations and legislation. The absence of the federal government is notable and unlikely to ease anyone's anxieties about AI, which are already plentiful.</p> <p><b>Wright:</b>&nbsp;My anxiety is off the charts. Let's talk about AI. Managing all the stories coming in and covering sessions, it was clear that AI was a major focus at the show. More than two-thirds of the sessions had some AI component or were solely focused on AI. One thing I found interesting was the split between&nbsp;C-level executives&nbsp;and researchers. Researchers emphasized the need for human oversight and caution with agentic AI rollouts and coding assistants. They called for more guardrails and oversight. On the other hand, some higher-ups argued that human oversight should be eliminated because it slows things down, and the whole point of AI is to speed things up. What were you seeing or hearing?</p> <p><b>Irei:</b>&nbsp;On the business side, there's enthusiasm for new AI use cases and experimentation, often with a "ask for forgiveness, not permission" attitude.&nbsp;And at least from what I saw and heard, this creates opportunities for bad outcomes. Eric, I think you wrote about a session discussing vulnerabilities introduced by vibe coding and the lack of oversight. It's troubling, to say the least. On the flip side, I attended a session with the CISO of Exabeam, who shared an example of&nbsp;agentic AI&nbsp;deployed in their SOC. It autonomously identified a North Korean malicious insider on his first day. According to the CISO, the AI flagged the activity within hours, if not minutes, of the individual logging into his account. Eric, I'll let you weigh in. I know you wrote about this topic.</p> <p><b>Wright:</b>&nbsp;That's a good point.</p> <p><b>Geller</b>: One of the quotes that stood out to me in that panel I covered was a guy who basically said, "If AI wrote your Yarrow rules, you should delete them now because they're probably crap." And it really speaks to this hunger for automation. And also, I think this hunger for, frankly, profit margins. The fewer people you can pay to do this work, the more money you're going to make, the better you're going to look to shareholders, the more venture funding you can raise. This is really only partly about security. It's largely about looking profitable by shedding some of that labor cost.</p> <p>Of course, we've seen what happens when you let the AI run rampant. It miscategorizes things. It could cost you a lot of money if you let it do its thing&nbsp;without human supervision. The theme that emerged in a lot of these talks that focused on AI was not so much a balancing act, but kind of both at the same time. Yes, you want some kind of agentic solution taking those mundane tasks off the plate of your specialized expert human, but you also want some kind of governance framework in place so that there's a human periodically dropping in to review what's going on.</p> <p>If you've got an AI agent that is out of control, you'll see the signs of that when you drop in and check on what it's doing. If it's mismanaging things, if it's mislabeling things, you're going to see evidence of that. And so I think that's where a lot of the conversations ended up: yes, there's a real reason why, especially&nbsp;SOC managers, are looking for ways to change the role of the analyst and bring AI more into the threat analysis part of the job. But at the same time, just as you need human supervisors for human workers, you're going to need human supervisors for AI workers because nothing human or machine is infallible.</p> <p>Particularly at the scale at which some of these companies operate, the stakes involved in protecting the networks or leaving them defenseless are high. We're talking about a lot of money that can be made or lost, and so you do want a human being involved checking the work of the AI agent.</p> <p><b>Wright</b>: Yeah, and that makes sense to me. I know one of the sessions I covered last week, one of the stories I wrote, was from a Check Point session. The researchers basically said that we spent 20 years building up all these security measures to protect our networks, shore up defenses around the&nbsp;endpoint and move execution to the cloud where it's theoretically, or I guess in practice, a lot of times safer.</p> <p>The AI coding assistants were basically punching holes through these defenses and setting security back. Literally, they said it was setting security back a decade because now it was giving attackers a route from their endpoint -- from an employee's endpoint -- to the crown jewels, to development environments, to really important data. That didn't used to be the case. All this work that was being done for the last 10 to 20 years is now just being thrown away.</p> <p>The thing that shocked them was how many companies were rushing to these tools without any acknowledgment that, even without a vulnerability, even if you're not exploiting a critical flaw, you're still creating a tunnel from a simple workstation that's probably underprotected to some really important parts of the network that are highly privileged.</p> <p>They were surprised that people were just going full steam ahead with this stuff and not taking a beat to say, "Hey, is this the best idea? Do we need to do more to protect this? Do we need to do more to oversee what the agents are doing and the privileges we're giving to these&nbsp;coding tools?"</p> <p>I was surprised myself to hear their surprise. Based on what I was seeing and hearing at the show, I don't think that's going to change anytime soon. Even with all the research out there about the various vulnerabilities and the expanding attack surface that AI introduces, it doesn't seem like many organizations or people are going to suddenly say, "We need to take a step back." If anything, it feels like pressure is continually mounting to make the most of your investment in AI and, like Eric said, shed costs, save money and reduce workforces. That was the concerning thing for me -- just seeing that split and that dichotomy.</p> <p><b>Irei</b>: It's tricky too because we talk a lot on SearchSecurity about participating in the discourse around&nbsp;security culture&nbsp;and the importance of security being a business enabler -- not being the department of "no" -- and aligning yourself with business objectives.</p> <p><b>Wright</b>: Hmm.</p> <p><b>Irei</b>: Which is all true and important. On the other hand, the culture does seem, to your point, Rob, like it's going in that direction of full steam ahead. Don't ask questions. Don't say anything that's going to slow down the road to profits generated from AI.</p> <p><b>Wright</b>: Yeah.</p> <p><b>Irei</b>: Yeah, it's distressing, I guess.</p> <p><b>Wright</b>: Any closing thoughts from the show? Takeaways, surprises, anything that stuck out to you other than the stuff we've already talked about?</p> <p><b>Geller</b>: Well, I'll offer one that's sort of related to AI, which is about the&nbsp;CVE program. We've really been hearing a lot of warnings about this program for almost a year. I think it was April of last year when they almost lost their government funding. In the year since then, people have been saying that this is not sustainable.</p> <p>People have been working in Europe to create alternatives to the CVE program. There are at least two of them in operation right now, one of them run by the European Union. In addition to the precariousness of not having a guaranteed government funding source, there's also the other problem battering this program right now: AI.</p> <p>The vulnerability reports are coming in faster than they can handle. A person on the panel about CVE from&nbsp;GitHub&nbsp;said the numbers -- the incredible volume of vulnerability reports submitted through their system -- are staggering. A lot of them are coming from AI agents looking for vulnerabilities. Many are low quality, and many are hallucinating vulnerabilities where none exist.</p> <p>That is an incredible amount of work to sort through. For a program already struggling to classify and label these vulnerabilities just to get them in and out the door and give them a number, AI is making it even harder. It's a tidal wave of reports, most of which are garbage. This is not what this program needed at this moment, but it is a trend that is only going to accelerate.</p> <p>I think about the AI agent that jumped to the top of the HackerOne tables last year in terms of reporting the most vulnerabilities. We're not putting that genie back in the bottle. What that means for the CVE program, which is really at the bedrock of everything in cyberdefense, is something I'll be watching very closely.</p> <p><b>Irei</b>: Yep.</p> <p><b>Wright</b>: All right. I bet the AI companies love this because they're probably going to say, "Well, they're going to need AI to decipher all the AI slop that's coming in and sift through it all to find the good stuff."</p> <p><b>Irei</b>: That makes me think, Rob, about an informal conversation I had with Diana Kelly, the CISO at Noma Security. She gave a talk on&nbsp;model collapse&nbsp;and the inevitability of AI consuming its own content. The theme of the talk was "Idiocracy," the movie. If the models keep consuming their own content, at some point, we all become very, very stupid.</p> <p>That brings us back to the theme of community and the importance of human contributions and intelligence. I'll also add, to be the voice of optimism here, that there were moments in the conference -- like the CISO from Exabeam's talk I mentioned earlier -- where there are exciting examples of AI doing what it's supposed to in the SOC.</p> <p>We know SOC analysts are overworked and overstressed. If these AI agents can alleviate some of that burden, sift through the noise and bubble up actionable items, that would be awesome. Is it the end of the world as we know it or a new level of&nbsp;nirvana in the SOC? Probably somewhere in between would be my guess.</p> <p><b>Wright</b>: I'll try to be optimistic. I like ending on an optimistic note, so we'll leave it there. The power of community and positive thinking about AI and its future applications for cybersecurity.</p> <p><b>Irei</b>: The power of community.</p> <p><b>Wright</b>:&nbsp;Yeah, there we go.&nbsp;Thanks so much, guys. Really appreciate it.</p> </transcript> Depending on whom you ask, AI could mean the end of the world as we know it, or the beginning of a new era of ease and enlightenment in the SOC. Learn more in this video discussion. https://www.techtarget.com/searchsecurity/video/At-RSAC-2026-AI-optimism-and-anxiety-and-an-MIA-US-government Fri, 17 Apr 2026 16:48:00 GMT <p>The RSAC 2026 Conference theme was "The Power of Community." In a tech landscape where the letters A and I are inescapable, this year's RSAC homed in on the importance of people in cybersecurity -- namely, their ability to forge relationships, collaborate strategically and create a unified front to protect an ever-expanding attack surface from a barrage of threats, vulnerabilities and attacks.</p> <p>What better place for CISOs and security professionals to gather as a community than at the world's premier cybersecurity conference, along with 44,000 of their peers?</p> <p>Now in its 35th year, RSAC was held March 23-26, 2026, at the Moscone Center in San Francisco. With 700-plus vendors, 500-plus sessions across 25-plus tracks, and more than 600 exhibitors and vendors on the RSAC Expo Floor, RSAC 2026 was the place for security pros to coordinate efforts, share information and learn from one another.</p> <p>Informa TechTarget's editorial team was on-site, reporting from the conference floor. This guide gathers articles from SearchSecurity, Dark Reading and Cybersecurity Dive on the cybersecurity industry's biggest show.</p> Check out SearchSecurity's RSAC 2026 guide for reports on notable presentations and breaking news at the world's biggest infosec event. https://www.techtarget.com/searchsecurity/conference/RSA-Conference-news-and-analysis Fri, 17 Apr 2026 00:00:00 GMT <p>Machines whirr and whizz behind the partitioned wall in the RSAC 2026 Conference expo hall. Five side-by-side monitors flash colorful alerts, charts and statistics. A dozen analysts sit around two tables, their eyes glued to sticker-covered laptops.</p> <p>It's a glimpse inside the security operations center (<a href="https://www.techtarget.com/searchsecurity/definition/Security-Operations-Center-SOC">SOC</a>) protecting the world's largest cybersecurity event live and in action, monitoring north-south and east-west traffic across the Moscone Center in San Francisco.</p> <p>The SOC team, made up of Cisco, Splunk and Endace members, is investigating incidents on the network where nearly 44,000 attendees have gathered to <a href="https://www.techtarget.com/searchsecurity/conference/RSA-Conference-news-and-analysis">learn and chat about cybersecurity</a> and, more than likely, connect to the event's free Wi-Fi.</p> <p>"We're recording everything that goes across the network. We have about 240 TB of storage here, so we'll record every packet from the start of the show, right to the end," said Cary Wright, vice president of products at Endace. "These analysts can dig in and investigate any event or incident and look at exactly what happened before, during and after it."</p> <p>The analysts are on the hunt for zero days, insecurities, advanced threats and any other suspicious activity that might not trigger the security stack.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/soc_in_a_box-image1-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/soc_in_a_box-image1-f_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/soc_in_a_box-image1-f_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/soc_in_a_box-image1-f.jpg 1280w" alt="Photo of the RSAC 2026 Conference SOC-in-a-box setup" data-credit="Sharon Shea" height="420" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Analysts used a suite of tools and dashboards to investigate alerts and protect the RSAC network. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <section class="section main-article-chapter" data-menu-title="The technology"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The technology</h2> <p>The preconfigured SOC in a box, developed for RSAC, was designed to be rolled into a venue, connected to the network operations center, and up and running in fewer than four hours.</p> <p>Two Cisco Unified Computing Systems with embedded AI and GPUs provide local compute for event services and virtualization needs. A pair of Cisco Secure Firewalls with Firewall Threat Defense run in detection mode at the network edge, and Endace appliances perform always-on -- not triggered -- full packet capture and generate metadata, including Zeek logs.</p> <p>Telemetry is fed into the security stack through Splunk Enterprise Security, and Splunk Attack Analyzer conducts detonation and analysis. Pivots enable analysts to rapidly move across tools and workflows.</p> <p>"If a firewall detected a threat, for example, the analyst could pivot to see what network packets were related to the threat, if there was lateral movement, if any data was downloaded or exfiltrated, or if any malware was coming out of the network," Wright said.</p> <p>Additional tools include Cisco XDR (<a href="https://www.techtarget.com/searchsecurity/definition/extended-detection-and-response-XDR">extended detection and response</a>); Cisco Secure Network Analytics; Cisco Security Cloud; Splunk Cloud Platform; Cisco Duo; Cisco ThousandEyes; Cisco Secure Malware Analytics; Splunk Attack Analyzer; Cisco Secure Access and Splunk SOAR (security orchestration, automation and response); and <a href="https://www.techtarget.com/searchsecurity/tip/Top-open-source-and-commercial-threat-intelligence-feeds">threat intelligence</a> from Cisco Talos, alphaMountain, Pulsedive and StealthMole.</p> </section> <section class="section main-article-chapter" data-menu-title="The dashboards"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The dashboards</h2> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/soc_in_a_box-image2-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/soc_in_a_box-image2-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/soc_in_a_box-image2-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/soc_in_a_box-image2-h.jpg 1280w" alt="Photo of the RSAC 2026 Conference SOC-in-a-box alerts screen." data-credit="Sharon Shea" height="159" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>A dashboard displaying security detections and incidents on the RSAC 2026 network. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>One screen displays a representation of traffic over the past three days -- a spider chart shows who was talking to whom, with the thickness of the lines indicating traffic volume.</p> <p>Another screen shows traffic being analyzed by Splunk. Twenty percent of the traffic is encrypted, and the dashboard shows encryption strengths, including which TLS versions are in use.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/soc_in_a_box-image3-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/soc_in_a_box-image3-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/soc_in_a_box-image3-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/soc_in_a_box-image3-h.jpg 1280w" alt="Photo of the RSAC 2026 SOC analysts and alert screens." data-credit="Sharon Shea" height="188" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>The left screen has a spider chart of network connections. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>A screen flashes password counts and password events, revealing that 11 hosts on the network are broadcasting their passwords in the clear. There are a total of 217 events, meaning each host showed their password about 20 times.</p> <p>During previous events, Wright explained, they'd investigate, find the relevant user and tell them that their password was insecure. This time-consuming process was recently automated, with hosts now receiving an email from RSAC informing them that their passwords were found in the clear.</p> <p>RSAC attendees demonstrated better password hygiene than those at Cisco Live in Amsterdam -- Jessica Oppenheimer, director of SOC integrations at Splunk, said 400 hosts there had passwords in cleartext.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/soc_in_a_box-image4-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/soc_in_a_box-image4-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/soc_in_a_box-image4-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/soc_in_a_box-image4-h.jpg 1280w" alt="Photo of the RSAC SOC screens." data-credit="Sharon Shea" height="189" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Oppenheimer talking about RSAC's SOC setup. On the right, a screen displays which AI apps are in use. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Another screen displays which AI models people are using. "Are they ones we've licensed? Ones that should be licensed? Are they using their own?" Oppenheimer said. "We can identify models on the network, and if one were to adversely affect this conference, we have the ability to block it."</p> <p>AI is a big <a href="https://www.techtarget.com/searchsecurity/feature/How-AI-driven-SOC-tech-eased-alert-fatigue-Case-study">component of the SOC</a> itself. For example, it helps tier-one analysts process data, understand threats and map data. "That's why in the past 24 hours only two of 35 alerts have been escalated up to tier-two or three analysts," she said.</p> </section> <section class="section main-article-chapter" data-menu-title="SOC in a box around the globe"> <h2 class="section-title"><i class="icon" data-icon="1"></i>SOC in a box around the globe</h2> <p>The SOC in a box rolled into RSAC 2026 from Cisco Live 2026 in Amsterdam, after remotely protecting the NFL Super Bowl in Santa Clara in February. It has also been used at the Olympics, Black Hat, Mobile World Congress and GovWare events. In April, it will protect the network during the NFL Draft in Pittsburgh.</p> <p>The SOC in a box continuously evolves. Previous iterations of the project took incident responders three days to gain access, given the various tools from Palo Alto, Corelight, Arista Networks and Jamf, Oppenheimer explained. In response, the team created a single sign-on portal and <a href="https://www.techtarget.com/searchsecurity/tip/Types-of-access-control">implemented role-based access control</a> to provide day-one access to all analysts.</p> <p>For the 2028 LA Olympics, Oppenheimer said, the team is looking to add additional AI capabilities into the SOC.</p> <p><em>Sharon Shea is executive editor of TechTarget Security.</em></p> </section> Take a behind-the-scenes look at the technology and teamwork that went into creating the security operations center that protected attendees, vendors and staff at RSAC 2026. https://cdn.ttgtmedia.com/rms/onlineimages/security_a308939347.jpg https://www.techtarget.com/searchsecurity/feature/Inside-the-SOC-that-secured-RSAC-2026-Conference Wed, 15 Apr 2026 16:30:00 GMT <p>CISOs know that the human element can be the weakest link in an enterprise's cybersecurity defenses, often surfacing when end users create weak passwords that threat actors easily crack. Seeking a stronger alternative, security teams are increasingly turning to passkeys.</p> <p>Unlike passwords, which end users create, passkeys are digitally generated cryptographic credentials that work as part of an identity and access management (IAM) strategy. <a href="https://www.techtarget.com/whatis/definition/passkey">Passkeys</a> use biometrics and are stored on a device -- such as a phone -- or as a hardware token. Passkeys don't communicate through a server; they are validated through authentication services.</p> <section class="section main-article-chapter" data-menu-title="Passwords vs. passkeys: A safer option"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Passwords vs. passkeys: A safer option</h2> <p>Beyond providing an alternative to weak passwords, passkeys that use biometrics or device-based cryptographic keys are significantly harder to capture through <a href="https://www.techtarget.com/searchsecurity/tip/How-to-avoid-and-prevent-social-engineering-attacks">social engineering tactics</a> such as phishing.</p> <p>Offering options such as fingerprint access and device PINs, passkeys streamline logins and avoid the extra steps required by many security tools. Even as they enhance access security, passkeys keep the login process simple. Users don't have to remember complicated passwords or navigate constant password changes.</p> <p>Through the use of digital authentication, passkeys are an effective option to eliminate the inherent weaknesses -- in terms of both security and ease of use -- of passwords.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Through the use of digital authentication, passkeys are an effective option to eliminate the inherent weaknesses -- in terms of both security and ease of use -- of passwords. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> </section> <section class="section main-article-chapter" data-menu-title="The rise of enterprise passkeys"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The rise of enterprise passkeys</h2> <p>A <a target="_blank" href="https://fidoalliance.org/wp-content/uploads/2025/02/The-State-of-Passkey-Deployment-in-the-Enterprise-in-the-US-and-UK-FIDO-Alliance.pdf" rel="noopener">FIDO Alliance survey</a> of 400 security decision-makers found that 87% of companies are implementing passkeys.</p> <p>One driving force behind the transition is the increased emphasis on a <a href="https://www.techtarget.com/searchsecurity/feature/How-to-implement-zero-trust-security-from-people-who-did-it">zero-trust security approach</a>, in which entities are denied access to enterprise resources until authenticated and verified.</p> <p>Another reason passkeys are becoming more popular is that enterprises are under constant pressure to meet regulatory requirements and strengthen digital identity security. Passkeys provide stringent access controls and the audit trails necessary to prove compliance.</p> <p>Most advanced identity management systems work with passkey technology, including mobile authenticators and biometric scanners. This provides another verification point, vital for organizations using mobile and cloud platforms, while requiring stronger controls than conventional passwords offer. Passkeys also often work with MFA that requires, at minimum, two forms of authentication to access enterprise resources.</p> </section> <section class="section main-article-chapter" data-menu-title="Mapping a successful passkey deployment"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Mapping a successful passkey deployment</h2> <p>Security decision-makers must choose whether to deploy enterprise or consumer passkeys, or both.</p> <p><b>Enterprise passkeys</b> are typically used for internal employees, contractors and partners who need access to confidential or high-value resources. It is crucial that enterprise passkeys work with existing infrastructure and policies, including single sign-on, management tools, corporate devices and policy enforcement.</p> <p><b>Consumer passkeys</b> are primarily for external users, including customers and subscribers. Internal end users might also need consumer passkeys to access external digital platforms. Ease-of-use is a major consideration during login and password resets, but the emphasis should be on interoperability and privacy.</p> <p>In a <b>hybrid passkey environment</b>, some internal passkey users might use consumer passkeys to access external platforms or services that require them, such as SaaS tools or collaboration platforms. Seamless integration between enterprise and consumer systems can simplify UX and enhance security.</p> <h3>Planning a phased rollout</h3> <p>CISOs should consider a phased approach to passkey deployment. Pilot the implementation with a small group to measure UX and validate the technical setup. Follow with a broader rollout, extending passkeys to other groups while continuing to track UX and confirming passkey security.</p> <p>Start with higher risk groups -- executives, IT administrators and personnel with access to sensitive systems -- before rolling out passkeys to all employees.</p> <p>If contractors and third-party partners need to access enterprise resources, whether using a corporate-issued or personal device, consider more stringent and granular passkey policies.</p> <p>For customers and subscribers, assess risk profiles, geographic locations, regulatory requirements and transaction volume.</p> <p>Ultimately, the result is full deployment in which passkeys are the default authentication system for everyone.</p> </section> <section class="section main-article-chapter" data-menu-title="How to evaluate passkey providers"> <h2 class="section-title"><i class="icon" data-icon="1"></i><b>How to evaluate passkey providers</b></h2> <p>Before selecting a passkey provider, conduct an internal needs assessment that accounts for authentication requirements, user base, compliance needs, critical applications and IT infrastructure. Involve compliance teams and business leadership. Once completed, build a short list of providers based on technical requirements, support offerings and reputation. Demos, limited pilot deployments, reference accounts and reviews can all help determine which vendors make this list.<br><br>Other considerations include the following:</p> <ul type="disc" class="default-list"> <li>Support of industry standards, including FIDO2 and WebAuthn.</li> <li>Strong encryption for credentials, device binding and data.</li> <li>MFA support.</li> <li>Streamlined integration with existing systems.</li> <li>Passkey functionality across platforms and devices.</li> <li>Easy migration from passwords to passkeys.</li> <li>Compliance with privacy and <a href="https://www.techtarget.com/searchsecurity/tip/State-of-data-privacy-laws">data security laws</a>.</li> <li>Cost structure for subscription or license models.</li> <li>Scalability as operational requirements shift.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="How to deploy enterprise passkeys"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to deploy enterprise passkeys</h2> <p>As with any significant security deployment, CISOs and IT and security teams must plan for a passkey implementation.</p> <h3>Step 1. Review existing IAM strategy</h3> <p>Deployment starts with assessing current IAM technologies to assess where passkey integration makes sense. CISOs and their teams should look at access privileges and <a href="https://www.techtarget.com/searchsecurity/tip/Use-these-6-user-authentication-types-to-secure-networks">authentication methods</a> in the context of business operations. Are privileges too broad? Are authentication processes adequate to meet regulatory requirements? What changes are needed to ensure a smooth passkey deployment? Do policies and practices align with business objectives?</p> <h3>Step 2. Leadership alignment</h3> <p>CISOs and their teams need to engage with stakeholders across lines of business to find champions and secure funding. <a href="https://www.techtarget.com/searchsecurity/post/4-tips-to-help-CISOs-get-more-C-suite-cybersecurity-buy-in">C-level backing</a> is key for both immediate budgetary needs and long-term security initiatives.</p> <h3>Step 3. Update access tools</h3> <p>Organizations that are not already using MFA should deploy mechanisms, such as biometrics or mobile- or hardware-based MFA, before adopting passkeys. This acclimates end users to new login processes that will be extended once passkeys are adopted. It also gives security teams the opportunity to test various authentication methods before deploying passkeys.</p> <h3>Step 4. Infrastructure assessment</h3> <p>For many organizations, managed authentication services are the right choice to automate provisioning, reset credentials and implement self-service features. CISOs and teams need to assess their infrastructure to determine the levels of data protection, endpoint encryption and device management. Re-examine data loss prevention rules to identify any required updates after passkeys are deployed.</p> </section> <section class="section main-article-chapter" data-menu-title="Passkey adoption hurdles"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Passkey adoption hurdles</h2> <p>Obstacles to successful passkey deployments on the technology side include incompatibility with legacy systems. In addition, some applications, devices and infrastructure might not work with passkeys. Upgrades can also be costly and complex. Lockouts are another issue with passkey rollouts. Teams should put backup, recovery and fallback authentication processes in place to prevent this.</p> <p>CISOs might also encounter resistance from end users. Clearly communicated instructions and demonstrations, with ongoing support, can smooth the enrollment process.</p> </section> <section class="section main-article-chapter" data-menu-title="The successful passkey deployment"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The successful passkey deployment</h2> <p>Gauge the early success of a passkey deployment through its use. For example, monitor the percentage of eligible users enrolling a passkey.<br><br>Remember, however, that the true measure of success hinges on the IT and security benefits passkeys deliver. In time, the support desk should see a decline in password reset requests and, eventually, security teams should be able to report fewer credential-related incidents, such as phishing and account takeovers. With today's threat landscape, that makes for a safer environment to conduct business.</p> <p><i>Amy Larsen DeCarlo has covered the IT industry for more than 30 years, as a journalist, editor and analyst. As a principal analyst at GlobalData, she covers managed security and cloud services.</i></p> </section> Passkey security sidesteps many of the end-user and cybersecurity issues that plague traditional passwords. Learn how to successfully deploy passkeys in your organization. https://cdn.ttgtmedia.com/rms/onlineimages/security_a416431135.jpg https://www.techtarget.com/searchsecurity/tip/How-to-roll-out-an-enterprise-passkey-deployment Wed, 15 Apr 2026 14:38:00 GMT <p>Security Operations Center analysts stand on the front lines between their organizations and countless cyberthreats. How effectively an analyst reacts to any given security alert could mean the difference between a contained, minor incident and a full-on data breach.</p> <p>Too often, however, SOC analysts suffer from poor workflows, outdated tools and overwhelming workloads. The resulting burnout fuels high turnover -- something organizations can't afford, given the <a href="https://www.techtarget.com/searchsecurity/tip/Cybersecurity-skills-gap-Why-it-exists-and-how-to-address-it">cybersecurity talent shortage</a>. Worse, these conditions create environments where security incidents go undetected or take longer to contain. For CISOs, improving analysts' working conditions is a security imperative that directly impacts organizational risk.</p> <section class="section main-article-chapter" data-menu-title="Why analyst experience matters in the SOC -- and beyond"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why analyst experience matters in the SOC -- and beyond</h2> <p>Forrester first <a target="_blank" href="https://www.forrester.com/blogs/announcing-analyst-experience-soc-analysts-finally-escape-the-shackles-of-bad-ux/" rel="noopener">coined the term</a> "analyst experience," or AX, with analysts Allie Mellen and Jeff Pollard defining it as, "Security analysts' perception of their interactions with a particular security product, service and process across various workstreams."</p> <p>Organizations, Mellen and Pollard noted, rely on analysts to recognize, classify, investigate and respond to cyberthreats that pose enormous risk to their organizations. Tools in the SOC, however, often fail to reflect the importance of their work. Siloed data, clunky integrations and poorly functioning user interfaces, they argued, make it unnecessarily challenging and unpleasant for analysts to do their jobs.</p> <p>"Security teams are regularly forced into a reactive state by too many alerts, too little time and a fragmented security stack, leading to increased employee stress and burnout," agreed Nicole Carignan, field CISO and senior vice president of security and AI strategy at Darktrace, a multinational cybersecurity firm based in Cambridge, England.</p> <p>Consequences of neglecting the security analyst experience in the SOC include the following, according to experts and practitioners.</p> <h3>Talent attrition</h3> <p>Most, if not all, CISOs have grappled with <a href="https://www.techtarget.com/searchsecurity/tip/Cybersecurity-skills-gap-Why-it-exists-and-how-to-address-it">understaffing in the SOC</a> -- a chronic problem that poor analyst experience makes worse. "Many organizations struggle to provide a good AX, which leads analysts to burn out or look for a role elsewhere," Mellen said.</p> <p>When unhappy analysts do inevitably quit, remaining team members inherit heavier workloads, further fueling problems and creating a vicious cycle.</p> <h3>Compounding coverage gaps</h3> <p>The effects of talent attrition compound over time. When an organization loses a trained analyst, it also loses months of domain understanding and muscle memory, said Heath Renfrow, co-founder and CISO at cyber disaster recovery firm Fenix24, based in Chattanooga, Tenn.</p> <p>"That churn creates gaps in coverage, slower response times and greater risk during <a href="https://www.techtarget.com/searchsecurity/feature/10-types-of-security-incidents-and-how-to-handle-them">critical incidents</a>," Renfrow added. "At scale, it becomes a vicious cycle: overworked teams make more mistakes, which increases pressure, which drives more attrition."</p> <p>For many, the emotional and mental toll quickly becomes untenable, according to Tom Levi, field CISO and director of cyber-risk strategy at CYE, a cybersecurity company based in Herzliya, Israel. "When there are staffing shortages in addition to the fear of getting something wrong, it becomes emotionally exhausting work that cannot be sustained long-term," he said.</p> <h3>Incident outcomes</h3> <p>Poor analyst experience can lead to worse outcomes during <a href="https://www.techtarget.com/searchsecurity/definition/incident-response">security incidents</a>, according to Mellen. "Analysts who don't have the information they need for investigation are not able to respond as quickly and effectively," she said. "They also may spend excessive amounts of time chasing false positives, which prevents them from investigating true incidents."</p> <h3>Operational impact</h3> <p>Poor analyst experience creates operational drag. When analysts must contend with cumbersome tooling, alert noise and handoff friction to do their jobs, investigations slow, and case quality becomes more difficult to standardize. This hurts staff morale and reduces time for proactive work, such as <a href="https://www.techtarget.com/searchsecurity/tip/What-is-threat-hunting-Key-strategies-explained">threat hunting</a>.</p> <p>"Many SOC analysts spend their days triaging endless low-fidelity alerts, fighting noisy tooling and working in reactive mode," Renfrow said. "That grind creates a sense of futility. Analysts feel like they're clicking buttons instead of defending organizations."</p> </section> <section class="section main-article-chapter" data-menu-title="What makes a good SOC analyst experience"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What makes a good SOC analyst experience</h2> <p>Poor analyst experience is marked by chaos, tedium, frustration and a sense of futility. In contrast, good analyst experience has the following defining characteristics:</p> <ul class="default-list"> <li><b>Purpose. </b>Analysts understand why they're investigating alerts, not just what they're investigating, and why the <a href="https://www.techtarget.com/searchsecurity/feature/Why-effective-cybersecurity-is-important-for-businesses">outcomes of SOC investigations matter to the organization</a>.</li> <li><b>Context</b>. Rather than drowning in false positives and noise, analysts work with high-quality alerts that provide the context they need to take action.</li> <li><b>Consolidated tools. </b>Instead of a plethora of disconnected systems, tools are consolidated so analysts don't need to constantly switch among systems to investigate security events.</li> <li><b>Respect. </b>Analysts feel their organizations, managers and colleagues respect them as professionals and value their input.</li> <li><b>Career paths</b>. Analysts see clear opportunities for professional growth, with career paths beyond endless alert triage.</li> </ul> <p>"What has worked for us is treating analyst experience as an operational priority, not a perk," said Craig Jones, chief security officer at <a href="https://www.techtarget.com/searchsecurity/tip/How-to-select-an-MDR-service-thats-right-for-your-company">managed detection and response</a> (MDR) provider Ontinue, which has headquarters in Zurich and Redwood City, Calif. "We focus heavily on detection hygiene, tuning noisy rules, rapidly fixing false positives and raising the quality bar so alerts arrive with the context needed to act."</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> What has worked for us is treating analyst experience as an operational priority, not a perk. </figure> <figcaption> <strong>Craig Jones </strong>CSO, Ontinue </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>According to Renfrow, Fenix24 achieved similarly positive results through a three-pronged approach: reducing alert noise so analysts can focus on substantive, high-value problems; giving analysts meaningful ownership of cases, so they see how their work restores the ability of the company's customers to do business; and defining clear career paths that encourage skill development beyond basic triage.</p> </section> <section class="section main-article-chapter" data-menu-title="How CISOs can improve the SOC analyst experience"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How CISOs can improve the SOC analyst experience</h2> <p>To improve the security analyst experience in the SOC, CISOs should consider the following steps:</p> <ul class="default-list"> <li><b>Include analysts in technology purchases. </b>"CISOs must bring security analysts into the buying decision process and trust their judgment on what will be most effective for the team," Mellen said. "In many cases, there are nuances to how the technology works in practice that practitioners see when they use the software day in and day out, but others might not. Trust your practitioners and compromise where possible."</li> <li><b>Invest in alert engineering</b>. Prioritize regularly tuning noisy rules and fixing false positives so that meaningful alerts reach analysts, and low-signal noise that leads to alert fatigue doesn't. If budgets permit, consider upgrading SOC technology to maximize signal, minimize noise and automate repetitive workflows.</li> <li><b>Connect alerts to business risk.</b> Help analysts understand the "why" behind investigations by <a href="https://www.techtarget.com/searchsecurity/post/3-ways-CISOs-can-align-cybersecurity-to-business-goals">linking alerts to organizational impact</a>. Tag alerts with business priority levels, provide asset context and show how SOC investigations connect to concrete risks.</li> <li><b>Integrate platforms.</b> Reduce tool fragmentation by condensing signals, context and workflows within fewer systems. <a href="https://www.techtarget.com/searchsecurity/feature/CISO-checklist-Cybersecurity-platform-or-marketing-ploy">Unified security platforms</a> minimize the manual work of piecing together investigation data across disconnected tools.</li> <li><b>Deploy AI and automation strategically</b>. AI can help companies augment their current cybersecurity workforce, expand situational awareness and accelerate mean time to action. But implementation matters, Mellon warned. It's important to evaluate investigative AI agents to determine how accurate they are, and what kind of testing and validation the vendor performs to ensure that accuracy.</li> <li><b>Consider managed services.</b> Organizations struggling with understaffing can consider outsourcing threat detection and investigation to MDR providers, reducing the load on in-house analysts.</li> <li><b>Create growth opportunities</b>. Develop clear career progression paths for SOC analysts, with continuous training and opportunities to rotate through security disciplines. Help them build expertise beyond basic triage work.</li> <li><b>Empower analyst voices</b>. Build a security culture where analysts can speak up, challenge assumptions and contribute to decisions. Provide visible leadership support during incidents and set reasonable on-call expectations.</li> </ul> <p>Improving the analyst experience is a strategic investment that yields measurable returns in retention, security effectiveness and operational resilience. According to experts and practitioners, CISOs who view positive analyst experience as a security control, rather than a people perk, better position their organizations to defend against <a href="https://www.techtarget.com/whatis/34-Cybersecurity-Statistics-to-Lose-Sleep-Over-in-2020">increasingly sophisticated threats</a>.</p> <p>"What has worked for us is treating analysts like elite operators, not interchangeable labor," Renfrow said. "When people feel trusted, skilled and impactful, performance rises and turnover drops."</p> <p><i>Sean Michael Kerner is an IT consultant, technology enthusiast and tinkerer. He has pulled Token Ring, configured NetWare and been known to compile his own Linux kernel. He consults with industry and media organizations on technology issues.</i></p> </section> Burned-out security analysts miss threats, take longer to investigate incidents and are more likely to quit. Here's how CISOs can improve the SOC analyst experience. https://cdn.ttgtmedia.com/rms/onlineimages/security_a386211215.jpg https://www.techtarget.com/searchsecurity/feature/How-to-improve-the-SOC-analyst-experience-and-why-it-matters Tue, 14 Apr 2026 22:34:00 GMT <p>Contact center fraud is a reality that organizations must prepare for or else risk considerable losses due to security lapses in customer data protection. Successful fraud schemes can damage a brand's reputation and result in compliance liability, especially in heavily regulated industries, such as financial services and healthcare.</p> <p>As contact centers expand into digital channels and remote operations, fraud detection has become a critical component of customer experience and data security strategies.</p> <p>Companies can mitigate their vulnerability to unauthorized access or disclosure of confidential information with the right blend of <a href="https://www.techtarget.com/searchcustomerexperience/tip/Best-practices-for-call-center-agent-training-programs">comprehensive agent training</a>, well-documented authentication and data security processes, and contact center fraud detection technologies.</p> <section class="section main-article-chapter" data-menu-title="What is contact center fraud?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is contact center fraud?</h2> <p>At many businesses, traditional call centers and customer service and support operations have <a href="https://www.techtarget.com/searchcustomerexperience/feature/History-and-evolution-of-contact-centers">evolved into contact centers</a> to handle customer communications across multiple channels, including phone calls, live chats, email, social media, text messaging (SMS), mobile apps and video calls.</p> <p>Cybercriminals target contact centers to gain access to sensitive customer information by exploiting agents and weak authentication processes. These bad actors can then use personally identifiable information (<a href="https://www.techtarget.com/searchsecurity/definition/personally-identifiable-information-PII">PII</a>) and other account data -- Social Security numbers, financial institutions and credit card numbers -- to commit identity theft, set up fake accounts and participate in bank and credit card fraud.</p> </section> <section class="section main-article-chapter" data-menu-title="Why do bad actors target contact centers?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why do bad actors target contact centers?</h2> <p>Contact centers are popular targets for fraud because poorly trained agents are often vulnerable to manipulation. A toll-free number used for customer service and transactions such as purchases can allow criminals to initiate numerous fraud attempts while maintaining anonymity, provided they use caller ID spoofing techniques. Unsuspecting agents, especially in call centers, make excellent attack vectors since they're all that stand between a fraudster and customer accounts.</p> <p>The expansion of <a href="https://www.techtarget.com/searchcustomerexperience/tip/How-to-manage-remote-call-center-agents">hybrid and remote contact center operations</a> has introduced new fraud detection challenges. Remote work has made it increasingly difficult for agents to receive proper fraud detection training or guidance from co-workers. As a result, they may struggle with using anti-fraud tools remotely.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/call_center_compliance_checklist-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/call_center_compliance_checklist-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/call_center_compliance_checklist-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/call_center_compliance_checklist-f.png 1280w" alt="Graphic showing a contact center compliance checklist, including securing networks, authenticating customers, recording conversations and managing sensitive information." height="266" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Contact center compliance programs help organizations reduce fraud risk by securing networks, authenticating customers, protecting sensitive data and following privacy and consumer protection regulations. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Common types of contact center fraud"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Common types of contact center fraud</h2> <p>While contact centers encounter many types of fraud, the most common are identity theft, account takeover, stolen credit card information and finagling free merchandise.</p> <p><b>Identity theft.</b> Criminals use stolen personal information of legitimate customers to access accounts for monetary gain. Contact center agents might struggle to detect identity theft because the bad actors have accurate customer information. Many fraud schemes use personal information found on the dark web after a data breach. Synthetic identity fraud occurs when criminals combine real PII, such as a mobile phone number and email address, with falsified data to create a manipulated or false identity. They then use the information to open accounts and initiate transactions.</p> <p><b>Account takeover.</b> To transfer a customer account to their account, fraudsters might change an email address or login information to reset customer portal passwords. These criminals can use automated tools to create username and password combinations in a technique known as credential stuffing to gain access to customer accounts.</p> <p><b>Use of stolen credit card information.</b> Fraudsters bombard contact centers with attempts to buy goods and services with stolen credit card information. Because contact centers don't require physical cards, criminals can more easily make purchases with stolen information, a tactic known as card-not-present fraud.</p> <p><b>Attempt to receive free replacement items.</b> Criminals act as legitimate customers who purchased goods, then claim to have problems and request replacements. Retailers are the most common victims of this type of fraud, especially those with loose warranty and replacement policies.</p> <p><b>Phishing and vishing scams. </b>Cybercriminals have long targeted consumers with phishing scams, sending fraudulent emails that contain malicious URLs or hyperlinks to download malware or steal passwords. Another tactic is <i>voice phishing</i>, or <i>vishing</i>, using urgent phone calls that demand victims to update company or personal data supposedly to protect bank accounts and other financial transactions. Similar fraudulent methods are used on contact center agents. A criminal vishing about problems with an account can dupe an unsuspecting agent into sharing sensitive customer data.</p> <p>Many contact centers have been hit with ransomware attacks, locking up communications systems until the problem is resolved or the ransom is paid. <a href="https://www.techtarget.com/searchsecurity/definition/distributed-denial-of-service-attack">Distributed denial-of-service attacks</a> have also been used to disrupt communications services. More recently, AI-generated voice cloning and deepfake audio can be used to impersonate legitimate customers.</p> </section> <section class="section main-article-chapter" data-menu-title="Tips for identifying fraudulent customers"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Tips for identifying fraudulent customers</h2> <p>Criminals use different fraud methods depending on their motivation or the <a href="https://www.techtarget.com/searchcustomerexperience/feature/Types-of-contact-centers-explained">type of contact center</a> they target. Common warning signs of fraud include the following:</p> <ul type="disc" class="default-list"> <li>Social engineering methods to falsely extract information.</li> <li>Inability to verify recent transactions.</li> <li>Long pauses before answering questions.</li> <li>Communication to evoke an immediate reaction based on urgency, familiarity or authority.</li> <li>Attempts to establish a relationship or rapport with a specific contact center agent or manager.</li> <li>Inconsistency in customer history and documentation.</li> <li>Attempts to bypass regular customer service procedures.</li> <li>Red flags and suspicious activity identified by anti-fraud technologies.</li> <li>Attempts to bypass anti-fraud processes and technologies.</li> <li>Automated speech patterns that may indicate AI-generated voice fraud.</li> </ul> <ul class="default-list"></ul> </section> <section class="section main-article-chapter" data-menu-title="Tools to identify fraud"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Tools to identify fraud</h2> <p>Enterprises that take contact center fraud detection and prevention seriously shouldn't rely solely on agent training. Contact center managers can integrate several technologies into most on-premises, cloud or distributed workforce contact centers to block or flag suspicious activities and enhance fraud detection.</p> <p><b>Identity verification. </b>Technologies like automatic number identification can verify a customer's identity based on their phone number ahead of automated or interactive voice response (<a href="https://www.techtarget.com/searchcustomerexperience/definition/Interactive-Voice-Response-IVR">IVR</a>) interactions. Some of these fraud detection technologies track phone numbers based on information like possession (authenticating the mobile number and the device), reputation (risk score) and ownership. If additional verification is needed, layered authentication controls can help prevent fraud by sending one-time verification codes via text or email to a customer's device. In the future, individuals could have additional ways to prove their identity with mobile devices as more states offer digital driver's licenses and government IDs. Some identity verification platforms now combine device fingerprinting, behavioral analytics and risk scoring.</p> <p><b>Contact source analytics. </b>Emerging technologies can more accurately confirm a contact's true source as well as the type of device used. These attributes can tip off contact center agents about whether the caller is a real customer or a criminal in a known fraud location or using equipment common among fraudsters, such as caller ID spoofing and IVR probing tools.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/ai_sharpens_contact_center_features_and_actions-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/ai_sharpens_contact_center_features_and_actions-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/ai_sharpens_contact_center_features_and_actions-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/ai_sharpens_contact_center_features_and_actions-f.png 1280w" alt="Diagram showing how AI improves contact center features such as IVR systems, self-service chatbots, agent performance analytics and post-call summaries." height="355" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>AI technologies can strengthen contact center operations by improving IVR systems, enabling self-service chatbots, supporting agent performance monitoring and generating automated post-call summaries. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p><b>Multilayered authentication.</b> Multifactor authentication, AI and knowledge-based platforms can identify bad actors who impersonate legitimate customers. The technology platform inputs various data points and calculates a fraud risk score to inform the agent about next steps in the fraud prevention process. A one-time pin or passcode sent by text or email to an individual's device can add a dynamic layer of security before a login session or transaction. Based on risk assessments, businesses must find the right balance between frictionless customer experience and layered security measures.</p> <p><b>Voice biometrics.</b> Advanced audio biometrics can analyze a caller's voice, creating a new authentication layer for contact centers and customers. Voice biometric SaaS providers let remote agents access these authentication services regardless of where they work. These technologies will soon have to contend with AI-driven voice cloning and deepfake audio, which might require reevaluation of fraud protection and other security measures.</p> <p><b>Suspicious behavior detection.</b> <a href="https://www.techtarget.com/searchcustomerexperience/feature/Important-contact-center-AI-features-and-their-benefits">AI and machine learning techniques</a> combine with fraud detection analytics tools to detect suspicious behavior such as unusual calling patterns, IVR usage anomalies and other behavior-based indicators. The tool then decides whether the contact is legitimate. Behavioral analytics can also be used to monitor agent behavior for insider threats by flagging multiple account redirects or password resets.</p> <p>Organizations that combine agent training with layered authentication and AI-driven fraud detection tools are better positioned to protect customer data and maintain trust.</p> <p><b>Editor's note:</b> <i>This article was updated to reflect the latest developments in contact center fraud detection and prevention tools, techniques and practices.</i></p> <p><i>Kathleen Richards is a freelance journalist and industry veteran. She's a former features editor for TechTarget's </i>Information Security <i>magazine.</i></p> <p><i>Andrew Froehlich is founder of InfraMomentum, an enterprise IT research and analyst firm, and president of West Gate Networks, an IT consulting company. He has been involved in enterprise IT for more than 20 years.</i></p> </section> Scammers may target contact centers, but comprehensive agent training, authentication techniques and advanced technologies can protect businesses and customers. https://cdn.ttgtmedia.com/rms/onlineimages/customer_service02.jpg https://www.techtarget.com/searchcustomerexperience/tip/How-to-train-agents-on-call-center-fraud-detection Tue, 14 Apr 2026 11:02:00 GMT <p>Geopolitical instability is a leading indicator of adversarial nation-state cybercampaigns, according to a recent <a target="_blank" href="https://2034462.fs1.hubspotusercontent-na1.net/hubfs/2034462/Cyber%20Operations%20Targeting%20US%20Government%20(1).pdf" rel="noopener">report</a> from Check Point. The analysis found that when the Caldara-Iacoviello Geopolitical Risk Index rises by more than 1 standard deviation above its historical mean, cyberincidents targeting U.S. critical infrastructure spike 35-45% the following quarter.</p> <p>Current headlines provide anecdotal support for Check Point's analysis, with federal officials warning that state-sponsored malicious hackers are increasingly targeting U.S. critical infrastructure. In addition to obvious national security concerns, the trend also poses a <a href="https://www.techtarget.com/searchsecurity/feature/What-executives-must-know-about-nation-state-threat-actors">significant business risk</a>, given the reliance of commercial systems on critical infrastructure, from financial institutions to telecommunications systems.</p> <p>This week's featured cybersecurity news stories highlight escalating attacks on U.S. organizations by Iranian and Russian threat actors, as well as proposed federal budget cuts that could leave enterprise defenders with reduced support amid heightened adversarial activity. Plus, experts warn that military ceasefires don't always translate to cyberspace.</p> <section class="section main-article-chapter" data-menu-title="Iranian threat actors target U.S. water, energy and municipalities"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Iranian threat actors target U.S. water, energy and municipalities</h2> <p>Federal agencies <a target="_blank" href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-097a" rel="noopener">warned</a> that Iranian threat actors are actively exploiting internet-facing operational technology (OT) devices across multiple U.S. critical infrastructure sectors.</p> <p>Iran-linked malicious hackers are targeting programmable logic controllers -- including devices made by Rockwell Automation/Allen-Bradley -- in water, wastewater, energy and government environments. The campaign has caused operational disruptions and financial losses, according to officials.</p> <p>Security experts have long warned that the continued exposure of OT devices to the public internet is a design failure that opens organizations to attack. U.S. agencies urged organizations to remove direct internet exposure, <a href="https://www.techtarget.com/searchsecurity/tip/Key-OT-security-best-practices">harden access</a> and review logs for suspicious activity.</p> <p><a target="_blank" href="https://www.cybersecuritydive.com/news/iran-linked-hackers-targeting-water-energy-in-us-fbi-and-cisa-warn/816949/" rel="noopener"><i>Read the full story by David Jones on Cybersecurity Dive</i></a>.</p> </section> <section class="section main-article-chapter" data-menu-title="Russia hacked unmanaged edge devices, targeting U.S. critical infrastructure"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Russia hacked unmanaged edge devices, targeting U.S. critical infrastructure</h2> <p>The Justice Department and FBI said they disrupted a Russian military intelligence campaign that hijacked compromised TP-Link SOHO routers and used them to redirect DNS traffic, giving Moscow a way to collect internet traffic and potentially steal credentials, emails and other sensitive data from government and critical infrastructure targets.</p> <p>According to the report, the operation -- dubbed Operation Masquerade -- modified DNS settings and gathered forensic data from infected devices.</p> <p>End-of-life and poorly managed edge devices remain a serious enterprise risk, especially in distributed environments where remote offices, field sites and third parties rely on consumer-grade networking gear. Microsoft and federal officials urged organizations to patch firmware, <a href="https://www.techtarget.com/searchsecurity/tip/DNS-security-best-practices-to-implement-now">review DNS settings</a>, restrict remote management and replace obsolete equipment.</p> <p><a target="_blank" href="https://www.darkreading.com/threat-intelligence/russia-forest-blizzard-logins-soho-routers" rel="noopener"><i>Read the full story by Nate Nelson on Dark Reading</i></a><i>.</i></p> </section> <section class="section main-article-chapter" data-menu-title="CISA cuts could weaken cyber defenses as nation-state threats to critical infrastructure intensify"> <h2 class="section-title"><i class="icon" data-icon="1"></i>CISA cuts could weaken cyber defenses as nation-state threats to critical infrastructure intensify</h2> <p>The Trump administration's proposed FY2027 budget would shrink CISA's front-line cyber support at a time when nation-state threats to critical infrastructure are intensifying. As outlined in the proposal, the agency would lose $386 million and 867 positions, with cuts falling on <a href="https://www.techtarget.com/searchsecurity/definition/vulnerability-assessment-vulnerability-analysis">vulnerability assessments</a>, regional field support, training and several shared services that help organizations identify and respond to cyber-risk.</p> <p>For Fortune 500 CISOs, the significance goes beyond Washington budget politics: If federal cyber capacity is reduced while foreign adversaries continue probing water, energy and other essential sectors, defenders might have to operate with less external visibility, coordination and hands-on assistance precisely when resilience matters most.</p> <p><a target="_blank" href="https://www.cybersecuritydive.com/news/cisa-trump-budget-fy2027-details/816855/?utm_source=chatgpt.com" rel="noopener"><i>Read the full story by Eric Geller on Cybersecurity Dive</i></a><i>.</i></p> </section> <section class="section main-article-chapter" data-menu-title="Ceasefires rarely mean cyber calm for enterprise defenders"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Ceasefires rarely mean cyber calm for enterprise defenders</h2> <p>As a tenuous U.S.-Iran military ceasefire dominates global headlines, experts warn that pauses in kinetic conflicts rarely translate to a halt in cyber operations.</p> <p>On the contrary, historical data shows that cyberattacks frequently escalate during ceasefires, with both state-sponsored and aligned threat actors exploiting the downtime to target critical infrastructure and conduct espionage. Exceptions exist, however, such as the 2015 Iran nuclear deal negotiations, which saw a temporary cessation of Iranian cyber activity.</p> <p>For enterprise defenders, this trend underscores the need to remain vigilant during geopolitical lulls, as adversaries could shift focus to cyber domains. Organizations must prioritize monitoring, <a href="https://www.techtarget.com/searchsecurity/tip/Threat-intelligence-vs-threat-hunting-Better-together">threat intelligence</a> and resilience planning to mitigate risks from opportunistic attacks during such periods.</p> <p><a target="_blank" href="https://www.darkreading.com/cybersecurity-analytics/ceasefires-slow-cyberattacks-history" rel="noopener"><i>Read the full story by Nate Nelson on Dark Reading</i></a><i>.</i></p> <p><i>Editor's note:&nbsp;An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.</i></p> <p><em>Alissa Irei is senior site editor of Informa TechTarget Security.</em></p> </section> Check out the latest security news from TechTarget SearchSecurity's sister sites, Cybersecurity Dive and Dark Reading. https://cdn.ttgtmedia.com/rms/onlineimages/iot_g956109394.jpg https://www.techtarget.com/searchsecurity/news/366641657/News-brief-Iranian-cyberattacks-target-US-water-energy Fri, 10 Apr 2026 16:51:00 GMT <p>More than 600 cybersecurity vendors crowded the RSAC 2026 Conference expo floor at the Moscone Center in San Francisco, along with their sales reps, event MCs, branded swag and multimedia displays. It amounted to an astounding commercial spectacle -- but also, somehow, a mere fraction of the current <a href="https://www.techtarget.com/searchsecurity/feature/Cybersecurity-market-researchers-forecast-significant-growth">cybersecurity market</a>, which Forrester estimates comprises around 4,000 vendors.</p> <p>Expect that number to grow, Forrester Analyst Jeff Pollard warned security leaders during a conference session down the street from the expo floor.</p> <p>"We have a real problem with vendor and tech sprawl in our environments," he said. "And this market is only going to get even bigger and more challenging for you to sort through on a day-in, day-out basis."</p> <p>Many security teams spend countless hours developing their own DIY point-tool integrations and contending with a plethora of logins, consoles, dashboards and <a target="_blank" href="https://www.darkreading.com/vulnerabilities-threats/vendors-role-combating-alert-fatigue" rel="noopener">alerts</a>.</p> <p>Enter the single pane of glass, or SPOG. For years, various cybersecurity vendors have claimed to unify <a href="https://www.techtarget.com/searchsecurity/tip/How-to-implement-security-control-rationalization">multiple point tools</a> into a user-friendly SPOG that makes life easier for security teams. But what sounds too good to be true often is.</p> <p>"You've all been burned before, right?" said Forrester Analyst Jess Burns, who presented with Pollard. "It's relatively easy to market a platform with a SPOG, but it's hard to build one."</p> <p>The good news is, she added, some vendors have, in fact, cracked the code and now offer cybersecurity platforms that approach the SPOG ideal. The challenge for CISOs is differentiating between cybersecurity product packages -- groups of standalone tools cloaked in clever "platform" marketing -- and true, integrated platforms that justify the commitment and investment. According to Burns and Pollard, CISOs who are vetting platform options should look for technology that can, at a minimum, do the following.</p> <section class="section main-article-chapter" data-menu-title="Combine multiple security controls from a single vendor"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Combine multiple security controls from a single vendor</h2> <p>Some vendors sell packages of standalone products and services that they erroneously market as "platforms," the Forrester analysts cautioned. But having fewer vendors doesn't necessarily mean having fewer tools.</p> <p>According to Pollard, if a provider talks about the need for "integration" during the implementation phase, that can be a red flag -- pointing to a suite of separate products rather than a pre-integrated platform.</p> <p>"Raise your eyebrows, because you might be getting sold a bill of goods," he added.</p> </section> <section class="section main-article-chapter" data-menu-title="Provide a single unified UI"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Provide a single unified UI</h2> <p>A platform should offer a strong security analyst experience, Pollard said. With a good UI, "your analysts are alt-tabbing less, context-switching is reduced and the information that they need to effectively disposition issues is presented to them [in one place]."</p> </section> <section class="section main-article-chapter" data-menu-title="Provide a single underlying data model for all relevant data from each controller"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Provide a single underlying data model for all relevant data from each controller</h2> <p>In a single, extensible, cross-domain data model, data from diverse sources -- e.g., network devices, endpoints and cloud services -- is automatically available and useful across the platform. Customers should not need to manipulate the data or build out cross-domain functionality.</p> <p>"At a minimum, it should save us from having to control-T in the different browser interfaces," Pollard said, adding that while a single underlying data model is uncommon, it is an essential part of a true platform. "At a maximum, it should be integrated together such that the data understands the rest of the data."</p> <p>In the proof-of-concept phase, Burns added, make the vendor prove they have a single extensible data model, not just stitched-together schemas.</p> <p>"Ask them to show you how they handle at least five different data types across the modules and tools," she said.</p> </section> <section class="section main-article-chapter" data-menu-title="Enable outcomes that result in productivity gains for users"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Enable outcomes that result in productivity gains for users</h2> <p>Ultimately, Pollard said, the point of a platform investment is to improve the security program's effectiveness and efficiency, thereby benefiting the business. With that end in mind, consider the following:</p> <ul class="default-list"> <li><b>Ease of deployment. </b>A faster and easier deployment means the organization realizes value from its investment more quickly.</li> </ul> <ul class="default-list"> <li><b>Ease of use.</b> Before committing to a new platform, have analysts with varying levels of experience -- not just senior power users -- test drive it, advised Burns.<br><br>"Can they actually complete tasks faster? A good analyst experience means faster, more accurate decisions," she said. "It could be the difference between one compromised endpoint and a full-on data breach."<br><br>Additionally, it should offer users the ability to easily create new <a href="https://www.techtarget.com/searchsecurity/tip/Use-the-CIA-triad-to-shape-security-automation-use-cases">automated workflows</a>, Pollard said, based on APIs the vendor has already built under the hood.<br><br>"Ultimately, it would be a lot better for us as practitioners if we could spend our time building workflows and not plumbing," he added, referring to under-the-hood engineering required to enable cross-platform workflows. "The plumbing stuff is really important, but if you're paying platform prices, Mario and Luigi better have already taken care of that for you."</li> <li><b>Built-in integrations. </b>While standalone tools <a href="https://www.techtarget.com/searchsecurity/tip/Streamline-SecOps-with-SOAR-workflows-and-playbooks">require SOAR to communicate</a> and work cooperatively, platform tools should interconnect natively. Crucially, the Forrester analysts said, the platform model shifts the integration burden to the provider. It should enable an organization to avoid middleware costs, minimize consulting fees and reduce the maintenance and management burden on the SecOps team.<br><br>"That's one of the biggest takeaways of this research: If you go with a platform, you should not have to burn consulting hours or development time on your platform," Pollard said. "If the vendor's done their job, all of that is happening underneath the hood. And if it's not, you're not getting a platform. You're getting messaging about a platform, which is very, very different."</li> </ul> <ul class="default-list"> <li><b>Context. </b>Because platforms have fewer integration gaps, they should also have fewer blind spots and offer better context for understanding the security environment.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Enhance functionality and experience with third-party integrations through marketplaces and extensions"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Enhance functionality and experience with third-party integrations through marketplaces and extensions</h2> <p>A platform should also offer third-party integrations with deep, bidirectional telemetry, Burns said.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> That's one of the biggest takeaways of this research: If you go with a platform, you should not have to burn consulting hours or development time on your platform. </figure> <figcaption> <strong>Jeff Pollard </strong>Analyst, Forrester </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>"Ask them whether they prioritize integrations with their competitors," she added. "Because if there's just a bunch of ecosystem stuff from their own platform, that's not a platform, that's just a walled garden. They should be able to meet you where you are."</p> <p>Also, be sure to research who wrote relevant modules, Pollard added. Customer-written modules might not always stay up to date.</p> </section> <section class="section main-article-chapter" data-menu-title="Present financial advantages to the customer"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Present financial advantages to the customer</h2> <p>Finally, a platform should bundle multiple security controls into a better, more useful and more cost-effective package, the analysts said. If a platform offering doesn't carry discounts or other financial incentives, it <a href="https://www.techtarget.com/searchsecurity/tip/Cut-through-cybersecurity-vendor-hype-with-these-tips">might be a marketing strategy</a>.</p> <p>"Vendors have shareholders," Pollard said. "So, the 'platform' story is not necessarily a story designed to benefit you. It might be a story designed to benefit them."</p> <p>The bottom line: Proceed with healthy skepticism, the Forrester analysts urged CISOs, and hold vendors' feet to the fire.</p> <p>"Simply calling something a platform does not make it so," Burns said. "So, if you're in the evaluation phase and what you're looking at lacks integrations, lacks a shared data model, lacks clear efficiency and productivity gains, then recognize it for what it is. It's just an opportunity to stamp your buzzword bingo card."</p> <p><em>Alissa Irei is senior site editor of Informa TechTarget Security.</em></p> </section> The cybersecurity market is booming with countless vendors claiming to offer unified platforms. Here's how to separate the real deal from empty marketing. https://cdn.ttgtmedia.com/rms/onlineimages/toolGearArrow_g1157744678.jpg https://www.techtarget.com/searchsecurity/feature/CISO-checklist-Cybersecurity-platform-or-marketing-ploy Fri, 10 Apr 2026 14:58:00 GMT <p>CISOs are well aware that next-generation firewalls protect their organizations by detecting a wide variety of security incidents, responding to cyberattacks, monitoring network activity and enforcing enterprise policies. NGFWs are also necessary when organizations embrace zero-trust architectures.<br><br>To take advantage of everything <a href="https://www.techtarget.com/searchsecurity/definition/next-generation-firewall-NGFW">NGFWs</a> have to offer, security leaders must balance deployment architecture planning, budgeting and ROI. Let's examine some best practices to help CISOs successfully deploy and maintain their NGFW.</p> <section class="section main-article-chapter" data-menu-title="Deployment architecture"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Deployment architecture</h2> <p>Most NGFW products are available in <a href="https://www.techtarget.com/searchsecurity/feature/The-five-different-types-of-firewalls">multiple deployment models</a>: hardware appliances, software to install on an organization's hardware, cloud-based software and cloud-based SaaS. In most cases, an organization can use these models within a single deployment architecture. For example, this might include a SaaS NGFW to monitor cloud-based network traffic, an NGFW hardware appliance to monitor traffic in on-premises data centers, and a single interface to manage all NGFWs.</p> <p>Designing the deployment architecture necessitates choosing which deployment model to use at logical network ingress and egress points, including boundaries between two organizational networks. Factors to consider include the following:</p> <ul class="default-list"> <li><b>Scalability</b>. CISOs must consider the organization's future scaling needs. For example, choose a software-based NGFW deployment model if the network's throughput is expected to increase in the next few years.</li> <li><b>Monitoring.</b> Consider teams' ability to efficiently monitor network traffic in existing locations versus rerouting traffic to pass through NGFWs in other locations.</li> <li><b>Reliability.</b> Teams should understand the reliability requirements for any deployment and how to achieve them -- for example, load-balancing across multiple hardware firewalls or cloud instances.</li> <li><b>Control.</b> Assess the degree of control required over NGFW deployments -- from monitoring and managing all NGFWs on-premises to enlisting a service provider to monitor and manage all NGFWs.</li> <li><b>Features.</b> Consider the ability to add <ins datetime="2026-04-09T14:22" cite="mailto:Shea,%20Sharon"><a href="https://www.techtarget.com/searchsecurity/tip/How-to-evaluate-NGFW-products-to-strengthen-cybersecurity"></a></ins><a href="https://www.techtarget.com/searchsecurity/tip/How-to-evaluate-NGFW-products-to-strengthen-cybersecurity">NGFW features and capabilities</a> over time, such as advanced AI technologies, without degrading the tool's performance or reliability.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Budgeting"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Budgeting</h2> <p>Every <a href="https://www.techtarget.com/searchsecurity/feature/Explore-this-NGFW-comparison-of-leading-vendors-on-the-market">vendor's NGFW offerings</a> involve a unique combination of purchases, licensing, subscriptions and features. Reviewing NGFW products can be time-intensive, requiring apples-to-apples comparisons to fully understand the budgetary implications of a deployment model for each network point.</p> <p>The following are some common NGFW acquisition and implementation costs, although some only apply to certain deployment models:</p> <ul class="default-list"> <li>Hardware appliances or commodity hardware to run NGFW software.</li> <li>One-time and recurring licenses and subscriptions, including technical support fees.</li> <li>Deploying tool or service components, such as individual NGFWs and management consoles.</li> <li>NGFW integration with enterprise technologies, including <a href="https://www.techtarget.com/searchsecurity/tip/Security-log-management-and-logging-best-practices">log management systems</a> and identity and access management tools.</li> <li>Training for NGFW implementers, administrators and stakeholders, as well as recurring training fees.</li> <li>Securing the NGFW tool or service and its individual components.</li> <li>Piloting and deployment.</li> <li>Transitioning and retiring legacy technologies.</li> <li>Upgrade costs.</li> <li>Labor costs for managing, monitoring and maintaining NGFWs.</li> </ul> <p>Operational costs vary based on the deployment model. For example, estimating operational costs for cloud-based NGFW deployments is particularly complex. Some NGFW vendors offer sophisticated pricing estimators that take into account the number of NGFWs, optional security services, the volume of network traffic passing through each NGFW, tool architecture, management options and technical support.</p> <p>On-premises deployment models are easier to estimate, as they are based on known investments in similar cybersecurity technologies.</p> </section> <section class="section main-article-chapter" data-menu-title="ROI"> <h2 class="section-title"><i class="icon" data-icon="1"></i>ROI</h2> <p>Capturing the true ROI for NGFWs and <a href="https://www.techtarget.com/searchsecurity/tip/How-to-calculate-cybersecurity-ROI-for-CEOs-and-boards">other cybersecurity technologies</a> is challenging for CISOs. The risk/reward of not having the NGFW versus the cost of the hypothetical cyberattack it would prevent is difficult to define.</p> <p>The value of NGFW technologies can be generally demonstrated by evaluating the reduction in data breaches and thwarted attacks, more efficient incident response times, labor reduction, prevention of reputational damage and more system uptime.</p> <p>Remember, when determining the true ROI for an NGFW, consider whether other cybersecurity technologies would have stopped the incident. If so, it doesn't mean the NGFW didn't provide value, as it's always advisable to have multiple control layers in place as a failsafe. It just means the NGFW's ROI isn't as high as it would have been had it been the only tool used.</p> <p><i>Karen Kent is the co-founder of Trusted Cyber Annex. She provides cybersecurity research and publication services to organizations and was formerly a senior computer scientist for NIST.</i></p> </section> NGFWs are crucial tools for modern security operations, but CISOs need to understand the often complex deployment, maintenance and budgeting implications. https://cdn.ttgtmedia.com/rms/onlineimages/disaster_recovery_g1173579202.jpg https://www.techtarget.com/searchsecurity/tip/Next-generation-firewall-buyers-guide-for-CISOs Thu, 09 Apr 2026 15:42:00 GMT <p>Contact centers and their agents are a critical part of customer service. They're the ambassadors of the organization, responding to large call volumes daily, interacting with customers and collecting feedback to pass on to the business.</p> <p>Modern contact center platforms increasingly use AI-driven analytics, speech recognition and sentiment analysis tools to monitor interactions in real time and identify opportunities to improve both agent performance and customer experience (CX).</p> <p>A contact center monitoring program can help businesses <a href="https://www.techtarget.com/searchcustomerexperience/feature/The-ultimate-guide-to-contact-center-modernization">transition the contact center from an expense center to a strategic asset</a> by ensuring representatives effectively resolve customer issues along with&nbsp;capturing valuable customer feedback. Many companies have a basic QA monitoring program but often struggle with transitioning to a more advanced one. Businesses should identify the benefits of an advanced quality monitoring program and implement key best practices to ensure the program's success.</p> <section class="section main-article-chapter" data-menu-title="What is a contact center monitoring program?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is a contact center monitoring program?</h2> <p>A basic contact center quality monitoring program consists of listening to phone calls between customers and contact center agents and <a href="https://www.techtarget.com/searchcustomerexperience/answer/5-ways-to-improve-call-center-agent-performance">providing feedback to improve agent performance</a>.</p> <p>An advanced QA monitoring program adds three key elements:</p> <ol class="default-list"> <li>Provides insight into why customers call and facilitates action plans to address the root cause of customer inquiries.</li> <li>Identifies <a href="https://www.techtarget.com/searchcustomerexperience/tip/Contact-center-challenges-and-how-to-overcome-them">customers who are frustrated with the company</a> and might decide to do business with a competitor.</li> <li>Analyzes the tools that agents use and implements enhancements to those tools that improve the agent experience and provide more accurate and timely responses to customers.</li> </ol> <p>&nbsp;Many organizations now augment traditional QA monitoring programs with AI-driven analytics tools that automatically analyze call transcripts and customer sentiment.</p> </section> <section class="section main-article-chapter" data-menu-title="What are the benefits of contact center monitoring?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What are the benefits of contact center monitoring?</h2> <p>A contact center is the place where the voice of the customer is heard. It's the one place in the organization where a large number of customers reach out and, in most cases, provide unsolicited feedback to the company. A well-designed contact center monitoring program provides a valuable opportunity to identify customer pain points and gather intelligence with the goal of improving products, services and overall CX.</p> <p>Retaining existing customers is typically less expensive than acquiring new ones, so it's critical to <a href="https://www.techtarget.com/searchcustomerexperience/tip/How-to-improve-the-contact-center-experience-for-customers">identify areas for improvement in the current customer</a> base to increase retention and reduce costs. Contact center monitoring also provides real-time information at a much more granular level than either customer satisfaction or Net Promoter Score surveys, which are performed after the fact and have some level of bias, depending on who does or doesn't respond to a survey request.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineImages/crm-call_center_agent_characteristics.png"> <img data-src="https://www.techtarget.com/rms/onlineImages/crm-call_center_agent_characteristics_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineImages/crm-call_center_agent_characteristics_mobile.png 960w,https://www.techtarget.com/rms/onlineImages/crm-call_center_agent_characteristics.png 1280w" alt="Graphic listing key qualities of a contact center agent, including knowledgeable, detail-oriented, organized, flexible, empathetic and effective communicator." height="288" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>Successful contact center agents combine interpersonal and organizational skills such as communication, empathy, flexibility and problem-solving to deliver strong customer service. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="How to start a contact center monitoring program"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to start a contact center monitoring program</h2> <p>Starting and developing a contact center monitoring program require several steps, including the following:</p> <ol class="default-list"> <li>Identify the criteria that is monitored and scored, such as greeting, tone, call documentation and adherence to procedures.</li> <li>Develop a scorecard that measures the items to be monitored.</li> <li>Determine who performs the monitoring, such as a supervisor or QA analyst.</li> <li>Set the frequency of monitoring per agent and when the monitoring occurs.</li> <li>Develop a process to provide feedback to agents.</li> <li>Let the agents know the purpose of the monitoring program and how it works.</li> <li>Test the quality monitoring process end to end.</li> </ol> </section> <section class="section main-article-chapter" data-menu-title="Contact center monitoring best practices"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Contact center monitoring best practices</h2> <p>Successful quality monitoring programs typically include the following best practices.</p> <h3>1. Define quality and the ideal customer interaction</h3> <p>Contact center agents can't provide the proper service to customers if they don't know what the company expects of them. So, it's important for <a href="https://www.techtarget.com/searchcustomerexperience/definition/contact-center-management">contact center management</a> to train employees on what to say and do during a customer interaction before beginning the monitoring process. Scripts for agents are sometimes a contact center practice and other times a legal requirement, but they can help agents start off on the right foot by giving them a roadmap of what to say and how an interaction should be done. When scripts aren't a legal requirement, it's often beneficial to modify and use them as a guideline and make them less robotic-sounding to better serve customers.</p> <h3>2. Decide what customer service metrics are most important</h3> <p>Businesses shouldn't try to measure everything. Contact center managers need to <a href="https://www.techtarget.com/searchcustomerexperience/tip/Top-7-call-center-agent-performance-metrics-to-track">decide what metrics they value the most</a> and communicate them to their teams before beginning the quality monitoring process. Some metrics include first-contact resolution (<a href="https://www.techtarget.com/searchcustomerexperience/definition/first-call-resolution-FCR">FCR</a>), average handle time (AHT), average speed to answer, repeat call rate, calls answered per hour and agent utilization rate. If a contact center, for example, strives for FCR but also expects low AHT, it might be disappointed. The goal of FCR is to resolve customer issues with one phone call, eliminating the need for repeat calls and increasing customer satisfaction. But AHT might be longer as agents work to address the problem.</p> <h3>3. Provide feedback to agents on 100% of monitored calls</h3> <p>For calls that businesses monitor via analytics, a scorecard, which measures customer service and agent performance, should be sufficient. However, companies should <a href="https://www.techtarget.com/searchcustomerexperience/tip/How-to-manage-remote-call-center-agents">provide agents with timely feedback and coaching</a> on monitored calls instead of waiting for a monthly review. It's also important for companies to provide agents direct feedback from customers. Companies need to offer agents feedback and coaching in areas of strength and opportunity. Some contact center platforms now use AI-driven coaching tools that automatically identify performance trends and recommend targeted training opportunities for agents.</p> <h3>4. Enable agents to listen to and score their own phone calls</h3> <p>In many cases, agents are the toughest critics of their own work. They should have the opportunity to hear how they sound and interact with customers.</p> <h3>5. Include side-by-side monitoring</h3> <p>Side-by-side monitoring enables analysts and supervisors to interact with agents and ask questions immediately following a phone call. Contact center management can then gather additional valuable insight into specific actions during the customer interaction, including any gaps in the tools agents use.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineImages/searchcrm_callcenter.jpg"> <img data-src="https://www.techtarget.com/rms/onlineImages/searchcrm_callcenter_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineImages/searchcrm_callcenter_mobile.jpg 960w,https://www.techtarget.com/rms/onlineImages/searchcrm_callcenter.jpg 1280w" alt="Two contact center agents wearing headsets review information on a computer screen while other agents work at nearby stations."> <figcaption> <i class="icon pictures" data-icon="z"></i>Supervisors and analysts often review agent interactions together during contact center monitoring to evaluate performance and identify coaching opportunities. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>6. Use a different quality form for each customer service channel</h3> <p>Contact centers interact with customers across multiple channels, including phone, email, mobile apps, chat and social media. It's necessary to <a href="https://www.techtarget.com/searchcustomerexperience/tip/Best-practices-for-contact-center-quality-assurance">create different QA forms for each channel</a> to gather appropriate insights. On a QA monitoring form for phone calls, for example, one question might be about an agent's active listening skills. While that question is appropriate for a phone call, it might not provide any value for an email interaction.</p> <h3>7. Save examples of excellent customer interactions</h3> <p>Contact center managers monitoring agent performance inevitably come across some examples of excellent service and support that should be saved for later review and shared during training sessions. Contact centers can use these gold-standard examples as training tools for new agents and <a href="https://www.techtarget.com/searchcustomerexperience/answer/Nine-skills-every-call-center-agent-job-requires">agents who need to brush up on their skills</a> by highlighting the language and techniques that helped create outstanding CX.</p> </section> <section class="section main-article-chapter" data-menu-title="Technologies to support advanced contact center monitoring"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Technologies to support advanced contact center monitoring</h2> <p>A basic contact center monitoring program requires a technical foundation of quality monitoring software, which is included in many <a href="https://www.techtarget.com/searchcustomerexperience/definition/contact-center-as-a-service-CCaS">contact center-as-a-service</a> platforms and provided as a standalone tool by many vendors. This technology enables a team to listen to a sample of recorded phone calls and score each one using an electronic form.</p> <p>The first step in enhancing a monitoring program is to add the capability of capturing contact center agents' computer screens when recording a call. Screen captures enable analysts to do the following:</p> <ul type="disc" class="default-list"> <li>Observe how agents interact with desktop tools.</li> <li>Identify areas where agents can improve a process or transaction.</li> <li>Determine how businesses can improve desktop systems and tools to streamline processes and improve CX.</li> </ul> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineImages/crm-call_center_technologies.jpg"> <img data-src="https://www.techtarget.com/rms/onlineImages/crm-call_center_technologies_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineImages/crm-call_center_technologies_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineImages/crm-call_center_technologies.jpg 1280w" alt="List of technologies aiding contact center monitoring" height="292" width="279"> <figcaption> <i class="icon pictures" data-icon="z"></i>Speech analytics software facilitates contact center monitoring. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>The next step is to use <a href="https://www.techtarget.com/searchcustomerexperience/definition/speech-analytics">speech analytics</a> software to increase the number of calls monitored without requiring more staff to perform the function. Speech analytics can help increase the volume of quality monitors, especially at the agent level, and automate the call scoring process. With an increased number of monitors, patterns showing where an agent may be struggling with a specific type of inquiry can be more easily identified.&nbsp;</p> <p>Speech analytics provides several benefits beyond the ability to monitor a higher volume of calls. It can be used to identify the root cause of phone calls, which is more effective than analyzing disposition codes entered by an agent. Businesses can run a query, for example, that provides 100 calls in which customers have similar issues with a product. Analysts can listen to those calls, identify the root cause of a problem with a product or service, and resolve it.&nbsp;</p> <p>Speech analytics can also analyze phone calls for specific words, phrases, patterns and tones and provide reports. A word cloud, for example, is a collection of words depicting the frequency they appear in calls so companies can better identify customer expectations and sentiment communicated during calls. In more advanced real-time speech analytics, AI analytical capabilities are used in real time to identify calls in which the agent or <a target="_blank" href="https://www.dialora.ai/blog/ai-voice-frustration-detection-call-centers" rel="noopener">customer is becoming frustrated</a> and notify a supervisor to assist in handling the call.</p> <p>Many modern contact center platforms also incorporate real-time agent assist tools that analyze conversations during live calls and recommend next best actions.</p> <p>As contact center technology evolves, monitoring programs are becoming more data-driven and automated. Organizations that combine traditional monitoring practices with modern analytics tools can gain deeper insight into customer behavior and service gaps.</p> <p><b>Editor's note:</b> <i>This article was updated to reflect the latest developments in contact center monitoring tools, techniques and practices.</i></p> <p><i>Scott Sachs is president and founder of SJS Solutions, a consultancy that specializes in contact center strategy assessments and technology selection.</i></p> </section> A well-designed monitoring program identifies customer pain points and gathers valuable intelligence that can improve agent performance and CX, as well as products and services. https://cdn.ttgtmedia.com/rms/onlineimages/customer_service03.jpg https://www.techtarget.com/searchcustomerexperience/tip/Best-practices-for-call-center-monitoring Thu, 09 Apr 2026 10:00:00 GMT <p>John Kindervag opened his session at RSAC 2026 Conference with a compelling proposition: The advent of life insurance offered a new motivation to commit murder.</p> <p>The Forrester alumnus, who is widely credited as the creator of the zero-trust security model, and current chief evangelist at Illumio, argued that, while murder has always been part of society, life insurance layered a financial incentive on top of an ancient crime.</p> <p>Today, he said, that equates to <a href="https://www.techtarget.com/searchsecurity/definition/cybersecurity-insurance-cybersecurity-liability-insurance">cyber insurance</a> giving digital criminals a lucrative new reason to escalate the decades-old practice of <a href="https://www.techtarget.com/searchsecurity/definition/ransomware">ransomware</a> fraud.</p> <section class="section main-article-chapter" data-menu-title="Ransomware evolves"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Ransomware evolves</h2> <p>The ransomware age dawned in 1989. An evolutionary biologist, Joseph L. Popp, distributed thousands of floppy disks, labeled as legitimate research software, to attendees of a World Health Organization AIDS conference. Once installed, the program on the disks -- later dubbed the AIDS Trojan -- lay dormant until activated after a predetermined number of system reboots. The malware hid directories and encrypted file names with symmetric encryption, rendering the computer unusable. Victims were presented with a message to send a $189 payment to a P.O. box in Panama to regain access.</p> <p>As computing and networks have grown more sophisticated, so have the <a href="https://www.techtarget.com/searchsecurity/feature/The-history-and-evolution-of-ransomware">technologies and methods employed in ransomware schemes</a>.</p> <p>In the early 2000s, basic file-renaming and locking techniques were replaced by asymmetric encryption. Distribution became easier as email attachments and <ins datetime="2026-04-07T10:47" cite="mailto:Livingston,%20Richard"><a href="https://www.techtarget.com/searchsecurity/definition/botnet">botnets</a></ins> offered new methods to infect systems. Payment, too, became easier as <ins datetime="2026-04-07T10:49" cite="mailto:Livingston,%20Richard"><a href="https://www.techtarget.com/searchsecurity/post/How-cryptocurrencies-enable-attackers-and-defenders">cryptocurrencies</a></ins> provided anonymity without banking oversight. In 2019, extortion became a popular tactic; beyond just encrypting and locking data, attackers now stole it and threatened to publish it or leak it on the dark web.</p> <p>By the 2020s, innovation had reached breakneck speed, with <ins datetime="2026-04-07T10:49" cite="mailto:Livingston,%20Richard"><a href="https://www.techtarget.com/searchsecurity/tip/How-AI-malware-works-and-how-to-defend-against-it">AI-fueled cyberattacks</a></ins> enabling large-scale, multivector data exfiltration and extortion from even the most secure government agencies and global enterprises.</p> </section> <section class="section main-article-chapter" data-menu-title="The dawn of cyber insurance"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The dawn of cyber insurance</h2> <p>The cyber insurance industry rose in parallel with greater reliance by businesses on the internet and electronic storage, as well as the growth of emerging cybersecurity threats.</p> <p>Commercial insurers began experimenting with coverages in the 1990s, offering narrow third-party liability policies covering damage caused by hacker-induced breaches. By the end of the decade, insurers were issuing the first widely marketed cyber insurance policies, covering <a href="https://www.techtarget.com/searchsecurity/tip/How-to-calculate-the-cost-of-a-data-breach">data breach response and business interruption costs</a>. In the 2000s, more companies began offering products and began selling first-party coverage that insured policyholders and other parties affected by cyber incidents.</p> <p>The industry has been maturing ever since, <a href="https://www.techtarget.com/searchsecurity/tip/Cyber-insurance-explained-from-selection-to-post-purchase">expanding product portfolios</a> to include breach notification, credit monitoring, regulatory defense, ransomware negotiation, supply chain coverage and extortion protections. As the threat landscape has become more perilous, premiums have spiked. According to Kindervag, the market has grown 40-fold in the past 20 years and is presently estimated at nearly $21 billion.</p> </section> <section class="section main-article-chapter" data-menu-title="The business of it all"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The business of it all</h2> <p>According to the "Resilience 2025 Midyear Cyber Risk Report," ransomware-related incidents were responsible for more than 90% of losses in the first half of 2025.</p> <p>Kindervag was quick to point out that both insurers and ransomware threat actors are motivated by the same thing, relaying a conversation with a cyber insurance executive who explained, "I could deny every claim. I'm not going to do that, because all I have to do is make sure I'm making more money than I'm paying out. It's a business to me. I'm not trying to transfer risk. I'm trying to make money. So as long as the financial equation works, we're going to keep making ransomware policies."</p> <p>The largest portion of many cybersecurity budgets, Kindervag stated, is dedicated to paying ransomware. In 2018, companies paid about $39 million to have their data released, and within five years, that figure had ballooned to <a href="https://go.chainalysis.com/2025-Crypto-Crime-Report.html" target="_blank" rel="noopener">more than $813 million</a>. Even when paying such staggering amounts, it behooves insurance companies to limit the number of riders on their policies, so paying premiums still makes sound business sense for their commercial policyholders.</p> <p>"For some companies," Kindervag said, "They just consider [ransomware] part of doing business."</p> </section> <section class="section main-article-chapter" data-menu-title="How much you got?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How much you got?</h2> <p>With a large, successful industry of commercial insurers willing to pay ransomware demands for their customers, criminals have grown bolder but also more pragmatic. They know insurers are willing to pay and can often determine the coverage amounts enterprises carry through data breaches and other methods. The result is an underground group of ransomware actors who can bypass the <a href="https://www.techtarget.com/searchsecurity/feature/Ransomware-negotiation-Does-it-work-and-should-you-try-it">negotiation phase</a> when holding data or systems hostage. Rather than engage in time-consuming haggling, they simply ask for the amount they know will be paid to the victim.</p> <p>"They're coming up and asking you how much money you are getting," Kindervag said. "That's how much we are going to charge you. Not a penny more. They don't want extra. They just want what's coming to them, what's fair in their world. They're a business just like you're a business."</p> <p>Several years ago, for example, the ransom note sent with Hardbit ransomware read, "If you told us anonymously that your company was insured for $10 million and other important details regarding insurance coverage, we would not demand more than $10 million in correspondence with the insurance agent."</p> <p>Kindervag summarized the situation, "Ransomware amounts increased 2.8 times if the victims had insurance coverage. Think of that as a data point. The fact that you had insurance increased the amount of money you were going to pay for ransomware."</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Ransomware amounts increased 2.8 times if the victims had insurance coverage. Think of that as a data point. The fact that you had insurance increased the amount of money you were going to pay for ransomware. </figure> <figcaption> <strong>John Kindervag</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> </section> <section class="section main-article-chapter" data-menu-title="A policy problem"> <h2 class="section-title"><i class="icon" data-icon="1"></i>A policy problem</h2> <p>Kindervag didn't let enterprises off the hook in his session. He attested that bad policy enables ransomware events. When security professionals have poor visibility into systems and controls are in the wrong places, threat actors can gain the access needed to hold companies hostage. If an attacker has a long dwell time to gather the information needed to breach sensitive data, that is simply poor security policy.</p> <p>Those policies, he argued, have played a significant role in the explosive proliferation of ransomware events. Because the cyber insurance business model does not necessarily reward stringent cybersecurity models, that industry has also been instrumental in the rise of ransomware.</p> <p>Kindervag advocated <a href="https://www.techtarget.com/searchsecurity/The-ultimate-guide-to-cybersecurity-planning-for-businesses">strong cybersecurity first</a>. But if security policies are insufficient to stop ransomware attempts, he advised companies not to stand on principle because at that point it's too late. "This is the end of the chain. You failed at the beginning with policy, and now you're paying the price for having bad policy."</p> <p><i>Richard Livingston is an editor with Informa TechTarget's SearchSecurity site, covering cybersecurity news, trends</i><i> and analysis.</i></p> </section> At RSAC 2026, John Kindervag proposed the idea that the rise of the cyber insurance industry has motivated ransomware threat actors to escalate their attacks and ask for more. https://cdn.ttgtmedia.com/rms/onlineimages/ransom_g1263014701.jpg https://www.techtarget.com/searchsecurity/feature/RSAC-2026-Cyber-insurance-and-the-rise-of-ransomware Wed, 08 Apr 2026 16:15:00 GMT 60 webmaster@techtarget.com