Cybersecurity Risks

🇷🇺 🗞️ How Russia selectively controls the impunity enjoyed by Cybercriminals: an enlightening report issued this week by INSIKT Group / Recorded Future, documenting how the Russian cyber-criminal ecosystem shifted from broad tolerance to managed control. 🔎 Research from May 2024–Sept 2025 using data from dark-web forums, leaked chats, public enforcement.. It sheds light on Operation Endgame, a multinational takedown effort from May 2024 & shows how it changed ground dynamics 🔹It targeted loaders, enablers, money-mules and infrastructure 🔹The actions signalled to the ecosystem: the cost-benefit calculus for operating from/within Russia has shifted; enforcement is not zero-risk. 🔹The selective pressure triggered changes in the underground: fragmentation, tighter vetting, paranoia, evolving ransomware TTPs, group rivalries, payment/target strategies 🔹The “politics of protection” = enforcement or lack thereof signals which actors are expendable and which are strategically useful. Take-aways 1️⃣ A managed market 🔹 🇷🇺cyber-criminal ecosystem has evolved from near-blanket tolerance toward selective State management: actors with little strategic value are targeted, those providing intelligence, geopolitical leverage & state utility are insulated. 🔹protection no longer depends on location. 🔹Direct, task-level coordination between cyber-criminal leadership and Russian intelligence. In addition, the“Dark Covenant” model (direct, indirect, tacit links) remains operative. 2️⃣ Underground ecosystem adapts 🔹Affiliates are less visible; open-call RaaS (ransomware-as-a-service) programs declined in public forums 🔹Operators have heightened vetting: deposits, KYC-lite checks, stricter inactivity rules. 🔹Business rules: some ransomware programs explicitly exclude nonprofits, healthcare, government entities; minimum ransom demands; anti-collision rules. These act as both reputational hedges and political boundary markers. 🔹Impersonator groups proliferate: façade ransomware groups or “scam” groups trying to ride brand equity = erodes trust & raises barriers to entry. 🔹Forum discussions show increased emphasis on OPSEC: moving to decentralized communication: burner phones, hidden volumes.. 3️⃣ Enforcement signals / “politics of protection” • Russian authorities have taken visible action against certain monetisation/enabler nodes (e.g., Cryptex, UAPS) • By contrast, core high-value ransomware groups (Conti, Trickbot) have avoided this= insulation via state-links. 4️⃣ Cyber-criminal groups are increasingly embedded in Russia’s geopolitical strategy 🔹 arrests, releases, negotiations align with diplomatic cycles, prisoner exchanges. 🔹Cyber-crime = a hybrid instrument of state influence, intelligence gathering, plausible deniability & leverage. ➡️ defenders should understand the state-criminal bargain 🔹Disruption strategies need to target also the enablers (cash-out, money-laundering, hosting) 📰 ☕️ enjoy the weekend read!

🚨 New OMB Report on Post-Quantum Cryptography (PQC)🚨 The Office of Management and Budget (OMB) has released a critical report detailing the strategy for migrating federal information systems to Post-Quantum Cryptography. This report is in response to the growing threat posed by the potential future capabilities of quantum computers to break existing cryptographic systems. **Key Points from the Report:** 🔑 **Start Migration Early**: The report emphasizes the need to begin migration to PQC before quantum computers capable of breaking current encryption become operational. This proactive approach is essential to mitigate risks associated with "record-now-decrypt-later" attacks. 🔑 **Focus on High-Impact Systems**: Priority should be given to high-impact systems and high-value assets. Ensuring these critical components are secure is paramount. 🔑 **Identify Early**: It's crucial to identify systems that cannot support PQC early in the process. This allows for timely planning and avoids migration delays. 🔑 **Cost Estimates**: The estimated cost for this transition is approximately $7.1 billion over the period from 2025 to 2035. This significant investment underscores the scale and importance of the task. 🔑 **Cryptographic Module Validation Program (CMVP)**: To ensure the proper implementation of PQC, the CMVP will play a vital role. This program will validate that the new cryptographic modules meet the necessary standards. The full report outlines a comprehensive strategy and underscores the federal government’s commitment to maintaining robust cybersecurity in the quantum computing era. This is a critical step in safeguarding our digital infrastructure against future threats. #Cybersecurity #PQC #QuantumComputing #FederalGovernment #Cryptography #DigitalSecurity #OMB #NIST

Nation-states don’t exploit weak security. They exploit workplace dynamics. I know, because this is exactly how I recruited insiders. Espionage doesn’t start with secrets. It starts with validation. A compliment at the right moment. A shared frustration. Someone who listens when your company doesn’t. That’s not spycraft. That’s just a Tuesday at work. I never asked for sensitive information up front. I asked what was broken. Who made their job harder than it needed to be. What they would fix if anyone actually listened. They thought they were venting. I was mapping access, influence, and motivation. That’s called elicitation. Companies like to believe insider threats come from “bad actors.” They don’t. They come from good employees in very human moments: burnout, loyalty conflict, money stress, bruised ego, identity cracks, resentment that’s been quietly fermenting. And yes, your highest performers were always my favorite targets. They were trusted. They were visible. They had access. And they cared enough to talk. Remote work didn’t invent this. It removed friction. You trained people to network. We trained people to recruit. Same skills. Different intent. If your organization still treats espionage as a cyber problem or a personality flaw, you’re already behind. Because the easiest way into your organization was never through the firewall. It was through someone who finally felt understood. #InsiderThreat #HumanRisk #Espionage #TrustIsASystem #Cybersecurity #Leadership #HR *Photo of me back in the day, post deployment*

Three weeks ago, our Devsinc security architect, walked into my office with a chilling demonstration. Using quantum simulation software, she showed how RSA-2048 encryption – the same standard protecting billions of transactions daily – could theoretically be cracked in just 24 hours by a sufficiently powerful quantum computer. What took her classical computer billions of years to attempt, quantum algorithms could solve before tomorrow's sunrise. That moment crystallized a truth I've been grappling with: we're not just approaching a technological evolution; we're racing toward a cryptographic apocalypse. The quantum computing market tells a story of inevitable disruption, surging from $1.44 billion in 2025 to an expected $16.22 billion by 2034 – a staggering 30.88% CAGR that signals more than market enthusiasm. Research shows a 17-34% probability that cryptographically relevant quantum computers will exist by 2034, climbing to 79% by 2044. But here's what keeps me awake at night: adversaries are already employing "harvest now, decrypt later" strategies, collecting our encrypted data today to unlock tomorrow. For my fellow CTOs and CIOs: the U.S. National Security Memorandum 10 mandates full migration to post-quantum cryptography by 2035, with some agencies required to transition by 2030. This isn't optional. Ninety-five percent of cybersecurity experts rate quantum's threat to current systems as "very high," yet only 25% of organizations are actively addressing this in their risk management strategies. To the brilliant minds entering our industry: this represents the greatest cybersecurity challenge and opportunity of our generation. While quantum computing promises revolutionary advances in drug discovery, optimization, and AI, it simultaneously threatens the cryptographic foundation of our digital world. The demand for quantum-safe solutions will create entirely new career paths and industries. What moves me most is the democratizing potential of this challenge. Whether you're building solutions in Silicon Valley or Lahore, the quantum threat affects us all equally – and so does the opportunity to solve it. Post-quantum cryptography isn't just about surviving disruption; it's about architecting the secure digital infrastructure that will power humanity's next chapter. The countdown has begun. The question isn't whether quantum will break our current security – it's whether we'll be ready when it does.

The growing complexity of supply chain interdependencies is creating significant cybersecurity risks. In my latest article for the World Economic Forum’s Centre for Cybersecurity, I outline five key risk factors and what organisations must do to mitigate them: 1️⃣ Cyber Inequity – Large organisations are improving cyber resilience, but SMEs remain vulnerable. They must view cybersecurity as a business priority, while industry collaboration and policy support can help bridge the gap. 2️⃣ Limited Supply Chain Visibility – Expanding supply chains make it harder to assess supplier security. Without clear incentives, compliance gaps persist, increasing exposure to cyber threats. 3️⃣ Third-Party Software Vulnerabilities – AI and open-source adoption introduce new risks, yet only 37% of organisations assess AI tool security before deployment. A structured security framework is essential. 4️⃣ Dependence on Critical Providers – Over-reliance on a few key suppliers creates systemic points of failure. Resilient IT architectures and strong business continuity planning are critical. 5️⃣ Geopolitical Risks – Cyber threats are increasingly shaped by global tensions, disrupting supply chains and increasing attack sophistication. Organisations must integrate geopolitical risk assessments into their cybersecurity strategies. 𝗪𝗵𝗮𝘁’𝘀 𝗡𝗲𝘅𝘁? Organisations must prioritize visibility, support smaller partners, and invest in resilience. Strong business continuity planning, robust IT management, and proactive threat detection are non-negotiable. Cybersecurity is not just an IT issue—it’s a strategic imperative. Read the full article here: https://lnkd.in/g-yQ2QRa #CyberSecurity #SupplyChain #AI #RiskManagement

New Cyber Case - HOT OFF THE PRESS - ASIC v FIIG Securities Limited Another Australian Financial Services (AFS) Licence holder being held to account under the #CorporationsAct by ASIC in filings lodged yesterday in the Federal Court of Australia for "systematic and prolonged cybersecurity failures". As it is so often, it's not about the breach - it's about the failure to take adequate steps to protect an organisation against cybersecurity risks. Yes, that resulted in a breach, but that isn't the only reason why ASIC brought proceedings. The Concise Statement sets out some useful tests and insights into what ASIC will consider as 'adequate' and 'reasonable' in the circumstances and how they allege these were not in place in this case. These include: - the nature of the business being carried out (in this case a AFS licence holder) - consideration of the nature and extent of the information held by the Defendant including the personal information (which included tax file numbers, Medicare numbers, bank account details in addition to the more common types of personal information) - the value of assets under its control - the likelihood that it would be the target of cyber intrusions and the potential consequences if that were to be successful What ASIC considers are 'adequate' cybersecurity measures for a business such as the Defendant is set out in Annexure A of the Concise Statement - but they include having adequate financial, technological and human resources to implement the cybersecurity measures and to comply with its legal obligations. Put simply - enough budget, the right systems and tools (and properly implemented), and enough people (including outsourced). The missing measures allegedly included: - an adequate, up to date and tested incident response plan - privileged access management controls - vulnerability scanning - next-gen firewalls - EDR - patched and updated systems - MFA - a properly configured SEIM system with monitoring by appropriately skilled personnel - security awareness training - processes to review and evaluate the effectiveness of the cyber security - controls ASIC also raises concerns with the Defendant's response to the incident when they were notified by the Australian Signals Directorate. It took almost a week from notification to beginning to investigate what turned out to be a major breach with 358GB of data exfiltrated. The recovery then took months and impacted on the Defendant's ability to provide its financial services. https://lnkd.in/gtfPehCJ #cybersecurity #cyberbreach #cyberlaw #AFSL #ASIC

📢 Securing Tomorrow, Today: Transitioning to Post-Quantum Cryptography Preparing for the quantum threat should be considered an integral aspect of cyber security risk management. A joint statement from partners from 18 EU member states, mostly national security agencies from EU countries including Federal Office for Information Security (BSI), CCN-CERT Centro Criptológico Nacional, Ministerie van Binnenlandse Zaken en Koninkrijksrelaties, and more. Highlights: 👉 Preparing for the quantum threat should be considered an integral aspect of cyber security risk management 👉 Two main threat scenarios are currently of concern: 🧨 the 'store-now, decrypt-later' scenario 🧨 long migration periods 👉 The organizations urge public administration, critical infrastructure providers, IT providers, as well as all of industry, to make the transition to post-quantum cryptography a top priority and start the transition now. 👉 Steps to take: ✔ perform a quantum threat analysis consisting of an inventory of the assets they need to protect as well as the applications that use cryptography ✔ develop a risk-oriented roadmap for executing the transition ✔ plan the migration ✔ promote the continuation of the extensive research on post-quantum cryptography and standardization efforts The position paper concludes encouraging active engagement from all EU member states in this work stream throughout the process of preparing a roadmap for the transition to Post-Quantum Cryptography to ensure the quantum resilience of the European Union’s digital infrastructures. https://lnkd.in/digw4kcb #cybersecurity #postquantum #cryptography #risk

A U.S. drone just vanished over the Strait of Hormuz and nobody can clearly explain what happened, and that should immediately raise concern across the defense, drone warfare, and national security community. According to reporting from Forbes, an advanced American unmanned aerial system went dark in one of the most strategically monitored regions in the world without a confirmed shoot down, recovery, or mechanical failure. That detail matters because in modern drone warfare the most dangerous outcome is not destruction, it is denial. Electronic warfare, GPS spoofing, and signal disruption are rapidly emerging as the preferred methods to neutralize high value ISR platforms, allowing adversaries to disable U.S. drone operations without triggering escalation. If a drone loses communication, navigation, or data transmission, the mission is already over, and that reality is beginning to expose critical vulnerabilities in how the United States operates unmanned systems in contested environments. This incident signals a much larger shift in modern warfare where expensive, high end drones are increasingly vulnerable to low cost countermeasures, creating a dangerous cost imbalance that favors adaptation over dominance. From firsthand experience operating in air defense environments and engaging hostile drone threats, the most dangerous moment is not when a drone is detected, it is when it disappears from the feed entirely. That loss of visibility creates hesitation, uncertainty, and risk across the entire battlespace. This is exactly why Cobalt Academy LLC is focused on preparing operators for contested drone warfare environments where jamming, signal loss, and degraded communications are the baseline, not the exception. The future of drone warfare will not be defined by the most advanced platform, but by the systems and operators that can continue to function when everything starts to fail. #DroneWarfare #UAS #CounterUAS #ISR #ElectronicWarfare #AirDefense #DefenseTech #MilitaryTechnology #NationalSecurity #CobaltAcademy

If “best practices” were enough, why are ransomware attacks still shutting down plants and critical infrastructure? The OT security industry loves buzzwords: “Zero Trust will secure everything!” (Most industrial control systems can’t even support modern authentication.) “AI will detect every threat in real-time!” (If it can untangle decades of undocumented network changes.) “Follow best practices and you’ll be secure!” (Except compliance ≠ security, and the best organizations know it.) Where OT Security Strategies Fail 🔹 Security programs are built for frameworks, not business risks. → If your strategy isn’t tied to actual production risks, you’re wasting budget on ineffective controls. 🔹 One-size-fits-all security ignores real threats. → A refinery and a food processing plant face different risks, but security investments are often misallocated. 🔹 Compliance doesn’t stop attacks. → Security maturity is about risk reduction, not passing an audit. What High-Maturity OT Security Looks Like ✅ Prioritized Security Investment—Critical production assets get targeted protection, not generic policies. ✅ Risk-Based Metrics—OT security is measured by downtime prevention and financial exposure, not just compliance scores. ✅ Tested, Not Just Documented—Mature teams simulate real attacks to validate controls. ✅ Integrated Into Operations—Security is part of business continuity planning, not just IT. The Bottom Line: Get Moving or Get Breached The best companies: ✔ Invest in cybersecurity talent that understands operations. ✔ Measure security maturity in business terms. ✔ Focus on execution, not paperwork. The other companies? ❌ Treat compliance as the goal instead of a starting point. ❌ Apply generic security strategies across all sites. ❌ See security as an IT issue rather than a business enabler. If your security program isn’t reducing real risk, it’s just compliance theater. What’s Next? My team and I are in stealth mode, developing a platform to strengthen CNI security against evolving OT threats. Our prototype is coming in April. Watch this space! #CNI #CyberSecurity #OTSecurity