News for today:
- More data theft and extortion in manufacturing. A new study by Sophos found that manufacturers are doing better at stopping ransomware attacks before data is encrypted, but in response adversaries are shifting to data theft and extortion-only tactics. 40% of attacks on manufacturers resulted in data encryption, the lowest level in five years and down from 74% last year. However, extortion only attacks surged to 10% from just 3% in 2024 as attackers increase reliance on data theft for leverage. Sophos
- BeyondTrust and Ping Identity. BeyondTrust and Ping Identity introduced a combined offering in the AWS Marketplace, to help large organizations unify identity security. The combined offering is supposed to reduce procurement hassles. Customers can now use this unified solution to automate identity decisions across human and non-human identities, enforce just-in-time least privilege, and modernize Zero Trust initiatives with dramatically reduced deployment complexity. BeyondTrust
- More MCP security protections from Salt. Salt Security increased the protections available in its MCP Finder offering for MCP servers deployed in the AWS ecosystem. With this new capability, Salt enables customers to use their existing AWS WAF deployments to block attacks on MCP infrastructure. The protections are informed by real-time behavioral threat data from Salt’s platform. Salt Security
- On lagging AI security preparedness. A new research report from Cato Networks confirms that security preparedness for AI deployments is lagging at most organizations. 69 percent of respondents report that they lack a monitoring system for AI adoption. Most enterprises remain oblivious to the AI tools that employees are using, what data they are sharing, and what compliance risks may be emerging. This governance gap extends beyond oversight and monitoring. Only 13 percent of respondents consider their organization’s management of shadow AI risks as “highly effective.” Less than one in ten respondents (9 percent) think the organization has a “highly effective” defense against AI-generated cyber threats such as deepfakes, hallucinations, and prompt injection attacks. Cato Networks.