2,000 Palo Alto Firewalls Compromised via New Vulnerabilities
The Shadowserver Foundation reports that approximately 2,000 Palo Alto Networks firewalls have been compromised following the discovery of two new vulnerabilities. Despite a drop in the number of internet-exposed firewalls—from 11,000 on November 10 to 2,700 on November 20—cybercriminals have exploited these flaws in malicious attacks.
Palo Alto Networks identified these issues as CVE-2024-0012, a critical authentication bypass vulnerability, and CVE-2024-9474, a medium-severity flaw allowing attackers to gain root privileges. The two vulnerabilities have been chained in attacks targeting the firewalls' management interfaces.
While patches are now available for PAN-OS versions 11.2, 11.1, 11.0, 10.2, and 10.1, the compromised devices—largely located in the U.S. and India—highlight the urgency of securing management interfaces to mitigate risks.
The company has shared indicators of compromise (IoCs) but has yet to provide details on the perpetrators behind the attacks, dubbed "Operation Lunar Peek." More details about securing firewalls can be found on Palo Alto Networks' website.
Wiz Buys Dazz for $450 Million
Wiz, a leader in cloud security, has acquired Israel-based Dazz for approximately $450 million, aiming to enhance its remediation capabilities. Dazz's AI-powered cloud security remediation engine will bolster Wiz’s existing platform by integrating advanced tools for root-cause analysis and code-level vulnerability fixes.
Dazz, which raised $110 million from investors like Greylock and Insight Partners, was founded by former Microsoft engineers. The startup focuses on AI-driven automation to improve vulnerability management processes.
Wiz CEO Assaf Rappaport praised Dazz's ability to streamline security workflows and correlate risks across various cloud environments. Learn more about Wiz's cloud security solutions on their official website.
After CrowdStrike Outage, Microsoft Debuts ‘Quick Machine Recovery’ Tool
In response to widespread issues like the CrowdStrike Falcon sensor crash earlier this year, Microsoft has announced a Quick Machine Recovery tool. This feature allows IT administrators to execute targeted fixes via Windows Update even when machines are unbootable, eliminating the need for physical intervention.
This new tool will be available to the Windows Insider Program community in early 2025 and is part of Microsoft's broader effort to improve kernel security and reduce vulnerabilities caused by anti-malware software crashes.
Microsoft also revealed new security features for Windows 11, including Credential Guard, BitLocker enabled by default, and Local Security Authority (LSA) protections. More details about these advancements can be found on Microsoft's blog.
RSA’s Innovation Sandbox Now Requires $5 Million Investment from Finalists
The RSA Conference, owned by private equity firm Crosspoint Capital Partners, is shaking up its renowned Innovation Sandbox competition. Starting next year, the 10 finalists must accept a $5 million investment in the form of an uncapped SAFE (Simple Agreement for Future Equity). This move is expected to reshape the event, known as a launchpad for cybersecurity’s most promising startups.
The funding will come from Crosspoint affiliates, raising questions about dilution and investor fit for participants. However, the Sandbox remains a vital platform for innovators, boasting over $16.4 billion in collective investments and 75 acquisitions among past finalists, including Imperva, Phantom, and Talon Cyber Security.
In addition, RSA is launching the RSAC Founders Circle, a mentorship and networking initiative aimed at connecting finalists with CISOs and other industry leaders.
Read more about the announcement on SecurityWeek and RSA Conference.
MITRE Updates List of 25 Most Dangerous Software Vulnerabilities
The MITRE Corporation has refreshed its CWE Top 25 Most Dangerous Software Weaknesses list for 2024, highlighting trends in the evolving cybersecurity landscape. This resource identifies vulnerabilities that cybercriminals most frequently exploit, causing disruptions, stealing data, or taking over systems.
This year, cross-site scripting (XSS) vulnerabilities climbed to the top spot, overtaking last year's leader, out-of-bounds write flaws, which now rank second. SQL injection remains in third place, while cross-site request forgery (CSRF), path traversal, and out-of-bounds read climbed the rankings, displacing OS command injection and use-after-free issues.
New entries include exposure of sensitive information and uncontrolled resource consumption, while incorrect default permissions and race condition flaws have dropped off. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with MITRE, emphasized incorporating the CWE list into vulnerability management strategies to strengthen software security.
For more, visit the official MITRE CWE website and CISA’s Secure by Design resources.
ICS Security: 145,000 Systems Exposed to Web, Many Industrial Firms Hit by Attacks
A report by Censys reveals over 145,000 industrial control systems (ICS) globally are exposed to the internet, leaving critical infrastructure at risk. These devices are found in 175 countries, with 38% in North America, 35% in Europe, and 22% in Asia. The U.S. alone accounts for 48,000 exposed systems.
The report highlights how ICS protocols like Modbus, Fox, and BACnet are exploited, with human-machine interfaces (HMIs) particularly vulnerable. For example, 34% of HMIs using the C-More protocol are tied to water systems, making them prime targets.
A separate Kaspersky survey found that 90% of U.K. industrial companies experienced cyberattacks, with nearly half facing "major disruptions." The main threats include IoT vulnerabilities, unauthorized system access, and DDoS attacks.
Explore the Censys State of the Internet Report here and read Kaspersky’s findings on industrial cybersecurity here.
Mexico Investigates Alleged Ransomware Hack of Government Office
Mexico’s president, Claudia Sheinbaum, confirmed an investigation into a reported ransomware attack targeting her administration’s legal affairs office. The Ransomhub group allegedly exfiltrated 313 GB of sensitive government files and is demanding a ransom.
The leaked data appears to include personal details from a government employee database. This attack follows a similar breach in January that exposed the personal information of 263 journalists.
Ransomware continues to challenge global governments. Learn more about defending against ransomware at Cybernews.
US Charges Five Alleged Scattered Spider Members
The U.S. Department of Justice (DoJ) has charged five individuals linked to Scattered Spider, a cybercrime group responsible for phishing, data theft, and cryptocurrency heists. From 2021 to 2023, the suspects allegedly stole $11 million in cryptocurrency and breached 12 organizations using phishing tactics.
The defendants, aged 20 to 25, used fake company websites to harvest employee credentials, later accessing corporate systems to steal sensitive data and funds. Scattered Spider is also tied to ransomware attacks like the MGM Resorts breach in 2023.
Learn more about the DoJ's charges here and dive deeper into Scattered Spider’s operations with this Reuters report here.
AI – Implementing the Right Technology for the Right Use Case
If 2023 and 2024 were marked by the hype and exploration of artificial intelligence (AI), 2025 promises to shift toward focused implementations of AI with an emphasis on productivity, governance, and security. As organizations grapple with the dual challenges of realizing AI’s potential and mitigating its risks, 2025 could be the year when AI finds its footing in specific, impactful use cases.
AI Adoption: From Excitement to Practicality
Across industries, businesses are experimenting with AI in various forms:
- Adding Large Language Model (LLM) capabilities to improve functionality and personalization.
- Using third-party generative AI tools for employee productivity and research.
- Leveraging AI-powered coding assistants to expedite development timelines.
- Developing proprietary LLMs for internal and commercial purposes.
However, like the early days of cloud computing, AI adoption is still in its “hype cycle.” Gartner’s model for technology adoption predicts that AI, currently at the “peak of inflated expectations,” will soon enter the “trough of disillusionment.” Here, organizations may realize that AI is not a panacea for every problem, requiring a recalibration of expectations.
AI and Cybersecurity: A Double-Edged Sword
AI can act as a scaling function for cybersecurity teams, helping them adapt to evolving threats. A recent survey of 750 cybersecurity professionals revealed that 58% of organizations are already using AI to some extent. However, trust and technical deployment challenges persist, mirroring early skepticism toward automation.
Fears around AI misuse are not unfounded. From introducing bad code to data poisoning attacks, the risks of “dark AI” loom large. A survey by Splunk (source) found that 70% of Chief Information Security Officers (CISOs) believe generative AI could empower cyber adversaries more than defenders.
Governance and Regulation on the Horizon
Governance frameworks, like the EU AI Act (source), are emerging to address AI’s ethical and security challenges. Companies are also forming internal steering committees to regulate AI use across departments, focusing on what data is shared with external tools and whether those tools introduce vulnerabilities.
The Future of AI: Synthesizing Insights
As AI matures, its evolution may pivot from generating new content to synthesizing existing information, a concept being called “SynthAI.” This shift could bring a new era of productivity, transforming how organizations leverage AI for decision-making.
Exploitation Attempts Target Citrix Session Recording Vulnerabilities
Two newly disclosed vulnerabilities in Citrix Session Recording have caught the attention of threat actors. The flaws, tracked as CVE-2024-8068 and CVE-2024-8069, were recently detailed by cybersecurity firm WatchTowr (source) and patched by Citrix.
Details of the Vulnerabilities
The vulnerabilities affect the Citrix Virtual Apps and Desktops solution’s Session Recording component. They enable:
- Privilege escalation (CVE-2024-8068).
- Limited remote code execution (CVE-2024-8069), requiring authentication.
While Citrix has labeled these vulnerabilities as medium severity, researchers warn that they could allow unauthenticated remote code execution under certain conditions. According to Kevin Beaumont (source), some exposed systems are vulnerable to exploitation over the internet.
Exploitation Attempts in the Wild
Exploitation attempts were observed mere hours after WatchTowr’s proof-of-concept (PoC) was released. The Shadowserver Foundation (source) reported scanning activity targeting these vulnerabilities, and the SANS Technology Institute (source) detected attempted attacks originating from South Africa.
Despite Citrix’s recommendations for secure configurations, researchers found hundreds of vulnerable instances exposed to the internet. This contradicts Citrix’s assertion that exploitation requires attackers to be on the same domain as the Session Recording server.
Mitigation Measures
Citrix has released patches for these vulnerabilities and urged users to:
- Apply updates immediately.
- Enable HTTPS integration with Active Directory for secure communication.
- Restrict access to trusted networks and machines.
Organizations must act swiftly, as Citrix vulnerabilities were among the 15 most exploited in 2023, emphasizing the importance of proactive patching.
North Korean Front Companies Impersonate U.S. IT Firms to Fund Missile Programs
North Korean cybercriminals are leveraging front companies to impersonate U.S.-based IT firms, enabling them to bypass international sanctions and funnel earnings toward weapons programs, according to a SentinelOne report. These fraudulent schemes involve IT workers using stolen identities to secure remote work positions while sending significant portions of their earnings back to the DPRK.
These front companies, often based in China, Russia, Southeast Asia, and Africa, obscure their origins and handle payments. The U.S. government seized 17 fake IT company websites in 2023 that defrauded businesses by enabling workers to conceal their identities. Firms like Yanbian Silverstar Network Technology Co. Ltd. and Volasys Silver Star were implicated in channeling earnings through Chinese bank accounts.
Key discoveries include websites like inditechlab[.]com, which copied the format of legitimate U.S. firms to appear credible. Despite U.S. crackdowns, SentinelOne found that front companies such as Shenyang Huguo Technology Ltd. remain active, using plagiarized content to further North Korea's financial schemes.
Organizations are advised to adopt stringent vetting processes for contractors and suppliers to mitigate risks. This strategy helps prevent inadvertent support for illicit activities that fuel WMD programs. For more, read the full SentinelOne report here.
NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data
Cybersecurity researchers have flagged an updated version of the NodeStealer malware, which is now targeting Facebook Ads Manager accounts and extracting credit card details stored in web browsers. The malware, first exposed by Meta in 2023, evolved from a JavaScript-based threat to a Python-based stealer with advanced capabilities.
New techniques allow NodeStealer to bypass security measures, including unlocking browser databases using Windows Restart Manager. Threat actors utilize stolen cookies to generate Facebook access tokens, enabling them to control accounts for malvertising campaigns. The malware avoids infecting systems in Vietnam, suggesting it originates from Vietnamese threat groups.
The attackers are not only taking over Facebook accounts but are also exploiting these accounts for malvertising campaigns. Recent activity mimicked trusted brands like Bitwarden to spread malware via fake Google Chrome extensions. These developments highlight how cybercriminals exploit trusted platforms like Facebook. Find Netskope's detailed analysis here.
Phishing Emails Distribute I2Parcae RAT via ClickFix Technique
The phishing ecosystem has evolved with sophisticated tactics, including the "ClickFix" technique, used to distribute the I2Parcae RAT malware. Attackers exploit legitimate infrastructure to send phishing emails, often posing as business-related lures such as invoice requests or urgent notifications.
The I2Parcae malware uses tactics like SEG evasion and fake CAPTCHA pages to bypass security systems. Victims are tricked into running PowerShell scripts to access purportedly blocked content. Once installed, the malware disables Windows Defender and enables full remote control of the infected system.
A Proofpoint report reveals that this technique is also being employed by Russian espionage actors targeting Ukrainian government entities. Businesses are encouraged to educate employees on these evolving phishing tactics to reduce risks. Read more about I2Parcae RAT here.
SentinelOne Unveils AI Security Management Capabilities
SentinelOne has announced the rollout of its AI Security Posture Management (AI-SPM) capabilities, a feature set designed to secure AI services in modern workplaces. Integrated into its Singularity Cloud Security portfolio, these features provide organisations with improved visibility into both regulated and unregulated AI services. The aim is to address security risks, privacy concerns, and compliance challenges posed by the rising adoption of AI in cloud environments.
The new tools empower security teams to discover AI applications, rectify misconfigurations, and gain insights into potential attack vectors associated with AI workloads. SentinelOne VP of Product Management Ely Kahn emphasised the growing importance of securing generative AI, stating, “The very tools and cloud services that simplify GenAI adoption are simultaneously opening up a brand new attack surface and regulatory risks.”
These capabilities align with the soaring demand for generative AI. A McKinsey report from May 2024 noted that 65% of organisations are leveraging generative AI across various functions, nearly doubling its adoption rate from the previous year. Read more about this trend in AI adoption here.
The general rollout of AI-SPM is expected in early 2025, positioning SentinelOne as a key player in AI-driven security management. For more on SentinelOne’s offerings, visit their official site.
AI Advancements in 2025 Pose Cybersecurity Challenges
As artificial intelligence continues its rapid evolution, 2025 is expected to bring both groundbreaking advancements and significant cybersecurity risks. According to Michael Adjei, Director of Systems Engineering at Illumio, the year will see a scramble to establish AI guidelines and frameworks at organisational, regional, and international levels. However, he predicts that organisational measures will be the most effective in mitigating risks.
Adjei highlighted growing threats to AI supply chains, including breaches targeting GenAI providers and disruptions to AI hardware. He also warned about challenges in autonomous systems, such as manufacturing glitches or vulnerabilities in autonomous vehicles, which could lead to severe disruptions.
Chief Information Security Officers (CISOs) will face tough decisions, balancing investment in AI tools with the need for skilled personnel. “The majority will choose AI,” Adjei noted, a shift that may exacerbate the cyber skills gap, especially in security operations and incident response teams.
Additionally, Gary Barlet, CTO of Illumio’s Public Sector, stressed the importance of zero-trust architectures and internal defences as agencies combat increasingly sophisticated AI-driven cyberattacks. Zero-trust models and segmentation will become essential components of future security strategies.
Learn more about zero-trust and AI's impact on cybersecurity through resources like NIST’s Zero Trust Model.
IGT Systems Breached in Cyberattack Ahead of Everi Merger
International Game Technology (IGT) has confirmed a cyberattack that disrupted internal systems just days before its planned $6.3 billion merger with Everi was approved. The breach occurred on November 17 and is being investigated as part of the company’s cybersecurity response plan.
This incident follows a string of high-profile breaches in the gambling industry, including the MGM Resorts cyberattack of 2023, which resulted in a $100 million EBITDA loss and multiple legal challenges. In its filing, IGT stated that its priority is to bring systems back online and maintain service continuity for its customers.
The cyberattack casts a shadow over IGT’s merger, set to consolidate its gaming and lottery divisions under private equity firm Apollo Global Management. This move aims to address vulnerabilities and strengthen operational resilience.
For a detailed overview of the MGM Resorts incident, visit Reuters.
UCalgary Receives $7 Million from National Cybersecurity Consortium
The University of Calgary has emerged as a key player in Canada’s cybersecurity landscape, receiving nearly $7 million for eight projects funded by the National Cybersecurity Consortium (NCC). These initiatives focus on innovative cybersecurity solutions, such as AI-driven detection tools and secure quantum communications.
Highlights include:
- IntruderInsight ($2M): Uses AI for advanced cyber attribution.
- Adaptive Decision Defense System ($496,800): Develops tools to defend critical infrastructure against complex cyberattacks.
- CyberGuardian ($1M): Enhances training for law enforcement to combat cybercrime.
UCalgary’s involvement with the Cyber Assessment, Training, and Experimentation (CATE) Centre underscores its leadership in cybersecurity R&D. The CATE Centre, a collaboration with ENFOCOM and Raytheon Canada, provides a scalable cyber range for real-world threat simulation.
Read more about the NCC’s cybersecurity initiatives at their official site.
Ransomware, AI, and Zero-Trust: 2025's Cybersecurity Priorities
Ransomware is expected to remain a top concern in 2025, particularly for sectors like education and healthcare. Agencies are shifting focus from perimeter security to post-breach strategies, with network segmentation and data encryption becoming essential components of defence.
State and local governments are also ramping up their adoption of zero-trust architectures to safeguard critical infrastructure. These measures aim to mitigate the risks posed by geopolitical cyber threats and advanced AI-driven attacks.
As these challenges evolve, public and private sectors are being urged to enhance resilience through strategic investments in technology and talent. Learn more about ransomware trends and defences at IBM’s Security Report.
3 Cybersecurity Stocks You Can Buy and Hold for the Next Decade
The cloud and AI industries are poised to redefine the technology landscape, creating lucrative opportunities for investors. However, none of this innovation is possible without robust cybersecurity solutions. The market recognizes this, as cybersecurity stocks often trade at premium valuations. Yet, there are still opportunities for long-term gains in this space. Below are three cybersecurity stocks to consider adding to your portfolio for the next decade.
CrowdStrike: Leading the Pack Despite Challenges
CrowdStrike (NASDAQ: CRWD) continues to be a cornerstone of cybersecurity, particularly known for its Falcon platform. Despite experiencing a significant IT outage in 2025 due to a software update issue, the company swiftly addressed the problem, helping restore investor confidence.
CrowdStrike reported $964 million in revenue in fiscal Q2 2025, a 32% year-over-year increase. The company also posted $47 million in net income, a significant leap from $8.5 million the previous year. Investors will get further insights into its financial health when fiscal Q3 numbers are released on Nov. 26. Its resilience and commitment to innovation make it a compelling long-term investment.
SentinelOne: AI-Driven Threat Detection
SentinelOne (NYSE: S) stands out with its AI-first approach to endpoint security, which bypasses traditional malware signature detection in favor of behavioral analysis. This gives it a competitive edge in identifying emerging threats.
In fiscal Q2 2025, SentinelOne's revenue rose 33% to $199 million, with operating expenses growing by just 11%. While it remains unprofitable, its disciplined cost management and a P/S ratio of 11 make it an attractive option for investors seeking growth in cybersecurity.
Zscaler: A Zero-Trust Trailblazer
Zscaler (NASDAQ: ZS) specializes in zero-trust architecture, a framework that assumes all users are potential attackers. This approach enhances network security by restricting access based on user roles and contexts.
Zscaler's fiscal Q4 2024 revenue rose 30% year-over-year to $593 million, and it managed to cut its net loss from $31 million to $15 million. Despite slower growth compared to previous years, its cloud-native infrastructure positions it well to capitalize on the growing need for robust cybersecurity solutions.
Cybersecurity M&A Push Continues With Acquisitions By N‑able, Bitsight, Silverfort
The cybersecurity sector is witnessing a surge in mergers and acquisitions as companies consolidate to address growing threats and streamline services. Here are the most notable deals:
- Bitsight Acquires Cybersixgill: In a $115 million deal, Bitsight aims to enhance third-party risk management capabilities by integrating Cybersixgill’s threat intelligence data. Read more.
- N‑able Buys Adlumin: N‑able acquired Adlumin for up to $266 million, incorporating its managed detection and response (MDR) and SIEM capabilities to provide deeper IT environment insights. Details here.
- Silverfort Expands With Rezonate: Identity security firm Silverfort acquired Rezonate to bolster its non-human identity security offerings, especially in cloud environments. Learn more.
This wave of consolidation is reshaping the cybersecurity landscape, positioning these companies to deliver comprehensive solutions in a fragmented market.
Kevin Du Trains the Next Generation of Cybersecurity Experts
Kevin Du, a professor at Syracuse University, has made significant contributions to cybersecurity education with his SEED Labs. Funded by a $1.3 million NSF grant, these labs offer hands-on learning experiences, bridging the gap between theory and practice in cybersecurity.
A Revolutionary Educational Tool
The SEED project provides virtual environments for students to simulate and counter cyberattacks, a safer alternative to traditional approaches that rely on theoretical discussions. Du’s labs are used by over 1,100 institutions globally.
Expanding Reach
Du’s textbook, Computer and Internet Security: A Hands-on Approach, is complemented by video lessons to enhance learning. His efforts have trained over 400 instructors and countless students in cutting-edge cybersecurity techniques.
For more on Kevin Du’s initiatives, visit the SEED Labs website.
Canadian Centre for Cyber Security Releases National Cyber Threat Assessment 2025-2026
The Canadian Centre for Cyber Security (Cyber Centre) has unveiled its National Cyber Threat Assessment 2025-2026 (NCTA 2025-2026), offering a deep dive into the evolving cyber threat landscape in Canada. The report, a cornerstone of Canada’s cyber defense strategy, examines threats posed by both state-sponsored and financially motivated actors, emphasizing the growing sophistication and aggression of adversaries.
Key takeaways include the rise of ransomware as the top cybercrime threat, particularly against critical infrastructure, and the role of the Cybercrime-as-a-Service (CaaS) model in sustaining global cybercrime. State-sponsored campaigns now often merge disruptive attacks with online information warfare to influence public opinion. The report also highlights how artificial intelligence and geopolitical tensions are reshaping the threat environment.
Canada has allocated $917.4 million over five years to bolster its cyber defenses, including establishing the Canadian Armed Forces Cyber Command. For more details, read the full report here.
Palo Alto Networks: Platform Consolidation Gains Traction
Palo Alto Networks continues to dominate the cybersecurity sector, leveraging a strategic shift toward platformization to attract customers. In its Q1 FY2025 earnings, the company reported over 70 new platform deals, including acquisitions from IBM QRadar’s SaaS assets.
Despite initial concerns over deferred payment incentives, the strategy has proven successful, with revenue rising 14% year-over-year to $2.14 billion and net income surging 80% to $351 million. CEO Nikesh Arora underscored the industry-wide move toward fewer, integrated platforms, positioning Palo Alto as a leader in this transformation. Learn more from their earnings call here.
CyberArk Achieves QC1 Certification in Italy
CyberArk, a global leader in identity security, has achieved QC1 certification from Italy’s Agenzia per la Cybersicurezza Nazionale (ACN). This milestone enables CyberArk’s SaaS solutions, including Privilege Cloud and Endpoint Privilege Manager, to be adopted by Italian public sector entities.
The certification aligns with Italy’s National Cybersecurity Strategy, focusing on secure cloud deployments for government operations. CyberArk’s platform applies Zero Trust principles and reduces endpoint attack surfaces, enhancing defense against ransomware and insider threats.
For more on CyberArk’s global certifications, visit CyberArk's announcement.
Cybersecurity Takes Center Stage at World Internet Conference
At the World Internet Conference (WIC) in Wuzhen, cybersecurity innovation and collaboration were front and center. Qi-Anxin Technology Group won the Distinguished Contribution Award, underscoring its growing global influence, including a $42.2 million deal in 2023, the largest overseas cybersecurity contract by a Chinese company.
AI-powered solutions also gained recognition, with Shanghai-based Hehe winning accolades for combating online fraud and deep fakes in the financial sector. Meanwhile, Kaspersky showcased its ongoing contributions to the Chinese market, including identifying critical vulnerabilities in Apple’s iOS ecosystem.
The conference also spotlighted chip-level security as a foundational element of cybersecurity. Hygon Information Technology unveiled its C86 chip architecture, integrating cryptographic and trusted computing technologies to secure sectors like healthcare and finance. For insights into chip-level security, explore Hygon’s innovations.
NY Department of Health Bolsters Hospital Cybersecurity Regulations
New York’s hospitals are on the clock. The New York State Department of Health (NYSDOH) has enacted stringent cybersecurity regulations under 10 NYCRR § 405.46, requiring general hospitals to enhance protections for protected health information (PHI) and personally identifiable information (PII). Hospitals must achieve compliance by October 2, 2025, with specific incident reporting obligations effective immediately.
These regulations expand on existing HIPAA rules, demanding annual risk assessments, the implementation of robust cybersecurity programs, and the designation of a Chief Information Security Officer (CISO). New requirements also include multi-factor authentication, 72-hour breach reporting to the NYSDOH, and detailed incident response planning. Notably, these rules apply to "nonpublic information," which includes business-critical data alongside PHI and PII—extending beyond HIPAA’s scope.
Hospitals should prioritize adapting to these updated standards, which complement the proposed HIPAA Security Rule updates announced by the U.S. Department of Health and Human Services (HHS). The NY regulations' emphasis on rapid breach reporting and operational continuity underlines the critical need to safeguard patient data and hospital systems. Read more about these regulations.
Booz Allen Hamilton Named Top Federal Cybersecurity Provider, Projects $2.8 Billion Cyber Revenue by FY25
Booz Allen Hamilton has solidified its position as the federal government’s leading cybersecurity provider, according to GovWin from Deltek. In its Federal Cybersecurity Market report (2024–2028), Booz Allen topped rankings for federal cyber-related prime contract obligations between FY21 and FY23.
This milestone aligns with the firm's ambitious goal of reaching $2.8 billion in cyber revenue by FY25, representing nearly 25% of its projected total revenue. Currently, Booz Allen oversees nearly 300 active cyber projects, ranging from small-scale tasks to flagship programs.
Brad Medairy, EVP of Booz Allen’s national cyber business, emphasized the growing complexity of cybersecurity in the face of hyperconnectivity and evolving adversarial tactics. The firm is focusing on four critical growth vectors:
- Strategic Cyber Dominance: Countering nation-state threats through offensive and defensive operations.
- Zero Trust & AI Transformation: Implementing zero-trust architectures and AI-driven threat detection.
- Securing Cyber-Physical Systems: Protecting connected critical infrastructure against increasing vulnerabilities.
- Quantum Preparedness: Developing cryptographic solutions to address quantum computing threats.
The company’s leadership in AI adoption and zero-trust strategies positions it as a key player in transforming federal cybersecurity defenses. For a deeper dive into Booz Allen’s initiatives, visit their cybersecurity page.