Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

New technologies, regulatory shifts, and the next generation of clients are redefining the financial services industry and what customers expect from the firms they work with. Firms embracing these changes will gain a competitive edge, while those who ignore them risk falling behind. Countless technology innovations across the industry are redefining the customer experience, security, data management, and back-office functions. But what is poised to make the biggest impact in 2025?

Multi-Factor Authentication (MFA) has long been considered a robust security measure, with Microsoft research showing it can block 99.9% of automated attacks. However, recent data indicates that sophisticated attackers have developed numerous techniques to bypass MFA, making it insufficient as a standalone defense against Account Takeover (ATO) attacks.

Each month, the Fireblocks policy team takes stock of policy developments around the world that matter to our clients and to our business. Here, I share my views on the March developments I think counted the most—at times intentionally highlighting announcements that didn’t make the headlines. Starting counter-sun-wise, Washington DC saw the U.S. commitment to becoming digital asset centre of gravity take more and more concrete shape.

Newly patented transaction firewall sets a new standard in payment protection, leveraging self-learning technology that instantly blocks emerging threats, payment fraud and cyber-attacks with greater precision.

Azure Backup Vault, Azure Recovery Services Vault, and Azure Site Recovery make up Microsoft’s core suite of data protection and disaster recovery services. Azure’s vaults enable customers to store backups of entire Azure VMs, on-premise workloads, and workloads from Azure services such as Azure SQL Database, Azure Blob, and Azure Database for PostgreSQL. Azure Site Recovery integrates with Azure Recovery Services Vault to extend its backup services to support disaster recovery.

Sequenced event templates are pretty cool, but they were developed around the time that Risk-based Alerting (RBA) was developed in Splunk Enterprise Security. Additionally, they don’t have all the great context we can generate with the holistic picture provided by risk, so I want to provide guidance on how we would implement its equivalent in the RBA context as they are now deprecated in Splunk Enterprise Security 8.0. There are two approaches we can utilize that do slightly different things.

Cybersecurity threats are evolving at a record pace, creating significant gaps and challenges for organizations handling sensitive data. To strengthen security across the Defense Industrial Base (DIB), the Department of Defense (DoD) introduced the Cybersecurity Maturity Model Certification (CMMC) program.

In today’s competitive IT landscape, certifications serve as valuable credentials that validate technical expertise and enhance career prospects. Whether you’re entering the field or looking to advance, earning the right certification can set you apart from the competition and open doors to better jobs and opportunities. Among the most sought-after IT certifications are CompTIA Security+ and Cisco Certified Network Associate (CCNA).

Strong security policies are the foundation of any successful security program. Before jumping into tools like Vanta to manage and automate your policies, it’s crucial to get the basics right—starting with how those policies are created, adopted, and aligned with compliance controls. ‍

Discover how agentic AI is revolutionizing processes with autonomous, intelligent workflows and real-world agentic AI applications, including for IT and cybersecurity.