Tag: business
-
Complying with the Monetary Authority of Singapore’s Cloud Advisory: How Tenable Can Help
Tags: access, advisory, attack, authentication, best-practice, business, cloud, compliance, container, control, country, credentials, cyber, cybersecurity, data, data-breach, finance, fintech, framework, google, governance, government, iam, identity, incident response, infrastructure, intelligence, Internet, kubernetes, least-privilege, malicious, malware, mfa, microsoft, mitigation, monitoring, oracle, regulation, resilience, risk, risk-assessment, risk-management, service, software, strategy, technology, threat, tool, vulnerability, vulnerability-management, zero-trustThe Monetary Authority of Singapore’s cloud advisory, part of its 2021 Technology Risk Management Guidelines, advises financial institutions to move beyond siloed monitoring to adopt a continuous, enterprise-wide approach. These firms must undergo annual audits. Here’s how Tenable can help. Key takeaways: High-stakes compliance: The MAS requires all financial institutions in Singapore to meet mandatory…
-
The 12 Months of Innovation: How Salt Security Helped Rewrite API AI Security in 2025
Tags: access, ai, api, attack, automation, breach, business, ciso, cloud, compliance, control, crowdstrike, cyber, data, data-breach, defense, detection, email, exploit, github, governance, injection, insurance, intelligence, privacy, risk, risk-management, software, strategy, supply-chain, threat, tool, wafAs holiday lights go up and inboxes fill with year-in-review emails, it’s tempting to look back on 2025 as “the year of AI.” But for security teams, it was something more specific the year APIs, AI agents, and MCP servers collided across the API fabric, expanding the attack surface faster than most organizations could keep…
-
Askul data breach exposed over 700,000 records after ransomware attack
Askul disclosed that an October RansomHouse ransomware attack compromised over 700,000 records at the Japanese e-commerce and logistics firm. Askul is a Japanese e-commerce and logistics company best known for supplying office products, stationery, IT equipment, and everyday business consumables to companies and consumers. It operates large-scale fulfillment and delivery services across Japan and is…
-
The devil of proposed SEC AI disclosure rule is in the details
Tags: advisory, ai, awareness, business, ceo, compliance, cybersecurity, data, government, intelligence, jobs, law, risk, sans, service, software, strategy, technology, tool, trainingnot use AI for some purposes. Attorneys who have studied the proposal note that the AI rule, just like the SEC’s cybersecurity rule from about two years ago, won’t technically require anything to be reported that wouldn’t have already required reporting. The new rule refers only to material AI efforts and ever since the creation of…
-
The devil of proposed SEC AI disclosure rule is in the details
Tags: advisory, ai, awareness, business, ceo, compliance, cybersecurity, data, government, intelligence, jobs, law, risk, sans, service, software, strategy, technology, tool, trainingnot use AI for some purposes. Attorneys who have studied the proposal note that the AI rule, just like the SEC’s cybersecurity rule from about two years ago, won’t technically require anything to be reported that wouldn’t have already required reporting. The new rule refers only to material AI efforts and ever since the creation of…
-
Demystifying risk in AI
Tags: access, ai, best-practice, bsi, business, ciso, cloud, compliance, control, corporate, csf, cyber, cybersecurity, data, framework, google, governance, group, infrastructure, intelligence, ISO-27001, LLM, mitre, ml, monitoring, nist, PCI, risk, risk-management, strategy, technology, threat, training, vulnerabilityThe data that is inserted in a request.This data is evaluated by a training model that involves an entire architecture.The result of the information that will be delivered From an information security point of view. That is the point that we, information security professionals, must judge in the scope of evaluation from the perspective of…
-
The Burnout Nobody Talks About: When “Always-On” Leadership Becomes a Liability
Tags: business, cybersecurity, data, incident response, international, resilience, risk, risk-management, skills, threatIn cybersecurity, being “always on” is often treated like a badge of honor. We celebrate the leaders who respond at all hours, who jump into every incident, who never seem to unplug. Availability gets confused with commitment. Urgency gets mistaken for effectiveness. And somewhere along the way, exhaustion becomes normalized”, if not quietly admired. But…
-
BEC: Explaining Business Email Compromise
Learn what Business Email Compromise (BEC) is, how to spot common scams, respond to attacks, and use SPF, DKIM, and DMARC to prevent future fraud. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/bec-explaining-business-email-compromise/
-
Why ServiceNow Is Eyeing a $7B Buy of Venture-Backed Armis
Deal Would Move ServiceNow’s Cybersecurity Ambitions From the Shadow to Spotlight ServiceNow’s security business has long been a sleeping giant inside the workflow orchestration behemoth’s portfolio that in recent months appears to have awoken. With the buy of Armis possibly imminent, ServiceNow’s security ambitions appear to be moving from the shadows to the spotlight. First…
-
Security for AI: How Shadow AI, Platform Risks, and Data Leakage Leave Your Organization Exposed
Tags: access, ai, attack, awareness, business, chatgpt, china, cloud, compliance, control, corporate, cybersecurity, data, data-breach, defense, detection, endpoint, governance, guide, infrastructure, injection, leak, LLM, malicious, microsoft, mitigation, monitoring, network, open-source, openai, privacy, RedTeam, risk, saas, service, strategy, threat, tool, training, vulnerabilityYour employees are using AI whether you’ve sanctioned it or not. And even if you’ve carefully vetted and approved an enterprise-grade AI platform, you’re still at risk of attacks and data leakage. Key takeaways: Security teams face three key risks as AI usage becomes widespread at work: Shadow AI, the challenge of safely sanctioning tools,…
-
Security for AI: How Shadow AI, Platform Risks, and Data Leakage Leave Your Organization Exposed
Tags: access, ai, attack, awareness, business, chatgpt, china, cloud, compliance, control, corporate, cybersecurity, data, data-breach, defense, detection, endpoint, governance, guide, infrastructure, injection, leak, LLM, malicious, microsoft, mitigation, monitoring, network, open-source, openai, privacy, RedTeam, risk, saas, service, strategy, threat, tool, training, vulnerabilityYour employees are using AI whether you’ve sanctioned it or not. And even if you’ve carefully vetted and approved an enterprise-grade AI platform, you’re still at risk of attacks and data leakage. Key takeaways: Security teams face three key risks as AI usage becomes widespread at work: Shadow AI, the challenge of safely sanctioning tools,…
-
CISOs view hybrid environments as best way to manage risk, compliance
Security leaders are also focused on the convergence of IT and operational technology as business continuity becomes a major concern. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisos-hybrid-environments-manage-risk-cloud/807902/
-
The 5 power skills every CISO needs to master in the AI era
Tags: ai, automation, breach, business, ciso, compliance, control, cyber, cybersecurity, data, defense, detection, encryption, endpoint, framework, governance, identity, jobs, law, leak, metric, network, ransomware, resilience, risk, risk-management, skills, technology, threat, tool, updateWhy traditional skill sets are no longer enough: CISO action item: Run a 1-hour “AI Bias Audit” on your top 3 detection rules this quarter.Ask: “What data is missing? Who is underrepresented?”According to the World Economic Forum’s Future of Jobs Report, nearly 40% of core job skills will change by 2030, driven primarily by AI,…
-
The 5 power skills every CISO needs to master in the AI era
Tags: ai, automation, breach, business, ciso, compliance, control, cyber, cybersecurity, data, defense, detection, encryption, endpoint, framework, governance, identity, jobs, law, leak, metric, network, ransomware, resilience, risk, risk-management, skills, technology, threat, tool, updateWhy traditional skill sets are no longer enough: CISO action item: Run a 1-hour “AI Bias Audit” on your top 3 detection rules this quarter.Ask: “What data is missing? Who is underrepresented?”According to the World Economic Forum’s Future of Jobs Report, nearly 40% of core job skills will change by 2030, driven primarily by AI,…
-
No more orange juice? Why one ship reveals America’s maritime cybersecurity crisis
This is a workforce problem, not a vendor problem: The new regulations require all 3,000 MTSA facilities to designate a cybersecurity officer (why the Coast Guard named them CySOs and couldn’t just call them CISOs, I do not know). Finding hundreds of qualified people who understand both operational technology in maritime environments and cybersecurity is…
-
No more orange juice? Why one ship reveals America’s maritime cybersecurity crisis
This is a workforce problem, not a vendor problem: The new regulations require all 3,000 MTSA facilities to designate a cybersecurity officer (why the Coast Guard named them CySOs and couldn’t just call them CISOs, I do not know). Finding hundreds of qualified people who understand both operational technology in maritime environments and cybersecurity is…
-
Fighting AI with AI: How midmarket teams can turn the tables on smarter threats
Ever since generative AI exploded into mainstream use, it has become both a critical business enabler … and one of the greatest security threats. Eighty-four percent of midmarket organizations are now using generative AI within core business processes to improve productivity and accelerate… First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/spons/fighting-ai-with-ai-how-midmarket-teams-can-turn-the-tables-on-smarter-thr/807609/
-
Fighting AI with AI: How midmarket teams can turn the tables on smarter threats
Ever since generative AI exploded into mainstream use, it has become both a critical business enabler … and one of the greatest security threats. Eighty-four percent of midmarket organizations are now using generative AI within core business processes to improve productivity and accelerate… First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/spons/fighting-ai-with-ai-how-midmarket-teams-can-turn-the-tables-on-smarter-thr/807609/
-
Cybersecurity leaders’ top seven takeaways from 2025
Tags: access, ai, api, attack, automation, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, deep-fake, defense, detection, email, exploit, framework, governance, government, grc, identity, international, malicious, network, nist, phishing, regulation, resilience, risk, saas, service, software, strategy, supply-chain, technology, threat, tool, vulnerability2. AI forced companies to rethink their security strategies: At the same time, Abousselham notes how the rapid rollout of AI forced companies to shift their resources to keep pace with the change, while maintaining safe product releases. He calls 2025 the “chaotic introduction of agentic AI”.”I don’t think the industry was ready or expected…
-
Cybersecurity leaders’ top seven takeaways from 2025
Tags: access, ai, api, attack, automation, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, deep-fake, defense, detection, email, exploit, framework, governance, government, grc, identity, international, malicious, network, nist, phishing, regulation, resilience, risk, saas, service, software, strategy, supply-chain, technology, threat, tool, vulnerability2. AI forced companies to rethink their security strategies: At the same time, Abousselham notes how the rapid rollout of AI forced companies to shift their resources to keep pace with the change, while maintaining safe product releases. He calls 2025 the “chaotic introduction of agentic AI”.”I don’t think the industry was ready or expected…
-
CIAM vs IAM: Comparing Customer Identity and Identity Access Management
Understand the key differences between CIAM and IAM. Learn which identity management solution is right for your business for customer and employee access. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/ciam-vs-iam-comparing-customer-identity-and-identity-access-management/
-
Cybersecurity isn’t underfunded, It’s undermanaged
Tags: business, ciso, corporate, cyber, cybersecurity, governance, jobs, network, resilience, risk, strategyThe first 100 days: Where trust is won or lost: Quite a lot of that disconnect is effectively built up in the first 100 days of the CISO.Many CISOs come into a new job with pre-conceived views, sometimes created at interview time: Things that have worked elsewhere, pet subjects, vendors or consultants.Many also feel that…
-
Microsoft Copilot Studio Security Risk: How Simple Prompt Injection Leaked Credit Cards and Booked a $0 Trip
The no-code power of Microsoft Copilot Studio introduces a new attack surface. Tenable AI Research demonstrates how a simple prompt injection attack of an AI agent bypasses security controls, leading to data leakage and financial fraud. We provide five best practices to secure your AI agents. Key takeaways: The no-code interface available in Microsoft Copilot…