Tag: business
-
5 ways CISOs are experimenting with AI
Tags: ai, attack, awareness, breach, business, ceo, cio, ciso, control, cyber, cybersecurity, data, data-breach, detection, email, finance, framework, incident response, intelligence, login, metric, microsoft, monitoring, phishing, qr, risk, risk-assessment, risk-management, service, siem, soc, technology, threat, tool, update, vpn, vulnerability, vulnerability-managementTranslating security metrics into business language: CISOs are now tasked with being the security storyteller, and it doesn’t always come easily. Turning to AI, CISOs are finding a helping hand to translate technical detail into business-oriented narratives, drawing on a range of data sources, risk trends, control gaps and threat modeling.AI tools are helping tailor…
-
Understanding the EU Corporate Sustainability Due Diligence Directive (CSDDD): Why It Matters and How to Prepare
Key Takeaways For years, European companies have faced a patchwork of national laws pushing them to take responsibility for human rights and environmental issues tied to their business operations. France passed its Duty of Vigilance law in 2017. Germany followed with the EU Supply Chain Act in 2021. Each aimed to hold companies accountable not……
-
ICYMI: Exposure Management Academy on Attack Surface Management, Proactive Security and More
Tags: ai, attack, best-practice, business, cio, cloud, cybersecurity, data, data-breach, group, Internet, jobs, office, risk, skills, technology, threat, update, vulnerability, vulnerability-management, zero-dayEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we look back on the guidance and best practices shared in the past several months. You can read the entire Exposure Management Academy series here. Let’s look back at key…
-
ICYMI: Exposure Management Academy on Attack Surface Management, Proactive Security and More
Tags: ai, attack, best-practice, business, cio, cloud, cybersecurity, data, data-breach, group, Internet, jobs, office, risk, skills, technology, threat, update, vulnerability, vulnerability-management, zero-dayEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we look back on the guidance and best practices shared in the past several months. You can read the entire Exposure Management Academy series here. Let’s look back at key…
-
Saviynt Hires Channel Vet Kelly Allbright For Partner Push
Identity security vendor Saviynt has hired channel veteran Kelly Allbright, most recently the Americas channel head at Wiz, to serve as its global vice president of business development. First seen on crn.com Jump to article: www.crn.com/news/security/2025/saviynt-hires-channel-vet-kelly-allbright-for-partner-push
-
Is the CISO role broken?
Short tenures breed long-term failure: But tenures have remained low. Several articles every year place the average CISO tenure in the region at two to three years, and that matches my own field experience.You do not achieve much in terms of transformative impact in any large firm in two to three years.In fact, many CISOs…
-
Is the CISO role broken?
Short tenures breed long-term failure: But tenures have remained low. Several articles every year place the average CISO tenure in the region at two to three years, and that matches my own field experience.You do not achieve much in terms of transformative impact in any large firm in two to three years.In fact, many CISOs…
-
Q&A: Stuart Robson-Frisby, Netwrix
Tags: businessThe firm’s recently appointed worldwide head of channel shares his thoughts on where partners are heading and his plans for the business First seen on computerweekly.com Jump to article: www.computerweekly.com/microscope/news/366630473/QA-Stuart-Robson-Frisby-Netwrix
-
10 security leadership career-killers, and how to avoid them
Tags: ai, breach, business, ciso, control, cybersecurity, incident response, intelligence, jobs, resilience, risk, security-incident, service, skills, strategy, technology, threat, tool2. Being just a technologist rather than a business executive, too: To align security with enterprise strategy, security professionals need to be business leaders, too, says Ryan Knisley, former CISO of The Walt Disney Co. and Costco Wholesale.That remains a struggle for many CISOs, who still tend to ascend through the security organization and not…
-
6 Best Practices for CMMC Physical Security Control
The first C in CMMC stands for cybersecurity, so it makes sense that the vast majority of content and information about it (both here and elsewhere online) is focused on the cyber aspect. Digital security makes up the bulk of the certification, and it’s by far the biggest threat vector in a modern business space….…
-
10 Best Web Application Penetration Testing Companies in 2025
Securing web applications is a top priority for businesses in 2025 as they’re a primary attack vector for cybercriminals. Web application penetration testing goes beyond automated scanning to use human expertise and a hacker’s mindset to find complex vulnerabilities that automated tools miss, such as business logic flaws and multi-step exploits. A great pen-test provides…
-
Staying Ahead in Non-Human Identity Security
Can Non-Human Identity Security Give Your Business an Edge? Imagine where your machine identities and their “secrets” are managed with the proficiency of a seasoned cybersecurity specialist. Imagine if these identities, like tourists in a foreign land, could be actively monitored and managed, their passports, visas and behaviors under constant scrutiny. It is not only……
-
CISA Warns: TP-Link Vulnerabilities Under Active Exploitation
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding critical vulnerabilities in popular TP-Link router models that are currently being actively exploited by cybercriminals. These security flaws affect widely-used home and small business networking devices, putting millions of users at risk. Critical Vulnerabilities Identified Two severe vulnerabilities have been added to…
-
UltraViolet Expands AppSec Capabilities With Black Duck’s Testing Business
The addition of Black Duck’s application security testing offering to UltraViolet Cyber’s portfolio helps security teams find and remediate issues earlier in the security lifecycle. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/ultraviolet-expands-appsec-capabilities-black-duck-testing-business
-
Jaguar Land Rover staff told to stay home after cyber-attack
Prolonged halt at Merseyside and West Midlands factories is tacit admission that quick resolution is unlikely<ul><li><a href=”https://www.theguardian.com/business/live/2025/sep/05/ons-crisis-retail-sales-error-uk-house-prices-record-high-us-jobs-report-business-live-news-updates”>Business live latest updates</li></ul>Jaguar Land Rover has told its factory staff to stay home until at least next Tuesday as it continues to deal with the effects of a cyber-attack.The carmaker has had to stop production at its factories…
-
Lack of board access: The No. 1 factor for CISO dissatisfaction
Building a relationship with the board: The CISO Executive Network is a peer-to-peer organization for information security professionals with more than 1,500 members. Andy Land, general manager of the organization, is seeing most of those members working with solid access to their boards. “But the question is, are we fundamentally doing anything good with that…
-
Lack of board access: The No. 1 factor for CISO dissatisfaction
Building a relationship with the board: The CISO Executive Network is a peer-to-peer organization for information security professionals with more than 1,500 members. Andy Land, general manager of the organization, is seeing most of those members working with solid access to their boards. “But the question is, are we fundamentally doing anything good with that…
-
Alert: Exploit available to threat actors for SAP S/4HANA critical vulnerability
Tags: access, attack, authentication, business, ciso, credentials, data, exploit, malicious, monitoring, password, programming, sans, sap, service, threat, vulnerability, zero-daydelete and insert data directly in the SAP Database;creating SAP users with SAP_ALL; download password hashes; modify business processes.”Historically, it has been difficult to apply patches to these complex systems, and many organizations will require careful (and slow) testing before the patches are deployed in production,” Johannes Ullrich, dean of research at the SANS Institute, told CSO.”ERP…
-
Identity-First Security: Mitigating the Cloud’s Greatest Risk Vector
Tags: access, ai, attack, best-practice, breach, business, cloud, credentials, data, defense, exploit, framework, google, iam, identity, infrastructure, least-privilege, microsoft, phishing, ransomware, risk, service, strategy, threat, vulnerabilityCompromised credentials are now the leading cause of cloud breaches, making identity your most critical attack surface. A new IDC white paper explores why this shift is happening and where traditional defenses fall short. Read on to learn how Tenable’s identity-first approach turns this risk into your strongest defense. Hack the user, own the cloud.…
-
6 browser-based attacks all security teams should be ready for in 2025
The browser is now the frontline for cyberattacks. From phishing kits and ClickFix lures to malicious OAuth apps and extensions, attackers are targeting the very place your employees access business-critical apps. Push Security explains how to defend where breaches begin. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/6-browser-based-attacks-all-security-teams-should-be-ready-for-in-2025/
-
Avnet unlocks vendor lock-in and reinvents security data management
Tags: ai, attack, business, cio, ciso, cloud, compliance, conference, control, cybersecurity, data, LLM, microsoft, PCI, siem, strategy, technology, toolOwn and manage its data directly rather than leaving it siloed in vendor systems.Start large-scale extract, transform, and load (ETL) operations, allowing engineers to run analytics and AI-based use cases like retrieval-augmented generation (RAG).Reduce costs associated with rigid SIEM licensing and storage tiers.Improve compliance with new PCI DSS v4.0 requirements for automated log review in…
-
Principal Financial pioneers biometric authentication to beat online fraud
Tags: attack, authentication, business, ciso, compliance, conference, crime, crimes, data, finance, fraud, government, privacy, risk, strategy, threat, tool, vulnerabilityImplementing quickly and decisively. Fraud was rising at an alarming pace, so speed mattered. Principal had to test, validate, and deploy a solution in months, not years.Balancing security with usability. Principal needed biometric authentication that was simple enough that customers wouldn’t get frustrated and abandon the process.Navigating uncharted territory. Principal was shifting to DIVA without…
-
SHARED INTEL QA: Inside the mind of a hacker, shadowing adversaries across API pathways
In today’s digital economy, business starts with the application. Increasingly, the critical activity lives in the APIs that support it. Related: The hidden cost of API security laspses For Jamison Utter, Field CISO at A10 Networks, this moment marks… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/shared-intel-qa-inside-the-mind-of-a-hacker-shadowing-adversaries-across-api-pathways/
-
Hiscout als Goldsponsor auf dem BCM Summit 2025 in Hamburg
Am 25. und 26. September findet der BCM Summit 2025 im Gastwerk Hotel Hamburg statt. Hiscout, führender Anbieter von GRC-Software, ist auch in diesem Jahr wieder vor Ort als Goldsponsor des Events. Die Konferenz zählt zu den wichtigsten Branchentreffen für Business-Continuity-Management (BCM) und Krisenmanagement im deutschsprachigen Raum. Der Summit bringt Fach- und Führungskräfte aus […]…
-
Hiscout als Goldsponsor auf dem BCM Summit 2025 in Hamburg
Am 25. und 26. September findet der BCM Summit 2025 im Gastwerk Hotel Hamburg statt. Hiscout, führender Anbieter von GRC-Software, ist auch in diesem Jahr wieder vor Ort als Goldsponsor des Events. Die Konferenz zählt zu den wichtigsten Branchentreffen für Business-Continuity-Management (BCM) und Krisenmanagement im deutschsprachigen Raum. Der Summit bringt Fach- und Führungskräfte aus […]…
-
Pressure on CISOs to stay silent about security incidents growing
Tags: access, breach, business, cio, ciso, corporate, credentials, credit-card, crowdstrike, cybersecurity, data, data-breach, email, finance, framework, group, hacker, iam, identity, incident response, insurance, law, mfa, ransomware, sap, security-incident, software, theft, threat, training‘Intense pressure’ to keep quiet about security incidents: CSO spoke to two other former CISOs who reported pressures to stay silent about suspected security incidents. Both CISOs requested to remain anonymous due to end-of-contract confidentiality agreements made with previous employers.”While working inside a Fortune Global 500 company in Europe, I witnessed this multiple times,” one…
-
Relief for European Commission as court upholds EU Data Privacy Framework agreement with US
ex post judicial oversight by the [US Data Protection Review Court],” the judgment said.A key issue is whether the agreement achieves ‘adequacy’, the extent to which US laws offer the same level of protection as EU equivalents.”Today’s EU General Court judgement will bring relief and reassurance to the thousands of US companies and their European…
-
The Full Lifecycle Imperative: Why >>Shift Left<>Shift Right<<
Tags: access, ai, api, attack, authentication, automation, business, cloud, compliance, data, detection, framework, governance, HIPAA, mitre, nist, PCI, risk, siem, strategy, threat, tool, vulnerability, wafIn this series, we examined the vital connection between AI and APIs, highlighting what makes a leader in the API security market through the 2025 KuppingerCole Leadership Compass. Now, we turn to the core strategy of true API security: the full-lifecycle approach, where security is a continuous, integrated process rather than a single action. The…

