Tag: cio
-
Neue Phishing-Variante greift Gmail-Nutzer an
Tags: access, adobe, awareness, cio, ciso, cyberattack, hacker, intelligence, mail, malware, phishing, ransomware, risk, spear-phishing, threat, tool, zero-trustHacker haben gefälschte PDF-Dateien an Gmail-Nutzer verschickt, die täuschend echt wirken. Forscher des Sicherheitsunternehmens Varonis haben eine raffinierte Phishing-Methode entdeckt, die auf Gmail-Nutzer zielt. Dabei kommt eine Malware zum Einsatz, die sich nicht nur als PDF-Anhang tarnt, sondern die Opfer automatisch dazu auffordert, diesen zu öffnen.’Der Dateityp .PDF ist im privaten und geschäftlichen Bereich allgegenwärtig…
-
Building a mature automotive cybersecurity program beyond checklists
In this Help Net Security interview, Robert Sullivan, CIO CISO at Agero, shares his perspective on automotive cybersecurity. He discusses strategies for developing … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/02/robert-sullivan-agero-automotive-cybersecurity-strategies/
-
Building a mature automotive cybersecurity program beyond checklists
In this Help Net Security interview, Robert Sullivan, CIO CISO at Agero, shares his perspective on automotive cybersecurity. He discusses strategies for developing … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/02/robert-sullivan-agero-automotive-cybersecurity-strategies/
-
How the Marine Corps slashed IT delays by shifting to DevOps and agile development
Tags: business, cio, compliance, conference, control, cybersecurity, finance, government, monitoring, risk, service, software, tool, vulnerabilityAll Marine Corps websitesContent delivery systemEvent management and appointment booking systemsE-commerce and point of sale systemsHuman resources system The challenge of tech innovation in a bureaucracy: The biggest barrier during Operation Stormbreaker, according to Raley, was the bureaucratic nature of working inside the government.MCCS faced what Raley called the “frozen middle,” a web of disconnected…
-
GAO Report Spotlights Unaddressed HHS Cyber, IT Concerns
82 Longstanding Recommendations on Data Protection, Security Still Not Acted Upon. The U.S. Department of Health and Human Services has still not implemented 82 recommendations made in recent years involving high risk cybersecurity and IT management issues, said the Government Accountability Office in a new report directed at HHS’ CIO and its various agency CIOs.…
-
Fünf KI-Use-Cases für CISOs
Tags: access, ai, business, ceo, cio, ciso, cybercrime, cybersecurity, cyersecurity, data, framework, google, incident response, mail, microsoft, phishing, rat, risk, risk-management, service, siem, soc, tool, vpn, vulnerability, vulnerability-management -
Fünf KI-Use-Cases für CISOs
Tags: access, ai, business, ceo, cio, ciso, cybercrime, cybersecurity, cyersecurity, data, framework, google, incident response, mail, microsoft, phishing, rat, risk, risk-management, service, siem, soc, tool, vpn, vulnerability, vulnerability-management -
Microsoft under fire: Senator demands FTC investigation into ‘arsonist selling firefighting services’
Tags: access, attack, authentication, breach, business, cio, ciso, computer, corporate, cyber, cybersecurity, email, encryption, finance, government, hacker, mfa, microsoft, network, password, ransomware, service, software, technology, threat, updateThe technical reality behind the failures: Security experts have long criticized Microsoft’s reliance on outdated encryption standards. “RC4 should have been retired long ago, yet it still lurks in Active Directory and continues to enable attacks like Kerberoasting,” Gogia noted.Microsoft’s justification centered on backward compatibility concerns. “Microsoft’s line has been that switching it off overnight…
-
When is the Right Time to Hire a CISO?
Knowing when to hire a CISO is a challenging proposition one which most organizations will eventually need to answer. The need to hire a CISO depends on a combination of factors, including but not limited to: Relevance of regulatory requirements Size of the organization Complexity of operations Sensitivity of data handled or processed Desired risk…
-
5 ways CISOs are experimenting with AI
Tags: ai, attack, awareness, breach, business, ceo, cio, ciso, control, cyber, cybersecurity, data, data-breach, detection, email, finance, framework, incident response, intelligence, login, metric, microsoft, monitoring, phishing, qr, risk, risk-assessment, risk-management, service, siem, soc, technology, threat, tool, update, vpn, vulnerability, vulnerability-managementTranslating security metrics into business language: CISOs are now tasked with being the security storyteller, and it doesn’t always come easily. Turning to AI, CISOs are finding a helping hand to translate technical detail into business-oriented narratives, drawing on a range of data sources, risk trends, control gaps and threat modeling.AI tools are helping tailor…
-
5 ways CISOs are experimenting with AI
Tags: ai, attack, awareness, breach, business, ceo, cio, ciso, control, cyber, cybersecurity, data, data-breach, detection, email, finance, framework, incident response, intelligence, login, metric, microsoft, monitoring, phishing, qr, risk, risk-assessment, risk-management, service, siem, soc, technology, threat, tool, update, vpn, vulnerability, vulnerability-managementTranslating security metrics into business language: CISOs are now tasked with being the security storyteller, and it doesn’t always come easily. Turning to AI, CISOs are finding a helping hand to translate technical detail into business-oriented narratives, drawing on a range of data sources, risk trends, control gaps and threat modeling.AI tools are helping tailor…
-
Data security gaps stymy enterprise AI plans
Nearly three-quarters of CIOs and CISOs see information complexity as an adoption roadblock, according to a Ponemon Institute study commissioned by OpenText. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/data-complexity-cybersecurity-generative-ai-adoption-opentext/759503/
-
ICYMI: Exposure Management Academy on Attack Surface Management, Proactive Security and More
Tags: ai, attack, best-practice, business, cio, cloud, cybersecurity, data, data-breach, group, Internet, jobs, office, risk, skills, technology, threat, update, vulnerability, vulnerability-management, zero-dayEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we look back on the guidance and best practices shared in the past several months. You can read the entire Exposure Management Academy series here. Let’s look back at key…
-
ICYMI: Exposure Management Academy on Attack Surface Management, Proactive Security and More
Tags: ai, attack, best-practice, business, cio, cloud, cybersecurity, data, data-breach, group, Internet, jobs, office, risk, skills, technology, threat, update, vulnerability, vulnerability-management, zero-dayEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we look back on the guidance and best practices shared in the past several months. You can read the entire Exposure Management Academy series here. Let’s look back at key…
-
Avnet unlocks vendor lock-in and reinvents security data management
Tags: ai, attack, business, cio, ciso, cloud, compliance, conference, control, cybersecurity, data, LLM, microsoft, PCI, siem, strategy, technology, toolOwn and manage its data directly rather than leaving it siloed in vendor systems.Start large-scale extract, transform, and load (ETL) operations, allowing engineers to run analytics and AI-based use cases like retrieval-augmented generation (RAG).Reduce costs associated with rigid SIEM licensing and storage tiers.Improve compliance with new PCI DSS v4.0 requirements for automated log review in…
-
Pressure on CISOs to stay silent about security incidents growing
Tags: access, breach, business, cio, ciso, corporate, credentials, credit-card, crowdstrike, cybersecurity, data, data-breach, email, finance, framework, group, hacker, iam, identity, incident response, insurance, law, mfa, ransomware, sap, security-incident, software, theft, threat, training‘Intense pressure’ to keep quiet about security incidents: CSO spoke to two other former CISOs who reported pressures to stay silent about suspected security incidents. Both CISOs requested to remain anonymous due to end-of-contract confidentiality agreements made with previous employers.”While working inside a Fortune Global 500 company in Europe, I witnessed this multiple times,” one…
-
How Tampa General Hospital worked to quantify cyber risk
The medical center’s CIO and CISO teamed up to translate security decisions into dollars and cents. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/tampa-general-hospital-cio-ciso-cyber-risk/759132/
-
KnowBe4 ernennt Joel Kemmerer zum Chief Information Officer
Die weltweit renommierte Cybersicherheits-plattform KnowBe4, die sich umfassend mit Human-Risk-Management befasst, gibt bekannt, dass sie den erfahrenen IT-Manager Joel Kemmerer als neuen Chief Information Officer (CIO) eingestellt hat, um wichtige Initiativen zur digitalen Transformation voranzutreiben. Kemmerer ist ein erfahrener IT-Manager und CIO mit über 30 Jahren Erfahrung in verschiedenen IT-Führungspositionen bei Technologieunternehmen wie N-able, Solarwinds,…
-
How Gainesville Regional Utilities is locking down vendor risk
Tags: access, breach, business, cio, ciso, compliance, conference, cyber, data, finance, group, HIPAA, infrastructure, malicious, penetration-testing, risk, risk-assessment, risk-management, service, soc, strategy, threat, vulnerabilityIntake and triage: The requesting business unit submits an intake form detailing the vendor’s responsibilities, the IT service involved, the types of data needed, and any required system access. The IT security team then conducts an initial risk triage.Detailed assessment: If the vendor poses a moderate or high risk, it must complete a security questionnaire…
-
Nevada Confirms Ransomware Attack, State Data Stolen
Nevada’s CIO confirmed in a press conference that ransomware actors had exfiltrated data from state networks, amid an ongoing incident investigation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nevada-ransomware-attack-data/
-
The CISO succession crisis: why companies have no plan and how to change that
The technical-to-strategic divide: One major obstacle keeping many mid-level security pros from becoming CISOs isn’t their tech skills, it’s learning to shift from doing hands-on security work to acting as strategic business partners. That change takes a whole new set of skills and a different way of thinking.”I think you see this with a lot…
-
Why Certified VMware Pros Are Driving the Future of IT
From hybrid cloud to AI, IT complexity and security risks are accelerating. Certified VMware pros bring clarity and resilience that keep teams ahead. See why CIOs are making certification a workforce strategy with VMUG. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/why-certified-vmware-pros-are-driving-the-future-of-it/
-
Russia-linked European attacks renew concerns over water cybersecurity
Water utilities should remain vigilant: Although most water facility operators have received repeated warnings over the years that they are desirable targets for Russian, Iranian, and Chinese threat actors, experts say these latest incidents underscore the need to remain vigilant and step up security efforts. If water assets owners have “any kind of control system online,…
-
NIST’s attempts to secure AI yield many questions, no answers
Challenges to consider: The NIST report talked about various categories of AI integration that forced serious cybersecurity considerations, including: using genAI to create new content; fine-tuning predictive AI; using single AI agents as well multiple agents; and security controls for AI developers. The potentially most challenging element of securing AI in enterprises is visibility. But the…
-
Why Agentic AI Is the Next Enterprise Frontier – Part 1
How Autonomous AI Systems Are Moving Beyond Hype and Why CIOs Can’t Ignore Them. Agentic AI is moving from concept to capability, bridging the gap between reactive tools and enterprise-scale autonomy. With the stack maturing fast, CIOs face a choice: lead the shift or risk being left behind. First seen on govinfosecurity.com Jump to article:…
-
Ein Viertel der CISOs wird nach Ransomware-Angriff entlassen
Tags: backup, ceo, cio, ciso, cyberattack, group, incident response, mail, phishing, ransomware, rat, risk, sophos, vulnerabilityNach einem Ransomware-Angriff werden CISOs oft dafür verantwortlich gemacht und gekündigt. Laut einem aktuellen Bericht von Sophos haben CISOs eine Chance von eins zu vier, dass ihr Arbeitsplatz einen erfolgreichen Ransomware-Angriff nicht übersteht. Die Ergebnisse des Berichts sind ein Weckruf für Sicherheitsverantwortliche, unabhängig davon, ob sie für solche Angriffe verantwortlich gemacht werden oder über die…
-
CSO hiring on the rise: How to land a top security exec role
Tags: access, ai, attack, breach, business, cio, ciso, cloud, compliance, cyber, cybersecurity, data, defense, finance, governance, government, healthcare, identity, incident, incident response, infrastructure, insurance, jobs, military, network, regulation, resilience, risk, saas, service, skills, software, strategy, technology, threat, trainingWide-scale AI adoption shaking up skills sought: In terms of the skills wanted of today’s CSO, Fuller agrees that AI is the game-changer.”Organizations are seeking cybersecurity leaders who combine technical depth, AI fluency, and strong interpersonal skills,” Fuller says. “AI literacy is now a baseline expectation, as CISOs must understand how to defend against AI-driven…