Tag: ciso

AI is Rewriting the Rules of Risk: Three Ways CISOs Can Lead the Next Chapter

Feb 12, 2026 11:58 AM

Tags: ai, attack, ciso, cybersecurity, risk, strategy

AI is revolutionizing cybersecurity, raising the stakes for CISOs who must balance innovation with risk management. As adversaries leverage AI to enhance attacks, effective cybersecurity requires visibility, adaptive strategies, and leadership alignment at the board level. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/ai-is-rewriting-the-rules-of-risk-three-ways-cisos-can-lead-the-next-chapter/
The FBI Recovered “Deleted” Nest Cam Footage, Here’s Why Every CISO Should Panic

Feb 12, 2026 10:58 AM

Tags: cctv, ciso, cloud, cybersecurity, data, google, iot, technology

The Nancy Guthrie case reveals data retention issues in cloud technology, as investigators recovered footage from a Google Nest camera that should have been deleted, emphasizing the need for stronger cybersecurity measures for IoT devices First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/the-fbi-recovered-deleted-nest-cam-footage-heres-why-every-ciso-should-panic/
What CISOs need to know about the OpenClaw security nightmare

Feb 12, 2026 8:58 AM

Tags: access, ai, api, attack, authentication, china, ciso, computer, control, corporate, credentials, email, endpoint, exploit, firewall, gartner, google, injection, mfa, microsoft, monitoring, network, open-source, openai, radius, risk, skills, startup, supply-chain, tool, vulnerability

OpenClaw exposes enterprise security gaps: The first big lesson of this whole OpenClaw situation is that enterprises need to do more to get their security fundamentals in place. Because if there are any gaps, anywhere at all, they will now be found and exploited at an unprecedented pace. In the case of OpenClaw, that means…
Entwickler werden zum Angriffsvektor

Feb 12, 2026 5:58 AM

Tags: access, ai, api, application-security, best-practice, ceo, ciso, cloud, cyberattack, cybercrime, cybersecurity, data, exploit, hacker, infrastructure, intelligence, jobs, least-privilege, LLM, malware, open-source, phishing, risk, saas, social-engineering, software, spear-phishing, supply-chain, threat, tool, training, vulnerability

Softwareentwickler sind gefragt auch unter kriminellen Hackern.Statt einfach “nur” Fehler in Applikationen auszunutzen, entdecken kriminelle Hacker zunehmend die Tools und Zugriffskanäle für sich, auf die sich Softwareentwickler regelmäßig verlassen. Dabei kombinieren sie längst auch unterschiedliche Cybercrime-Taktiken und beziehen auch künstliche Intelligenz (KI) ein, um an ihr Ziel zu gelangen. “Angreifer versuchen nicht mehr nur, in…
Entwickler werden zum Angriffsvektor

Feb 12, 2026 5:58 AM

Tags: access, ai, api, application-security, best-practice, ceo, ciso, cloud, cyberattack, cybercrime, cybersecurity, data, exploit, hacker, infrastructure, intelligence, jobs, least-privilege, LLM, malware, open-source, phishing, risk, saas, social-engineering, software, spear-phishing, supply-chain, threat, tool, training, vulnerability

Softwareentwickler sind gefragt auch unter kriminellen Hackern.Statt einfach “nur” Fehler in Applikationen auszunutzen, entdecken kriminelle Hacker zunehmend die Tools und Zugriffskanäle für sich, auf die sich Softwareentwickler regelmäßig verlassen. Dabei kombinieren sie längst auch unterschiedliche Cybercrime-Taktiken und beziehen auch künstliche Intelligenz (KI) ein, um an ihr Ziel zu gelangen. “Angreifer versuchen nicht mehr nur, in…
Entwickler werden zum Angriffsvektor

Feb 12, 2026 5:58 AM

Tags: access, ai, api, application-security, best-practice, ceo, ciso, cloud, cyberattack, cybercrime, cybersecurity, data, exploit, hacker, infrastructure, intelligence, jobs, least-privilege, LLM, malware, open-source, phishing, risk, saas, social-engineering, software, spear-phishing, supply-chain, threat, tool, training, vulnerability

Softwareentwickler sind gefragt auch unter kriminellen Hackern.Statt einfach “nur” Fehler in Applikationen auszunutzen, entdecken kriminelle Hacker zunehmend die Tools und Zugriffskanäle für sich, auf die sich Softwareentwickler regelmäßig verlassen. Dabei kombinieren sie längst auch unterschiedliche Cybercrime-Taktiken und beziehen auch künstliche Intelligenz (KI) ein, um an ihr Ziel zu gelangen. “Angreifer versuchen nicht mehr nur, in…
Entwickler werden zum Angriffsvektor

Feb 12, 2026 5:58 AM

Tags: access, ai, api, application-security, best-practice, ceo, ciso, cloud, cyberattack, cybercrime, cybersecurity, data, exploit, hacker, infrastructure, intelligence, jobs, least-privilege, LLM, malware, open-source, phishing, risk, saas, social-engineering, software, spear-phishing, supply-chain, threat, tool, training, vulnerability

Softwareentwickler sind gefragt auch unter kriminellen Hackern.Statt einfach “nur” Fehler in Applikationen auszunutzen, entdecken kriminelle Hacker zunehmend die Tools und Zugriffskanäle für sich, auf die sich Softwareentwickler regelmäßig verlassen. Dabei kombinieren sie längst auch unterschiedliche Cybercrime-Taktiken und beziehen auch künstliche Intelligenz (KI) ein, um an ihr Ziel zu gelangen. “Angreifer versuchen nicht mehr nur, in…
Sophos Targets Compliance and Risk With Arco Cyber Purchase

Feb 11, 2026 11:58 PM

Tags: ciso, compliance, cyber, cybersecurity, intelligence, risk, sophos, threat

UK Rollout to Link Arco’s Cybersecurity Assurance With Sophos’s Threat Intelligence. Sophos acquired Arco to expand into cybersecurity assurance and compliance, launching a new CISO Advantage capability. The company plans a phased rollout starting in the U.K., integrating Arco’s risk and regulatory mapping platform with Sophos Central and its global threat intelligence operations. First seen…
Should CISOs Plan for Government as an Adversary?

Feb 11, 2026 9:58 PM

Tags: business, ciso, control, government, infrastructure, threat

Why Modern Threat Modeling Must Account for State Control of Infrastructure CISOs for decades viewed governments as partners. That assumption is weakening. Today, state control over infrastructure needs be part of threat modeling and business continuity planning for global security leaders – and it’s time for CISOs to reassess dependencies and trust boundaries. First seen…
How to Stay on Top of Future Threats With a Cutting-Edge SOC

Feb 11, 2026 8:58 PM

Tags: ai, ciso, skills, soc, threat

CISOs should focus on harnessing and securing AI and building new skills among their people. Vision and change management can transform security. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/stay-top-future-threats-cutting-edge-soc
69% of CISOs open to career move, including leaving role entirely

Feb 10, 2026 9:13 AM

Tags: breach, ciso, cyber, risk

CISO as single point of failure: Zach Lewis, CISO at the University of Health Sciences and Pharmacy in St. Louis, believes the portion of CISOs looking to exit is even higher than the IANS findings.”I think it absolutely is higher than that. Every CISO I know now is open [to leaving]. They are all heavily…
AI Revolution Reshapes CISO Spending for 2026: Security Leaders Prioritize Defense Automation

Feb 9, 2026 7:13 PM

Tags: ai, automation, ciso, cybersecurity, defense, intelligence, threat

The cybersecurity landscape is undergoing a fundamental shift as chief information security officers (CISOs) shift their 2026 budgets to artificial intelligence (AI) and realign traditional defense strategies. Nearly 80% of senior security executives are prioritizing AI-driven solutions to counter increasingly sophisticated threats, a new report from Glilot Capital Partners reveals. The survey, which polled leaders..…
How Top CISOs Solve Burnout and Speed up MTTR without Extra Hiring

Feb 9, 2026 2:13 PM

Tags: ciso, jobs, soc, threat, tool

Why do SOC teams keep burning out and missing SLAs even after spending big on security tools? Routine triage piles up, senior specialists get dragged into basic validation, and MTTR climbs, while stealthy threats still find room to slip through. Top CISOs have realized the solution isn’t hiring more people or stacking yet another tool…
Never settle: How CISOs can go beyond compliance standards to better protect their organizations

Feb 9, 2026 1:13 PM

Tags: ai, awareness, breach, ciso, compliance, computing, control, cybersecurity, finance, risk, risk-assessment, risk-management, software, strategy, threat, training, vulnerability

The new North Star for CISOs: Accounting for emerging risk: We’ve established that it’s no longer good enough to overfit into a compliance standard, but you can still use compliance to your advantage.Most compliance programs mandate an information security risk assessment and, at a larger company, you may already have a dedicated enterprise risk management…
NIS2: Supply chains as a risk factor

Feb 9, 2026 11:13 AM

Tags: access, business, ciso, compliance, control, cybersecurity, data, monitoring, nis-2, resilience, risk, risk-assessment, risk-management, security-incident, service, skills, supply-chain, technology, threat, vulnerability

Why supply chains are particularly vulnerable: The supply chain is an attractive target for attackers for several reasons. External partners often have privileged access, work with sensitive data, or are deeply integrated into operational processes. At the same time, they are often not subject to the same security standards as large organizations.Furthermore, there is a structural lack…
Software developers: Prime cyber targets and a rising risk vector for CISOs

Feb 9, 2026 9:14 AM

Tags: access, ai, api, application-security, attack, automation, backdoor, breach, ceo, ciso, cloud, container, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, exploit, flaw, Hardware, identity, infrastructure, intelligence, Internet, jobs, leak, least-privilege, LLM, malicious, malware, marketplace, north-korea, open-source, phishing, programming, resilience, risk, saas, scam, service, social-engineering, software, supply-chain, theft, threat, tool, training, unauthorized, update, vulnerability

Credential theft and environment compromise: Attackers aren’t just looking for flaws in code “, they’re looking for access to software development environments.Common security shortcomings, including overprivileged service accounts, long-lived tokens, and misconfigured pipelines, offer a ready means for illicit entry into sensitive software development environments.”Improperly stored access credentials are low-hanging fruit for even the most amateur…
United Airlines CISO on building resilience when disruption is inevitable

Feb 9, 2026 8:14 AM

Tags: ciso, cybersecurity, resilience

Aviation runs on complex digital systems built for stability, safety, and long lifecycles. That reality creates a unique cybersecurity challenge for airlines, where disruption … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/09/deneen-defiore-united-airlines-aviation-cybersecurity-strategy/
Why Rising Cybersecurity Spend Still Isn’t Convincing Boards on ROI in APAC

Feb 9, 2026 6:14 AM

Tags: cio, ciso, cybersecurity

Cybersecurity budgets are rising across APAC, but CIOs and CISOs still face board scrutiny. Here’s why cybersecurity ROI remains hard to prove. The post Why Rising Cybersecurity Spend Still Isn’t Convincing Boards on ROI in APAC appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/cybersecurity-roi-in-apac/
Ten career-ending mistakes CISOs make and how to avoid them

Feb 6, 2026 2:14 PM

Tags: access, ai, attack, awareness, best-practice, breach, business, ciso, cloud, compliance, computing, conference, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, exploit, finance, framework, GDPR, governance, guide, HIPAA, least-privilege, malicious, metric, monitoring, network, password, resilience, risk, social-engineering, strategy, technology, threat, tool, training, vulnerability, zero-trust

2. Poor communication with the board and C-suite: Technical expertise alone no longer suffices in the modern CISO role. Security leaders who fail to translate cyber risks into business impact quickly lose credibility with decision-makers who control budgets and strategic direction.When security leaders present endless technical details without connecting them to revenue loss, regulatory fines,…
Zscaler extends zero-trust security to browsers with SquareX acquisition

Feb 6, 2026 1:14 PM

Tags: access, ai, ceo, ciso, control, crowdstrike, cybersecurity, edr, endpoint, least-privilege, network, risk, service, strategy, tool, vpn, zero-trust

A win-win for customers?: Zscaler has acknowledged that browser runtime behaviour was a missing piece in its zero-trust security, and having SquareX solution in its portfolio can help fill the gap, noted Gogia.For Zscaler customers, this acquisition would mean browser security is no longer an afterthought or a separate tool to evaluate but a native…
KI als AWS-Angriffsturbo

Feb 6, 2026 10:13 AM

Tags: access, ai, ceo, ciso, cloud, cyberattack, detection, framework, hacker, iam, least-privilege, LLM, risk, threat, training

Kriminelle Hacker haben ihre Angriffe auf AWS-Umgebungen mit KI beschleunigt.Forscher des Sicherheitsanbieters Sysdig haben einen Angriff aufgedeckt, bei dem kriminelle Angreifer eine AWS-Umgebung in weniger als acht Minuten vollständig kompromittieren konnten. Laut den Threat-Spezialisten nutzten die Bedrohungsakteure dabei eine Cloud-Fehlkonfiguration mit der Hilfe von Large Language Models (LLMs) aus, um den gesamten Angriffs-Lebenszyklus zu komprimieren…
The blind spot every CISO must see: Loyalty

Feb 6, 2026 9:13 AM

Tags: access, ai, ciso, corporate, data, espionage, exploit, finance, framework, gartner, government, intelligence, jobs, malicious, monitoring, risk, strategy, tool, training, vulnerability, zero-trust

How the misread appears in practice: Recent examples illustrate the point. In the US federal sphere, abrupt terminations under workforce reduction initiatives have left former employees with lingering access to sensitive systems, amplifying the potential for data exposure or retaliation. Corporate cases show a similar dynamic: engineers or executives who have spent years building institutional…
Cyber Success Trifecta: Education, Certifications & Experience

Feb 5, 2026 4:14 PM

Tags: ai, ciso, cyber, cybersecurity

Colonel Georgeo Xavier Pulikkathara, CISO at iMerit discusses the importance of fundamentals, continuous learning, and human ingenuity in the face of AI-driven cybersecurity evolution. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/the-trifecta-of-cyber-success-education-certifications-and-experience
Building trust with the board through evidence-based proof

Feb 5, 2026 12:14 PM

Tags: backup, business, cio, ciso, compliance, control, cyber, cybersecurity, data, finance, governance, incident, insurance, mitigation, regulation, resilience, risk, strategy, tool, update

Building a common language to get to “Here’s the proof of cyber resilience”: CISOs can reframe the discussion using data and evidence. Modern cybersecurity tools produce a large volume of data and information on how they operate at any point in time, the status of controls deployed, the validation of configuration and more. There’s an…
Should I stay or should I go?

Feb 4, 2026 9:13 AM

Tags: access, breach, business, ceo, cio, ciso, communications, compliance, cybersecurity, finance, fraud, insurance, jobs, network, risk, strategy, supply-chain, update, vulnerability

Red flag: Cognitive disconnect: Lack of access to executives and the board comes up repeatedly in Cybersecurity Ventures reports as a top reason CISO’s decide to leave their jobs, according to Steve Morgan, founder of Cybersecurity Ventures. He cites lack of support as another top reason CISO’s leave.Splunk’s 2025 CISO report found 29% of respondents…
Full Spectrum AI Security: FireTail’s Platform Update for the AI-Enabled Workforce FireTail Blog

Feb 4, 2026 1:13 AM

Tags: access, ai, api, browser, chatgpt, chrome, ciso, cloud, control, corporate, data, email, governance, grc, group, jobs, LLM, monitoring, risk, service, skills, technology, tool, unauthorized, update, vulnerability

Feb 03, 2026 – Jeremy Snyder – The rise of generative AI has changed how businesses operate. In almost every company, leaders are looking for ways to use AI to work faster and smarter. However, this shift has created a major challenge for security teams. Most of the AI activity inside an organization is currently…
Cyberrisiko Ruhestand

Feb 3, 2026 5:14 PM

Tags: ai, ciso, cyersecurity, firewall, risk, vulnerability, windows

Wenn OT-Fachkräfte in den Ruhestand gehen, droht ein massiver Wissensverlust. Das kann erhebliche Folgen für die Cybersicherheit haben.Zwar stellen Cyberkriminelle und staatlich unterstützte Angreifer gerade für den Industriesektor eine enorme und steigende Gefahr dar. Dennoch besteht die größte Bedrohung derzeit im mangelnden Wissenstransfer, was OT-Sicherheit und -Organisation (Operational Technology) angeht. Das Hauptproblem sind vertrauenswürdige Mitarbeiter,…
From credentials to cloud admin in 8 minutes: AI supercharges AWS attack chain

Feb 3, 2026 5:14 PM

Tags: access, ai, attack, ciso, cloud, credentials, detection, framework, group, iam, least-privilege, LLM, monitoring, training

Lateral movement, LLMjacking, and GPU abuse: Once administrative access was obtained, the attacker moved laterally across 19 distinct AWS principals, assuming multiple roles and creating new users to spread activity across identities. This approach enabled persistence and complicated detection, the researchers noted.The attackers then shifted focus to Amazon Bedrock, enumerating available models and confirming that…
AI Agent Identity Management: A New Security Control Plane for CISOs

Feb 3, 2026 5:14 PM

Tags: ai, ciso, control, iam, identity

Autonomous AI agents are creating a new identity blind spot as they operate outside traditional IAM controls. Token Security shows why managing the full lifecycle of AI agent identities is becoming a critical CISO priority. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-agent-identity-management-a-new-security-control-plane-for-cisos/
Think agentic AI is hard to secure today? Just wait a few months

Feb 3, 2026 9:13 AM

Tags: access, ai, api, attack, automation, business, cio, cisco, ciso, cloud, control, credentials, detection, governance, iam, identity, risk, service, strategy

Cost effective fix: Do nothing: Kodezi’s Khan offers an interesting fix for that foundational problem: Don’t even try. He argues it’s a money pit that will never be fully resolved. Instead, he suggests pouring resources into creating a strict identity strategy for every NHI going forward. “Aim for containment rather than for perfection. You can’t really govern…