Tag: ciso
-
The hidden security cost of treating labs like data centers
In this Help Net Security interview, Rich Kellen, VP, CISO at IFF, explains why security teams should not treat OT labs like IT environments. He discusses how compromise can … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/23/rich-kellen-iff-ot-lab-cybersecurity/
-
Week in review: Firmware-level Android backdoor found on tablets, Dell zero-day exploited since 2024
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Security at AI speed: The new CISO reality The CISO role has changed … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/22/week-in-review-firmware-level-android-backdoor-found-on-tablets-dell-zero-day-exploited-since-2024/
-
EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap between AI adoption and workforce readiness.EC-Council, creator of the world-renowned Certified Ethical Hacker (CEH) credential and a global leader in applied cybersecurity education, today launched its Enterprise AI Credential…
-
TDL 016 – Speed, Risk, and Responsibility in the Age of AI – Rafael Ramirez
Tags: access, ai, antivirus, automation, awareness, business, ciso, cloud, control, country, cyber, data, defense, detection, dns, firewall, governance, government, hacker, ibm, incident response, intelligence, Internet, law, linkedin, login, mfa, microsoft, network, risk, saas, service, skills, software, startup, strategy, technology, threat, tool, training, update, vulnerability, windows, zero-trustSummary In a recent episode of The Defenders Log, host David Redekop sat down with cyber security expert Rafael Ramirez to navigate the rapidly shifting landscape of AI security. As we move deeper into 2026, the duo explored how artificial intelligence has evolved from simple chatbots into powerful, autonomous “agentic” systems. The Double-Edged Sword of…
-
How Enterprise CISOs Design Their Cyber Risk Management Strategy
Tags: ai, business, ciso, cyber, cybersecurity, finance, regulation, risk, risk-management, strategy<div cla For today’s CISOs, enterprise cyber risk management is no longer a technical exercise. It’s a leadership mandate that sits at the intersection of security, business risk, regulation, and executive accountability. Aligning proactive cybersecurity risk management strategies with the business’s overall risk posture is an ongoing, necessary process. A lack of alignment between cybersecurity…
-
PayPal launches latest struggle to get rid of SMS for MFA
Tags: authentication, ceo, ciso, communications, compliance, cybersecurity, email, finance, fraud, government, group, login, mfa, mobile, nfc, passkey, password, phishing, risk, service, strategy, switch, updateMuddled effort, mixed messages Flavio Villanustre, CISO for the LexisNexis Risk Solutions Group, says he’s “always found it odd” that PayPal still supports SMS as its primary secondary authentication factor.”Everyone in financial services and government has abandoned it for not being sufficiently secure and are moving to even phishing-resistant authentication, such as passkeys, Yubikeys,” he…
-
The CISO view of fraud risk across the retail payment ecosystem
In this Help Net Security interview, Paul Suarez, VP and CISO at Casey’s, explains how his team manages patching and upgrades for fuel payment systems with long hardware … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/20/paul-suarez-caseys-convenience-store-payment-fraud/
-
10 Passwordless-Optionen für Unternehmen
Um Passwörter hinter sich zu lassen, gibt es bessere Lösungen. Wir zeigen Ihnen zehn. Passwörter sind seit Jahrzehnten der Authentifizierungsstandard für Computersysteme, obwohl sie sich immer wieder aufs Neue als anfällig für diverse Cyberangriffsformen erwiesen haben und kompromittierte Benutzerkonten auf regelmäßiger Basis zum Einfallstor für kriminelle Hacker werden. Ein Mittel für CISOs, um diesem Problem…
-
Your Most Dangerous User Is Not Human: How AI Agents and MCP Servers Broke the Internal API Walled Garden
Highlights The Perimeter is Porous: Modern Agentic AI and the Model Context Protocol (MCP) have effectively turned internal data centers inside out, making the “internal API” security model obsolete. The “Confused Deputy” Risk: Legitimate AI agents act as trusted internal entities but can be exploited to bypass Data Loss Prevention (DLP) policies, as seen in…
-
Cybersicherheit braucht Reife und keine Checklisten
Wenn CISOs stärkere Programme, bessere Widerstandsfähigkeit und eine sicherere Zukunft wollen, müssen sie ihren Ansatz weiterentwickeln.Cybersicherheit wird oft wie ein Spiel behandelt. Unternehmen jagen schnellen Erfolgen hinterher, haken Compliance-Listen ab oder klopfen sich nach einem einzigen erfolgreichen Audit selbst auf die Schulter. Auf dem Papier mag das produktiv aussehen, aber in Wirklichkeit schafft es ein…
-
Identität ist der Zugangsweg, Daten sind das Ziel
Tags: cisoZu der Arbeit an einem modernen PC-Arbeitsplatz gehört heute der Umgang mit mehreren persönlichen Benutzerkonten genauso selbstverständlich dazu wie Maus und Tastatur. In Unternehmen stehen CISOs und IT-Mitarbeiter deshalb vor der Aufgabe, immer mehr Benutzeridentitäten verwalten und umfassend absichern zu müssen. Doch damit nicht genug: Sie sind auch dafür verantwortlich, Ordnung in rasant wachsende Datenmengen……
-
From in-house CISO to consultant. What you need to know before making the leap
Tags: advisory, best-practice, business, ciso, compliance, control, cybersecurity, framework, jobs, resilience, risk, service, skills, toolSkills that carry over into consulting: Many of the skills CISOs honed inside large organizations translate directly to the new consulting job, while others suddenly matter more than they ever did before. In addition to technical skills, it is often the practical ones that prove most valuable.The ability to prioritize, sharpened over years in a…
-
From in-house CISO to consultant. What you need to know before making the leap
Tags: advisory, best-practice, business, ciso, compliance, control, cybersecurity, framework, jobs, resilience, risk, service, skills, toolSkills that carry over into consulting: Many of the skills CISOs honed inside large organizations translate directly to the new consulting job, while others suddenly matter more than they ever did before. In addition to technical skills, it is often the practical ones that prove most valuable.The ability to prioritize, sharpened over years in a…
-
A CISO’s Playbook for Defending Data Assets Against AI Scraping
Discover a strategic approach to govern scraping risks, balance security with business growth, and safeguard intellectual capital from automated data harvesting. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/ciso-playbook-defending-data-assets-against-ai-scraping
-
A new approach for GenAI risk protection
Solution 1: GenAI enterprise model: Implement enterprise licenses for approved GenAI solutions (such as ChatGPT Enterprise or Microsoft CoPilot 365, which is integrated into existing O365 tenants). Enterprise GenAI solutions typically include a robust set of built-in security tools that allow organizations to secure their data and implement DLP controls within the enterprise GenAI solution…
-
The new paradigm for raising up secure software engineers
Tags: ai, application-security, awareness, ceo, ciso, compliance, control, cyber, data, governance, login, risk, skills, software, threat, tool, training, vulnerabilityThreat modeling as a core competency: This system-level thinking should also elevate the need for greater developer fluency in threat modeling, says Yasar. He notes that threat modeling has historically been difficult for product security and engineering teams to operationalize at scale. One of the longstanding barriers to practical threat modeling was the knowledge required…
-
Cyber attacks enabled by basic failings, Palo Alto analysis finds
Changing the paradigm: Unit 42’s answer to this endless cycle of attackers always being one step ahead of defenders is to change the paradigm: cybersecurity has become so specialized, it says, that the answer is to use a managed service built from the ground up to counter real rather than abstract threats.With that in mind,…
-
Is Your GRC Program Really Reducing Risk?
CISO Sean Atkinson on Moving From ‘GRC Theater’ to Continuous GRC Engineering. As NIST, ISO, SOC 2, NIS2 and DORA expand compliance pressure, many organizations are optimizing for audit success instead of risk reduction. Sean Atkinson warns that “GRC theater” creates false confidence. Adversaries operate continuously and so should GRC engineering, he said. First seen…
-
Data Minimization Is Still an Underrated Security Control
Why Reducing Data Volume Matters More Than Ever for SOCs and CISOs Data minimization is often perceived as a constraint on innovation. In reality, it is the ultimate enabler of resilience. It reduces the impact of breaches, weakens ransomware leverage, improves SOC efficiency and secures the AI frontier. First seen on govinfosecurity.com Jump to article:…
-
Why Healthcare Became Ransomware’s Favorite Target: A $4.4M Lesson Every CISO Needs
3 million patients couldn’t access healthcare after PIH Health’s ransomware attack. Here’s why hospitals are ransomware’s favorite target”, and what changes. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/why-healthcare-became-ransomwares-favorite-target-a-4-4m-lesson-every-ciso-needs/
-
With CISOs stretched thin, re-envisioning enterprise risk may be the only fix
Tags: access, ai, application-security, business, cio, ciso, cloud, compliance, control, cyber, cybersecurity, data, fraud, governance, grc, group, identity, infrastructure, jobs, monitoring, privacy, RedTeam, risk, soc, supply-chain, vulnerabilityStructural changes necessary: Flavio Villanustre, CISO for the LexisNexis Risk Solutions Group, says many organizations have already made the structural changes necessary to address the rising importance, and specialization, of cybersecurity and risk functions.”The breadth and depth of information security and cybersecurity have increased so significantly over the past two decades that it drove a…
-
CISO Julie Chatman offers insights for you to take control of your security leadership role
Tags: access, ai, attack, awareness, breach, business, ciso, control, crowdstrike, cyber, cybersecurity, deep-fake, email, finance, firewall, government, healthcare, infrastructure, law, military, office, phishing, risk, service, skills, supply-chain, technology, threat, training, updateFirst, the hopes-and-dreams budget: What would it take to close all the known gaps and operate proactively?Second, the could-live-with-this budget: What’s realistic and gets you to acceptable risk levels?Third, the I-think-I’m-going-to-resign budget: Because you can see a breach coming and you don’t want your name attached to it.You probably won’t end up at that last…
-
CISO Julie Chatman offers insights for you to take control of your security leadership role
Tags: access, ai, attack, awareness, breach, business, ciso, control, crowdstrike, cyber, cybersecurity, deep-fake, email, finance, firewall, government, healthcare, infrastructure, law, military, office, phishing, risk, service, skills, supply-chain, technology, threat, training, updateFirst, the hopes-and-dreams budget: What would it take to close all the known gaps and operate proactively?Second, the could-live-with-this budget: What’s realistic and gets you to acceptable risk levels?Third, the I-think-I’m-going-to-resign budget: Because you can see a breach coming and you don’t want your name attached to it.You probably won’t end up at that last…
-
Was CISOs über OpenClaw wissen sollten
Tags: ai, api, authentication, browser, bug, chrome, ciso, cloud, crypto, cyberattack, ddos, DSGVO, firewall, gartner, github, intelligence, Internet, jobs, linkedin, LLM, malware, marketplace, mfa, open-source, risk, security-incident, skills, software, threat, tool, update, vulnerabilityLesen Sie, welches Sicherheitsrisiko die Verwendung von OpenClaw in Unternehmen mit sich bringt.Das neue Tool zur Orchestrierung persönlicher KI-Agenten namens OpenClaw früher Clawdbot, dann Moltbot genannt erfreut sich aktuell großer Beliebtheit. Die Open-Source-Software kann eigenständig und geräteübergreifend arbeiten, mit Online-Diensten interagieren und Workflows auslösen kein Wunder, dass das Github-Repo in den vergangenen Wochen Millionen von…
-
Microsoft equips CISOs and AI risk leaders with a new security tool
Microsoft released Security Dashboard for AI in public preview for enterprise environments. The dashboard aggregates posture and real-time risk signals from Microsoft … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/16/microsoft-security-dashboard-for-ai-tool/
-
Finding a common language around risk
Tags: ceo, cio, ciso, corporate, cyber, cybersecurity, defense, framework, governance, guide, intelligence, lessons-learned, metric, monitoring, phishing, ransomware, risk, risk-management, service, strategy, supply-chain, technology, threat, tool, training, updateBuilding one culture from three languages: The Organizational Risk Culture Standard (ORCS) offers something most frameworks miss: it treats culture as the foundation, not the afterthought. You can’t bolt culture onto existing processes and call it done. Culture is how people actually think about risk when no one is watching. It’s the shared beliefs that…
-
CISO Julie Chatman wants to help you take control of your security leadership role
Tags: access, ai, attack, awareness, breach, business, ciso, control, crowdstrike, cyber, cybersecurity, deep-fake, email, finance, firewall, government, healthcare, infrastructure, law, military, office, phishing, risk, service, skills, supply-chain, technology, threat, training, updateFirst, the hopes-and-dreams budget: What would it take to close all the known gaps and operate proactively?Second, the could-live-with-this budget: What’s realistic and gets you to acceptable risk levels?Third, the I-think-I’m-going-to-resign budget: Because you can see a breach coming and you don’t want your name attached to it.You probably won’t end up at that last…