Tag: ciso
-
National Cyber Security Bill and NIS2: Senior Management’s Compliance Guide
Cybersecurity governance is moving to the highest levels of organizational leadership, a shift highlighted by the European Union’s NIS2 Directive and Ireland’s forthcoming National Cyber Security Bill. At a recent conference hosted by Ireland’s National Cyber Security Centre, attendees were asked: “Where are cybersecurity risks managed in your organization?” Results showed roughly half of organizations assign cyber risk oversight…
-
Serviceangebot CISO Advantage – Sophos kauft Arco Cyber
First seen on security-insider.de Jump to article: www.security-insider.de/sophos-kauft-arco-cyber-a-4578fb82960aca661ae41939a37667f0/
-
OpenClaw Insights: A CISO’s Guide to Safe Autonomous Agents FireTail Blog
Tags: access, ai, api, breach, ciso, compliance, control, data, data-breach, detection, endpoint, finance, firewall, framework, governance, guide, LLM, network, open-source, risk, risk-management, software, strategy, technology, tool, vulnerabilityFeb 27, 2026 – Alan Fagan – The “OpenClaw” crisis has board members asking, “Could this happen to us?” The answer isn’t to ban AI agents. It’s to govern them. By now, the dust is settling on the OpenClaw (aka MoltBot) incident. The technical post-mortems (including our own) have been written, the exposed ports have…
-
Ransomware groups switch to stealthy attacks and long-term access
Tags: access, application-security, attack, ciso, control, crime, cyber, cybercrime, cybersecurity, data, detection, encryption, endpoint, exploit, extortion, group, identity, intelligence, monitoring, organized, ransomware, service, software, strategy, supply-chain, switch, theft, threat, tool, vulnerability38% drop in encryption over the past 12 months as more cybercriminals turn to silently exfiltrating data for extortion as their main stock in trade.Picus’ suggestion that the volume of ransomware attacks is dropping is disputed by other experts.Tony Anscombe, chief security evangelist at endpoint security vendor Eset, offered a contrasting perspective.”In the recent Eset…
-
DeVry University’s CISO on higher education cybersecurity risk
In this Help Net Security interview, Fred Kwong, VP, CISO at DeVry University, outlines how the university balances academic openness with cyber risk. He describes how systems … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/27/fred-kwong-devry-university-higher-education-cybersecurity-risk/
-
The CISO role keeps getting heavier
Personal liability is becoming a routine part of the CISO job. In Splunk’s 2026 CISO Report, titled From Risk to Resilience in the AI Era, 78% of CISOs said they are concerned … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/27/splunk-ciso-liability-risk-report/
-
The 2026 CISO Mandate: Proactive, Passwordless, and Context-Aware Identity Assurance
<div cla In our opinion, Gartner’s 2026 research reflects this broader evolution. Identity has expanded beyond perimeter controls and point-in-time authentication to encompass verification of the human, contextual risk assessment, and automated trust decisions. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/the-2026-ciso-mandate-proactive-passwordless-and-context-aware-identity-assurance/
-
Microsoft Copilot DLP Bypass: A Data Trust Wake-Up Call for AI Security
Tags: access, ai, business, ciso, cloud, compliance, control, data, data-breach, detection, email, endpoint, infrastructure, leak, microsoft, monitoring, risk, risk-management, saas, toolWhen Microsoft confirmed that a bug allowed Copilot to surface and summarize emails marked confidential despite existing DLP controls, it reignited urgent questions about Microsoft Copilot security, DLP bypass risk and enterprise AI data protection. The reaction was immediate. For many CISOs and security leaders responsible for Microsoft 365 security and AI risk management, it…
-
Don’t Bring a Knife to a Gunfight: How to Choose the Right Microsegmentation Enforcement for Your Enterprise
As the network security landscape matures, a consensus has emerged among CISOs and security architects that preventing lateral movement attacks through microsegmentation is a critical part of their overall cybersecurity strategy. Controlling east-west traffic to prevent lateral attacks has become increasingly important, especially as hackers now leverage AI-driven automation to multiply the volume of attacks……
-
Don’t Bring a Knife to a Gunfight: How to Choose the Right Microsegmentation Enforcement for Your Enterprise
As the network security landscape matures, a consensus has emerged among CISOs and security architects that preventing lateral movement attacks through microsegmentation is a critical part of their overall cybersecurity strategy. Controlling east-west traffic to prevent lateral attacks has become increasingly important, especially as hackers now leverage AI-driven automation to multiply the volume of attacks……
-
The “Analog Panic Button”: What The Pitt Gets Right (and Wrong) About Hospital Cyber Resilience
When ransomware hits a hospital, shutting everything down isn’t resilience. Learn how healthcare CISOs prevent hospital-wide outages with identity security, network segmentation validation, and CTEM. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/the-analog-panic-button-what-the-pitt-gets-right-and-wrong-about-hospital-cyber-resilience/
-
How to Bring Zero Trust to the Data Stream Blog – Menlo Security
Zero Trust isn’t complete until it reaches the file. Learn why CISOs are adopting CDR to eliminate zero-day risks and secure content across every channel. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/how-to-bring-zero-trust-to-the-data-stream-blog-menlo-security/
-
How the CISO’s Role is Evolving From Technologist to Chief Educator
Today’s CISO is a strategic leader responsible for risk communication, security culture, education, and executive alignment. Technical expertise remains essential, but influence, clarity, and leadership now define success. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/how-the-cisos-role-is-evolving-from-technologist-to-chief-educator/
-
The farmers and the mercenaries: Rethinking the ‘human layer’ in security
Tags: access, attack, authentication, awareness, ciso, control, cybersecurity, defense, detection, intelligence, jobs, monitoring, risk, soc, threat, tool, trainingThe evidence is already in: This isn’t a theoretical complaint, it shows up in research on how real SOCs work. A study by the University of Oxford based on surveys and interviews with SOC practitioners found they “confirmed the high” false-positive rates of tools in use, and that many “false positives” are actually benign triggers…
-
Compliance ohne Vollzeit-CISO und teure Zertifizierung – Minimum Viable Security für KMU: Schutz mit minimalen Ressourcen
First seen on security-insider.de Jump to article: www.security-insider.de/minimum-viable-security-kmu-compliance-ohne-ciso-a-b46c5899900fbb26d7929ca29fc6bd48/
-
It’s an East-West, North-South Thing: ColorTokens and Netskope Have You Covered from All Directions
If you’re a security architect or CISO, these famous words of Lt. General Lewis “Chesty” Puller may hold visceral meaning for you: “We’ve been looking for the enemy for some time now. We’ve finally found him. We’re surrounded.” You, too, are surrounded by a smart and aggressive adversary who is constantly probing your defenses, seeking……
-
5 trends that should top CISO’s RSA 2026 agendas
Tags: access, ai, attack, authentication, backup, business, cio, ciso, cloud, conference, control, corporate, cryptography, cyber, cybersecurity, data, defense, detection, edr, finance, framework, governance, group, healthcare, identity, incident response, intelligence, network, okta, resilience, risk, saas, service, skills, software, strategy, tactics, technology, threat, tool, training, update, vulnerability, zero-trustCTEM in the spotlight: In another evolutionary trend, most organizations are moving beyond scanning for software snafus to continuous threat exposure management (CTEM). By doing so, security teams hope to get a full picture of all assets, as well as their configurations, locations, software vulnerabilities, ownership, and business criticality.Armed with this data, CTEM platforms look…
-
Boards don’t need cyber metrics, they need risk signals
Tags: access, advisory, ai, attack, automation, awareness, business, ciso, control, cyber, cybersecurity, data, framework, governance, intelligence, metric, phishing, riskThe seduction of counting: Even when metrics are not too technical and align with business impact, another problem emerges: What gets counted can crowd out what matters.Wendy Nather, a longtime CISO who is now an advisor at EPSD, cautions against equating measurement with understanding. “When you are reporting to the board, there are some things…
-
The Coming Regulatory Wave for AI Agents Their APIs
Tags: access, ai, api, attack, ciso, compliance, control, corporate, data, endpoint, finance, framework, governance, guide, infrastructure, leak, monitoring, regulation, risk, toolFor the past two years, the adoption of Generative AI has felt like a gold rush. Organizations raced to integrate Large Language Models and build autonomous agents to assist employees. They often bypassed standard governance processes in the name of speed and innovation. That era of unrestricted experimentation is rapidly drawing to a close. A…
-
In the AI era, CISOs worry about data leaks and doubt tech will solve skills gaps
CISOs see AI as necessary but insufficient and fraught with risks, a new report found. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/in-the-ai-era-cisos-worry-about-data-leaks-and-doubt-tech-will-solve-skill/812964/
-
Identity-First AI Security: Why CISOs Must Add Intent to the Equation
AI agents now provision infrastructure and approve actions, but many inherit over-scoped privileges without proper governance. Token Security explains why CISOs must treat agents as identities and add intent-based controls so access is granted only when purpose and context align. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/identity-first-ai-security-why-cisos-must-add-intent-to-the-equation/
-
Why CISOs should prioritize continuous controls monitoring in 2026
In a recent roundup of strategic initiatives for CISOs, I argued that continuous assurance is the 2026 operating model. Across all ten initiatives, the pattern was clear. Security is no longer being evaluated by effort, it’s being evaluated by outcomes. Boards, customers, and regulators are no longer asking what tools you deployed or how busy…The…
-
It’s time to rethink CISO reporting lines
Tags: ai, business, ceo, cio, ciso, control, cyber, data, governance, infrastructure, jobs, risk, threat, vulnerabilityWhat’s in a reporting line?: Aaron Painter, CEO of security vendor Nametag, contends that reporting structures often mean less than the respect the CISO is granted.Painter is “less dogmatic about where the CISO reports and more focused on whether they actually have a seat at the table,” he says.”Org charts matter far less than influence,”…
-
Anthropic’s Claude Code Security rollout is an industry wakeup call
Anchors security posture to the model: However, those assurances didn’t make all concerns evaporate. “The moment those vibe coders plug a foundation model into their CI pipeline, their entire security posture is no longer anchored only to the company’s code,” I-Gentic AI CEO Zahra Timsah pointed out.”It is anchored to the current behavior of that model.…
-
Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon
Tags: access, ai, api, attack, authentication, business, ciso, control, credentials, cybersecurity, data-breach, detection, exploit, firewall, fortinet, group, Internet, linkedin, malicious, mfa, monitoring, network, password, russia, software, threat, tool, vpn, vulnerabilityRecommendations: The Amazon report makes a number of recommendations to network admins with FortiGate devices. They include ensuring device management interfaces aren’t exposed to the internet, or, if they have to be, restricting access to known IP ranges and using a bastion host or out-of-band management network. As basic cybersecurity demands, all default and common…
-
Moving From Anomalies to Connections in Fraud Defense
Shared Network Intelligence Adds Ecosystem Visibility to AI Models. Fraudsters collaborate, but most banks still detect fraud alone. This imbalance has defined fraud prevention for years. Now CISOs and fraud practitioners are rethinking their approach using network intelligence signals. Network intelligence shifts the lens by focusing on relationships across banks. First seen on govinfosecurity.com Jump…
-
The hidden security cost of treating labs like data centers
In this Help Net Security interview, Rich Kellen, VP, CISO at IFF, explains why security teams should not treat OT labs like IT environments. He discusses how compromise can … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/23/rich-kellen-iff-ot-lab-cybersecurity/
-
Week in review: Firmware-level Android backdoor found on tablets, Dell zero-day exploited since 2024
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Security at AI speed: The new CISO reality The CISO role has changed … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/22/week-in-review-firmware-level-android-backdoor-found-on-tablets-dell-zero-day-exploited-since-2024/