Tag: ciso
-
United Airlines CISO on building resilience when disruption is inevitable
Aviation runs on complex digital systems built for stability, safety, and long lifecycles. That reality creates a unique cybersecurity challenge for airlines, where disruption … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/09/deneen-defiore-united-airlines-aviation-cybersecurity-strategy/
-
Why Rising Cybersecurity Spend Still Isn’t Convincing Boards on ROI in APAC
Cybersecurity budgets are rising across APAC, but CIOs and CISOs still face board scrutiny. Here’s why cybersecurity ROI remains hard to prove. The post Why Rising Cybersecurity Spend Still Isn’t Convincing Boards on ROI in APAC appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/cybersecurity-roi-in-apac/
-
Zscaler extends zero-trust security to browsers with SquareX acquisition
Tags: access, ai, ceo, ciso, control, crowdstrike, cybersecurity, edr, endpoint, least-privilege, network, risk, service, strategy, tool, vpn, zero-trustA win-win for customers?: Zscaler has acknowledged that browser runtime behaviour was a missing piece in its zero-trust security, and having SquareX solution in its portfolio can help fill the gap, noted Gogia.For Zscaler customers, this acquisition would mean browser security is no longer an afterthought or a separate tool to evaluate but a native…
-
KI als AWS-Angriffsturbo
Kriminelle Hacker haben ihre Angriffe auf AWS-Umgebungen mit KI beschleunigt.Forscher des Sicherheitsanbieters Sysdig haben einen Angriff aufgedeckt, bei dem kriminelle Angreifer eine AWS-Umgebung in weniger als acht Minuten vollständig kompromittieren konnten. Laut den Threat-Spezialisten nutzten die Bedrohungsakteure dabei eine Cloud-Fehlkonfiguration mit der Hilfe von Large Language Models (LLMs) aus, um den gesamten Angriffs-Lebenszyklus zu komprimieren…
-
The blind spot every CISO must see: Loyalty
Tags: access, ai, ciso, corporate, data, espionage, exploit, finance, framework, gartner, government, intelligence, jobs, malicious, monitoring, risk, strategy, tool, training, vulnerability, zero-trustHow the misread appears in practice: Recent examples illustrate the point. In the US federal sphere, abrupt terminations under workforce reduction initiatives have left former employees with lingering access to sensitive systems, amplifying the potential for data exposure or retaliation. Corporate cases show a similar dynamic: engineers or executives who have spent years building institutional…
-
Cyber Success Trifecta: Education, Certifications & Experience
Colonel Georgeo Xavier Pulikkathara, CISO at iMerit discusses the importance of fundamentals, continuous learning, and human ingenuity in the face of AI-driven cybersecurity evolution. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/the-trifecta-of-cyber-success-education-certifications-and-experience
-
Building trust with the board through evidence-based proof
Tags: backup, business, cio, ciso, compliance, control, cyber, cybersecurity, data, finance, governance, incident, insurance, mitigation, regulation, resilience, risk, strategy, tool, updateBuilding a common language to get to “Here’s the proof of cyber resilience”: CISOs can reframe the discussion using data and evidence. Modern cybersecurity tools produce a large volume of data and information on how they operate at any point in time, the status of controls deployed, the validation of configuration and more. There’s an…
-
Should I stay or should I go?
Tags: access, breach, business, ceo, cio, ciso, communications, compliance, cybersecurity, finance, fraud, insurance, jobs, network, risk, strategy, supply-chain, update, vulnerabilityRed flag: Cognitive disconnect: Lack of access to executives and the board comes up repeatedly in Cybersecurity Ventures reports as a top reason CISO’s decide to leave their jobs, according to Steve Morgan, founder of Cybersecurity Ventures. He cites lack of support as another top reason CISO’s leave.Splunk’s 2025 CISO report found 29% of respondents…
-
Cyberrisiko Ruhestand
Wenn OT-Fachkräfte in den Ruhestand gehen, droht ein massiver Wissensverlust. Das kann erhebliche Folgen für die Cybersicherheit haben.Zwar stellen Cyberkriminelle und staatlich unterstützte Angreifer gerade für den Industriesektor eine enorme und steigende Gefahr dar. Dennoch besteht die größte Bedrohung derzeit im mangelnden Wissenstransfer, was OT-Sicherheit und -Organisation (Operational Technology) angeht. Das Hauptproblem sind vertrauenswürdige Mitarbeiter,…
-
From credentials to cloud admin in 8 minutes: AI supercharges AWS attack chain
Tags: access, ai, attack, ciso, cloud, credentials, detection, framework, group, iam, least-privilege, LLM, monitoring, trainingLateral movement, LLMjacking, and GPU abuse: Once administrative access was obtained, the attacker moved laterally across 19 distinct AWS principals, assuming multiple roles and creating new users to spread activity across identities. This approach enabled persistence and complicated detection, the researchers noted.The attackers then shifted focus to Amazon Bedrock, enumerating available models and confirming that…
-
AI Agent Identity Management: A New Security Control Plane for CISOs
Autonomous AI agents are creating a new identity blind spot as they operate outside traditional IAM controls. Token Security shows why managing the full lifecycle of AI agent identities is becoming a critical CISO priority. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-agent-identity-management-a-new-security-control-plane-for-cisos/
-
Think agentic AI is hard to secure today? Just wait a few months
Cost effective fix: Do nothing: Kodezi’s Khan offers an interesting fix for that foundational problem: Don’t even try. He argues it’s a money pit that will never be fully resolved. Instead, he suggests pouring resources into creating a strict identity strategy for every NHI going forward. “Aim for containment rather than for perfection. You can’t really govern…
-
Shai-Hulud & Co.: The software supply chain as Achilles’ heel
Tags: access, ai, application-security, attack, backdoor, ciso, cloud, credentials, cyber, github, Hardware, identity, infrastructure, kritis, kubernetes, malicious, network, nis-2, programming, risk, rust, sbom, software, strategy, supply-chain, threat, tool, vulnerability, wormThe polyglot supply chain attack: The most frightening prospect, however, is the convergence of these threats in a polyglot supply chain attack. Currently, security teams operate in isolation. AppSec monitors the code, CloudSec monitors the cloud, NetworkSec monitors the perimeter. A polyglot attack is designed to seamlessly break through these silos.This happens as follows: A…
-
Is Data Center Colocation Secure? What CIOs and CISOs Need to Know
Learn how secure data center colocation really is. A practical guide for CIOs and CISOs covering physical security, compliance, risk, and governance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/is-data-center-colocation-secure-what-cios-and-cisos-need-to-know/
-
When responsible disclosure becomes unpaid labor
Tags: ai, bug-bounty, ciso, cloud, compliance, control, credentials, cve, cvss, cybersecurity, data, email, exploit, finance, flaw, governance, healthcare, incident response, infrastructure, jobs, open-source, ransom, risk, security-incident, service, software, threat, tool, update, vulnerability, warfaresupposed to function and how it increasingly does in practice. Enter the gray zone of ethical disclosure: The result is a growing gray zone between ethical research and adversarial pressure. Based on years of reporting on disclosure disputes, that gray zone tends to emerge through a small set of recurring failure modes.Silent treatment and severity…
-
NIS2: Lieferketten als Risikofaktor
Tags: awareness, ciso, cloud, compliance, cyberattack, cyersecurity, firewall, incident response, monitoring, nis-2, risk, service, software, supply-chain, updateNIS2 verpflichtet CISOs die Sicherheit der Supply Chain stärker in den Blick zu nehmen. Viele Unternehmen investieren heute erhebliche Mittel, um ihre interne IT abzusichern. Firewalls, Monitoring, Incident-Response-Pläne und Awareness-Programme sind etabliert. Gleichzeitig wächst eine gefährliche Illusion: Die Annahme, dass sich Risiken innerhalb der eigenen Systemgrenzen kontrollieren lassen. Die Realität sieht anders aus. Moderne Geschäftsmodelle…
-
Human risk management: CISOs’ solution to the security awareness training paradox
Tags: access, ai, awareness, ciso, compliance, cyber, cybersecurity, data, email, identity, intelligence, malicious, mitigation, risk, risk-management, strategy, tool, trainingWhat is human risk management?: HRM is defined as a cybersecurity strategy that identifies, measures, and reduces the risks caused by human behavior. Simply stated, security awareness training is about what employees know; HRM is about what they do (i.e., their actual cybersecurity behavior).To be more specific, HRM integrates into email security tools, web gateways,…
-
Human risk management: CISOs’ solution to the security awareness training paradox
Tags: access, ai, awareness, ciso, compliance, cyber, cybersecurity, data, email, identity, intelligence, malicious, mitigation, risk, risk-management, strategy, tool, trainingWhat is human risk management?: HRM is defined as a cybersecurity strategy that identifies, measures, and reduces the risks caused by human behavior. Simply stated, security awareness training is about what employees know; HRM is about what they do (i.e., their actual cybersecurity behavior).To be more specific, HRM integrates into email security tools, web gateways,…
-
Measuring Agentic AI Posture: A New Metric for CISOs
In cybersecurity, we live by our metrics. We measure Mean Time to Respond (MTTR), Dwell Time, and Patch Cadence. These numbers indicate to the Board how quickly we respond when issues arise. But in the era of Agentic AI, reaction speed is no longer enough. When an AI Agent or an MCP server is compromised,…
-
Roughly half of employees are using unsanctioned AI tools, and enterprise leaders are major culprits
51% have connected AI tools to work systems or apps without the approval or knowledge of IT;63% believe it’s acceptable to use AI when there is no corporate-approved option or IT oversight;60% say speed is worth the security risk;21% think employers will simply “turn a blind eye” as long as they’re getting their work done.And…
-
The Agentic AI Posture Score: A New Metric for CISOs
In cybersecurity, we live by our metrics. We measure Mean Time to Respond (MTTR), Dwell Time, and Patch Cadence. These numbers tell the Board how fast we react when things go wrong. But in the era of Agentic AI, reaction speed is no longer enough. When an AI Agent or an MCP server is compromised,…
-
How Can CISOs Respond to Ransomware Getting More Violent?
Ransomware defense requires focusing on business resilience. This means patching issues promptly, improving user education, and deploying multi-factor authentication. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/how-cisos-respond-ransomware-getting-more-violent
-
3 Decisions CISOs Need to Make to Prevent Downtime Risk in 2026
Beyond the direct impact of cyberattacks, enterprises suffer from a secondary but potentially even more costly risk: operational downtime, any amount of which translates into very real damage. That’s why for CISOs, it’s key to prioritize decisions that reduce dwell time and protect their company from risk. Three strategic steps you can take this year…
-
NIST’s AI guidance pushes cybersecurity boundaries
Tags: access, ai, ciso, control, cybersecurity, data, defense, exploit, framework, intelligence, nist, risk, risk-assessment, software, threatThe limits of ‘AI is just software’: NIST’s instinct to frame AI as an extension of traditional software allows organizations to reuse familiar concepts, risk assessment, access control, logging, defense in depth, rather than starting from zero. Workshop participants repeatedly emphasized that many controls do transfer, at least in principle.But some experts argue that the…
-
A practical take on cyber resilience for CISOs
In this Help Net Security video, Shebani Baweja, CISO for Consumer, Private, Wealth Business Banking at Standard Chartered, explains how security leaders should think … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/29/cyber-resilience-strategy-video/
-
AI Is Rewriting Compliance Controls and CISOs Must Take Notice
AI agents are now executing regulated actions, reshaping how compliance controls actually work. Token Security explains why CISOs must rethink identity, access, and auditability as AI becomes a digital employee. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-is-rewriting-compliance-controls-and-cisos-must-take-notice/
-
Warum CISOs den sicheren Fernzugriff in den Blick nehmen sollten
Tags: cisoSeit der Pandemie setzen Unternehmen nicht nur im IT-Bereich verstärkt auf Fernzugriffslösungen für ihre Mitarbeiter und Partner, sondern auch in OT-Infrastrukturen wie industriellen Anlagen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/cisos-und-sicherer-fernzugriff