Tag: ciso
-
CISO’s Expert Guide To AI Supply Chain Attacks
AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations.Download the full CISO’s expert guide to AI Supply chain attacks here. TL;DRAI-enabled supply chain attacks are exploding in scale and sophistication – Malicious package uploads to open-source repositories jumped 156% in…
-
Your passwordless future may never fully arrive
Tags: access, api, attack, authentication, breach, ceo, ciso, cloud, compliance, credentials, cyber, cybersecurity, group, infrastructure, insurance, mfa, network, passkey, password, risk, service, strategy, technology, vpn, zero-trustAll-in passwordless strategies fall short: Jim Taylor, chief product and strategy officer at RSA, says today’s enterprise environment and existing passwordless approaches make “100% passwordless not possible just yet,” adding that “85% is possible, with the 15% representing the complicated and the very specialized” needs such as “security admins who need to log in to…
-
Your passwordless future may never fully arrive
Tags: access, api, attack, authentication, breach, ceo, ciso, cloud, compliance, credentials, cyber, cybersecurity, group, infrastructure, insurance, mfa, network, passkey, password, risk, service, strategy, technology, vpn, zero-trustAll-in passwordless strategies fall short: Jim Taylor, chief product and strategy officer at RSA, says today’s enterprise environment and existing passwordless approaches make “100% passwordless not possible just yet,” adding that “85% is possible, with the 15% representing the complicated and the very specialized” needs such as “security admins who need to log in to…
-
To get funding, CISOs are mastering the language of money
In this Help Net Security interview, Chris Wheeler, CISO at Resilience, talks about how CISOs are managing changing cybersecurity budgets. While overall spending is up, many … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/11/chris-wheeler-resilience-cisos-cybersecurity-budgets/
-
To get funding, CISOs are mastering the language of money
In this Help Net Security interview, Chris Wheeler, CISO at Resilience, talks about how CISOs are managing changing cybersecurity budgets. While overall spending is up, many … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/11/chris-wheeler-resilience-cisos-cybersecurity-budgets/
-
CISOs are cracking under pressure
Cybersecurity leaders are hitting their limit. A new report from Nagomi Security shows that most CISOs are stretched thin, dealing with nonstop incidents, too many tools, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/11/stress-ciso-burnout-crisis/
-
How GlassWorm wormed its way back into developers’ code, and what it says about open source security
Tags: access, ai, attack, blockchain, ciso, control, credentials, crypto, cybersecurity, data, data-breach, endpoint, exploit, framework, github, google, infrastructure, law, malicious, malware, marketplace, monitoring, open-source, resilience, service, software, supply-chain, threat, tool, update, wormadhamu.history-in-sublime-merge (downloaded 4,000 times)ai-driven-dev.ai-driven-dev (downloaded 3,300 times)yasuyuky.transient-emacs (downloaded 2,400 times)All three GlassWorm extensions are “still literally invisible” in code editors, the researchers note. They are encoded in unprintable Unicode characters that look like blank space to the human eye, but execute as JavaScript.The attackers have posted new transactions to the Solana blockchain that outline updated…
-
How GlassWorm wormed its way back into developers’ code, and what it says about open source security
Tags: access, ai, attack, blockchain, ciso, control, credentials, crypto, cybersecurity, data, data-breach, endpoint, exploit, framework, github, google, infrastructure, law, malicious, malware, marketplace, monitoring, open-source, resilience, service, software, supply-chain, threat, tool, update, wormadhamu.history-in-sublime-merge (downloaded 4,000 times)ai-driven-dev.ai-driven-dev (downloaded 3,300 times)yasuyuky.transient-emacs (downloaded 2,400 times)All three GlassWorm extensions are “still literally invisible” in code editors, the researchers note. They are encoded in unprintable Unicode characters that look like blank space to the human eye, but execute as JavaScript.The attackers have posted new transactions to the Solana blockchain that outline updated…
-
Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations
Tags: ai, api, attack, ciso, cloud, cyberattack, data, finance, healthcare, leak, LLM, microsoft, mitigation, network, openai, service, side-channel, vpnInside Microsoft’s proof-of-concept: Researchers at Microsoft simulated a real-world scenario in which the adversary could observe encrypted traffic but not decrypt it. They chose “legality of money laundering” as the target topic for the proof-of-concept.For positive samples, the team used a”¯language model”¯to generate 100 semantically similar variants of questions about this topic. For negative”¯noise”¯samples,”¯it randomly…
-
Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations
Tags: ai, api, attack, ciso, cloud, cyberattack, data, finance, healthcare, leak, LLM, microsoft, mitigation, network, openai, service, side-channel, vpnInside Microsoft’s proof-of-concept: Researchers at Microsoft simulated a real-world scenario in which the adversary could observe encrypted traffic but not decrypt it. They chose “legality of money laundering” as the target topic for the proof-of-concept.For positive samples, the team used a”¯language model”¯to generate 100 semantically similar variants of questions about this topic. For negative”¯noise”¯samples,”¯it randomly…
-
Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations
Tags: ai, api, attack, ciso, cloud, cyberattack, data, finance, healthcare, leak, LLM, microsoft, mitigation, network, openai, service, side-channel, vpnInside Microsoft’s proof-of-concept: Researchers at Microsoft simulated a real-world scenario in which the adversary could observe encrypted traffic but not decrypt it. They chose “legality of money laundering” as the target topic for the proof-of-concept.For positive samples, the team used a”¯language model”¯to generate 100 semantically similar variants of questions about this topic. For negative”¯noise”¯samples,”¯it randomly…
-
Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations
Tags: ai, api, attack, ciso, cloud, cyberattack, data, finance, healthcare, leak, LLM, microsoft, mitigation, network, openai, service, side-channel, vpnInside Microsoft’s proof-of-concept: Researchers at Microsoft simulated a real-world scenario in which the adversary could observe encrypted traffic but not decrypt it. They chose “legality of money laundering” as the target topic for the proof-of-concept.For positive samples, the team used a”¯language model”¯to generate 100 semantically similar variants of questions about this topic. For negative”¯noise”¯samples,”¯it randomly…
-
CISOs must prove the business value of cyber, the right metrics can help
Cybersecurity as a business function: “The challenge has been that security is put in the wrong organizational structure, with the CISO reporting to the CIO or CTO or chief digital officer,” Oberlaender says. “Security is not foremost a technology problem. Maybe ten or twenty percent is technology. But the rest is people, process and the…
-
CISOs must prove the business value of cyber, the right metrics can help
Cybersecurity as a business function: “The challenge has been that security is put in the wrong organizational structure, with the CISO reporting to the CIO or CTO or chief digital officer,” Oberlaender says. “Security is not foremost a technology problem. Maybe ten or twenty percent is technology. But the rest is people, process and the…
-
CISOs must prove the business value of cyber, the right metrics can help
Cybersecurity as a business function: “The challenge has been that security is put in the wrong organizational structure, with the CISO reporting to the CIO or CTO or chief digital officer,” Oberlaender says. “Security is not foremost a technology problem. Maybe ten or twenty percent is technology. But the rest is people, process and the…
-
Adopting a counterintelligence mindset in luxury logistics
In this Help Net Security interview, Andrea Succi, Group CISO at Ferrari Group, discusses how cybersecurity is integrated into every aspect of the logistics industry. He … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/10/andrea-succi-ferrari-group-logistics-industry-cybersecurity/
-
Adopting a counterintelligence mindset in luxury logistics
In this Help Net Security interview, Andrea Succi, Group CISO at Ferrari Group, discusses how cybersecurity is integrated into every aspect of the logistics industry. He … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/10/andrea-succi-ferrari-group-logistics-industry-cybersecurity/
-
Adopting a counterintelligence mindset in luxury logistics
In this Help Net Security interview, Andrea Succi, Group CISO at Ferrari Group, discusses how cybersecurity is integrated into every aspect of the logistics industry. He … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/10/andrea-succi-ferrari-group-logistics-industry-cybersecurity/
-
NDSS 2025 Qualitative Study On Boards’ Cybersecurity Risk Decision Making
Tags: ciso, conference, cyber, cybersecurity, data-breach, fraud, Internet, network, phishing, risk, strategySESSION Session 2C: Phishing & Fraud 1 Authors, Creators & Presenters: Jens Christian Opdenbusch (Ruhr University Bochum), Jonas Hielscher (Ruhr University Bochum), M. Angela Sasse (Ruhr University Bochum, University College London) PAPER “Where Are We On Cyber?” – A Qualitative Study On Boards’ Cybersecurity Risk Decision Making Boards are increasingly required to oversee the cybersecurity…
-
Fortinet’s Fabric-Based Approach to Cloud Security
The enterprise migration to the cloud has created a security paradox. While digital transformation and multi-cloud architectures promise agility, they have also delivered unprecedented complexity. This complexity is the modern CISO’s greatest enemy. For every new cloud environment, SaaS application, or remote workforce, a new, siloed security tool has usually been procured. The result is..…
-
Fortinet’s Fabric-Based Approach to Cloud Security
The enterprise migration to the cloud has created a security paradox. While digital transformation and multi-cloud architectures promise agility, they have also delivered unprecedented complexity. This complexity is the modern CISO’s greatest enemy. For every new cloud environment, SaaS application, or remote workforce, a new, siloed security tool has usually been procured. The result is..…
-
Wie CISOs vom ERP-Leid profitieren
Tags: ai, best-practice, business, cio, cisco, ciso, cloud, crowdstrike, cybersecurity, fortinet, mail, microsoft, network, resilience, service, siem, soar, threat, toolSecurity Platformization ist eine Herausforderung gut, wenn man vorher weiß, worauf es (nicht) ankommt.Studienerkenntnissen zufolge sind in einem durchschnittlichen (Groß-)Unternehmen zwischen 40 und 80 separate Sicherheits-Tools im Einsatz. Wildwuchs dieser Art führt regelmäßig zu:Security-Datensilos,Integrationsproblemen,fortlaufendem Wartungs- und Konfigurationsaufwand, oderAlert-Müdigkeit.Angesichts dieser Herausforderungen (und dem Marktpotenzial für entsprechende Lösungen) haben diverse Security-Anbieter Technologieplattformen aufgebaut etwa Cisco, Crowdstrike, Fortinet,…
-
Wie CISOs vom ERP-Leid profitieren
Tags: ai, best-practice, business, cio, cisco, ciso, cloud, crowdstrike, cybersecurity, fortinet, mail, microsoft, network, resilience, service, siem, soar, threat, toolSecurity Platformization ist eine Herausforderung gut, wenn man vorher weiß, worauf es (nicht) ankommt.Studienerkenntnissen zufolge sind in einem durchschnittlichen (Groß-)Unternehmen zwischen 40 und 80 separate Sicherheits-Tools im Einsatz. Wildwuchs dieser Art führt regelmäßig zu:Security-Datensilos,Integrationsproblemen,fortlaufendem Wartungs- und Konfigurationsaufwand, oderAlert-Müdigkeit.Angesichts dieser Herausforderungen (und dem Marktpotenzial für entsprechende Lösungen) haben diverse Security-Anbieter Technologieplattformen aufgebaut etwa Cisco, Crowdstrike, Fortinet,…
-
Wie CISOs vom ERP-Leid profitieren
Tags: ai, best-practice, business, cio, cisco, ciso, cloud, crowdstrike, cybersecurity, fortinet, mail, microsoft, network, resilience, service, siem, soar, threat, toolSecurity Platformization ist eine Herausforderung gut, wenn man vorher weiß, worauf es (nicht) ankommt.Studienerkenntnissen zufolge sind in einem durchschnittlichen (Groß-)Unternehmen zwischen 40 und 80 separate Sicherheits-Tools im Einsatz. Wildwuchs dieser Art führt regelmäßig zu:Security-Datensilos,Integrationsproblemen,fortlaufendem Wartungs- und Konfigurationsaufwand, oderAlert-Müdigkeit.Angesichts dieser Herausforderungen (und dem Marktpotenzial für entsprechende Lösungen) haben diverse Security-Anbieter Technologieplattformen aufgebaut etwa Cisco, Crowdstrike, Fortinet,…
-
Wie CISOs vom ERP-Leid profitieren
Tags: ai, best-practice, business, cio, cisco, ciso, cloud, crowdstrike, cybersecurity, fortinet, mail, microsoft, network, resilience, service, siem, soar, threat, toolSecurity Platformization ist eine Herausforderung gut, wenn man vorher weiß, worauf es (nicht) ankommt.Studienerkenntnissen zufolge sind in einem durchschnittlichen (Groß-)Unternehmen zwischen 40 und 80 separate Sicherheits-Tools im Einsatz. Wildwuchs dieser Art führt regelmäßig zu:Security-Datensilos,Integrationsproblemen,fortlaufendem Wartungs- und Konfigurationsaufwand, oderAlert-Müdigkeit.Angesichts dieser Herausforderungen (und dem Marktpotenzial für entsprechende Lösungen) haben diverse Security-Anbieter Technologieplattformen aufgebaut etwa Cisco, Crowdstrike, Fortinet,…
-
What past ERP mishaps can teach CISOs about security platformization
Tags: ai, automation, business, cio, ciso, cyber, cybersecurity, data, finance, metric, resilience, service, technology, tool, training5 tips for getting security platformization right: Current trending suggests that in many enterprises, security platform migration is inevitable in the short- or long-term. Given this, CISOs would be well served by carefully studying the mistakes made with ERP and plan accordingly with proven best practices. Based on my research, here are a few suggestions:Get executive…
-
What past ERP mishaps can teach CISOs about security platformization
Tags: ai, automation, business, cio, ciso, cyber, cybersecurity, data, finance, metric, resilience, service, technology, tool, training5 tips for getting security platformization right: Current trending suggests that in many enterprises, security platform migration is inevitable in the short- or long-term. Given this, CISOs would be well served by carefully studying the mistakes made with ERP and plan accordingly with proven best practices. Based on my research, here are a few suggestions:Get executive…