Tag: ciso

Warum CISOs den sicheren Fernzugriff in den Blick nehmen sollten

Jan 28, 2026 10:21 AM

Tags: ciso

Seit der Pandemie setzen Unternehmen nicht nur im IT-Bereich verstärkt auf Fernzugriffslösungen für ihre Mitarbeiter und Partner, sondern auch in OT-Infrastrukturen wie industriellen Anlagen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/cisos-und-sicherer-fernzugriff
Skills CISOs need to master in 2026

Jan 28, 2026 9:21 AM

Tags: access, ai, business, ciso, cloud, compliance, credentials, cyber, cybersecurity, data, endpoint, finance, firewall, group, Hardware, identity, infrastructure, intelligence, jobs, resilience, risk, risk-management, skills, strategy, threat, tool, training

Top technical skills: In addition to strong knowledge of AI systems, today’s CISOs need a solid foundation in the technologies that define modern enterprise environments. The (ISC)² CISSP is still widely regarded as the gold standard for broad expertise in security architecture, risk management, and governance. “Regulators will expect this, and it still appears in…
4 Probleme, die CISOs behindern

Jan 27, 2026 5:23 PM

Tags: ai, business, ciso, cloud, compliance, cyberattack, cybersecurity, cyersecurity, data, framework, governance, risk, risk-management, skills, strategy, tool, vulnerability-management

Lesen Sie, welche strategischen Probleme CISOs bei ihren Aufgaben behindern.Viele Sicherheitsverantwortliche glauben, dass ein Cybervorfall unvermeidlich ist unklsar ist lediglich der Zeitpunkt. Diese Überzeugung spiegelt sich in der gängigen Redewendung wider, dass es nicht darum geht, ‘ob”, sondern ‘wann” ein Angriff erfolgt.Eine wachsende Zahl von CISOs rechnet jedoch eher früher als später mit einem Vorfall:…
149 Millionen gestohlenen Benutzernamen Es reicht nicht Passwörter zu ändern. Vielmehr muss der Zugriff kontrolliert und reduziert werden.

Jan 27, 2026 3:21 PM

Tags: access, bug, ciso, malware, password

Eine öffentlich zugängliche Datenbank mit 149 Millionen gestohlenen Benutzernamen und Passwörtern wurde vom Netz genommen, nachdem ein Sicherheitsforscher die Sicherheitslücke entdeckt und den Hosting-Anbieter darüber informiert hatte. Die Datenbank scheint mithilfe von Infostealer-Malware zusammengestellt worden zu sein, die unbemerkt Anmeldedaten von infizierten Geräten abgreift. Ein Kommentar von Shane Barney, CISO bei Keeper Security. Die Zahlen…
Overcoming AI fatigue

Jan 27, 2026 2:21 PM

Tags: access, ai, awareness, business, ciso, cloud, control, data, finance, governance, incident response, jobs, metric, monitoring, privacy, risk, strategy, supply-chain, technology, tool, training, zero-trust

before it becomes fully entrenched in every corner of the business. It’s a rare opportunity, one we shouldn’t waste. A big part of the confusion comes from the word “AI” itself. We use the same label to talk about a chatbot drafting marketing copy and autonomous agents that generate and implement incident response playbooks. Technically,…
4 issues holding back CISOs’ security agendas

Jan 27, 2026 9:21 AM

Tags: access, ai, application-security, attack, business, ciso, cloud, compliance, control, cyber, cybersecurity, data, endpoint, framework, governance, intelligence, jobs, monitoring, network, resilience, risk, risk-assessment, risk-management, sans, service, skills, strategy, technology, threat, tool, training, vulnerability, vulnerability-management

2. Inability to keep pace with AI innovation and adoption: Executives and employees alike have been rushing to adopt artificial intelligence, enticed by expectations that AI will transform workflows and save time, money, and effort.But CISOs for the most part have not kept pace with their business colleagues’ rate of AI adoption.According to a survey…
4 Sicherheitsrisiken, die CIOs bei der Nutzung von Krypto-Technologien oft unterschätzen

Jan 27, 2026 8:20 AM

Tags: cio, ciso, crypto, risk

Krypto-Technologien haben sich vom Nischenexperiment zu einem strategischen Thema entwickelt. Für viele Unternehmen geht es dabei weniger um Spekulation, sondern um Infrastrukturfragen: digitale Identitäten, tokenisierte Prozesse oder neue Zahlungswege. Genau hier entstehen Risiken, die im Managementalltag leicht untergehen. 2026 stehen CIOs und CISOs vor einer paradoxen Situation. Einerseits wächst der Druck, sich mit Krypto-Technologien auseinanderzusetzen….…
Rethinking Cybersecurity in a Platform World

Jan 27, 2026 12:20 AM

Tags: cio, ciso, cloud, compliance, cybersecurity, detection, endpoint, firewall, iam, threat, tool

How Consolidation Is Forcing CISOs and CIOs to Rethink Security Architecture For more than a decade, enterprise security has relied on point solutions. Companies invested in separate tools – endpoint detection, firewalls, cloud security and IAM – each designed to address a specific threat or compliance requirement. But that approach is starting to break down.…
Digitale Integrität: Warum Firewall und IDS nicht reichen

Jan 26, 2026 6:21 PM

Tags: access, apt, breach, bsi, ceo, ciso, cloud, crowdstrike, cyber, cyberattack, cyersecurity, data, data-breach, detection, firewall, fraud, group, ibm, lazarus, linkedin, mail, malware, microsoft, phishing, privacy, social-engineering, spear-phishing, threat, tool, zero-trust

Die systematische Erfassung von Daten über Mitarbeiter, Kunden und Geschäftspartner hat eine neue Angriffsfläche geschaffen, die von Cyberkriminellen ausgenutzt wird.In einer vernetzten Geschäftswelt stehen Unternehmen vor beispiellosen Cybersicherheits-Herausforderungen. Laut dem IBM Cost of a Data Breach Report 2024 betragen die durchschnittlichen Kosten eines durch Phishing verursachten Datenlecks etwa 4,88 Millionen Dollar. Nach Branchenschätzungen werden täglich etwa…
Digitale Integrität: Warum Firewall und IDS nicht reichen

Jan 26, 2026 6:21 PM

Tags: access, apt, breach, bsi, ceo, ciso, cloud, crowdstrike, cyber, cyberattack, cyersecurity, data, data-breach, detection, firewall, fraud, group, ibm, lazarus, linkedin, mail, malware, microsoft, phishing, privacy, social-engineering, spear-phishing, threat, tool, zero-trust

Die systematische Erfassung von Daten über Mitarbeiter, Kunden und Geschäftspartner hat eine neue Angriffsfläche geschaffen, die von Cyberkriminellen ausgenutzt wird.In einer vernetzten Geschäftswelt stehen Unternehmen vor beispiellosen Cybersicherheits-Herausforderungen. Laut dem IBM Cost of a Data Breach Report 2024 betragen die durchschnittlichen Kosten eines durch Phishing verursachten Datenlecks etwa 4,88 Millionen Dollar. Nach Branchenschätzungen werden täglich etwa…
CISO’s predictions for 2026

Jan 26, 2026 9:21 AM

Tags: access, ai, attack, authentication, automation, breach, business, ciso, cloud, control, credentials, cryptography, cyber, cyberattack, cybersecurity, data, data-breach, encryption, endpoint, extortion, finance, governance, government, healthcare, identity, infrastructure, malicious, mobile, mssp, network, password, penetration-testing, ransomware, risk, router, saas, soc, strategy, supply-chain, technology, threat, tool, vulnerability, warfare

AI agents to reshape the threat landscape: But those same AI technologies are also changing the threat landscape. Toal points to a recent Anthropic report that documented the first large-scale AI-enabled cyberattack as an early warning sign. “I guarantee attackers will be more focused on using AI agents for what they want than a lot…
Healthy Security Cultures Want People to Report Risks

Jan 24, 2026 6:30 PM

Tags: ciso, risk

The signs of an effective security culture are shifting as companies call on CISOs and security teams to raise their hands unabashedly. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/healthy-security-cultures-thrive-on-risk-reporting
ISMG Editors: How Deepfakes Are Breaking Digital Trust

Jan 23, 2026 11:30 PM

Tags: access, ciso, deep-fake

Also: How Non-Human Identities Redefine Security; the Delinea-StrongDM Deal. In this week’s panel, four editors discussed how deepfakes are reshaping digital Know Your Customer practices, what the rise of non-human identities means for CISOs and what Delinea’s acquisition of StrongDM tells us about where the privileged access market is heading. First seen on govinfosecurity.com Jump…
Voice Phishing Okta Customers: ShinyHunters Claims Credit

Jan 23, 2026 10:30 PM

Tags: attack, authentication, ciso, malicious, okta, phishing, service

Okta Alerts Customers’ CISOs to Malicious Campaigns Seeking Single Sign-On Access. A surge in attacks that bypass some types of multifactor authentication has been tied to a new generation of voice-phishing toolkits that give attackers the ability to orchestrate what a target sees in their browser, warns a new report from Okta, which is among…
The cybercrime industry continues to challenge CISOs in 2026

Jan 23, 2026 8:30 PM

Tags: access, ai, attack, automation, backup, best-practice, breach, business, ciso, compliance, control, credentials, crime, crowdstrike, cyber, cybercrime, cybersecurity, data, data-breach, deep-fake, defense, detection, disinformation, espionage, exploit, extortion, fortinet, framework, fraud, governance, group, hacker, hacking, identity, incident response, infection, infrastructure, insurance, intelligence, malware, metric, network, phishing, ransom, ransomware, resilience, risk, saas, service, soar, social-engineering, sophos, strategy, supply-chain, technology, theft, threat, tool, training, update, usa, vpn, vulnerability

Evolution of the security strategy: Alessandro Armenia, global head of cybersecurity at ReeVo, believes that three key aspects are emerging in the current landscape: “First, attacks are no longer isolated events, but coordinated, in some cases automated, operations that often originate within the organizations themselves, for example, due to human error or exposed credentials. Second,…
The cybercrime industry continues to challenge CISOs in 2026

Jan 23, 2026 8:30 PM

Tags: access, ai, attack, automation, backup, best-practice, breach, business, ciso, compliance, control, credentials, crime, crowdstrike, cyber, cybercrime, cybersecurity, data, data-breach, deep-fake, defense, detection, disinformation, espionage, exploit, extortion, fortinet, framework, fraud, governance, group, hacker, hacking, identity, incident response, infection, infrastructure, insurance, intelligence, malware, metric, network, phishing, ransom, ransomware, resilience, risk, saas, service, soar, social-engineering, sophos, strategy, supply-chain, technology, theft, threat, tool, training, update, usa, vpn, vulnerability

Evolution of the security strategy: Alessandro Armenia, global head of cybersecurity at ReeVo, believes that three key aspects are emerging in the current landscape: “First, attacks are no longer isolated events, but coordinated, in some cases automated, operations that often originate within the organizations themselves, for example, due to human error or exposed credentials. Second,…
Healthy Security Cultures Thrive on Risk Reporting

Jan 23, 2026 6:38 PM

Tags: ciso, risk

The signs of an effective security culture are shifting as companies call on CISOs and security teams to raise their hands unabashedly. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/healthy-security-cultures-thrive-on-risk-reporting
Cyberresilienz für CISOs: Widerstands- und Anpassungsfähigkeit für ein resilientes Unternehmen

Jan 23, 2026 10:31 AM

Tags: ciso, cyberattack, strategy

Sicherheitsverantwortliche haben Jahrzehnte damit verbracht, Abwehrmaßnahmen aufzubauen, doch trotz Investitionen in die Prävention sind Unternehmen nach wie vor mit erheblichen Störungen und Ausfallzeiten durch Cyberangriffe konfrontiert. Daher ist es notwendig, den Fokus zu verlagern: Von einer Denkweise, die auf Prävention und Reaktion ausgerichtet ist, hin zu einer Cyberresilienz-Strategie, die ihren Schwerpunkt auf Widerstands- und Anpassungsfähigkeit……
What makes AI in cybersecurity reliable?

Jan 23, 2026 1:31 AM

Tags: ai, ciso, cloud, cybersecurity, threat

Are Non-Human Identities the Missing Link in Cybersecurity AI Reliability? Cybersecurity is an evolving field, constantly adapting to new threats and vulnerabilities. But have you considered how Non-Human Identities (NHIs) are shaping cybersecurity, especially regarding AI reliability? NHIs, essentially machine identities, are critical components in creating a secure cloud environment, providing oversight to CISOs and……
Boards Focus On Risk, Resilience, and Operational Realities: Where NHI Governance Fits In

Jan 22, 2026 6:46 PM

Tags: ciso, cyber, governance, resilience, risk

Learn how GitGuardian helps boards and CISOs align on cyber risk, operational resilience, and the rising impact of unmanaged workload identities at scale. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/boards-focus-on-risk-resilience-and-operational-realities-where-nhi-governance-fits-in/
Securing Banking Enterprises as Non-Human Identities Grow

Jan 22, 2026 5:31 PM

Tags: ai, automation, banking, ciso, cloud, governance, service, vulnerability

CISOs Grapple With AI Blind Spots, Excessive Permissions and Governance Issues. Machine identities continue to multiply as organizations push automation, cloud services and AI-driven initiatives deeper into core operations. This rapid growth creates new vulnerabilities, especially when non-human identities lack governance or are completely invisible to security teams. First seen on govinfosecurity.com Jump to article:…
Wie künstliche Intelligenz Unternehmen, Infrastrukturen und Arbeitsweisen verändern wird

Jan 22, 2026 4:30 PM

Tags: ai, cio, ciso, computing

Im vergangenen Jahr habe ich viel Zeit mit CIOs, CISOs und Führungskräften aus den Bereichen Netzwerk und Sicherheit verbracht. Dabei kam ein Thema immer wieder auf: Die Komplexität nimmt zu, während die künstliche Intelligenz alles beschleunigt. 2026 wird aus meiner Sicht die KI von drei Umwälzungen geprägt sein: der Neuordnung der Datenströme durch KI-gesteuertes Edge-Computing,…
Securing the Future: Practical Approaches to Digital Sovereignty in Google Workspace

Jan 22, 2026 9:30 AM

Tags: access, attack, ciso, cloud, compliance, computing, container, control, data, defense, dora, email, encryption, GDPR, google, Hardware, healthcare, identity, infrastructure, law, malware, network, privacy, regulation, resilience, risk, service, software, strategy, zero-trust

Securing the Future: Practical Approaches to Digital Sovereignty in Google Workspace madhav Thu, 01/22/2026 – 04:35 In today’s rapidly evolving digital landscape, data privacy and sovereignty have become top priorities for organizations worldwide. With the proliferation of cloud services and the tightening of global data protection regulations, security professionals face mounting pressure to ensure their…
Warum Microsoft-365-Konfigurationen geschützt werden müssen

Jan 22, 2026 9:30 AM

Tags: access, authentication, backup, ciso, cloud, compliance, framework, least-privilege, mail, mfa, microsoft, office, powershell, risk, zero-trust

Lesen Sie, warum CISOs den M365-Tenant stärker in den Blick nehmen müssen.Im Jahr 2010 war Office 365 eine einfache Suite mit Office-Anwendungen und zusätzlicher E-Mail-Funktion. Das hat sich 15 Jahre später mit Microsoft 365 geändert: Die Suite ist ein wesentliches Element in den Bereichen Kommunikation, Zusammenarbeit und Sicherheit. Dienste wie Entra, Intune, Exchange, Defender, Teams…
CFOs, CISOs clash over cybersecurity spending as threats mount: Expel

Jan 21, 2026 5:20 PM

Tags: ciso, cybersecurity, finance, risk, threat

Four in 10 surveyed finance leaders said quantified risk reduction would make it easier to justify a cybersecurity spending hike. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cfos-cisos-clash-cybersecurity-spending-expel/810091/
13 cyber questions to better vet IT vendors and reduce third-party risk

Jan 21, 2026 9:13 AM

Tags: access, api, attack, authentication, automation, best-practice, breach, business, ceo, ciso, cloud, compliance, control, credentials, credit-card, cyber, cyberattack, cybercrime, cybersecurity, data, detection, endpoint, exploit, extortion, firewall, healthcare, identity, incident response, infrastructure, insurance, international, ISO-27001, jobs, least-privilege, mfa, monitoring, network, nist, password, PCI, penetration-testing, radius, ransomware, risk, saas, sans, security-incident, service, supply-chain, threat, update, vpn, vulnerability

Vital vendor questions CISOs should ask: To gain that critical information, security leaders and experts recommend CSOs ask IT partners the following cyber-specific questions. 1. What attestation will you provide to prove proper security controls are in place? These are essential, says Juan Pablo Perez-Etchegoyen, CTO for cybersecurity and compliance platform Onapsis. Some of the…
13 cyber questions to better vet IT vendors and reduce third-party risk

Jan 21, 2026 9:13 AM

Tags: access, api, attack, authentication, automation, best-practice, breach, business, ceo, ciso, cloud, compliance, control, credentials, credit-card, cyber, cyberattack, cybercrime, cybersecurity, data, detection, endpoint, exploit, extortion, firewall, healthcare, identity, incident response, infrastructure, insurance, international, ISO-27001, jobs, least-privilege, mfa, monitoring, network, nist, password, PCI, penetration-testing, radius, ransomware, risk, saas, sans, security-incident, service, supply-chain, threat, update, vpn, vulnerability

Vital vendor questions CISOs should ask: To gain that critical information, security leaders and experts recommend CSOs ask IT partners the following cyber-specific questions. 1. What attestation will you provide to prove proper security controls are in place? These are essential, says Juan Pablo Perez-Etchegoyen, CTO for cybersecurity and compliance platform Onapsis. Some of the…
For cyber risk assessments, frequency is essential

Jan 21, 2026 8:32 AM

Tags: access, authentication, backup, breach, ciso, cloud, compliance, cyber, cyberattack, cybersecurity, data, data-breach, exploit, framework, GDPR, infrastructure, mitigation, network, password, radius, ransomware, regulation, risk, risk-assessment, risk-management, strategy, tool, vulnerability

Identifying vulnerabilities: A cyber risk assessment helps to identify security gaps in a company’s IT infrastructure, networks, and systems. This provides the opportunity to eliminate these vulnerabilities before they can be exploited by cybercriminals.Prioritize risk management measures: Not every system is critical, and not all of a company’s data is equally important. The results of the risk…
Three vulnerabilities in Anthropic Git MCP Server could let attackers tamper with LLMs

Jan 21, 2026 6:16 AM

Tags: access, ai, api, attack, ciso, control, data, defense, infosec, injection, least-privilege, LLM, malicious, sans, service, threat, tool, vulnerability

mcp-server-git versions prior to 2025-12.18.The three vulnerabilities are·CVE-2025-68143, an unrestricted git_init.·CVE-2025-68145, a path validation bypass.·CVE-2025-68144, an argument injection in git_diff.Unlike other vulnerabilities in MCP servers that required specific configurations, these work on any configuration of Anthropic’s official server, out of the box, Cyata says.Model Context Protocol (MCP) is an open standard introduced by Anthropic in 2024 to…
CEOs and CISOs differ on AI’s security value and risks

Jan 20, 2026 6:45 PM

Tags: ai, ceo, ciso, risk

A new report also found that American and British executives see AI very differently. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ceos-cisos-ai-cybersecurity-us-uk/809981/