Tag: ciso
-
AI powered autonomous ransomware campaigns are coming, say experts
CSO, “it is entirely possible that criminals beat them to it. I have already seen AIs that can do scans, write malware, identify which resources are most valuable, [and more]. It is no surprise that someone found a way to have an AI automate such functions.”Grossman advised CISOs to continue implementing security controls under frameworks…
-
Data security gaps stymy enterprise AI plans
Nearly three-quarters of CIOs and CISOs see information complexity as an adoption roadblock, according to a Ponemon Institute study commissioned by OpenText. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/data-complexity-cybersecurity-generative-ai-adoption-opentext/759503/
-
Is the CISO role broken?
Short tenures breed long-term failure: But tenures have remained low. Several articles every year place the average CISO tenure in the region at two to three years, and that matches my own field experience.You do not achieve much in terms of transformative impact in any large firm in two to three years.In fact, many CISOs…
-
Is the CISO role broken?
Short tenures breed long-term failure: But tenures have remained low. Several articles every year place the average CISO tenure in the region at two to three years, and that matches my own field experience.You do not achieve much in terms of transformative impact in any large firm in two to three years.In fact, many CISOs…
-
10 security leadership career-killers, and how to avoid them
Tags: ai, breach, business, ciso, control, cybersecurity, incident response, intelligence, jobs, resilience, risk, security-incident, service, skills, strategy, technology, threat, tool2. Being just a technologist rather than a business executive, too: To align security with enterprise strategy, security professionals need to be business leaders, too, says Ryan Knisley, former CISO of The Walt Disney Co. and Costco Wholesale.That remains a struggle for many CISOs, who still tend to ascend through the security organization and not…
-
BSidesSF 2025: CISO Series Podcast LIVE!
Creator, Author and Presenter: David Spark, Andy Ellis, Alexandra Landegger Our deep appreciation to Security BSides – San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon – certainly a venue like no other; and…
-
Hacker nutzen gravierende Schwachstelle bei SAP S/4HANA aus
Tags: access, authentication, bug, ciso, cloud, cve, cvss, cyberattack, exploit, flaw, germany, hacker, injection, monitoring, password, reverse-engineering, sans, sap, service, update, vulnerabilityEin Exploit für die Schwachstelle wurde bereits in freier Wildbahn beobachtet.Vergangenen Monat hat SAP einen Patch für S/4HANA herausgebracht, der die gewaltige Schwachstelle CVE-2025-42957 mit einem CVSS-Score von 9,9 beheben soll. Der nun aufgetauchte Exploit ermöglicht es einem User mit geringen Berechtigungen, mittels Code-Injection in der SAP-Programmiersprache ABAP die vollständige Kontrolle über ein S/4HANA-System zu…
-
Hacker nutzen gravierende Schwachstelle bei SAP S/4HANA aus
Tags: access, authentication, bug, ciso, cloud, cve, cvss, cyberattack, exploit, flaw, germany, hacker, injection, monitoring, password, reverse-engineering, sans, sap, service, update, vulnerabilityEin Exploit für die Schwachstelle wurde bereits in freier Wildbahn beobachtet.Vergangenen Monat hat SAP einen Patch für S/4HANA herausgebracht, der die gewaltige Schwachstelle CVE-2025-42957 mit einem CVSS-Score von 9,9 beheben soll. Der nun aufgetauchte Exploit ermöglicht es einem User mit geringen Berechtigungen, mittels Code-Injection in der SAP-Programmiersprache ABAP die vollständige Kontrolle über ein S/4HANA-System zu…
-
Hybride IT-Sicherheit – Wie CISOs hybride IT-Landschaften sicher beherrschen
Tags: cisoFirst seen on security-insider.de Jump to article: www.security-insider.de/ciso-hybride-it-sicherheit-a-0a9725d629a3aa4228a82b302140e824/
-
Lack of board access: The No. 1 factor for CISO dissatisfaction
Building a relationship with the board: The CISO Executive Network is a peer-to-peer organization for information security professionals with more than 1,500 members. Andy Land, general manager of the organization, is seeing most of those members working with solid access to their boards. “But the question is, are we fundamentally doing anything good with that…
-
Lack of board access: The No. 1 factor for CISO dissatisfaction
Building a relationship with the board: The CISO Executive Network is a peer-to-peer organization for information security professionals with more than 1,500 members. Andy Land, general manager of the organization, is seeing most of those members working with solid access to their boards. “But the question is, are we fundamentally doing anything good with that…
-
Smart ways CISOs can do more with less
In this Help Net Security video, Jill Knesek, CISO at BlackLine, shares practical strategies for CISOs navigating tighter budgets. From maximizing existing tools and vendor … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/05/ciso-budget-management-video/
-
Smart ways CISOs can do more with less
In this Help Net Security video, Jill Knesek, CISO at BlackLine, shares practical strategies for CISOs navigating tighter budgets. From maximizing existing tools and vendor … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/05/ciso-budget-management-video/
-
Alert: Exploit available to threat actors for SAP S/4HANA critical vulnerability
Tags: access, attack, authentication, business, ciso, credentials, data, exploit, malicious, monitoring, password, programming, sans, sap, service, threat, vulnerability, zero-daydelete and insert data directly in the SAP Database;creating SAP users with SAP_ALL; download password hashes; modify business processes.”Historically, it has been difficult to apply patches to these complex systems, and many organizations will require careful (and slow) testing before the patches are deployed in production,” Johannes Ullrich, dean of research at the SANS Institute, told CSO.”ERP…
-
Avnet unlocks vendor lock-in and reinvents security data management
Tags: ai, attack, business, cio, ciso, cloud, compliance, conference, control, cybersecurity, data, LLM, microsoft, PCI, siem, strategy, technology, toolOwn and manage its data directly rather than leaving it siloed in vendor systems.Start large-scale extract, transform, and load (ETL) operations, allowing engineers to run analytics and AI-based use cases like retrieval-augmented generation (RAG).Reduce costs associated with rigid SIEM licensing and storage tiers.Improve compliance with new PCI DSS v4.0 requirements for automated log review in…
-
Principal Financial pioneers biometric authentication to beat online fraud
Tags: attack, authentication, business, ciso, compliance, conference, crime, crimes, data, finance, fraud, government, privacy, risk, strategy, threat, tool, vulnerabilityImplementing quickly and decisively. Fraud was rising at an alarming pace, so speed mattered. Principal had to test, validate, and deploy a solution in months, not years.Balancing security with usability. Principal needed biometric authentication that was simple enough that customers wouldn’t get frustrated and abandon the process.Navigating uncharted territory. Principal was shifting to DIVA without…
-
SHARED INTEL QA: Inside the mind of a hacker, shadowing adversaries across API pathways
In today’s digital economy, business starts with the application. Increasingly, the critical activity lives in the APIs that support it. Related: The hidden cost of API security laspses For Jamison Utter, Field CISO at A10 Networks, this moment marks… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/shared-intel-qa-inside-the-mind-of-a-hacker-shadowing-adversaries-across-api-pathways/
-
Black Hat USA 2025 CISO Podcast Series Episode 5 Out Now
Episode 5 of the Black Hat USA 2025 CISO Podcast Series First seen on thecyberexpress.com Jump to article: thecyberexpress.com/black-hat-usa-2025-ciso-podcast-episode-5/
-
Why Compliance-First Cybersecurity Programs Fail (And What Actually Works)
Most B2B companies build cybersecurity programs backwards – starting with compliance instead of real security. Learn why this approach fails and how fractional CISO services can help you build effective security that actually prevents breaches while achieving compliance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/why-compliance-first-cybersecurity-programs-fail-and-what-actually-works/
-
Pressure on CISOs to stay silent about security incidents growing
Tags: access, breach, business, cio, ciso, corporate, credentials, credit-card, crowdstrike, cybersecurity, data, data-breach, email, finance, framework, group, hacker, iam, identity, incident response, insurance, law, mfa, ransomware, sap, security-incident, software, theft, threat, training‘Intense pressure’ to keep quiet about security incidents: CSO spoke to two other former CISOs who reported pressures to stay silent about suspected security incidents. Both CISOs requested to remain anonymous due to end-of-contract confidentiality agreements made with previous employers.”While working inside a Fortune Global 500 company in Europe, I witnessed this multiple times,” one…
-
Cutting through CVE noise with real-world threat signals
CISOs are dealing with an overload of vulnerability data. Each year brings tens of thousands of new CVEs, yet only a small fraction ever become weaponized. Teams often fall … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/04/nucleus-insights-vulnerability-management/
-
Cutting through CVE noise with real-world threat signals
CISOs are dealing with an overload of vulnerability data. Each year brings tens of thousands of new CVEs, yet only a small fraction ever become weaponized. Teams often fall … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/04/nucleus-insights-vulnerability-management/
-
How Tampa General Hospital worked to quantify cyber risk
The medical center’s CIO and CISO teamed up to translate security decisions into dollars and cents. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/tampa-general-hospital-cio-ciso-cyber-risk/759132/
-
Zero Trust bereitet CISOs Probleme
Tags: access, ai, ceo, ciso, cloud, compliance, cyber, cybersecurity, cyersecurity, gartner, germany, iot, password, risk, startup, strategy, technology, vulnerability, zero-trustLaut einer Umfrage ist die Umsetzung von Zero Trust für die meisten CISOs nicht leicht.Laut einem aktuellen Bericht von Accenture haben fast neun von zehn Sicherheitsverantwortlichen (88 Prozent) erhebliche Schwierigkeiten damit, Zero-Trust in ihren Unternehmen umzusetzen. ‘Diese Schwachstelle erstreckt sich auch auf die physische Welt, da 80 Prozent ihre cyber-physischen Systeme nicht wirksam schützen können”,…
-
Zero Trust bereitet CISOs Probleme
Tags: access, ai, ceo, ciso, cloud, compliance, cyber, cybersecurity, cyersecurity, gartner, germany, iot, password, risk, startup, strategy, technology, vulnerability, zero-trustLaut einer Umfrage ist die Umsetzung von Zero Trust für die meisten CISOs nicht leicht.Laut einem aktuellen Bericht von Accenture haben fast neun von zehn Sicherheitsverantwortlichen (88 Prozent) erhebliche Schwierigkeiten damit, Zero-Trust in ihren Unternehmen umzusetzen. ‘Diese Schwachstelle erstreckt sich auch auf die physische Welt, da 80 Prozent ihre cyber-physischen Systeme nicht wirksam schützen können”,…
-
Zero-Trust bereitet CISOs Probleme
Tags: access, ai, ceo, ciso, cloud, compliance, cyber, cybersecurity, cyersecurity, gartner, germany, iot, password, risk, startup, strategy, technology, vulnerability, zero-trustLaut einer Umfrage ist die Umsetzung von Zero Trust für die meisten CISOs nicht leicht.Laut einem aktuellen Bericht von Accenture haben fast neun von zehn Sicherheitsverantwortlichen (88 Prozent) erhebliche Schwierigkeiten damit, Zero-Trust in ihren Unternehmen umzusetzen. ‘Diese Schwachstelle erstreckt sich auch auf die physische Welt, da 80 Prozent ihre cyber-physischen Systeme nicht wirksam schützen können”,…
-
A CISO’s guide to monitoring the dark web
Tags: access, attack, authentication, breach, ciso, cloud, credentials, cyber, cybercrime, dark-web, data, data-breach, detection, extortion, guide, identity, incident response, intelligence, law, leak, marketplace, mfa, monitoring, okta, risk, saas, service, supply-chain, technology, threat, vpn, vulnerabilityIs your company data on the dark web? Here’s what to look for and what do if your data now lives on the dark web. Sıla Özeren / Picus Security If you’re looking for broader threats against your organization, pay close attention to what initial access brokers (IABs) are offering for sale on the dark…
-
How the generative AI boom opens up new privacy and cybersecurity risks
Privacy and cybersecurity risks: Another major problem lies in potential privacy and cybersecurity breaches, both for end users and for the companies themselves.Panda warns how AIs fed with large amounts of personal data can become a gateway to fraud or to create much more sophisticated and infallible attacks if they fall into the wrong hands.…