Tag: ciso
-
CISOs need to think about risks before rushing into AI
Organizations are increasing investments in cloud, AI, and emerging technologies, but their infrastructure and security strategies often lag behind. A recent Unisys survey of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/21/cloud-ai-security-readiness-2025/
-
Personalie: Sotirios Siozos ist neuer CISO bei Drees & Sommer
Als Head of Global Cyber Security (CISO) & IT Transformation Officer bei Drees & Sommer will Sotirios Siozos das Thema Informationssicherheit vorantreiben. Drees & Sommer SEAm 1. Juli 2025 trat Sotirios Siozos seine neue Stelle als “Head of Global Cyber Security (CISO) & IT Transformation Officer” beim Beratungsspezialist Drees & Sommer SE an. Neben unternehmensstrategischen…
-
Lenovo chatbot breach highlights AI security blind spots in customer-facing systems
Enterprise-wide implications: While the immediate impact involved session cookie theft, the vulnerability’s implications extended far beyond data exfiltration.The researchers warned that the same vulnerability could enable attackers to alter support interfaces, deploy keyloggers, launch phishing attacks, and execute system commands that could install backdoors and enable lateral movement across network infrastructure.”Using the stolen support agent’s…
-
Why CISOs in business services must close the edge security gap
Cloud adoption is speeding ahead in the business services sector, but security for remote and edge environments is falling behind. At the same time, generative AI is moving … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/20/genai-business-services-network-security/
-
NIST’s attempts to secure AI yield many questions, no answers
Challenges to consider: The NIST report talked about various categories of AI integration that forced serious cybersecurity considerations, including: using genAI to create new content; fine-tuning predictive AI; using single AI agents as well multiple agents; and security controls for AI developers. The potentially most challenging element of securing AI in enterprises is visibility. But the…
-
Ein Viertel der CISOs wird nach Ransomware-Angriff entlassen
Tags: backup, ceo, cio, ciso, cyberattack, group, incident response, mail, phishing, ransomware, rat, risk, sophos, vulnerabilityNach einem Ransomware-Angriff werden CISOs oft dafür verantwortlich gemacht und gekündigt. Laut einem aktuellen Bericht von Sophos haben CISOs eine Chance von eins zu vier, dass ihr Arbeitsplatz einen erfolgreichen Ransomware-Angriff nicht übersteht. Die Ergebnisse des Berichts sind ein Weckruf für Sicherheitsverantwortliche, unabhängig davon, ob sie für solche Angriffe verantwortlich gemacht werden oder über die…
-
7 signs it’s time for a managed security service provider
Tags: access, best-practice, breach, business, ciso, compliance, cyber, cybersecurity, data, data-breach, defense, detection, edr, incident, incident response, intelligence, mitigation, monitoring, mssp, ransomware, risk, service, siem, soc, software, supply-chain, threat, tool, update, vulnerability, vulnerability-management2. Your security team is wasting time addressing and evaluating alerts: When your SOC team is ignoring 300 daily alerts and manually triaging what should be automated, that’s your cue to consider an MSSP, says Toby Basalla, founder and principal data consultant at data consulting firm Synthelize.When confusion reigns, who in the SOC team knows…
-
Wie CISOs von der Blockchain profitieren
Tags: access, ai, api, blockchain, ciso, compliance, framework, governance, identity, LLM, network, saas, sbom, software, tool, zero-trustDie Blockchain macht Trust verifizierbar.Sicherheitsvorfälle gehen nicht nur auf eine Kompromittierung der internen Systeme zurück. Sie hängen regelmäßig auch damit zusammen, dass:Privileged-Access-Protokolle fehlen,SaaS-Audit-Trails nicht vertrauenswürdig sind, oderLieferketten kompromittiert werden.Die Blockchain kann dabei helfen, diese realen Probleme zu lösen und Manipulationssicherheit, Datenintegrität und Trust zu gewährleisten. Im Kern ist Blockchain ein System von Datensätzen, die über…
-
25% of security leaders replaced after ransomware attack
Tags: attack, breach, business, ceo, ciso, corporate, credentials, email, exploit, malicious, phishing, ransomware, risk, sophos, vulnerabilityA question of authority Dickson also argues that CISO authority should come into play. If decisions are made at the line-of-business (LOB) level, and potentially againstthe CISO’s advice, does it make corporate sense to blame the CISO?Some “presume that a ransomware attack is the fault of the CISO,” he says. “The CISO is a leader,…
-
Agentic AI promises a cybersecurity revolution, with asterisks
Tags: ai, api, authentication, ceo, ciso, cloud, control, cybersecurity, data, endpoint, infrastructure, jobs, LLM, open-source, openai, risk, service, soc, software, supply-chain, technology, tool, update, vulnerabilityTrust, transparency, and moving slowly are crucial: Like all technologies, and perhaps more dramatically than most, agentic AI carries both risks and benefits. One obvious risk of AI agents is that, like most LLM models, they will hallucinate or make errors that could cause problems.”If you want to remove or give agency to a platform…
-
Do We Have a CISO Payola Problem?
Pay-for-access dinners. Equity asks. Quiet kickbacks. The CISO payola problem is real, and it’s threatening the integrity of cybersecurity leadership. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/do-we-have-a-ciso-payola-problem/
-
Weak alerting and slipping prevention raise risk levels for CISOs
Prevention effectiveness is falling, detection gaps remain wide, and attackers are exploiting weaknesses in data protection and credentials. Data theft prevention has dropped … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/18/ciso-cybersecurity-prevention-effectiveness/
-
Bridging the AI model governance gap: Key findings for CISOs
While most organizations understand the need for strong AI model governance, many are still struggling to close gaps that could slow adoption and increase risk. The findings … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/18/ciso-ai-model-governance/
-
APT groups are getting personal, and CISOs should be concerned
Instead of focusing only on corporate systems, some APT groups are now going after executives in their personal lives. Home networks, private devices, and even family members … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/12/apt-executive-cybersecurity-threats/
-
APT groups are getting personal, and CISOs should be concerned
Instead of focusing only on corporate systems, some APT groups are now going after executives in their personal lives. Home networks, private devices, and even family members … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/12/apt-executive-cybersecurity-threats/
-
APT groups are getting personal, and CISOs should be concerned
Instead of focusing only on corporate systems, some APT groups are now going after executives in their personal lives. Home networks, private devices, and even family members … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/12/apt-executive-cybersecurity-threats/
-
9 things CISOs need know about the dark web
Tags: 2fa, access, ai, attack, automation, backup, blockchain, botnet, breach, captcha, ceo, ciso, communications, corporate, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, ddos, deep-fake, defense, detection, dns, exploit, extortion, finance, fraud, group, guide, hacking, identity, incident, incident response, infrastructure, intelligence, international, jobs, law, leak, lockbit, malicious, malware, marketplace, mfa, monitoring, network, open-source, phishing, privacy, ransomware, resilience, risk, russia, saas, scam, service, strategy, tactics, technology, threat, tool, training, vpn, vulnerability, zero-dayNew groups form after major marketplaces are disrupted: International takedown efforts damage infrastructure and curb cybercrime operations by disrupting larger operations, removing major players from the ecosystem and scattering user bases.However, the dark web is highly adaptive and sophisticated actors often maintain contingency plans, including mirrors, backups, and alternative forums, according to Edward Currie, associate…
-
Why DNS threats should be on every CISO’s radar in 2025
DNS is once again in the crosshairs of threat actors. According to the 2025 DNS Threat Landscape Report by Infoblox, attackers are changing tactics, and enterprises are … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/12/dns-threat-landscape-2025/
-
What Manufacturing Leaders Are Learning About Cloud Security – from Google’s Frontline
Vinod D’Souza, Director of Manufacturing and Industry, and Nick Godfrey. Senior Director, both from the Office of the CISO, Google Cloud, discuss the findings of a recent survey of cybersecurity professionals about Securing Manufacturing’s Transition to the Cloud. Improved security is an important driver for moving manufacturing workloads to the cloud for nearly two thirds…
-
CSO hiring on the rise: How to land a top security exec role
Tags: access, ai, attack, breach, business, cio, ciso, cloud, compliance, cyber, cybersecurity, data, defense, finance, governance, government, healthcare, identity, incident, incident response, infrastructure, insurance, jobs, military, network, regulation, resilience, risk, saas, service, skills, software, strategy, technology, threat, trainingWide-scale AI adoption shaking up skills sought: In terms of the skills wanted of today’s CSO, Fuller agrees that AI is the game-changer.”Organizations are seeking cybersecurity leaders who combine technical depth, AI fluency, and strong interpersonal skills,” Fuller says. “AI literacy is now a baseline expectation, as CISOs must understand how to defend against AI-driven…
-
Pentesting is now central to CISO strategy
Security leaders are rethinking their approach to cybersecurity as digital supply chains expand and generative AI becomes embedded in critical systems. A recent survey of 225 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/11/pentesting-for-cisos/
-
Pentesting is now central to CISO strategy
Security leaders are rethinking their approach to cybersecurity as digital supply chains expand and generative AI becomes embedded in critical systems. A recent survey of 225 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/11/pentesting-for-cisos/
-
Survey Sees Drop in Cybersecurity Spending Growth Rates
A survey of 587 CISOs published this week finds security budget growth dropped to 4%, down from 8% in 2024, with more than half reporting flat or shrinking budgets. Conducted by IANS Research and Artico Search, an executive search firm, the survey also finds security budgets as a percentage of IT spending declined from 11.9%..…
-
Redefining the Role: What Makes a CISO Great
Tags: cisoSecurity is everyone’s responsibility, but as a CISO, it starts with you. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/redefining-role-ciso-great
-
What is a CISO? The top IT security leader role explained
Tags: access, authentication, breach, business, ceo, cio, cisa, ciso, compliance, computer, container, control, corporate, credentials, cyber, cybersecurity, data, ddos, defense, dns, encryption, exploit, finance, firewall, framework, fraud, guide, Hardware, healthcare, infosec, infrastructure, intelligence, international, jobs, kubernetes, mitigation, msp, mssp, network, nist, programming, RedTeam, regulation, risk, risk-management, security-incident, service, skills, software, strategy, technology, threat, training, vpn, zero-day, zero-trust. You’ll often hear people say the difference between the two is that CISOs focus entirely on information security issues, while a CSOs remit is wider, also taking in physical security as well as risk management.But reality is messier. Many companies, especially smaller ones, have only one C-level security officer, called a CSO, with IT…
-
So sparen CISOs, ohne die Sicherheit zu torpedieren
Tags: business, ciso, compliance, cyber, cyberattack, cybersecurity, detection, governance, Hardware, iam, intelligence, jobs, risk, risk-management, software, strategy, threat, tool, vulnerabilityGeht’s dem Security-Budget an den Kragen, ist der Spielraum für CISOs denkbar gering.Vor etlichen Jahren fand sich David Mahdi, heute CISO Advisor beim IAM-Spezialisten Transmit Security, in einer Situation wieder, vor der wohl jedem Sicherheitsentscheider graut: Die Budgets sollten mitten im Jahr drastisch gekürzt werden ohne die Möglichkeit, irgendetwas aufzuschieben. “Das war damals eine unkontrollierbare…
-
So sparen CISOs, ohne die Sicherheit zu torpedieren
Tags: business, ciso, compliance, cyber, cyberattack, cybersecurity, detection, governance, Hardware, iam, intelligence, jobs, risk, risk-management, software, strategy, threat, tool, vulnerabilityGeht’s dem Security-Budget an den Kragen, ist der Spielraum für CISOs denkbar gering.Vor etlichen Jahren fand sich David Mahdi, heute CISO Advisor beim IAM-Spezialisten Transmit Security, in einer Situation wieder, vor der wohl jedem Sicherheitsentscheider graut: Die Budgets sollten mitten im Jahr drastisch gekürzt werden ohne die Möglichkeit, irgendetwas aufzuschieben. “Das war damals eine unkontrollierbare…