Tag: ciso
-
Human-Centered Leadership Strengthens OT Security
OTsec Canada Chairman on Balancing Wellness, Collaboration and Compliance. Organizations defending critical infrastructure must shift from compliance-focused strategies to holistic resilience. Ahead of the OTsec Canada Summit, Énergir CISO Martin Laberge outlines why people-first leadership and national coordination are essential for OT security resilience. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/human-centered-leadership-strengthens-ot-security-a-29886
-
AtlasExploit ermöglicht Angriff auf ChatGPT-Speicher
Security-Forscher haben eine neue Schwachstelle entdeckt, die den ChatGPT Atlas-Browser von OpenAI betrifft.Nur wenige Tage, nachdem Cybersicherheitsanalysten davor gewarnt hatten, den neuen Atlas-Browser von OpenAI zu installieren, haben Forscher von LayerX Security eine Schwachstelle entdeckt. Die Lücke soll es Angreifen ermöglichen, bösartige Befehle direkt in den ChatGPT-Speicher der Anwender einzuschleusen und Remote-Code auszuführen. Wie Or…
-
Tips for CISOs switching between industries
Understand and demonstrate achieved results: Making the jump into a new industry isn’t about matching past job titles but about proving you can create impact in a new context. DiMarco says the key is to demonstrate relevance early.”When I pitch a candidate, I explain what they did, how they did it, and what their impact…
-
Old threats, new consequences: 90% of cyber claims stem from email and remote access
Tags: access, ai, attack, awareness, cisco, ciso, citrix, cloud, communications, control, credentials, cve, cyber, cybersecurity, data, defense, detection, email, encryption, finance, fraud, hacker, insurance, mail, malicious, microsoft, network, phishing, phone, ransomware, risk, sophos, tactics, threat, tool, update, vpn, vulnerability2025 InsurSec Rankings Report, email and remote access remain the most prominent cyber threat vectors, accounting for 90% of cyber insurance claims in 2024.And, no surprise, larger companies continue to get hit hardest. But, interestingly, the virtual private networks (VPNs) many rely on are anything but secure, despite assumptions to the contrary.”We know from our…
-
How the City of Toronto embeds security across governance and operations
In this Help Net Security interview, Andree Noel, Deputy CISO at City of Toronto, discusses how the municipality strengthens its cyber defense by embedding security into … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/30/andree-noel-city-of-toronto-municipal-cyber-defense/
-
The Death of the Security Checkbox: BAS Is the Power Behind Real Defense
Security doesn’t fail at the point of breach. It fails at the point of impact. That line set the tone for this year’s Picus Breach and Simulation (BAS) Summit, where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction. It’s about proof.When a new exploit drops, scanners scour…
-
The Death of the Security Checkbox: BAS Is the Power Behind Real Defense
Security doesn’t fail at the point of breach. It fails at the point of impact. That line set the tone for this year’s Picus Breach and Simulation (BAS) Summit, where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction. It’s about proof.When a new exploit drops, scanners scour…
-
The Death of the Security Checkbox: BAS Is the Power Behind Real Defense
Security doesn’t fail at the point of breach. It fails at the point of impact. That line set the tone for this year’s Picus Breach and Simulation (BAS) Summit, where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction. It’s about proof.When a new exploit drops, scanners scour…
-
The CISO’s Guide to Model Context Protocol (MCP)
As engineering teams race to adopt the Model Context Protocol (MCP) to harness the power of agentic AI, a more cautious conversation dominates security leaders’ mindshare. While the potential for innovation is clear, the primary question for CISOs and CIOs is more fundamental: how are we going to manage the growing risk? The answer is..…
-
The CISO’s Guide to Model Context Protocol (MCP)
As engineering teams race to adopt the Model Context Protocol (MCP) to harness the power of agentic AI, a more cautious conversation dominates security leaders’ mindshare. While the potential for innovation is clear, the primary question for CISOs and CIOs is more fundamental: how are we going to manage the growing risk? The answer is..…
-
AtlasExploit ermöglicht Angriff auf ChatGPT-Speicher
Security-Forscher haben eine neue Schwachstelle entdeckt, die den ChatGPT Atlas-Browser von OpenAI betrifft.Nur wenige Tage, nachdem Cybersicherheitsanalysten davor gewarnt hatten, den neuen Atlas-Browser von OpenAI zu installieren, haben Forscher von LayerX Security eine Schwachstelle entdeckt. Die Lücke soll es Angreifen ermöglichen, bösartige Befehle direkt in den ChatGPT-Speicher der Anwender einzuschleusen und Remote-Code auszuführen. Wie Or…
-
Early reporting helps credit unions stop fraudulent transfers faster
In this Help Net Security interview, Carl Scaffidi, CISO at VyStar Credit Union, discusses how credit unions are adapting to an evolving fraud landscape and strengthening … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/29/carl-scaffidi-vystar-credit-unions-payment-security/
-
Early reporting helps credit unions stop fraudulent transfers faster
In this Help Net Security interview, Carl Scaffidi, CISO at VyStar Credit Union, discusses how credit unions are adapting to an evolving fraud landscape and strengthening … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/29/carl-scaffidi-vystar-credit-unions-payment-security/
-
Atroposia malware kit lowers the bar for cybercrime, and raises the stakes for enterprise defenders
Tags: apt, authentication, automation, ciso, credentials, crime, cybercrime, defense, detection, dns, endpoint, infrastructure, mail, malicious, malware, mfa, monitoring, rat, service, spam, threat, tool, update, vulnerabilityRAT toolkits proliferating: Atroposia is one of a growing number of RAT tools targeting enterprises; Varonis has also recently discovered SpamGPT and MatrixPDF, a spam-as-a-service platform and malicious PDF builder, respectively.Shipley noted that these types of packages which identify additional avenues to maintain persistence have been around for some time; Mirai, which goes back to…
-
From Chef to CISO: An Empathy-First Approach to Cybersecurity Leadership
Myke Lyons, CISO at data-processing SaaS company Cribl, shares how he cooked up an unconventional journey from culinary school to cybersecurity leadership. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/chef-ciso-empathy-first-cybersecurity-leadership
-
How evolving regulations are redefining CISO responsibility
Tags: attack, awareness, breach, ciso, communications, compliance, credentials, cyber, cyberattack, cybersecurity, data, data-breach, governance, identity, incident response, intelligence, iot, nis-2, phone, regulation, resilience, risk, risk-management, sbom, service, software, threat, tool, vulnerabilityIncreasing attacks on IoT and OT device vulnerabilities Cyberattacks are increasingly driven by software vulnerabilities embedded in OT and IoT devices. The 2025 Verizon Data Breach Investigations Report noted that 20% of breaches were vulnerability-based, which is a close second to credential abuse, accounting for 22% of breaches. Year over year, breaches resulting from software…
-
Volvo’s recent security breach: 5 tips to speed incident response while preserving forensic integrity
Tags: access, automation, breach, business, cio, ciso, cloud, compliance, control, cyber, cybersecurity, data, data-breach, detection, endpoint, finance, framework, gartner, GDPR, guide, incident, incident response, insurance, metric, mitigation, nist, resilience, risk, risk-management, saas, security-incident, siem, soar, supply-chain, vulnerabilityIdentify and catalog your evidence sources in advance (endpoints, memory, logs, cloud assets)Stage scripts or agents that can snapshot memory and archive logs immediately when an IR trigger firesMake forensic collection part of containment, not something you tack on afterwardModern approaches and even NIST’s updated guidance emphasize that evidence gathering should begin during, not after,…
-
Volvo’s recent security breach: 5 tips to speed incident response while preserving forensic integrity
Tags: access, automation, breach, business, cio, ciso, cloud, compliance, control, cyber, cybersecurity, data, data-breach, detection, endpoint, finance, framework, gartner, GDPR, guide, incident, incident response, insurance, metric, mitigation, nist, resilience, risk, risk-management, saas, security-incident, siem, soar, supply-chain, vulnerabilityIdentify and catalog your evidence sources in advance (endpoints, memory, logs, cloud assets)Stage scripts or agents that can snapshot memory and archive logs immediately when an IR trigger firesMake forensic collection part of containment, not something you tack on afterwardModern approaches and even NIST’s updated guidance emphasize that evidence gathering should begin during, not after,…
-
Cybersicherheit ist größte Herausforderung für die Finanzbranche
Cyberangriffe stellen viele Banken und Versicherungen vor große Probleme.Systemkritische Branchen wie die Finanzindustrie geraten immer häufiger ins Visier von Cyberkriminellen. Die Anzahl der Cyberangriffe hat sich in diesem Bereich im Vergleich zum Jahr 2021 versechsfacht. Das geht aus einer aktuellen Umfrage des Beratungs- und Softwarehauses PPI hervor, für die hierzulande 50 Banken und 53 Versicherungen…
-
Do CISOs need to rethink service provider risk?
Tags: access, ai, breach, ciso, compliance, control, corporate, cyber, cybersecurity, data, framework, governance, group, guide, incident, incident response, ISO-27001, penetration-testing, risk, risk-assessment, risk-management, service, soc, technology, threat, tool, training, update, vulnerabilityShould risk assessment be about questionnaires or conversation?: David Stockdale, director of cybersecurity at the University of Queensland (UQ), needs services providers to understand the make-up and complexity of a higher education institution.”Because of the size and research intensity of the university, we tend to build a lot in-house. Where we do use service providers,…
-
Do CISOs need to rethink service provider risk?
Tags: access, ai, breach, ciso, compliance, control, corporate, cyber, cybersecurity, data, framework, governance, group, guide, incident, incident response, ISO-27001, penetration-testing, risk, risk-assessment, risk-management, service, soc, technology, threat, tool, training, update, vulnerabilityShould risk assessment be about questionnaires or conversation?: David Stockdale, director of cybersecurity at the University of Queensland (UQ), needs services providers to understand the make-up and complexity of a higher education institution.”Because of the size and research intensity of the university, we tend to build a lot in-house. Where we do use service providers,…
-
Managing legacy medical devices that can no longer be patched
In this Help Net Security interview, Patty Ryan, Senior Director and CISO at QuidelOrtho, discusses how the long lifecycles of medical devices impact cybersecurity in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/28/patty-ryan-quidelortho-legacy-medical-devices-cybersecurity/
-
CISOs Finally Get a Seat at the Board’s Table, But There’s a Catch
AI’s explosive growth has lifted cybersecurity to the top of the board’s agenda. Here’s how CISOs can seize the moment, according to Diana Kelley. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/cisos-finally-get-seat-board-table
-
How to Take Vulnerability Management to the Next Level and Supercharge Your Career
Tags: access, ai, attack, authentication, awareness, business, ciso, cloud, compliance, cve, cvss, cybersecurity, data, exploit, flaw, framework, governance, identity, metric, mfa, risk, skills, strategy, technology, tool, update, vulnerability, vulnerability-managementAt Tenable, we believe the next generation of great CISOs and security leaders will arise from those vulnerability management professionals who are driving the shift to exposure management today. Key takeaways: Vulnerability management is crucial for the evolution toward a more strategic, business-aligned approach to cybersecurity, that’s why these professionals are best positioned to lead…
-
Infosecurity Europe 2025: Securing an Uncertain World
Compendium Features Dozens of In-Depth Interviews With CEOs, CISOs and Researchers. Welcome to Information Security Media Group’s Infosecurity Europe 2025 Compendium featuring cybersecurity insights from industry’s top researchers, CEOs, CISOs, government leaders and more. Inside this guide, you’ll find links to video interviews created by ISMG.Studio. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/infosecurity-europe-2025-securing-uncertain-world-a-29841
-
Risiken bei der Wiederherstellung nach Ransomware-Angriffen
Tags: alphv, authentication, backup, ceo, ciso, crowdstrike, cyber, cyberattack, DSGVO, encryption, extortion, incident response, infrastructure, insurance, lockbit, mfa, ransomware, resilience, risk, risk-management, service, tool, updateDie Zahlung des Lösegelds nach einer Ransomware-Attacke ist keine Garantie für eine reibungslose oder gar erfolgreiche Wiederherstellung der Daten.Zwei von fünf Unternehmen, die Cyberkriminellen für die Entschlüsselung von Ransomware bezahlen, können ihre Daten nicht wiederherstellen. Das hat eine weltweite Umfrage des Versicherungsanbieters Hiscox unter 1.000 mittelständischen Unternehmen ergeben.Die Ergebnisse zeigen, dass Ransomware nach wie vor…
-
Risiken bei der Wiederherstellung nach Ransomware-Angriffen
Tags: alphv, authentication, backup, ceo, ciso, crowdstrike, cyber, cyberattack, DSGVO, encryption, extortion, incident response, infrastructure, insurance, lockbit, mfa, ransomware, resilience, risk, risk-management, service, tool, updateDie Zahlung des Lösegelds nach einer Ransomware-Attacke ist keine Garantie für eine reibungslose oder gar erfolgreiche Wiederherstellung der Daten.Zwei von fünf Unternehmen, die Cyberkriminellen für die Entschlüsselung von Ransomware bezahlen, können ihre Daten nicht wiederherstellen. Das hat eine weltweite Umfrage des Versicherungsanbieters Hiscox unter 1.000 mittelständischen Unternehmen ergeben.Die Ergebnisse zeigen, dass Ransomware nach wie vor…
-
Cross-platform ransomware: Qilin weaponizes Linux binaries against Windows hosts
Tags: access, backup, cio, ciso, control, credentials, defense, detection, exploit, healthcare, identity, infrastructure, linux, monitoring, network, ransomware, threat, tool, windowsFixing the gaps : Threat actors are now exploiting legitimate IT tools and hybrid infrastructures to quietly sidestep conventional defenses, calling for CISOs to rethink security strategies.Mehta added that when Linux binaries execute on Windows through a remote tool, your Windows-only detections won’t save.He added, Agenda Ransomware exploits Windows-centric assumptions, under-protected RMM tools, and neglected driver…