Tag: ciso
-
Do CISOs need to rethink service provider risk?
Tags: access, ai, breach, ciso, compliance, control, corporate, cyber, cybersecurity, data, framework, governance, group, guide, incident, incident response, ISO-27001, penetration-testing, risk, risk-assessment, risk-management, service, soc, technology, threat, tool, training, update, vulnerabilityShould risk assessment be about questionnaires or conversation?: David Stockdale, director of cybersecurity at the University of Queensland (UQ), needs services providers to understand the make-up and complexity of a higher education institution.”Because of the size and research intensity of the university, we tend to build a lot in-house. Where we do use service providers,…
-
Do CISOs need to rethink service provider risk?
Tags: access, ai, breach, ciso, compliance, control, corporate, cyber, cybersecurity, data, framework, governance, group, guide, incident, incident response, ISO-27001, penetration-testing, risk, risk-assessment, risk-management, service, soc, technology, threat, tool, training, update, vulnerabilityShould risk assessment be about questionnaires or conversation?: David Stockdale, director of cybersecurity at the University of Queensland (UQ), needs services providers to understand the make-up and complexity of a higher education institution.”Because of the size and research intensity of the university, we tend to build a lot in-house. Where we do use service providers,…
-
Managing legacy medical devices that can no longer be patched
In this Help Net Security interview, Patty Ryan, Senior Director and CISO at QuidelOrtho, discusses how the long lifecycles of medical devices impact cybersecurity in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/28/patty-ryan-quidelortho-legacy-medical-devices-cybersecurity/
-
CISOs Finally Get a Seat at the Board’s Table, But There’s a Catch
AI’s explosive growth has lifted cybersecurity to the top of the board’s agenda. Here’s how CISOs can seize the moment, according to Diana Kelley. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/cisos-finally-get-seat-board-table
-
How to Take Vulnerability Management to the Next Level and Supercharge Your Career
Tags: access, ai, attack, authentication, awareness, business, ciso, cloud, compliance, cve, cvss, cybersecurity, data, exploit, flaw, framework, governance, identity, metric, mfa, risk, skills, strategy, technology, tool, update, vulnerability, vulnerability-managementAt Tenable, we believe the next generation of great CISOs and security leaders will arise from those vulnerability management professionals who are driving the shift to exposure management today. Key takeaways: Vulnerability management is crucial for the evolution toward a more strategic, business-aligned approach to cybersecurity, that’s why these professionals are best positioned to lead…
-
Infosecurity Europe 2025: Securing an Uncertain World
Compendium Features Dozens of In-Depth Interviews With CEOs, CISOs and Researchers. Welcome to Information Security Media Group’s Infosecurity Europe 2025 Compendium featuring cybersecurity insights from industry’s top researchers, CEOs, CISOs, government leaders and more. Inside this guide, you’ll find links to video interviews created by ISMG.Studio. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/infosecurity-europe-2025-securing-uncertain-world-a-29841
-
Risiken bei der Wiederherstellung nach Ransomware-Angriffen
Tags: alphv, authentication, backup, ceo, ciso, crowdstrike, cyber, cyberattack, DSGVO, encryption, extortion, incident response, infrastructure, insurance, lockbit, mfa, ransomware, resilience, risk, risk-management, service, tool, updateDie Zahlung des Lösegelds nach einer Ransomware-Attacke ist keine Garantie für eine reibungslose oder gar erfolgreiche Wiederherstellung der Daten.Zwei von fünf Unternehmen, die Cyberkriminellen für die Entschlüsselung von Ransomware bezahlen, können ihre Daten nicht wiederherstellen. Das hat eine weltweite Umfrage des Versicherungsanbieters Hiscox unter 1.000 mittelständischen Unternehmen ergeben.Die Ergebnisse zeigen, dass Ransomware nach wie vor…
-
Risiken bei der Wiederherstellung nach Ransomware-Angriffen
Tags: alphv, authentication, backup, ceo, ciso, crowdstrike, cyber, cyberattack, DSGVO, encryption, extortion, incident response, infrastructure, insurance, lockbit, mfa, ransomware, resilience, risk, risk-management, service, tool, updateDie Zahlung des Lösegelds nach einer Ransomware-Attacke ist keine Garantie für eine reibungslose oder gar erfolgreiche Wiederherstellung der Daten.Zwei von fünf Unternehmen, die Cyberkriminellen für die Entschlüsselung von Ransomware bezahlen, können ihre Daten nicht wiederherstellen. Das hat eine weltweite Umfrage des Versicherungsanbieters Hiscox unter 1.000 mittelständischen Unternehmen ergeben.Die Ergebnisse zeigen, dass Ransomware nach wie vor…
-
Cross-platform ransomware: Qilin weaponizes Linux binaries against Windows hosts
Tags: access, backup, cio, ciso, control, credentials, defense, detection, exploit, healthcare, identity, infrastructure, linux, monitoring, network, ransomware, threat, tool, windowsFixing the gaps : Threat actors are now exploiting legitimate IT tools and hybrid infrastructures to quietly sidestep conventional defenses, calling for CISOs to rethink security strategies.Mehta added that when Linux binaries execute on Windows through a remote tool, your Windows-only detections won’t save.He added, Agenda Ransomware exploits Windows-centric assumptions, under-protected RMM tools, and neglected driver…
-
Cross-platform ransomware: Qilin weaponizes Linux binaries against Windows hosts
Tags: access, backup, cio, ciso, control, credentials, defense, detection, exploit, healthcare, identity, infrastructure, linux, monitoring, network, ransomware, threat, tool, windowsFixing the gaps : Threat actors are now exploiting legitimate IT tools and hybrid infrastructures to quietly sidestep conventional defenses, calling for CISOs to rethink security strategies.Mehta added that when Linux binaries execute on Windows through a remote tool, your Windows-only detections won’t save.He added, Agenda Ransomware exploits Windows-centric assumptions, under-protected RMM tools, and neglected driver…
-
The 10 biggest issues CISOs and cyber teams face today
Tags: ai, attack, awareness, breach, business, ceo, ciso, computing, crime, cyber, cyberattack, cybersecurity, data, deep-fake, defense, email, encryption, exploit, finance, fraud, governance, group, hacker, international, mitigation, organized, phishing, ransom, risk, scam, service, strategy, supply-chain, technology, threat, tool, training, usa, vulnerability2. Escalating, and accelerating, AI-enabled attacks: A 2025 survey from Boston Consulting Group found that 80% of CISOs worldwide cited AI-powered cyberattacks as their top concern, a 19-point increase from the previous year. A 2025 survey from Darktrace, a security technology firm, found that 78% of CISOs reported a significant impact from AI-driven threats, up…
-
Cybersecurity Snapshot: Top Advice for Detecting and Preventing AI Attacks, and for Securing AI Systems
Tags: access, ai, attack, authentication, awareness, best-practice, breach, business, chatgpt, china, ciso, cloud, computing, container, control, credentials, crime, cve, cyber, cyberattack, cybersecurity, data, defense, detection, email, exploit, extortion, finance, flaw, framework, fraud, google, governance, government, group, guide, hacker, hacking, healthcare, iam, identity, incident response, intelligence, LLM, malicious, malware, mitigation, monitoring, network, open-source, openai, organized, phishing, ransom, risk, risk-management, russia, sans, scam, service, skills, soc, strategy, supply-chain, technology, theft, threat, tool, training, vulnerability, zero-trustAs organizations eagerly adopt AI, cybersecurity teams are racing to protect these new systems. In this special edition of the Cybersecurity Snapshot, we round up some of the best recent guidance on how to fend off AI attacks, and on how to safeguard your AI systems. Key takeaways Developers are getting new playbooks from groups…
-
Cybersecurity Accountability: Why CISOs Must Share Ownership Across the Enterprise
The sharing of ownership is more secure within the company. There are still standards set by the CISO and the core program being executed, but business owners, product team, IT,… The post Cybersecurity Accountability: Why CISOs Must Share Ownership Across the Enterprise appeared first on Strobes Security. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/10/cybersecurity-accountability-why-cisos-must-share-ownership-across-the-enterprise/
-
Der Weg zur CPS-Resilienz
Lesen Sie, welche Schritte notwendig sind, damit Cyber-physische Systemen (CPS) resilienter gegen Cyberangriffe werden.Cyber-physische Systeme (CPS) steuern und überwachen die physischen Prozesse, die die Basis des modernen Lebens bilden. Sie sind in der Industrie, im Gesundheitssektor und in Gebäuden allgegenwärtig. Als Grundlage unserer (kritischen) Infrastruktur sorgen sie für ein reibungsloses, ‘unterbrechungsfreies” Leben. Dies zu gewährleisten,…
-
Der Weg zur CPS-Resilienz
Lesen Sie, welche Schritte notwendig sind, damit Cyber-physische Systemen (CPS) resilienter gegen Cyberangriffe werden.Cyber-physische Systeme (CPS) steuern und überwachen die physischen Prozesse, die die Basis des modernen Lebens bilden. Sie sind in der Industrie, im Gesundheitssektor und in Gebäuden allgegenwärtig. Als Grundlage unserer (kritischen) Infrastruktur sorgen sie für ein reibungsloses, ‘unterbrechungsfreies” Leben. Dies zu gewährleisten,…
-
AI browsers can be abused by malicious AI sidebar extensions: Report
‘Dumpster fires’: David Shipley, head of Canadian employee security awareness training firm Beauceron Security, agrees.”I think if CISOs are bored and want to spice up their lives with an incident, they should roll out these AI-powered hot messes to their users,” he said .”But, if they’re like most CISOs and they have lots of problems,…
-
Dataminr to Buy ThreatConnect for $290M in Intelligence Push
Proposed Acquisition Aims to Merge Internal Risk Data With External Threat Signals. Dataminr will acquire ThreatConnect, combining public data detection with internal intelligence to give CISOs an AI-powered, context-aware response platform. The deal is producing results for shared customers and is central to Dataminr’s push toward predictive, client-specific cybersecurity tools. First seen on govinfosecurity.com Jump…
-
Agentic AI: A Force Multiplier CISOs Can’t Afford to Ignore
AI-Powered Threats Demand AI-Driven Defense As AI reshapes the cyber battlefield, CISOs face unprecedented pressure to defend at machine speed. Discover how agentic AI and deep observability are transforming defense from detection to foresight. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/blogs/agentic-ai-force-multiplier-cisos-cant-afford-to-ignore-p-3959
-
Agentic AI: A Force Multiplier CISOs Can’t Afford to Ignore
AI-Powered Threats Demand AI-Driven Defense As AI reshapes the cyber battlefield, CISOs face unprecedented pressure to defend at machine speed. Discover how agentic AI and deep observability are transforming defense from detection to foresight. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/blogs/agentic-ai-force-multiplier-cisos-cant-afford-to-ignore-p-3959
-
Agentic AI: A Force Multiplier CISOs Can’t Afford to Ignore
AI-Powered Threats Demand AI-Driven Defense As AI reshapes the cyber battlefield, CISOs face unprecedented pressure to defend at machine speed. Discover how agentic AI and deep observability are transforming defense from detection to foresight. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/blogs/agentic-ai-force-multiplier-cisos-cant-afford-to-ignore-p-3959
-
Why must CISOs slay a cyber dragon to earn business respect?
really prevents one, the board shrugs,” Levine says. CISOs “kind of normalize the idea that the company is constantly under attack. That is certainly true, but it makes it very difficult for the board to get worked up over preventing a single attack.” Moreover, this issue begs the question: Why should a security leader need…
-
Why must CISOs slay a cyber dragon to earn business respect?
really prevents one, the board shrugs,” Levine says. CISOs “kind of normalize the idea that the company is constantly under attack. That is certainly true, but it makes it very difficult for the board to get worked up over preventing a single attack.” Moreover, this issue begs the question: Why should a security leader need…
-
The Human Cost of Defense: A CISO’s View From the War Room
Semperis’ Midnight in the War Room reveals the unseen struggles, burnout and heroism of CISOs and defenders who protect our digital world every day. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/the-human-cost-of-defense-a-cisos-view-from-the-war-room/
-
The Human Cost of Defense: A CISO’s View From the War Room
Semperis’ Midnight in the War Room reveals the unseen struggles, burnout and heroism of CISOs and defenders who protect our digital world every day. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/the-human-cost-of-defense-a-cisos-view-from-the-war-room/
-
Dead-Drop Resolvers: Malware’s Quiet Rendezvous and Why Adaptive Defense Matters
At this weekend’s BSides NYC, Dr. Jonathan Fuller, CISO of the U.S. Military Academy at West Point, delivered an extremely clear talk on how modern malware hides its command-and-control (C2) infrastructure through dead-drop resolvers. Fuller, who co-authored Georgia Tech’s VADER project, described how adversaries increasingly use public platforms-GitHub, Dropbox, Pastebin, even blockchain transactions-as-covert meeting points…
-
Self-propagating worm found in marketplaces for Visual Studio Code extensions
Tags: access, application-security, attack, backdoor, backup, best-practice, blockchain, breach, ciso, control, credentials, crime, crypto, cyber, data, data-breach, endpoint, framework, github, gitlab, google, government, identity, incident response, infrastructure, intelligence, least-privilege, login, malicious, malware, marketplace, network, open-source, resilience, risk, sans, security-incident, software, supply-chain, threat, tool, update, wormMarketplaces targeted: The Koi Security report is the latest in a series of warnings that threat actors are increasingly targeting VS Code marketplaces in supply chain attacks. Last week, Koi Security exposed a threat actor dubbed TigerJack spreading malicious extensions. And researchers at Wiz just published research showing the widespread abuse of the OpenVSX and…

