Tag: ciso
-
2026 CSO Hall of Fame call for nominations
Tags: ceo, cio, ciso, corporate, cybersecurity, finance, google, group, infrastructure, international, jobs, risk, risk-management, sans, technology2025 CSO Hall of Fame Honorees Meg Anderson, VP & CISO (retired), Principal Financial Group Bob Bruns, CISO, Avanade Jonathan Chow, CISO, Genesys Mignona Cote, CISO, Infor Laura Deaner, Managing Director, CISO, The Depository Trust & Clearing Corporation (DTCC) George Finney, CISO, University of Texas System Michael Gordon, SVP & CISO, McDonald’s Ron Green, Cybersecurity Fellow/Former CSO, Mastercard Shawn Henry, CSO, CrowdStrike Todd Lukens,…
-
What keeps CISOs awake at night, and why Zurich might hold the cure
Tags: access, ai, api, attack, breach, ciso, conference, control, cve, cyber, cybersecurity, deep-fake, detection, endpoint, exploit, finance, firmware, framework, group, incident response, injection, LLM, malware, mandiant, microsoft, mitre, network, phishing, phone, ransomware, resilience, risk, soc, strategy, supply-chain, threat, tool, training, update, zero-dayA safe space in the Alps: Over two days at Zurich’s stunning Dolder Grand, hosted by the Swiss Cyber Institute, I witnessed something I’ve seldom seen at cybersecurity events: real vulnerability. In a closed, attribution-free environment, leaders shared not just strategies, but doubts. And that made this event stand out, not as another conference, but…
-
What keeps CISOs awake at night, and why Zurich might hold the cure
Tags: access, ai, api, attack, breach, ciso, conference, control, cve, cyber, cybersecurity, deep-fake, detection, endpoint, exploit, finance, firmware, framework, group, incident response, injection, LLM, malware, mandiant, microsoft, mitre, network, phishing, phone, ransomware, resilience, risk, soc, strategy, supply-chain, threat, tool, training, update, zero-dayA safe space in the Alps: Over two days at Zurich’s stunning Dolder Grand, hosted by the Swiss Cyber Institute, I witnessed something I’ve seldom seen at cybersecurity events: real vulnerability. In a closed, attribution-free environment, leaders shared not just strategies, but doubts. And that made this event stand out, not as another conference, but…
-
The CISO’s greatest risk? Department leaders quitting
What CISOs can and should be doing: The situation isn’t hopeless; there are steps CISOs can and should take to help avoid defections. It’s a matter of making staff a priority. PayNearMe’s Hobson says CISOs need to ask themselves whether functional security leaders are wearing too many hats with too few opportunities to advance, and…
-
Email blind spots are back to bite security teams
The threat landscape is forcing CISOs to rethink what they consider normal. The latest Cybersecurity Report 2026 by Hornetsecurity, based on analysis of more than 70 billion … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/24/hornetsecurity-email-attack-tactics-report/
-
SEC Ends SolarWinds Suit After Major Legal Setbacks
High-Profile Case Ends After Judge Guts SEC’s Cyber Fraud Allegations. The SEC has dropped its remaining claims against SolarWinds and CISO Tim Brown, ending a controversial cyber fraud lawsuit that aimed to expand securities law to cover operational security failures tied to the 2020 Russian hacking campaign. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/sec-ends-solarwinds-suit-after-major-legal-setbacks-a-30101
-
SEC Dismisses Remains of Lawsuit Against SolarWinds and Its CISO
The SEC dismissed the remain charges in the lawsuit filed in 2023 against software maker SolarWinds and CISO Timothy Brown in the wake of the massive Sunburst supply chain attack, in which a Russian nation-state group installed a malicious update into SolarWInds software that then compromised the systems of some customers. First seen on securityboulevard.com…
-
SEC Dismisses Remains of Lawsuit Against SolarWinds and Its CISO
The SEC dismissed the remain charges in the lawsuit filed in 2023 against software maker SolarWinds and CISO Timothy Brown in the wake of the massive Sunburst supply chain attack, in which a Russian nation-state group installed a malicious update into SolarWInds software that then compromised the systems of some customers. First seen on securityboulevard.com…
-
SOCs Must Be Built for Speed in the AI Threat Era
KPMG’s John Israel on Speed, Autonomy and Trusted AI in Security. The adversarial use of AI has dramatically compressed attack timelines, forcing organizations to rethink their security operations centers. John Israel, global CISO at KPMG, discusses how companies must reshape their SOC programs around speed, increased automation and governance. First seen on govinfosecurity.com Jump to…
-
Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI Risk Framework
Tags: access, advisory, ai, android, apple, attack, banking, breach, browser, chrome, cisa, ciso, cloud, compliance, control, credentials, credit-card, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, detection, endpoint, extortion, finance, firewall, firmware, flaw, framework, google, governance, government, group, guide, Hardware, ibm, identity, infection, infrastructure, international, Internet, law, linux, malicious, malware, microsoft, mobile, monitoring, network, open-source, oracle, password, phishing, radius, ransomware, rat, resilience, risk, risk-assessment, risk-management, russia, scam, service, software, switch, technology, threat, tool, update, vulnerability, windowsCyber agencies call on ISPs to help combat “bulletproof” internet hosts that shield cybercriminals. Meanwhile, the CSA introduced a new methodology to assess the risks of autonomous AI. Plus, get the latest on the CIS Benchmarks, drone-detection systems, and malware infections. Key takeaways Crackdown on “bulletproof” hosting: International cyber agencies are urging ISPs and network…
-
From code to boardroom: A GenAI GRC approach to supply chain risk
Tags: ai, blockchain, business, ciso, compliance, dark-web, data, defense, finance, framework, gartner, grc, intelligence, LLM, metric, open-source, regulation, resilience, risk, strategy, supply-chain, threat, vulnerabilityThe GenAI GRC mandate: From reporting to prediction: To counter a threat that moves at the speed of computation, our GRC must also become generative and predictive. The GenAI GRC mandate is to shift the focus from documenting compliance to predicting systemic failure.Current GRC methods are designed for documentation. They verify that a policy exists.…
-
How to turn threat intel into real security wins
Tags: access, api, attack, automation, awareness, business, ciso, cloud, communications, control, credentials, csf, data, data-breach, detection, dns, edr, email, endpoint, exploit, finance, framework, governance, guide, identity, intelligence, lessons-learned, mail, malware, mitre, nist, phishing, ransomware, resilience, risk, saas, siem, soar, soc, switch, tactics, theft, threat, tool, update, vulnerabilityThe CISO mandate: Risk, efficiency, investment, response: Reduce operational risk and financial loss Intelligence-led detection and response aim to prevent or minimise data loss and business disruption. The downstream effects, smaller blast radii, fewer regulatory headaches and lower recovery bills, are what boards recognise. Maximise staff efficiency Manual validation and correlation drive alert fatigue. Automating…
-
From code to boardroom: A GenAI GRC approach to supply chain risk
Tags: ai, blockchain, business, ciso, compliance, dark-web, data, defense, finance, framework, gartner, grc, intelligence, LLM, metric, open-source, regulation, resilience, risk, strategy, supply-chain, threat, vulnerabilityThe GenAI GRC mandate: From reporting to prediction: To counter a threat that moves at the speed of computation, our GRC must also become generative and predictive. The GenAI GRC mandate is to shift the focus from documenting compliance to predicting systemic failure.Current GRC methods are designed for documentation. They verify that a policy exists.…
-
How to turn threat intel into real security wins
Tags: access, api, attack, automation, awareness, business, ciso, cloud, communications, control, credentials, csf, data, data-breach, detection, dns, edr, email, endpoint, exploit, finance, framework, governance, guide, identity, intelligence, lessons-learned, mail, malware, mitre, nist, phishing, ransomware, resilience, risk, saas, siem, soar, soc, switch, tactics, theft, threat, tool, update, vulnerabilityThe CISO mandate: Risk, efficiency, investment, response: Reduce operational risk and financial loss Intelligence-led detection and response aim to prevent or minimise data loss and business disruption. The downstream effects, smaller blast radii, fewer regulatory headaches and lower recovery bills, are what boards recognise. Maximise staff efficiency Manual validation and correlation drive alert fatigue. Automating…
-
Root causes of security breaches remain elusive, jeopardizing resilience
Tags: attack, breach, business, ciso, cyber, cybercrime, cybersecurity, data, detection, framework, governance, incident response, intelligence, lessons-learned, monitoring, resilience, security-incident, service, siem, skills, software, strategy, tactics, technology, threat, tool, training, update, vpn, vulnerabilityTracing an attack path: Preparation is key, so businesses need to have dedicated tools and skills for digital forensics in place before an incident occurs through technologies such as security incident and event management (SIEM).SIEM devices are important because, for example, many gateway and VPN devices have a local storage that overwrites itself within hours.”If…
-
Research shows identity document checks are missing key signals
Most CISOs spend their time thinking about account takeover and phishing, but identity document fraud is becoming a tougher challenge. A new systematic review shows how … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/21/identity-document-fraud-detection-research/
-
SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny
The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer, alleging that the company had misled investors about the security practices that led to the 2020 supply chain attack.In a joint motion filed November 20, 2025, the SEC, along with SolarWinds and its CISO Timothy G.…
-
SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny
The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer, alleging that the company had misled investors about the security practices that led to the 2020 supply chain attack.In a joint motion filed November 20, 2025, the SEC, along with SolarWinds and its CISO Timothy G.…
-
Sysdig Whitepaper: Warum eine AIBOM die Blaupause für sichere KI-Modelle ist
Das neue Whitepaper ‘AIBOM: The infrastructure, risks, and how to secure AI models” steht ab sofort kostenlos auf der Sysdig-Website bereit. Es richtet sich an Sicherheits- und Entwicklungsteams, CISOs, Compliance-Beauftragte sowie alle Organisationen, die KI sicher und verantwortungsvoll einsetzen möchten. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sysdig-whitepaper-warum-eine-aibom-die-blaupause-fuer-sichere-ki-modelle-ist/a42923/
-
Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI Risk Framework
Tags: access, advisory, ai, android, apple, attack, banking, breach, browser, chrome, cisa, ciso, cloud, compliance, control, credentials, credit-card, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, detection, endpoint, extortion, finance, firewall, firmware, flaw, framework, google, governance, government, group, guide, Hardware, ibm, identity, infection, infrastructure, international, Internet, law, linux, malicious, malware, microsoft, mobile, monitoring, network, open-source, oracle, password, phishing, radius, ransomware, rat, resilience, risk, risk-assessment, risk-management, russia, scam, service, software, switch, technology, threat, tool, update, vulnerability, windowsCyber agencies call on ISPs to help combat “bulletproof” internet hosts that shield cybercriminals. Meanwhile, the CSA introduced a new methodology to assess the risks of autonomous AI. Plus, get the latest on the CIS Benchmarks, drone-detection systems, and malware infections. Key takeaways Crackdown on “bulletproof” hosting: International cyber agencies are urging ISPs and network…
-
What insurers really look at in your identity controls
Insurers judge organizations by the strength of their identity controls and by how consistently those controls are applied, according to a new Delinea report. CISOs are … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/21/delinea-identity-security-controls-report/
-
What insurers really look at in your identity controls
Insurers judge organizations by the strength of their identity controls and by how consistently those controls are applied, according to a new Delinea report. CISOs are … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/21/delinea-identity-security-controls-report/
-
Sneaky2FA phishing tool adds ability to insert legit-looking URLs
A look at Sneaky2FA: Sneaky2FA operates through a full-featured bot on Telegram, says the report. Customers reportedly receive access to a licensed, obfuscated version of the source code and deploy it independently. This means they can customize it to their needs. On the other hand, the report notes, Sneaky2FA implementations can be reliably profiled and…
-
Sneaky2FA phishing tool adds ability to insert legit-looking URLs
A look at Sneaky2FA: Sneaky2FA operates through a full-featured bot on Telegram, says the report. Customers reportedly receive access to a licensed, obfuscated version of the source code and deploy it independently. This means they can customize it to their needs. On the other hand, the report notes, Sneaky2FA implementations can be reliably profiled and…
-
SEC drops SolarWinds lawsuit that painted a target on CISOs everywhere
Tags: cisoCompany ‘clearly delighted’ with the outcome First seen on theregister.com Jump to article: www.theregister.com/2025/11/20/sec_bails_on_solarwinds_lawsuit/
-
3 ways CISOs can win over their boards this budget season
Tip 2: Go beyond compliance standards: It’s no secret that compliance and regulations drive nearly 80% of CISOs’ budget justifications. Industry standards like HIPAA and SOC2 can offer a guiding framework for a program, but with evolving threats from AI, the rise of quantum computing and increasingly complex third-party risk, CISOs need to think of…
-
Selling to the CISO: An open letter to the cybersecurity industry
Looking for reliability, not revolution: I’m not anti-technology. I rely on it. But I buy it with purpose. I buy tools that make us better at the basics, that help enforce discipline, and that reduce human error. I buy solutions that simplify, not complicate. And I buy from vendors who tell me the truth, even…
-
Cybersecurity Report zeigt: Malware-Angriffe sind 2025 um 131 % gestiegen
Malware-Angriffe per E-Mail nahmen im Vergleich zum Vorjahr um 131 % zu, begleitet von einem Anstieg von Betrugsversuchen (+ 35 %) und Phishing (+ 21 %). 77 % der CISOs identifizieren KI-generiertes Phishing als ernsthafte und zunehmende Bedrohung. 68 % der Unternehmen investierten 2025 in KI-gestützte Schutzmaßnahmen. Der jährliche Cybersecurity Report von Hornetsecurity zeigt:… First…