Tag: ciso
-
How to Develop a Strong Security Culture Advice for CISOs and CSOs
Developing a strong security culture is one of the most critical responsibilities for today’s CISOs (Chief Information Security Officers) and CSOs (Chief Security Officers). As cyber threats become more sophisticated and pervasive, technical defenses alone are insufficient. A resilient security posture results from embedding security awareness, responsibility, and proactive behavior into every organizational layer. This…
-
Die Bösen kooperieren, die Guten streiten sich
Tags: ciso, compliance, cyber, cyberattack, cyersecurity, finance, group, microsoft, resilience, sap, strategy, usaEine Koalition einflussreicher CISOs sieht den G7-Gipfel 2025 als ideale Gelegenheit, die G7- und OECD-Mitgliedsstaaten zu einer stärkeren Zusammenarbeit und Harmonisierung der Cybersicherheitsvorschriften zu bewegen.Da Cyberangriffe immer weiter zunehmen und internationale Banden vermehrt miteinander kooperieren, bedarf es einer stärkeren, grenzüberschreitenden Zusammenarbeit der ‘Guten”. Das zumindest behaupten Führungskräfte namhafter Unternehmen wie Salesforce, Microsoft, AWS, Mastercard, SAP…
-
Commvault warns of critical Command Center flaw
Tags: access, authentication, ciso, cvss, data, exploit, flaw, infrastructure, network, ransomware, vulnerabilityPre-authentication increases exploitability: Heath Renfrow, CISO and co-founder at FEnix24, told CSO that the vulnerability is both “technically serious” and “operationally significant” for organizations, for a number of reasons.For starters, it enables pre-authentication exploitation, meaning that it can be triggered before any authentication is required, leading to high exploitability without the need for credentials. Additionally, the…
-
Critical Commvault SSRF could allow attackers to execute code remotely
Tags: access, authentication, ciso, cvss, data, exploit, flaw, infrastructure, network, ransomware, vulnerabilityPre-authentication increases exploitability: Heath Renfrow, CISO and co-founder at FEnix24, told CSO that the vulnerability is both “technically serious” and “operationally significant” for organizations, for a number of reasons.For starters, it enables pre-authentication exploitation, meaning that it can be triggered before any authentication is required, leading to high exploitability without the need for credentials. Additionally, the…
-
Lesson from huge Blue Shield California data breach: Read the manual
read the documentation of any third party service you sign up for, to understand the security and privacy controls;know what data is being collected from your organization, and what you don’t want shared.”It’s important to understand these giant platforms make it easy for you to share your data across their various services,” he said. “So…
-
CISOs band together to urge world governments to harmonize cyber rules
Policymakers have moved slowly to reduce regulatory overlap, but the new industry plea could help change that. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisos-governments-harmonize-cyber-rules/746275/
-
10 key questions security leaders must ask at RSA 2025
Tags: access, ai, api, application-security, authentication, automation, business, cisa, ciso, cloud, conference, control, corporate, cve, cyber, cybersecurity, data, defense, detection, edr, endpoint, fido, finance, gartner, google, government, healthcare, infrastructure, microsoft, mitigation, mitre, monitoring, mssp, network, nist, passkey, password, phone, programming, resilience, risk, risk-management, service, software, strategy, switch, threat, tool, training, vulnerability, zero-trustIs agentic AI more myth than reality?: Building on 2024’s AI enthusiasm, this year will be all about agentic AI, defined as “a type of AI that enables software systems to act autonomously, making decisions and taking actions based on goals, with minimal human intervention,” according to AI itself (source: Google Gemini). We’ll see lots…
-
Erodiert die Security-Reputation der USA?
Tags: business, ceo, china, cisa, ciso, cybersecurity, cyersecurity, endpoint, exploit, germany, governance, government, intelligence, iran, kaspersky, north-korea, service, strategy, threat, usaTrump stiftet Verunsicherung auch wenn’s um Cybersicherheit geht.Nachdem US-Präsident Donald Trump nun auch Cybersicherheitsunternehmen per Executive Order für abweichende politische Positionen abstraft, befürchten nicht wenige Branchenexperten, dass US-Sicherheitsunternehmen künftig ähnlich in Verruf geraten könnten wie ihre russischen und chinesischen Konkurrenten. Die zentralen Fragen sind dabei:Können sich CISOs beziehungsweise ihre Unternehmen künftig noch auf US-amerikanische Bedrohungsinformationen…
-
Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators
Tags: access, advisory, ai, attack, breach, china, cisa, cisco, ciso, cloud, computer, control, csf, cve, cyber, cyberattack, cybersecurity, data, defense, encryption, espionage, exploit, firmware, framework, governance, government, group, hacker, hacking, healthcare, identity, infrastructure, Internet, LLM, malicious, mfa, mitigation, mitre, network, nist, open-source, password, phishing, privacy, risk, risk-assessment, router, service, software, strategy, supply-chain, technology, threat, tool, update, vulnerabilityCheck out NIST’s effort to further mesh its privacy and cyber frameworks. Plus, learn why code-writing GenAI tools can put developers at risk of package-confusion attacks. Also, find out what Tenable webinar attendees said about identity security. And get the latest on the MITRE CVE program and on attacks against edge routers. Dive into five…
-
Building a Security First Culture Advice from Industry CISOs
In today’s threat landscape, cybersecurity is no longer confined to firewalls and encryption it’s a cultural imperative. Chief Information Security Officers (CISOs) play a pivotal role in transforming organizations into security-first environments where every employee, from interns to executives, actively safeguards digital assets. This shift requires moving beyond compliance checklists to foster shared accountability, continuous…
-
Will politicization of security clearances make US cybersecurity firms radioactive?
Tags: access, business, ceo, cisa, cisco, ciso, credentials, crowdstrike, cybersecurity, disinformation, election, government, infrastructure, intelligence, law, microsoft, network, office, risk, spyware, strategy, threatWhat brought this on: This is mostly a reaction to a White House order on Wednesday that tied security clearances to supporting political concepts. The order chastised Chris Krebs, the former head of Trump’s Cybersecurity and Infrastructure Security Agency (CISA). “Krebs’ misconduct involved the censorship of disfavored speech implicating the 2020 election and COVID-19 pandemic. CISA, under…
-
Managing Burnout in the SOC What CISOs Can Do
The Security Operations Center (SOC) is the nerve center of modern cybersecurity, responsible for detecting, analyzing, and responding to threats 24/7. However, the relentless pace, high stakes, and constant pressure to defend against sophisticated attacks can take a heavy toll on SOC analysts. Burnout is now a significant risk in many SOCs, leading to decreased…
-
Mit der Firmenübernahme steigt das Angriffsrisiko
Übernahmeaktivitäten bergen auch mit Blick auf die Security Risiken.Im Rahmen ihrer Arbeit an dem kürzlich veröffentlichten Report ‘2025 Data Security Incidcent Response” (PDF) haben Security-Experten der US-Anwaltskanzlei BakerHostetler den gefährlichsten Zeitraum für die Unternehmenssicherheit ermittelt. Demnach ist der Zeitabschnitt unmittelbar nach Abschluss einer Übernahme besonders erfolgversprechend für Cyberangriffe. Dafür gibt es mehrere Gründe: Angst vor…
-
Identifying the cyber risks that matter
From noise to clarity: Why CISOs are shifting to adversarial exposure validation First seen on theregister.com Jump to article: www.theregister.com/2025/04/16/picus_security_cyber_risks/
-
Update these two servers from Gladinet immediately, CISOs told
Tags: access, attack, ciso, cloud, control, credentials, data, defense, email, network, programming, risk, skills, update, vulnerabilityC:\Program Files (x86)\Gladinet Cloud Enterprise\root\web.config, although it has also been seen in this path as well: C:\Program Files (x86)\Gladinet Cloud Enterprise\portal\web.config. Similarly, Triofox web.config files could be in two locations: C:\Program Files (x86)\Triofox\root\web.config and C:\Program Files (x86)\Triofox\portal\web.config.The weakness can be leveraged to abuse the ASPX ViewState, a mechanism used to preserve the state of a…
-
CISOs rethink hiring to emphasize skills over degrees and experience
‘Hire differently’: France and ISC2 are among the 37% of leaders and organizations who have put in the work to make skills-based hiring an effective strategy, not just an empty promise.To improve outcomes, France works with the HR team to review job descriptions for open positions and then crafts them based on the organization’s current…
-
When companies merge, so do their cyber threats
For CISOs, mergers and acquisitions (MA) bring both potential and risk. These deals can drive growth, but they also open the door to serious cybersecurity threats that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/16/mergers-and-acquisitions-cybersecurity/
-
Protecting Against Insider Threats Strategies for CISOs
Tags: ciso, credentials, cyber, cybersecurity, finance, malicious, risk, strategy, threat, vulnerabilityInsider threats represent a critical vulnerability in organizational cybersecurity, posing risks that are often more challenging to mitigate than external attacks. These threats can originate from malicious employees, negligent staff, or compromised credentials, each capable of causing significant financial, operational, and reputational harm. The stakes for Chief Information Security Officers (CISOs) are high: a single…
-
The future of authentication: Why passwordless is the way forward
By now, most CISOs agree: passwords are the weakest link in the authentication chain. They’re easy to guess, hard to manage, and constantly reused. Even the most complex … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/16/passwordless-authentication-security/
-
The most dangerous time for enterprise security? One month after an acquisition
Fear of upgrading or purchasing any new security tech. Managers are hesitant to invest because they don’t know what the new parent company will decide, and they don’t want to waste money.Talented security people leave, along with the best people in every business unit. They are worried about being laid off, so they take whatever…
-
Strategic Tool Consolidation for CISOs
“Let’s buy one more tool,” isn’t it something you have heard before? The CISO toolbox is so jam-packed that it’s even tough to remember the work of each tool…. The post Strategic Tool Consolidation for CISOs appeared first on Strobes Security. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/04/strategic-tool-consolidation-for-cisos/
-
Security Awareness Metrics That Matter to the CISO
Security awareness has become a critical component of organizational defense strategies, particularly as companies adopt zero-trust architectures. Chief Information Security Officers (CISOs) are increasingly challenged to demonstrate the effectiveness of security awareness programs through meaningful metrics that resonate with leadership. With human error contributing to approximately 95% of data breaches, quantifying the impact of security…
-
CISO Conversations: Maarten Van Horenbeeck, SVP Chief Security officer at Adobe
Van Horenbeeck’s career spans some of the biggest companies in tech: Verizon, Microsoft, Google, Amazon, Zendesk, and now SVP and CSO at Adobe. The post CISO Conversations: Maarten Van Horenbeeck, SVP & Chief Security officer at Adobe appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/ciso-conversations-maarten-van-horenbeeck-svp-chief-security-officer-at-adobe/
-
Agentic AI is both boon and bane for security pros
Recent agentic security signposts: Recently, we have seen numerous examples of how quickly building your own autonomous AI agents has taken root. Microsoft last month demonstrated six new AI agents that work with its Copilot software that talk directly to its various security tools to identify vulnerabilities, flag identity and asset compromises. Simbian is hosting…
-
Cybersecurity for Startups What Early-Stage CISOs Must Prioritize
Early-stage startups face unique cybersecurity challenges that established enterprises have already addressed through years of investment and experience. For Chief Information Security Officers (CISOs) stepping into leadership roles at young companies, the landscape presents both opportunity and complexity. With limited resources, competing priorities, and pressure to support rapid growth, security leaders must make strategic decisions…
-
What boards want and don’t want to hear from cybersecurity leaders
Tags: access, business, ciso, compliance, control, cyber, cybersecurity, email, malicious, metric, phishing, risk, security-incident, skills, strategy, technology, threat, training, update“It’s only when you report to someone not involved in technology that you realize you’re talking in jargon or not close to talking the language of the business,” says Bennett. Decoding what the board wants from security leaders: Cybersecurity leaders need regular contact with boards to foster familiarity and understanding. Without this, a lack of…