Tag: ciso
-
Protecting farms from hackers: A QA with John Deere’s Deputy CISO
Agriculture is a connected, software-driven industry where cybersecurity is just as essential as tractors and harvesters. From embedded hardware in smart fleets to defending … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/26/carl-kubalsky-john-deere-smart-agriculture-cybersecurity/
-
How Exposure Management Has Helped Tenable Reduce Risk and Align with the Business
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In the second of a two-part blog series, Tenable CSO Robert Huber shares how exposure management has helped him reduce risk and better align with the business. You can read the entire Exposure…
-
2025 CSO Hall of Fame: Meg Anderson on AI, strategic security investments, and life after InfoSec
Tags: ai, automation, business, ciso, conference, cyber, cybersecurity, finance, infosec, jobs, metric, phishing, programming, risk, risk-management, software, strategy, technology, threat, toolWhich technologies are you most cautious about from a CISO’s point of view, and why?: Meg Anderson: I’m cautious of “solutions” that don’t solve a strategic problem. CISOs only have so much budget and mindshare. You need to understand where a tool fits in your investment and strategic roadmap. There were times when my team…
-
How Exposure Management Has Helped Tenable Reduce Risk and Align with the Business
Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In the second of a two-part blog series, Tenable CSO Robert Huber shares how exposure management has helped him reduce risk and better align with the business. You can read the entire Exposure…
-
How AI is reshaping cybersecurity operations
Tags: access, ai, attack, business, ciso, cloud, control, cyber, cybersecurity, data, defense, detection, encryption, finance, gartner, governance, guide, hacker, infrastructure, intelligence, jobs, malware, microsoft, monitoring, phishing, regulation, resilience, risk, sans, service, skills, soc, strategy, supply-chain, technology, threat, tool, training, updateBecause AI can perform tasks at speeds that supersede human capacity, it exponentially scales the amount of work that a cybersecurity function can do, says Rob T. Lee, chief of research for AI and emerging threats and head of faculty at SANS Institute.Moreover, AI excels at doing repetitive tasks near perfectly every time, so it…
-
Personal Liability, Security Becomes Bigger Issues for CISOs
While the furor from CISO prosecutions has died down, worries continue over a lack of liability protections and potential targeting by cybercriminals and hackers for their privileged roles. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/personal-liability-security-becomes-bigger-issues-cisos
-
What is the cost of a data breach?
Tags: access, ai, api, attack, automation, breach, business, ciso, compliance, cyber, cyberattack, cybersecurity, data, data-breach, detection, finance, fraud, healthcare, ibm, identity, incident response, india, infrastructure, insurance, intelligence, jobs, law, metric, privacy, programming, ransom, ransomware, regulation, risk, security-incident, service, skills, software, supply-chain, technology, theft, threat, tool, vulnerabilityCanada ($4.84 million) and the UK ($4.14million) remain in the top 10 hardest hit, with ASEAN or Association of Southeast Asian Nations ($3.67 million), Australia ($2.55 million), and India ($2.51 million) among the top 15. Breaches by industry: Healthcare remains the industry hit with the highest costs per breach by far, at $7.42 million despite…
-
Why AI Agents and MCP Servers Just Became a CISO’s Most Urgent Priority
Over the last year, I’ve spent countless hours with CISOs, CTOs, and security architects talking about a new wave of technology that’s changing the game faster than anything we’ve seen before: Agentic AI and Model Context Protocol (MCP) servers. If you think AI is still in the “cool demos and pilot projects” stage, think again.…
-
Lenovo-Chatbot-Lücke wirft Schlaglicht auf KI-Sicherheitsrisiken
Über eine Schwachstelle in Lenovos Chatbot für den Kundensupport ist es Forschern gelungen, Schadcode einzuschleusen.Der Chatbot ‘Lena” von Lenovo basiert auf GPT-4 von OpenAI und wird für den Kundensupport verwendet. Sicherheitsforscher von Cybernews fanden heraus, dass das KI-Tool anfällig für Cross-Site-Scripting-Angriffe (XSS) war. Die Experten haben eine Schwachstelle entdeckt, über die sie schädliche HTML-Inhalte generieren…
-
Enterprise passwords becoming even easier to steal and abuse
Tags: access, attack, authentication, breach, ceo, ciso, compliance, control, credentials, cyber, cybersecurity, data, detection, encryption, exploit, extortion, group, identity, leak, mfa, monitoring, passkey, password, phishing, ransomware, risk, strategy, threat, tool, zero-trustGrowing threat from stolen credentials: Attackers actively target user credentials because they offer the most direct route or foothold into a targeted organization’s network. Once inside, attackers can move laterally across systems, searching for other user accounts to compromise, or they attempt to escalate their privileges and gain administrative control.This hunt for credentials extends beyond…
-
Fractional vs. full-time CISO: Finding the right fit for your company
In this Help Net Security interview, Nikoloz Kokhreidze, Fractional CISO at Mandos, discusses why many early- and growth-stage B2B companies hire full-time CISOs before it’s … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/21/nikoloz-kokhreidze-mandos-fractional-full-time-ciso/
-
CISOs need to think about risks before rushing into AI
Organizations are increasing investments in cloud, AI, and emerging technologies, but their infrastructure and security strategies often lag behind. A recent Unisys survey of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/21/cloud-ai-security-readiness-2025/
-
Personalie: Sotirios Siozos ist neuer CISO bei Drees & Sommer
Als Head of Global Cyber Security (CISO) & IT Transformation Officer bei Drees & Sommer will Sotirios Siozos das Thema Informationssicherheit vorantreiben. Drees & Sommer SEAm 1. Juli 2025 trat Sotirios Siozos seine neue Stelle als “Head of Global Cyber Security (CISO) & IT Transformation Officer” beim Beratungsspezialist Drees & Sommer SE an. Neben unternehmensstrategischen…
-
Lenovo chatbot breach highlights AI security blind spots in customer-facing systems
Enterprise-wide implications: While the immediate impact involved session cookie theft, the vulnerability’s implications extended far beyond data exfiltration.The researchers warned that the same vulnerability could enable attackers to alter support interfaces, deploy keyloggers, launch phishing attacks, and execute system commands that could install backdoors and enable lateral movement across network infrastructure.”Using the stolen support agent’s…
-
Why CISOs in business services must close the edge security gap
Cloud adoption is speeding ahead in the business services sector, but security for remote and edge environments is falling behind. At the same time, generative AI is moving … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/20/genai-business-services-network-security/
-
NIST’s attempts to secure AI yield many questions, no answers
Challenges to consider: The NIST report talked about various categories of AI integration that forced serious cybersecurity considerations, including: using genAI to create new content; fine-tuning predictive AI; using single AI agents as well multiple agents; and security controls for AI developers. The potentially most challenging element of securing AI in enterprises is visibility. But the…
-
Ein Viertel der CISOs wird nach Ransomware-Angriff entlassen
Tags: backup, ceo, cio, ciso, cyberattack, group, incident response, mail, phishing, ransomware, rat, risk, sophos, vulnerabilityNach einem Ransomware-Angriff werden CISOs oft dafür verantwortlich gemacht und gekündigt. Laut einem aktuellen Bericht von Sophos haben CISOs eine Chance von eins zu vier, dass ihr Arbeitsplatz einen erfolgreichen Ransomware-Angriff nicht übersteht. Die Ergebnisse des Berichts sind ein Weckruf für Sicherheitsverantwortliche, unabhängig davon, ob sie für solche Angriffe verantwortlich gemacht werden oder über die…
-
7 signs it’s time for a managed security service provider
Tags: access, best-practice, breach, business, ciso, compliance, cyber, cybersecurity, data, data-breach, defense, detection, edr, incident, incident response, intelligence, mitigation, monitoring, mssp, ransomware, risk, service, siem, soc, software, supply-chain, threat, tool, update, vulnerability, vulnerability-management2. Your security team is wasting time addressing and evaluating alerts: When your SOC team is ignoring 300 daily alerts and manually triaging what should be automated, that’s your cue to consider an MSSP, says Toby Basalla, founder and principal data consultant at data consulting firm Synthelize.When confusion reigns, who in the SOC team knows…
-
Wie CISOs von der Blockchain profitieren
Tags: access, ai, api, blockchain, ciso, compliance, framework, governance, identity, LLM, network, saas, sbom, software, tool, zero-trustDie Blockchain macht Trust verifizierbar.Sicherheitsvorfälle gehen nicht nur auf eine Kompromittierung der internen Systeme zurück. Sie hängen regelmäßig auch damit zusammen, dass:Privileged-Access-Protokolle fehlen,SaaS-Audit-Trails nicht vertrauenswürdig sind, oderLieferketten kompromittiert werden.Die Blockchain kann dabei helfen, diese realen Probleme zu lösen und Manipulationssicherheit, Datenintegrität und Trust zu gewährleisten. Im Kern ist Blockchain ein System von Datensätzen, die über…
-
25% of security leaders replaced after ransomware attack
Tags: attack, breach, business, ceo, ciso, corporate, credentials, email, exploit, malicious, phishing, ransomware, risk, sophos, vulnerabilityA question of authority Dickson also argues that CISO authority should come into play. If decisions are made at the line-of-business (LOB) level, and potentially againstthe CISO’s advice, does it make corporate sense to blame the CISO?Some “presume that a ransomware attack is the fault of the CISO,” he says. “The CISO is a leader,…
-
Agentic AI promises a cybersecurity revolution, with asterisks
Tags: ai, api, authentication, ceo, ciso, cloud, control, cybersecurity, data, endpoint, infrastructure, jobs, LLM, open-source, openai, risk, service, soc, software, supply-chain, technology, tool, update, vulnerabilityTrust, transparency, and moving slowly are crucial: Like all technologies, and perhaps more dramatically than most, agentic AI carries both risks and benefits. One obvious risk of AI agents is that, like most LLM models, they will hallucinate or make errors that could cause problems.”If you want to remove or give agency to a platform…
-
Do We Have a CISO Payola Problem?
Pay-for-access dinners. Equity asks. Quiet kickbacks. The CISO payola problem is real, and it’s threatening the integrity of cybersecurity leadership. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/do-we-have-a-ciso-payola-problem/
-
Weak alerting and slipping prevention raise risk levels for CISOs
Prevention effectiveness is falling, detection gaps remain wide, and attackers are exploiting weaknesses in data protection and credentials. Data theft prevention has dropped … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/18/ciso-cybersecurity-prevention-effectiveness/
-
Bridging the AI model governance gap: Key findings for CISOs
While most organizations understand the need for strong AI model governance, many are still struggling to close gaps that could slow adoption and increase risk. The findings … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/18/ciso-ai-model-governance/
-
APT groups are getting personal, and CISOs should be concerned
Instead of focusing only on corporate systems, some APT groups are now going after executives in their personal lives. Home networks, private devices, and even family members … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/12/apt-executive-cybersecurity-threats/
-
APT groups are getting personal, and CISOs should be concerned
Instead of focusing only on corporate systems, some APT groups are now going after executives in their personal lives. Home networks, private devices, and even family members … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/12/apt-executive-cybersecurity-threats/
-
APT groups are getting personal, and CISOs should be concerned
Instead of focusing only on corporate systems, some APT groups are now going after executives in their personal lives. Home networks, private devices, and even family members … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/12/apt-executive-cybersecurity-threats/