Tag: ciso
-
Identifying the cyber risks that matter
From noise to clarity: Why CISOs are shifting to adversarial exposure validation First seen on theregister.com Jump to article: www.theregister.com/2025/04/16/picus_security_cyber_risks/
-
Update these two servers from Gladinet immediately, CISOs told
Tags: access, attack, ciso, cloud, control, credentials, data, defense, email, network, programming, risk, skills, update, vulnerabilityC:\Program Files (x86)\Gladinet Cloud Enterprise\root\web.config, although it has also been seen in this path as well: C:\Program Files (x86)\Gladinet Cloud Enterprise\portal\web.config. Similarly, Triofox web.config files could be in two locations: C:\Program Files (x86)\Triofox\root\web.config and C:\Program Files (x86)\Triofox\portal\web.config.The weakness can be leveraged to abuse the ASPX ViewState, a mechanism used to preserve the state of a…
-
CISOs rethink hiring to emphasize skills over degrees and experience
‘Hire differently’: France and ISC2 are among the 37% of leaders and organizations who have put in the work to make skills-based hiring an effective strategy, not just an empty promise.To improve outcomes, France works with the HR team to review job descriptions for open positions and then crafts them based on the organization’s current…
-
When companies merge, so do their cyber threats
For CISOs, mergers and acquisitions (MA) bring both potential and risk. These deals can drive growth, but they also open the door to serious cybersecurity threats that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/16/mergers-and-acquisitions-cybersecurity/
-
Protecting Against Insider Threats Strategies for CISOs
Tags: ciso, credentials, cyber, cybersecurity, finance, malicious, risk, strategy, threat, vulnerabilityInsider threats represent a critical vulnerability in organizational cybersecurity, posing risks that are often more challenging to mitigate than external attacks. These threats can originate from malicious employees, negligent staff, or compromised credentials, each capable of causing significant financial, operational, and reputational harm. The stakes for Chief Information Security Officers (CISOs) are high: a single…
-
The future of authentication: Why passwordless is the way forward
By now, most CISOs agree: passwords are the weakest link in the authentication chain. They’re easy to guess, hard to manage, and constantly reused. Even the most complex … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/16/passwordless-authentication-security/
-
The most dangerous time for enterprise security? One month after an acquisition
Fear of upgrading or purchasing any new security tech. Managers are hesitant to invest because they don’t know what the new parent company will decide, and they don’t want to waste money.Talented security people leave, along with the best people in every business unit. They are worried about being laid off, so they take whatever…
-
Strategic Tool Consolidation for CISOs
“Let’s buy one more tool,” isn’t it something you have heard before? The CISO toolbox is so jam-packed that it’s even tough to remember the work of each tool…. The post Strategic Tool Consolidation for CISOs appeared first on Strobes Security. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/04/strategic-tool-consolidation-for-cisos/
-
Security Awareness Metrics That Matter to the CISO
Security awareness has become a critical component of organizational defense strategies, particularly as companies adopt zero-trust architectures. Chief Information Security Officers (CISOs) are increasingly challenged to demonstrate the effectiveness of security awareness programs through meaningful metrics that resonate with leadership. With human error contributing to approximately 95% of data breaches, quantifying the impact of security…
-
CISO Conversations: Maarten Van Horenbeeck, SVP Chief Security officer at Adobe
Van Horenbeeck’s career spans some of the biggest companies in tech: Verizon, Microsoft, Google, Amazon, Zendesk, and now SVP and CSO at Adobe. The post CISO Conversations: Maarten Van Horenbeeck, SVP & Chief Security officer at Adobe appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/ciso-conversations-maarten-van-horenbeeck-svp-chief-security-officer-at-adobe/
-
Agentic AI is both boon and bane for security pros
Recent agentic security signposts: Recently, we have seen numerous examples of how quickly building your own autonomous AI agents has taken root. Microsoft last month demonstrated six new AI agents that work with its Copilot software that talk directly to its various security tools to identify vulnerabilities, flag identity and asset compromises. Simbian is hosting…
-
Cybersecurity for Startups What Early-Stage CISOs Must Prioritize
Early-stage startups face unique cybersecurity challenges that established enterprises have already addressed through years of investment and experience. For Chief Information Security Officers (CISOs) stepping into leadership roles at young companies, the landscape presents both opportunity and complexity. With limited resources, competing priorities, and pressure to support rapid growth, security leaders must make strategic decisions…
-
What boards want and don’t want to hear from cybersecurity leaders
Tags: access, business, ciso, compliance, control, cyber, cybersecurity, email, malicious, metric, phishing, risk, security-incident, skills, strategy, technology, threat, training, update“It’s only when you report to someone not involved in technology that you realize you’re talking in jargon or not close to talking the language of the business,” says Bennett. Decoding what the board wants from security leaders: Cybersecurity leaders need regular contact with boards to foster familiarity and understanding. Without this, a lack of…
-
Why security culture is crypto’s strongest asset
In this Help Net Security interview, Norah Beers, CISO at Grayscale, discusses key security challenges in managing crypto assets, adversary tactics, private key management, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/11/norah-beers-grayscale-crypto-asset-management/
-
Google bets on unifying security tools to ease CISO pain
At Google Cloud Next in Las Vegas, Google launches its Unified Security platform with the goal of bringing together disparate security solutions to help cyber leaders and practitioners address their most keenly felt pain points First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366622474/Google-bets-on-unifying-security-tools-to-ease-CISO-pain
-
Google Cloud: CISOs Demand Simplified Security Tools Amid Growing Tech Complexity
Google Cloud announced a number of security products designed to reduce complexity for security leaders First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-cloud-cisos-demand/
-
Targeted phishing gets a new hook with real-time email validation
Tags: api, authentication, awareness, ciso, credentials, data-breach, defense, email, infosec, mail, password, phishing, sans, service, spam, spear-phishing, threat, training‘A little bit of hype’: David Shipley, head of Canadian-based security awareness training firm Beauceron Security, said “there’s a little bit of hype” in giving the tactic a fancy name for what is in fact spear phishing, although, he admitted, it’s “rapid-fire spear phishing.”The reason, he said, is that “spray-and-pray” mass phishing campaigns today are…
-
AI is Reshaping Cyber Threats: Here’s What CISOs Must Do Now
Assess the risks posed by AI-powered attacks and adopt AI-driven defense capabilities to match. Automate where possible. Use AI to prioritise what matters. Invest in processes and talent that enable real-time response and build long-term trust. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/ai-is-reshaping-cyber-threats-heres-what-cisos-must-do-now/
-
Precision-validated phishing: The rise of sophisticated credential theft
Tags: api, authentication, awareness, ciso, credentials, data-breach, defense, email, infosec, mail, password, phishing, sans, service, spam, spear-phishing, theft, threat, training‘A little bit of hype’: David Shipley, head of Canadian-based security awareness training firm Beauceron Security, said “there’s a little bit of hype” in giving the tactic a fancy name for what is in fact spear phishing, although, he admitted, it’s “rapid-fire spear phishing.”The reason, he said, is that “spray-and-pray” mass phishing campaigns today are…
-
Is HR running your employee security training? Here’s why that’s not always the best idea
Tags: attack, awareness, best-practice, breach, business, ciso, communications, compliance, cyber, cybersecurity, data, finance, guide, healthcare, privacy, resilience, risk, security-incident, service, threat, training, vulnerabilityHR doesn’t have specialized security knowledge: Another limitation is that an organization’s security training can be a component in maintaining certain certifications, compliance, contractual agreements, and customer expectations, according to Hughes.”If that’s important to your organization, then security, IT, and compliance teams will know the subjects to cover and help guide in the importance of…
-
Why CISOs are doubling down on cyber crisis simulations
Cyber threats aren’t going away, and CISOs know prevention isn’t enough. Being ready to respond is just as important. Cyber crisis simulations offer a way to test that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/09/ciso-cyber-crisis-simulations/
-
Transforming cybersecurity into a strategic business enabler
In this Help Net Security interview, Kevin Serafin, CISO at Ecolab, discusses aligning security strategy with long-term business goals, building strong partnerships across the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/09/kevin-serafin-ecolab-cybersecurity-strategy-business/
-
Governance or bust: CISOs grapple with AI’s double-edged sword
First seen on scworld.com Jump to article: www.scworld.com/resource/governance-or-bust-cisos-grapple-with-ais-double-edged-sword
-
The Secret Weapon CISOs May Be Overlooking In the Fight Against Cyberattacks
While often relegated to a purely functional role, DNS offers unparalleled opportunities for preemptive defense against cyberattacks. The post DNS: The Secret Weapon CISOs May Be Overlooking In the Fight Against Cyberattacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/dns-the-secret-weapon-cisos-may-be-overlooking-in-the-fight-against-cyberattacks/
-
What Microsoft Knows About AI Security That Most CISOs Don’t?
Traditional security fails with AI systems. Discover Microsoft’s RAI Maturity Model and practical steps to advance from Level 1 to Level 5 in AI security governance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/what-microsoft-knows-about-ai-security-that-most-cisos-dont/
-
10 things you should include in your AI policy
Tags: access, ai, best-practice, breach, business, ceo, ciso, compliance, cybersecurity, data, data-breach, finance, framework, gartner, GDPR, governance, incident response, insurance, law, monitoring, privacy, regulation, risk, software, strategy, switch, technology, tool, training, updateInput from all stakeholders: At Aflac, the security team took the initial lead on developing the company’s AI policy. But AI is not just a security concern. “And it’s not just a legal concern,” Ladner says. “It’s not just a privacy concern. It’s not just a compliance concern. You need to bring all the stakeholders…
-
Observability is security’s way back into the cloud conversation
In this Help Net Security interview, Esteban Gutierrez, CISO and VP of Information Security at New Relic, discusses how the adoption of cloud infrastructure is outpacing … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/08/esteban-gutierrez-new-relic-cloud-infrastructure-risks/