Tag: ciso
-
The Convergence of IAM, Cybersecurity, Fraud and Compliance
Gartner’s Pete Redshaw on Why the CISO or CRO Should Take the Lead. Cybersecurity, IAM, fraud and compliance will converge across financial institutions in the next five to six years. This transformation will follow a phased path, beginning with data integration, followed by tool alignment and eventually team restructuring. First seen on govinfosecurity.com Jump to…
-
Tariff Wars: The Technology Impact
How CIOs and CISOs Can Navigate With Balance Tariff wars may hit technology leaders hard in 2025 as the Trump administration’s 10% import tax, plus reciprocal tariffs, spikes costs. CIOs and CISOs face supply chain disruption and heightened cyber risks. But they can adapt with cloud shifts, smart deals and better advocacy. First seen on…
-
The risks of entry-level developers over relying on AI
Tags: ai, attack, awareness, best-practice, cio, ciso, compliance, cybersecurity, exploit, jobs, law, malicious, open-source, programming, resilience, risk, skills, software, technology, threat, tool, training, update, vulnerabilityThe risks of blind spots, compliance and license violation: As generative AI becomes more embedded in software development and security workflows, cybersecurity leaders are raising concerns about the blind spots it can potentially introduce. “AI can produce secure-looking code, but it lacks contextual awareness of the organization’s threat model, compliance needs, and adversarial risk environment,”…
-
CISOs battle security platform fatigue
It starts with good intentions. A tool to stop phishing. Another to monitor endpoints. One more for cloud workloads. Soon, a well-meaning CISO finds themselves managing dozens … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/07/ciso-security-platform-fatigue/
-
Speaking the Board’s Language: A CISO’s Guide to Securing Cybersecurity Budget
The biggest challenge CISOs face isn’t just securing budget it’s making sure decision-makers understand why they need it. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/speaking-the-boards-language-a-cisos-guide-to-securing-cybersecurity-budget/
-
Get Excited About Innovations in IAM
Why Should You Be Excited About Innovations in Identity and Access Management (IAM)? If you’re a Cybersecurity professional or CISO, you understand the value of Non-Human Identities (NHI) and Secrets Management. The burning question, then, is “Why should you be excited about innovations in IAM?” IAM, or Identity and Access Management, is a critical piece……
-
AI programming copilots are worsening code security and leaking more secrets
Tags: access, ai, api, application-security, attack, authentication, best-practice, breach, ceo, ciso, container, control, credentials, cybersecurity, data, data-breach, github, government, incident response, injection, least-privilege, LLM, monitoring, open-source, openai, password, programming, risk, skills, software, strategy, tool, training, vulnerabilityOverlooked security controls: Ellen Benaim, CISO at enterprise content mangement firm Templafy, said AI coding assistants often fail to adhere to the robust secret management practices typically observed in traditional systems.”For example, they may insert sensitive information in plain text within source code or configuration files,” Benaim said. “Furthermore, because large portions of code are…
-
Too little budget for OT security despite rising threats
Why OT cybersecurity should be every CISO’s concernOT security becoming a mainstream concern First seen on csoonline.com Jump to article: www.csoonline.com/article/3951163/too-little-budget-for-ot-security.html
-
Forward-thinking CISOs are shining a light on shadow IT
In this Help Net Security interview, Curtis Simpson, CISO and Chief Advocacy Officer at Armis, discusses how CISOs can balance security and innovation while managing the risks … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/04/curtis-simpson-armis-shadow-it-risks/
-
CISO Transformation: It’s Time for a New Mental Model
CISO mind maps are helpful, but they reinforce a tactical view of security. Learn why modern CISOs need a new mental model focused on strategy, value, and board-level impact. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/ciso-transformation-its-time-for-a-new-mental-model/
-
AI Adoption in the Enterprise: Breaking Through the Security and Compliance Gridlock
AI holds the promise to revolutionize all sectors of enterpriseーfrom fraud detection and content personalization to customer service and security operations. Yet, despite its potential, implementation often stalls behind a wall of security, legal, and compliance hurdles.Imagine this all-too-familiar scenario: A CISO wants to deploy an AI-driven SOC to handle the overwhelming volume of security…
-
Veterans are an obvious fit for cybersecurity, but tailored support ensures they succeed
Security is built into just about any military role: “Veterans make great cybersecurity specialists, because they’ve had security-focused roles, whether physical or information security, no matter what branch of the service they were in,” says Bryan Radliff, a 31-year veteran of the US Army who now serves as the CyberVets program manager in the Onward…
-
Redefining Insider Risk in a Perimeterless World
OFX CISO Santanu Lodh on the Changing Nature of Insider Threats. The profile of insider risk has changed over a period of time, said Santanu Lodh, CISO at OFX. It is no longer confined to malicious intent. He explains how shifting workforce models, third-party engagement and evolving technology demand continuous monitoring and rethinking of security…
-
National Impact Must Drive Cybersecurity Decisions
Roxanne Pashaei on Matching Organizational Risks With National Cybersecurity Risks. In the face of intensifying geopolitical tensions and nation-state threats, cybersecurity efforts must move beyond organizational boundaries and financial risk models to consider broader national impact, said Roxanne Pashaei who is the former CISO of a public sector enterprise. First seen on govinfosecurity.com Jump to…
-
10 best practices for vulnerability management according to CISOs
Tags: api, attack, automation, best-practice, business, ceo, cio, ciso, control, cybersecurity, data, detection, framework, group, incident response, metric, mitre, penetration-testing, programming, ransomware, risk, risk-management, service, software, strategy, technology, threat, tool, update, vulnerability, vulnerability-management1. Culture Achieving a successful vulnerability management program starts with establishing a cybersecurity-minded culture across the organization. Many CISOs admitted to facing historical cultural problems, with one summing it up well. “Our cybersecurity culture was pretty laissez-faire until we got hit with Log4J and then a ransomware attack,” he told CSO. “These events were an…
-
Balancing data protection and clinical usability in healthcare
In this Help Net Security interview, Aaron Weismann, CISO at Main Line Health, discusses the growing ransomware threat in healthcare and why the sector remains a prime target. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/02/aaron-weismann-main-line-health-healthcare-data-protection/
-
CIOs and CISOs need a common strategy around AI copilots
First seen on scworld.com Jump to article: www.scworld.com/perspective/cios-and-cisos-need-a-common-strategy-around-ai-copilots
-
How the NHL CISO Secures Its Teams, Arenas and Cloud Systems
NHL CISO David Munroe outlines how the league protects critical infrastructure across public arenas and streaming platforms. He details the league’s use of cloud and AI tools, and highlights the importance of cloud governance, AI-powered defenses and user education in mitigating risk. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/how-nhl-ciso-secures-its-teams-arenas-cloud-systems-i-5471
-
6 hard-earned tips for leading through a cyberattack, from CSOs who’ve been there
Tags: attack, awareness, breach, business, cisco, ciso, control, cyber, cyberattack, cybersecurity, data, group, incident response, infosec, infrastructure, lessons-learned, military, open-source, phishing, phone, privacy, programming, ransomware, security-incident, service, skills, software, strategy, threat, training, updateDevelop muscle memory, and patience, through simulations: Authority under crisis is meaningless if you can’t establish followership. And this goes beyond the incident response team: CISOs must communicate with the entire organization, a commonly misunderstood imperative, says Pablo Riboldi, CISO of nearshore talent provider BairesDev.”I find that employee involvement tends to be overlooked during cyberattacks.…
-
Infostealer malware poses potent threat despite recent takedowns
How CISOs can defend against infostealers: To defend against these threats, CISOs should rely on multi-factor authentication MFA and least privilege access to prevent their incursion into the corporate network, as well as endpoint detection and response (EDR) and anti-malware to detect and quarantine infostealers that manage to trick users into running the malware. Regular…
-
Bridging the Gap Between the CISO & the Board of Directors
Positioning security leaders as more than risk managers turns them into business enablers, trusted advisers, and, eventually, integral members of the C-suite. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/bridging-gap-between-ciso-board
-
How CISOs can balance business continuity with other responsibilities
Tags: attack, backup, breach, business, cio, ciso, compliance, cyber, cyberattack, cybersecurity, data, data-breach, finance, framework, healthcare, incident, incident response, metric, nist, ransomware, resilience, risk, service, strategy, supply-chain, technology, threat, usa, vulnerabilityCIO-CISO divide: Who owns business continuity?: While CISOs may find that their remit is expanding to cover business continuity, a lack of clear delineation of roles and responsibilities can spell trouble.To effectively handle business continuity, cybersecurity leaders need a framework to collaborate with IT leadership.Responding to events requires a delicate balance between thoroughness of investigation…
-
Executive Perspectives: Pierre Noel on Cybersecurity Leadership, Risk, and Resilience
In this edition of Axio’s Executive Insight Series, Scott Kannry, CEO of Axio, sits down with Pierre Noel, former CISO of Microsoft Asia and Huawei, to discuss the evolution of Read More First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/executive-perspectives-pierre-noel-on-cybersecurity-leadership-risk-and-resilience/
-
Zu wenig Budget für OT-Security
Obwohl die Budgets für Cybersicherheit gestiegen sind, fehlt es oft an Investitionen für OT-Security.Eine globale Analyse des Cybersicherheitsanbieters Opswat zeigt: Trotz der wachsenden Akzeptanz von OT-Security, übertragen nur 27 Prozent der Unternehmen die Budgetkontrolle ihren CISOs oder CSOs. Wo dies nicht der Fall ist, werden entscheidende ICS/OT- Anforderungen (ICS = Industrial Control System) bei der…
-
How to create an effective crisis communication plan
Tags: access, business, ciso, cloud, communications, corporate, cyber, cyberattack, cybersecurity, data, email, group, incident, incident response, infrastructure, mobile, monitoring, network, phone, risk, strategy, toolA crisis communications plan optimally prepares the company for all possible crisis scenarios. This includes clear rules of conduct and communication, prepared content, and secure communication channels and tools.Internet monitoring shows how the crisis is perceived in social networks and the media. Reputation-damaging publications can be identified early, and countermeasures can be initiated.Good communication in day-to-day business…
-
CISOs’ Challenge: Securing MFA Adoption With Risk Messaging
Tags: ai, authentication, business, ciso, compliance, cyber, mfa, phishing, risk, tactics, vulnerabilityAICD’s Figueroa on Business-Focused Communication for Authentication Progress. Modern phishing tactics now leverage voice, SMS and AI-powered impersonation, yet many Asia-Pacific organizations continue relying on vulnerable single-factor authentication, said Marco Figueroa, senior manager of cyber security, risk and compliance at the Australian Institute of Company Directors. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cisos-challenge-securing-mfa-adoption-risk-messaging-a-27848
-
The hidden costs of security tool bloat and how to fix it
In this Help Net Security interview, Shane Buckley, President and CEO at Gigamon, discusses why combating tool bloat is a top priority for CISOs as they face tighter budgets … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/27/shane-buckley-gigamon-deep-observability-tool-stacks/
-
Mit GenAI zum Insider-Threat
Tags: ai, best-practice, ciso, cloud, cyersecurity, data-breach, framework, infrastructure, injection, intelligence, mitre, password, risk, risk-management, technology, threat, toolViele Unternehmen haben nicht auf dem Schirm, welche Sicherheitsprobleme durch die Nutzung von GenAI entstehen.Einer Analyse von Netskope zufolge sind GenAI-Daten-Uploads in Unternehmen innerhalb eines Jahres um das 30-Fache gestiegen. Darunter befinden sich demnach auch sensible Informationen wie Quellcodes, regulierte Daten, Passwörter und Schlüssel sowie geistiges Eigentum.Zudem nutzen drei von vier Unternehmen Apps mit integrierten…