Tag: ciso
-
How to justify your security investments
Tags: ai, attack, automation, breach, business, ciso, cloud, computing, cyber, cyberattack, cybersecurity, data, encryption, finance, Hardware, incident, infrastructure, resilience, risk, saas, service, strategy, technology, tool, vulnerabilityThe language of risks and returns: Boards of directors make decisions considering concepts such as risk and return. These include financial risks, operational risks, and reputational risks for the company. Board members assess the probability, exposure, and impact of incidents in each of these areas. Accordingly, the CISO’s role is to clarify how a proposed…
-
KI-Browser gefährden Unternehmen
Experten warnen vor der Nutzung von KI-Browsern in Unternehmen.Die Gartner-Analysten Dennis Xu, Evgeny Mirolyubov und John Watts empfehlen Unternehmen dringend, alle KI-Browser aufgrund der Cybersicherheitsrisiken auf absehbare Zeit zu blockieren. Sie stützten ihre Empfehlung auf bereits identifizierte Risiken ‘und andere potenzielle Risiken, die noch entdeckt werden müssen, da es sich um eine sehr junge Technologie…
-
KI-Browser gefährden Unternehmen
Experten warnen vor der Nutzung von KI-Browsern in Unternehmen.Die Gartner-Analysten Dennis Xu, Evgeny Mirolyubov und John Watts empfehlen Unternehmen dringend, alle KI-Browser aufgrund der Cybersicherheitsrisiken auf absehbare Zeit zu blockieren. Sie stützten ihre Empfehlung auf bereits identifizierte Risiken ‘und andere potenzielle Risiken, die noch entdeckt werden müssen, da es sich um eine sehr junge Technologie…
-
Die Evolution von Insider-Risiken
Moderne Cyberangriffe haben die klassische Definition von Insider-Bedrohungen überholt: Heute wird jeder Angreifer zum Insider, sobald er Identität oder Gerät eines Users kompromittiert. Ein Kommentar von Tony Fergusson, CISO in Residence bei Zscaler. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/evolution-insider-risiken
-
Die Evolution von Insider-Risiken
Moderne Cyberangriffe haben die klassische Definition von Insider-Bedrohungen überholt: Heute wird jeder Angreifer zum Insider, sobald er Identität oder Gerät eines Users kompromittiert. Ein Kommentar von Tony Fergusson, CISO in Residence bei Zscaler. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/evolution-insider-risiken
-
Die Evolution von Insider-Risiken
Moderne Cyberangriffe haben die klassische Definition von Insider-Bedrohungen überholt: Heute wird jeder Angreifer zum Insider, sobald er Identität oder Gerät eines Users kompromittiert. Ein Kommentar von Tony Fergusson, CISO in Residence bei Zscaler. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/evolution-insider-risiken
-
Henkel CISO on the messy truth of monitoring factories built across decades
In this Help Net Security interview, Stefan Braun, CISO at Henkel, discusses how smart manufacturing environments introduce new cybersecurity risks. He explains where single … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/10/stefan-braun-henkel-smart-manufacturing-cybersecurity/
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
Polymorphic AI malware exists, but it’s not what you think
Tags: access, ai, api, attack, authentication, automation, business, ciso, credentials, cryptography, cyber, cybercrime, detection, edr, email, espionage, government, group, identity, infrastructure, malicious, malware, marketplace, mfa, monitoring, phishing, radius, ransomware, risk, soc, technology, theft, threat, toolwhat the code block should do, or how it’s going to evade an antivirus. It’s just working under the assumption that Gemini just instinctively knows how to evade antiviruses (it doesn’t). There’s also no entropy to ensure the ‘self-modifying’ code differs from previous versions, or any guardrails to ensure it actually works. The function was…
-
How to answer the door when the AI agents come knocking
Identity management vendors like Okta see an opening to calm CISOs worried about agents running amok First seen on theregister.com Jump to article: www.theregister.com/2025/12/09/okta_agent_control/
-
2026 Cloud Security Predictions and Priorities for CISOs
What Will Lead Next Year’s Cloud Security Agenda? As 2026 approaches, one thing is certain: Artificial intelligence adoption will continue to accelerate at an extraordinary pace. CISOs will be tasked with maintaining security and control as hybrid cloud environments grow more distributed, automated and interconnected. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/blogs/2026-cloud-security-predictions-priorities-for-cisos-p-3991
-
Mit der Firewall v22 festigt Sophos sein ‘Secure by Design”-Versprechen
Sophos hat die Veröffentlichung der Sophos-Firewall v22 bekannt gegeben. Das Update erweitert das ‘Secure by Design”-Versprechen des Unternehmens um eine neue Integritätsprüfung und zahlreiche weitere Sicherheitsverbesserungen, darunter ein gehärteter Kernel, Remote-Integritätsüberwachung, verbesserte Workload-Isolation und eine optimierte Anti-Malware-Engine. ‘Wir investieren kontinuierlich in die Implementierung der “šSecure by Design’-Prinzipien in all unsere Produkte”, so Ross McKerchar, CISO…
-
Mit der Firewall v22 festigt Sophos sein ‘Secure by Design”-Versprechen
Sophos hat die Veröffentlichung der Sophos-Firewall v22 bekannt gegeben. Das Update erweitert das ‘Secure by Design”-Versprechen des Unternehmens um eine neue Integritätsprüfung und zahlreiche weitere Sicherheitsverbesserungen, darunter ein gehärteter Kernel, Remote-Integritätsüberwachung, verbesserte Workload-Isolation und eine optimierte Anti-Malware-Engine. ‘Wir investieren kontinuierlich in die Implementierung der “šSecure by Design’-Prinzipien in all unsere Produkte”, so Ross McKerchar, CISO…
-
Ignoring AI in the threat chain could be a costly mistake, experts warn
Tags: ai, attack, automation, ceo, ciso, cyber, cybersecurity, defense, exploit, government, hacker, skills, sophos, technology, threat, toolHow CISOs could cut through the confusion: The conflicting narratives around AI threats leave many CISOs struggling to reconcile hype with operational reality.Given the emergence of AI-enabled cyber threats amid pushback from some cyber experts who contend these threats are not real, Sophos CEO Joe Levy tells CSO that AI is becoming a “Rorschach test,…
-
When it comes to security resilience, cheaper isn’t always better
Tags: access, attack, authentication, breach, business, cctv, cio, ciso, cloud, control, cyber, cybersecurity, data, data-breach, defense, encryption, exploit, government, hacker, healthcare, incident, incident response, jobs, leak, malicious, metric, mfa, monitoring, ransomware, RedTeam, resilience, risk, risk-management, saas, service, soc, software, threat, tool, update, vpn, vulnerability, vulnerability-management, zero-trustThe hidden trade-offs with resilience: Savings don’t erase risk. They shift it. What looks efficient today becomes exposed tomorrow. Cyber resilience is often the first casualty.Supply chain fragility: Cyber threats thrive on concentration. When procurement consolidates digital services into a single provider to save money, a single breach can have a ripple effect across your…
-
When it comes to security resilience, cheaper isn’t always better
Tags: access, attack, authentication, breach, business, cctv, cio, ciso, cloud, control, cyber, cybersecurity, data, data-breach, defense, encryption, exploit, government, hacker, healthcare, incident, incident response, jobs, leak, malicious, metric, mfa, monitoring, ransomware, RedTeam, resilience, risk, risk-management, saas, service, soc, software, threat, tool, update, vpn, vulnerability, vulnerability-management, zero-trustThe hidden trade-offs with resilience: Savings don’t erase risk. They shift it. What looks efficient today becomes exposed tomorrow. Cyber resilience is often the first casualty.Supply chain fragility: Cyber threats thrive on concentration. When procurement consolidates digital services into a single provider to save money, a single breach can have a ripple effect across your…
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
Vaillant CISO: NIS2 complexity and lack of clarity endanger its mission
Tags: ai, attack, awareness, business, ciso, compliance, corporate, country, cyber, cyberattack, cybersecurity, dora, email, germany, infrastructure, intelligence, network, nis-2, office, organized, phishing, ransomware, regulation, risk, service, skills, supply-chain, threat, trainingCSO Germany: The energy sector is increasingly becoming a target for cybercriminals. Experts and the Federal Office for Information Security (BSI) believe that protection in this area must be significantly increased. How do you assess the current situation?Reiß: The geopolitical tensions we are currently witnessing are leading to an increased threat level. This naturally also affects the heating…
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
CISOs are spending big and still losing ground
Tags: cisoSecurity leaders are entering another budget cycle with more money to work with, but many still feel no safer. A new benchmark study from Wiz shows a widening gap between … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/08/wiz-cybersecurity-spending-priorities-report/
-
A Tale of Two CISOs: Why An Engineering-Focused CISO Can Be a Liability
When hiring a CISO, understand the key difference between engineering and holistic security leaders. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/why-an-engineering-focused-ciso-can-be-a-liability
-
Rethinking the CIO-CISO Dynamic in the Age of AI
Enterprises Are Reimagining Org Roles, Risk Management and Skillsets in the AI Race. Organizations are beginning to reimagine how leadership roles should be structured, aligned and empowered as they grapple with regulatory pressures, the unpredictable nature of AI systems, and the need for operational resilience in an increasingly uncertain business climate. First seen on govinfosecurity.com…
-
CISOs Should Be Asking These Quantum Questions Today
Tags: cisoAs quantum quietly moves beyond lab experiment and into production workflows, here’s what enterprise security leaders should be focused on, according to Lineswala. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/cisos-should-be-asking-these-quantum-questions-today
-
15 years in, zero trust remains elusive, with AI rising to complicate the challenge
Legacy systems that weren’t designed for zero trust principles,Fragmented identity and access tools that make unified enforcement difficult, andCultural and organizational resistance to changing long-standing trust models.Kyle Wickert, field CTO at AlgoSec, says zero trust remains one of the most misunderstood transformations in cybersecurity.”Many organizations still hesitate to pursue it because they associate zero trust…
-
What security leaders should watch for when companies buy or sell a business
In this Help Net Security video, Lane Sullivan SVP, CISO and Strategy Officer at Concentric AI, explains what security leaders should think about during mergers, acquisitions, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/05/ma-security-checklist-video/
-
What security leaders should watch for when companies buy or sell a business
In this Help Net Security video, Lane Sullivan SVP, CISO and Strategy Officer at Concentric AI, explains what security leaders should think about during mergers, acquisitions, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/05/ma-security-checklist-video/
-
What security leaders should watch for when companies buy or sell a business
In this Help Net Security video, Lane Sullivan SVP, CISO and Strategy Officer at Concentric AI, explains what security leaders should think about during mergers, acquisitions, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/05/ma-security-checklist-video/