Tag: compliance

The cybercrime industry continues to challenge CISOs in 2026

Jan 23, 2026 8:30 PM

Tags: access, ai, attack, automation, backup, best-practice, breach, business, ciso, compliance, control, credentials, crime, crowdstrike, cyber, cybercrime, cybersecurity, data, data-breach, deep-fake, defense, detection, disinformation, espionage, exploit, extortion, fortinet, framework, fraud, governance, group, hacker, hacking, identity, incident response, infection, infrastructure, insurance, intelligence, malware, metric, network, phishing, ransom, ransomware, resilience, risk, saas, service, soar, social-engineering, sophos, strategy, supply-chain, technology, theft, threat, tool, training, update, usa, vpn, vulnerability

Evolution of the security strategy: Alessandro Armenia, global head of cybersecurity at ReeVo, believes that three key aspects are emerging in the current landscape: “First, attacks are no longer isolated events, but coordinated, in some cases automated, operations that often originate within the organizations themselves, for example, due to human error or exposed credentials. Second,…
Halo Security Achieves SOC 2 Type II Compliance, Demonstrating Sustained Security Excellence Over Time

Jan 23, 2026 5:36 PM

Tags: attack, compliance, penetration-testing, service, soc

Halo Security, a leading provider of external attack surface management and penetration testing services, today announced it has… First seen on hackread.com Jump to article: hackread.com/halo-security-achieves-soc-2-type-ii-compliance/
Unterschätztes Risiko: Insider-Bedrohungen endlich ernst nehmen

Jan 23, 2026 1:30 PM

Tags: access, ai, compliance, cyberattack, cybersecurity, data, fraud, governance, identity, infrastructure, mail, nis-2, phishing, resilience, risk, risk-analysis, risk-management, security-incident, threat, tool, vulnerability

48 Prozent der Fälle von Datendiebstahl, Industriespionage oder Sabotage in Unternehmen gehen laut einer Studie auf Mitarbeiter zurück.Was wäre, wenn das größte Sicherheitsrisiko Ihrer Organisation bereits einen Mitarbeitendenausweis besitzt, legitim angemeldet ist und genau weiß, wie interne Prozesse funktionieren? Diese Frage ist unbequem, aber sie markiert den Ausgangspunkt für eine längst überfällige Auseinandersetzung mit Insider-Bedrohungen.…
TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive Order

Jan 23, 2026 1:30 PM

Tags: china, compliance

TikTok on Friday officially announced that it formed a joint venture that will allow the hugely popular video-sharing application to continue operating in the U.S.The new venture, named TikTok USDS Joint Venture LLC, has been established in compliance with the Executive Order signed by U.S. President Donald Trump in September 2025, the platform said. The…
News Alert: Halo Security earns SOC 2 Type II certification, shows sustained operational security

Jan 23, 2026 11:31 AM

Tags: attack, compliance, penetration-testing, service, soc

MIAMI, Jan. 22, 2026, CyberNewswire, Halo Security, a leading provider of external attack surface management and penetration testing services, today announced it has successfully achieved SOC 2 Type II compliance following an extensive multi-month audit by Insight Assurance.”¦ (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/news-alert-halo-security-earns-soc-2-type-ii-certification-shows-sustained-operational-security/
Halo Security Achieves SOC 2 Type II Compliance, Demonstrating Sustained Security Excellence Over Time

Jan 23, 2026 5:30 AM

Tags: attack, compliance, control, cyber, penetration-testing, service, soc

Miami, Florida, January 22nd, 2026, CyberNewsWire Halo Security, a leading provider of external attack surface management and penetration testing services, today announced it has successfully achieved SOC 2 Type II compliance following an extensive multi-month audit by Insight Assurance. This certification validates that Halo Security’s security controls are not only properly designed but also operate…
Halo Security Achieves SOC 2 Type II Compliance, Demonstrating Sustained Security Excellence Over Time

Jan 22, 2026 7:42 PM

Tags: compliance, soc

Miami, Florida, 22nd January 2026, CyberNewsWire First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/halo-security-achieves-soc-2-type-ii-compliance-demonstrating-sustained-security-excellence-over-time/
Halo Security Achieves SOC 2 Type II Compliance, Demonstrating Sustained Security Excellence Over Time

Jan 22, 2026 7:42 PM

Tags: compliance, soc

Miami, Florida, 22nd January 2026, CyberNewsWire First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/halo-security-achieves-soc-2-type-ii-compliance-demonstrating-sustained-security-excellence-over-time/
Filling the Most Common Gaps in Google Workspace Security

Jan 22, 2026 1:30 PM

Tags: business, cloud, compliance, google, incident response, office

Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not resilience. In these environments, the security team is the helpdesk, the compliance expert, and the incident response team all rolled into one.Securing the cloud office in…
Das KI-Paradox in der Softwareentwicklung

Jan 22, 2026 10:30 AM

Tags: ai, compliance, framework, gitlab

Künstliche Intelligenz revolutioniert die Softwareentwicklung und beschleunigt die Code-Erstellung, bringt jedoch neue Herausforderungen bei Qualität, Sicherheit und Compliance mit sich. Das sogenannte KI-Paradox zwingt Unternehmen dazu, ihre operativen Frameworks zu überdenken und intelligente Orchestrierungslösungen zu etablieren. Die Studie zeigt, dass menschliche Kontrolle und Expertise trotz flächendeckendem KI-Einsatz weiterhin unverzichtbar bleiben. GitLab hat seinen aktuellen… First…
Securing the Future: Practical Approaches to Digital Sovereignty in Google Workspace

Jan 22, 2026 9:30 AM

Tags: access, attack, ciso, cloud, compliance, computing, container, control, data, defense, dora, email, encryption, GDPR, google, Hardware, healthcare, identity, infrastructure, law, malware, network, privacy, regulation, resilience, risk, service, software, strategy, zero-trust

Securing the Future: Practical Approaches to Digital Sovereignty in Google Workspace madhav Thu, 01/22/2026 – 04:35 In today’s rapidly evolving digital landscape, data privacy and sovereignty have become top priorities for organizations worldwide. With the proliferation of cloud services and the tightening of global data protection regulations, security professionals face mounting pressure to ensure their…
Warum Microsoft-365-Konfigurationen geschützt werden müssen

Jan 22, 2026 9:30 AM

Tags: access, authentication, backup, ciso, cloud, compliance, framework, least-privilege, mail, mfa, microsoft, office, powershell, risk, zero-trust

Lesen Sie, warum CISOs den M365-Tenant stärker in den Blick nehmen müssen.Im Jahr 2010 war Office 365 eine einfache Suite mit Office-Anwendungen und zusätzlicher E-Mail-Funktion. Das hat sich 15 Jahre später mit Microsoft 365 geändert: Die Suite ist ein wesentliches Element in den Bereichen Kommunikation, Zusammenarbeit und Sicherheit. Dienste wie Entra, Intune, Exchange, Defender, Teams…
Enterprise-Grade Identity Verification for AI-Enhanced Workflows

Jan 21, 2026 1:13 PM

Tags: access, ai, compliance, control, fraud, identity

Enterprise-grade identity verification is critical for AI-driven businesses to prevent fraud, ensure compliance, and secure digital identities across onboarding, access control, and automated workflows. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/enterprise-grade-identity-verification-for-ai-enhanced-workflows/
13 cyber questions to better vet IT vendors and reduce third-party risk

Jan 21, 2026 9:13 AM

Tags: access, api, attack, authentication, automation, best-practice, breach, business, ceo, ciso, cloud, compliance, control, credentials, credit-card, cyber, cyberattack, cybercrime, cybersecurity, data, detection, endpoint, exploit, extortion, firewall, healthcare, identity, incident response, infrastructure, insurance, international, ISO-27001, jobs, least-privilege, mfa, monitoring, network, nist, password, PCI, penetration-testing, radius, ransomware, risk, saas, sans, security-incident, service, supply-chain, threat, update, vpn, vulnerability

Vital vendor questions CISOs should ask: To gain that critical information, security leaders and experts recommend CSOs ask IT partners the following cyber-specific questions. 1. What attestation will you provide to prove proper security controls are in place? These are essential, says Juan Pablo Perez-Etchegoyen, CTO for cybersecurity and compliance platform Onapsis. Some of the…
13 cyber questions to better vet IT vendors and reduce third-party risk

Jan 21, 2026 9:13 AM

Tags: access, api, attack, authentication, automation, best-practice, breach, business, ceo, ciso, cloud, compliance, control, credentials, credit-card, cyber, cyberattack, cybercrime, cybersecurity, data, detection, endpoint, exploit, extortion, firewall, healthcare, identity, incident response, infrastructure, insurance, international, ISO-27001, jobs, least-privilege, mfa, monitoring, network, nist, password, PCI, penetration-testing, radius, ransomware, risk, saas, sans, security-incident, service, supply-chain, threat, update, vpn, vulnerability

Vital vendor questions CISOs should ask: To gain that critical information, security leaders and experts recommend CSOs ask IT partners the following cyber-specific questions. 1. What attestation will you provide to prove proper security controls are in place? These are essential, says Juan Pablo Perez-Etchegoyen, CTO for cybersecurity and compliance platform Onapsis. Some of the…
For cyber risk assessments, frequency is essential

Jan 21, 2026 8:32 AM

Tags: access, authentication, backup, breach, ciso, cloud, compliance, cyber, cyberattack, cybersecurity, data, data-breach, exploit, framework, GDPR, infrastructure, mitigation, network, password, radius, ransomware, regulation, risk, risk-assessment, risk-management, strategy, tool, vulnerability

Identifying vulnerabilities: A cyber risk assessment helps to identify security gaps in a company’s IT infrastructure, networks, and systems. This provides the opportunity to eliminate these vulnerabilities before they can be exploited by cybercriminals.Prioritize risk management measures: Not every system is critical, and not all of a company’s data is equally important. The results of the risk…
Airlock Digital Announces Independent TEI Study Quantifying Measurable ROI & Security Impact

Jan 21, 2026 6:16 AM

Tags: attack, breach, ceo, compliance, control, cyber, cyberattack, cybersecurity, defense, endpoint, finance, framework, government, malware, ransomware, resilience, risk, software, strategy, technology, threat, tool, unauthorized

srcset=”https://b2b-contenthub.com/wp-content/uploads/2026/01/Airlock-Digital-Bann-Cr.jpg?quality=50&strip=all 499w, b2b-contenthub.com/wp-content/uploads/2026/01/Airlock-Digital-Bann-Cr.jpg?resize=300%2C108&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2026/01/Airlock-Digital-Bann-Cr.jpg?resize=150%2C54&quality=50&strip=all 150w, b2b-contenthub.com/wp-content/uploads/2026/01/Airlock-Digital-Bann-Cr.jpg?resize=444%2C159&quality=50&strip=all 444w” width=”499″ height=”179″ sizes=”auto, (max-width: 499px) 100vw, 499px”> Cyber NewsWireForrester’s TEI methodology evaluates the potential financial impact of technology investments by aggregating insights from customer interviews and modeling a composite organization representative of global organizations. According to the study, Airlock Digital enabled:224% ROI over three years$3.8M net present…
Introducing Mend.io’s AI Security Maturity Survey + Compliance Checklist available today

Jan 21, 2026 5:13 AM

Tags: ai, compliance, risk, tool

A new tool to help security teams quantify AI risk and prepare for 2026 regulations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/introducing-mend-ios-ai-security-maturity-survey-compliance-checklist-available-today/
Introducing Mend.io’s AI Security Maturity Survey + Compliance Checklist available today

Jan 21, 2026 5:13 AM

Tags: ai, compliance, risk, tool

A new tool to help security teams quantify AI risk and prepare for 2026 regulations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/introducing-mend-ios-ai-security-maturity-survey-compliance-checklist-available-today/
NIST’s Blueprint for AI Security: How Data Trust Enables AI Success

Jan 20, 2026 8:29 PM

Tags: access, ai, attack, automation, business, cloud, compliance, control, csf, cybersecurity, data, endpoint, exploit, framework, governance, guide, intelligence, least-privilege, nist, risk, risk-management, saas, tool

The rapid adoption of artificial intelligence has forced organizations to confront a hard truth: AI changes the cybersecurity equation. New attack surfaces, new misuse patterns and new forms of automation require a different approach to managing risk. That’s why NIST has stepped forward. Through its draft AI cybersecurity profile, NIST CSF 2.0 and the AI…
Thales named Growth Index leader in Frost Radar: Data Security Platforms Report

Jan 20, 2026 2:13 PM

Tags: access, ai, business, cloud, compliance, container, control, data, defense, detection, edr, encryption, endpoint, governance, identity, intelligence, LLM, monitoring, risk, saas, service, siem, soc, technology, tool

Thales named Growth Index leader in Frost Radar: Data Security Platforms Report madhav Tue, 01/20/2026 – 04:29 Data has always been the backbone of enterprise operations, but the rise of cloud, big data, and GenAI has multiplied its value and, with it, the motivation for attackers. In parallel, regulatory expectations are increasing and evolving. The…
Why the future of security starts with who, not where

Jan 20, 2026 12:13 PM

Tags: access, attack, cisa, ciso, cloud, compliance, control, cybersecurity, data, framework, google, identity, mfa, monitoring, network, nist, passkey, password, resilience, risk, saas, wifi, zero-trust

Cloud + remote work = No perimeter: Now, with remote work and the cloud, there’s no real perimeter left. People connect from home Wi-Fi, personal laptops, airports, coffee shops, you name it. At the same time, company data and workloads are scattered across AWS, Azure, Google Cloud and various SaaS platforms. The old rules just…
Top 10 HIPAA Compliance Software Solutions

Jan 20, 2026 5:13 AM

Tags: authentication, breach, compliance, encryption, healthcare, HIPAA, software, tool

Key Takeaways Healthcare breaches have cost an eye”‘watering $7.42 million per incident in 2025, and it’s not surprising that regulators are dialing up new requirements like multi”‘factor authentication, encryption for all ePHI, and yearly audits. Small practices may be able to get by with basic tools, but larger organizations need more robust systems. The best……
Neue EU-Schwachstellen-Datenbank gestartet

Jan 19, 2026 5:21 PM

Tags: api, compliance, computer, cybersecurity, incident response, open-source, risk-management, security-incident, tool, vulnerability, vulnerability-management

Die neue GCVE-Datenbank soll das Schwachstellenmanagement effizienter und einfacher machen.Mit db.gcve.eu stellt die GCVE-Initiative (Global Cybersecurity Vulnerability Enumeration) ab sofort eine kostenfreie, öffentlich zugängliche Datenbank für IT-Sicherheitslücken bereit. Ziel ist es, die Abhängigkeit von US-Datenbanken zu beenden und die digitale Souveränität in Europa zu stärken. Die Plattform führt Informationen aus verschiedenen öffentlichen Ressourcen zusammen. Dazu…
The culture you can’t see is running your security operations

Jan 19, 2026 12:13 PM

Tags: apache, breach, business, compliance, control, credentials, cyber, data, email, exploit, finance, firewall, flaw, identity, intelligence, jobs, network, north-korea, phishing, risk, technology, threat, tool, training, update, vulnerability

Non-observable culture: The hidden drivers: Now we get interesting.Non-observable culture is everything happening inside people’s heads. Their beliefs about cyber risk. Their attitudes toward security. Their values and priorities when security conflicts with convenience or speed.This is where the real decisions get made.You can’t see someone’s belief that “we’re too small to be targeted” or…
Cyber Breaches, Compliance and Reputation Top UK Corporate Concerns

Jan 19, 2026 12:13 PM

Tags: breach, compliance, corporate, cyber, risk

UK firms face confluence of cyber-related risks in 2026, says Nardello & Co First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cyber-breaches-compliance/
From arts degree to cybersecurity: Rona Michele Spiegel brings fresh perspective to cyber leadership

Jan 19, 2026 10:13 AM

Tags: ai, awareness, business, cisco, ciso, cloud, compliance, computer, cyber, cybersecurity, data, governance, group, hacking, Hardware, intelligence, jobs, network, office, penetration-testing, privacy, psychology, risk, risk-management, skills, software, startup, strategy, supply-chain, technology, tool, vulnerability

Rona Michele Spiegel’s journey to cybersecurity might seem unconventional to some: She studied the arts. But as someone who grew up when computers first appeared and everyone wanted to experiment with them, she did a lot of multimedia work. She was always interested in technology and discussed with art colleagues about where the world was…
7 top cybersecurity projects for 2026

Jan 19, 2026 9:13 AM

Tags: access, ai, api, attack, authentication, business, cisco, ciso, cloud, communications, compliance, control, credentials, cybersecurity, data, defense, detection, email, framework, governance, infrastructure, LLM, mail, phishing, programming, resilience, risk, software, strategy, technology, threat, tool, vulnerability, zero-trust

2. Strengthening email security: Phishing continues to be a primary attack vector for stealing credentials and defrauding victims, says Mary Ann Blair, CISO at Carnegie Mellon University. She warns that threat actors are now generating increasingly sophisticated phishing attacks, effectively evading mail providers’ detection capabilities. “Legacy multifactor authentication techniques are now regularly defeated, and threat…
7 top cybersecurity projects for 2026

Jan 19, 2026 9:13 AM

Tags: access, ai, api, attack, authentication, business, cisco, ciso, cloud, communications, compliance, control, credentials, cybersecurity, data, defense, detection, email, framework, governance, infrastructure, LLM, mail, phishing, programming, resilience, risk, software, strategy, technology, threat, tool, vulnerability, zero-trust

2. Strengthening email security: Phishing continues to be a primary attack vector for stealing credentials and defrauding victims, says Mary Ann Blair, CISO at Carnegie Mellon University. She warns that threat actors are now generating increasingly sophisticated phishing attacks, effectively evading mail providers’ detection capabilities. “Legacy multifactor authentication techniques are now regularly defeated, and threat…
How smart are AI systems in managing cloud compliance

Jan 18, 2026 10:13 AM

Tags: ai, cloud, compliance, cybersecurity, network

What Are Non-Human Identities and Secrets Security Management? How does one navigate the intricate web of cybersecurity if non-human identities are participating in networks as much as humans? The proliferation of these machine identities, known as Non-Human Identities (NHIs), has added layers of complexity to cybersecurity management, especially in cloud environments where the stakes are……