Tag: compliance

California’s DROP Program Changes Everything: How B2C Companies Can Eliminate Authentication Liabilities and Meet Global Privacy Compliance with MojoAuth

Jan 5, 2026 12:52 PM

Tags: authentication, compliance, privacy

California’s DROP Program Changes Everything First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/californias-drop-program-changes-everything-how-b2c-companies-can-eliminate-authentication-liabilities-and-meet-global-privacy-compliance-with-mojoauth/
California’s DROP Program Changes Everything: How B2C Companies Can Eliminate Authentication Liabilities and Meet Global Privacy Compliance with MojoAuth

Jan 5, 2026 12:52 PM

Tags: authentication, compliance, privacy

California’s DROP Program Changes Everything First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/californias-drop-program-changes-everything-how-b2c-companies-can-eliminate-authentication-liabilities-and-meet-global-privacy-compliance-with-mojoauth/
California’s DROP Platform Launches: What Enterprise B2B SaaS Companies Need to Know About Data Deletion Compliance

Jan 5, 2026 8:52 AM

Tags: compliance, data, identity, infrastructure, law, saas

How California’s groundbreaking data deletion law signals a fundamental shift in enterprise identity lifecycle management”, and why your SSO infrastructure matters more than ever First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/californias-drop-platform-launches-what-enterprise-b2b-saas-companies-need-to-know-about-data-deletion-compliance/
California’s DROP Platform Launches: What Enterprise B2B SaaS Companies Need to Know About Data Deletion Compliance

Jan 5, 2026 8:52 AM

Tags: compliance, data, identity, infrastructure, law, saas

How California’s groundbreaking data deletion law signals a fundamental shift in enterprise identity lifecycle management”, and why your SSO infrastructure matters more than ever First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/californias-drop-platform-launches-what-enterprise-b2b-saas-companies-need-to-know-about-data-deletion-compliance/
Cybersecurity leaders’ resolutions for 2026

Jan 5, 2026 8:52 AM

Tags: ai, api, attack, automation, breach, business, cio, ciso, cloud, communications, compliance, computing, control, cryptography, cyber, cybersecurity, data, detection, encryption, exploit, fedramp, finance, governance, group, identity, incident response, intelligence, jobs, mitigation, office, resilience, risk, saas, service, skills, soc, social-engineering, strategy, supply-chain, threat, tool, vulnerability, vulnerability-management

2. AI will dominate the agenda: Standard Chartered group CISO Cezary Piekarski expects his agenda to be dominated by AI in two ways: defining both the threat landscape and defensive architecture.”Speed is essential when mitigating attacks so leveraging AI and orchestration tools allows us to quickly automate detection and streamline incident response,” Piekarski says. “This…
How SaaS Management Reduces Organizational Risk and Improves GRC Outcomes

Jan 2, 2026 10:52 AM

Tags: business, compliance, governance, grc, risk, risk-management, saas

As enterprises increasingly rely on SaaS applications to run critical business functions, risk management and compliance challenges are becoming more complex and less visible. Traditional governance models were not designed to account for the scale, speed, and decentralization of modern SaaS environments. Addressing this gap requires a closer connection between operational visibility and governance, risk,……
Top 10 Cybersecurity Predictions for 2026

Jan 1, 2026 10:52 AM

Tags: access, ai, api, application-security, attack, authentication, automation, awareness, backdoor, backup, best-practice, blockchain, breach, business, ceo, china, ciso, cloud, communications, compliance, computer, computing, conference, control, corporate, crypto, cryptography, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, deep-fake, defense, detection, disinformation, email, encryption, espionage, exploit, extortion, finance, fraud, governance, government, group, hacker, hacking, healthcare, identity, incident response, infrastructure, intelligence, Internet, iran, korea, law, linkedin, LLM, malicious, malware, mfa, military, monitoring, msp, mssp, network, nist, north-korea, organized, phishing, privacy, programming, ransom, ransomware, regulation, risk, risk-management, russia, scam, service, skills, soc, social-engineering, software, strategy, supply-chain, tactics, technology, theft, threat, tool, training, ukraine, update, vulnerability, vulnerability-management, warfare, windows, zero-day

Top 10 Cybersecurity Predictions for 2026 The year AI changes cybersecurity forever Cybersecurity predictions are an opportunity to look forward instead of back, to be proactive instead of reactive, and to consider how changes in attackers, technology, and the security industry will impact the sustainability of managing cyber risks. Gaining future insights to the threats, targets,…
More Banks Issue Breach Notifications Over Supplier Breach

Dec 31, 2025 5:52 PM

Tags: attack, breach, compliance, data, finance, ransomware, service, software

Ransomware Attackers Grabbed Customer Data Stored by Marquis Software Solutions. More financial services firms are reporting breaches of customer data that trace to an August ransomware attack against Marquis Software Solutions, which provides marketing and compliance software used by over 700 banks and credit unions. At least 1.4 million consumer appear to be affected. First…
Cybercrime Inc.: Wenn Hacker besser organsiert sind als die IT

Dec 31, 2025 5:51 AM

Tags: access, ai, botnet, business, compliance, cyberattack, cybercrime, cyersecurity, dark-web, data-breach, deep-fake, exploit, extortion, hacker, incident response, leak, mail, malware, marketplace, phishing, ransomware, resilience, risk, service, social-engineering, software, tool, update, vulnerability

Cybercrime hat sich zur organisierten Industrie mit Arbeitsteilung gewandelt.Was einst in Foren mit selbstgeschriebenen Schadcodes begann, hat sich zu einer global vernetzten Untergrundökonomie entwickelt, die in Effizienz, Geschwindigkeit und Skalierung vielen Unternehmen überlegen ist. Hackergruppen arbeiten heute arbeitsteilig, nutzen Vertriebskanäle, betreiben Support, teilen Einnahmen mit Partnern und investieren in Forschung und Entwicklung.Die entscheidende Frage lautet…
OT-Angriffe bedrohen Versorgung und Compliance der Pharmaindustrie – So sichern Pharmaunternehmen ihre OT vor Ransomware und Spionage

Dec 29, 2025 11:55 AM

Tags: compliance, cyberattack, ransomware

First seen on security-insider.de Jump to article: www.security-insider.de/ot-sicherheit-pharma-ransomware-a-f89aa344f29569ded6189f4a3fbf92de/
OT-Angriffe bedrohen Versorgung und Compliance der Pharmaindustrie – So sichern Pharmaunternehmen ihre OT vor Ransomware und Spionage

Dec 29, 2025 11:55 AM

Tags: compliance, cyberattack, ransomware

First seen on security-insider.de Jump to article: www.security-insider.de/ot-sicherheit-pharma-ransomware-a-f89aa344f29569ded6189f4a3fbf92de/
Welche Compliance-Risiken beschert KI deutschen Unternehmen Vom Regelhüter zum Risikonavigator

Dec 29, 2025 7:55 AM

Tags: ai, compliance, governance, risk

Das Interview mit Oliver Riehl, Regional Vice President DACH bei NAVEX, beleuchtet die Herausforderungen und Chancen, die künstliche Intelligenz (KI) für deutsche Unternehmen im Bereich Compliance mit sich bringt. Riehl betont, dass KI helfen kann, Ordnung in die wachsende Komplexität der Regularien zu bringen, jedoch eine gute Governance und klare Richtlinien erforderlich sind, um effektiv…
What does a free to implement AI compliance strategy look like

Dec 28, 2025 12:56 AM

Tags: ai, compliance, intelligence, regulation, strategy

How Can Organizations Implement a Free AI Compliance Strategy Effectively? Are you fully prepared to leverage AI while remaining compliant with regulations? Where enterprises increasingly rely on artificial intelligence, maintaining compliance with regulatory standards is not just essential but also a strategic priority. A robust AI compliance strategy that doesn’t strain budgets is crucial for……
Can cloud compliance make tech leaders feel more relaxed

Dec 27, 2025 6:55 AM

Tags: cloud, compliance, infrastructure

How Can Effective NHI Management Contribute to Cloud Compliance? Have you ever wondered how the seamless integration of Non-Human Identities (NHIs) and Secrets Security Management can significantly enhance cloud compliance and make tech leaders more relaxed? With the expansion of digital infrastructure, managing NHIs has become crucial for organizations aiming to secure their cloud environments……
CERN: how does the international research institution manage risk?

Dec 25, 2025 9:19 AM

Tags: access, ai, business, compliance, control, cyber, cybersecurity, defense, framework, governance, group, international, iot, LLM, network, risk, service, strategy, technology, tool

Stefan Lüders and Tim Bell of CERN. CERNEmploying proprietary technology can introduce risks, according to Tim Bell, leader of CERN’s IT governance, risk and compliance section, who is responsible for business continuity and disaster recovery. “If you’re a visitor to a university, you’ll want to bring your laptop and use it at CERN. We can’t…
Implementing NIS2, without getting bogged down in red tape

Dec 24, 2025 9:19 AM

Tags: access, ai, automation, backup, bsi, business, cloud, compliance, control, data, detection, email, encryption, iam, identity, incident response, infrastructure, law, least-privilege, metric, monitoring, network, nis-2, regulation, saas, sbom, service, siem, soc, software, startup, supply-chain, technology, threat, tool, update, vulnerability, vulnerability-management, zero-day

IT in transition: From text documents to declarative technology: NIS2 essentially requires three things: concrete security measures; processes and guidelines for managing these measures; and robust evidence that they work in practice.Process documentation, that is, policies, responsibilities, and procedures, is not fundamentally new for most larger companies. ISO 27001-based information security management systems, HR processes, and…
The Global Data Residency Crisis: How Enterprises Can Navigate Geolocation, Storage, and Privacy Compliance Without Sacrificing Performance

Dec 24, 2025 5:19 AM

Tags: ciso, compliance, data, guide, identity, privacy

A Comprehensive Technical Guide for CTOs, CISOs, and Identity Architects First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/the-global-data-residency-crisis-how-enterprises-can-navigate-geolocation-storage-and-privacy-compliance-without-sacrificing-performance/
Why outsourced cyber defenses create systemic risks

Dec 23, 2025 3:19 PM

Tags: access, ai, attack, backdoor, breach, business, ciso, cloud, compliance, corporate, cyber, cybercrime, cybersecurity, data, defense, detection, dora, exploit, finance, framework, GDPR, governance, government, hacker, healthcare, infrastructure, law, malicious, monitoring, moveIT, msp, nis-2, ransomware, regulation, resilience, risk, software, strategy, supply-chain, threat, tool, vulnerability, zero-trust

Risk categories of outsourced IT & cybersecurity: When you outsource, responsibility shifts, but accountability never leaves you. The risks fall into clear categories. Operational risks The most basic risk is fragile continuity. In 2017, British Airways outsourced parts of its IT operations. A system outage grounded flights worldwide. The vendor contract delivered savings, but it…
South Korean firm hit with US investor lawsuit over data breach disclosure failures

Dec 23, 2025 2:19 PM

Tags: access, authentication, breach, china, communications, compliance, conference, country, credentials, cybersecurity, data, data-breach, encryption, finance, incident response, korea, law, risk, technology, unauthorized

Authentication keys left unrevoked after employee departure: Investigators traced the breach to a former employee who retained valid authentication credentials after leaving the company in 2024, according to statements by South Korean lawmaker Choi Min-hee. The individual, a 43-year-old Chinese national, had worked on authentication management systems and joined Coupang in November 2022.Rep. Choi Min-hee,…
Indian Income TaxLure Campaign Deploying Multi-Stage Malware Against Businesses

Dec 23, 2025 2:19 PM

Tags: awareness, compliance, cyber, email, india, malware, phishing

Tax-themed phishing campaigns have intensified in recent months, capitalizing on the heightened awareness surrounding India’s Income Tax Return (ITR) filing season. Public discussions about refund timelines and compliance deadlines create an ideal backdrop for attackers to craft credible lures. Recent analysis of emails impersonating the Indian Income Tax Department reveals a sophisticated operation far more…
Weak enforcement keeps PCI DSS compliance low

Dec 23, 2025 8:19 AM

Tags: breach, compliance, PCI

Payment card breaches continue to surface across industries, even after years of investment in security standards. A new study links this pattern to enforcement, showing that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/23/pci-dss-adoption-enforcement-study/
Der Aufstieg des Chief Trust Officers: Wo passt der CISO hinein?

Dec 23, 2025 5:19 AM

Tags: ai, ceo, cio, ciso, compliance, cyersecurity, finance, governance, grc, office, risk, risk-management, soc, software, vulnerability

Der Chief Trust Officer steht für einen Wandel von der Verteidigung von Systemen hin zur Sicherung der Glaubwürdigkeit.Immer mehr Unternehmen heben Vertrauen als Unterscheidungsmerkmal für ihr Geschäft hervor. Durch Datenschutzverletzungen, Bedenken hinsichtlich der Produktsicherheit und Unsicherheiten in Bezug auf künstliche Intelligenz hat das Vertrauen der Kunden in den vergangenen Jahren stark gelitten.Wie aus dem Edelman…
2025 Year in Review at Cloud Security Podcast by Google

Dec 22, 2025 9:19 PM

Tags: 2fa, ai, automation, breach, cloud, compliance, computing, control, cybersecurity, data, defense, detection, edr, finance, google, hacking, incident response, infrastructure, linux, mandiant, metric, mitigation, offense, phone, privacy, risk, security-incident, siem, soc, technology, threat, vulnerability, vulnerability-management, zero-trust

(written jointly with Tim Peacock) Five years. It’s enough time to fully launch a cloud migration, deploy a new SIEM, or”Š”, “Šif you’re a very large enterprise”Š”, “Šjust start thinking about doing the first two. It’s also how long Tim and I have been subjecting the world to our thoughts on Cloud Security Podcast by Google. We…
What compliance challenges do NHIs pose

Dec 20, 2025 5:19 AM

Tags: cloud, compliance, infrastructure, password

What Are Non-Human Identities, and Why Do They Matter? Have you ever considered the hidden facets of machine identities that silently power our digital infrastructure? Non-Human Identities (NHIs) are increasingly becoming a cornerstone in ensuring the security and seamless operation of cloud environments. They consist of machine identities that function through secrets like encrypted passwords,……
NIS2 Compliance: Maintaining Credential Security

Dec 19, 2025 10:19 PM

Tags: compliance, credentials, nis-2, password

Strengthen NIS2 compliance by preventing weak and compromised passwords with Enzoic’s continuous credential protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/nis2-compliance-maintaining-credential-security/
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say

Dec 19, 2025 7:19 PM

Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerability

Formerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
Cybersecurity Snapshot: Cyber Pros Emerge as Bold AI Adopters, While AI Changes Data Security Game, CSA Reports Say

Dec 19, 2025 7:19 PM

Tags: advisory, ai, api, attack, awareness, business, cloud, compliance, control, credit-card, crime, crimes, crypto, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, framework, google, governance, guide, healthcare, injection, intelligence, law, LLM, lockbit, malicious, metric, mitigation, monitoring, network, office, openai, ransom, ransomware, risk, risk-management, service, skills, sql, threat, tool, training, update, vulnerability

Formerly “AI shy” cyber pros have done a 180 and become AI power users, as AI forces data security changes, the CSA says. Plus, PwC predicts orgs will get serious about responsible AI usage in 2026, while the NCSC states that, no, prompt injection isn’t the new SQL injection. And much more! Key takeaways Cyber…
AI Agents are Manthe-Middle Attacks

Dec 19, 2025 8:19 AM

Tags: ai, attack, ciso, compliance, zero-trust

After 25 years defending against man-in-the-middle attacks, a security veteran explains why most AI agents replicate the same architectural risks”, creating compliance gaps, opaque decision-making, and zero-trust violations CISOs can’t ignore. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/ai-agents-are-man-in-the-middle-attacks/
Managing agentic AI risk: Lessons from the OWASP Top 10

Dec 19, 2025 8:19 AM

Tags: access, ai, attack, authentication, automation, ciso, cloud, compliance, container, control, credentials, cybercrime, data, exploit, finance, framework, governance, identity, injection, jobs, malicious, mitigation, risk, service, software, supply-chain, tactics, threat, tool, training, unauthorized, update

Actionable guidance: Agentic AI is the main topic of conversation in discussions among his peers, says Keith Hillis, VP of security engineering at Akamai Technologies.”Most organizations are confronted with the challenge of balancing the promising power of AI while also ensuring the organization is not incurring increased security risk,” he says. So, the biggest value…
AI Agents are Manthe-Middle Attacks

Dec 19, 2025 8:19 AM

Tags: ai, attack, ciso, compliance, zero-trust

After 25 years defending against man-in-the-middle attacks, a security veteran explains why most AI agents replicate the same architectural risks”, creating compliance gaps, opaque decision-making, and zero-trust violations CISOs can’t ignore. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/ai-agents-are-man-in-the-middle-attacks/