Tag: resilience
-
Vaillant-CISO: “Starten statt Warten”
Tags: business, ciso, compliance, cyber, cyberattack, cyersecurity, dora, germany, group, international, mail, malware, nis-2, phishing, ransomware, resilience, risk, supply-chainRaphael Reiß, CISO bei Vaillant Group: “Ein moderner CISO muss nicht nur technologische Risiken managen.” Vaillant GroupDer Energiesektor gerät zunehmend in den Fokus von Cyberkriminellen. Aus Sicht von Experten und des Bundesamtes für Sicherheit in der Informationstechnik (BSI) muss der Schutz in diesem Bereich massiv erhöht werden. Wie beurteilen Sie die aktuelle Lage in Deutschland?Reiß:…
-
Zentrales Zertifikatsregister – Der Dreh- und Angelpunkt regulatorischer Resilienz nach DORA
First seen on security-insider.de Jump to article: www.security-insider.de/dora-verordnung-zentrales-zertifikatsregister-finanzbranche-a-6318e5e8fda082444a0cf32b11f4d3da/
-
KI-Verordnung, NIS-2-Richtlinie und Cyber Resilience Act: Auswirkungen auf KMU
Die EU-Regularien wie NIS-2, AI-Act etc. sind von Unternehmen im Hinblick auf Cybersicherheit umzusetzen. Dabei stellt sich die große Frage nach der Verhältnismäßigkeit bestimmter Fragen. Das Institut der deutschen Wirtschaft Köln e.V. und die IW Consult GmbH haben in einer … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/30/ki-verordnung-nis-2-richtlinie-und-cyber-resilience-act-auswirkungen-auf-kmu/
-
Digitale Resilienz aufbauen So sichern wir digitale Netze und Services
Dänemark gilt als Vorreiter, wenn es um Digitalisierung und moderne Kommunikationsinfrastruktur geht. Ein aktuelles Whitepaper, das von der GlobalConnect Gruppe für Dänemark veröffentlicht wurde, zeigt jedoch eindrücklich: Selbst in hochentwickelten Volkswirtschaften sind digitale Netze verwundbar und zwar nicht nur durch technische Fehler, sondern durch systemische Risiken. Und in jüngerer Zeit vor dem Hintergrund… First seen…
-
Mit DORA rückt das IKT-Risikomanagement in den Fokus
Der Digital-Operational-Resilience-Act (DORA) trat bereits im Januar 2025 in Kraft und führte damit einen neuen, umfassenden regulatorischen Rahmen für Finanzinstitute und kritische IKT-Dienstleister in der gesamten EU ein. Die Vorbereitungen darauf begannen bereits einige Jahre vorher und machten eine grundlegende Überarbeitung dessen nötig, wie Unternehmen Risiken in der Informations- und Kommunikationstechnik (IKT) verwalten. Sicherheitsteams suchen…
-
DORA Threat Intelligence: Von Vorschrift zur praktischen Resilienz
Mit dem Inkrafttreten des Digital Operational Resilience Act (DORA) im Jahr 2025 haben deutsche Finanzinstitute ein einheitliches Regelwerk für digitale Stabilität erhalten. DORA gilt für Banken, Versicherungen, Investmentgesellschaften, Zahlungsdienstleister und deren IT-Dienstleister. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cloud-security/dora-threat-intelligence
-
Key provisions of the UK Cyber Resilience Bill Revealed
Shona Lester, head of the Cyber Security and Resilience Bill team within the UK government, outlined some of the provisions that should be included in the future law First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/key-provisions-uk-cyber-resilience/
-
Elena Lazar: Failures are Inevitable Reliability is a Choice
Tags: resilienceReliability engineer on why resilience must be designed, not patched, and how decades of global experience taught her to turn outages into insights. First seen on hackread.com Jump to article: hackread.com/elena-lazar-inevitable-failures-reliability-choice/
-
The Cyber Resilience Act and SaaS: Why Compliance is Only Half the Battle
The EU’s Cyber Resilience Act is reshaping global software security expectations, especially for SaaS, where shared responsibility, lifecycle security and strong identity protections are essential as attackers increasingly “log in” instead of breaking in. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/the-cyber-resilience-act-and-saas-why-compliance-is-only-half-the-battle/
-
Erweiterung des Cyber-Resilienz-Angebots – Service soll Datenschutzverletzungen beim Enterprise-Storage aufdecken
First seen on security-insider.de Jump to article: www.security-insider.de/service-soll-datenschutzverletzungen-beim-enterprise-storage-aufdecken-a-9d89e3c2cce077d02a530451ad5a804e/
-
Komplexität reduzieren, Reaktion beschleunigen – Neuer KI-Agent zur Steigerung der IT-Resilienz
First seen on security-insider.de Jump to article: www.security-insider.de/neuer-ki-agent-zur-steigerung-der-it-resilienz-a-0c71e6aec4339834e7be31a90325b43f/
-
Pure Storage veröffentlicht Leitfaden zur Vorbereitung auf den EU Cyber Resilience Act
Die Cyberresilienz-Verordnung der EU erhöht die Mindestanforderungen an die Cybersicherheit für alle und das ist gut so. Für Unternehmen, die dies jedoch als Last-Minute-Sprint zur Compliance betrachten First seen on infopoint-security.de Jump to article: www.infopoint-security.de/pure-storage-veroeffentlicht-leitfaden-zur-vorbereitung-auf-den-eu-cyber-resilience-act/a42936/
-
What keeps CISOs awake at night, and why Zurich might hold the cure
Tags: access, ai, api, attack, breach, ciso, conference, control, cve, cyber, cybersecurity, deep-fake, detection, endpoint, exploit, finance, firmware, framework, group, incident response, injection, LLM, malware, mandiant, microsoft, mitre, network, phishing, phone, ransomware, resilience, risk, soc, strategy, supply-chain, threat, tool, training, update, zero-dayA safe space in the Alps: Over two days at Zurich’s stunning Dolder Grand, hosted by the Swiss Cyber Institute, I witnessed something I’ve seldom seen at cybersecurity events: real vulnerability. In a closed, attribution-free environment, leaders shared not just strategies, but doubts. And that made this event stand out, not as another conference, but…
-
What keeps CISOs awake at night, and why Zurich might hold the cure
Tags: access, ai, api, attack, breach, ciso, conference, control, cve, cyber, cybersecurity, deep-fake, detection, endpoint, exploit, finance, firmware, framework, group, incident response, injection, LLM, malware, mandiant, microsoft, mitre, network, phishing, phone, ransomware, resilience, risk, soc, strategy, supply-chain, threat, tool, training, update, zero-dayA safe space in the Alps: Over two days at Zurich’s stunning Dolder Grand, hosted by the Swiss Cyber Institute, I witnessed something I’ve seldom seen at cybersecurity events: real vulnerability. In a closed, attribution-free environment, leaders shared not just strategies, but doubts. And that made this event stand out, not as another conference, but…
-
Invisible battles: How cybersecurity work erodes mental health in silence and what we can do about it
Always-on alertness Threats don’t wait. Neither does your pager. You’re expected to respond instantly, on holidays, birthdays, weekends and 2 a.m. system alerts. Even when nothing’s burning, your mind stays wired.That permanent readiness? It’s exhaustion disguised as dedication. Sleep suffers. Focus slips. And when your nervous system never gets to shut down, it starts to…
-
Invisible battles: How cybersecurity work erodes mental health in silence and what we can do about it
Always-on alertness Threats don’t wait. Neither does your pager. You’re expected to respond instantly, on holidays, birthdays, weekends and 2 a.m. system alerts. Even when nothing’s burning, your mind stays wired.That permanent readiness? It’s exhaustion disguised as dedication. Sleep suffers. Focus slips. And when your nervous system never gets to shut down, it starts to…
-
The CISO’s greatest risk? Department leaders quitting
What CISOs can and should be doing: The situation isn’t hopeless; there are steps CISOs can and should take to help avoid defections. It’s a matter of making staff a priority. PayNearMe’s Hobson says CISOs need to ask themselves whether functional security leaders are wearing too many hats with too few opportunities to advance, and…
-
Cloudflare Outage: Should You Go Multi-CDN?
As a DDoS testing and resilience consultancy, we routinely advise our clients to strengthen their architecture by using a reputable CDN like Cloudflare. After this week’s Cloudflare outage, however, many organizations are understandably asking themselves a new question: Should we adopt a multi-CDN strategy instead of relying on a single provider? For the vast majority……
-
Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI Risk Framework
Tags: access, advisory, ai, android, apple, attack, banking, breach, browser, chrome, cisa, ciso, cloud, compliance, control, credentials, credit-card, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, detection, endpoint, extortion, finance, firewall, firmware, flaw, framework, google, governance, government, group, guide, Hardware, ibm, identity, infection, infrastructure, international, Internet, law, linux, malicious, malware, microsoft, mobile, monitoring, network, open-source, oracle, password, phishing, radius, ransomware, rat, resilience, risk, risk-assessment, risk-management, russia, scam, service, software, switch, technology, threat, tool, update, vulnerability, windowsCyber agencies call on ISPs to help combat “bulletproof” internet hosts that shield cybercriminals. Meanwhile, the CSA introduced a new methodology to assess the risks of autonomous AI. Plus, get the latest on the CIS Benchmarks, drone-detection systems, and malware infections. Key takeaways Crackdown on “bulletproof” hosting: International cyber agencies are urging ISPs and network…
-
Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI Risk Framework
Tags: access, advisory, ai, android, apple, attack, banking, breach, browser, chrome, cisa, ciso, cloud, compliance, control, credentials, credit-card, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, detection, endpoint, extortion, finance, firewall, firmware, flaw, framework, google, governance, government, group, guide, Hardware, ibm, identity, infection, infrastructure, international, Internet, law, linux, malicious, malware, microsoft, mobile, monitoring, network, open-source, oracle, password, phishing, radius, ransomware, rat, resilience, risk, risk-assessment, risk-management, russia, scam, service, software, switch, technology, threat, tool, update, vulnerability, windowsCyber agencies call on ISPs to help combat “bulletproof” internet hosts that shield cybercriminals. Meanwhile, the CSA introduced a new methodology to assess the risks of autonomous AI. Plus, get the latest on the CIS Benchmarks, drone-detection systems, and malware infections. Key takeaways Crackdown on “bulletproof” hosting: International cyber agencies are urging ISPs and network…
-
From code to boardroom: A GenAI GRC approach to supply chain risk
Tags: ai, blockchain, business, ciso, compliance, dark-web, data, defense, finance, framework, gartner, grc, intelligence, LLM, metric, open-source, regulation, resilience, risk, strategy, supply-chain, threat, vulnerabilityThe GenAI GRC mandate: From reporting to prediction: To counter a threat that moves at the speed of computation, our GRC must also become generative and predictive. The GenAI GRC mandate is to shift the focus from documenting compliance to predicting systemic failure.Current GRC methods are designed for documentation. They verify that a policy exists.…
-
How to turn threat intel into real security wins
Tags: access, api, attack, automation, awareness, business, ciso, cloud, communications, control, credentials, csf, data, data-breach, detection, dns, edr, email, endpoint, exploit, finance, framework, governance, guide, identity, intelligence, lessons-learned, mail, malware, mitre, nist, phishing, ransomware, resilience, risk, saas, siem, soar, soc, switch, tactics, theft, threat, tool, update, vulnerabilityThe CISO mandate: Risk, efficiency, investment, response: Reduce operational risk and financial loss Intelligence-led detection and response aim to prevent or minimise data loss and business disruption. The downstream effects, smaller blast radii, fewer regulatory headaches and lower recovery bills, are what boards recognise. Maximise staff efficiency Manual validation and correlation drive alert fatigue. Automating…
-
From code to boardroom: A GenAI GRC approach to supply chain risk
Tags: ai, blockchain, business, ciso, compliance, dark-web, data, defense, finance, framework, gartner, grc, intelligence, LLM, metric, open-source, regulation, resilience, risk, strategy, supply-chain, threat, vulnerabilityThe GenAI GRC mandate: From reporting to prediction: To counter a threat that moves at the speed of computation, our GRC must also become generative and predictive. The GenAI GRC mandate is to shift the focus from documenting compliance to predicting systemic failure.Current GRC methods are designed for documentation. They verify that a policy exists.…
-
How to turn threat intel into real security wins
Tags: access, api, attack, automation, awareness, business, ciso, cloud, communications, control, credentials, csf, data, data-breach, detection, dns, edr, email, endpoint, exploit, finance, framework, governance, guide, identity, intelligence, lessons-learned, mail, malware, mitre, nist, phishing, ransomware, resilience, risk, saas, siem, soar, soc, switch, tactics, theft, threat, tool, update, vulnerabilityThe CISO mandate: Risk, efficiency, investment, response: Reduce operational risk and financial loss Intelligence-led detection and response aim to prevent or minimise data loss and business disruption. The downstream effects, smaller blast radii, fewer regulatory headaches and lower recovery bills, are what boards recognise. Maximise staff efficiency Manual validation and correlation drive alert fatigue. Automating…
-
Root causes of security breaches remain elusive, jeopardizing resilience
Tags: attack, breach, business, ciso, cyber, cybercrime, cybersecurity, data, detection, framework, governance, incident response, intelligence, lessons-learned, monitoring, resilience, security-incident, service, siem, skills, software, strategy, tactics, technology, threat, tool, training, update, vpn, vulnerabilityTracing an attack path: Preparation is key, so businesses need to have dedicated tools and skills for digital forensics in place before an incident occurs through technologies such as security incident and event management (SIEM).SIEM devices are important because, for example, many gateway and VPN devices have a local storage that overwrites itself within hours.”If…
-
ENISA becomes CVE Program Root, strengthening Europe’s vulnerability management framework
The European Union Agency for Cybersecurity (ENISA) has been officially designated as a Program Root in the global Common Vulnerabilities and Exposures (CVE) Program. It marks a significant step in the EU’s efforts to bolster cybersecurity resilience and streamline vulnerability coordination across member states. As a Program Root, ENISA will serve as the central point…
-
Tanium setzt neue KI-Maßstäbe für autonome IT und ganzheitliche Cyber-Resilienz
Tanium entwickelt seine Plattform kontinuierlich weiter, um Unternehmen in immer komplexeren IT-Landschaften zu unterstützen. Durch intelligente Automatisierung, Echtzeitsichtbarkeit und die Vereinheitlichung von IT-, OT- und mobilen Endpunktumgebungen First seen on infopoint-security.de Jump to article: www.infopoint-security.de/tanium-setzt-neue-ki-massstaebe-fuer-autonome-it-und-ganzheitliche-cyber-resilienz/a42902/