Tag: risk
-
Wenn KI Compliance verspricht und Risiken liefert
Compliance existiert, um Vertrauen in der Wirtschaft sicherzustellen. Wer in diesem Feld arbeitet, bekommt genau eine Chance, dieses Vertrauen zu rechtfertigen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wenn-ki-compliance-verspricht-und-risiken-liefert/a44456/
-
How we made Trail of Bits AI-native (so far)
Tags: access, ai, application-security, attack, automation, blockchain, business, ceo, chatgpt, computer, computing, conference, control, data, email, germany, government, identity, injection, jobs, macOS, marketplace, nvidia, open-source, risk, service, skills, strategy, supply-chain, technology, threat, tool, vulnerabilityThis post is adapted from a talk I gave at [un]prompted, the AI security practitioner conference. Thanks to Gadi Evron for inviting me to speak. You can watch the recorded presentation below or download the slides. Most companies hand out ChatGPT licenses and wait for the productivity numbers to move. We built a system instead.…
-
WorldDay Studie von Veeam enthüllt Vertrauenskrise bei Daten und KI
Die Mehrheit der Vorstände ignoriert die Risiken in Verbindung mit KI. Gleichsam geben Führungskräfte zu, dass sie einen dreitägigen vollständigen Datenausfall nicht überstehen würden was eine Vertrauenskrise innerhalb digitaler Prozesse von Unternehmen offenbart. Anlässlich des heutigen World-Backup-Days stellt Veeam Software, das Unternehmen für Data- und AI-Trust, die Ergebnisse seiner jüngsten Umfrage zur Datenresilienz vor, […]…
-
8 ways to bolster your security posture on the cheap
Tags: access, attack, authentication, awareness, breach, ciso, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, ddos, dkim, dmarc, dns, email, endpoint, exploit, finance, google, identity, Internet, metric, mfa, microsoft, mitigation, okta, passkey, password, phishing, risk, risk-management, service, strategy, technology, tool, training, update, waf, zero-day2. Take full advantage of your existing tools: A practical way to strengthen enterprise security without incurring additional significant spend is to ensure you’re fully leveraging the capabilities of solutions already present within your organization, says Gary Brickhouse, CISO at security services firm GuidePoint Security.”Most organizations have invested heavily in security solutions, yet most are…
-
The external pressures redefining cybersecurity risk
Tags: access, ai, attack, breach, business, ciso, control, cyber, cyberattack, cybersecurity, data, deep-fake, defense, email, governance, guide, incident response, injection, network, nist, resilience, risk, risk-management, supply-chain, technology, threat, toolAI is accelerating both the attackers and your defenses, but governance is often missing : What I see generative AI doing in cybersecurity is accelerating what attackers can do and lowering the cost of entry for new criminal gangs. Cyberattacks are more potent because the technology makes it easier to target victims, create deepfake videos or…
-
Shrinking PQC timeline highlights immediate risk to data security
Google’s decision to move up its timeline for migration to post-quantum cryptography highlights that some of the cyber security risks posed by quantum computing are already reality First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366640684/Shrinking-PQC-timeline-highlights-immediate-risk-to-data-security
-
The Quantum Clock is Ticking and Your Encryption is Running Out of Time
With 90% of organizations unprepared for quantum threats, the shift to post-quantum cryptography (PQC) is a structural necessity. Explore the “harvest now, decrypt later” risk and the NIST PQC standards. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/the-quantum-clock-is-ticking-and-your-encryption-is-running-out-of-time/
-
California Gets Serious About Regulation (Again)
California’s privacy regime has evolved. As of January 1, 2026, the CCPA/CPRA now mandates risk assessments, automated decision-making (AI) oversight, and independent cybersecurity audits. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/california-gets-serious-about-regulation-again/
-
6 key takeaways from RSA Conference 2026
Tags: ai, api, attack, ceo, cio, ciso, compliance, conference, control, cyber, cybersecurity, data, framework, google, governance, government, identity, infrastructure, injection, intelligence, jobs, LLM, office, RedTeam, regulation, risk, saas, service, technology, threat, tool, trainingSecuring the AI stack: Yes, but the threat surface has grown: The first technical priority I offered for CISOs in my conference preview was securing the AI stack, RAG workflows, LLM data pipelines, vector databases, and model APIs, on the basis that prompt injection, training data poisoning, and model inversion attacks were no longer theoretical.The…
-
National Cyber Resilience Demands Unified Defense
UK NCSC’s Richard Horne on Strengthening Cyber Defense and Incident Response. Cyber risk is rising as digital dependence grows and threat actors expand. NCSC CEO Richard Horne outlines why leaders must treat cybersecurity as mission-critical, strengthen their resilience, and align defense efforts to counter ransomware, AI-driven threats, and supply chain attacks. First seen on govinfosecurity.com…
-
The art of making technical risk make sense to executives
In this Help Net Security video, Jay Miller, CISO at Paessler, explains how security leaders can communicate technical risk to executives and board members in terms they … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/31/ciso-communication-to-the-board-video/
-
Von formaler Compliance zu echter Cybersicherheit im Finanzsektor
Warum DORA auch eine Architekturfrage ist und was das für Banken und Versicherungen bedeutet. Die Anforderungen an die digitale Widerstandsfähigkeit von Banken und Versicherungen steigen. Mit dem Digital Operational Resilience Act (DORA) hat die Europäische Union einen verbindlichen Rahmen geschaffen, um IT-Risiken, Cyberangriffe und Abhängigkeiten von Drittdienstleistern zu adressieren. Doch regulatorische Konformität schafft… First…
-
AI Agents Are Democratizing Finance but Also Redefining Risk
AI agents are transforming finance, enabling automated trading and payments, but introduce new risks around keys, data inputs and secure execution control. First seen on hackread.com Jump to article: hackread.com/ai-agents-democratizing-finance-redefining-risk/
-
Iranian Cyberthreats Test US Infrastructure Defenses
Experts Cite Prepositioning Risk in Iranian Cyber Operations Amid Escalating War. Warnings from Iranian-linked hacking groups targeting U.S. water systems highlight a growing risk of prepositioned cyber access and rapid attack activation, analysts told ISMG, as federal defenders confront rising geopolitical tensions and operational strain across critical infrastructure sectors. First seen on govinfosecurity.com Jump to…
-
BSidesSLC 2025 Risk Management Explained Through Star Wars
Author, Creator & Presenter: Kenny Scott – Founder & CEO Of Paramify Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/bsidesslc-2025-risk-management-explained-through-star-wars/
-
Schwachstelle bei ChatGPT erlaubte Konversationsdaten auszulesen
Die Sicherheitsforscher von Check Point Research haben eine bislang unbekannte Sicherheitslücke aufgedeckt, die es ermöglichte, sensible ChatGPT-Konversationsdaten unbemerkt ohne Wissen oder Zustimmung der Nutzer abzusaugen. Inzwischen hat OpenAI die Lücke geschlossen. Die entdeckte Schwachstelle zeigt, KI-Plattformen müssen wie Cloud- und Computing-Infrastruktur behandelt werden. Die integrierte Sicherheit beseitigt Risiken nicht. Unternehmen können sich nicht […] First…
-
In vier Schritten die M365-Tenant-Resilienz stärken – Die vier größten Risiken für den Microsoft-365-Tenant
First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-365-tenant-risiken-vier-schritte-plan-resilienz-a-f79a1a96ffe05461afa4f6cdd0cdc2ca/
-
Das unterschätzte Risiko: Hypervisor-Wechsel und die Folgen für die Datensicherheit
Tags: riskDer Wechsel der Hypervisorplattform ist weit mehr als ein technisches Detail. Er entscheidet darüber, wie sicher Daten sind und wie schnell man wieder arbeitsfähig wird. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/das-unterschaetzte-risiko-hypervisor-wechsel-und-die-folgen-fuer-die-datensicherheit/a44397/
-
Smart Homes Are Getting Smarter”, But Post-Breach Guidance Is Falling Behind
Modern households have started adopting internet-connected devices, ranging from cameras and speakers to locks and routers. However, with this technological advancement, the risk of a smart home breach has grown. While preventive guidance is widely available, residents often find themselves uncertain about what to do after an attack, according to new research led by Leipzig…
-
Why risk alone doesn’t get you to yes
I have been in security rooms for years, from military operations centers to corporate boardrooms. In all those years I can tell you that the hardest mission that most … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/30/cyber-security-executive-buy-in/
-
The Hidden Tracking Risk Inside Your Tires
In this episode, Tom Eston and co-host Scott Wright discuss research showing that Tire Pressure Monitoring Systems (TPMS) can create privacy risks because the sensors broadcast unencrypted, uniquely identifying wireless signals that could be used to track vehicles. They reference a 10-week study by researchers at IMDEA in Madrid that collected about 6 million signals……
-
Microsoft’s March Security Update of High-Risk Vulnerability Notice for Multiple Products
Overview On March 11, NSFOCUS CERT detected that Microsoft released the March Security Update patch, which fixed 83 security issues involving widely used products such as Windows, Microsoft Office, Microsoft SQL Server, Azure, etc., including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by Microsoft’s monthly update this…The…
-
Datensouveränität Jedes dritte Unternehmen war 2025 von einem Vorfall betroffen
Unternehmen geben Millionen für ihre Datensouveränitätsbemühungen aus und doch klafft eine Souveränitätslücke. Der aktuelle »2026 Data Security and Compliance Risk: Data Sovereignty Report« von Kiteworks deckt eine auffällige Diskrepanz auf dem Weg zur Datensouveränität auf [1]. Die Umfrage zeigt, dass Unternehmen die Vorschriften zur Datensouveränität zwar besser denn je kennen, jedoch auch jedes dritte… First…
-
Die Einhaltung von NIS2 wird nicht an der Technik scheitern, sondern an den Menschen
NIS2 erhöht die Erwartungen an die Cybersicherheit in ganz Europa und stellt das menschliche Verhalten in den Mittelpunkt der Compliance Experten für Human Risk Management fordern Unternehmen auf ihre Belegschaft auf NIS2 vorbereiten. NIS2 hat die Messlatte für die Cybersicherheit in ganz Europa höher gelegt, und das aus gutem Grund. Die Bedrohungen sind hartnäckiger,… First…
-
Best Practices zur Single Sign-On-Absicherung
Werbung Single Sign-On (SSO) ist ein zentraler Bestandteil moderner Identitätsarchitekturen und reduziert bei richtiger Implementierung die Passwortvielfalt. Aber wie sichert man diese zentrale Struktur vor dem Risiko einer Kompromittierung ab? Fünf Best Practices helfen zur Single Sign-On-Absicherung. Quelle First seen on borncity.com Jump to article: borncity.com/blog/2026/03/29/best-practices-zur-single-sign-on-absicherung/
-
Best Practices zur Single Sign-On-Absicherung
Werbung Single Sign-On (SSO) ist ein zentraler Bestandteil moderner Identitätsarchitekturen und reduziert bei richtiger Implementierung die Passwortvielfalt. Aber wie sichert man diese zentrale Struktur vor dem Risiko einer Kompromittierung ab? Fünf Best Practices helfen zur Single Sign-On-Absicherung. Quelle First seen on borncity.com Jump to article: borncity.com/blog/2026/03/29/best-practices-zur-single-sign-on-absicherung/
-
AI Agents Redefine Enterprise Cybersecurity Risk
Menlo Ventures’ Rama Sekhar on Securing AI Agents and Non-Human Identities. As AI evolves from assistants to autonomous agents, enterprises face a new attack surface driven by non-human identities. Rama Sekhar, partner at Menlo Ventures, explains why visibility, governance and AI-driven remediation are critical to securing this evolution. First seen on govinfosecurity.com Jump to article:…
-
Das Wikipedia”‘Verbot für KI”‘Texte ist ein Weckruf für Unternehmen
Datenökologie, Governance und strategische Risiken im Zeitalter generativer KI Das Wikipedia”‘Verbot für KI”‘Texte ist weniger ein KI”‘Problem als vielmehr ein Signal für die Bedeutung stabiler unternehmensinterner Datenökosysteme. Model Collapse und »Habsburg AI« sind reale Risiken, entstehen jedoch nicht automatisch, sondern vor allem durch fehlende Daten”‘Governance und unkontrollierten Einsatz synthetischer Inhalte. Die zentrale Botschaft… First seen…