Tag: risk
-
Interconnectedness, extortion risk make cybersecurity a healthcare C-suite priority
A new report from Trellix reviews the biggest breaches, describes the most effective defenses and profiles the most dangerous attackers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/health-care-cybersecurity-threats-report-trellix/810608/
-
AI Agents Are Booking Travel: How Businesses Can Enable Revenue Minimize Risk
AI agents are booking travel at scale. Learn how to enable agentic commerce, stop agent hijacking and loyalty fraud, and protect your revenue. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/ai-agents-are-booking-travel-how-businesses-can-enable-revenue-minimize-risk/
-
4 Probleme, die CISOs behindern
Tags: ai, business, ciso, cloud, compliance, cyberattack, cybersecurity, cyersecurity, data, framework, governance, risk, risk-management, skills, strategy, tool, vulnerability-managementLesen Sie, welche strategischen Probleme CISOs bei ihren Aufgaben behindern.Viele Sicherheitsverantwortliche glauben, dass ein Cybervorfall unvermeidlich ist unklsar ist lediglich der Zeitpunkt. Diese Überzeugung spiegelt sich in der gängigen Redewendung wider, dass es nicht darum geht, ‘ob”, sondern ‘wann” ein Angriff erfolgt.Eine wachsende Zahl von CISOs rechnet jedoch eher früher als später mit einem Vorfall:…
-
Overcoming AI fatigue
Tags: access, ai, awareness, business, ciso, cloud, control, data, finance, governance, incident response, jobs, metric, monitoring, privacy, risk, strategy, supply-chain, technology, tool, training, zero-trustbefore it becomes fully entrenched in every corner of the business. It’s a rare opportunity, one we shouldn’t waste. A big part of the confusion comes from the word “AI” itself. We use the same label to talk about a chatbot drafting marketing copy and autonomous agents that generate and implement incident response playbooks. Technically,…
-
He Who Controls the Key Controls the World Microsoft “Often” Provides BitLocker Keys to Law Enforcement
Encryption doesn’t guarantee privacy”, key ownership does. This article explains how cloud-stored encryption keys let third parties unlock your data, exposing the hidden risks behind “secure” services like BitLocker and Gmail. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/he-who-controls-the-key-controls-the-world-microsoft-often-provides-bitlocker-keys-to-law-enforcement/
-
KI-Agenten vor Missbrauch schützen – KI-Willkür: 3 Risiken und ihre Lösung
First seen on security-insider.de Jump to article: www.security-insider.de/ki-agenten-sicherheitsrisiken-data-poisoning-manipulation-a-2039e0babf6f3dfdb142c0da0f118cce/
-
4 issues holding back CISOs’ security agendas
Tags: access, ai, application-security, attack, business, ciso, cloud, compliance, control, cyber, cybersecurity, data, endpoint, framework, governance, intelligence, jobs, monitoring, network, resilience, risk, risk-assessment, risk-management, sans, service, skills, strategy, technology, threat, tool, training, vulnerability, vulnerability-management2. Inability to keep pace with AI innovation and adoption: Executives and employees alike have been rushing to adopt artificial intelligence, enticed by expectations that AI will transform workflows and save time, money, and effort.But CISOs for the most part have not kept pace with their business colleagues’ rate of AI adoption.According to a survey…
-
4 Sicherheitsrisiken, die CIOs bei der Nutzung von Krypto-Technologien oft unterschätzen
Krypto-Technologien haben sich vom Nischenexperiment zu einem strategischen Thema entwickelt. Für viele Unternehmen geht es dabei weniger um Spekulation, sondern um Infrastrukturfragen: digitale Identitäten, tokenisierte Prozesse oder neue Zahlungswege. Genau hier entstehen Risiken, die im Managementalltag leicht untergehen. 2026 stehen CIOs und CISOs vor einer paradoxen Situation. Einerseits wächst der Druck, sich mit Krypto-Technologien auseinanderzusetzen….…
-
The 7 Essential Elements of a Compliance Framework You Need to Know
Key Takeaways Regulatory expectations continue to expand. Oversight bodies increasingly look beyond documentation to how organizations manage compliance risk in practice. In this environment, compliance functions best when supported by a structured framework. While industries and jurisdictions vary, effective, high-quality governance and compliance programs consistently rely on seven foundational elements. From Requirement Lists to Operating……
-
How MSSPs Can Help Clients Mitigate Shadow IT and Data Sprawl with Cavelo
Mitigate shadow IT and data sprawl with a modern, data-first MSSP approach. Learn how Cavelo helps you gain visibility, reduce risk, and strengthen client trust. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/how-mssps-can-help-clients-mitigate-shadow-it-and-data-sprawl-with-cavelo/
-
How MSSPs Can Help Clients Mitigate Shadow IT and Data Sprawl with Cavelo
Mitigate shadow IT and data sprawl with a modern, data-first MSSP approach. Learn how Cavelo helps you gain visibility, reduce risk, and strengthen client trust. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/how-mssps-can-help-clients-mitigate-shadow-it-and-data-sprawl-with-cavelo/
-
EU launches investigation into X over Grok-generated sexual images
The European Commission is now investigating whether X properly assessed risks before deploying its Grok artificial intelligence tool, following its use to generate sexually explicit images. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/eu-launches-investigation-into-x-over-grok-generated-sexual-images/
-
Continuous Identity Assurance Is Now Security Infrastructure
From Remote Hiring to Access and Support, Trust Must Be Verified – Not Assumed Attackers no longer break in – they simply impersonate an employee or contractor to gain access. Discover how continuous identity assurance across hiring, third-party access and call centers reduces human-layer risk, and how IDProof+ enables fast, trusted verification across critical workflows.…
-
Continuous Identity Assurance Is Now Security Infrastructure
From Remote Hiring to Access and Support, Trust Must Be Verified – Not Assumed Attackers no longer break in – they simply impersonate an employee or contractor to gain access. Discover how continuous identity assurance across hiring, third-party access and call centers reduces human-layer risk, and how IDProof+ enables fast, trusted verification across critical workflows.…
-
Microsoft handed over BitLocker keys to law enforcement, raising enterprise data control concerns
Tags: access, authentication, backup, breach, business, china, cloud, control, corporate, credentials, data, endpoint, governance, government, group, india, infrastructure, law, mfa, microsoft, risk, service, technologyWhere most enterprises go wrong: Enterprises using BitLocker should treat the recovery keys as highly sensitive, and avoid default cloud backup unless there is a clear business requirement and the associated risks are well understood and mitigated.The safest configuration is to redirect those keys to on-premises Active Directory or a controlled enterprise key vault. Even…
-
Microsoft handed over BitLocker keys to law enforcement, raising enterprise data control concerns
Tags: access, authentication, backup, breach, business, china, cloud, control, corporate, credentials, data, endpoint, governance, government, group, india, infrastructure, law, mfa, microsoft, risk, service, technologyWhere most enterprises go wrong: Enterprises using BitLocker should treat the recovery keys as highly sensitive, and avoid default cloud backup unless there is a clear business requirement and the associated risks are well understood and mitigated.The safest configuration is to redirect those keys to on-premises Active Directory or a controlled enterprise key vault. Even…
-
EU opens new investigation into Grok on X
The European Commission has opened a new formal investigation into X under the Digital Services Act over risks linked to the deployment of its AI tool Grok in the EU. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/26/european-commission-grok-x-investigation/
-
20,000 WordPress Sites at Risk From Plugin Admin Backdoor
A backdoor bug in a WordPress plugin with 20,000+ installs lets attackers create admin accounts without logging in. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/20000-wordpress-sites-at-risk-from-plugin-admin-backdoor/
-
Can Passkeys Be Exploited for Account Access?
Explore if passkeys can be exploited. Learn about potential vulnerabilities in passwordless authentication, fido2 implementation risks, and how to stay secure. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/can-passkeys-be-exploited-for-account-access/
-
Digitale Souveränität, Sicherheit, KI: Wie sich Europas IT-Strategien neu ausrichten
Unternehmen in Europa stehen vor einem Dilemma: Entweder sie halten am Status quo fest und riskieren eine folgenschwere Abhängigkeit von einzelnen Anbietern oder sie akzeptieren die tiefgreifenden technologischen Veränderungen und machen ihre IT wirklich zukunftsfähig. Das Festhalten an proprietären Single”‘Vendor”‘Lösungen ist längst nicht mehr nur eine Frage der Technologie. Es ist ein finanzielles Risiko und kann zur Bedrohung für das……
-
Dark Data erhöht Risiken für die Datensicherheit – Wer Daten nicht klassifiziert, kann sie auch nicht schützen
First seen on security-insider.de Jump to article: www.security-insider.de/dark-data-discovery-klassifizierung-a-709f91022eab77361d6aa16381f3f34e/
-
Warum CTEM 2026 zum Fundament moderner OT-Sicherheit wird
Vor einigen Jahren war ‘CTEM” nur ein weiteres Akronym von Gartner. Im Jahr 2026 ist es das Organisationsprinzip für jedes ernsthafte OT-Sicherheitsprogramm. CTEM steht für einen Wandel vom periodischen Schwachstellenmanagement hin zu einer kontinuierlichen, risikobasierten Bewertung und Verwaltung von Risiken in Bezug auf Hardware, Firmware, Netzwerkpfade und sogar Abhängigkeiten in der Lieferkette. First seen on…
-
CISO’s predictions for 2026
Tags: access, ai, attack, authentication, automation, breach, business, ciso, cloud, control, credentials, cryptography, cyber, cyberattack, cybersecurity, data, data-breach, encryption, endpoint, extortion, finance, governance, government, healthcare, identity, infrastructure, malicious, mobile, mssp, network, password, penetration-testing, ransomware, risk, router, saas, soc, strategy, supply-chain, technology, threat, tool, vulnerability, warfareAI agents to reshape the threat landscape: But those same AI technologies are also changing the threat landscape. Toal points to a recent Anthropic report that documented the first large-scale AI-enabled cyberattack as an early warning sign. “I guarantee attackers will be more focused on using AI agents for what they want than a lot…
-
5 Reasons Why Organizations Don’t Achieve FedRAMP ATO
When a cloud services provider wants to work with the federal government, they have to pass a rigorous audit to make sure they’re capable of properly securing the controlled information they would handle in the process. Achieving that Authority to Operate is done through the Federal Risk and Authorization Management Program and is the biggest……
-
5 Reasons Why Organizations Don’t Achieve FedRAMP ATO
When a cloud services provider wants to work with the federal government, they have to pass a rigorous audit to make sure they’re capable of properly securing the controlled information they would handle in the process. Achieving that Authority to Operate is done through the Federal Risk and Authorization Management Program and is the biggest……
-
NDSS 2025 Secure Data Analytics
Session 10A: Confidential Computing 2 Authors, Creators & Presenters: Byeongwook Kim (Seoul National University), Jaewon Hur (Seoul National University), Adil Ahmad (Arizona State University), Byoungyoung Lee (Seoul National University) PAPER Secure Data Analytics in Apache Spark with Fine-grained Policy Enforcement and Isolated Execution Cloud based Spark platform is a tempting approach for sharing data, as…
-
NDSS 2025 Secure Data Analytics
Session 10A: Confidential Computing 2 Authors, Creators & Presenters: Byeongwook Kim (Seoul National University), Jaewon Hur (Seoul National University), Adil Ahmad (Arizona State University), Byoungyoung Lee (Seoul National University) PAPER Secure Data Analytics in Apache Spark with Fine-grained Policy Enforcement and Isolated Execution Cloud based Spark platform is a tempting approach for sharing data, as…
-
NDSS 2025 Secure Data Analytics
Session 10A: Confidential Computing 2 Authors, Creators & Presenters: Byeongwook Kim (Seoul National University), Jaewon Hur (Seoul National University), Adil Ahmad (Arizona State University), Byoungyoung Lee (Seoul National University) PAPER Secure Data Analytics in Apache Spark with Fine-grained Policy Enforcement and Isolated Execution Cloud based Spark platform is a tempting approach for sharing data, as…
-
Healthy Security Cultures Want People to Report Risks
The signs of an effective security culture are shifting as companies call on CISOs and security teams to raise their hands unabashedly. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/healthy-security-cultures-thrive-on-risk-reporting