Tag: strategy
-
AI is Rewriting the Rules of Risk: Three Ways CISOs Can Lead the Next Chapter
AI is revolutionizing cybersecurity, raising the stakes for CISOs who must balance innovation with risk management. As adversaries leverage AI to enhance attacks, effective cybersecurity requires visibility, adaptive strategies, and leadership alignment at the board level. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/ai-is-rewriting-the-rules-of-risk-three-ways-cisos-can-lead-the-next-chapter/
-
Feeling brave? Ministry of Defence seeks £300K digital boss to manage £4.6B spend
Whoever gets it will steer UK department’s IT, AI strategy, and megabucks vendor deals First seen on theregister.com Jump to article: www.theregister.com/2026/02/12/mod_recruits_tech_head/
-
Proactive strategies for cyber resilience with Wazuh
Cyber resilience means anticipating threats, detecting them early, and recovering fast when incidents occur. Wazuh shows how its open source SIEM and XDR unify visibility, detection, and automated response to strengthen proactive defense. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/proactive-strategies-for-cyber-resilience-with-wazuh/
-
ENISA Updates Its International Strategy to Strengthen EU’s Cybersecurity Cooperation
The European Union Agency for Cybersecurity has released an updated international strategy to reinforce the EU’s cybersecurity ecosystem and strengthen cooperation beyond Europe’s borders. The revised ENISA International Strategy refreshes the agency’s approach to working with global partners while ensuring stronger alignment with the European Union’s international cybersecurity policies, core values, and long-term objectives. First…
-
How to govern agentic AI so as not to lose control
assisting and start acting. We will witness a qualitative leap towards agent-based or agentive AI, capable of making autonomous decisions, managing complex workflows, and executing end-to-end tasks without constant intervention. However, this autonomy carries with it a serious warning for businesses: the ability to operate alone exponentially multiplies the impact of any error or security…
-
GuLoader Leverages Polymorphic Malware and Trusted Cloud Infrastructure to Evade Detection
GuLoader, also known as CloudEye, is a sophisticated malware downloader that has been active since late 2019. Its primary function is to download and install secondary malware, such as Remote Access Trojans (RATs) and information stealers, onto compromised systems. One of GuLoader’s most effective evasion strategies is its use of legitimate cloud services. Instead of…
-
Anthropic’s DXT poses “critical RCE vulnerability” by running with full system privileges
Difference are ‘stark’: Principal AI Security Researcher at LayerX Security Roy Paz said that he tested DXT against Perplexity’s Comet, OpenAI’s Atlas, and Microsoft’s CoPilot, and the differences were stark.”When you ask Copilot, Atlas, or Perplexity to use a tool, then it will use that tool for you. But Claude DXT allows tools to talk…
-
Anthropic’s DXT poses “critical RCE vulnerability” by running with full system privileges
Difference are ‘stark’: Principal AI Security Researcher at LayerX Security Roy Paz said that he tested DXT against Perplexity’s Comet, OpenAI’s Atlas, and Microsoft’s CoPilot, and the differences were stark.”When you ask Copilot, Atlas, or Perplexity to use a tool, then it will use that tool for you. But Claude DXT allows tools to talk…
-
Critics warn America’s ‘move fast’ AI strategy could cost it the global market
As the U.S. promises a light-touch approach to AI regulation, businesses and other stakeholders must work out the rules of the road for themselves. First seen on cyberscoop.com Jump to article: cyberscoop.com/trump-ai-policy-global-adoption-safety-regulation-critics/
-
UAE’s TII challenges big tech dominance with open source Falcon AI models
Through its Falcon models and an open, efficiency-driven research strategy, the Technology Innovation Institute is positioning the UAE as a producer of foundational AI, not merely a consumer of global platforms First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366638759/UAEs-TII-challenges-big-tech-dominance-with-open-source-Falcon-AI-models
-
Never settle: How CISOs can go beyond compliance standards to better protect their organizations
Tags: ai, awareness, breach, ciso, compliance, computing, control, cybersecurity, finance, risk, risk-assessment, risk-management, software, strategy, threat, training, vulnerabilityThe new North Star for CISOs: Accounting for emerging risk: We’ve established that it’s no longer good enough to overfit into a compliance standard, but you can still use compliance to your advantage.Most compliance programs mandate an information security risk assessment and, at a larger company, you may already have a dedicated enterprise risk management…
-
Schrödinger’s cat and the enterprise security paradox
Tags: control, cybersecurity, detection, exploit, framework, identity, intelligence, jobs, metric, penetration-testing, RedTeam, resilience, risk, siem, strategy, threat, tooland compromised. The dashboards might be green and the audit reports reassuring, but the uncomfortable reality is that you do not know your actual state until you observe it directly and often. Many readers will have heard of Schrödinger’s cat in passing, but the details blur over time, so it is worth revisiting what the…
-
Schrödinger’s cat and the enterprise security paradox
Tags: control, cybersecurity, detection, exploit, framework, identity, intelligence, jobs, metric, penetration-testing, RedTeam, resilience, risk, siem, strategy, threat, tooland compromised. The dashboards might be green and the audit reports reassuring, but the uncomfortable reality is that you do not know your actual state until you observe it directly and often. Many readers will have heard of Schrödinger’s cat in passing, but the details blur over time, so it is worth revisiting what the…
-
Detecting Ransomware Using Windows Minifilters to Intercept File Change Events
Tags: cyber, detection, encryption, endpoint, github, malicious, ransomware, strategy, tool, windowsA security researcher has released a new proof-of-concept (PoC) tool on GitHub designed to stop ransomware at the deepest level of the operating system. Part of a broader Endpoint Detection and Response (EDR) strategy named >>Sanctum,<< the project demonstrates how defenders can use Windows Minifilters to detect and intercept malicious file encryption before it destroys…
-
Zscaler extends zero-trust security to browsers with SquareX acquisition
Tags: access, ai, ceo, ciso, control, crowdstrike, cybersecurity, edr, endpoint, least-privilege, network, risk, service, strategy, tool, vpn, zero-trustA win-win for customers?: Zscaler has acknowledged that browser runtime behaviour was a missing piece in its zero-trust security, and having SquareX solution in its portfolio can help fill the gap, noted Gogia.For Zscaler customers, this acquisition would mean browser security is no longer an afterthought or a separate tool to evaluate but a native…
-
The blind spot every CISO must see: Loyalty
Tags: access, ai, ciso, corporate, data, espionage, exploit, finance, framework, gartner, government, intelligence, jobs, malicious, monitoring, risk, strategy, tool, training, vulnerability, zero-trustHow the misread appears in practice: Recent examples illustrate the point. In the US federal sphere, abrupt terminations under workforce reduction initiatives have left former employees with lingering access to sensitive systems, amplifying the potential for data exposure or retaliation. Corporate cases show a similar dynamic: engineers or executives who have spent years building institutional…
-
OpenAI Launches Trusted Access for Cyber to Expand AI-Driven Defense While Managing Risk
OpenAI has announced a new initiative aimed at strengthening digital defenses while managing the risks that come with capable artificial intelligence systems. The effort, called Trusted Access for Cyber, is part of a broader strategy to enhance baseline protection for all users while selectively expanding access to advanced cybersecurity capabilities for vetted defenders. First seen…
-
Four new vulnerabilities found in Ingress NGINX
Tags: access, api, authentication, container, cve, cybersecurity, data, exploit, group, injection, jobs, kubernetes, malicious, risk, service, strategy, vulnerabilitycustom-errors configuration that includes HTTP errors 401 or 403, and if the configured default custom-errors backend is defective and fails to respect the X-Code HTTP header, then an Ingress with the auth-url annotation may be accessed even when authentication fails.CVE-2026-24512 is a configuration injection vulnerability where the rules.http.paths.path Ingress field can be used to inject configuration into nginx.…
-
Keeper Security Announces 2026 MSP Partner Program
Keeper Security has announced the launch of its 2026 Managed Service Provider (MSP) Partner Program. The program helps managed service providers to deliver enterprise-grade privileged access management while growing their recurring revenue. This new launch is aligned with Keeper’s strategy to invest in its channel sales program that combines aggressive partner economics, expanded enablement materials…
-
Building trust with the board through evidence-based proof
Tags: backup, business, cio, ciso, compliance, control, cyber, cybersecurity, data, finance, governance, incident, insurance, mitigation, regulation, resilience, risk, strategy, tool, updateBuilding a common language to get to “Here’s the proof of cyber resilience”: CISOs can reframe the discussion using data and evidence. Modern cybersecurity tools produce a large volume of data and information on how they operate at any point in time, the status of controls deployed, the validation of configuration and more. There’s an…
-
Semperis Buys MightyID to Expand Identity Security
Acquisition Adds Okta and Ping Coverage to Semperis’ Identity Security Platform. Semperis has acquired MightyID to extend its identity-first security and cyber resilience strategy beyond Active Directory and Entra ID into Okta and Ping. CEO Mickey Bresman says the deal addresses customer demand for multi-identity provider protection backup recovery and migration. First seen on govinfosecurity.com…
-
Grundlegend: die Backup-Strategie – Mit verbesserter Resilienz durch ein herausforderndes Jahr 2026
First seen on security-insider.de Jump to article: www.security-insider.de/mit-verbesserter-resilienz-durch-ein-herausforderndes-jahr-2026-a-3c5c0869f045e60afea075ef0f015c0d/
-
Should I stay or should I go?
Tags: access, breach, business, ceo, cio, ciso, communications, compliance, cybersecurity, finance, fraud, insurance, jobs, network, risk, strategy, supply-chain, update, vulnerabilityRed flag: Cognitive disconnect: Lack of access to executives and the board comes up repeatedly in Cybersecurity Ventures reports as a top reason CISO’s decide to leave their jobs, according to Steve Morgan, founder of Cybersecurity Ventures. He cites lack of support as another top reason CISO’s leave.Splunk’s 2025 CISO report found 29% of respondents…
-
Are your secrets safe from cyber threats
How Do Non-Human Identities Reinforce Data Protection? How does one ensure that machine identities remain secure from cyber threats? This query emerges as organizations navigate the intricate web of digital systems, grappling with data protection complexities. The management of Non-Human Identities (NHIs) stands at the forefront of cybersecurity strategies, offering a robust method to safeguard……
-
National cyber director solicits industry help in fixing regulations, threat information-sharing
President Donald Trump’s chief cybersecurity adviser said a forthcoming national strategy will kick off ambitious projects. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/sean-cairncross-white-house-cybersecurity-strategy-iti/811255/
-
Poland detains defense ministry employee on suspicion of spying for Russia
The 60-year-old detainee, a Polish national, worked in the Ministry of National Defense’s strategy and planning department, including on military modernization projects, officials said. He was arrested at his workplace at the ministry’s headquarters in Warsaw. First seen on therecord.media Jump to article: therecord.media/poland-detains-defense-ministry-employee-spying
-
Security Is Shifting From Prevention to Resilience
Dan Cole, senior vice president of product management at Sophos, unpacks how cybersecurity strategy is shifting from a prevention-first mindset toward resilience and response. Cole traces his career from the early days of mass malware outbreaks like Melissa and ILOVEYOU through today’s environment of nation-state actors, AI-assisted attacks, and sprawling hybrid workforces. While the tools..…
-
National cybersecurity strategies depend on public-private trust, report warns
An influential cybersecurity think tank urged governments to consult extensively with a wide variety of business stakeholders before making ambitious plans. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/national-cybersecurity-strategies-recommendations-ccpl/811212/
-
Outages Happen to Everyone. Building a Resilient Architecture Doesn’t Have to Be Hard.
Tags: access, ai, attack, breach, business, cloud, compliance, computing, container, control, csf, cyberattack, data, defense, detection, dora, encryption, finance, framework, government, nist, regulation, resilience, service, software, strategy, technologyOutages Happen to Everyone. Building a Resilient Architecture Doesn’t Have to Be Hard. madhav Tue, 02/03/2026 – 05:21 No company is spared the pain of outages. But their impact can be mitigated by how resilient you build your business architecture. And who you choose to partner with can significantly determine how effective that will be.…