Tag: strategy
-
2026 nichts für schwache CI(S)O-Nerven
Aus Sicht von Forrester bleibt die Lage für IT-(Sicherheits-)Entscheider auch 2026 angespannt.Keine Entwarnung für IT-(Sicherheits-)Entscheider: Die Analysten von Forrester gehen in den Predictions 2026 davon aus, dass die Volatilität 2026 weiter anhält. CIOs und CISOs seien entsprechend gefordert, mit Präzision, Resilienz und strategischer Weitsicht zu führen.Das gilt den Auguren zufolge insbesondere für Künstliche Intelligenz (KI),…
-
Business continuity and cybersecurity: Two sides of the same coin
Tags: access, ai, attack, backup, breach, business, cloud, control, corporate, credentials, cyber, cybercrime, cybersecurity, data, data-breach, detection, email, finance, framework, google, incident response, infrastructure, intelligence, Internet, network, nist, ransomware, RedTeam, resilience, risk, sans, service, strategy, tactics, threat, tool, training, veeam, vulnerability, zero-trustWhy traditional business continuity plans fail against modern threats: I’ve implemented change management processes in environments requiring 99.99% uptime and I can tell you that most business continuity plans were designed for a different era. They assume that your backup systems, communication channels and recovery procedures will be available when you need them. Today’s threat…
-
Business continuity and cybersecurity: Two sides of the same coin
Tags: access, ai, attack, backup, breach, business, cloud, control, corporate, credentials, cyber, cybercrime, cybersecurity, data, data-breach, detection, email, finance, framework, google, incident response, infrastructure, intelligence, Internet, network, nist, ransomware, RedTeam, resilience, risk, sans, service, strategy, tactics, threat, tool, training, veeam, vulnerability, zero-trustWhy traditional business continuity plans fail against modern threats: I’ve implemented change management processes in environments requiring 99.99% uptime and I can tell you that most business continuity plans were designed for a different era. They assume that your backup systems, communication channels and recovery procedures will be available when you need them. Today’s threat…
-
Digital health can’t scale if cybersecurity falls behind
Tags: access, ai, attack, breach, cloud, compliance, control, cyber, cyberattack, cybersecurity, data, detection, encryption, endpoint, exploit, framework, GDPR, governance, government, healthcare, HIPAA, identity, infection, intelligence, malicious, network, nist, phishing, privacy, ransomware, regulation, resilience, risk, risk-management, strategy, technology, threat, training, virus, vulnerability, zero-trustThe unique vulnerabilities of AI systems: Traditional security frameworks are not enough for AI. Attacks on algorithms take subtler forms. I often explain to my clients that when you corrupt data, you corrupt intelligence. Data poisoning occurs when malicious data is inserted into the training process, teaching the AI to make wrong decisions later. Imagine…
-
The Shift Toward Zero-Trust Architecture in Cloud Environments
As businesses grapple with the security challenges of protecting their data in the cloud, several security strategies have emerged to safeguard digital assets and ensure compliance. One such security strategy is called zero-trust security. Zero-trust architecture fosters the ‘never trust, always verify’ principle and emphasizes the need to authenticate users without trust. Contrary to traditional security approaches that leverage perimeter-based security, zero-trust architecture assumes that threats exist outside as well..…
-
The Shift Toward Zero-Trust Architecture in Cloud Environments
As businesses grapple with the security challenges of protecting their data in the cloud, several security strategies have emerged to safeguard digital assets and ensure compliance. One such security strategy is called zero-trust security. Zero-trust architecture fosters the ‘never trust, always verify’ principle and emphasizes the need to authenticate users without trust. Contrary to traditional security approaches that leverage perimeter-based security, zero-trust architecture assumes that threats exist outside as well..…
-
The Shift Toward Zero-Trust Architecture in Cloud Environments
As businesses grapple with the security challenges of protecting their data in the cloud, several security strategies have emerged to safeguard digital assets and ensure compliance. One such security strategy is called zero-trust security. Zero-trust architecture fosters the ‘never trust, always verify’ principle and emphasizes the need to authenticate users without trust. Contrary to traditional security approaches that leverage perimeter-based security, zero-trust architecture assumes that threats exist outside as well..…
-
Metrics don’t lie, but they can be misleading when they only tell IT’s side of the story
In this Help Net Security interview, Rik Mistry, Managing Partner at Interval Group, discusses how to align IT strategy with business goals. He explains how security, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/07/rik-mistry-interval-group-it-security-metrics/
-
Optimistic About Cloud Security? You Need NHIs
What is the Pivotal Role of Non-Human Identities in Cloud Security? How secure is your organization’s cloud infrastructure? It’s a crucial question while more businesses shift to cloud environments and face complex security challenges. One often-overlooked yet vital component of a comprehensive cybersecurity strategy involves the management of Non-Human Identities (NHIs). These machine identities, comprising……
-
Smart Secrets Management for Effective Risk Reduction
Why Are Non-Human Identities the Key to Smart Secrets Management? Have you considered the role of Non-Human Identities (NHIs) in secrets management? Where digital ecosystems become increasingly complex, protecting these machine identities becomes paramount. NHIs, which comprise encrypted passwords, tokens, or keys”, akin to a digital “passport””, play a critical role in risk reduction strategies…
-
Smart Secrets Management for Effective Risk Reduction
Why Are Non-Human Identities the Key to Smart Secrets Management? Have you considered the role of Non-Human Identities (NHIs) in secrets management? Where digital ecosystems become increasingly complex, protecting these machine identities becomes paramount. NHIs, which comprise encrypted passwords, tokens, or keys”, akin to a digital “passport””, play a critical role in risk reduction strategies…
-
Building an Impenetrable Cloud with NHI Strategies
How Secure Are Your Cloud-Based Systems With NHI Management? Where data breaches are becoming increasingly common, how secure are your organization’s machine identities? With the rise of Non-Human Identities (NHIs), ensuring airtight security for machine-based communications and transactions has become essential. NHIs, which essentially involve machine identities, are crucial in securing digital interactions, just as……
-
Building an Impenetrable Cloud with NHI Strategies
How Secure Are Your Cloud-Based Systems With NHI Management? Where data breaches are becoming increasingly common, how secure are your organization’s machine identities? With the rise of Non-Human Identities (NHIs), ensuring airtight security for machine-based communications and transactions has become essential. NHIs, which essentially involve machine identities, are crucial in securing digital interactions, just as……
-
Cybersecurity für KMU: Es fehlt die kohärente Strategie
Fast ein Viertel der Führungskräfte in kleinen und mittelständischen Unternehmen (KMU) in Deutschland versteht die geschäftliche Relevanz von Cybersicherheit nicht vollständig, was zu Verzögerungen bei Entscheidungen und Investitionen führt. Die Überwachung und Abwehr von Cyberbedrohungen stellt für viele IT-Führungskräfte eine Vollzeitaufgabe dar, wobei ein erheblicher Teil der Zeit für das Troubleshooting von Sicherheitstools aufgewendet wird….…
-
Congressional leaders want an executive branch strategy on China 6G, tech supply chain
In an exclusive, Rep. Raja Krishnamoorthi, D-Ill., told CyberScoop that policymakers must learn from past mistakes around 5G. First seen on cyberscoop.com Jump to article: cyberscoop.com/exclusive-china-6g-letter-krishnamoorthi-congress-state-commerce-letters/
-
Congressional leaders want an executive branch strategy on China 6G, tech supply chain
In an exclusive, Rep. Raja Krishnamoorthi, D-Ill., told CyberScoop that policymakers must learn from past mistakes around 5G. First seen on cyberscoop.com Jump to article: cyberscoop.com/exclusive-china-6g-letter-krishnamoorthi-congress-state-commerce-letters/
-
NDSS 2025 Safety Misalignment Against Large Language Models
SESSION Session 2A: LLM Security Authors, Creators & Presenters: Yichen Gong (Tsinghua University), Delong Ran (Tsinghua University), Xinlei He (Hong Kong University of Science and Technology (Guangzhou)), Tianshuo Cong (Tsinghua University), Anyu Wang (Tsinghua University), Xiaoyun Wang (Tsinghua University) PAPER Safety Misalignment Against Large Language Models The safety alignment of Large Language Models (LLMs) is…
-
Closing the AI Execution Gap in Cybersecurity, A CISO Framework
CISOs must navigate five critical dimensions of AI in cybersecurity: augmenting security with AI, automating security with AI, protecting AI systems, defending against AI-powered threats, and aligning AI strategies with business goals. Neglecting any of these areas is a recipe for disaster. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/closing-ai-execution-gap-cybersecurity-ciso-framework
-
Closing the AI Execution Gap in Cybersecurity, A CISO Framework
CISOs must navigate five critical dimensions of AI in cybersecurity: augmenting security with AI, automating security with AI, protecting AI systems, defending against AI-powered threats, and aligning AI strategies with business goals. Neglecting any of these areas is a recipe for disaster. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/closing-ai-execution-gap-cybersecurity-ciso-framework
-
Identity-based attacks need more attention in cloud security strategies
Companies should lock down user accounts and scan for compromised credentials, according to a new report from ReliaQuest. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cloud-security-identity-attacks-reliaquest/804621/
-
Identity-based attacks need more attention in cloud security strategies
Companies should lock down user accounts and scan for compromised credentials, according to a new report from ReliaQuest. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cloud-security-identity-attacks-reliaquest/804621/
-
Anatomy of Tycoon 2FA Phishing: Tactics Targeting M365 and Gmail
The Tycoon 2FA phishing kit represents one of the most sophisticated threats targeting enterprise environments today. This Phishing-as-a-Service (PhaaS) platform, which emerged in August 2023, has become a formidable adversary against organizational security, employing advanced evasion techniques and adversary-in-the-middle (AiTM) strategies to bypass multi-factor authentication protections. According to the Any.run malware trends tracker, Tycoon 2FA…
-
Ransomware-Bande missbraucht Microsoft-Zertifikate
Kontinuierlich offenstehende Hintertüren sind für Cyberkriminelle ein Freifahrtschein.Die Ransomware-Bande Rhysida ist speziell im Unternehmensumfeld berüchtigt. Nun scheint das kriminelle Hacker-Kollektiv neue Wege einschlagen zu wollen, wie ein Bericht des US-Sicherheitsanbieters Expel nahelegt. Demnach setzen die Cyberkriminellen in ihrer aktuellen Angriffskampagne initial auf Malvertising. Die maliziösen Anzeigen laufen über die Microsoft-Suchmaschine Bing und führen auf Fake-Download-Seiten…
-
Ransomware-Bande missbraucht Microsoft-Zertifikate
Kontinuierlich offenstehende Hintertüren sind für Cyberkriminelle ein Freifahrtschein.Die Ransomware-Bande Rhysida ist speziell im Unternehmensumfeld berüchtigt. Nun scheint das kriminelle Hacker-Kollektiv neue Wege einschlagen zu wollen, wie ein Bericht des US-Sicherheitsanbieters Expel nahelegt. Demnach setzen die Cyberkriminellen in ihrer aktuellen Angriffskampagne initial auf Malvertising. Die maliziösen Anzeigen laufen über die Microsoft-Suchmaschine Bing und führen auf Fake-Download-Seiten…
-
Ransomware-Bande missbraucht Microsoft-Zertifikate
Kontinuierlich offenstehende Hintertüren sind für Cyberkriminelle ein Freifahrtschein.Die Ransomware-Bande Rhysida ist speziell im Unternehmensumfeld berüchtigt. Nun scheint das kriminelle Hacker-Kollektiv neue Wege einschlagen zu wollen, wie ein Bericht des US-Sicherheitsanbieters Expel nahelegt. Demnach setzen die Cyberkriminellen in ihrer aktuellen Angriffskampagne initial auf Malvertising. Die maliziösen Anzeigen laufen über die Microsoft-Suchmaschine Bing und führen auf Fake-Download-Seiten…
-
Deepfakes, fraud, and the fight for trust online
In this Help Net Security video, Michael Engle, Chief Strategy Officer at 1Kosmos, explains how deepfakes are changing online identity verification. He describes how fake IDs … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/04/deepfake-identity-verification-video/
-
Deepfakes, fraud, and the fight for trust online
In this Help Net Security video, Michael Engle, Chief Strategy Officer at 1Kosmos, explains how deepfakes are changing online identity verification. He describes how fake IDs … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/04/deepfake-identity-verification-video/