Tag: strategy
-
How can secrets security fit within a tight IT budget
Are Non-Human Identities the Missing Piece in Your Cybersecurity Strategy? How often do we consider the importance of non-human identities (NHIs)? These machine identities are increasingly at the forefront of security strategies, especially for organizations operating in the cloud. By managing NHIs effectively, businesses can bridge the gap between security and R&D teams, creating a……
-
CERN: how does the international research institution manage risk?
Tags: access, ai, business, compliance, control, cyber, cybersecurity, defense, framework, governance, group, international, iot, LLM, network, risk, service, strategy, technology, toolStefan Lüders and Tim Bell of CERN. CERNEmploying proprietary technology can introduce risks, according to Tim Bell, leader of CERN’s IT governance, risk and compliance section, who is responsible for business continuity and disaster recovery. “If you’re a visitor to a university, you’ll want to bring your laptop and use it at CERN. We can’t…
-
ServiceNow’s $7.75 billion cash deal for Armis illustrates shifting strategies
Tags: access, ai, attack, authentication, automation, business, ceo, cio, ciso, computing, control, cyber, governance, identity, incident response, intelligence, iot, risk, service, strategy, tool, update, vulnerabilityVisibility is the key: “For decades, the CIO’s white whale has been a precise, real-time Configuration Management Database [CMDB]. Most are outdated the moment they are populated,” said Whisper Security CEO Kaveh Ranjbar. The Armis acquisition “is an admission that in an era of IoT, OT, and edge computing, you cannot rely on manual entry…
-
The 3% Rule: How To Silence 97% of Your Cloud Alerts and Be More Secure
Tags: access, ai, attack, breach, business, cloud, cve, cvss, data, data-breach, flaw, iam, identity, infrastructure, least-privilege, malicious, metric, network, ransomware, risk, security-incident, service, software, strategy, threat, tool, update, vulnerability, vulnerability-managementPrioritizing what to fix first and why that really matters Key takeaways The 97% distraction: Discover why the vast majority of your “Critical” alerts are just theoretical noise, and how focusing strictly on the 3% of findings that represent real, exploitable risk can drastically improve your security posture. Identity is the accelerant: Breaches rarely happen…
-
Why outsourced cyber defenses create systemic risks
Tags: access, ai, attack, backdoor, breach, business, ciso, cloud, compliance, corporate, cyber, cybercrime, cybersecurity, data, defense, detection, dora, exploit, finance, framework, GDPR, governance, government, hacker, healthcare, infrastructure, law, malicious, monitoring, moveIT, msp, nis-2, ransomware, regulation, resilience, risk, software, strategy, supply-chain, threat, tool, vulnerability, zero-trustRisk categories of outsourced IT & cybersecurity: When you outsource, responsibility shifts, but accountability never leaves you. The risks fall into clear categories. Operational risks The most basic risk is fragile continuity. In 2017, British Airways outsourced parts of its IT operations. A system outage grounded flights worldwide. The vendor contract delivered savings, but it…
-
Japan Adopts New Cybersecurity Strategy to Counter Rising Cyber Threats
The Japanese government has formally adopted a new cybersecurity strategy that will guide national policy over the next five years. The decision was approved at a cabinet meeting on Tuesday and aims at strengthening Japanese cybersecurity coordination across civilian, law enforcement, and defense institutions. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/japan-cybersecurity-strategy-five-year-plan/
-
Agentic AI already hinting at cybersecurity’s pending identity crisis
Agentic AI’s identity crisis: Authentication and agentic experts interviewed, three of whom estimate that less than 5% of enterprises experimenting with autonomous agents have deployed agentic identity systems, say the reasons for this lack of security hardening are varied.First, many of these efforts are effectively shadow IT, where a line of business (LOB) executive has…
-
US Must Go on Offense in Cyberspace, Report Warns
Report: China, Russia Exploiting US Cyber Policy Gaps to Gain Strategic Advantage. A new McCrary Institute report urges Washington to adopt a more offensive cyber strategy, warning that the current reactive approach leaves the U.S. unable to counter China and Russia’s persistent campaigns to gain asymmetric leverage in cyberspace. First seen on govinfosecurity.com Jump to…
-
Zero Trust AI Security: The Comprehensive Guide to Next-Generation Cybersecurity in 2026
The traditional perimeter-based security model has become obsolete in today’s distributed digital environment. With 82% of organizations now operating in hybrid or multi-cloud infrastructures and remote work becoming the standard, the concept of a secure network boundary no longer exists. Zero Trust AI Security represents the evolution of cybersecurity strategy-combining the principles of zero trust…
-
Think you can beat ransomware? RansomHouse just made it a lot harder
Tags: access, attack, backup, corporate, data, detection, encryption, endpoint, extortion, incident response, leak, monitoring, ransom, ransomware, strategy, updateRansomHouse attempts double extortion: Beyond the cryptographic update, RansomHouse leverages a double extortion model, which involves exfiltrating data and threatening public disclosure in addition to encrypting it, to add pressure on victims to pay.This layered pressure tactic, already a common feature of modern ransomware attacks, complicates incident response timelines and negotiating strategies for corporate security…
-
Can NHIs handle complex security requirements
Are Non-Human Identities the Key to Meeting Complex Security Requirements? Is your organization prepared to handle the intricate security challenges posed by the digital transformation? With digital expand, the utilization of Non-Human Identities (NHIs) becomes an imperative strategy for addressing complex security needs. Combining machine learning, tokenization, and access management, NHIs serve as a crucial……
-
Can NHIs drive better data security practices
How Do Non-Human Identities (NHIs) Enhance Data Security Practices? Have you ever considered the importance of firmly managing Non-Human Identities (NHIs) in your organization’s data security strategy? With digital becomes increasingly sophisticated, safeguarding machine identities is crucial for shielding sensitive information from potential threats. Understanding Non-Human Identities in Data Security NHIs, also known as machine……
-
CISO Spotlight: Lefteris Tzelepis on Leadership, Strategy, and the Modern Security Mandate
Lefteris Tzelepis, CISO at Steelmet /Viohalco Companies, was shaped by cybersecurity. From his early exposure to real-world attacks at the Greek Ministry of Defense to building and leading security programs inside complex enterprises, his career mirrors the evolution of the CISO role itself. Now a group CISO overseeing security across multiple organizations, Lefteris brings a…
-
Keeper Security Bolsters Federal Leadership to Advance Government Cybersecurity Initiatives
Keeper Security has announced the appointment of two new additions to its federal team, with Shannon Vaughn as Senior Vice President of Federal and Benjamin Parrish, Vice President of Federal Operations. Vaughn will lead Keeper’s federal business strategy and expansion, while Parrish will oversee the delivery and operational readiness of Keeper’s federal initiatives, supporting civilian,…
-
FireTail’s 2022 Review on Macro, Industry, and Thoughts About What’s Next FireTail Blog
Tags: ai, api, attack, cloud, cyber, cybercrime, cybersecurity, data, exploit, finance, government, infrastructure, intelligence, Internet, jobs, office, open-source, regulation, russia, startup, strategy, technology, usa, vulnerabilityDec 19, 2025 – Jeremy Snyder – New beginnings, such as new years, provide a nice opportunity to look back at what we have just experienced, as well as look forward to what to expect. 2022 was a year of transition in many ways, and 2023 may well be the same. I wanted to reflect…
-
A Good Year for North Korean Cybercriminals
North Korea shifted its strategy to patiently target bigger fish for larger payouts, using sophisticated methods to execute attacks at opportune times. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/good-year-north-korean-cybercriminals
-
Why Organizations Need to Modify Their Cybersecurity Strategy for 2026
Cybersecurity planning continues to advance as organisations integrate new software, cloud platforms, and digital tools into nearly every… First seen on hackread.com Jump to article: hackread.com/organizations-modify-cybersecurity-strategy-2026/
-
Why Organizations Need to Modify Their Cybersecurity Strategy for 2026
Cybersecurity planning continues to advance as organisations integrate new software, cloud platforms, and digital tools into nearly every… First seen on hackread.com Jump to article: hackread.com/organizations-modify-cybersecurity-strategy-2026/
-
The Biggest Cyber Stories of the Year: What 2025 Taught Us
Tags: access, attack, authentication, awareness, banking, breach, business, ciso, cloud, compliance, container, control, cyber, cyberattack, cybersecurity, data, data-breach, email, encryption, endpoint, exploit, government, healthcare, iam, identity, incident, incident response, Internet, law, metric, mfa, monitoring, network, privacy, regulation, resilience, risk, service, software, strategy, supply-chain, technology, threat, tool, vulnerability, vulnerability-management, zero-day, zero-trustThe Biggest Cyber Stories of the Year: What 2025 Taught Us madhav Thu, 12/18/2025 – 10:30 2025 didn’t just test cybersecurity; it redefined it. From supply chains and healthcare networks to manufacturing floors and data centers, the digital world was reminded of a simple truth: everything is connected, and everything is at risk. Data Security…
-
What is NHIDR and why is it important
How Can Non-Human Identity Detection Revolutionize Cybersecurity? Could your company be overlooking a critical component in its cybersecurity strategy? Non-Human Identities (NHIs) and their secrets are becoming increasingly critical to manage effectively. With the workforce expands beyond human employees to include machine identities, organizations must adapt by integrating Non-Human Identity Detection (NHIDR) into their cybersecurity……
-
Complying with the Monetary Authority of Singapore’s Cloud Advisory: How Tenable Can Help
Tags: access, advisory, attack, authentication, best-practice, business, cloud, compliance, container, control, country, credentials, cyber, cybersecurity, data, data-breach, finance, fintech, framework, google, governance, government, iam, identity, incident response, infrastructure, intelligence, Internet, kubernetes, least-privilege, malicious, malware, mfa, microsoft, mitigation, monitoring, oracle, regulation, resilience, risk, risk-assessment, risk-management, service, software, strategy, technology, threat, tool, vulnerability, vulnerability-management, zero-trustThe Monetary Authority of Singapore’s cloud advisory, part of its 2021 Technology Risk Management Guidelines, advises financial institutions to move beyond siloed monitoring to adopt a continuous, enterprise-wide approach. These firms must undergo annual audits. Here’s how Tenable can help. Key takeaways: High-stakes compliance: The MAS requires all financial institutions in Singapore to meet mandatory…
-
The 12 Months of Innovation: How Salt Security Helped Rewrite API AI Security in 2025
Tags: access, ai, api, attack, automation, breach, business, ciso, cloud, compliance, control, crowdstrike, cyber, data, data-breach, defense, detection, email, exploit, github, governance, injection, insurance, intelligence, privacy, risk, risk-management, software, strategy, supply-chain, threat, tool, wafAs holiday lights go up and inboxes fill with year-in-review emails, it’s tempting to look back on 2025 as “the year of AI.” But for security teams, it was something more specific the year APIs, AI agents, and MCP servers collided across the API fabric, expanding the attack surface faster than most organizations could keep…
-
Enterprises Gear Up Ahead of 2026’s IT Transformation Shift
Experts predict big changes are coming for IT infrastructure in 2026 driven by AI adoption, hybrid cloud strategies, and evolving security demands. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/enterprises-gear-up-for-2026-s-it-transformation
-
Enterprises Gear Up Ahead of 2026’s IT Transformation Shift
Experts predict big changes are coming for IT infrastructure in 2026 driven by AI adoption, hybrid cloud strategies, and evolving security demands. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/enterprises-gear-up-for-2026-s-it-transformation
-
Why You Should Train Your SOC Like a Triathlete
The key elements in a security operations center’s strategy map very closely to the swim/bike/run events in a triathlon. SOCs, like triathletes, perform well when their inputs are strong. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/why-you-should-train-your-soc-like-triathlete
-
Why You Should Train Your SOC Like a Triathlete
The key elements in a security operations center’s strategy map very closely to the swim/bike/run events in a triathlon. SOCs, like triathletes, perform well when their inputs are strong. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/why-you-should-train-your-soc-like-triathlete
-
The devil of proposed SEC AI disclosure rule is in the details
Tags: advisory, ai, awareness, business, ceo, compliance, cybersecurity, data, government, intelligence, jobs, law, risk, sans, service, software, strategy, technology, tool, trainingnot use AI for some purposes. Attorneys who have studied the proposal note that the AI rule, just like the SEC’s cybersecurity rule from about two years ago, won’t technically require anything to be reported that wouldn’t have already required reporting. The new rule refers only to material AI efforts and ever since the creation of…
-
Parked Domains Emerge as a Primary Channel for Malware and Phishing
The landscape of domain parking has transformed dramatically over the past decade, shifting from a relatively benign monetization strategy to a sophisticated vector for cybercrime. New research into the modern parking ecosystem reveals a startling reality: over 90% of visitors to parked domains encounter malicious content, scams, or phishing attacks a stark reversal from conditions…