Tag: strategy

Cybersecurity Predictions 2026: The Hype We Can Ignore (And the Risks We Can’t)

Jan 9, 2026 2:01 PM

Tags: cybersecurity, data, risk, strategy

As organizations plan for 2026, cybersecurity predictions are everywhere. Yet many strategies are still shaped by headlines and speculation rather than evidence. The real challenge isn’t a lack of forecasts”, it’s identifying which predictions reflect real, emerging risks and which can safely be ignored.An upcoming webinar hosted by Bitdefender aims to cut through the noise…
Campaigners urge UK to develop digital sovereignty strategy

Jan 9, 2026 7:01 AM

Tags: cybersecurity, resilience, strategy, technology

UK digital rights campaigners have urged UK parliamentarians to implement a digital sovereignty strategy as part of the forthcoming Cybersecurity and Resilience Bill to reduce reliance on technology subject to foreign interference First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366637125/Campaigners-urge-UK-to-develop-digital-sovereignty-strategy
Like it or not, AI will transform cyber strategy in 2026

Jan 9, 2026 7:01 AM

Tags: ai, compliance, cyber, governance, intelligence, risk, skills, strategy

Bubble or no bubble, from cyber skills to defensive strategies to governance, risk and compliance, artificial intelligence will remake the cyber world in 2026 First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366637095/Like-it-or-not-AI-will-transform-cyber-strategy-in-2026
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
Cybersecurity at the edge: Securing rugged IoT in mission-critical environments

Jan 8, 2026 5:05 PM

Tags: 5G, access, attack, authentication, breach, business, cio, compliance, control, credentials, cyber, cybersecurity, data, data-breach, defense, detection, firmware, framework, gartner, Hardware, HIPAA, identity, infrastructure, iot, leak, least-privilege, mitigation, monitoring, network, nist, password, risk, strategy, supply-chain, technology, theft, threat, unauthorized, update, vpn, vulnerability, zero-trust

Defense: Compromised devices can leak mission-critical data or disrupt tactical communications.Utilities: Operational paralysis halts power distribution or water treatment, impacting millions.Public safety: Emergency response systems fail during crises, endangering lives.According to Gartner, in 2023, IoT-related incidents in critical infrastructure surged 400% over the previous three years and the average cost of an OT breach exceeded…
Cybersecurity at the edge: Securing rugged IoT in mission-critical environments

Jan 8, 2026 5:05 PM

Tags: 5G, access, attack, authentication, breach, business, cio, compliance, control, credentials, cyber, cybersecurity, data, data-breach, defense, detection, firmware, framework, gartner, Hardware, HIPAA, identity, infrastructure, iot, leak, least-privilege, mitigation, monitoring, network, nist, password, risk, strategy, supply-chain, technology, theft, threat, unauthorized, update, vpn, vulnerability, zero-trust

Defense: Compromised devices can leak mission-critical data or disrupt tactical communications.Utilities: Operational paralysis halts power distribution or water treatment, impacting millions.Public safety: Emergency response systems fail during crises, endangering lives.According to Gartner, in 2023, IoT-related incidents in critical infrastructure surged 400% over the previous three years and the average cost of an OT breach exceeded…
Relevante Cybersecurity-Entwicklungen 2026

Jan 8, 2026 3:01 PM

Tags: ai, ceo, cybersecurity, cyersecurity, strategy

Welche Entwicklungen sind 2026 in puncto Cybersicherheit relevant und worauf müssen sich Unternehmen, Management und Sicherheitsteams einstellen? Nick Schneider, President und CEO von Arctic Wolf, gibt einen Ausblick auf die für Wirtschaft und Gesellschaft wichtigsten Cybersicherheit-Entwicklungen im neuen Jahr. Markt und Strategie Im Jahr 2026 wird KI der Treiber für eine umfassende Marktkonsolidierung sein. Die […]…
Top cyber threats to your AI systems and infrastructure

Jan 8, 2026 9:01 AM

Tags: ai, api, attack, best-practice, business, chatgpt, ciso, cloud, cyber, cybersecurity, data, defense, detection, exploit, framework, governance, hacker, infrastructure, injection, intelligence, LLM, malicious, mitre, monitoring, open-source, RedTeam, risk, sans, service, skills, software, strategy, supply-chain, tactics, theft, threat, tool, training, unauthorized, usa, vulnerability

Data poisoning Data poisoning is a type of attack in which bad actorsmanipulate, tamper with, and pollute the data used to develop or train AI systems, including machine learning models. By corrupting the data or introducing faulty data, attackers can alter, bias, or otherwise render inaccurate a model’s performance.Imagine an attack that tells a model…
How scalable are secret management methods for NHIs?

Jan 8, 2026 12:01 AM

Tags: cybersecurity, infrastructure, strategy, technology

How Do Non-Human Identities Influence Cybersecurity Strategies? What role do Non-Human Identities (NHIs) play in your cybersecurity strategy? Where technology is increasingly shaped by machine-to-machine interactions, the significance of NHIs has grown exponentially. These identities are not just essential but central to infrastructure integrity. NHIs encompass machine identities, which are represented through unique “Secrets” such……
UK announces plan to strengthen public sector cyber defenses

Jan 7, 2026 2:01 PM

Tags: cyber, cybersecurity, defense, government, strategy

The United Kingdom has announced a new cybersecurity strategy, backed by more than £210 million ($283 million), to boost cyber defenses across government departments and the wider public sector. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/uk-announces-plan-to-strengthen-public-sector-cyber-defenses/
Dark Web Intelligence: How to Leverage OSINT for Proactive Threat Mitigation

Jan 7, 2026 11:01 AM

Tags: cybercrime, dark-web, data, intelligence, strategy, threat

Staying one step ahead of cybercriminals requires a proactive approach. Integrating dark web intelligence into your open-source intelligence (OSINT) gives you an early view of emerging threats. As security expert Daniel Collyer says, dark web intelligence is “an essential part of a good OSINT strategy,” it’s the information that’s invisible on the surface web. Open-source intelligence is when you take all the publicly available data and turn it..…
8 things CISOs can’t afford to get wrong in 2026

Jan 7, 2026 8:52 AM

Tags: access, advisory, ai, attack, automation, awareness, breach, business, ciso, cloud, communications, compliance, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, dora, encryption, finance, firmware, GDPR, healthcare, identity, incident response, india, infrastructure, injection, insurance, intelligence, iot, jobs, law, malicious, monitoring, network, privacy, ransom, regulation, resilience, risk, saas, scam, service, software, strategy, supply-chain, tactics, technology, theft, threat, tool, training, update, vulnerability, zero-trust

“Identity and access controls for AI agents and AI platforms are one of the most important areas of concern for CISOs,” says Jason Stading, director at global technology research and advisory firm ISG. “Right now, permissions and access rights for AI are a black box in many areas. We will see a major push over…
Cybersecurity hat kein Budget-Problem

Jan 7, 2026 5:52 AM

Tags: breach, business, ciso, compliance, cyberattack, cybersecurity, cyersecurity, governance, jobs, risk, security-incident, strategy

Ein Tag im Leben eines Sicherheitsentscheiders”¦Wenn es um Security-Budgets geht, dreht sich ein Großteil der (Online-)Diskussionen darum, wie man das “Board” für sich gewinnt und Investitionen rechtfertigt. Einige Ansätze basieren auf spezifischen Finanzmodellen und zielen darauf ab, den Return on Investment (ROI) zu rechtfertigen. Andere konzentrieren sich eher darauf, Risiken zu quantifizieren und deren Minderung…
How to manage secrets in autonomous systems effectively?

Jan 7, 2026 1:52 AM

Tags: strategy

Are Autonomous Systems Truly Secure Without Effective Secrets Management? Where autonomous systems are reshaping industries, managing the secrets that underpin their operations becomes critical. Organizations increasingly rely on autonomous systems to streamline processes and increase efficiency. But are these systems genuinely secure without a robust secrets management strategy? Combining the complexity of machinery, machine identities……
The Silent Threat to the Agentic Enterprise: Why BOLA is the #1 Risk for AI Agents

Jan 6, 2026 7:52 PM

Tags: access, ai, api, attack, breach, cloud, control, data, data-breach, exploit, flaw, infrastructure, jobs, LLM, risk, strategy, supply-chain, threat, tool, unauthorized, vulnerability, waf

In the race to deploy autonomous AI agents, organizations are inadvertently building on a foundation of shifting sand. While security teams have spent the last year focused on “Prompt Injection” and “Model Poisoning,” a much older, more dangerous adversary has quietly become the primary attack vector for the agentic era: Broken Object Level Authorization (BOLA).…
The Silent Threat to the Agentic Enterprise: Why BOLA is the #1 Risk for AI Agents

Jan 6, 2026 7:52 PM

Tags: access, ai, api, attack, breach, cloud, control, data, data-breach, exploit, flaw, infrastructure, jobs, LLM, risk, strategy, supply-chain, threat, tool, unauthorized, vulnerability, waf

In the race to deploy autonomous AI agents, organizations are inadvertently building on a foundation of shifting sand. While security teams have spent the last year focused on “Prompt Injection” and “Model Poisoning,” a much older, more dangerous adversary has quietly become the primary attack vector for the agentic era: Broken Object Level Authorization (BOLA).…
AI, Quantum, and the New Threat Frontier: What Will Define Cybersecurity in 2026?

Jan 6, 2026 10:52 AM

Tags: access, ai, api, application-security, attack, authentication, automation, business, ciso, cloud, compliance, computer, computing, container, control, crypto, cryptography, cyber, cybersecurity, data, data-breach, defense, detection, encryption, exploit, finance, flaw, framework, governance, government, healthcare, iam, identity, infrastructure, injection, LLM, malicious, metric, monitoring, network, nist, open-source, oracle, regulation, resilience, risk, service, skills, software, strategy, supply-chain, threat, tool, vulnerability, vulnerability-management, waf, zero-day, zero-trust

AI, Quantum, and the New Threat Frontier: What Will Define Cybersecurity in 2026? madhav Tue, 01/06/2026 – 04:44 If we think 2025 has been fast-paced, it’s going to feel like a warm-up for the changes on the horizon in 2026. Every time this year, Thales experts become cybersecurity oracles and predict where the industry is…
6 strategies for building a high-performance cybersecurity team

Jan 6, 2026 8:52 AM

Tags: advisory, ai, apple, attack, business, ciso, communications, compliance, cyber, cybersecurity, data, defense, intelligence, resilience, risk, service, skills, strategy, technology, threat, tool, training, update, vulnerability

2. Be clear on the mission: Sharon Chand, US cyber defense and resilience leader at professional services firm Deloitte, says a characteristic of a high-performing team is alignment on the team’s mission.To do that, though, team members need to know what the mission is and buy into it.”It has to be a very clear mission…
6 strategies for building a high-performance cybersecurity team

Jan 6, 2026 8:52 AM

Tags: advisory, ai, apple, attack, business, ciso, communications, compliance, cyber, cybersecurity, data, defense, intelligence, resilience, risk, service, skills, strategy, technology, threat, tool, training, update, vulnerability

2. Be clear on the mission: Sharon Chand, US cyber defense and resilience leader at professional services firm Deloitte, says a characteristic of a high-performing team is alignment on the team’s mission.To do that, though, team members need to know what the mission is and buy into it.”It has to be a very clear mission…
Why being proactive in NHI management is critical for security

Jan 6, 2026 12:52 AM

Tags: cloud, credentials, cybersecurity, password, strategy

Are You Guarding Your Machine Identities Effectively? The management of Non-Human Identities (NHIs) is a critical component of cybersecurity strategies for organizations operating in cloud environments. NHIs, essentially machine identities, represent a fusion of encrypted credentials, such as passwords or tokens, and their corresponding permissions. To draw an analogy, think of an NHI as a……
Cybersecurity leaders’ resolutions for 2026

Jan 5, 2026 8:52 AM

Tags: ai, api, attack, automation, breach, business, cio, ciso, cloud, communications, compliance, computing, control, cryptography, cyber, cybersecurity, data, detection, encryption, exploit, fedramp, finance, governance, group, identity, incident response, intelligence, jobs, mitigation, office, resilience, risk, saas, service, skills, soc, social-engineering, strategy, supply-chain, threat, tool, vulnerability, vulnerability-management

2. AI will dominate the agenda: Standard Chartered group CISO Cezary Piekarski expects his agenda to be dominated by AI in two ways: defining both the threat landscape and defensive architecture.”Speed is essential when mitigating attacks so leveraging AI and orchestration tools allows us to quickly automate detection and streamline incident response,” Piekarski says. “This…
NDSS 2025 A New PPML Paradigm For Quantized Models

Jan 4, 2026 9:52 PM

Tags: blockchain, conference, data, framework, Internet, ml, network, privacy, strategy

Session 7D: ML Security Authors, Creators & Presenters: Tianpei Lu (The State Key Laboratory of Blockchain and Data Security, Zhejiang University), Bingsheng Zhang (The State Key Laboratory of Blockchain and Data Security, Zhejiang University), Xiaoyuan Zhang (The State Key Laboratory of Blockchain and Data Security, Zhejiang University), Kui Ren (The State Key Laboratory of Blockchain…
Can companies truly be free from cybersecurity threats with AI

Jan 4, 2026 1:52 AM

Tags: ai, cloud, cybersecurity, framework, strategy, threat

How Can Non-Human Identities Transform Cybersecurity Strategies? Have you ever wondered how Non-Human Identities (NHIs) are becoming a cornerstone in building robust cybersecurity frameworks? With industries increasingly migrate to cloud environments, the concept of NHIs emerges as an essential component in safeguarding organizational assets. But what exactly are NHIs, and how do they fit into……
How capable are current secrets rotation systems in preventing breaches

Jan 3, 2026 5:52 AM

Tags: breach, cloud, cybersecurity, strategy

How Does Effective NHI Management Enhance Breach Prevention Strategies? What are organizations doing to protect against breaches caused by compromised Non-Human Identities (NHIs) and secrets? Where enterprises increasingly transition to cloud environments, the management of NHIs has become a critical aspect of cybersecurity frameworks. NHIs, or machine identities, are as vital as human ones. They……
ISMG Editors: How AI Is Reshaping Cybersecurity Strategy

Jan 2, 2026 4:52 PM

Tags: ai, cybersecurity, risk, strategy, threat

Also: Leadership Decisions Shaping Cybersecurity in 2026. Security leaders are heading into 2026 facing growing pressure from AI-driven risks, limited resources and an increasingly complex threat landscape. Sean Mack, who leads ISMG’s CXO Advisor practice, joined ISMG editors to discuss how these forces are reshaping security. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ismg-editors-how-ai-reshaping-cybersecurity-strategy-a-30430
Top 10 Cybersecurity Predictions for 2026

Jan 1, 2026 10:52 AM

Tags: access, ai, api, application-security, attack, authentication, automation, awareness, backdoor, backup, best-practice, blockchain, breach, business, ceo, china, ciso, cloud, communications, compliance, computer, computing, conference, control, corporate, crypto, cryptography, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, deep-fake, defense, detection, disinformation, email, encryption, espionage, exploit, extortion, finance, fraud, governance, government, group, hacker, hacking, healthcare, identity, incident response, infrastructure, intelligence, Internet, iran, korea, law, linkedin, LLM, malicious, malware, mfa, military, monitoring, msp, mssp, network, nist, north-korea, organized, phishing, privacy, programming, ransom, ransomware, regulation, risk, risk-management, russia, scam, service, skills, soc, social-engineering, software, strategy, supply-chain, tactics, technology, theft, threat, tool, training, ukraine, update, vulnerability, vulnerability-management, warfare, windows, zero-day

Top 10 Cybersecurity Predictions for 2026 The year AI changes cybersecurity forever Cybersecurity predictions are an opportunity to look forward instead of back, to be proactive instead of reactive, and to consider how changes in attackers, technology, and the security industry will impact the sustainability of managing cyber risks. Gaining future insights to the threats, targets,…
Equifax Europe CISO: Notorious breach spurred cybersecurity transformation

Dec 31, 2025 8:52 AM

Tags: access, ai, attack, authentication, awareness, breach, business, ceo, cio, ciso, cloud, computer, control, corporate, cyber, cyberattack, cybercrime, cybersecurity, data, defense, dora, espionage, finance, framework, google, government, identity, infrastructure, intelligence, network, nis-2, phishing, regulation, risk, risk-management, security-incident, service, strategy, technology, threat, update

Cloud as a new technological axis: Equifax’s $3 billion migration to the cloud, “which had been brewing for about seven years” and which the company says is the largest technological investment in its history, has involved moving more than 300 systems, over 30 product families, and thousands of customers to the company’s cloud platform, Equifax Cloud, in Spain…
Risk-Based User Sign-In Protection Strategies

Dec 31, 2025 7:51 AM

Tags: best-practice, mfa, risk, software, strategy

Learn how to implement risk-based user sign-in protection strategies. Explore adaptive mfa, contextual signals, and ciam best practices for secure software development. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/risk-based-user-sign-in-protection-strategies/
Daran scheitert Passwordless

Dec 31, 2025 5:51 AM

Tags: access, authentication, ceo, ciso, cloud, data, group, hacker, identity, iot, linux, mfa, passkey, password, phishing, risk, strategy, vpn, vulnerability, zero-trust

Passwortlose Authentifizierung im Unternehmen einzuführen, ist nur auf dem Papier einfach.Etliche Enterprise-CISOs versuchen schon seit mehr als einer Dekade, Passwörter hinter sich zu lassen. Weil aber diverse Legacy-Systeme ausschließlich auf Kennwörter ausgelegt sind, stoßen sie dabei immer wieder auf technische Hürden. Das spiegelt auch der aktuelle “ID IQ Report 2026″ von RSA (Download gegen Daten)…