Tag: strategy

6 critical mistakes that undermine cyber resilience (and how to fix them)

Apr 3, 2026 10:52 PM

Tags: attack, automation, backup, best-practice, business, compliance, cyber, cybersecurity, data, detection, edr, endpoint, guide, identity, intelligence, malware, metric, network, ransomware, resilience, risk, soc, strategy, threat, tool, update, vulnerability

Guide to Managing Strong Personalities During a Cybercrisis. Mistake 2: Fragmented asset and risk views: Fragmented asset and risk views make it difficult for teams to understand what is actually in their environment and where the most pressing exposures reside. When devices, configurations, and identity data live in separate tools or are maintained inconsistently, gaps…
Cloudflare’s new CMS is not a WordPress killer, it’s a WordPress alternative

Apr 3, 2026 5:50 AM

Tags: access, ai, business, ceo, control, framework, group, least-privilege, risk, strategy, vulnerability, wordpress

The next wave of web development: In an interview with Computerworld, Cloudflare senior product manager Matt Taylor said his team sees the project as the next wave of web development platforms.”There is a whole new generation of developers, and WordPress is old news to them. If you are starting today, there is no way you…
OT Cyber Resilience: Strategic Data Protection for IEC 62443 and NIS2 Compliance

Apr 2, 2026 2:51 PM

Tags: backup, compliance, cyber, data, infrastructure, nis-2, ransomware, resilience, strategy

Learn how to protect OT systems, ICS, and SCADA infrastructure from ransomware with backup strategies built for legacy, air-gapped industrial environments. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/ot-cyber-resilience-strategic-data-protection-for-iec-62443-and-nis2-compliance/
Hasbro Discloses Cyberattack After Unauthorized Network Access Detected

Apr 2, 2026 9:51 AM

Tags: access, cyberattack, cybersecurity, incident response, network, security-incident, strategy, unauthorized

Hasbro, Inc., the Rhode Island-based toy manufacturer, has disclosed a cybersecurity incident, revealing that unauthorized access to its network was detected on March 28, 2026. In response to the Hasbro cyberattack, the company immediately activated its security incident response protocols and implemented containment strategies, including taking certain systems offline. It launched a thorough investigation with…
WhatsApp malware campaign uses malicious VBS files to gain persistent access

Apr 1, 2026 2:29 PM

Tags: access, backdoor, control, malicious, malware, microsoft, monitoring, strategy, tool

MSI as the backdoor vehicle for persistence: The final stages of the campaign lead to persistence, using Microsoft Installer (MSI) packages as the delivery mechanism for backdoors.MSI files are an effective choice as they are not usually treated as inherently suspicious and can execute custom actions during installation. In this campaign, they are used to…
Security awareness is not a control: Rethinking human risk in enterprise security

Apr 1, 2026 12:29 PM

Tags: access, attack, authentication, awareness, banking, best-practice, breach, business, control, corporate, credentials, crowdstrike, defense, email, exploit, finance, framework, Hardware, healthcare, identity, infrastructure, malware, mfa, monitoring, passkey, password, phishing, radius, risk, security-incident, social-engineering, strategy, tactics, threat, training, vulnerability

The predictability of human error: Human error is sometimes viewed as an exception in security incident conversations, as if a breach happened because someone made a mistake that should have been prevented. Human error is a constant in complex systems, especially in huge organizations where everyday operations are shaped by scale, pace, and conflicting agendas.…
Why be optimistic about the future of Agentic AI?

Apr 1, 2026 5:30 AM

Tags: ai, cloud, cybersecurity, strategy

How Do Non-Human Identities Revolutionize Cloud Security? Have you ever wondered about the hidden complexities lurking behind cloud security? Organizations are increasingly reliant on cloud-based solutions, and one of the most innovative strategies to bolster security is through effective management of Non-Human Identities (NHIs). These NHIs are crucial players in cybersecurity, particularly when dealing with……
What makes Agentic AI a powerful ally in cybersecurity?

Apr 1, 2026 5:30 AM

Tags: ai, cloud, cybersecurity, strategy

How Do Non-Human Identities Elevate Cybersecurity Strategies? Evolving cybersecurity demands innovative approaches to safeguard digital assets, and Non-Human Identities (NHIs) are at the forefront of this transformation. But what exactly are NHIs, and how do they fit into the broader context of cybersecurity, particularly in cloud environments? NHIs represent machine identities used within cybersecurity frameworks….…
Beyond the Spectacle RSAC 2026 and The 5 Layers of AI Security FireTail Blog

Mar 31, 2026 6:31 PM

Tags: ai, attack, business, conference, control, cybersecurity, data, detection, edr, framework, LLM, strategy, technology, tool, vulnerability, vulnerability-management

Mar 31, 2026 – Jeremy Snyder – If you were at RSA Conference last year, you probably remember the goats. Or the puppies. Or the miniature petting zoos. It was a year of “over-the-top” spectacle. A bit of a circus, if I’m being honest.Coming into RSAC 2026, the vibe shifted. The show floor was noticeably…
What’s new in Tenable Cloud Security: Custom policies, AWS ABAC, and research-driven protection

Mar 31, 2026 6:31 PM

Tags: access, ai, api, attack, automation, business, cloud, container, control, cve, data, data-breach, exploit, framework, google, governance, iam, identity, intelligence, least-privilege, malicious, monitoring, network, remote-code-execution, risk, risk-analysis, service, software, strategy, supply-chain, threat, tool, unauthorized, update, vulnerability

Stop the noise and scale your cloud security. Our latest updates introduce custom policy automation via Explorer, AWS ABAC support for true least privilege, and research-backed protection against critical vulnerabilities, all designed to slash MTTR without disrupting your DevOps workflows. Key takeaways Automated governance via Explorer: Harness the power of Tenable’s unified data model, transforming…
Rethinking Vulnerability Management Strategies for Mid-Market Security

Mar 31, 2026 6:31 PM

Tags: attack, cve, defense, Intruder, strategy, vulnerability, vulnerability-management

Intruder’s Chris Wallis argues mid-market teams should prioritize CVE remediation speed over vulnerability counts, while expanding defenses beyond CVEs to include attack surface management. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/rethinking-vulnerability-management-strategies-for-mid-market-security
How we made Trail of Bits AI-native (so far)

Mar 31, 2026 4:30 PM

Tags: access, ai, application-security, attack, automation, blockchain, business, ceo, chatgpt, computer, computing, conference, control, data, email, germany, government, identity, injection, jobs, macOS, marketplace, nvidia, open-source, risk, service, skills, strategy, supply-chain, technology, threat, tool, vulnerability

This post is adapted from a talk I gave at [un]prompted, the AI security practitioner conference. Thanks to Gadi Evron for inviting me to speak. You can watch the recorded presentation below or download the slides. Most companies hand out ChatGPT licenses and wait for the productivity numbers to move. We built a system instead.…
8 ways to bolster your security posture on the cheap

Mar 31, 2026 12:29 PM

Tags: access, attack, authentication, awareness, breach, ciso, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, ddos, dkim, dmarc, dns, email, endpoint, exploit, finance, google, identity, Internet, metric, mfa, microsoft, mitigation, okta, passkey, password, phishing, risk, risk-management, service, strategy, technology, tool, training, update, waf, zero-day

2. Take full advantage of your existing tools: A practical way to strengthen enterprise security without incurring additional significant spend is to ensure you’re fully leveraging the capabilities of solutions already present within your organization, says Gary Brickhouse, CISO at security services firm GuidePoint Security.”Most organizations have invested heavily in security solutions, yet most are…
Ransomware in 2025: Blending in is the strategy

Mar 31, 2026 12:29 PM

Tags: identity, ransomware, strategy, tactics

A summary of the top ransomware trends from the Talos 2025 Year in Review, with a focus on identity, attacker tactics, and practical defenses. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/ransomware-in-2025-blending-in-is-the-strategy/
From Visibility to Action: Modernizing Security Operations with Cisco, Optiv, and Splunk

Mar 30, 2026 11:29 PM

Tags: cisco, cyber, strategy, technology, threat

On Demand video from Cisco. As cyber threats grow more complex, organizations need security programs that work smarter, not harder. Hear how Optiv, Cisco, and Splunk combine strategy and technology to help security teams gain clarity, respond faster, and stay ahead of attackers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/from-visibility-to-action-modernizing-security-operations-cisco-optiv-splunk-a-31298
KI-Rausch und Qualitäts-Kater

Mar 30, 2026 6:30 PM

Tags: ai, strategy

Unternehmen investieren Milliarden in generative KI für die Code-Entwicklung. Doch wer investiert in das intelligente Gegengewicht, das für die nötige Stabilität sorgt? Ein Expertenkommentar von Roman Zednik, Field CTO bei Tricentis, der die vergessene zweite Hälfte einer erfolgreichen KI-Strategie beleuchtet und zeigt, warum der alleinige Fokus auf Entwicklerproduktivität gefährlich kurzsichtig ist. Ein historischer Budget-Shift […]…
vDefend’s Built-in Advantage: Enable Closed-Loop Lateral Security for Zero-Trust Private Cloud

Mar 30, 2026 4:30 PM

Tags: cloud, cybersecurity, finance, strategy, zero-trust

Cybersecurity strategy now shapes how enterprises design cloud platforms, application environments, and core infrastructure. The financial stakes are significant. The next step is architectural: turning zero-trust strategy into foundational systems that enforce it by design rather than as an afterthought. In private cloud environments, that shift matters. Segmentation macro as well as micro .. First…
APIs are the new perimeter: Here’s how CISOs are securing them

Mar 30, 2026 1:29 PM

Tags: access, ai, api, attack, authentication, banking, breach, business, ciso, cloud, compliance, computer, control, credentials, cyber, data, data-breach, defense, edr, endpoint, exploit, finance, gartner, governance, group, Hardware, identity, infrastructure, iot, least-privilege, malicious, mobile, monitoring, network, risk, risk-assessment, saas, service, software, strategy, technology, threat, tool, unauthorized, vulnerability, vulnerability-management, waf

Legacy defenses can’t keep up: Traditional perimeter-based defenses are often insufficient against API-layer attacks. Traditional security defenses, such as EDR, XDR, and WAF, “primarily focus on clients, hardware, and software endpoints, looking at IP-based attack vectors,” explains BECU’s Murphy. “APIs bring us into the world of business logic and runtime types of issues.”Others agree that…
World Back Up Day 2026 What are the takeaways?

Mar 30, 2026 12:30 PM

Tags: backup, data, resilience, strategy

World Backup Day is often seen as a simple reminder to save your data, but this year, security leaders say backup strategies must evolve into fully tested, secure, and recovery-focused resilience plans. Here’s what organisations should take away from World Backup Day this year: 1. Backups are meaningless if recovery isn’t provenIt’s no longer enough…
Backups testen, schützen und wiederherstellen

Mar 30, 2026 8:30 AM

Tags: backup, encryption, service, strategy

Backups sind ein zentraler Bestandteil der Unternehmens- und Cyberresilienz Sie sollten nicht nur erstellt, sondern regelmäßig getestet und im Ernstfall zuverlässig wiederhergestellt werden können. Eine wirksame Backup-Strategie umfasst Schutz, Verschlüsselung, klare Wiederherstellungspläne sowie bewährte Vorgehensweisen wie die 3-2-1-Regel, da viele Datenverluste auf fehlerhafte Backups zurückgehen. Professionell gemanagte Backup-Lösungen etwa durch Managed Service Provider … First…
Can Agentic AI keep you ahead in cybersecurity?

Mar 28, 2026 11:30 PM

Tags: ai, cybersecurity, finance, healthcare, service, strategy

Can Machine Identities Redefine Security? Understanding Non-Human Identities and Their Impact What if the key to future-proofing your cybersecurity strategy lies in managing machine identities effectively? Non-Human Identities (NHIs) have become fundamental to organizational security frameworks. Their significance cannot be overstated, particularly in sectors like financial services, healthcare, and travel, where NHIs support critical operations……
Google’s 2029 Quantum Deadline Is a Wake-Up Call

Mar 27, 2026 10:30 PM

Tags: cryptography, encryption, google, strategy

Google’s Accelerated PQC Timeline Demands Enterprise Action Now. Google set a public deadline for migrating to post-quantum cryptography, setting a strong signal for IT and security leaders that they too should transition their encryption into more robust algorithms. Enterprises need a migration strategy now before the window closes. First seen on govinfosecurity.com Jump to article:…
How are NHIs supported in regulatory compliance?

Mar 26, 2026 11:49 PM

Tags: compliance, identity, password, strategy

Can Effective Non-Human Identity Management Elevate Your Compliance Strategy? The management of Non-Human Identities (NHIs) has become a crucial aspect of regulatory compliance. NHIs, often referred to as machine identities, play an integral role in securing digital infrastructures. They are composed of an encrypted password, token, or key (the “Secret”) and the permissions granted by……
The CISO’s guide to responding to shadow AI

Mar 26, 2026 8:47 PM

Tags: ai, breach, business, ciso, cybersecurity, data, governance, guide, mitigation, privacy, risk, strategy, technology, tool, training, update

Understand why AI is being used: If CISOs want to manage shadow AI effectively, they need to understand why it keeps popping up. The immediate reaction may be to shut down the use of shadow AI, but there must be more to the response than that.”Our focus is understanding why they’re using it, educating them…
Uncover prompt injection, insider threats with the Tenable One Model Refusal Detection

Mar 26, 2026 7:47 PM

Tags: access, ai, attack, business, chatgpt, corporate, cyber, cybersecurity, data, data-breach, defense, detection, google, group, injection, LLM, malicious, monitoring, openai, privacy, risk, strategy, threat, unauthorized

Tenable One’s new Model Refusal Detection turns an LLM’s refusal to execute a risky or suspicious prompt into a high-fidelity early warning signal. It helps you uncover and stop prompt injection attacks, insider threats, and other risky user behaviors before they escalate into a breach. Key takeaways: AI has shifted traditional cyber detection methods away…
CrowdStrike AgentWorks Expansion Gives ‘Big’ Boost To Security For Partners: CEO George Kurtz

Mar 26, 2026 6:47 PM

Tags: ai, ceo, crowdstrike, strategy

CrowdStrike is aiming to enable partners to accelerate their strategies around building security agents with a major new expansion to the Charlotte AI AgentWorks platform, CrowdStrike CEO George Kurtz tells CRN. First seen on crn.com Jump to article: www.crn.com/news/security/2026/crowdstrike-agentworks-expansion-gives-big-boost-to-security-for-partners-ceo-george-kurtz
7 Tipps für eine sichere WebsiteStrategie

Mar 26, 2026 9:46 AM

Tags: backup, strategy, update

Ihre Website ist Vertriebsplattform, Imagefaktor und oft geschäftskritisch. Doch was passiert, wenn sie plötzlich offline ist? Haben Sie ein aktuelles und funktionierendes Backup der Website? Ob durch fehlerhafte Updates, Hackerangriffe oder menschliche Fehler: Eine zerschossene Website oder ein kompletter Website-Ausfall kommt meist unerwartet und schneller, als man denkt. Trotzdem wird das Thema Backup oft […]…
Warum Unternehmen die 31Methode nutzen sollten

Mar 26, 2026 7:47 AM

Tags: backup, ransomware, strategy

Die 3-2-1-Backup-Strategie ist eine technische Mindestanforderung für resiliente IT”‘Infrastrukturen, da Datenverluste durch Ausfälle, Fehlkonfigurationen oder Ransomware erhebliche Betriebs”‘ und Compliance”‘Risiken verursachen. Sie basiert auf drei Datenkopien auf zwei unterschiedlichen Medientypen, davon eine räumlich getrennte, idealerweise offline oder immutable, um Single Points of Failure zu vermeiden. Entscheidend sind regelmäßige Restore”‘Tests sowie klare RPO/RTO”‘Definitionen, denn nur verifizierbare……
What innovative methods secure Agentic AI?

Mar 26, 2026 1:46 AM

Tags: ai, cloud, cybersecurity, strategy

How Can Non-Human Identities Securely Navigate Digital? Understanding the nuances of Non-Human Identities (NHIs) in cybersecurity is crucial for organizations striving to secure their assets. The management of NHIs, primarily those used within cloud environments, has emerged as a pivotal aspect of cybersecurity strategies, requiring nuanced approaches and innovative solutions. But what exactly are NHIs,……
Cybercrime Disruption Demands Global Trust and Coordination

Mar 25, 2026 11:48 PM

Tags: crime, cyber, cybercrime, group, strategy

UK Cyber Official Paul Foster on Cross-Border Takedowns, New Disruption Playbook. Dismantling cybercrime groups requires more than technical capability. It demands trust, coordinated strategy and cross-border collaboration, says Paul Foster, head of the National Cyber Crime Unit at the U.K.’s National Crime Agency. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cybercrime-disruption-demands-global-trust-coordination-a-31172