CISO

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector

AI, CISO, credentials, data breach, Don't miss, Hot stuff, News, phishing, Ransomware, report, social engineering, Verizon, vulnerability disclosure, vulnerability management /

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector 2026-05-20 at 17:16 By Zeljka Zorz Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach Investigations Report. This is the first time credential theft has been knocked off the […]

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector Read More »

Communicating cyber risk in dollars boards understand

boardroom, CISO, communication, conferences, cyber resilience, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Span, strategy, tips /

Communicating cyber risk in dollars boards understand 2026-05-20 at 09:34 By Mirko Zorz In this Help Net Security interview, Nick Nieuwenhuis, Cybersecurity Architect at Nedscaper, explains why cybersecurity has not delivered the resilience that decades of investment have promised. He argues that spending has leaned too heavily on technical controls while neglecting people, processes, and

Communicating cyber risk in dollars boards understand Read More »

When ransomware hits, confidence doesn’t restore endpoints

Absolute Security, boardroom, CISO, Endpoint Security, News, Ransomware, resilience, UK, USA /

When ransomware hits, confidence doesn’t restore endpoints 2026-05-18 at 07:03 By Anamarija Pogorelec Ransomware, supply chain vulnerabilities, insider threats, compliance failures, and software disruptions remain major concerns for security leaders, according to The Ransomware Reality: Zero Days to Recover report by Absolute Security. How CISOs currently ensure endpoint resilience against ransomware (overall, %) (Source: Absolute

When ransomware hits, confidence doesn’t restore endpoints Read More »

Closing the AI governance gap in your enterprise

AI, CISO, cyber risk, cybersecurity, enterprise, News, strategy, tips, Video /

Closing the AI governance gap in your enterprise 2026-05-14 at 08:00 By Help Net Security In this Help Net Security video, Casey Bleeker, CEO at SurePath AI, talks about the AI governance gap that exists in almost every organization. Drawing from three years of conversations with IT, business, and security leaders, Casey explains why AI

Closing the AI governance gap in your enterprise Read More »

Spotting third-party cyber risk before attackers do

CISO, cyber resilience, cyber risk, cybersecurity, Don't miss, News, opinion, Risk Management, strategy, tips, Video /

Spotting third-party cyber risk before attackers do 2026-05-04 at 09:46 By Help Net Security In this Help Net Security video, Jeffrey Wheatman, SVP and Cyber Strategist at Black Kite, discusses how organizations can identify and manage third-party cyber exposures before attackers exploit them. He argues that businesses should move beyond a data-loss mindset toward one

Spotting third-party cyber risk before attackers do Read More »

Cyber Insurance Data Gives CISOs New Ammo for Budget Talks

CISO, cyber insurance /

Cyber Insurance Data Gives CISOs New Ammo for Budget Talks 2026-04-28 at 22:18 By Kevin Townsend Boards may ignore alerts, but they listen to losses: new data from Resilience links security gaps directly to financial impact. The post Cyber Insurance Data Gives CISOs New Ammo for Budget Talks appeared first on SecurityWeek. This article is

Cyber Insurance Data Gives CISOs New Ammo for Budget Talks Read More »

AI is speeding up nation-state cyber programs

CISO, cyber risk, cybersecurity, Don't miss, Features, Government, Hot stuff, Microsoft, NATO, News, North Korea, opinion, strategy /

AI is speeding up nation-state cyber programs 2026-04-24 at 08:40 By Mirko Zorz Im this Help Net Security interview, Kaja Ciglic, Senior Director, Cybersecurity Policy and Diplomacy at Microsoft, discusses how nation-state cyber programs have changed over three years. Cyber has become a core instrument of state power, integrated with military, economic, and diplomatic tools.

AI is speeding up nation-state cyber programs Read More »

A year in, Zoom’s CISO reflects on balancing security and business

CISO, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, strategy, tips, Zoom /

A year in, Zoom’s CISO reflects on balancing security and business 2026-04-23 at 09:47 By Mirko Zorz In this Help Net Security interview, Sandra McLeod, CISO at Zoom, reflects on her first year in the role. She talks about moving from reactive firefighting to business strategy, and what she heard from engineers, the board, and

A year in, Zoom’s CISO reflects on balancing security and business Read More »

Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook

Banks, CISO, cybersecurity, data, Filigran, finance, fraud, News, report, security controls /

Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook 2026-04-22 at 10:09 By Anamarija Pogorelec Financially motivated attacks continued to drive the bulk of cyber incidents against banks, insurers, and payment processors in 2025. Approximately 90% of breaches affecting financial institutions carried a financial motive, with data breaches accounting for

Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook Read More »

CISO Conversations: Ross McKerchar, CISO at Sophos

CISO, CISO Conversations, CISO Strategy /

CISO Conversations: Ross McKerchar, CISO at Sophos 2026-04-15 at 16:17 By Kevin Townsend Sophos’ Ross McKerchar discusses leadership at scale, retaining talent, defending against AI-enabled threats, and the industry’s growing trust problem. The post CISO Conversations: Ross McKerchar, CISO at Sophos appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

CISO Conversations: Ross McKerchar, CISO at Sophos Read More »

Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time

CISO, CVE, cyber resilience, cybersecurity, Don't miss, ENISA, EU, Europe, Features, Hot stuff, MITRE, News, opinion, vulnerability disclosure /

Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time 2026-04-15 at 10:02 By Mirko Zorz In this Help Net Security interview, Nuno Rodrigues Carvalho, Head of Sector for Incident and Vulnerability Services at ENISA, discusses the recent CVE funding scare and what it exposed about the fragility of global vulnerability disclosure

Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time Read More »

The exploit gap is closing, and your patch cycle wasn’t built for this

Anthropic, Artificial Intelligence, CISO, Cloud Security Alliance, cyber risk, cybersecurity, Don't miss, Hot stuff, how-to, News, opinion, report, Risk Management, strategy, tips /

The exploit gap is closing, and your patch cycle wasn’t built for this 2026-04-15 at 10:02 By Mirko Zorz The Cloud Security Alliance has published a briefing on what it calls a turning point in the threat landscape: the time between a vulnerability being discovered and a working exploit is shrinking fast. The briefing centers

The exploit gap is closing, and your patch cycle wasn’t built for this Read More »

‘Mythos-Ready’ Security: CSA Urges CISOs to Prepare for Accelerated AI Threats

AI, Artificial Intelligence, attacks, CISO, Featured, Mythos, Vulnerabilities /

‘Mythos-Ready’ Security: CSA Urges CISOs to Prepare for Accelerated AI Threats 2026-04-14 at 16:21 By Kevin Townsend CISOs face a shrinking window to prepare as AI models like Mythos collapse the gap between vulnerability discovery and exploitation, driving a new era of high-velocity cyberattacks. The post ‘Mythos-Ready’ Security: CSA Urges CISOs to Prepare for Accelerated

‘Mythos-Ready’ Security: CSA Urges CISOs to Prepare for Accelerated AI Threats Read More »

Zero trust at year two: What nobody planned for

CISO, cybersecurity, News, Oleria, strategy, tips, Video, zero trust /

Zero trust at year two: What nobody planned for 2026-04-14 at 08:11 By Help Net Security In this Help Net Security video, Jim Alkove, CEO of Oleria, walks through where zero trust programs typically stand one to two years in. Most organizations have made gains in endpoint security and network segmentation, but identity remains the

Zero trust at year two: What nobody planned for Read More »

Fixing vulnerability data quality requires fixing the architecture first

CISO, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, vulnerability management /

Fixing vulnerability data quality requires fixing the architecture first 2026-04-13 at 09:02 By Mirko Zorz In this Help Net Security interview, Art Manion, Deputy Director at Tharros, examines why vulnerability data across repositories stays inconsistent and hard to trust. The problem starts with systems not designed to collect or manage that data well. They introduce

Fixing vulnerability data quality requires fixing the architecture first Read More »

What managing partners should ask AI vendors before signing any contract

Artificial Intelligence, CISO, cyber risk, cybersecurity, Data Protection, Don't miss, Features, Hot stuff, News, opinion, privileged identity, Risk Management, security controls, strategy, Threat Intelligence /

What managing partners should ask AI vendors before signing any contract 2026-04-08 at 09:28 By Mirko Zorz In this Help Net Security interview, Kumar Ravi is the Chief Security & Resilience Officer at TMF Group, argues that over-privileged access and weak workflow controls pose more danger than ransomware attacks, precisely because they accumulate quietly and

What managing partners should ask AI vendors before signing any contract Read More »

The case for fixing CWE weakness patterns instead of patching one bug at a time

CISO, CVE, cybersecurity, Don't miss, Features, Hot stuff, MITRE, News, opinion, vulnerability management /

The case for fixing CWE weakness patterns instead of patching one bug at a time 2026-04-07 at 09:24 By Mirko Zorz In this Help Net Security interview, Alec Summers, MITRE CVE/CWE Project Lead, discusses how CWE is moving from a background reference into active use in vulnerability disclosure. More CVE records now include CWE mappings

The case for fixing CWE weakness patterns instead of patching one bug at a time Read More »

CISOs grapple with AI demands within flat budgets

Artificial Intelligence, CISO, cybersecurity, News, report, RH-ISAC, skill development, supply chain /

CISOs grapple with AI demands within flat budgets 2026-04-06 at 09:16 By Anamarija Pogorelec Security spending continues to edge upward across large organizations, though the changes remain gradual and tightly managed. The 2026 RH-ISAC CISO Benchmark reflects a steady environment where budgets expand in small steps, even as AI becomes a routine part of security

CISOs grapple with AI demands within flat budgets Read More »

Trust, friction, and ROI: A CISO’s take on making security work for the business

CISO, Compliance, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Risk Management, security ROI, strategy /

Trust, friction, and ROI: A CISO’s take on making security work for the business 2026-04-02 at 08:42 By Mirko Zorz In this Help Net Security interview, John O’Rourke, CISO at PPG, talks about what it means for security to drive business value. He explains how mature security programs reduce friction in sales cycles and M&A

Trust, friction, and ROI: A CISO’s take on making security work for the business Read More »

Mimecast makes enterprise email security deployable in minutes

CISO, cybersecurity, Don't miss, email security, Features, Hot stuff, Mimecast, News, opinion, RSAC 2026 /

Mimecast makes enterprise email security deployable in minutes 2026-04-01 at 10:34 By Mirko Zorz Most organizations running Microsoft 365 rely on native email controls as their primary line of defense. According to Mimecast research, 38% of organizations depend exclusively on those native controls for collaboration security, and 64% say those controls are insufficient against the

Mimecast makes enterprise email security deployable in minutes Read More »

Scroll to Top