Weak enforcement keeps PCI DSS compliance low 2025-12-23 at 09:41 By Sinisa Markovic Payment card breaches continue to surface across industries, even after years of investment in security standards. A new study links this pattern to enforcement, showing that PCI DSS compliance trails behind HIPAA, GDPR, and the EU’s NIS2 Directive. A compliance gap that […]
Weak enforcement keeps PCI DSS compliance low Read More »
Session tokens give attackers a shortcut around MFA 2025-12-22 at 07:45 By Help Net Security In this Help Net Security video, Simon Wijckmans, CEO at cside, discusses why session token theft is rising and why security teams miss it. He walks through how web applications rely on browsers to store session tokens after login often
Session tokens give attackers a shortcut around MFA Read More »
Banks built rules for yesterday’s crime and RegTech is trying to fix that 2025-12-17 at 08:32 By Sinisa Markovic Criminals are moving money across borders faster, and financial institutions are feeling the squeeze. Compliance teams feel this strain every day as they try to keep up with schemes that shift through accounts, intermediaries, and digital
Banks built rules for yesterday’s crime and RegTech is trying to fix that Read More »
The messy data trails of telehealth are becoming a security nightmare 2025-12-16 at 09:24 By Mirko Zorz In this Help Net Security interview, Scott Bachand, CIO/CISO at Ro, discusses how telehealth reshapes the flow of patient data and what that means for security. He explains why organizations must strengthen data classification and visibility as systems
The messy data trails of telehealth are becoming a security nightmare Read More »
What types of compliance should your password manager support? 2025-12-15 at 07:49 By Sinisa Markovic Lost credentials and weak authentication controls still sit at the center of many security incidents. IT leaders and CISOs know this problem well. They also know that regulators watch how organizations protect passwords, track access, and document security decisions. That
What types of compliance should your password manager support? Read More »
What 35 years of privacy law say about the state of data protection 2025-12-12 at 09:52 By Anamarija Pogorelec Privacy laws have expanded around the world, and security leaders now work within a crowded field of requirements. New research shows that these laws provide stronger rights and duties, but the protections do not always translate
What 35 years of privacy law say about the state of data protection Read More »
Uneven regulatory demands expose gaps in mobile security 2025-12-12 at 07:36 By Anamarija Pogorelec Mobile networks carry a great deal of the world’s digital activity, which makes operators a frequent target for attacks. A study released by the GSMA shows that operators spend between $15 and $19 billion a year on core cybersecurity functions. Spending
Uneven regulatory demands expose gaps in mobile security Read More »
Former Accenture Employee Charged Over Cybersecurity Fraud 2025-12-11 at 16:25 By Ionut Arghire Danielle Hillmer allegedly concealed the fact that her employer’s cloud platform did not meet DoD requirements. The post Former Accenture Employee Charged Over Cybersecurity Fraud appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Former Accenture Employee Charged Over Cybersecurity Fraud Read More »
Building SOX compliance through smarter training and stronger password practices 2025-12-10 at 07:00 By Sinisa Markovic A SOX audit can reveal uncomfortable truths about how a company handles access to financial systems. Even organizations that invest in strong infrastructure often discover that everyday password habits weaken the controls they thought were solid. CISOs know that
Building SOX compliance through smarter training and stronger password practices Read More »
AI-driven threats are heading straight for the factory floor 2025-12-09 at 09:07 By Mirko Zorz In this Help Net Security interview, Natalia Oropeza, Chief Cybersecurity Officer at Siemens, discusses how industrial organizations are adapting to a shift in cyber risk driven by AI. She notes that in-house capability, especially for OT response and recovery, is
AI-driven threats are heading straight for the factory floor Read More »
How to tell if your password manager meets HIPAA expectations 2025-12-08 at 08:03 By Sinisa Markovic Most healthcare organizations focus on encryption, network monitoring, and phishing prevention, although one simple source of risk still slips through the cracks. Password management continues to open doors for attackers more often than leaders expect. Weak, reused, or shared
How to tell if your password manager meets HIPAA expectations Read More »
CISOs are spending big and still losing ground 2025-12-08 at 07:31 By Anamarija Pogorelec Security leaders are entering another budget cycle with more money to work with, but many still feel no safer. A new benchmark study from Wiz shows a widening gap between investment and impact. Budgets keep rising, cloud programs keep expanding, and
CISOs are spending big and still losing ground Read More »
What security leaders should watch for when companies buy or sell a business 2025-12-05 at 08:59 By Help Net Security In this Help Net Security video, Lane Sullivan SVP, CISO and Strategy Officer at Concentric AI, explains what security leaders should think about during mergers, acquisitions, and divestitures. Sullivan talks about the types of risk
What security leaders should watch for when companies buy or sell a business Read More »
Threat intelligence programs are broken, here is how to fix them 2025-12-03 at 07:12 By Anamarija Pogorelec Security teams often gather large amounts of threat data but still struggle to improve detection or response. Analysts work through long lists of alerts, leaders get unclear insights, and executives see costs that do not lead to better
Threat intelligence programs are broken, here is how to fix them Read More »
Creative cybersecurity strategies for resource-constrained institutions 2025-12-02 at 09:33 By Mirko Zorz In this Help Net Security interview, Dennis Pickett, CISO at RTI International, talks about how research institutions can approach cybersecurity with limited resources and still build resilience. He discusses the tension between open research and the need to protect sensitive information, noting that
Creative cybersecurity strategies for resource-constrained institutions Read More »
Treating MCP like an API creates security blind spots 2025-12-01 at 09:06 By Mirko Zorz In this Help Net Security interview, Michael Yaroshefsky, CEO at MCP Manager, discusses how Model Context Protocol’s (MCP) trust model creates security gaps that many teams overlook and why MCP must not be treated like a standard API. He explains how
Treating MCP like an API creates security blind spots Read More »
Why password management defines PCI DSS success 2025-11-28 at 08:03 By Sinisa Markovic Most CISOs spend their days dealing with noisy dashboards and vendor pitches that all promise a shortcut to compliance. It can be overwhelming to sort out what matters. When you dig into real incidents involving payment data, a surprising number come down to
Why password management defines PCI DSS success Read More »
Heineken CISO champions a new risk mindset to unlock innovation 2025-11-26 at 09:16 By Mirko Zorz In this Help Net Security interview, Marina Marceta, CISO at Heineken, discusses what it takes for CISOs to be seen as business-aligned leaders rather than technical overseers. She shares how connecting security to business impact can shift perceptions and
Heineken CISO champions a new risk mindset to unlock innovation Read More »
Why your security strategy is failing before it even starts 2025-11-14 at 09:25 By Mirko Zorz In this Help Net Security interview, Adnan Ahmed, CISO at Ornua, discusses how organizations can build a cybersecurity strategy that aligns with business goals. He explains why many companies stumble by focusing on technology before understanding risk and shares
Why your security strategy is failing before it even starts Read More »
Healthcare security is broken because its systems can’t talk to each other 2025-11-13 at 09:39 By Mirko Zorz In this Help Net Security interview, Cameron Kracke, CISO at Prime Therapeutics, discusses how the healthcare ecosystem can achieve cohesive security visibility. With hospitals, clinics, telehealth, and cloud partners all in the mix, maintaining visibility remains a
Healthcare security is broken because its systems can’t talk to each other Read More »