cyber risk

AI is speeding up nation-state cyber programs

AI is speeding up nation-state cyber programs 2026-04-24 at 08:40 By Mirko Zorz Im this Help Net Security interview, Kaja Ciglic, Senior Director, Cybersecurity Policy and Diplomacy at Microsoft, discusses how nation-state cyber programs have changed over three years. Cyber has become a core instrument of state power, integrated with military, economic, and diplomatic tools. […]

AI is speeding up nation-state cyber programs Read More »

A year in, Zoom’s CISO reflects on balancing security and business

A year in, Zoom’s CISO reflects on balancing security and business 2026-04-23 at 09:47 By Mirko Zorz In this Help Net Security interview, Sandra McLeod, CISO at Zoom, reflects on her first year in the role. She talks about moving from reactive firefighting to business strategy, and what she heard from engineers, the board, and

A year in, Zoom’s CISO reflects on balancing security and business Read More »

The exploit gap is closing, and your patch cycle wasn’t built for this

The exploit gap is closing, and your patch cycle wasn’t built for this 2026-04-15 at 10:02 By Mirko Zorz The Cloud Security Alliance has published a briefing on what it calls a turning point in the threat landscape: the time between a vulnerability being discovered and a working exploit is shrinking fast. The briefing centers

The exploit gap is closing, and your patch cycle wasn’t built for this Read More »

Review: The Psychology of Information Security

Review: The Psychology of Information Security 2026-04-14 at 09:15 By Mirko Zorz Security controls fail when they are designed without regard for the people who must use them. That is the central argument of Leron Zinatullin’s second edition, and it is an argument he builds methodically across 17 chapters that draw from organizational psychology, change

Review: The Psychology of Information Security Read More »

What managing partners should ask AI vendors before signing any contract

What managing partners should ask AI vendors before signing any contract 2026-04-08 at 09:28 By Mirko Zorz In this Help Net Security interview, Kumar Ravi is the Chief Security & Resilience Officer at TMF Group, argues that over-privileged access and weak workflow controls pose more danger than ransomware attacks, precisely because they accumulate quietly and

What managing partners should ask AI vendors before signing any contract Read More »

Trust, friction, and ROI: A CISO’s take on making security work for the business

Trust, friction, and ROI: A CISO’s take on making security work for the business 2026-04-02 at 08:42 By Mirko Zorz In this Help Net Security interview, John O’Rourke, CISO at PPG, talks about what it means for security to drive business value. He explains how mature security programs reduce friction in sales cycles and M&A

Trust, friction, and ROI: A CISO’s take on making security work for the business Read More »

Why risk alone doesn’t get you to yes

Why risk alone doesn’t get you to yes 2026-03-30 at 09:29 By Help Net Security I have been in security rooms for years, from military operations centers to corporate boardrooms. In all those years I can tell you that the hardest mission that most security leaders will face is not identifying a threat, but getting

Why risk alone doesn’t get you to yes Read More »

Your facilities run on fragile supply chains and nobody wants to admit it

Your facilities run on fragile supply chains and nobody wants to admit it 2026-03-26 at 12:32 By Mirko Zorz In this Help Net Security interview, Christa Dodoo, Global Chair at IFMA, discusses how facility managers are managing supply chain risk in critical building systems. She explains how sourcing, localized redundancy, and flexible infrastructure design are

Your facilities run on fragile supply chains and nobody wants to admit it Read More »

Why your phishing simulations aren’t building a security culture

Why your phishing simulations aren’t building a security culture 2026-03-25 at 08:07 By Help Net Security Security culture isn’t built by phishing simulations. In this Help Net Security video, Dan Potter, VP of Cyber Resilience at Immersive, argues that annual training videos and quarterly phishing tests happen in calm, controlled settings that tell us nothing

Why your phishing simulations aren’t building a security culture Read More »

Your security stack looks fine from the dashboard and that’s the problem

Your security stack looks fine from the dashboard and that’s the problem 2026-03-25 at 08:07 By Anamarija Pogorelec One in five enterprise endpoints is operating outside a protected and enforceable state on any given day, according to device telemetry collected across tens of millions of corporate PCs. That figure, drawn from Absolute Security’s 2026 Resilience

Your security stack looks fine from the dashboard and that’s the problem Read More »

The devices winning the race to get hacked in 2026

The devices winning the race to get hacked in 2026 2026-03-23 at 17:17 By Sinisa Markovic Enterprise networks keep adding connected devices, expanding the attack surface as threat actors target a wider range of systems, many of which are difficult to inventory, secure, and patch consistently. (Source: Forescout) Forescout’s 2026 Riskiest Devices research maps that

The devices winning the race to get hacked in 2026 Read More »

Stop building security goals around controls

Stop building security goals around controls 2026-03-18 at 09:27 By Mirko Zorz In this Help Net Security interview, Devin Rudnicki, CISO at Fitch Group, argues that security strategy fails when it loses its connection to business outcomes. Rudnicki walks through how to align security goals with corporate priorities, why CISOs must present risk in terms

Stop building security goals around controls Read More »

Agentic attack chains advance as infostealers flood criminal markets

Agentic attack chains advance as infostealers flood criminal markets 2026-03-12 at 08:35 By Mirko Zorz Cybercriminals spent much of 2025 automating their operations, shifting from one-off attacks to systems that can run entire intrusion cycles with minimal human input. Data collected from criminal forums, illicit marketplaces, and underground chat services shows a threat environment where

Agentic attack chains advance as infostealers flood criminal markets Read More »

Airbus CSO on supply chain blind spots, space threats, and the limits of AI red-teaming

Airbus CSO on supply chain blind spots, space threats, and the limits of AI red-teaming 2026-03-10 at 08:30 By Mirko Zorz Pascal Andrei, CSO at Airbus, knows that the aerospace and defense sector is facing a threat environment that is evolving faster than most organizations can track. From sub-tier suppliers quietly becoming entry points for

Airbus CSO on supply chain blind spots, space threats, and the limits of AI red-teaming Read More »

Cloudflare tracked 230 billion daily threats and here is what it found

Cloudflare tracked 230 billion daily threats and here is what it found 2026-03-03 at 19:46 By Anamarija Pogorelec Cloudflare’s network blocks over 230 billion threats per day. The volume indicates how routine and automated the attack cycle has become, and the patterns behind that volume point to a shift in how breaches begin and progress.

Cloudflare tracked 230 billion daily threats and here is what it found Read More »

Your dependencies are 278 days out of date and your pipelines aren’t protected

Your dependencies are 278 days out of date and your pipelines aren’t protected 2026-03-02 at 09:00 By Mirko Zorz Applications continue to ship with known weaknesses even as development workflows speed up. A new Datadog State of DevSecOps 2026 report examines how dependency management and pipeline practices are influencing exposure across cloud native environments. Across

Your dependencies are 278 days out of date and your pipelines aren’t protected Read More »

Security debt is becoming a governance issue for CISOs

Security debt is becoming a governance issue for CISOs 2026-03-02 at 08:30 By Mirko Zorz Application security backlogs keep expanding across large development portfolios. Veracode’s 2026 State of Software Security Report puts numbers behind a familiar operational pattern, fixes lag discovery, and older weaknesses stay open across release cycles. 2026 findings against the 2025 baseline

Security debt is becoming a governance issue for CISOs Read More »

The $19.5 million insider risk problem

The $19.5 million insider risk problem 2026-02-26 at 09:09 By Mirko Zorz Routine employee activity across corporate systems carries an average annual cost of $19.5 million per organization. That figure comes from the 2026 Cost of Insider Risks Global Report, conducted by the Ponemon Institute and based on data from 354 organizations that experienced one

The $19.5 million insider risk problem Read More »

United Airlines CISO on building resilience when disruption is inevitable

United Airlines CISO on building resilience when disruption is inevitable 2026-02-09 at 09:09 By Mirko Zorz Aviation runs on complex digital systems built for stability, safety, and long lifecycles. That reality creates a unique cybersecurity challenge for airlines, where disruption can quickly become an operational and public trust crisis. In this Help Net Security interview,

United Airlines CISO on building resilience when disruption is inevitable Read More »

The hidden cost of putting off security decisions

The hidden cost of putting off security decisions 2026-02-06 at 08:01 By Help Net Security In this Help Net Security video, Hanah Darley, Chief AI Officer, Geordie AI, talks about how putting off security risk decisions creates long-term costs that often stay hidden. Drawing on her work with CISOs and security leaders, she shows how

The hidden cost of putting off security decisions Read More »

Scroll to Top