security controls

Fixing silent failures in security controls with adversarial exposure validation

Don't miss, Expert analysis, Expert corner, Hot stuff, News, Picus Security, report, security controls, Whitepapers and webinars /

Fixing silent failures in security controls with adversarial exposure validation 2025-09-10 at 08:16 By Help Net Security Organizations often operate as if their security controls are fully effective simply because they’re deployed, configured, and monitored. Firewalls are in place, endpoints are protected, and SIEM rules are running. All good, right? Not so fast. Appearances can […]

React to this headline:

Loading spinner

Fixing silent failures in security controls with adversarial exposure validation Read More »

Employees keep feeding AI tools secrets they can’t take back

Artificial Intelligence, CISO, Compliance, cybersecurity, Kiteworks, News, policy, regulation, security controls /

Employees keep feeding AI tools secrets they can’t take back 2025-09-09 at 08:03 By Anamarija Pogorelec Employees are putting sensitive data into public AI tools, and many organizations don’t have the controls to stop it. A new report from Kiteworks finds that most companies are missing basic safeguards to manage this data. Security control maturity

React to this headline:

Loading spinner

Employees keep feeding AI tools secrets they can’t take back Read More »

Cybersecurity signals: Connecting controls and incident outcomes

cybersecurity, News, report, security controls, strategy /

Cybersecurity signals: Connecting controls and incident outcomes 2025-09-01 at 08:03 By Anamarija Pogorelec There is constant pressure on security leaders to decide which controls deserve the most attention and budget. A new study offers evidence on which measures are most closely linked to lower breach risk and how organizations should think about deploying them. Marsh

React to this headline:

Loading spinner

Cybersecurity signals: Connecting controls and incident outcomes Read More »

Fractional vs. full-time CISO: Finding the right fit for your company

CISO, cybersecurity, Don't miss, Features, Hot stuff, Mandos, News, security controls, strategy /

Fractional vs. full-time CISO: Finding the right fit for your company 2025-08-21 at 08:32 By Mirko Zorz In this Help Net Security interview, Nikoloz Kokhreidze, Fractional CISO at Mandos, discusses why many early- and growth-stage B2B companies hire full-time CISOs before it’s needed. He breaks down common founder misconceptions, explains the right approach to security

React to this headline:

Loading spinner

Fractional vs. full-time CISO: Finding the right fit for your company Read More »

The AI security crisis no one is preparing for

access management, Artificial Intelligence, Curity, cybersecurity, Don't miss, Features, Hot stuff, monitoring, News, Non Human Identities, security controls, strategy, threat /

The AI security crisis no one is preparing for 2025-08-20 at 08:03 By Mirko Zorz In this Help Net Security interview, Jacob Ideskog, CTO of Curity, discusses the risks AI agents pose to organizations. As these agents become embedded in enterprise systems, the potential for misuse, data leakage, and unauthorized access grows. Ideskog warns that

React to this headline:

Loading spinner

The AI security crisis no one is preparing for Read More »

Bridging the AI model governance gap: Key findings for CISOs

Anaconda, Artificial Intelligence, CISO, cybersecurity, monitoring, News, report, security controls, strategy, survey /

Bridging the AI model governance gap: Key findings for CISOs 2025-08-18 at 07:47 By Anamarija Pogorelec While most organizations understand the need for strong AI model governance, many are still struggling to close gaps that could slow adoption and increase risk. The findings of a new Anaconda survey of more than 300 AI practitioners and

React to this headline:

Loading spinner

Bridging the AI model governance gap: Key findings for CISOs Read More »

Building cyber resilience in always-on industrial environments

CISO, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, Jungheinrich, monitoring, News, Risk Management, security controls, strategy, supply chain /

Building cyber resilience in always-on industrial environments 2025-06-26 at 09:07 By Mirko Zorz In this Help Net Security interview, Dr. Tim Sattler, CISO at Jungheinrich, discusses the cybersecurity risks tied to smart warehouses and industrial control systems. He explains how to maintain operational continuity while building real cyber resilience in always-on environments. Dr. Sattler also

React to this headline:

Loading spinner

Building cyber resilience in always-on industrial environments Read More »

How CISOs can talk cybersecurity so it makes sense to executives

boardroom, CISO, CXO, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Optiv Security, security controls, security ROI, Splunk, strategy, Team8, tips /

How CISOs can talk cybersecurity so it makes sense to executives 2025-05-05 at 09:02 By Mirko Zorz CISOs know cyber risk is business risk. Boards don’t always see it that way.​ For years, CISOs have struggled to get boards to understand security beyond buzzwords. Many feel they’re either ignored or misunderstood. But with threats growing

React to this headline:

Loading spinner

How CISOs can talk cybersecurity so it makes sense to executives Read More »

How healthcare CISOs can balance security and accessibility without compromising care

CISO, cyber risk, cybersecurity, Don't miss, Features, healthcare, HealthEquity, Hot stuff, News, opinion, Risk Management, security controls, strategy /

How healthcare CISOs can balance security and accessibility without compromising care 2025-03-20 at 08:35 By Mirko Zorz In this Help Net Security interview, Sunil Seshadri, EVP and CSO at HealthEquity, talks about the growing risks to healthcare data and what organizations can do to stay ahead. He shares insights on vendor management, zero trust, and

React to this headline:

Loading spinner

How healthcare CISOs can balance security and accessibility without compromising care Read More »

Building cyber resilience in banking: Expert insights on strategy, risk, and regulation

Citizens, cyber resilience, cybersecurity, Don't miss, Features, financial industry, framework, Hot stuff, News, opinion, security controls, strategy /

Building cyber resilience in banking: Expert insights on strategy, risk, and regulation 2025-03-04 at 09:23 By Mirko Zorz In this Help Net Security interview, Matthew Darlage, CISO at Citizens, discusses key strategies for strengthening cyber resilience in banks. He underlines that adherence to frameworks like NIST is essential for continuous improvement and that data protection

React to this headline:

Loading spinner

Building cyber resilience in banking: Expert insights on strategy, risk, and regulation Read More »

Security validation: The new standard for cyber resilience

cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Pentera, security controls /

Security validation: The new standard for cyber resilience 2025-02-10 at 07:37 By Help Net Security Security validation has officially turned a corner. Once considered a “nice-to-have” it’s now a top priority for security leaders worldwide. This shift has been accelerated by frameworks like Gartner’s Continuous Threat Exposure Management (CTEM), introduced in 2022, which emphasizes the

React to this headline:

Loading spinner

Security validation: The new standard for cyber resilience Read More »

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)

0-day, Don't miss, Hot stuff, News, security controls, spear-phishing, Trend Micro, Ukraine, vulnerability, Windows /

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) 2025-02-04 at 15:08 By Zeljka Zorz CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip that was fixed in November 2024, has been exploited in zero-day attacks to deliver malware to Ukrainian entities, Trend Micro researchers have revealed. The 7-Zip vulnerability (CVE-2025-0411) Mark-of-the-Web (MotW) is a

React to this headline:

Loading spinner

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) Read More »

Zscaler CISO on balancing security and user convenience in hybrid work environments

CISO, cybersecurity, data loss prevention, Don't miss, Features, Hot stuff, hybrid workforce, News, opinion, regulation, remote working, security controls, strategy, zero trust, Zscaler /

Zscaler CISO on balancing security and user convenience in hybrid work environments 2025-01-30 at 07:33 By Mirko Zorz In this Help Net Security interview, Sean Cordero, CISO at Zscaler, talks about securing hybrid work and the new challenges it presents to cybersecurity teams. He discusses how hybrid work has exposed gaps in traditional security models

React to this headline:

Loading spinner

Zscaler CISO on balancing security and user convenience in hybrid work environments Read More »

Preventing data leakage in low-node/no-code environments

Compliance, cybersecurity, Data leak, Don't miss, Expert analysis, Expert corner, Hot stuff, News, Nokod Security, opinion, risk, security controls /

Preventing data leakage in low-node/no-code environments 2024-12-10 at 07:34 By Help Net Security Low-code/no-code (LCNC) platforms enable application development by citizen developers, often generating “shadow engineering” projects that evade security oversight. While LCNC solutions like Power BI reports and automated workflows foster agility and innovation, they also introduce significant risks, including data leakage. Data leakage

React to this headline:

Loading spinner

Preventing data leakage in low-node/no-code environments Read More »

Strengthening security posture with comprehensive cybersecurity assessments

Compliance, cybersecurity, Don't miss, Features, HGS Digital, Hot stuff, News, opinion, regulation, Risk Management, security assessment, security controls, threat detection /

Strengthening security posture with comprehensive cybersecurity assessments 2024-12-10 at 07:04 By Mirko Zorz In this Help Net Security interview, Phani Dasari, CISO at HGS, discusses key aspects of cybersecurity assessments, including effective tools and methodologies, the role of AI and automation, and strategies for aligning assessments with organizational needs. The post Strengthening security posture with

React to this headline:

Loading spinner

Strengthening security posture with comprehensive cybersecurity assessments Read More »

Treat AI like a human: Redefining cybersecurity

Appfire, Artificial Intelligence, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, risk assessment, security controls /

Treat AI like a human: Redefining cybersecurity 2024-12-03 at 07:31 By Mirko Zorz In this Help Net Security interview, Doug Kersten, CISO of Appfire, explains how treating AI like a human can change the way cybersecurity professionals use AI tools. He discusses how this shift encourages a more collaborative approach while acknowledging AI’s limitations. Kersten

React to this headline:

Loading spinner

Treat AI like a human: Redefining cybersecurity Read More »

Maximizing security visibility on a budget

Artificial Intelligence, Cloud, Compliance, cybersecurity, Don't miss, Features, Forescout, Hot stuff, IoT, IT assets, network, News, opinion, security controls, zero trust /

Maximizing security visibility on a budget 2024-11-05 at 07:03 By Mirko Zorz In this Help Net Security interview, Barry Mainz, CEO at Forescout, discusses the obstacles organizations encounter in attaining security visibility, particularly within cloud and hybrid environments. He explains why asset intelligence—going beyond basic visibility to understand device behavior and risk—is essential. Mainz also

React to this headline:

Loading spinner

Maximizing security visibility on a budget Read More »

Essential metrics for effective security program assessment

Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, penetration testing, Pentera, security controls, security testing, SOC /

Essential metrics for effective security program assessment 2024-09-19 at 07:02 By Mirko Zorz In this Help Net Security interview, Alex Spivakovsky, VP of Research & Cybersecurity at Pentera, discusses essential metrics for evaluating the success of security programs. Spivakovsky explains how automation and proactive testing can reveal vulnerabilities and improve overall security posture. What are

React to this headline:

Loading spinner

Essential metrics for effective security program assessment Read More »

Researchers unearth MotW bypass technique used by threat actors for years

Don't miss, Elastic, Features, malware detection, Microsoft, News, security controls, vulnerability, Windows /

Researchers unearth MotW bypass technique used by threat actors for years 2024-08-06 at 14:31 By Zeljka Zorz Threat actors have been abusing a bug in how Windows handles LNK files with non-standard target paths and internal structures to prevent in-built protections from stopping malicious payloads and trick users into running them. “We identified multiple samples

React to this headline:

Loading spinner

Researchers unearth MotW bypass technique used by threat actors for years Read More »

What CISOs need to keep CEOs (and themselves) out of jail

CEO, CISO, communication, cybersecurity, Don't miss, Expert analysis, Expert corner, Gutsy, Hot stuff, monitoring, News, opinion, security controls /

What CISOs need to keep CEOs (and themselves) out of jail 2024-07-31 at 07:32 By Help Net Security Former Uber CISO Joe Sullivan, who was convicted for attempting to cover up a data breach Uber suffered in 2016, recently posited that in the very near future, CEOs might find themselves held directly responsible for cybersecurity

React to this headline:

Loading spinner

What CISOs need to keep CEOs (and themselves) out of jail Read More »

Scroll to Top