security controls

Spotless compliance evidence can still hide a broken control

auditing, CISO, CMMC Accreditation Body, Compliance, cyber risk, cybersecurity, Don't miss, Features, framework, Hot stuff, News, NIST, opinion, Risk Management, Secureframe, security assessment, security controls, strategy /

Spotless compliance evidence can still hide a broken control 2026-06-04 at 09:26 By Mirko Zorz In this interview with Help Net Security, Marc Rubbinaccio, Head of Cybersecurity and Compliance at Secureframe, explains where security teams go wrong when preparing for CMMC and FedRAMP 20x. The conversation covers how organizations check the 110 requirements but miss […]

Spotless compliance evidence can still hide a broken control Read More »

Only 11% of production agents pass the AI agent security bar

agentic AI, AI, cyber risk, cybersecurity, Don't miss, enterprise, Features, Hot stuff, News, research, security controls /

Only 11% of production agents pass the AI agent security bar 2026-06-03 at 14:00 By Mirko Zorz Enterprise teams are running AI agents that write code, drive browsers, answer customer calls, manage cloud infrastructure, and query data warehouses with standing credentials. A new independent assessment of 100 production agents finds that nearly all of them

Only 11% of production agents pass the AI agent security bar Read More »

Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook

Banks, CISO, cybersecurity, data, Filigran, finance, fraud, News, report, security controls /

Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook 2026-04-22 at 10:09 By Anamarija Pogorelec Financially motivated attacks continued to drive the bulk of cyber incidents against banks, insurers, and payment processors in 2025. Approximately 90% of breaches affecting financial institutions carried a financial motive, with data breaches accounting for

Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook Read More »

What managing partners should ask AI vendors before signing any contract

Artificial Intelligence, CISO, cyber risk, cybersecurity, Data Protection, Don't miss, Features, Hot stuff, News, opinion, privileged identity, Risk Management, security controls, strategy, Threat Intelligence /

What managing partners should ask AI vendors before signing any contract 2026-04-08 at 09:28 By Mirko Zorz In this Help Net Security interview, Kumar Ravi is the Chief Security & Resilience Officer at TMF Group, argues that over-privileged access and weak workflow controls pose more danger than ransomware attacks, precisely because they accumulate quietly and

What managing partners should ask AI vendors before signing any contract Read More »

The internet’s oldest trust mechanism is still one of its weakest links

Artificial Intelligence, authentication, CSC, cybersecurity, DNS, News, report, security controls /

The internet’s oldest trust mechanism is still one of its weakest links 2026-01-22 at 07:23 By Anamarija Pogorelec Attackers continue to rely on domain names as an entry point into enterprise systems. A CSC domain security study finds that large organizations leave this part of their attack surface underprotected, even as attacks become more frequent.

The internet’s oldest trust mechanism is still one of its weakest links Read More »

Rakuten Viber CISO/CTO on balancing encryption, abuse prevention, and platform resilience

Artificial Intelligence, backup, cybersecurity, Don't miss, Encryption, Features, Hot stuff, Incident Response, messaging, News, Rakuten Viber, security controls, social engineering /

Rakuten Viber CISO/CTO on balancing encryption, abuse prevention, and platform resilience 2026-01-13 at 09:01 By Mirko Zorz In this Help Net Security interview, Liad Shnell, CISO and CTO at Rakuten Viber, discusses how messaging platforms have become critical infrastructure during crises and conflicts. He explains how it influences cybersecurity priorities, from encryption and abuse prevention

Rakuten Viber CISO/CTO on balancing encryption, abuse prevention, and platform resilience Read More »

Gen AI data violations more than double

Artificial Intelligence, cloud security, cybersecurity, Don't miss, generative AI, Netskope, News, report, risk assessment, security controls, survey /

Gen AI data violations more than double 2026-01-07 at 08:32 By Sinisa Markovic Security teams track activity that moves well beyond traditional SaaS platforms, with employees interacting daily with generative AI tools, personal cloud services, and automated systems that exchange data without direct human input. These patterns shape how sensitive information moves across corporate environments

Gen AI data violations more than double Read More »

AI security risks are also cultural and developmental

Artificial Intelligence, Don't miss, Features, Hot stuff, LLMs, News, research, security controls /

AI security risks are also cultural and developmental 2026-01-05 at 08:32 By Anamarija Pogorelec Security teams spend much of their time tracking vulnerabilities, abuse patterns, and system failures. A new study argues that many AI risks sit deeper than technical flaws. Cultural assumptions, uneven development, and data gaps shape how AI systems behave, where they

AI security risks are also cultural and developmental Read More »

What shadow AI means for SaaS security and integrations

Artificial Intelligence, Compliance, cybersecurity, Don't miss, News, Nudge Security, SaaS, security controls, Video /

What shadow AI means for SaaS security and integrations 2026-01-02 at 08:30 By Help Net Security In this Help Net Security video, Jaime Blasco, CTO at Nudge Security, discusses why shadow AI matters to security teams. He describes how AI adoption happens in two ways, through company led programs and through employees choosing tools on

What shadow AI means for SaaS security and integrations Read More »

Automation forces a reset in security strategy

Artificial Intelligence, automation, cybersecurity, News, regulation, report, resilience, security controls, Trellix /

Automation forces a reset in security strategy 2025-12-29 at 08:08 By Anamarija Pogorelec Enterprise security teams are working under the assumption that disruption is constant. A global study by Trellix shows that resilience has moved from a long term goal to a structural requirement for CISOs. Infrastructure design, operational integration, and the use of AI

Automation forces a reset in security strategy Read More »

Creative cybersecurity strategies for resource-constrained institutions

collaboration, Compliance, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, Innovation, News, RTI International, security controls, strategy /

Creative cybersecurity strategies for resource-constrained institutions 2025-12-02 at 09:33 By Mirko Zorz In this Help Net Security interview, Dennis Pickett, CISO at RTI International, talks about how research institutions can approach cybersecurity with limited resources and still build resilience. He discusses the tension between open research and the need to protect sensitive information, noting that

Creative cybersecurity strategies for resource-constrained institutions Read More »

Treating MCP like an API creates security blind spots

API security, Artificial Intelligence, Compliance, cybersecurity, Don't miss, Features, Hot stuff, identity management, MCP Manager, News, security controls, servers /

Treating MCP like an API creates security blind spots 2025-12-01 at 09:06 By Mirko Zorz In this Help Net Security interview, Michael Yaroshefsky, CEO at MCP Manager, discusses how Model Context Protocol’s (MCP) trust model creates security gaps that many teams overlook and why MCP must not be treated like a standard API. He explains how

Treating MCP like an API creates security blind spots Read More »

What insurers really look at in your identity controls

access control, Artificial Intelligence, cyber insurance, cybersecurity, Delinea, identity, News, report, security controls, security ROI /

What insurers really look at in your identity controls 2025-11-21 at 08:30 By Anamarija Pogorelec Insurers judge organizations by the strength of their identity controls and by how consistently those controls are applied, according to a new Delinea report. CISOs are entering a market that rewards maturity and penalizes gaps that once passed without scrutiny.

What insurers really look at in your identity controls Read More »

Agentic AI puts defenders on a tighter timeline to adapt

agentic AI, Arkose Labs, Artificial Intelligence, attacks, cybersecurity, News, report, security controls /

Agentic AI puts defenders on a tighter timeline to adapt 2025-11-18 at 08:44 By Anamarija Pogorelec Security teams know that attackers rarely wait for defenders to be ready. The latest AI Maturity in Cybersecurity Report from Arkose Labs shows how quickly the threat landscape is shifting and how slowly organizations can respond in comparison. Attackers

Agentic AI puts defenders on a tighter timeline to adapt Read More »

The next tech divide is written in AI diffusion

Artificial Intelligence, cybersecurity, Microsoft, News, report, security controls /

The next tech divide is written in AI diffusion 2025-11-17 at 07:05 By Anamarija Pogorelec AI is spreading faster than any major technology in history, according to a Microsoft report. More than 1.2 billion people have used an AI tool within three years of the first mainstream releases. The growth is fast, but it puts

The next tech divide is written in AI diffusion Read More »

Healthcare security is broken because its systems can’t talk to each other

Compliance, cybersecurity, Don't miss, Features, framework, healthcare, Hot stuff, News, Prime Therapeutics, security controls, strategy, tips /

Healthcare security is broken because its systems can’t talk to each other 2025-11-13 at 09:39 By Mirko Zorz In this Help Net Security interview, Cameron Kracke, CISO at Prime Therapeutics, discusses how the healthcare ecosystem can achieve cohesive security visibility. With hospitals, clinics, telehealth, and cloud partners all in the mix, maintaining visibility remains a

Healthcare security is broken because its systems can’t talk to each other Read More »

How to adopt AI security tools without losing control

Artificial Intelligence, cybersecurity, Don't miss, Fire Mountain Labs, Incident Response, News, risk assessment, security controls, Video /

How to adopt AI security tools without losing control 2025-11-10 at 11:28 By Help Net Security In this Help Net Security video, Josh Harguess, CTO of Fire Mountain Labs, explains how to evaluate, deploy, and govern AI-driven security tools. He talks about the growing role of AI in security operations and the new kinds of

How to adopt AI security tools without losing control Read More »

Securing real-time payments without slowing them down

cybersecurity, Don't miss, Features, financial industry, fraud, Hot stuff, identity verification, News, regulation, security controls, Tyro /

Securing real-time payments without slowing them down 2025-11-03 at 08:00 By Mirko Zorz In this Help Net Security interview, Arun Singh, CISO at Tyro, discusses what it takes to secure real-time payments without slowing them down. He explains how analytics, authentication, and better industry cooperation can help stay ahead of fraud. Singh also touches on

Securing real-time payments without slowing them down Read More »

Managing legacy medical devices that can no longer be patched

Artificial Intelligence, Compliance, cyber resilience, cybersecurity, Don't miss, Features, healthcare, Hot stuff, medical devices, News, QuidelOrtho, risk, security controls /

Managing legacy medical devices that can no longer be patched 2025-10-28 at 10:22 By Mirko Zorz In this Help Net Security interview, Patty Ryan, Senior Director and CISO at QuidelOrtho, discusses how the long lifecycles of medical devices impact cybersecurity in healthcare environments. She explains how organizations can protect legacy systems, collaborate with vendors, and

Managing legacy medical devices that can no longer be patched Read More »

Building a mature automotive cybersecurity program beyond checklists

agentic AI, Agero, automotive security, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, security controls, security metrics, strategy /

Building a mature automotive cybersecurity program beyond checklists 2025-10-02 at 09:41 By Mirko Zorz In this Help Net Security interview, Robert Sullivan, CIO & CISO at Agero, shares his perspective on automotive cybersecurity. He discusses strategies for developing mature security programs, meeting regulatory requirements, and addressing supply chain risks. Sullivan also looks ahead to how

Building a mature automotive cybersecurity program beyond checklists Read More »

Scroll to Top