The financial sector handles sensitive data and transactions that affect our economy and society. It is a critical sector and is vulnerable to cyberattacks. The SolarWinds, Colonial Pipeline, and Kaseya attacks to name a few, have exposed the weaknesses and gaps in our cybersecurity practices and regulations. To address these challenges and enhance the digital […]
The CyAN Blog
Cybersecurity Advisors Network’s blog is a forum for CyAN members and friends to present their work and analysis to the broader information security community.
Disinformation and AI – a Growing Challenge
I recently had the pleasure of joining Dr. Egor Zakharov of the AIT Lab at the Swiss Federal Polytechnic University, Zurich (ETHZ) for a fireside chat at the ITBN conference in Budapest, Hungary. Egor is an accomplished researcher and author on the topic of AI-generated video content, and an avowed futurist, with a highly optimistic […]
The Tale of Two Approaches to Artificial Intelligence – EU AI Act & U.S. Executive Order on Safe, Secure, and Trustworthy AI
Artificial Intelligence (AI) is one of the most powerful and transformative technologies of our time and it also poses significant challenges and risks for safety, security, human rights, and democracy. How can governments regulate AI to protect the public interest and values while fostering trust and innovation? I will briefly compare these two policy initiatives, […]
Enhancing Resilience: The Role of DORA in Business Continuity and Operational Resilience
In today’s regulatory landscape, navigating various regulations related to risk management can be a daunting challenge for financial institutions. However, the Digital Operational Resilience Act (DORA) offers a unique perspective. DORA not only aligns with existing best practices and regulations but also presents opportunities for financial organizations to elevate their operational resilience. In this article, […]
SolarWinds of Change – How the SEC Ruling Affects the Future of InfoSec Officers
Cybersecurity is more than a technical issue as it has legal and financial implications for companies and investors. The recent U.S. Securities and Exchange Commission (SEC) charges levied against SolarWinds Corporation and its chief information security officer illustrates the serious consequences of failing to disclose and manage cybersecurity risks and incidents in accordance with federal […]
Please Stop Overva(i)luing Buzzwords
An informed rant about how excessive industry focus on currently trendy technologies and terminology harms competitiveness and readiness in the information security world.
Cybersecurity Reinforced: Elevating Patch, Vendor, and Asset Management for Robust Defence Mechanisms
Introduction In a world where cybersecurity threats are not a matter of ‘if’ but ‘when’, the resilience of an organization’s defence mechanisms is paramount. While instances like the Cisco zero-day vulnerability serve as a reminder of the pervasive threats, they also underscore the need for a robust, all-encompassing cybersecurity strategy. For CISOs and C-suite executives, […]
Strengthening Organisational Resilience: A Comprehensive Exploration of Cybersecurity Maturity Models
Introduction October, celebrated as Cybersecurity Awareness Month globally, is a critical juncture for organisations to reflect on the escalating cyber threats that relentlessly test our defences. As we navigate an intricate digital landscape, the adoption and implementation of diverse yet complementary cybersecurity maturity models and legislations become a strategic necessity. The Imperative of Cybersecurity Maturity […]
Navigating the 2023 Cyber Landscape: A Comprehensive Guide for the C-Suite
As we delve into the intricacies of Cybersecurity Awareness Month this year, the intricate dance between evolving digital landscapes and complex cybersecurity challenges becomes ever more apparent. For every organization, especially those at the CISO, C-suite, and boardroom levels, the magnifying lens on cybersecurity has never been more potent. In the wake of sophisticated threats […]
Moving from awareness to establishing a cybersecurity culture : the under used potential of managers
CyAN member Delphine Chevallier discusses the need to do more to involve management closely in the development of cybersecurity maturity in organizations.