Every year, Safer Internet Day reminds us of the importance of making the internet a safer place for everyone. Initially conceived as a tool to connect people and make life more convenient, the internet has evolved into a cornerstone of modern living. Yet, it has …
Flaw found in stalkerware apps, exposing millions of people. Here’s how to find out if your phone is being spied upon
Bitdefender by Graham Cluley
A significant security flaw discovered in stalkerware apps has exposed millions to potential spying, significantly compromising user privacy. This vulnerability allows unauthorised access to personal data, raising serious concerns about the safety and security of individuals who may be unknowingly monitored. The issue highlights the urgent need for users to check their devices for signs of stalkerware, which may include unusual battery drain or data usage. Experts recommend regular security checks, the installation of reputable anti-stalkerware tools, and staying informed about ways to protect personal digital spaces from such invasive software.
Exploits for unpatched Parallels Desktop flaw give root on Macs
BleepingComputer by Bill Toulas
An unpatched vulnerability in Parallels Desktop for Mac allows attackers to gain root access, posing severe risks to users by potentially compromising system integrity and personal data. This exploit enables unauthorised users to bypass security mechanisms, manipulate systems, and access confidential information, illustrating the critical importance of regular software updates and vigilant security practices. Mac users are urged to apply all available security patches to mitigate this risk. The situation underscores the necessity of proactive cybersecurity measures and the dangers of operating systems without the latest security defenses.
DeepSeek’s ByteDance Data-Sharing Raises Fresh Security Concerns
Dark Reading by Elizabeth Montalbano
Recent reports have raised significant security concerns over DeepSeek, a subsidiary of ByteDance, and its data-sharing practices, which may compromise user privacy. The scrutiny comes amidst allegations that the company shares user data in ways that could violate privacy norms and potentially aid in surveillance. This issue underscores the need for stringent data governance and highlights the challenges users face in controlling their personal information. The situation calls for urgent regulatory actions to ensure that data handling by tech companies adheres to ethical standards and legal requirements, protecting individuals from unauthorised data exploitation.
New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer
The Hacker News by Ravie Lakshmanan
A new malware campaign exploiting cracked software to spread Lumma and ACR Stealer has been uncovered, targeting users looking for free software alternatives. This campaign leverages the allure of cracked software to deploy malware that can steal sensitive information, including passwords and financial data. The use of such software poses significant risks, as it often bypasses traditional antivirus protections. Cybersecurity experts strongly advise against the use of pirated software and emphasise the importance of maintaining rigorous security protocols, including using only legitimate and licensed software, conducting regular system scans, and keeping all software up to date to avoid falling victim to these sophisticated cyber threats.
Engineers Australia launches ‘chartered’ cyber credential
InnovationAus by David McClure
Engineers Australia has introduced a new ‘chartered’ credential for cybersecurity professionals, aiming to standardise and elevate expertise within the industry. This credential recognises and certifies the skills and knowledge of engineers working in cybersecurity, offering a structured pathway for professional development. It responds to the increasing complexity of cyber threats and the critical need for qualified professionals who can secure modern digital infrastructures. This credential enhances individual careers and contributes to strengthening national and organisational cybersecurity capabilities.
The software UK techies need to protect themselves now Apple’s ADP won’t
The Register by Connor Jones
With Apple’s decision to not extend Advanced Data Protection (ADP) to the UK, tech professionals are urged to explore alternative software solutions to safeguard their digital assets effectively. This situation highlights the need for robust, end-to-end encryption and other security measures that can compensate for the lack of ADP. The discussion includes a variety of software options that offer strong encryption standards and data protection policies, aiming to assist UK techies in maintaining their privacy and data integrity against potential cyber threats. The article emphasises the importance of proactive security practices in a landscape where traditional data protection mechanisms are increasingly insufficient.
Gov bans Kaspersky from its systems and devices
itNews by Eleanor Dickinson
The Australian government has implemented a ban on Kaspersky software across all its systems and devices due to security concerns, marking a significant stance on protecting national security. This precautionary measure addresses the risks associated with potential espionage and cyberattacks that could exploit vulnerabilities within the software. The ban underscores the critical need for trusted security solutions in government operations and highlights the broader implications for software vendors striving to maintain credibility in a market that increasingly values transparency and reliability in cybersecurity practices.
Microsoft Power Pages vulnerability exploited in the wild
Cybersecurity Dive by Rob Wright
A vulnerability in Microsoft Power Pages has been actively exploited, presenting serious security concerns for users. This flaw allows attackers to execute arbitrary code and potentially take control of affected systems, exposing sensitive data. The urgency of addressing this issue is paramount, as the exploitation of such vulnerabilities can lead to significant breaches, undermining trust in digital infrastructures. Users are advised to apply patches provided by Microsoft immediately to mitigate the risk and protect their data from unauthorised access. This situation highlights the ongoing challenges in maintaining secure web environments and the necessity for continuous vigilance and prompt updates in cybersecurity protocols.
A Data Leak Exposes the Operations of the Chinese Private Firm TopSec, Which Provides Censorship-as-a-Service
Security Affairs by Pierluigi Paganini
A significant data leak at TopSec, a Chinese firm known for providing censorship-as-a-service, has exposed extensive details about its operations. This breach reveals the extent to which the company engages in information control and surveillance for the Chinese government. The exposed data includes sensitive information about the methods and technologies used to monitor and suppress online content. This incident not only raises concerns about privacy and freedom of expression but also underscores the vulnerabilities in the security practices of companies involved in state-sponsored censorship activities. The leak prompts a critical examination of the implications for global internet freedom and the ethical responsibilities of technology providers.
Australia facing higher rate of cyber threats as part of APAC regional surge
itWire by Rosalyn Page
Australia is experiencing an elevated rate of cyber threats, part of a broader surge across the Asia-Pacific region. This increase is driven by the escalating sophistication of cyberattacks targeting both public and private sectors. The rise in cyber threats includes phishing, ransomware, and state-sponsored attacks, putting critical infrastructure and data at risk. This trend necessitates stronger cybersecurity measures, enhanced threat intelligence sharing, and more robust collaboration between government agencies and industry leaders. The aim is to fortify defences, raise awareness about cyber hygiene practices, and develop more resilient digital ecosystems to counteract the growing cyber threat landscape.
3.9 Billion Passwords Stolen—Infostealer Malware Blamed
Forbes by Davey Winder
In a major cybersecurity alert, Forbes reports that 3.9 billion passwords have been stolen, attributed to a sophisticated infostealer malware. This breach highlights a severe lapse in digital security protocols globally, prompting an urgent call for heightened cybersecurity measures. Experts stress the need for robust protective technologies and enhanced user vigilance. They recommend immediate action to upgrade defense systems against such malicious software, which is becoming increasingly capable of evading traditional security checks. This incident marks a significant moment in cybersecurity, urging a reevaluation of how personal data is protected online.
Australia fines Telegram for delay in answering questions
itNews
Australian regulators have imposed a significant fine on the messaging app Telegram for its delayed response to inquiries regarding its data handling and privacy practices. According to itNews, this action reflects Australia’s stringent approach to enforcing digital communication compliance amid growing concerns over data security. The fine serves as a warning to other tech companies about the importance of quick and transparent responses to regulatory questions. Experts emphasise that maintaining rigorous data protection standards is crucial for preserving user trust and ensuring compliance with global data privacy laws. This case highlights the escalating demands on digital platforms to adhere to strict regulatory expectations and the potential repercussions of non-compliance.
Fake CS2 tournament streams used to steal crypto, Steam accounts
BleepingComputer by Bill Toulas
Cybercriminals are exploiting the popularity of CS2 tournaments by hosting fake streams that deceive gamers into downloading malware, leading to significant losses of cryptocurrency and Steam accounts. BleepingComputer reports that these fraudulent streams lure viewers with the promise of live competitive play, only to trick them into installing software that steals sensitive information. This scam highlights the increasing sophistication of cyber threats targeting online gaming communities. Experts advise gamers to verify the authenticity of streams and download sources, maintain robust security software, and stay informed about common phishing tactics to safeguard their digital and financial assets effectively.
Former NSA, Cyber Command chief Paul Nakasone says U.S. falling behind its enemies in cyberspace
Cyberscoop by Tim Starks
In a candid interview with Cyberscoop, former NSA and Cyber Command chief Paul Nakasone expressed concerns that the United States is falling behind its adversaries in cyberspace. Nakasone emphasized the strategic gaps in America’s cyber defenses, highlighting that current efforts are insufficient to counteract the sophisticated cyber tactics employed by foreign enemies. He stresses the need for a comprehensive national cyber strategy that proactively enhances cybersecurity infrastructure and fosters greater collaboration between government agencies and the private sector. This strategic overhaul, he argues, is essential to maintaining national security and staying ahead in the constantly evolving cyber threat landscape.
Critical New PayPal Warning: Genuine Emails Used In Ongoing Attack
Forbes by Davey Winder
Forbes has issued a critical alert regarding a new phishing scam where attackers are using genuine-looking PayPal emails to execute sophisticated attacks. This campaign involves cybercriminals crafting emails that mimic official PayPal communications, tricking recipients into divulging sensitive information such as login credentials and financial details. The article stresses the importance of vigilance and educating users on the hallmarks of phishing attempts. It also calls for enhanced email filtering technologies and user education to combat these types of cyber threats effectively. This incident serves as a stark reminder of the evolving nature of cyberattacks and the need for continuous updates to security measures.
Beware: PayPal “New Address” feature abused to send phishing emails
BleepingComputer by Lawrence Abrams
BleepingComputer reports a new phishing tactic exploiting PayPal’s “New Address” feature, where cybercriminals send fraudulent emails urging users to verify their account details. This scam cleverly disguises itself within legitimate-looking PayPal communications, convincing users to input sensitive information, which leads to data breaches and financial loss. The article highlights the necessity for users to be extremely cautious with email links and to verify any changes through official PayPal channels directly. It also emphasizes the importance of ongoing cybersecurity education to recognize and thwart such deceptive techniques, ensuring personal and financial information remains secure.
NSW finds new permanent cyber chief
itNews by Eleanor Dickinson
New South Wales has appointed a new permanent cyber chief to oversee the state’s cybersecurity strategy, aiming to strengthen defenses against a rising tide of cyber threats. This appointment underscores the growing recognition of the critical importance of cybersecurity at the state level. The new cyber chief’s role will focus on enhancing collaboration between government agencies, bolstering cyber incident response capabilities, and developing comprehensive policies to protect public and private sector data. This strategic move is part of a broader effort to fortify digital infrastructure and ensure robust protection for citizens’ data in the face of increasingly sophisticated cyberattacks.
Hackers steal $1.5bn from crypto exchange in ‘biggest digital heist ever’
The Guardian by Joanna Partridge
The Guardian reports a monumental theft where hackers stole $1.5 billion from a cryptocurrency exchange, marking it as the biggest digital heist in history. This staggering breach involved sophisticated cyber tactics that overcame existing security measures, prompting a global reevaluation of cryptocurrency security protocols. The incident has sent shockwaves through the financial technology industry, highlighting vulnerabilities that could potentially expose other platforms. Experts are now calling for heightened security measures, including advanced encryption and multi-factor authentication, to protect against similar attacks and to reassure the increasingly anxious investor community about the safety of their digital assets.
DOGE Sparks Surveillance Fear Across the US Government
Wired by Paresh Dave, Dell Cameron & Alexa O’Brien
Wired reports escalating concerns within the US government regarding the cryptocurrency DOGE and its potential use in surveillance and data collection. These fears stem from DOGE’s rapid integration into mainstream financial systems and its accessibility to top cybersecurity agencies. Government officials are debating the implications of such technologies, which could potentially be exploited for mass surveillance or violate privacy rights. This issue highlights the ongoing tension between technological innovation and civil liberties, prompting a call for strict regulatory frameworks to govern the use of cryptocurrencies in government operations while safeguarding individual privacy.
Telegram fined nearly $1m by Australian watchdog for delay in reporting about terrorism and child abuse material
The Guardian by Josh Taylor
Australian regulators have imposed a fine of nearly $1 million on Telegram for its delayed action in reporting incidents involving terrorism and child abuse material, as detailed by The Guardian. This penalty emphasizes the critical role social media platforms play in preventing the spread of harmful content. It also spotlights the stringent expectations from authorities worldwide that platforms enforce proactive monitoring and swift reporting practices. The case serves as a caution to other companies about the severe consequences of failing to adhere to legal and ethical standards in content management.
Apple removes advanced data protection tool in face of UK government request
The Guardian by Rachel Hall
In response to a UK government request, Apple has removed an advanced data protection tool from its products in the UK, a move that has sparked widespread concerns over privacy. This action highlights the ongoing struggle between government surveillance needs and individual privacy rights. Critics and privacy advocates are alarmed, suggesting that this could undermine user trust and set a troubling precedent for tech companies, potentially eroding privacy protections globally. The debate continues about the balance that needs to be struck between national security and protecting citizens’ private data.
DOGE Now Has Access to the Top US Cybersecurity Agency
Wired by Kim Zetter
Wired reveals that the cryptocurrency DOGE has gained unprecedented access to a top U.S. cybersecurity agency, stirring debates over the implications for national security and privacy. This development comes as government entities increasingly explore the potential of blockchain technologies for enhancing security operations. However, the integration of DOGE raises concerns about the security and transparency of governmental use of cryptocurrency technologies. Critics argue this could lead to potential vulnerabilities, calling for rigorous oversight and clear guidelines to ensure that such technologies do not compromise the integrity of national security measures.
Apple’s Bold Move in the UK: No Backdoor, No Extra Encryption
PrivID (Substack)
In a decisive stance, Apple has opted not to include additional encryption or backdoor access in its UK products, as reported by PrivID on Substack. This decision highlights Apple’s commitment to user privacy amidst pressure from the UK government to allow backdoor access for law enforcement purposes. The article elaborates on the broader implications of this move for privacy advocacy and cybersecurity, arguing that resisting government pressure helps maintain trust and security for users globally. It discusses the potential consequences for Apple in terms of legal challenges and market dynamics, emphasizing the delicate balance between national security demands and the preservation of individual privacy rights.
Cybersecurity Needs to Stay Nonpartisan in the Age of DOGE
Lohrmann on Cybersecurity by Dan Lohrmann
In his commentary for “Lohrmann on Cybersecurity,” Dan Lohrmann stresses the importance of nonpartisanship in cybersecurity, particularly as the influence of cryptocurrencies like DOGE grows within national security frameworks. According to Lohrmann, the entanglement of digital currencies with security issues could lead to political exploitation. He advocates for a bipartisan approach to cybersecurity, urging that policies and actions should transcend political divisions to effectively protect national interests. Lohrmann argues that cybersecurity resilience depends on collaborative efforts and adherence to shared principles, rather than being influenced by fluctuating political agendas.
Cybersecurity in 2025: A Battle of Interwoven Interests
The Peninsula by Dr. Khaled Walid Mahmoud
Dr. Khaled Walid Mahmoud’s article in The Peninsula addresses critical challenges in the cybersecurity landscape of 2025, particularly emphasizing the growing resilience disparity between large and small institutions. He highlights how smaller entities often lack the resources to implement comprehensive cyber defenses, making them particularly vulnerable to attacks. Amidst this scenario, Dr. Mahmoud poses an essential question regarding the position of Arab nations within the global cybersecurity equation. He discusses their unique vulnerabilities and the need for regional cooperation to enhance security frameworks and reduce disparities. This dialogue is crucial as it underscores the importance of tailored cybersecurity strategies that account for varied economic and technological capabilities across different regions.
Cyber Insurance is Useless Without Encryption
PrivID (Substack)
The PrivID article highlights a crucial aspect of cyber risk management: the ineffectiveness of cyber insurance without robust encryption practices. As cyber threats evolve, merely relying on insurance policies without securing data at its core leaves organizations vulnerable. The piece emphasizes that encryption is essential not just for safeguarding data but also for meeting the stringent requirements that insurance policies increasingly demand. It calls on organizations, particularly SMEs, to integrate strong encryption methods as a standard practice to enhance their overall cybersecurity measures and ensure that they are genuinely protected against potential breaches.
The 3 Levels of Threat Intelligence: How They Help You Stay Secure
Fel Gayanilo
In this insightful piece, CyAN General Secretary Fel Gayanilo breaks down threat intelligence into three distinct levels—strategic, tactical, and operational. Fel explains how each level plays a crucial role in enhancing an organization’s cybersecurity posture. Strategic threat intelligence helps in understanding the broad risk landscape, tactical intelligence focuses on immediate threats, and operational intelligence deals with day-to-day security events. This layered approach, Fel argues, enables organizations to better anticipate potential threats and tailor their defenses accordingly, thereby staying one step ahead of cyber adversaries.
Quantum Computing and the Urgent Need for Universal End-to-End Encryption
Kim Chandler McDonald
CyAN VP Kim Chandler McDonald discusses the transformative impact of quantum computing on cybersecurity, particularly stressing the urgent need for universal end-to-end encryption. Kim highlights how quantum computing poses significant risks to current encryption methods and could potentially break many of the cryptographic systems currently in use. The article calls for proactive measures to develop quantum-resistant encryption technologies to protect data against future threats. Kim’s insights underline the importance of preparing for quantum advancements to ensure privacy and security in the digital age.
Smart Security Everywhere: Empowering CXOs with Always-On Protection
Shantanu Bhattacharya
CyAN member Shantanu Bhattacharya addresses the need for comprehensive security solutions in his article on ‘Smart Security Everywhere’. He advocates for an ‘Always-On’ protection model that empowers CXOs to manage and mitigate risks continuously. Shantanu outlines how integrating smart security technologies across all organizational levels can provide real-time threat detection and response, thus safeguarding critical assets. His recommendations emphasize the role of leadership in fostering a culture of security that aligns with business objectives and adapts to the evolving cyber threat landscape.
📌 Breaking the Cycle: Combating Online IBSA for a Safer Digital Experience
🗓 March 6th | EST 6 AM | CET 12 PM | AEST 10 PM
Join the webinar
📌 CyAN APAC: The Geopolitical Impacts of Cyber Threats: From Espionage to Influence
🗓 March 12th | Peoplebank, Sydney | Keynote by Dan Elliot
Event details
📌 GITEX AFRICA, Marrakesh, Morocco
🗓 April 14-16
More info
📌 GITEX ASIA, Singapore (Marina Bay Sands)
🗓 April 23-25
More info
📌 GISEC, Dubai World Trade Center, UAE
🗓 May 6-8
More info
📌 The Cyber Outstanding Security Performance Awards (Cyber OSPAs), London, UK
🗓 May 8
More info
📌 World AI Technology Expo UAE, Dubai, UAE
🗓 May 14-15
More info
📌 MaTeCC: Rabat, Morocco
🗓 June 7-9
📍 The third annual North Africa and beyond cybersecurity event, hosted by CyAN partner organisation École High-Tech
More info
03-10 March 2025 Palo Alto PAN-OS authentication bypass exploited in the wild: CVE-2025-0108 This week’s #CVEofTheWeek is about an actively exploited critical Authentication Bypass vulnerability in Palo Alto PAN-OS. PAN-OS is the software that runs all Palo Alto Networks Next-Generation Firewalls (NGFW). The high-level properties …
In today’s fast-paced industrial landscape, the integration of advanced technologies in operational processes is no longer optional; it’s essential. DeepSeek stands at the forefront of this transformation, offering innovative solutions that enhance efficiency, safety, and productivity across various sectors. At its core, DeepSeek leverages cutting-edge …
by Shantanu Bhattacharya
Posted on February 20, 2025 | Originally published on RSAC Conference
🔗 Read the original article on RSAC Conference
Imagine the CFO of a global enterprise opens an email attachment during a business trip, inadvertently unleashing ransomware. Initially dormant within the corporate network, the malware activates offline, encrypting critical financial forecasts. With the laptop disconnected from the organization’s security infrastructure, no alerts are triggered. The company faces potential data loss, operational disruption, and reputational damage.
Traditional security solutions—firewalls, IDS, and EDR—rely on server connectivity for updates and threat intelligence. Offline, these defences are rendered ineffective. Cloud-based security, while promising, fails if malware severs or blocks connectivity. The crux of the problem is the dependency on real-time server communication for security updates and behavioural analytics.
Employs AI to identify threats locally without server interaction.
Modern EPP solutions utilize artificial intelligence (AI) and machine learning (ML) to detect and mitigate threats locally on the device. These solutions can operate independently without continuous server communication, ensuring protection even in isolated environments.
Drawback: Limited effectiveness against new, untrained, or rapidly evolving threats due to infrequent updates.
Implements strict access controls, verifying every action.
By implementing Zero Trust principles, security controls are enforced directly on the endpoint, limiting access to sensitive data based on strict identity verification and behavioral analysis.
Drawback: Complex configurations can disrupt workflows and slow legitimate operations.
Protects sensitive data with on-device encryption keys.
Solutions that automatically encrypt sensitive data and manage encryption keys locally reduce the impact of data exfiltration. Even if malware accesses the files, it cannot decrypt and exploit the information without the local keys.
Drawback: If the device is compromised, local keys become a vulnerability.
Monitors and flags unusual activity offline.
Tools that monitor user and application behavior can detect and respond to unusual activities, such as rapid encryption of files or unauthorized access attempts, even when offline.
Drawback: High false-positive rates can overwhelm security teams and reduce operational efficiency.
The ideal security solution integrates server-stub technology, combining the strengths of existing methods while eliminating their drawbacks. It achieves this by maintaining a local replica of critical security functions from the central server, including:
This solution ensures continuous protection with real-time responses to threats, even without connectivity, and synchronizes seamlessly with the server upon reconnection.
The evolving threat landscape demands that organizations rethink endpoint security strategies, especially for high-risk users like CXOs. Solutions that function independently of network and server components are critical to protecting valuable data from malware attacks. By investing in autonomous endpoint protection, Zero Trust models, local encryption, and behavior-based detection, organizations can safeguard their most sensitive information—even beyond the network perimeter. Adopting these measures not only closes critical security gaps but also strengthens overall cyber resilience in an increasingly mobile and connected business world.
For CXOs on the move, cybersecurity must evolve beyond network-dependent models. A server-replica-based solution provides autonomous, resilient protection, closing critical gaps left by traditional defences. Investing in this approach not only protects sensitive data but also fortifies the organization’s overall cyber resilience.
Shantanu Bhattacharya
Founder, CEO & CTO, 360Sequrity
LinkedIn Profile
🔗 Read the original article on RSAC Conference
Information Security News Ghost Ransomware Targets Orgs in 70+ CountriesDark Reading by Elizabeth MontalbanoGhost ransomware continues to pose a significant threat globally, now targeting organisations in over 70 countries. This ransomware variant is particularly insidious due to its ability to encrypt data swiftly and demand …
Faced with an ever-growing web of cybersecurity regulations and evolving threats, the role of the Chief Information Security Officer (CISO) is undergoing a profound transformation. Artificial Intelligence (AI) is emerging as a critical ally, reshaping security compliance strategies. But how far can automation go without compromising human oversight and accountability?
Cybersecurity Compliance Under Pressure
In today’s digital landscape, CISOs are under constant pressure to ensure compliance with a complex and ever-changing regulatory framework. With laws like DORA, NIS2, GDPR, and the upcoming EU AI Act, organizations must demonstrate robust cybersecurity measures, risk mitigation strategies, and incident response capabilities.
However, achieving compliance is becoming increasingly resource-intensive and costly as, on average, large organizations spend an average of 10% of their IT budget on compliance-related activities. Traditional manual processes—policy audits, risk assessments, reporting, and third-party risk management—are no longer scalable.
This is where AI is stepping in as a game-changer for CISOs, offering tools that enhance efficiency, improve accuracy, and free up cybersecurity teams to focus on proactive risk management rather than administrative burdens.
AI: A New Pillar for Cybersecurity Compliance
AI-driven tools, particularly Large Language Models (LLMs) and Retrieval-Augmented Generation (RAG) technology, are redefining how organizations approach cybersecurity compliance. Rather than replacing CISOs, these technologies augment their capabilities, allowing them to manage security risks more effectively.
🔹 Automated Compliance Audits – AI can scan security policies, logs, and regulatory frameworks to identify gaps and generate compliance reports, reducing the manual workload by up to 60%.
🔹 Intelligent Risk Assessment – AI-driven analysis of security incidents and vulnerabilities helps prioritize threats based on regulatory impact.
🔹 Real-Time Regulatory Monitoring – AI continuously tracks changes in cybersecurity laws and automatically updates compliance requirements, ensuring that CISOs are always aligned with evolving standards.
This shift means that the CISO’s role is evolving. Instead of spending countless hours on administrative compliance tasks, CISOs can leverage AI to enhance decision-making, optimize risk management, and focus on proactive security strategies.
The Rise of the Augmented CISO
The integration of AI in cybersecurity compliance does not mean a loss of human control. The EU AI Act, taking effect in February 2025, mandates strict transparency and accountability in AI-driven decision-making.
CISOs must adapt to a new reality where AI acts as a powerful security enabler but requires proper governance and human oversight to ensure ethical and effective implementation. AI is not a black box—it must be auditable, explainable, and aligned with security best practices.
In the coming years, organizations that successfully combine AI technology with human expertise will be the best prepared to navigate the complex cybersecurity compliance landscape.
The question is no longer whether AI has a role in cybersecurity compliance—it’s how to integrate it effectively to maximize security, efficiency, and resilience.
How I separate noise from real risk… I’ve been asked numerous times how I select the threat groups I write about – why one and not another. So, I thought I’d take a perfectly good Sunday afternoon to share. MITRE currently tracks at least 133 …
Opinion: Disinformation, Attacks on Society, and Our Responsibility as Infosec Professionals
The world’s full of information-borne threats to society – from active baddies to those who support them. As professionals, there is a lot we can and should do to stop these.