CIO – Page 18 – CIO.works

Teleport Report Finds Over-Privileged AI Systems Linked to Fourfold Rise in Security Incidents

By CIO / Blog / AI, cybersecurity, threats, report

A report by Teleport found that enterprises granting excessive access permissions to AI systems experience 4.5 times more security incidents than those restricting AI access, highlighting identity management's lag behind AI adoption. Based on interviews with 205 security leaders, the study shows that broad AI access correlates with higher incident rates, often due to static credentials and lack of automated governance controls, emphasizing the need for unified, machine-speed identity management to mitigate risks.

https://www.infoq.com/news/2026/03/teleport-ai-report/

Watch Your Words: Tim Brown’s Advice for CISOs

By CIO / Blog / cybersecurity, leadership, communication, threads

Tim Brown, former CISO of SolarWinds, shared insights at RSAC 2026 about the 2020 SolarWinds supply chain attack and his personal experience as the first CISO indicted in a civil lawsuit by the SEC for alleged fraud related to cybersecurity disclosures. Brown highlighted how excessive communication and misunderstood internal language during the ensuing SEC investigation led to legal challenges, emphasizing the critical need for clear communication policies and cautious internal messaging to prevent misinterpretation and legal risks in cybersecurity incident management.

https://www.techtarget.com/searchsecurity/feature/Watch-your-words-Tim-Browns-advice-for-CISOs

Why Cybersecurity’s Uncertainty Problem Is Getting Worse

By CIO / Blog / cryptography, threats, cybersecurity, AI

Cybersecurity faces increasing uncertainty, with leading cryptographers unable to agree on the greatest threats. Paul Kocher, a cryptography researcher, warns that AI will accelerate the discovery of vulnerabilities in protocols and implementations, posing a significant threat to cybersecurity.

https://www.govinfosecurity.com/cybersecuritys-uncertainty-problem-getting-worse-a-31232

Ransomware and Phishing Still Drive Data-Security Incidents, But AI’s Shadow Looms

By CIO / Blog / threats, ransomware, phishing, AI

The 12th annual Data Security Incident Response Report by law firm BakerHostetler reveals that ransomware demands averaged $4.24 million last year, rising 70%, while phishing caused 30% of data-security incidents. The report highlights AI's growing role in cyberattacks, evolving beyond phishing enhancement to sophisticated social engineering and automated hacking, signaling a significant shift in the cybersecurity landscape.

https://www.digitaltransactions.net/ransomware-and-phishing-still-drive-data-security-incidents-but-ais-shadow-looms/

Understanding Passkeys

By CIO / Blog / password, authentication

The article explores the concept of passkeys as a modern authentication method based on cryptographic key pairs managed by authenticators, offering benefits like phishing resistance, improved security, and ease of use over traditional passwords. It clarifies common misconceptions, such as the risk of being locked out if a device is lost and how passkeys relate to two-factor authentication, and shares personal experiences using passkeys with various services, highlighting both usability and security considerations. Ultimately, the author advocates for adopting passkeys—especially via password managers—as a convenient and secure replacement for passwords and encourages better security hygiene.

https://marending.dev/notes/passkeys/

The CISO’s Guide to Responding to Shadow AI

By CIO / Blog / AI, risk management

The article provides a guide for Chief Information Security Officers (CISOs) on responding to shadow AI, emphasizing four key steps: assessing the associated risks, understanding the motivations behind unapproved AI use, deciding whether to shut down or integrate shadow AI tools, and reviewing AI governance policies. It highlights that shadow AI usage often arises from the rapid adoption of AI tools without proper oversight, posing risks such as data breaches and operational disruptions, and stresses the importance of balanced governance to manage these risks while fostering responsible AI use within organizations.

https://www.csoonline.com/article/4143302/the-cisos-guide-to-responding-to-shadow-ai.html

AI Sovereignty Risk: a Five-Step Agenda for CIOs

By CIO / Blog / AI, risk management

The article discusses the growing importance of AI sovereignty, where nations control AI ecosystems within their borders, posing challenges for global CIOs. It outlines a five-step agenda for CIOs to manage AI sovereignty risks, including educating executives, consulting legal experts, balancing AI providers, securing data, and anticipating architectural shifts toward hybrid AI models. This approach helps organizations navigate complex regulatory environments and align AI strategies with jurisdictional compliance and enterprise goals.

https://www.idc.com/resource-center/blog/ai-sovereignty-risk-a-five-step-agenda-for-cios/

Transforming Diverse Experiences Into a Storied CIO Career

By CIO / Blog / career, leadership, CIO

Denise Russell Fleming, CIO and EVP of technology and global services at BD, shares insights from her diverse career spanning business, marketing, customer support, and IT that uniquely positioned her to lead large-scale transformations. Highlighting the importance of trust, collaboration, and a growth mindset, Fleming discusses her journey to the CIO role, experiences with complex initiatives, and advice for CIOs aspiring to board service, emphasizing that effective leadership in technology is deeply rooted in understanding both people and business.

https://www.cio.com/article/4148293/transforming-diverse-experiences-into-a-storied-cio-career.html

From Cyber Risk to Business Risk: How CISOs Should Engage the Board in 2026

By CIO / Blog / leadership, cybersecurity

IDC's 2026 insights highlight that cyber risk has evolved into a critical business concern at the board level, requiring CISOs to translate technical cyber threats into measurable business impacts and align security strategies with regulatory and operational priorities. Amid rising regulatory pressures like NIS2 and the EU AI Act, CISOs are advised to adopt financial risk metrics, implement robust risk management frameworks, and engage regularly with boards through clear, business-focused communication to enhance organizational resilience and informed decision-making.

https://www.idc.com/resource-center/blog/from-cyber-risk-to-business-risk-how-cisos-should-engage-the-board-in-2026/

Before You Scale: a Risk Management Framework for AI Systems

By CIO / Blog / risk management, AI

As AI systems transition from pilot phases to full-scale production, organizations often face hidden risks in governance, data management, operations, and change management that can hinder sustainable growth. EisnerAmper outlines a six-pillar risk management framework—covering governance, business strategy, cybersecurity and data privacy, technology and cloud infrastructure, people and change, and data practices—that helps organizations identify and address potential friction points early, ensuring responsible and scalable AI adoption aligned with established standards like NIST and ISO. Early assessment under this framework is critical for sustaining effective AI systems as usage expands.

https://www.eisneramper.com/insights/artificial-intelligence-insights/ai-risk-management-framework-for-scaling-0326/

Author name: CIO