Author name: CIO

Managing the Many We’s of IT

By / Blog / ,

CIOs must understand the diverse identities within their IT organizations, recognizing that the “we” in IT includes various groups with differing values and engagement levels. Successful CIOs need to be transparent about their own identity and foster engagement by ensuring employees have effective tools, reducing unnecessary work, and managing vendor relationships. By broadening the concept of “we,” CIOs can enhance collaboration and collective responsibility for IT value creation and security across their organizations.

https://www.cio.com/article/3968848/managing-the-many-wes-of-it.html

EU Moves to Clarify AI Act Scope for gen-AI

By / Blog / , ,

EU proposes thresholds for computational resources to clarify compliance for general-purpose AI (GPAI) models under the AI Act effective August 2025. The guidelines, subject to industry feedback via a survey, aim to establish when AI models become subject to regulatory requirements. Key points include defining GPAI models based on compute use (>= 10^22 FLOP), obligations for record-keeping, copyright policies, and potential compliance benefits for signatories to a forthcoming code of practice. Critics argue reliance on FLOP is flawed as it may inadequately reflect model capabilities and risks. Moreover, modifications over certain compute thresholds may elevate compliance burdens.

https://www.pinsentmasons.com/out-law/news/eu-clarify-ai-act-scope-gen-ai

EU AI Office Clarifies Key Obligations for AI Models Becoming Applicable in August

By / Blog / , ,

EU AI Office issued draft guidelines for obligations on general-purpose AI (GPAI) models applicable from August 2025. Stakeholders can provide feedback until May 22, 2025. The guidelines clarify the AI Act's provisions for GPAI, defining it as models performing multiple tasks, needing technical documentation and copyright compliance. Systems exceeding 10^25 FLOPs qualify as GPAI with systemic risk (GPAI-SR) and have stricter requirements. Fine-tuning these models may create new compliance obligations. Companies should establish AI governance, map AI applications, and prepare for the upcoming regulations. Compliance for earlier models must be achieved by August 2027.

https://www.wsgr.com/en/insights/eu-ai-office-clarifies-key-obligations-for-ai-models-becoming-applicable-in-august.html

Key Takeaways From the 2025 Global Threat Landscape Report

By / Blog /

2025 Global Threat Landscape Report Highlights:

  1. Threat Landscape Shift: Attackers compressing reconnaissance to compromise timeframe; defenders have limited response time.
  2. Automation & AI in Cybercrime: Increased automation in attacks; Cybercrime-as-a-Service lowers entry barriers for attackers.
  3. Credential Compromise: 42% rise in stolen credentials; credentials are key for ransomware and espionage.
  4. Cloud Vulnerabilities: Continued risks include misconfigured services and credential leaks.
  5. Exploitation Trends: Persistent and opportunistic exploitation of legacy vulnerabilities, especially IoT devices.
  6. Post-Exploitation Strategies: Attackers utilize RDP and malware for lateral movement; evade traditional detection methods.
  7. Security Changes Needed: Emphasis on Continuous Threat Exposure Management (CTEM) to adapt defenses.
  8. Strategic Focus: Organizations must enhance visibility, reduce exposure, and respond swiftly to threats.

https://www.fortinet.com/blog/threat-research/key-takeaways-from-the-2025-global-threat-landscape-report

Reporting Lines: Could Separating From IT Help CISOs?

By / Blog / , ,

Separating the CISO (Chief Information Security Officer) from the IT department and having them report to the CFO can enhance their ability to communicate cybersecurity risks in business terms, thereby improving executive collaboration and reducing conflicts of interest. This shift allows CISOs to focus on risk management over solely technical controls, fostering strategic discussions about cybersecurity investments and their impact on the overall business. By adapting their language and understanding financial fundamentals, CISOs become better positioned to advocate for funding and align security initiatives with business objectives.

https://www.csoonline.com/article/3964405/reporting-lines-could-separating-from-it-help-cisos.html

JPMorgan Chase CISO Warns Software Industry on Supply Chain Security

By / Blog / ,

JPMorgan Chase's CISO Patrick Opet urges the software industry to prioritize secure development over rapid deployment in an open letter, citing risks from interconnected systems and reliance on a few vendors. He highlights past incidents affecting critical infrastructure and advocates for better security standards and transparency regarding third-party access. The letter coincides with discussions at the RSAC Conference on software security, echoing calls for secure-by-design practices.

https://www.cybersecuritydive.com/news/jpmorgan-chase-ciso–software-supply-chain-security/746476/

Customer-centric IT: Strategies for Delivering Winning Customer Experiences

By / Blog / ,

CIOs must adopt customer-centric strategies to drive business growth and enhance customer experiences. Key strategies include establishing a clear customer-focused vision (the “North Star”), integrating business and IT teams, fostering a customer-centric culture, collaborating early with stakeholders, improving data coherence, modernizing technology, and accelerating AI adoption to meet customer expectations. These approaches aim to create personalized experiences and strengthen customer relationships.

https://www.cio.com/article/3966301/customer-centric-it-strategies-for-delivering-winning-customer-experiences.html

Scroll to Top