CIO – Page 90 – CIO.works

How Do We Measure Our Defenses Against Social Engineering Attacks?

CISO Series discusses measuring defenses against social engineering attacks, particularly phishing. Hosts David Spark and Mike Johnson question the effectiveness of using phishing click rates as a metric, suggesting they are easily influenced and insufficient. Experts emphasize the need for a holistic approach, focusing on response actions post-click and measuring susceptibility across various channels, not just email. They highlight the importance of a layered security strategy and the evolving sophistication of attacks facilitated by advances like AI. Recommendations include enhancing awareness training and developing contextual metrics to better assess organizational security.

https://cisoseries.com/how-do-we-measure-our-defenses-against-social-engineering-attacks/

VODchat: Creating a CIO’s Agentic AI Playbook

By CIO / Blog / AI

This text covers strategies for CIOs to adopt agentic AI in enterprises, highlighting challenges, skills requirements, governance, and examples from industry leaders. It also details a partnership between Chiang Mai University and IBM to advance AI and quantum computing research in Southeast Asia.

Agentic AI automates complex IT tasks, enhances efficiency, and shifts IT from a reactive to a proactive role. Key adoption challenges:

Need for upskilling IT staff
Integrating with legacy systems
Governance and compliance requirements

IBM’s three-step model: orchestration, integration, and data-driven reflection, helps smooth AI agent adoption while supporting business continuity. Robust governance is essential for ethical and compliant AI; frameworks include MAS regulations and the EU AI Act. CIOs should prioritize AI investments based on business outcomes, rather than hype or the fear of missing out. Chiang Mai University and IBM's partnership aims to boost AI and quantum research, strengthen regional collaboration, and develop local talent for deep tech leadership in Southeast Asia.

https://futurecio.tech/creating-a-cios-agentic-ai-playbook/

GitHub’s Agent HQ Aims to Solve Enterprises’ Biggest AI Coding Problem: Too Many Agents, No Central Control

By CIO / Blog / coding, AI

GitHub launched Agent HQ, a platform for managing multiple AI coding agents from various vendors, aimed at improving enterprise control and security. It centralizes coding tools within GitHub, supports custom agents with version control, and implements a unified interface called Mission Control. The system allows for granular permissions across repositories while maintaining security standards. Key features include Plan Mode for project collaboration and an agentic code review process using GitHub's CodeQL engine. Enterprises can adopt custom agent guidelines to standardize coding practices without sacrificing flexibility in tool usage.

https://venturebeat.com/ai/githubs-agent-hq-aims-to-solve-enterprises-biggest-ai-coding-problem-too

The One Cybersecurity Shift Every Business Needs to Make Right Now

By CIO / Blog / cybersecurity

As remote work and cloud platforms have dissolved traditional network perimeters, businesses must shift cybersecurity strategies from guarding networks to focusing on user identity, visibility, and smarter authentication. Relying on Zero Trust models and strong authentication methods is essential, while managing risk by controlling devices and allowing productivity tools under specific safeguards. Security now revolves around controlling who has access, not simply defending the network itself.

https://www.entrepreneur.com/science-technology/the-cybersecurity-shift-every-business-needs-to-make-today/497891

How Corporate Changes at OpenAI Will Affect CIOs

By CIO / Blog / AI

OpenAI is restructuring into a nonprofit (OpenAI Foundation) and a for-profit entity (OpenAI Group) while revising its partnership with Microsoft, which retains a 27% stake but allows more flexibility in product development. CIOs should monitor potential pricing changes, innovation rates, and access to OpenAI tools, as the lack of enterprise safeguards may hinder adoption. Increased funding could stabilize products but may lead to cost-cutting impacting data privacy. As OpenAI focuses on profitability, enterprises ought to be vigilant regarding shifts in security and access to AI technologies.

https://www.ciodive.com/news/openai-microsoft-nonprofit-corporate-structure/804143/

Ransomware Hackers Look for New Tactics Amid Falling Profits

By CIO / Blog / cybersecurity, trends, ransomware

Ransomware profits are falling, forcing cybercriminals to adopt new tactics and target different victims.

The percentage of victims paying ransoms dropped below 25% for the first time, and ransom amounts decreased sharply.
Larger organizations are less likely to pay ransoms, leading to fragmentation of the ransomware landscape and more attacks on midsize organizations.
New tactics include:
- Recruiting or bribing insiders, especially at large, high-value organizations.
- Social engineering helps desks and launches supply chain attacks.
- Callback phishing, manipulating victims through real-time phone negotiation.
Sending personalized ransom demands using compromised or fake email accounts.
Smaller ransomware groups are more active, resulting in unpredictable targets, including regions and sectors previously less affected.
Enterprises are urged to strengthen their insider threat programs amid increasing efforts by hackers to recruit insiders.

https://www.databreachtoday.com/ransomware-hackers-look-for-new-tactics-amid-falling-profits-a-29867

Microsoft Teams Can Record Office Presence From December

By CIO / Blog / location, Microsoft, privacy

Microsoft Teams will record workplace presence starting December 2025 by detecting connections to office Wi-Fi, aiming to aid hybrid work setups. The feature automatically sets user status based on their location, raising potential data privacy concerns and necessitating employee consent and management activation for use. Critics warn it could undermine trust in remote work practices, emphasizing the need for legal compliance under GDPR and labor laws.

https://www.heise.de/en/news/Microsoft-Teams-can-record-office-presence-from-December-10899943.html

Around 70 Countries Sign New UN Cybercrime Convention—but Not Everyone’s on Board

By CIO / Blog / cybersecurity, regulation

Around 70 countries signed a UN Cybercrime Convention aiming to combat cybercrime through global cooperation. The treaty requires 40 states to ratify it to become law, yet the US is not among signatories, citing ongoing review. There are concerns about privacy erosion, expanded surveillance powers, and potential misuse by authoritarian governments. Critics argue the treaty's vague provisions could hamper legitimate cybersecurity efforts and lack adequate protections for human rights and due process.

https://www.malwarebytes.com/blog/news/2025/10/around-70-countries-sign-new-un-cybercrime-convention-but-not-everyones-on-board

Microsoft 365 Copilot Now Enables You to Build Apps and Workflows

By CIO / Blog / Microsoft, AI

Microsoft 365 Copilot now lets employees quickly build apps, workflows, and AI agents with natural language prompts. New tools like App Builder, Workflows Agent, and Copilot Studio Lite enable users to create dashboards, automate recurring tasks, and develop work-focused agents. These features are fully integrated with Microsoft 365’s security and compliance standards, providing administrators with centralized controls for management.

https://www.microsoft.com/en-us/microsoft-365/blog/2025/10/28/microsoft-365-copilot-now-enables-you-to-build-apps-and-workflows/

How Evolving Regulations Are Redefining CISO Responsibility

By CIO / Blog / cybersecurity, regulation, trends

CISOs face growing personal and criminal liability as cyberattacks targeting vulnerabilities in IoT and OT devices increase. Global regulations now require stricter cyber risk management, transparency, and compliance, with 20% of breaches in 2025 linked to device vulnerabilities. CISOs are expected to provide accurate asset inventories, honest reporting, prompt breach disclosure, and the management of third-party risks. Organizations are updating policies, boosting legal support, and enhancing security oversight to adapt.

https://www.csoonline.com/article/4079450/how-evolving-regulations-are-redefining-ciso-responsibility.html

Author name: CIO