Blog

1 in 3 IT Leaders Pull Back on AI Investments: Asana

By / Blog /

1 in 3 IT leaders are reducing AI investments due to inadequate employee training and rushed implementations, leading to ineffective adoption strategies. Over half regret not training staff, while nearly 30% acknowledge hasty investments. Failure rates of AI projects are rising, prompting some firms to abandon initiatives. However, successful AI adopters report improvements in productivity and decision-making.

https://www.ciodive.com/news/IT-CIO-AI-regret-investment-experimentation-asana/747683/

The CIO Role Is Expanding — And So Are the Risks of Getting It Wrong

By / Blog /

CIOs' roles are evolving to shape business strategy and prioritize revenue growth amid digital transformations. They now need strong operational mindsets, aligning technology investments with business outcomes. Successful CIOs collaborate across departments, set clear KPIs, and foster a culture of agility and transparency to minimize risks and drive effective change. Embracing smaller, impactful projects can build trust and facilitate broader strategic initiatives.

https://www.informationweek.com/it-leadership/the-cio-role-is-expanding-and-so-are-the-risks-of-getting-it-wrong

The Industry Needs a New Approach to Protecting Legacy Critical Infrastructure

By / Blog /

Legacy critical infrastructure, particularly on outdated Linux systems, faces increasing vulnerabilities. Enterprises struggle between costly upgrades or operating with known risks, creating compliance vs. security challenges. New tools offer vulnerability patching without full system upgrades, prompting a need to rethink the balance between operational stability and security. Legacy systems shouldn't be synonymous with inevitable security risks; innovative solutions are essential for protecting vital services.

https://www.scworld.com/perspective/the-industry-needs-a-new-approach-to-protecting-legacy-critical-infrastructure

AI Act Deadline Missed as EU GPAI Code Delayed Until August, Richard Barker

By / Blog / , ,

EU's General Purpose AI Code release missed May 2 deadline; now expected by August, delaying related AI Act provisions. Reasons for delay include allowing feedback and assessing support from AI providers. Political solutions may be necessary if not finalized by August, while tech developers face additional regulatory challenges.

https://thelens.slaughterandmay.com/post/102karg/ai-act-deadline-missed-as-eu-gpai-code-delayed-until-august

Kaspersky Ransomware Report for 2024

By / Blog / ,

Kaspersky's 2024 ransomware report reveals an 18% decrease in detections but an increased focus on targeted attacks. Ransomware-as-a-Service (RaaS) remains prevalent. Average ransom payments rose despite overall payments dropping by 35%. The report highlights a shift towards data exfiltration strategies alongside encryption. Major groups faced disruptions, yet new actors emerged, utilizing AI tools and custom toolkits. The report warns of evolving threats including Bring Your Own Vulnerable Driver (BYOVD) attacks. Recommendations stress proactive defense, incident response planning, and education against phishing to combat the changing ransomware landscape.

https://securelist.com/state-of-ransomware-in-2025/116475/

Beyond WHOIS: Rethinking Domain Verification in a Post-GDPR World

By / Blog / ,

GDPR has enhanced user data protection but limited access to WHOIS domain registration information, complicating brand protection and cybersecurity efforts. Legitimate users now face obstacles in verifying domain ownership, while malicious actors exploit the lack of transparency. A new model balancing privacy and accountability is needed, with suggested approaches including tiered access systems, verified registrant frameworks, streamlined access requests, and collaborative policy development. The emergence of the EU's NIS2 Directive highlights the urgency for accurate domain data, driving the need for scalable, privacy-conscious verification solutions to restore trust in the digital space.

https://circleid.com/posts/beyond-whois-rethinking-domain-verification-in-a-post-gdpr-world

If You Work in Cyber, You Are the Problem, Says CISO

By / Blog /

CISO Greg van der Gaast asserts that cyber security professionals, obsessed with technology, are part of the problem. He argues they need to prioritize business protection over tech fixation, emphasizing that a focus on underlying issues rather than just risk management is crucial. Effective security requires a company-wide approach, not just reliance on tools or risk mitigation strategies.

https://www.computing.co.uk/event/2025/if-you-work-in-cyber-you-are-the-problem-says-ciso

Security Tools Alone Don’t Protect You — Control Effectiveness Does

By / Blog /

Security tools alone don't ensure safety; control effectiveness does. A report reveals that breaches often stem from misconfigured controls, not a lack of tools—organizations possess an average of 43, yet 61% faced breaches due to failure in these configurations. Effective cybersecurity now hinges on optimizing controls, embedding security into organizational practices, and fostering collaboration across teams. Continuous evaluation and adjustment of security measures are critical as threats evolve, emphasizing a shift from mere tool acquisition to proactive control management and resilience-building.

https://thehackernews.com/2025/05/security-tools-alone-dont-protect-you.html

12 Reasons to Ignore Computer Science Degrees

By / Blog /

Many organizations are favoring practical programming skills over formal computer science degrees due to the rise of AI, no-code tools, and changing industry needs. Concerns include irrelevant theoretical focus, professors lacking programming experience, outdated curricula, and a lack of modern skills being taught. As a result, hiring managers are encouraged to consider diverse backgrounds over traditional CS degrees for effective problem-solving.

https://www.cio.com/article/3979014/12-reasons-to-ignore-computer-science-degrees.html

Scroll to Top