Blog – Page 120 – CIO.works

Kaspersky Ransomware Report for 2024

By CIO / Blog / ransomware, cybersecurity

Kaspersky's 2024 ransomware report reveals an 18% decrease in detections but an increased focus on targeted attacks. Ransomware-as-a-Service (RaaS) remains prevalent. Average ransom payments rose despite overall payments dropping by 35%. The report highlights a shift towards data exfiltration strategies alongside encryption. Major groups faced disruptions, yet new actors emerged, utilizing AI tools and custom toolkits. The report warns of evolving threats including Bring Your Own Vulnerable Driver (BYOVD) attacks. Recommendations stress proactive defense, incident response planning, and education against phishing to combat the changing ransomware landscape.

https://securelist.com/state-of-ransomware-in-2025/116475/

Beyond WHOIS: Rethinking Domain Verification in a Post-GDPR World

By CIO / Blog / domain names, GDPR

GDPR has enhanced user data protection but limited access to WHOIS domain registration information, complicating brand protection and cybersecurity efforts. Legitimate users now face obstacles in verifying domain ownership, while malicious actors exploit the lack of transparency. A new model balancing privacy and accountability is needed, with suggested approaches including tiered access systems, verified registrant frameworks, streamlined access requests, and collaborative policy development. The emergence of the EU's NIS2 Directive highlights the urgency for accurate domain data, driving the need for scalable, privacy-conscious verification solutions to restore trust in the digital space.

https://circleid.com/posts/beyond-whois-rethinking-domain-verification-in-a-post-gdpr-world

If You Work in Cyber, You Are the Problem, Says CISO

By CIO / Blog / cybersecurity

CISO Greg van der Gaast asserts that cyber security professionals, obsessed with technology, are part of the problem. He argues they need to prioritize business protection over tech fixation, emphasizing that a focus on underlying issues rather than just risk management is crucial. Effective security requires a company-wide approach, not just reliance on tools or risk mitigation strategies.

https://www.computing.co.uk/event/2025/if-you-work-in-cyber-you-are-the-problem-says-ciso

Security Tools Alone Don’t Protect You — Control Effectiveness Does

By CIO / Blog / cybersecurity

Security tools alone don't ensure safety; control effectiveness does. A report reveals that breaches often stem from misconfigured controls, not a lack of tools—organizations possess an average of 43, yet 61% faced breaches due to failure in these configurations. Effective cybersecurity now hinges on optimizing controls, embedding security into organizational practices, and fostering collaboration across teams. Continuous evaluation and adjustment of security measures are critical as threats evolve, emphasizing a shift from mere tool acquisition to proactive control management and resilience-building.

https://thehackernews.com/2025/05/security-tools-alone-dont-protect-you.html

12 Reasons to Ignore Computer Science Degrees

By CIO / Blog / workforce

Many organizations are favoring practical programming skills over formal computer science degrees due to the rise of AI, no-code tools, and changing industry needs. Concerns include irrelevant theoretical focus, professors lacking programming experience, outdated curricula, and a lack of modern skills being taught. As a result, hiring managers are encouraged to consider diverse backgrounds over traditional CS degrees for effective problem-solving.

https://www.cio.com/article/3979014/12-reasons-to-ignore-computer-science-degrees.html

How Much Does PCI DSS Compliance Cost in 2025?

By CIO / Blog / PCI DSS

PCI DSS compliance costs are rising in 2025 due to inflation and enhanced requirements from PCI DSS 4.0, necessitating increased investment in labor, technology, and advanced security measures.

https://securityboulevard.com/2025/05/how-much-does-pci-dss-compliance-cost-in-2025/

Federal CIO Outlines 16 Operating Principles for IT Leaders

By CIO / Blog / CIO

Federal CIO Greg Barbaccia presents 16 operating principles for new federal IT leaders, emphasizing trust, accountability, and proactivity. With a wave of new, inexperienced CIOs, he aims to establish a culture shift in federal technology management. Reactions to the principles vary, with some seeing the message as condescending while others recognize its necessity for new leaders. Barbaccia's guidelines stress understanding missions, owning outcomes, and fostering collaboration, intending to modernize government IT practices and improve effectiveness amid significant turnover in CIO roles.

https://federalnewsnetwork.com/cio-news/2025/05/federal-cio-outlines-16-operating-principles-for-it-leaders/

EDPB Releases Guidelines on Blockchain Personal Data Processing

By CIO / Blog / GDPR, data protection

EDPB released guidelines on blockchain personal data processing, addressing GDPR compliance challenges due to blockchain's immutability and decentralization. It emphasizes clarified roles for nodes and advocates for minimized personal data use, encryption, or hashing to protect data, and off-chain storage for eraseability. Public consultation open until June 9, 2025, with expected consistency in final guidelines.

https://natlawreview.com/article/blocks-rights-privacy-and-blockchain-eyes-eu-data-protection-authorities

NIS2 Directive: New Rules on Cybersecurity of Network and Information Systems

By CIO / Blog / regulation, EU, NIS2

NIS2 Directive enhances EU cybersecurity rules across 18 sectors, requiring member states to develop national strategies, manage risks, report incidents, and establish accountability. It expands coverage beyond energy and healthcare to include public services and digital platforms, fostering cooperation and information sharing among nations through CSIRTs and networks like EU-CyCLONe. This legislation, effective from January 2023, supersedes NIS1, aiming for heightened security amidst rising cyber threats. Member states must comply by October 2024.

https://digital-strategy.ec.europa.eu/en/policies/nis2-directive

Commission Calls on 19 Member States to Fully Transpose the NIS2 Directive

By CIO / Blog / EU, NIS2

19 EU Member States called to transpose NIS2 Directive for cybersecurity by October 2024. Commission issues opinion; non-compliance may lead to legal action.

https://digital-strategy.ec.europa.eu/en/news/commission-calls-19-member-states-fully-transpose-nis2-directive