CIO.works – Page 145

Improving Cybersecurity By 1% At a Time

Cybersecurity improvement doesn't require huge investments, just consistent, incremental changes. Focus on 1% enhancements like regular system updates, strong password policies, employee training, network segmentation, and reliable data backups. These small steps collectively provide substantial protection against threats, promoting a culture of persistence over perfection.

https://www.forbes.com/councils/forbestechcouncil/2025/03/13/improving-cybersecurity-by-1-at-a-time/

Encryption, AI Risks and Policy Chaos: What’s Next for Cybersecurity?

By CIO / Blog / trends, cybersecurity

Cybersecurity faces rapid evolution due to disruptive technologies, regulations, and geopolitical factors. Key issues include U.S. government agency restructuring affecting security, the UK seeking backdoor access to encrypted data, and the impending threats of quantum computing on encryption. While AI offers benefits, it also raises risks like advanced cyberattacks. Organizations must prioritize proactive security measures and adaptability to thrive amidst these challenges.

https://www.morphisec.com/blog/encryption-ai-risks-policy-chaos-future-of-cybersecurity/

NIS2: a Game-Changer for Senior Management and Boards

By CIO / Blog / NIS2

NIS2 transforms senior management and boards' approach to cybersecurity.

https://www.williamfry.com/knowledge/nis2-a-game-changer-for-senior-management-and-boards/

5 Questions to Ask Before Deploying Agentic AI

By CIO / Blog / AI

CIOs must consider five key questions before deploying agentic AI:

What specific problem will it solve?
Is there sufficient and suitable data to support it?
How will data security be ensured?
How does it align with the company's overall tech strategy?
What monitoring processes will be in place to maintain its effectiveness?

These considerations are crucial for successful AI integration, particularly regarding security and relevance.

https://www.ciodive.com/news/5-questions-agentic-AI-CIO/742296/

AI Act’s New GPAI Code Out… Finally, Natalie Donovan

By CIO / Blog / regulation, EU, AI

EU's new GPAI Code, delayed but published on March 11, aims to aid compliance under the AI Act for General Purpose AI providers. While it includes streamlined commitments and user-friendly documentation, concerns remain from tech bodies about copyright and risk evaluation requirements. Further guidance on GPAI models is forthcoming. Finalization is due by May; if not completed by August 2025, common rules may be established by the Commission. The success of this voluntary Code is crucial for practical implementation of the AI Act.

https://thelens.slaughterandmay.com/post/102k49e/ai-acts-new-gpai-code-out-finally

Joint Report on Publicly Available Hacking Tools

By CIO / Blog / cybersecurity

The NCSC report details publicly available hacking tools used by cybercriminals and nation-state actors, highlighting their accessibility and impact. It examines tools for credential theft, network exploitation, and persistence and urges organizations to strengthen defenses against these threats.

https://www.ncsc.gov.uk/report/joint-report-on-publicly-available-hacking-tools

CJEU Issues Judgment on Balancing the Right of Access and Protecting Trade Secrets in Automated Decision-making Processes

By CIO / Blog / GDPR

CJEU's Feb 27, 2025 judgment in CK v Dun & Bradstreet clarifies GDPR provisions on access to personal data and automated decision-making. It mandates that data subjects must receive meaningful, concise explanations without full algorithm disclosure. Controllers must balance transparency with trade secret protection, sharing relevant information with supervisory authorities for cases involving trade secrets. The ruling rejects blanket legal exclusions for access rights based on trade secrets, requiring case-by-case assessments.

https://www.aoshearman.com/en/insights/ao-shearman-on-data/cjeu-issues-judgment-on-balancing-the-right-of-access-and-protecting-trade-secrets

The CISO as Business Resilience Architect

By CIO / Blog / cybersecurity, CISO

CISOs must adapt to rising regulatory pressures and evolving cyber threats, leading the way in resilience strategies while managing compliance. Their roles may evolve from purely cybersecurity to overseeing overall business resilience, integrating AI, and collaborating closely with IT and senior management. The CISO's focus will shift towards designing security architectures that support growth and adaptability, making them essential in the boardroom.

https://www.darkreading.com/vulnerabilities-threats/ciso-business-resilience-architect

The EU’s AI Act: The First Obligations Take Effect

By CIO / Blog / regulation, EU, AI

EU's AI Act now mandates first obligations.

https://www.jdsupra.com/legalnews/the-eu-s-ai-act-the-first-obligations-3018655/

EU AI Act Roadmap: What Does the AI Act Mean for Your Organization?

By CIO / Blog / AI, EU, regulation

EU AI Act requires organizations to implement a governance system for AI systems, classify them by risk, and prepare for compliance within two years. Violations can incur hefty penalties. Companies should establish clear responsibility lines among IT, legal, and compliance teams, conduct risk assessments, and create an inventory of AI solutions. A proactive approach is needed to meet the law's requirements and mitigate risks involved with AI usage.

https://www.ey.com/en_nl/insights/ai/eu-ai-act-roadmap-what-does-the-ai-act-mean-for-your-organization