CIO.works – Page 8

Is Your Browser Ground Zero for Cyber-attacks?

65% of organizations lack control over data in GenAI apps; 98% report BYOD policy violations; 64% of encrypted traffic is uninspected. The browser, central to modern work, faces risks from unmanaged devices and SaaS applications. 95% experienced browser-based attacks, while significant security gaps persist despite investments. Key solutions: secure browsers enhance protection and visibility, while Secure Access Service Edge (SASE) integrates security frameworks to support hybrid work without compromising user experience.

https://www.cybersecuritydive.com/spons/is-your-browser-ground-zero-for-cyber-attacks/740364/

Managed Security Service Provider (MSSP)

By CIO / M / cybersecurity

MSSP offers outsourced cybersecurity services, including monitoring, threat detection, incident response, and compliance management, enhancing organizations' security posture and operational efficiency.

Digital Transformation Without Cybersecurity Is a Risk That Public Sector Can’t Afford

By CIO / Blog / cybersecurity

UK public sector's digital transformation without cybersecurity poses significant risks, increasing vulnerabilities to citizen data and essential services from AI-driven tools and third-party providers. Noteworthy threats include supply chain breaches, automated cyberattacks, and state-sponsored attacks, emphasizing the need for robust cybersecurity measures, continuous monitoring, and employee training to safeguard public trust and national security.

https://www.techradar.com/pro/digital-transformation-without-cybersecurity-is-a-risk-that-public-sector-cant-afford

Coming Soon: Coordinated Pan-European Enforcement of the ‘Right to Erasure’

By CIO / Blog / GDPR

TLDR: EDPB launching 2025 Coordinated Enforcement Framework focusing on ‘Right to Erasure' under GDPR, engaging 32 European DPAs. Organizations face intensified scrutiny on compliance, needing to improve erasure request processes and overall GDPR compliance to mitigate risk.

https://ogletree.com/insights-resources/blog-posts/coming-soon-coordinated-pan-european-enforcement-of-the-right-to-erasure/

Is Your Website Ready for the European Accessibility Act?

By CIO / Blog / accessibility, regulation, EU

TLDR: The European Accessibility Act mandates that businesses provide digital access for people with disabilities by June 28, 2025, or face penalties. Compliance includes ensuring websites are perceivable, operable, understandable, and robust. North American companies doing business in the EU must also adhere to these standards. Early action is crucial for compliance through effective planning, automation, and integration of accessibility tools to tap into the potential of the $13 trillion disability market while avoiding fines and market access loss.

https://www.cmswire.com/digital-experience/what-digital-experience-leaders-need-to-know-about-the-european-accessibility-act/

Human Rights Are Universal, Not Optional: Don’t Undermine the EU AI Act With a Faulty Code of Practice

By CIO / Blog / AI, regulation, EU

The EU AI Act, effective August 2024, mandates a Code of Practice for AI developers. Still, current drafts weaken human rights protections by making risk assessments optional for many categories, including fundamental rights and discrimination. This change, influenced by corporate interests, jeopardizes rights amid widespread AI use. International standards emphasize risk assessments for human rights, highlighting a disconnect between the Code and global norms. The draft needs revisions to align with robust protections for human rights to maintain the EU's leadership in AI governance.

https://www.techpolicy.press/human-rights-are-universal-not-optional-dont-undermine-the-eu-ai-act-with-a-faulty-code-of-practice/

Credential Stuffing as a Service (CSaaS)

By CIO / C / cybersecurity

CSaaS: Cybercrime model; attackers mass-use stolen credentials for unauthorized access. Easy for criminals, leveraging stolen data for attacks on multiple accounts. Growing threat in security landscape. Users urged to enable 2FA, use unique passwords.

Cloud Development Environment (CDE)

By CIO / C / software development

CDE: Online platform for software dev. Provides tools, resources, collaboration. Supports coding, testing, deployment. Scalable, flexible, remote access. Enhances productivity, integrates with cloud services.

Top Tips for SMEs Navigating GDPR and Data Protection in the UK

By CIO / Blog / GDPR, data protection

TLDR: SMEs in the UK should simplify GDPR compliance by understanding data use, ensuring transparency, clarity, and accountability in data handling. Key steps include: 1) Know the data collected and its purpose; 2) Follow core data protection principles; 3) Assess AI tool risks proactively; 4) Stay informed on evolving regulations. Embracing these practices early can simplify compliance and build trust, despite ongoing regulatory changes.

https://elitebusinessmagazine.co.uk/legal/commercial-law/item/top-tips-for-smes-navigating-gdpr-and-data-protection-in-the-uk

The Evolving Role of the CISO: From Security Expert to Strategic Leader

By CIO / Blog / CISO, cybersecurity

CISO's role is shifting from technical expertise to strategic leadership amid growing cyber threats. They face challenges like managing risk, regulatory compliance, and leveraging AI while ensuring cybersecurity. As digital ecosystems expand, a zero-trust approach is needed, addressing both technology risks and human error. Engaging staff and fostering a security culture is vital, as well as adopting AI-native security solutions to protect data and comply with regulations. The industry's evolving landscape demands CISOs to enhance communication around cyber risk and adapt to maintain security across organizational structures.

https://www.intelligentciso.com/2025/03/27/the-evolving-role-of-the-ciso-from-security-expert-to-strategic-leader/