cybersecurity – CIO.works

Compliance Now Biggest Cyber Challenge for UK Financial Services

By CIO / Blog / regulation, cybersecurity

Compliance is the top cyber challenge for UK financial services, as cited by 44% of surveyed firms. Key issues include data protection, remote work support, and cloud security. The EU's DORA regulation, effective January 2025, highlights the need for robust cyber resilience. Supply chain attacks take the longest to respond to (16 hours), with significant concerns about threats from nation-states. A third of firms are using AI in cybersecurity, viewing AI-powered phishing as a major threat (89%).

https://www.infosecurity-magazine.com/news/compliance-cyber-challenge-uk/

Why Cybersecurity Shouldn’t Be a Checkbox Exercise

By CIO / Blog / PCI DSS, cybersecurity

Cybersecurity must go beyond mere compliance with regulations like PCI DSS as it does not equate to true security. Many small and medium-sized businesses mistakenly believe compliance provides safety, yet attackers specifically target them. Compliance often leads to a false sense of security, deprioritizing essential threat detection and response. Businesses need a risk-based strategy that identifies and addresses actual vulnerabilities, aligns with operational priorities, and uses dynamic, real-time threat detection. Ultimately, resilience against cyber threats should be the primary focus, moving beyond basic compliance to ensure ongoing business protection.

https://www.fastcompany.com/91331498/why-cybersecurity-shouldnt-be-a-checkbox-exercise

This Cybersecurity Expert Is Popularizing Cyber Hygiene

By CIO / Blog / cybersecurity

Cybersecurity expert Confidence Staveley aims to mainstream cyber hygiene and tackle sector inequalities. Founder of CyberSafe Foundation, she promotes women’s participation in cybersecurity and educates marginalized communities through programs like DigiGirls and CyberGirls, alongside initiatives targeting children and seniors. Staveley highlights the vulnerability of small businesses and advocates for government support in cybersecurity education. She emphasizes the importance of understanding psychological factors in cyberattacks, suggesting a holistic approach to education and awareness.

https://www.weforum.org/stories/2025/05/make-cybersecurity-accessible-equitable/

72% of Cyber Leaders Say Cybersecurity Risks Are Rising

By CIO / Blog / trends, cybersecurity

72% of cyber leaders report rising cybersecurity risks; concerns include AI misuse, ransomware, and geopolitical tensions influencing security strategies. Nations are adapting their cybersecurity approaches, emphasizing tailored solutions, public-private partnerships, and workforce development. Key challenges include protecting SMEs, addressing talent shortages, and navigating regulatory complexities. Effective cybersecurity strategies must evolve rapidly to combat sophisticated threats, while governments should provide clear incentives to foster robust security practices in the private sector.

https://www.weforum.org/stories/2025/05/cybersecurity-cyber-risk-national-policy/

ENISA Launches EU Vulnerability Database to Strengthen Cybersecurity Under NIS2 Directive, Boost Cyber Resilience

By CIO / Blog / NIS2, cybersecurity, EU

ENISA has launched the EU Vulnerability Database under the NIS2 Directive to enhance cybersecurity and resilience across the EU. The database provides centralized, reliable information on cybersecurity vulnerabilities, offering insights for risk management and mitigation. It integrates data from various sources to improve situational awareness and transparency, helping organizations better protect against cyber threats. ENISA aims to refine the database throughout 2025, incorporating user feedback and evolving cybersecurity needs while emphasizing the significance of coordinated vulnerability disclosure in strengthening the EU's cyber defenses.

https://industrialcyber.co/vulnerabilities/enisa-launches-eu-vulnerability-database-to-strengthen-cybersecurity-under-nis2-directive-boost-cyber-resilience/

Consult the European Vulnerability Database to Enhance Your Digital Security!

By CIO / Blog / NIS2, EU, cybersecurity

ENISA has launched the European Vulnerability Database (EUVD), aimed at enhancing cybersecurity across the EU by providing comprehensive information on vulnerabilities in ICT products and services as mandated by the NIS2 Directive. The database offers actionable insights on cybersecurity vulnerabilities, including mitigation measures, and is accessible to the public, industry stakeholders, and national authorities. It supports better analysis, situational awareness, and risk management while collaborating with various organizations to ensure effective vulnerability disclosure practices.

https://www.enisa.europa.eu/news/consult-the-european-vulnerability-database-to-enhance-your-digital-security

Cybersecurity Futures 2025: What the Scenarios Got Right, and What We Learned

By CIO / Blog / cybersecurity, trends

In 2025, a review of cybersecurity futures scenarios from 2018 revealed correct predictions of rapid technological growth, especially in AI and quantum computing, as key geopolitical assets. However, the impact of global talent movement, ransomware evolution, and some hybrid models of government-corporate integration were underestimated. Notable misses included the influence of the pandemic on digital security resilience and vulnerabilities in supply chains as attack vectors. Looking forward, tensions exist between digital sovereignty and interoperability, transparency in AI, and the balance between human judgment and automation.

https://www.weforum.org/stories/2025/05/cybersecurity-futures-2025-what-we-learned/

The Industry Needs a New Approach to Protecting Legacy Critical Infrastructure

By CIO / Blog / cybersecurity

Legacy critical infrastructure, particularly on outdated Linux systems, faces increasing vulnerabilities. Enterprises struggle between costly upgrades or operating with known risks, creating compliance vs. security challenges. New tools offer vulnerability patching without full system upgrades, prompting a need to rethink the balance between operational stability and security. Legacy systems shouldn't be synonymous with inevitable security risks; innovative solutions are essential for protecting vital services.

https://www.scworld.com/perspective/the-industry-needs-a-new-approach-to-protecting-legacy-critical-infrastructure

Kaspersky Ransomware Report for 2024

By CIO / Blog / cybersecurity, ransomware

Kaspersky's 2024 ransomware report reveals an 18% decrease in detections but an increased focus on targeted attacks. Ransomware-as-a-Service (RaaS) remains prevalent. Average ransom payments rose despite overall payments dropping by 35%. The report highlights a shift towards data exfiltration strategies alongside encryption. Major groups faced disruptions, yet new actors emerged, utilizing AI tools and custom toolkits. The report warns of evolving threats including Bring Your Own Vulnerable Driver (BYOVD) attacks. Recommendations stress proactive defense, incident response planning, and education against phishing to combat the changing ransomware landscape.

https://securelist.com/state-of-ransomware-in-2025/116475/

If You Work in Cyber, You Are the Problem, Says CISO

By CIO / Blog / cybersecurity

CISO Greg van der Gaast asserts that cyber security professionals, obsessed with technology, are part of the problem. He argues they need to prioritize business protection over tech fixation, emphasizing that a focus on underlying issues rather than just risk management is crucial. Effective security requires a company-wide approach, not just reliance on tools or risk mitigation strategies.

https://www.computing.co.uk/event/2025/if-you-work-in-cyber-you-are-the-problem-says-ciso