cybersecurity – Page 2

SolarWinds Security Chief on the Risks and Rewards of Being a CISO

Tim Brown, SolarWinds' CISO, discusses his experience during the 2020 Sunburst cyberattack by Russia. He emphasizes the importance of transparency and communication with stakeholders during crises, recounting how this approach helped maintain customer trust. Brown also reflects on the support from the CISO community during legal challenges with the SEC, advocating for proactive communication and preparation regarding cybersecurity liability. He warns about ongoing threats from Russia and rising concerns about China's capabilities. Brown remains optimistic about the future of cybersecurity, citing the industry's evolution and adaptability.

https://therecord.media/solarwinds-security-chief-tim-brown-interview

78% of CISOs See AI Attacks Already

By CIO / Blog / cybersecurity, AI

78% of CISOs report encountering AI-driven attacks, as cybersecurity evolves with AI tools. Darktrace's survey reveals 74% view AI as a current threat, with rising sophistication in phishing and malware. While there’s a personnel shortage in cybersecurity, 95% believe AI can enhance defense efficiency. However, only 42% fully understand their AI cybersecurity tools, highlighting a need for clarity and effective integration in defenses against emerging threats.

https://www.theregister.com/2025/05/16/cisos-report-ai-attacks/

Compliance Now Biggest Cyber Challenge for UK Financial Services

By CIO / Blog / regulation, cybersecurity

Compliance is the top cyber challenge for UK financial services, as cited by 44% of surveyed firms. Key issues include data protection, remote work support, and cloud security. The EU's DORA regulation, effective January 2025, highlights the need for robust cyber resilience. Supply chain attacks take the longest to respond to (16 hours), with significant concerns about threats from nation-states. A third of firms are using AI in cybersecurity, viewing AI-powered phishing as a major threat (89%).

https://www.infosecurity-magazine.com/news/compliance-cyber-challenge-uk/

Why Cybersecurity Shouldn’t Be a Checkbox Exercise

By CIO / Blog / PCI DSS, cybersecurity

Cybersecurity must go beyond mere compliance with regulations like PCI DSS as it does not equate to true security. Many small and medium-sized businesses mistakenly believe compliance provides safety, yet attackers specifically target them. Compliance often leads to a false sense of security, deprioritizing essential threat detection and response. Businesses need a risk-based strategy that identifies and addresses actual vulnerabilities, aligns with operational priorities, and uses dynamic, real-time threat detection. Ultimately, resilience against cyber threats should be the primary focus, moving beyond basic compliance to ensure ongoing business protection.

https://www.fastcompany.com/91331498/why-cybersecurity-shouldnt-be-a-checkbox-exercise

This Cybersecurity Expert Is Popularizing Cyber Hygiene

By CIO / Blog / cybersecurity

Cybersecurity expert Confidence Staveley aims to mainstream cyber hygiene and tackle sector inequalities. Founder of CyberSafe Foundation, she promotes women’s participation in cybersecurity and educates marginalized communities through programs like DigiGirls and CyberGirls, alongside initiatives targeting children and seniors. Staveley highlights the vulnerability of small businesses and advocates for government support in cybersecurity education. She emphasizes the importance of understanding psychological factors in cyberattacks, suggesting a holistic approach to education and awareness.

https://www.weforum.org/stories/2025/05/make-cybersecurity-accessible-equitable/

72% of Cyber Leaders Say Cybersecurity Risks Are Rising

By CIO / Blog / cybersecurity, trends

72% of cyber leaders report rising cybersecurity risks; concerns include AI misuse, ransomware, and geopolitical tensions influencing security strategies. Nations are adapting their cybersecurity approaches, emphasizing tailored solutions, public-private partnerships, and workforce development. Key challenges include protecting SMEs, addressing talent shortages, and navigating regulatory complexities. Effective cybersecurity strategies must evolve rapidly to combat sophisticated threats, while governments should provide clear incentives to foster robust security practices in the private sector.

https://www.weforum.org/stories/2025/05/cybersecurity-cyber-risk-national-policy/

ENISA Launches EU Vulnerability Database to Strengthen Cybersecurity Under NIS2 Directive, Boost Cyber Resilience

By CIO / Blog / cybersecurity, EU, NIS2

ENISA has launched the EU Vulnerability Database under the NIS2 Directive to enhance cybersecurity and resilience across the EU. The database provides centralized, reliable information on cybersecurity vulnerabilities, offering insights for risk management and mitigation. It integrates data from various sources to improve situational awareness and transparency, helping organizations better protect against cyber threats. ENISA aims to refine the database throughout 2025, incorporating user feedback and evolving cybersecurity needs while emphasizing the significance of coordinated vulnerability disclosure in strengthening the EU's cyber defenses.

https://industrialcyber.co/vulnerabilities/enisa-launches-eu-vulnerability-database-to-strengthen-cybersecurity-under-nis2-directive-boost-cyber-resilience/

Consult the European Vulnerability Database to Enhance Your Digital Security!

By CIO / Blog / NIS2, EU, cybersecurity

ENISA has launched the European Vulnerability Database (EUVD), aimed at enhancing cybersecurity across the EU by providing comprehensive information on vulnerabilities in ICT products and services as mandated by the NIS2 Directive. The database offers actionable insights on cybersecurity vulnerabilities, including mitigation measures, and is accessible to the public, industry stakeholders, and national authorities. It supports better analysis, situational awareness, and risk management while collaborating with various organizations to ensure effective vulnerability disclosure practices.

https://www.enisa.europa.eu/news/consult-the-european-vulnerability-database-to-enhance-your-digital-security

Cybersecurity Futures 2025: What the Scenarios Got Right, and What We Learned

By CIO / Blog / cybersecurity, trends

In 2025, a review of cybersecurity futures scenarios from 2018 revealed correct predictions of rapid technological growth, especially in AI and quantum computing, as key geopolitical assets. However, the impact of global talent movement, ransomware evolution, and some hybrid models of government-corporate integration were underestimated. Notable misses included the influence of the pandemic on digital security resilience and vulnerabilities in supply chains as attack vectors. Looking forward, tensions exist between digital sovereignty and interoperability, transparency in AI, and the balance between human judgment and automation.

https://www.weforum.org/stories/2025/05/cybersecurity-futures-2025-what-we-learned/

The Industry Needs a New Approach to Protecting Legacy Critical Infrastructure

By CIO / Blog / cybersecurity

Legacy critical infrastructure, particularly on outdated Linux systems, faces increasing vulnerabilities. Enterprises struggle between costly upgrades or operating with known risks, creating compliance vs. security challenges. New tools offer vulnerability patching without full system upgrades, prompting a need to rethink the balance between operational stability and security. Legacy systems shouldn't be synonymous with inevitable security risks; innovative solutions are essential for protecting vital services.

https://www.scworld.com/perspective/the-industry-needs-a-new-approach-to-protecting-legacy-critical-infrastructure