The National Security Agency (NSA) has launched a new resource webpage providing guidelines for implementing Zero Trust architecture. This initiative aims to assist organizations in enhancing their cybersecurity posture by adopting Zero Trust principles more effectively.
Bitwarden, a popular open-source password manager, has undergone leadership changes with longtime CEO Michael Crandell moving to an advisory role and CFO Stephen Morrison departing, replaced by executives with private equity and software backgrounds. Concurrently, the company quietly removed the phrase “Always free” from its website’s pricing page, although the free plan remains available; Bitwarden’s chief customer officer stated the company remains committed to offering a robust free plan.
Deepfake technology is increasingly impacting the modern workplace by enabling sophisticated impersonation attacks that exploit trust in familiar voices and faces, leading to significant security risks such as fraudulent payment approvals and misinformation. Organizations must adapt by implementing stricter verification processes, expanding incident response plans to address synthetic media threats, and applying zero-trust principles to communication channels to safeguard against these evolving digital manipulations.
A recent EY survey reveals that organizations are increasing budgets for physical security, with nearly 80% allocating more funds, sometimes up to 50%, amid rising board oversight. However, many place responsibility for physical security with Chief Information Security Officers (CISOs), blending physical and cybersecurity, which can lead to under-resourcing physical protection; EY recommends centralizing security functions, clarifying accountability, and expanding security preparedness through integrated threat intelligence and realistic crisis simulations.
The article argues against blaming employees as the weakest link in cyber security and advocates for a human-centred approach that focuses on educating people as a key defense. Cyber security expert Caitriona Forde emphasizes shifting training from corporate obligation to teaching essential life skills that protect individuals and their families, thereby fostering a culture of empowerment rather than shame. With evolving AI threats, businesses must adopt practical measures like explaining risks, encouraging cautious behavior, sharing experiences openly, verifying requests, and governing AI use to build resilience and reduce incidents.
The Cybersecurity and Infrastructure Security Agency (CISA) outlines the minimum elements for a Software Bill of Materials (SBOM) specific to AI systems to enhance transparency and security. These elements include detailed information about the components, versions, and relationships within AI software to help identify vulnerabilities and manage risks effectively. This approach aims to improve trust and security in AI technologies by providing comprehensive visibility into their software components.
https://www.cisa.gov/resources-tools/resources/software-bill-materials-ai-minimum-elements
Enterprises are adopting AI Bills of Materials (AI-BOMs) to manage the complexity of Shadow AI, including tracking AI models, datasets, prompts, agents, identities, and cloud infrastructure, beyond traditional software components. Companies like Cisco, Wiz, and Palo Alto Networks are developing tools to create detailed, machine-readable inventories of AI assets to improve security, governance, model provenance, and compliance with emerging regulations such as the EU AI Act.
https://techinformed.com/shadow-ai-now-needs-a-bill-of-materials/
CISOs are increasingly decoupling security log data from their SIEMs by implementing separate data lakes and pipelines, often using cloud storage, to gain greater control over data schema, retention, and analytics while reducing costs and vendor lock-in. Although this approach offers flexibility and improved data management, it also requires significant investment in designing, building, and operating secure and scalable infrastructure without disrupting existing security processes.
Third-party risk management (TPRM) is the process of identifying, assessing, and mitigating risks associated with external third parties. TPRM programs are driven by regulatory requirements, cybersecurity risk, competitive advantages, and internal efficiency. The TPRM lifecycle includes sourcing and selection, intake and onboarding, inherent risk scoring, internal controls assessment, external risk monitoring, SLA and performance management, and offboarding and termination.
https://www.jdsupra.com/legalnews/the-ultimate-guide-to-managing-third-5033967/
A new World Economic Forum report reveals that artificial intelligence (AI) is the key driver transforming cybersecurity, with 94% of cyber leaders recognizing its defining role and 77% of organizations already employing AI in their cyber operations. The report highlights that strategic AI deployment enhances vulnerability detection, accelerates response times, and reduces breach costs, providing organizations a competitive edge in the escalating race against AI-empowered cyber threats.
