cybersecurity – Page 27

Block All AI Browsers for the Foreseeable Future: Gartner

By CIO / Blog / AI, cybersecurity, browser

Gartner recommends organizations ban AI-powered web browsers due to significant security and privacy risks. These browsers have features like AI sidebars and the ability to act autonomously on behalf of users. Still, they risk leaking sensitive data to cloud services and are vulnerable to attacks and mistakes. Even with possible mitigations—such as stricter privacy settings, backend security evaluation, and user education—Gartner believes the risks outweigh the benefits, so most organizations should block AI browsers for the foreseeable future.

https://www.theregister.com/2025/12/08/gartner_recommends_ai_browser_ban/

Splunk CISO on the Promise and Risks of Agentic AI

By CIO / Blog / AI, cybersecurity, AI agent

Splunk's CISO, Michael Fanning, discusses agentic AI's dual nature in security. While it enhances efficiency by automating tasks, it also introduces new complexities and risks. Key shifts include moving to proactive security, ensuring AI aligns with secure principles, and improving communication between technical and executive teams. Balancing innovation with safety, particularly in a rapidly evolving threat landscape, remains a significant challenge for CISOs.

https://www.frontier-enterprise.com/splunk-ciso-on-the-promise-and-risks-of-agentic-ai/

The State of the 2025 Cyber Workforce: Skills Gaps, AI Opportunity and Economic Strain

By CIO / Blog / trends, cybersecurity, workforce

TLDR: The 2025 ISC2 Cybersecurity Workforce Study reveals staff and budget cuts heightening perceived security risks, while AI adoption reshapes skills needs and career opportunities. Key findings include economic pressures affecting hiring, heightened skills shortages raising cybersecurity risks, positive workforce sentiment towards AI, and the need for organizations to invest in personnel development to retain skilled workers amidst changing job markets.

https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-state-of-the-2025-cyber-workforce-skills-gaps-ai-opportunity-and-economic-strain

Rethinking the CIO-CISO Dynamic in the Age of AI

By CIO / Blog / AI, cybersecurity, CIO, CISO

Organizations are restructuring CIO and CISO roles in response to digital transformation, AI, and increasing regulations. CIOs are expected to rapidly implement AI while keeping IT goals aligned with business needs. CISOs face new risks and wider attack surfaces, especially from AI tools. Reporting structures can create conflicts, especially if CISOs report to CIOs, potentially reducing security’s influence. Some recommend CISOs report to CEOs or legal instead. Alternative C-suite roles, such as Chief AI Officer, are emerging, reshaping how CISOs fit within organizations. Smaller organizations may outsource security or combine roles. Overall, strong collaboration between CIOs and CISOs is critical as AI brings new, unpredictable risks.

https://www.govinfosecurity.com/rethinking-cio-ciso-dynamic-in-age-ai-a-30211

US, Allies Urge Critical Infrastructure Operators to Carefully Plan and Oversee AI Use

By CIO / Blog / cybersecurity, regulation, AI

US and allies issue guidance for critical infrastructure operators on safe AI integration, emphasizing risk assessment, governance, and operational safety protocols. They stress employee education, clear AI use procedures, continuous validation, and human oversight to mitigate AI risks in existing systems.

https://www.cybersecuritydive.com/news/ai-critical-infrastructure-government-guidance/807052/

NIS2 Directive Explained Part 3 Supply Chain Security

By CIO / Blog / NIS2, cybersecurity

NIS2 directive mandates in-scope organizations to enhance supply chain security, involving supplier contract renegotiations and due diligence due to cybersecurity risks. Key compliance steps include creating security policies, risk assessments, contractual flow-downs, and maintaining an up-to-date supplier register. While NIS2 primarily targets direct suppliers, it encourages consideration of their subcontractors. Challenges may arise in contract modifications with large suppliers, and the directive indirectly affects suppliers by increasing compliance expectations and assessments. Overall, NIS2 emphasizes the importance of cybersecurity in supply chains, with further guidance from the Implementing Regulation and ENISA.

https://www.dlapiper.com/en/insights/publications/2025/12/nis2-directive-explained-part-3-supply-chain-security

Phishing, Privileges and Passwords: Why Identity Is Critical to Improving Cybersecurity Posture

By CIO / Blog / password, authentication, phishing, cybersecurity

TLDR: Identity is crucial in cybersecurity; breaches at M&S and Co-op highlight vulnerabilities. Modern attacks exploit cloud and remote work. Protect identity through least privilege access, strong passwords, MFA, and active account management. Embrace Zero Trust and managed detection response for security.

https://www.welivesecurity.com/en/business-security/phishing-privileges-passwords-identity-cybersecurity-posture/

Death to One-time Text Codes: Passkeys Are the New Hotness

By CIO / Blog / password, authentication, cybersecurity

Passkeys revolutionize MFA, phasing out vulnerable one-time passwords. Passkeys replace passwords with cryptographic key pairs for stronger authentication, preventing phishing attacks. Major platforms like Apple and Google support them, demonstrating high adoption rates among organizations. Passkeys improve sign-in success rates and reduce helpdesk incidents, yet usability challenges persist, especially across different operating systems. Ultimately, they represent a significant advancement in secure online identity verification.

https://www.theregister.com/2025/12/06/multifactor_authentication_passkeys/

CISOs Should Be Asking These Quantum Questions Today

By CIO / Blog / cybersecurity, encryption

Quantum-inspired software is already being used in critical enterprise settings, often without security teams’ full awareness, because it integrates so smoothly with existing tools and workflows. Current cybersecurity frameworks and compliance processes fall short when dealing with quantum and post-quantum solutions, particularly as the risk of “harvest now, decrypt later” attacks grows—where encrypted data stolen today could be decrypted in the future using quantum computers. Organizations face three encryption approaches: maintaining current standards (with risk), adopting quantum-based encryption (still ultimately vulnerable), or implementing post-quantum cryptography (most robust). Industries such as defense and aerospace are early adopters, but mature quantum-specific security guidelines are lacking, leaving organizations with gaps until new playbooks are developed.

https://www.darkreading.com/cybersecurity-operations/cisos-should-be-asking-these-quantum-questions-today

CISA Publishes Security Guidance for Using AI in OT

By CIO / Blog / AI, cybersecurity, operational technology

Global cybersecurity agencies released new guidance on safely deploying AI in operational technology systems, citing the high risks involved. OT is essential for critical infrastructure, and integrating AI can introduce risks such as model drift, safety bypasses, and process instability. Agencies urge thorough education on AI risks, a careful assessment of when to use AI, strong data controls, and transparent governance. Recommendations also emphasize the importance of monitoring and fail-safe processes, including human oversight. Experts note that while AI may enhance efficiency, its use in OT should be limited and highly disciplined, especially with high-risk models like large language models.

https://www.darkreading.com/cybersecurity-operations/cisa-publishes-security-guidance-ai-ot