Application Security Testing (AST)
AST: Evaluates software security via scans, detects vulnerabilities, integrates into SDLC, includes SAST, DAST, IAST. Enhances protection, ensures compliance, reduces risks.
cybersecurity
From Copilot to Agent
CISOs must prepare for the rise of agentic AI, marking a significant evolution from previous AI models. While security copilots enhanced workflows, agentic AI introduces autonomy, enabling complex tasks and real-time threat responses. It poses both opportunities—like improving SOC efficiency and automating help desk operations—and challenges, including governance and trust issues. Although promising, widespread adoption of agentic AI is cautious, with many security leaders highlighting that it currently struggles to outperform traditional solutions. The technology's potential remains significant as it develops.
EU NIS2 Implementation: Mind the Growing Compliance Gap
EU Member States faced a compliance gap in implementing NIS2, with only 11 states having passed legislation by the October 2024 deadline. New laws surfaced in Finland and Malta, while Denmark plans to introduce legislation by April, effective July 2025. Early adopters like Belgium and Hungary are ahead in compliance, leaving multinational organizations to navigate varied progress across jurisdictions.
No AI Agents Are Allowed.’ EU Bans Use of AI Assistants in Virtual Meetings
EU bans AI assistants in online meetings due to security concerns. The rule was made during a recent European Commission presentation, marking the first official ban on AI agents, which automate tasks during virtual conferences. Potential risks arise from AI agents' unpredictable behavior and user awareness issues, leading to heightened caution in their deployment among tech companies.
https://www.techrepublic.com/article/news-eu-bans-ai-assistants-virtual-meetings/
UK Cybersecurity Reform Planned Changes in the Cyber Security and Resilience Bill
UK Cybersecurity Reform: Upcoming Cyber Security and Resilience Bill updates UK’s NIS Regulations 2018 to enhance cybersecurity in line with EU NIS2 Directive. Key changes include expanding NIS scope to include Managed Service Providers, establishing Designated Critical Suppliers, and incorporating data centres. Enhanced obligations will cover supply chain responsibilities, technical requirements, and stricter incident reporting timelines. The Government will gain greater enforcement powers, including directive authority over entities and regulators, alongside new fee structures for NIS registration. The Bill aims for improved cybersecurity readiness and alignment with international standards, with publication expected in 2025.
16 Ways CISOs Can Lead the Charge on Ethical, Compliant AI Usage
CISOs play a vital role in guiding ethical and compliant AI use through governance, transparency, and collaboration across departments. Key strategies include setting clear governance standards, embedding security and ethics in AI development, owning oversight, promoting innovation, enforcing policies, designing trust, and educating staff on responsible AI usage.
https://www.fastcompany.com/91315938/16-ways-cisos-can-lead-the-charge-on-ethical-compliant-ai-usage
C-suite Disconnect on Cybersecurity Threatens Business Value and Resilience, EY Study Finds
C-suite disconnects on cybersecurity endanger organizations' resilience and value, with cybersecurity leaders (CISOs) more aware of threats than other executives. A recent EY study reveals significant gaps in perception regarding threat sources and the effectiveness of security measures, underscoring the need for a unified cybersecurity strategy. While current cybersecurity investment levels are rising, there's a call for elevated CISO roles and strategic alignment of investments to foster a culture of cybersecurity awareness within organizations.
Cybersecurity World On Edge As CVE Program Prepares To Go Dark
CVE program's future is uncertain as MITRE's DHS funding expires April 16, 2025, risking global cybersecurity standards and coordination. Without renewal, new vulnerabilities won't be tracked, jeopardizing response efforts and disrupting security protocols, potentially leading to a national security risk. Urgent calls for stable funding and a governance model highlight the critical nature of the CVE system in managing cybersecurity threats.
NIST Updates Privacy Framework, Tying It to Recent Cybersecurity Guidelines
NIST has drafted a new version of its Privacy Framework to align better with its updated Cybersecurity Framework, improving usability and addressing stakeholder feedback. Changes include targeted revisions, insights on AI privacy risks, and relocation of usage guidelines online. Public comments are accepted until June 13, 2025, before a final version is released later this year.
Ransomware Reaches a Record High, But Payouts Are Dwindling
Ransomware attacks hit a record high in early 2025, with reported incidents up 81% from the previous year, but payouts are decreasing, down 35% annually. This suggests victims are resisting payments or negotiating lower sums. Criminal organizations face challenges, including reduced affiliate loyalty and increased law enforcement efforts. Despite these issues, ransomware remains a significant threat, urging businesses to enhance protective measures.
https://www.tripwire.com/state-of-security/ransomware-reaches-record-high-payouts-are-dwindling