cybersecurity – Page 41

Navigating NIS2: What Organisations Need to Know as EU Implementation Unfolds

TLDR: As EU Member States implement NIS2, organizations must adapt to varying compliance obligations. Only 14 countries have completed transposition by the October 2024 deadline. NIS2 enhances cybersecurity across sectors, but national differences add complexity. Key compliance requirements include registration, appointing EU representatives, managing risks, reporting incidents, and audits. Non-compliance can lead to significant fines. Organizations should evaluate their operations relative to NIS2, track jurisdictional differences, and strengthen cybersecurity measures.

https://www.goodwinlaw.com/en/insights/publications/2025/10/insights-practices-dpc-navigating-nis2-what-organisations-need-to-know

LIVE From Gartner: The CIO’s 2026 Cybersecurity Playbook

By CIO / Blog / CIO, cybersecurity

CIOs must align cybersecurity with business, emphasizing shared governance and outcome-driven metrics. The distinction between CIO and CISO roles highlights potential conflicts in reporting structures. CIOs should frame cyber risk as a business decision using Protection Level Agreements to guide investments. Effective governance and risk management are crucial for resilience, with metrics designed to connect cybersecurity outcomes to business performance. The CIO's role evolves into a strategic translator for aligning cybersecurity initiatives with organizational goals.

https://nationalcioreview.com/articles-insights/live-from-gartner-the-cios-2026-cybersecurity-playbook/

Why Companies Need a Chief Trust Officer Today

By CIO / Blog / CISO, cybersecurity, regulation

CTrO Essential: Centralizes trust across security, IT, and governance. Establishes accountability, reduces friction in deals, and addresses regulatory scrutiny. With increasing AI adoption, CTrOs ensure standards and policies align with accountability measures, enhancing innovation while safeguarding against risks. Trust must be observable and manageable for effective organizational response and stakeholder confidence.

https://www.scworld.com/perspective/why-companies-need-a-chief-trust-officer-today

Cleaning Up Cybersecurity Messes

By CIO / Blog / CISO, cybersecurity

CISO Series article reports on a Reddit AMA where five experienced cybersecurity professionals shared their lessons from cleaning up security incidents. Their advice covers:

Automation and Effectiveness: Security automation works best when linked to measurable business outcomes, not just efficiency gains.
ROI and Risk Modeling: Demonstrate security value with risk-based financial models that translate avoided incidents into cost savings.
Incident Response Priorities: Use structured frameworks and prioritize understanding the attack vector; human errors can be the toughest messes.
Team Dynamics: Empathy and tough decisions are both needed to manage resistance and align staff with security goals.
Vendor Approach: Hybrid solutions—platforms for integration, best-of-breed tools for specialized needs—are recommended.

https://cisoseries.com/cleaning-up-cybersecurity-messes/

NIS2 – One Year on: What’s Missing, What’s at Stake, and What’s Next?

By CIO / Blog / cybersecurity, NIS2

One year after the NIS2 Directive’s transposition deadline, many EU countries have lagged on implementation, but firms cannot afford to wait for local laws. NIS2 applies to essential organizations in critical sectors, often based on size, regardless of where the companies are based or whether their activities are internal. Core obligations include entity registration, risk-based cybersecurity, detailed incident reporting, and strict supply chain controls, with boards personally accountable for compliance. Enforcement tools range from significant fines to bans on managers, and implementation challenges are heightened for multinationals because compliance is assessed per entity, not as a group. Organizations should proactively develop compliance strategies specific to each jurisdiction, as waiting could fail to meet obligations.

https://connectontech.bakermckenzie.com/nis2-one-year-on-whats-missing-whats-at-stake-and-whats-next/

BT: Why Human Firewalls Are Critical in AI Cybersecurity

By CIO / Blog / AI, cybersecurity, training

BT Security’s Tris Morgan emphasizes the importance of human firewalls in AI cybersecurity, arguing that employee training is crucial against sophisticated AI-driven attacks. He believes that investing in a cyber-aware culture transforms employees into an active defense against threats. Despite advanced technology, many breaches result from human error, with attackers exploiting trust and behavior. Effective training should be ongoing, engaging, and relevant, using simulations and real-world scenarios to foster awareness. For SMEs, cost-effective strategies include realistic training and clear security policies to cultivate vigilance. Continual adaptation to evolving threats is essential for strong cybersecurity defenses.

https://aimagazine.com/news/bt-security-the-importance-of-humans-in-ai-powered-attacks

The End of Cybersecurity

By CIO / Blog / AI, cybersecurity

Cybersecurity failures in the U.S. stem from software quality issues, not just cyber threats. As attackers exploit system vulnerabilities, the focus should be on improving software security rather than relying on the cybersecurity industry. AI presents a solution, enabling the creation of safer code and fixing existing flaws. To leverage AI effectively, incentives must be realigned, and a standardized approach to software security must be established. Without systemic changes, security will remain an afterthought in software design, leaving critical infrastructure at risk.

https://www.foreignaffairs.com/united-states/end-cybersecurity

Introducing MAESTRO: a Framework for Securing Generative and Agentic AI

By CIO / Blog / AI, cybersecurity

CSOonline introduces MAESTRO, a framework for securing generative and agentic AI in banking, addressing rapid AI advancements and systemic risks not covered by traditional security models. It distinguishes seven AI risk layers—Foundation Models, Data Operations, Agent Frameworks, Deployment & Infrastructure, Evaluation & Observability, Security & Compliance, and Agent Ecosystems—and recommends minimum controls for each to enhance security and resilience against emerging threats.

https://www.csoonline.com/article/4072341/introducing-maestro-a-framework-for-securing-generative-and-agentic-ai.html

CISOs Must Rethink the Tabletop, as 57% of Incidents Have Never Been Rehearsed

By CIO / Blog / cybersecurity, training

CSOonline introduces a hybrid search to enhance content exploration. Key features include security spotlights, newsletters, resources, and buyer's guides, along with extensive topics on cybersecurity and IT management. An article emphasizes that 57% of cyber incidents are unexpected, prompting CISOs to rethink tabletop exercises to focus on realistic, smaller attacks rather than rehearsing for known threats.

https://www.csoonline.com/article/4071102/cisos-must-rethink-the-tabletop-as-57-of-incidents-have-never-been-rehearsed.html

How to Mitigate Supply Chain Attacks

By CIO / Blog / cybersecurity

TLDR: Supply chain attacks exploit trusted vendors, causing major cybersecurity threats like breaches in companies such as SolarWinds and MOVEit. Traditional risk management with checklists is outdated, leaving organizations vulnerable to fast-evolving attacks. Intelligence-led monitoring provides real-time visibility, early warning signals, and proactive defense, enhancing security against emerging threats. Best practices include continuous monitoring, integrating external intelligence, and fostering cross-team collaboration to build resilience against supply chain risks. Recorded Future offers tools to shift from reactive to proactive vendor risk management.

https://www.recordedfuture.com/blog/supply-chain-attacks