cybersecurity – Page 5

Block the Prompt, Not the Work: The End of “Doctor No”

By CIO / Blog / risk management, AI, cybersecurity

The article discusses how traditional enterprise security approaches, often characterized by rigid blocking of tools and websites (“Doctor No”), are now a liability because they push users to find invisible workarounds that bypass controls, creating blind spots and risks. It advocates for a shift toward session-level governance that secures data at the browser session and prompt level with agentless, real-time controls, enabling secure productivity rather than impeding it.

https://thehackernews.com/2026/04/block-prompt-not-work-end-of-doctor-no.html

Google Drive Ransomware Detection Now on by Default for Paying Users

By CIO / Blog / cybersecurity, ransomware, tools, google

Google has announced that its AI-powered ransomware detection feature for Google Drive is now generally available and enabled by default for all paying users with business, enterprise, education, and frontline licenses. The feature pauses file syncing upon detecting ransomware, alerts users and admins, and provides detailed file restoration instructions, significantly reducing ransomware impact on stored documents.

https://www.bleepingcomputer.com/news/security/google-drive-ransomware-detection-now-on-by-default-for-paying-users/

Longtime CISO (and Former Police Officer): ‘AI Can Help Protect Our Organizations’

By CIO / Blog / AI, cybersecurity

Emily Heath, a longtime chief information security officer (CISO) and former police officer, highlights how AI is transforming cybersecurity by offering powerful new tools to protect organizations amid rapidly evolving threats. She emphasizes that today’s CISOs must integrate business understanding with technical expertise to manage cyber risks consciously, and she sees the AI era as a groundbreaking shift that enables stronger defense capabilities and collaborative innovation in the field.

https://deloitte.wsj.com/cio/longtime-ciso-and-former-police-officer-ai-can-help-protect-our-organizations-f5fc2dbe

Shadow AI Usage Statistics 2026: Latest Insights

By CIO / Blog / trends, AI, cybersecurity

Shadow AI—employees using unapproved AI tools at work—has become a widespread business risk, with over 80% of workers globally engaging in such use to boost productivity despite limited corporate governance. This unregulated adoption exposes organizations to significant security, compliance, and financial risks, including costly data breaches averaging $4.2 million, while many companies lack adequate policies or visibility to manage these challenges effectively.

https://sqmagazine.co.uk/shadow-ai-usage-statistics/

Shadow AI Solutions Need a Unified Security Approach

By CIO / Blog / risk management, AI, cybersecurity, threats

Shadow AI presents a significantly greater enterprise risk than the previous shadow IT challenges, as employees' unsanctioned use of generative AI tools leads to compliance, data leakage, and regulatory penalties risks. Fortinet's executive Russ Schafer highlights the need for unified security platforms incorporating agentic AI to reduce attack resolution times from hours to seconds, emphasizing governance, access management, and interconnected agent frameworks to maintain control and security in AI-driven environments.

https://siliconangle.com/2026/03/30/shadow-ai-needs-unified-security-approach-rsac26/

Teleport Report Finds Over-Privileged AI Systems Linked to Fourfold Rise in Security Incidents

By CIO / Blog / cybersecurity, threats, report, AI

A report by Teleport found that enterprises granting excessive access permissions to AI systems experience 4.5 times more security incidents than those restricting AI access, highlighting identity management's lag behind AI adoption. Based on interviews with 205 security leaders, the study shows that broad AI access correlates with higher incident rates, often due to static credentials and lack of automated governance controls, emphasizing the need for unified, machine-speed identity management to mitigate risks.

https://www.infoq.com/news/2026/03/teleport-ai-report/

Watch Your Words: Tim Brown’s Advice for CISOs

By CIO / Blog / cybersecurity, leadership, communication, threads

Tim Brown, former CISO of SolarWinds, shared insights at RSAC 2026 about the 2020 SolarWinds supply chain attack and his personal experience as the first CISO indicted in a civil lawsuit by the SEC for alleged fraud related to cybersecurity disclosures. Brown highlighted how excessive communication and misunderstood internal language during the ensuing SEC investigation led to legal challenges, emphasizing the critical need for clear communication policies and cautious internal messaging to prevent misinterpretation and legal risks in cybersecurity incident management.

https://www.techtarget.com/searchsecurity/feature/Watch-your-words-Tim-Browns-advice-for-CISOs

Why Cybersecurity’s Uncertainty Problem Is Getting Worse

By CIO / Blog / cryptography, AI, cybersecurity, threats

Cybersecurity faces increasing uncertainty, with leading cryptographers unable to agree on the greatest threats. Paul Kocher, a cryptography researcher, warns that AI will accelerate the discovery of vulnerabilities in protocols and implementations, posing a significant threat to cybersecurity.

https://www.govinfosecurity.com/cybersecuritys-uncertainty-problem-getting-worse-a-31232

From Cyber Risk to Business Risk: How CISOs Should Engage the Board in 2026

By CIO / Blog / cybersecurity, leadership

IDC's 2026 insights highlight that cyber risk has evolved into a critical business concern at the board level, requiring CISOs to translate technical cyber threats into measurable business impacts and align security strategies with regulatory and operational priorities. Amid rising regulatory pressures like NIS2 and the EU AI Act, CISOs are advised to adopt financial risk metrics, implement robust risk management frameworks, and engage regularly with boards through clear, business-focused communication to enhance organizational resilience and informed decision-making.

https://www.idc.com/resource-center/blog/from-cyber-risk-to-business-risk-how-cisos-should-engage-the-board-in-2026/

EUDR in Practice: How to Correctly Set Up Due Diligence in the Supply Chain

By CIO / Blog / risk management, EUDR, regulation, cybersecurity

The EU Deforestation Regulation (EUDR) establishes new due diligence requirements for companies dealing with certain commodities, mandating proof that products comply with EUDR and are deforestation-free before entering or leaving the EU market. Companies must collect detailed supply chain information, assess risks, implement mitigation measures if necessary, submit a Due Diligence Statement, maintain an internal due diligence system, and retain documentation for inspections.

https://www.grantthornton.cz/en/news/eudr-in-practice-how-to-correctly-set-up-due-diligence-in-the-supply-chain/