risk management

A New Era of Agents, a New Era of Posture

By / Blog / , ,

Microsoft discusses the rise of AI agents and their associated security challenges, highlighting the complexity of securing them due to their autonomy and interconnected nature. AI agents can introduce risks such as data exposure and prompt injection vulnerabilities. Microsoft Defender offers tools for visibility, risk prioritization, and hardening AI agents across multi-cloud environments to mitigate potential attacks. The focus is on building a secure AI ecosystem without stifling innovation.

https://www.microsoft.com/en-us/security/blog/2026/01/21/new-era-of-agents-new-era-of-posture/

Will the Next Data Breach Cost You Your Freedom, Not Just Your Bonus?

By / Blog / , ,

TLDR: Data breach consequences now include personal liability for executives, shifting focus from corporate fines to potential jail time. Recent SEC actions against company CISOs highlight the importance of proper risk documentation and transparency. Effective governance requires active risk management and clear communication between legal, IT, and compliance teams to prevent negligence claims.

https://programminginsider.com/will-the-next-data-breach-cost-you-your-freedom-not-just-your-bonus/

When Checklists Aren’t Enough: Moving Beyond Compliance Theater

By / Blog / , ,

CISO Series emphasizes shifting from compliance to risk-based cybersecurity by focusing on what truly matters for an organization's mission. Insights from a panel of security leaders highlight that effective risk management revolves around decision-making, cultural shifts, meaningful tradeoffs, and clarity in communication. They advise starting small with specific initiatives like budget decisions while recommending that organizations gauge the effectiveness of compliance frameworks and adapt as necessary to enhance decision-making. The transition is seen as an ongoing process rather than a final destination.

https://cisoseries.com/when-checklists-arent-enough-moving-beyond-compliance-theater/

Cybersecurity, the First Institutional Failure of a Hyperconnected Era

By / Blog / , ,

Cybersecurity has become a critical institutional failure in the hyperconnected era, as organizations struggle to manage complex cyber risks. The assumption that cybersecurity can be delegated has led to systemic failures and significant financial consequences, with the global cost of cybercrime projected to reach $12.2 trillion annually by 2031. Institutions must transition towards understanding cybersecurity not just as risk mitigation but as essential for preserving digital civilization, emphasizing transparency, accountability, and resilience.

https://www.diplomaticourier.com/posts/cybersecurity-first-institutional-failure-hyperconnected-era

Bridging Cybersecurity and AI

By / Blog / , ,

AI and machine learning models introduce new vulnerabilities, such as poisoning and evasion attacks, that traditional cybersecurity frameworks like the CVE Program are not equipped to address. The White House AI Action Plan proposes creating an AI Information Sharing and Analysis Center (AI-ISAC) to bridge the gap between existing cybersecurity infrastructure and AI security needs. Integrating AI vulnerability standards into established frameworks, such as the CVE Program, is crucial to ensuring the security of AI systems.

https://www.paloaltonetworks.com/blog/2026/01/bridging-cybersecurity-and-ai/

Managing Risk Has Been a Priority Ever Since You Asked About It

By / Blog /

The CISO Series Podcast, recorded live at FAIRCON25 in NYC, discusses the challenges of starting risk management from scratch and the need to modernize GRC systems. The conversation highlights the importance of focusing on risk rather than just compliance, and the potential pitfalls of relying solely on AI-powered tools for risk quantification. The discussion also touches on the accountability of AI agents and the need for clear ownership and governance when they make mistakes.

https://cisoseries.com/managing-risk-has-been-a-priority-ever-since-you-asked-about-it/

CISOs’ Top 10 Cybersecurity Priorities for 2026

By / Blog / , , ,

CISOs' 2026 cybersecurity priorities focus on AI threats, data protection, resiliency, third-party risk, and geopolitical risks. Core tasks include securing AI deployments, enhancing threat intelligence, and managing identity access due to the rise of AI. CISOs aim to address shadow AI risks, improve third-party management, and ensure resilience across operations. Global events heighten attention on geopolitical risks impacting cybersecurity strategies.

https://www.csoonline.com/article/4114020/cisos-top-10-cybersecurity-priorities-for-2026.html

Businesses in 2026: AI Security Oh Yeah Better Look at That

By / Blog / , , ,

Businesses are increasingly prioritizing AI security, with the number of organizations assessing AI tools for security risks almost doubling to 64% in a year. Many leaders view AI as a key driver of cybersecurity change, fearing data leaks and adversarial attacks. Geopolitical factors influence security strategies, especially in larger organizations. While most companies meet basic cyber resilience standards, significant concerns remain about ransomware and supply chain attacks.

https://www.theregister.com/2026/01/12/ai_security_wef_survey/

11 Runtime Attacks Driving CISOs to Deploy Inference Security Platforms in 2026

By / Blog / , , , , ,

AI-enabled attacks are exploiting runtime weaknesses in AI systems, bypassing traditional security controls. Attackers are using techniques like prompt injection, camouflage attacks, and model extraction to gain unauthorized access and exfiltrate data. CISOs must prioritize deploying defenses such as automated patch deployment, normalization layers, and stateful context tracking to mitigate these risks.

https://venturebeat.com/security/ciso-inference-security-platforms-11-runtime-attacks-2026

From Reactive Compliance to Proactive Command: How ITAM Enables Regulatory Compliance

By / Blog / , , ,

The regulatory environment is becoming increasingly complex, with frameworks like NIS2, DORA, CRA, and the EU AI Act introducing stringent cybersecurity and data privacy requirements. IT Asset Management (ITAM) plays a crucial role in enabling regulatory compliance by providing visibility and control over IT assets. ITAM helps organizations meet these requirements by offering a comprehensive view of assets, facilitating security reviews, managing vulnerabilities, and accelerating incident response.

https://www.deloitte.com/uk/en/Industries/technology/blogs/how-itam-enables-regulatory-compliance.html

Scroll to Top