risk management

How CISOs Can Survive the Era of Geopolitical Cyberattacks

By / Blog / ,

Geopolitical cyberattacks, particularly destructive Iranian wiper campaigns, are increasingly targeting critical infrastructure and organizations to cause operational chaos rather than financial gain. These attacks rely on stolen credentials and legitimate administrative tools to move laterally within networks, making containment and strict internal access controls essential for CISOs to limit damage and ensure organizational resilience.

https://www.bleepingcomputer.com/news/security/how-cisos-can-survive-the-era-of-geopolitical-cyberattacks/

We Asked Experts About the Most Responsible Ways to Use AI Tools – Here’s What They Said

By / Blog / , ,

Three years after ChatGPT's release, AI use divides people into those who refuse it and those who use it daily. Experts advise using AI as a brainstorming partner, research assistant, and organizer while maintaining personal judgment, cautioning against overreliance and emphasizing the need to verify AI-generated information with credible sources.

https://www.theguardian.com/lifeandstyle/ng-interactive/2026/mar/18/how-to-use-ai-tools-expert-guide

Cisa Urges Endpoint Management System Hardening After Cyberattack Against US Organization

By / Blog / , , ,

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert following a cyberattack on U.S.-based medical technology firm Stryker Corporation targeting their Microsoft environment. CISA urges organizations to harden endpoint management system configurations by implementing Microsoft’s best practices for securing Microsoft Intune, including least privilege administrative roles, phishing-resistant multi-factor authentication, and multi-admin approval policies, to protect against similar malicious activities.

https://www.cisa.gov/news-events/alerts/2026/03/18/cisa-urges-endpoint-management-system-hardening-after-cyberattack-against-us-organization

Shadow AI Has Already Moved Into Your Organization

By / Blog / , , ,

The article explains that “shadow AI” is already widespread in organizations, as employees use public or unapproved AI tools to speed up work without going through IT or security review. Because these tools can be accessed instantly in a browser, blocking them is often ineffective, resulting in lost visibility into how company data is used. The article concludes that organizations must shift from trying to prohibit AI use to creating governance frameworks, approved tools, and clear policies that enable productivity while maintaining security and compliance. 

https://www.forbes.com/sites/tonybradley/2026/03/19/shadow-ai-has-already-moved-into-your-organization/

Companies Say the Risks of ‘Open’ Artificial Intelligence Models Are Worth It

By / Blog / ,

The article reports that many companies are adopting open or partially open AI models despite security and governance concerns, because they offer lower cost, greater customization, and more control than proprietary systems. Firms say smaller, adaptable models are often better suited for business-specific tasks, and most organizations use a mix of open and closed models depending on the use case. The article concludes that while open models introduce risks such as supply-chain vulnerabilities and potential backdoors, companies believe the flexibility and performance benefits make those risks manageable.

https://www.wsj.com/cio-journal/companies-say-the-risks-of-open-artificial-intelligence-models-are-worth-it-0d3ee664

Security and Generative AI Are Learning to Get Along

By / Blog / , ,

IT professionals are navigating the challenge of integrating generative AI into cybersecurity without compromising safety, as the technology’s reliance on large volumes of raw data can expand threat surfaces. Experts emphasize the need for strong security architecture and domain expertise to ensure AI tools are both effective and secure, a priority underscored by the recent White House cyber strategy calling for AI-enabled cyber defense and innovation stewardship.

https://www.itbrew.com/stories/2026/03/12/security-and-generative-ai-are-learning-to-get-along

AI Is Everywhere, But CISOs Are Still Securing It With Yesterday’s Skills and Tools, Study Finds

By / Blog / ,

A 2026 study by Pentera reveals that most Chief Information Security Officers (CISOs) are struggling to secure AI systems using outdated skills and legacy security tools, with 67% reporting limited visibility into AI usage within their organizations. The primary challenges are not budget-related but stem from a lack of specialized expertise and insufficient AI-tailored security controls, leading many to rely on traditional defenses unsuited for the complexities of AI infrastructure.

https://thehackernews.com/2026/03/ai-is-everywhere-but-cisos-are-still.html

Bank Built Its Own AI Threat Hunter Because Vendors Can’t

By / Blog / , ,

Australia’s Commonwealth Bank developed its own agentic AI threat hunting tools after finding that cybersecurity vendors could not keep pace with the rapidly increasing volume and sophistication of AI-powered threats, which saw their weekly threat signals surge from 80 million to 400 billion. The in-house AI system significantly reduced threat assessment time from two days to 30 minutes and helps frontline analysts focus on problem-solving rather than repetitive tasks, addressing both operational scale challenges and analyst mental health concerns.

https://www.theregister.com/2026/03/17/commonwealth_bank_ai_defense/

Beyond the Menu of Options: a Taxonomy for Information Security Strategies

By / Blog / ,

The article proposes a taxonomy for information security strategies, categorizing them into reactive defensive, proactive defensive, and offensive measures. Reactive defensive measures counter ongoing information influence, while proactive defensive measures build long-term resilience. Offensive measures involve a targeted state using information operations to counter malign influence.

https://smallwarsjournal.com/2026/03/16/beyond-the-menu-of-options-a-taxonomy-for-information-security-strategies/

When Geopolitics Goes Digital: How Wars Are Now Won Before the First Missile Is Fired

By / Blog / , ,

The article discusses how modern warfare now integrates offensive cyber operations as a primary phase before kinetic strikes, exemplified by recent US-led operations in Iran and ongoing conflicts in Ukraine. It highlights the escalating cyber threat to telecommunications and critical infrastructure, particularly from Iranian state and proxy actors, underscoring the urgent need for organizations, especially those with Middle East exposure, to enhance real-time threat intelligence, resilience, and defensive measures against rapid, sophisticated cyberattacks like the destructive Stryker company incident.

https://sosintel.co.uk/when-geopolitics-goes-digital-how-wars-are-now-won-before-the-first-missile-is-fired/

Scroll to Top