security controls

The Hidden Cybersecurity Cost Of ‘Just-In-Case’ Decisions

By / Blog / , , ,

Organizations often accept risks unknowingly through “just-in-case” decisions, granting data access and keeping permissions active to avoid disruption. These decisions, while seemingly responsible, accumulate over time and create a larger attack surface, increasing the risk of security incidents. To mitigate this, organizations should implement practices like removing dormant accounts, setting expiration dates for temporary access, and treating access reviews as risk assessments.

https://www.forbes.com/councils/forbestechcouncil/2026/02/04/the-hidden-cybersecurity-cost-of-just-in-case-decisions/

75% of Organisations Have Gaps in Core Security Controls, Research Finds

By / Blog / ,

75% of organizations lack core security controls, with insufficient MFA, endpoint detection, and policy management. This results in overlapping exposures and significant risk, as seen in recent research by Nagomi Security. Misconfigurations are rapidly increasing exposure, and vulnerabilities are not the only concern. While vulnerability management is strong, identity and endpoint controls lag, leaving many assets unprotected. Progress should focus on eliminating high-impact exposure conditions rather than siloed metrics.

https://www.itsecurityguru.org/2026/01/29/75-of-organisations-have-gaps-in-core-security-controls-research-finds/

Аgentic AI Security Measures Based on the OWASP ASI Top 10

By / Blog / , , ,

The OWASP Foundation released a playbook outlining the top 10 risks of deploying autonomous AI agents, including goal hijacking, tool misuse, and privilege abuse. These risks arise from the agents’ ability to make decisions and process data without human oversight. Mitigation strategies include enforcing least autonomy and privilege, using short-lived credentials, and requiring human confirmation for critical actions.

https://www.kaspersky.com/blog/top-agentic-ai-risks-2026/55184/

Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents

By / Blog / , , ,

AI agents boost productivity by automating tasks, but their rapid deployment complicates accountability, creating security risks. They bypass traditional access models, accumulating broad permissions without clear ownership. Three types of agents exist: personal (user-owned, low risk), third-party (vendor-owned, moderate risk), and organizational (shared, high risk). Organizations must rethink risk management, establish clear ownership, and map user-agent interactions to avoid authorization bypass problems. Unmanaged AI agents represent significant risks due to their autonomous nature and unclear responsibilities.

https://thehackernews.com/2026/01/who-approved-this-agent-rethinking.html

New Security Baseline Available for Microsoft 365 Apps for Enterprise

By / Blog / , ,

Microsoft enhances M365 Apps for Enterprise with new security baselines, improving defenses against cyber threats. Key updates include protections for Excel, PowerPoint, and system settings, blocking risky links, insecure protocols, and legacy automation features. Deployment can be done via Office cloud policies or Group Policy.

https://petri.com/microsoft-365-apps-enterprise-security-baseline/

Businesses in 2026: AI Security Oh Yeah Better Look at That

By / Blog / , , ,

Businesses are increasingly prioritizing AI security, with the number of organizations assessing AI tools for security risks almost doubling to 64% in a year. Many leaders view AI as a key driver of cybersecurity change, fearing data leaks and adversarial attacks. Geopolitical factors influence security strategies, especially in larger organizations. While most companies meet basic cyber resilience standards, significant concerns remain about ransomware and supply chain attacks.

https://www.theregister.com/2026/01/12/ai_security_wef_survey/

11 Runtime Attacks Driving CISOs to Deploy Inference Security Platforms in 2026

By / Blog / , , , , ,

AI-enabled attacks are exploiting runtime weaknesses in AI systems, bypassing traditional security controls. Attackers are using techniques like prompt injection, camouflage attacks, and model extraction to gain unauthorized access and exfiltrate data. CISOs must prioritize deploying defenses such as automated patch deployment, normalization layers, and stateful context tracking to mitigate these risks.

https://venturebeat.com/security/ciso-inference-security-platforms-11-runtime-attacks-2026

Scroll to Top