AI as an Insider Threat: Expanded Risks with Expanded Usage
Next-generation AI models may pose a “high” cybersecurity risk, including the potential to generate sophisticated exploits or assist intrusion operations, according to a warning from OpenAI. This highlights that AI is no longer just a defensive tool; it is a strategic attack surface that organizations must actively govern. Adding to that, 60% of organizations are highly concerned about employee misuse of AI […]
Breached Attack Simulations: The Next Step in Cyber Defense
In today’s threat landscape, cyberattacks are no longer a matter of if — but when. Traditional security testing methods, like vulnerability scans and penetration tests, are essential, but they often represent only a snapshot in time. Organizations need a more realistic way to evaluate their defenses, and simulating a user account compromise is the most […]
Beating the Clock Without Losing Credibility: A CISO’s Guide to Year-End Security Decisions
With only a short window remaining in the year, many CISOs are under direct pressure to deploy remaining security budget before it is lost in the next fiscal cycle. That pressure often comes with increased executive scrutiny, where year-end spend is later evaluated through a straightforward question: what value did this investment deliver, and why […]
Journey to the Cloud
Last week, I had the privilege of speaking on a webinar with F5 about the complexities of securing internally created Large Language Models (LLMs) for organizations. This wasn’t about protecting end-users from asking ChatGPT how to make apple pie, it was about helping organizations safeguard their internal models from disclosing sensitive information. I was prepared […]
Is the Cloud Migration Mindset Snafu Reoccurring with Untethered AI Adoption?
Organizations once rushed to the cloud in search of transformation, innovation, reduced cost of ownership, and a competitive advantage. In that haste, they overlooked a hard truth: threat actors thrive in environments filled with misconfigurations and weak security practices. Many enterprises quickly embraced cloud capabilities, but they failed to bring cybersecurity along with them. Most […]
Governance of AI and Other Emerging Technologies: Balancing Innovation and Responsibility
Artificial Intelligence (AI) and other emerging technologies, such as blockchain, IoT, quantum computing, and biotechnology, are not just reshaping industries and societies but also offering a beacon of hope. These innovations bring immense potential to solve complex problems, drive efficiency, and enhance the quality of life. However, they also raise critical questions about ethics, privacy, […]
The Evolution of Cyber Risks in M&A, Rebalancing Approaches and Countermeasures in a Growing Threat Landscape
53% of surveyed organizations report they have encountered a critical cybersecurity issue or incident during an M&A that put the deal into jeopardy, according to ForeScout (“The Role of Cybersecurity in M&A Diligence“). As such, visibility into key risks and determining actionable priorities are critical components of the Mergers and Acquisitions (M&A) lifecycle. Although the […]
Holiday Phishing Scams: How to Stay Cyber-Safe This Festive Season
The holiday season is upon us, which is usually a time for giving, connecting, and celebrating — but unfortunately, it’s also prime time for cybercriminals. Every year, phishing attacks spike during the holidays – starting with Black Friday and Cyber Monday – taking advantage of busy shoppers, generous donors, and distracted employees. Whether you’re clicking […]
AI: Protecting end users from themselves.
Every once in a while there is a product or technology that comes out that is a complete game changer not only for organizations, but society as a whole. The advent of AI is not new, but the adoption of large language models has exploded over the past seven years, giving everyday people the ability […]
Families at Risk: Digital Threats to C-Suite Executives Don’t Stop at the Boardroom
Strategy and Transformation Practice 72% of U.S. Senior Executives were targeted by cyberattacks between February 2023 and August 2024, according to a 2024 report by GetApp. While the success and impact of these attacks vary, one thing is clear: businesses are becoming harder targets. Through stronger employee awareness, governance, and tooling, attackers are being forced […]