AI as an Insider Threat: Expanded Risks with Expanded Usage
Next-generation AI models may pose a “high” cybersecurity risk, including the potential to generate sophisticated exploits or assist intrusion operations, according to a warning from OpenAI. This highlights that AI is no longer just a defensive tool; it is a strategic attack surface that organizations must actively govern. Adding to that, 60% of organizations are highly concerned about employee misuse of AI […]
Breached Attack Simulations: The Next Step in Cyber Defense
In today’s threat landscape, cyberattacks are no longer a matter of if — but when. Traditional security testing methods, like vulnerability scans and penetration tests, are essential, but they often represent only a snapshot in time. Organizations need a more realistic way to evaluate their defenses, and simulating a user account compromise is the most […]
Beating the Clock Without Losing Credibility: A CISO’s Guide to Year-End Security Decisions
With only a short window remaining in the year, many CISOs are under direct pressure to deploy remaining security budget before it is lost in the next fiscal cycle. That pressure often comes with increased executive scrutiny, where year-end spend is later evaluated through a straightforward question: what value did this investment deliver, and why […]
The Evolution of Cyber Risks in M&A, Rebalancing Approaches and Countermeasures in a Growing Threat Landscape
53% of surveyed organizations report they have encountered a critical cybersecurity issue or incident during an M&A that put the deal into jeopardy, according to ForeScout (“The Role of Cybersecurity in M&A Diligence“). As such, visibility into key risks and determining actionable priorities are critical components of the Mergers and Acquisitions (M&A) lifecycle. Although the […]
Holiday Phishing Scams: How to Stay Cyber-Safe This Festive Season
The holiday season is upon us, which is usually a time for giving, connecting, and celebrating — but unfortunately, it’s also prime time for cybercriminals. Every year, phishing attacks spike during the holidays – starting with Black Friday and Cyber Monday – taking advantage of busy shoppers, generous donors, and distracted employees. Whether you’re clicking […]
AI: Protecting end users from themselves.
Every once in a while there is a product or technology that comes out that is a complete game changer not only for organizations, but society as a whole. The advent of AI is not new, but the adoption of large language models has exploded over the past seven years, giving everyday people the ability […]
NIST AI RMF vs ISO/IEC 42001
Bridging AI Governance and Risk Management As artificial intelligence becomes increasingly integral to business operations, regulators and standards bodies are establishing frameworks to promote trustworthy, transparent, and responsible AI. Three of the most influential are the NIST AI Risk Management Framework 100-1 (AI RMF 1.0), with companion resource 600-1 for Generative AI, and the ISO/IEC […]
Families at Risk: Digital Threats to C-Suite Executives Don’t Stop at the Boardroom
Strategy and Transformation Practice 72% of U.S. Senior Executives were targeted by cyberattacks between February 2023 and August 2024, according to a 2024 report by GetApp. While the success and impact of these attacks vary, one thing is clear: businesses are becoming harder targets. Through stronger employee awareness, governance, and tooling, attackers are being forced […]
Inside the 2025 PCI SSC North America Community Meeting: Insights, Myths, and Key Takeaways
This week, the payments security community gathered in Fort Worth, Texas, for the highly anticipated 2025 PCI SSC North America Community Meeting. Held from September 16–18, the event brought together Council staff, industry experts, and stakeholders from across North America to discuss the latest in payment card security, technical updates, and collaborative opportunities. Setting the […]
Incident Response Planning Can’t Wait – Your Best Defense is Preparedness
In the modern cyber threat landscape, incidents are not hypothetical; they are inevitable. The question is not if your organization will experience a security incident, but when and how prepared you will be to respond. The IBM Cost of a Data Breach Report 2025 reinforces this reality. While the global average cost of a breach […]