Accountability, CISO and Risk - Cyber Security Informer

Author’s Q&A: It’s high time for CISOs to start leading strategically — or risk being scapegoated

The Last Watchdog

MAY 13, 2025

Related: How real people are really using GenAI Todays Chief Information Security Officers (CISOs) operate in a pressure cooker: responsible for protecting critical assets, expected to show up in the boardroom with fluency, yet rarely granted the authority, resources or organizational alignment to succeed. Its not a people problem.

CISO

CISO Risk Cybersecurity Government

The C-Suite Power Shift: Why CIOs, CTOs, and CISOs Must Realign to Survive

Jane Frankland

JUNE 8, 2025

Today, the Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) are rising in prominence—fuelled by the accelerating demands of AI innovation, cybersecurity, and digital transformation. The result is a power struggle—one that’s stalling decision-making and splintering accountability at a time when unity is critical.

CISO

CISO Digital transformation Technology Risk

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Gen AI threats and quantum computing exposures must be accounted for. Businesses must adopt tools and automation capable of invoking immediate action, even at the risk of false positives. Raising security baselines across industries is essential, with risk mitigationnot acceptancebecoming the standard. The hard part?

Cyber threats

Cyber threats CISO IoT Phishing

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Unisys, for instance, was found to have framed cyber risks hypothetically even though its systems had already been breached, exfiltrating gigabytes of data. But the SEC’s latest actions underscore that failing to inform stakeholders about material risks and breaches is not an option. Addressing this root cause must be a priority.

CISO

CISO CSO Risk Cyber threats

RSAC Fireside Chat: Human and machine identity risks are converging — and they’re finally visible

The Last Watchdog

MAY 30, 2025

Non-human service accounts have quietly become one of the biggest liabilities in enterprise security. Yet despite their scale, service accounts remain largely invisible to traditional IAM and PAM systems. Yet despite their scale, service accounts remain largely invisible to traditional IAM and PAM systems.

Risk

Risk Cyber Insurance Accountability Insurance

From Pest Control to Cybersecurity: What CISOs Can Learn from Pestie

SecureWorld News

JANUARY 21, 2025

As I was spraying Pestiea DIY pest spray subscription servicearound my home this weekend (sun's out, spray gun's out), I was thinking about the correlation of this home perimeter defense to what CISOs and their teams do to keep their organizations secure. CISO takeaway: Effective cybersecurity isn't a generic solution. Context matters.

CISO

CISO Cybersecurity Cyber threats Education

SHARED INTEL Q&A: When every IoT Device and AI assistant has an identity — who’s in control?

The Last Watchdog

JUNE 2, 2025

Related: Top 10 Microsoft Copilot risks At the same time, traditional identity and access management (IAM) tools are buckling under the pressure of cloud sprawl, decentralized architectures, and constant change. LW: GenAI tools like Copilot are transforming workflows but also introducing new access-related risks. The result?

IoT

IoT CISO Government Accountability

Cybersecurity Insights with Contrast CISO David Lindner | 11/1/24

Security Boulevard

NOVEMBER 1, 2024

Companies must proactively review their processes, strengthen security measures and embrace a new era of accountability for the software they create. This simple step can significantly reduce your risk of a security breach. This highlights a critical need to shift the organizational mindset from blame to shared responsibility.

CISO

CISO Cybersecurity Data breaches Software

RSAC Fireside Chat: Operationalizing diverse security to assure customers, partners–and insurers

The Last Watchdog

JUNE 11, 2025

Related: Getting the most from cyber insurance At RSAC 2025, I met with ESET Chief Security Evangelist Tony Anscombe to trace a quiet but growing convergence: endpoint defense, cyber insurance, and monoculture risk are no longer separate concerns. This isn’t just about checkboxes — it’s about accountability. And what of AI?

Insurance

Insurance Cyber Insurance Antivirus CISO

The Dangers of AI Acceleration: Why a Deregulatory Stance Threatens Humanity

Jane Frankland

MAY 30, 2025

Everyone’s talking about AI aren’t they, and when I gave a keynote on Artificial Intelligence and cybersecurity recently, I relayed how the rise of AI has brought us to a pivotal moment in historya moment brimming with both extraordinary opportunity and unparalleled risk. AI amplifies these risks exponentially.

Artificial Intelligence

Artificial Intelligence Risk Government Technology

The Biggest Cybersecurity Risk We're Ignoring—And No, It's Not AI

SecureWorld News

FEBRUARY 28, 2025

But amidst all these flashy, futuristic threats, the biggest cybersecurity risk remains the same as it's always beenhumans. What if we thought like a psychologist, not just a CISO? The cybersecurity industry has spent billions on technical defenses, yet human errors still account for 80-90% of breaches. The solution?

Cybersecurity

Cybersecurity Risk Social Engineering Phishing

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

The Last Watchdog

DECEMBER 18, 2024

This shift is expected to place significant pressure on organizations that haven’t yet developed trusted data to manage risk effectively. To mitigate risks, businesses will invest in modern, privacy-enhancing technologies (PETs), such as trusted execution environments (TEEs) and fully homomorphic encryption (FHE).

Cybersecurity

Cybersecurity CISO Risk Government

From Compliance to Confidence: How AI Is Reshaping Third-Party Risk

SecureWorld News

MAY 13, 2025

As geopolitical instability, supply chain disruption, and cyber threats continue to escalate, third-party risk management (TPRM) is evolving from a compliance function to a strategic business imperative. According to the EY survey , 87% of organizations have experienced a third-party risk incident in the past three years.

Risk

Risk Cyber Risk Artificial Intelligence Technology

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

Shashanka Dr. Madhu Shashanka , Chief Data Scientist, Concentric AI Generative AI in 2025 will bring transformative opportunities but heightened cybersecurity risks, including data exposure, AI misuse, and novel threats like prompt injection attacks. FIPS-203 enables legal PQC deployment, prompting CISOs to overhaul encryption strategies.

Risk

Risk Threat Detection Technology Phishing

Should the CISO Report to the CIO?

Cisco Security

JULY 1, 2021

The Chief Information Security Officer (CISO) is the organization’s senior executive in charge of the cybersecurity and the information technology risk management posture of the enterprise. federal government in particular, the CISO reports to the Chief Information Officer (CIO). In many organizations, and in the U.S.

CISO

CISO Technology Risk Government

IT asset disposal is a security risk CISOs need to take seriously

CSO Magazine

JUNE 21, 2021

Asset disposal normally isn’t one of those burning topics that is top-of-mind for CISOs, yet every CISO must be able to address it when asked to describe their information technology asset disposal (ITAD) program. Sign up for CSO newsletters. ]. Sign up for CSO newsletters. ].

CISO

CISO Risk CSO Technology

Cybersecurity Governance: The Road Ahead in an Era of Constant Evolution

SecureWorld News

FEBRUARY 17, 2025

We have moved beyond traditional compliance-driven security models to risk-based approaches, integrating cybersecurity into enterprise risk management (ERM) frameworks. This led to a reactive approach where organizations were more focused on regulatory adherence than on actual security risk management.

Government

Government Cybersecurity Risk CISO

Meta Scores $168M Legal Victory Over NSO Group for Spyware Abuse

SecureWorld News

MAY 13, 2025

company has successfully held a commercial spyware vendor accountable in a court of law, Reuters reports. Third- party software risks extend beyond the supply chain to nation- state surveillance contractors. Privacy and compliance teams must account for the geopolitical risks associated with surveillanceware vendors.

Spyware

Spyware Surveillance CISO Government

Secrets to building a healthy CISO-vendor partnership

CSO Magazine

MAY 3, 2022

Effective partnerships between CISOs and their cybersecurity vendors are integral to security success. Conversely, one that is problematic and incohesive can have the opposite effect, negatively impacting a company’s security practices and leaving them vulnerable to risks and wasted investment.

CISO

CISO CSO Accountability Cybersecurity

99% of Organizations Expose Sensitive Data to AI Tools, Report Shows

SecureWorld News

MAY 23, 2025

According to the State of Data Security Report: Quantifying AI's Impact on Data Risk , 99% of organizations analyzed had sensitive data exposed to AI tools due to misconfigurations, permissive access controls, and a lack of visibility across cloud environments. What's next for CISOs? AI is not inherently the enemy," said Carignan. "

Artificial Intelligence

Artificial Intelligence CISO Mobile Risk

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Tim Mackey, Head of Software Supply Chain Risk Strategy at Black Duck, explains: "Attacks on legacy cyber-physical, IoT, and IIoT devicesparticularly in an OT environmentare to be expected and must be planned for as part of the operational requirements for the device. Regularly audit and remove unused credentials and accounts.

Ransomware

Ransomware IoT Encryption Social Engineering

Navigating the SEC’s Cybersecurity Disclosure Rules: One Year On

Security Boulevard

DECEMBER 30, 2024

In this post, we look at the enforcement actions the SEC has taken and what public company CISOs should do to stay in compliance. As part of their fiduciary duties, boards play a key role in the oversight of risks from cybersecurity threats. This pushed C-level executives and boards to adopt measures for compliance and transparency.

Cybersecurity

Cybersecurity Cyber Risk CISO Risk

CISOs and Senior Leadership at Odds Over Security

Security Boulevard

JUNE 4, 2024

Only half of cybersecurity leaders feel their C-suite understands cybersecurity risks, a Trend Micro survey found. Four in five have been told to downplay a potential risk’s severity. The post CISOs and Senior Leadership at Odds Over Security appeared first on Security Boulevard.

CISO

CISO Risk Cybersecurity Accountability

The Risk-Conscious, Security-Aware Culture: The Forgotten Critical Security Control

Cisco Security

JULY 12, 2021

Chief Information Security Officers (CISOs) across the Global 2000 and Fortune 1000 are obsessed with protecting the workforce endpoints as critical vulnerabilities in the cybersecurity and risk management posture of their enterprises. Should a risk-conscious, security-aware culture be considered a critical security control?

Security Awareness

Security Awareness Risk CISO Cybersecurity

Healthcare Cybersecurity Market Soars: Key Trends and Insights

SecureWorld News

MAY 2, 2025

This surge is driven by a convergence of factorsfrom a spike in ransom ware attacks to the digital transformation of healthcarethat CISOs and healthcare executives must understand and act upon. Breaches can disrupt care delivery and put lives at risk, not to mention lead to hefty compliance fines.

Healthcare

Healthcare Marketing Cybersecurity CISO

Operation Heart Blocker: International Police Disrupt Phishing Network

SecureWorld News

FEBRUARY 3, 2025

BEC attacks: a growing financial and security risk BEC remains one of the most financially devastating cyber threats, with losses worldwide reaching into the billions. Organizations should enforce least privilege access and enable multi-factor authentication (MFA) on all accounts that have it available.

Phishing

Phishing Cybercrime Scams Authentication

SEC Fines Four Companies $7M for Misleading Cybersecurity Disclosures

SecureWorld News

OCTOBER 23, 2024

The SEC charged the companies with "materially misleading disclosures regarding cybersecurity risks and intrusions." which received the largest fine of $4 million, inaccurately described its cybersecurity risks as hypothetical in its SEC filings despite being aware of two significant breaches related to SolarWinds. Unisys Corp.,

Cybersecurity

Cybersecurity Risk Hacking Software

GUEST ESSAY: Why the arrests of cyber criminals in 2021 will incentize attackers in 2022

The Last Watchdog

DECEMBER 16, 2021

After all, a malicious actor only needs a few minutes of time with a privileged account to take over the entire directory, and there are volumes of exploitable identity risks at every organization. The ascendency of CISOs. And there will never be Zero Trust because the identity is exploitable.

CISO

CISO Ransomware Risk Authentication

Today’s CISO Insights – How to Tackle the Quantum Threat

CyberSecurity Insiders

MAY 3, 2023

This is why CISOs everywhere should be concerned. CISOs should begin to familiarize themselves with these and evaluate their potential suitability for adoption. Once that ecosystem is understood and its supporting cryptology has been identified, CISOs should develop a plan that considers quantum-resistant technology.

CISO

CISO Identity Theft Encryption Social Engineering

Federal Judge Dismisses Most of SEC Claims Against SolarWinds, CISO

SecureWorld News

JULY 30, 2024

and its Chief CISO, Timothy G. The SEC accused SolarWinds of failing to adequately disclose cybersecurity risks and vulnerabilities, which allegedly misled investors about the company's security posture and internal controls. It emphasizes the importance of clear, accurate, and comprehensive risk factor disclosures.

CISO

CISO Risk Cybersecurity Accountability

GUEST ESSAY: Why CISOs absolutely must take authentication secrets much more seriously

The Last Watchdog

MARCH 1, 2023

The linked white paper explains the three stages of this process: •Assessing secrets leakage risks •Establishing modern secrets management workflows •Creating a roadmap to improvement in fragile area This model emphasizes that secrets management is more than just how an organization stores and shares secrets.

Authentication

Authentication CISO Software Passwords

Introducing our new CISO Advisor, Pam Lindemeon

Cisco Security

AUGUST 3, 2021

I’m delighted to announce the latest member of our growing CISO Advisor team, Pam Lindemeon. Pam is an exceptional leader; dedicated to advancing women in the IT industry, and I’m so glad she’s now joined Cisco to work closely with our community of CISOs and offer advice and guidance based on her incredible experience. Pam Lindemeon.

CISO

CISO Technology Information Security Cybersecurity

From Compliance to Resilience: Cyber Governance as the Cornerstone of CISO Strategy

SecureWorld News

MAY 2, 2024

The role of a Chief Information Security Officer (CISO) is undeniably complex, yet incredibly rewarding. However, the challenges faced by CISOs are mounting, exacerbated by the evolving threat landscape and regulatory environment. The recent release of NIST's Cybersecurity Framework version 2.0

CISO

CISO Government CSO Artificial Intelligence

Verizon's 2025 DBIR: Threats Are Faster, Smarter, and More Personal

SecureWorld News

APRIL 23, 2025

Phishing accounted for nearly 25% of all breaches. Manufacturing: IP theft and ransomware are top risks; OT/ICS systems still lag in basic controls. The 2025 DBIR is a call to arms for CISOs and security leaders to rethink how they detect, respond to, and recover from breaches. And it's not slowing down." Nicole Carignan , Sr.

Ransomware

Ransomware CISO Backups Risk

LinkedIn Adds Verified Emails, Profile Creation Dates

Krebs on Security

NOVEMBER 4, 2022

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. For example, on October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc.

Scams

Scams Artificial Intelligence Cryptocurrency Accountability

How CISOs Can Impact Security for All

Cisco Security

APRIL 26, 2021

Insights from our new Advisory CISO, Helen Patton. If there’s anyone who’s been put through their paces in the security industry, it’s Helen Patton , our new Advisory Chief Information Security Officer (CISO). Helen has come to Cisco from The Ohio State University, where she served as CISO for approximately eight years.

CISO

CISO Education Technology Media

Best Practices Q&A: The importance of articulating how cybersecurity can be a business enabler

The Last Watchdog

APRIL 1, 2024

Forrester’s report lays out a roadmap for CIOs, CISOs and privacy directors to drive this transformation – by weaving informed privacy and security practices into every facet of their business; this runs the gamut from physical and information assets to customer experiences and investment strategies. LW: Cultural change is acutely difficult.

Cybersecurity

Cybersecurity CISO B2B Risk

Why CISOs Are Joining 'The Great Resignation'

SecureWorld News

DECEMBER 8, 2022

We hear it all the time: there are not enough people to fill all the cybersecurity roles (including CISOs) that are currently available, not to mention the openings expected in the coming months and years. Being a CISO sometimes serves as the catalyst to finding a new career path.". People want: Work-life balance.

CISO

CISO Cyber Risk Cybersecurity Accountability

Is fighting cybercrime a losing battle for today’s CISO?

CyberSecurity Insiders

JANUARY 12, 2022

In this blog, we’ll look at the root causes of concern for today's CISO and share some practical strategies to deter cybercriminals. The CISO role can be an unenviable one. Is the cyber deck stacked against today's CISO? If you own the risks, who owns the elimination? What about risk management?

CISO

CISO Cybercrime Risk Healthcare

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

SecureWorld News

DECEMBER 12, 2024

James Scobey, CISO at Keeper Security, stated, "The reported downtime of online ordering demonstrates how even temporary interruptions can have a significant impact on revenue and brand reputation." To mitigate such risks, organizations must adopt proactive measures.

Password Management

Password Management Passwords CISO Cybersecurity

Healthcare Now Third-Most Targeted Industry for Ransomware

SecureWorld News

NOVEMBER 14, 2024

Significant Financial and Operational Costs: Healthcare providers, faced with potential HIPAA fines and the risk of service interruptions, may feel pressured to pay ransom demands. This stolen data is often exposed on both the clear and dark web, heightening risks of identity theft and further perpetuating cybercrime. Louis, Missouri.

Healthcare

Healthcare Ransomware Identity Theft Data breaches

GUEST ESSAY: 5 steps all SMBs should take to minimize IAM exposures in the current enviroment

The Last Watchdog

FEBRUARY 14, 2022

Which topics should CEOs, CIOs and CISOs have on their radar when it comes to Identity and Access Management ( IAM ) and cyber security risks in 2022? recurring re-confirmations of initially assigned rights and roles in all connected systems by the employees’ manager – to reduce the risk of abuse and accidents.

CISO

CISO Social Engineering Authentication Risk

NEW TECH: CyberGRX seeks to streamline morass of third-party cyber risk assessments

The Last Watchdog

MARCH 14, 2019

The firings came as a result of a massive data breach which routed through an HVAC contractor’s compromised account. So they began inundating their third-party suppliers with “bespoke assessments” – customized cyber risk audits that were time consuming and redundant. For a full drill down, please listen to the accompanying podcast.

Cyber Risk

Cyber Risk Risk Digital transformation Accountability

Wells Notice Against SolarWinds CISO Could Be First of Its Kind

SecureWorld News

JUNE 26, 2023

In a LinkedIn post today, June 26th, Jamil Farshchi, EVP and CISO at Equifax, had this to say about the news: "This is a really big deal. It's unprecedented: this is likely the first time a CISO has ever received one of these. So it seems odd for a CISO to get one of these," he wrote. federal securities laws."

CISO

CISO CSO Data privacy Cyber Risk

Author’s Q&A: It’s high time for CISOs to start leading strategically — or risk being scapegoated

The C-Suite Power Shift: Why CIOs, CTOs, and CISOs Must Realign to Survive

Trending Sources

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

RSAC Fireside Chat: Human and machine identity risks are converging — and they’re finally visible

From Pest Control to Cybersecurity: What CISOs Can Learn from Pestie

SHARED INTEL Q&A: When every IoT Device and AI assistant has an identity — who’s in control?

Cybersecurity Insights with Contrast CISO David Lindner | 11/1/24

RSAC Fireside Chat: Operationalizing diverse security to assure customers, partners–and insurers

The Dangers of AI Acceleration: Why a Deregulatory Stance Threatens Humanity

The Biggest Cybersecurity Risk We're Ignoring—And No, It's Not AI

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

From Compliance to Confidence: How AI Is Reshaping Third-Party Risk

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

Should the CISO Report to the CIO?

IT asset disposal is a security risk CISOs need to take seriously

Cybersecurity Governance: The Road Ahead in an Era of Constant Evolution

Meta Scores $168M Legal Victory Over NSO Group for Spyware Abuse

Secrets to building a healthy CISO-vendor partnership

99% of Organizations Expose Sensitive Data to AI Tools, Report Shows

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Navigating the SEC’s Cybersecurity Disclosure Rules: One Year On

CISOs and Senior Leadership at Odds Over Security

The Risk-Conscious, Security-Aware Culture: The Forgotten Critical Security Control

Healthcare Cybersecurity Market Soars: Key Trends and Insights

Operation Heart Blocker: International Police Disrupt Phishing Network

SEC Fines Four Companies $7M for Misleading Cybersecurity Disclosures

GUEST ESSAY: Why the arrests of cyber criminals in 2021 will incentize attackers in 2022

Today’s CISO Insights – How to Tackle the Quantum Threat

Federal Judge Dismisses Most of SEC Claims Against SolarWinds, CISO

GUEST ESSAY: Why CISOs absolutely must take authentication secrets much more seriously

Introducing our new CISO Advisor, Pam Lindemeon

From Compliance to Resilience: Cyber Governance as the Cornerstone of CISO Strategy

Verizon's 2025 DBIR: Threats Are Faster, Smarter, and More Personal

LinkedIn Adds Verified Emails, Profile Creation Dates

How CISOs Can Impact Security for All

Best Practices Q&A: The importance of articulating how cybersecurity can be a business enabler

Why CISOs Are Joining 'The Great Resignation'

Is fighting cybercrime a losing battle for today’s CISO?

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

Healthcare Now Third-Most Targeted Industry for Ransomware

GUEST ESSAY: 5 steps all SMBs should take to minimize IAM exposures in the current enviroment

NEW TECH: CyberGRX seeks to streamline morass of third-party cyber risk assessments

Wells Notice Against SolarWinds CISO Could Be First of Its Kind

Stay Connected