Tag: information security
57 articles

Staffing Shortages Plague Security Operations Centers
The 2026 SANS SOC Survey reveals a disconnect: while 79% of respondents use AI or machine learning tools, only 36% have integrated them into a defined workflow, highlighting a key challenge in Security Operations Centers. Practitioners cite staffing shortages as their top operational challenge, but leaders seem less concerned.

OWASP Unveils Framework to Gauge Agentic AI Security Maturity
As organizations rapidly deploy AI agents, governance often lags behind - but a new framework from OWASP aims to change that. The Enterprise Adoption Maturity Model provides a practical roadmap for gauging and improving agentic AI security maturity.

AI Transforms SOCs, But Human Analysts Remain Vital
AI is revolutionizing Security Operations Centers, but not by replacing human analysts - instead, it's freeing them from tedious tasks to focus on high-stakes decision-making. By automating routine work, AI is augmenting human capabilities, not replacing them.

NIST's Vulnerability Database Plagued by Duplication, Inefficiency
The National Vulnerability Database is facing a massive backlog crisis, with unprocessed security flaws doubling from 13,000 in June 2024 to over 27,000 by the end of 2025, and officials admit they lack a long-term plan to tackle the problem. Despite promising to clear the backlog by September 2024, the database continues to struggle with inefficiencies and a lapsed contract.

Cybersecurity Pros Prefer CISOs With Live Attack Response Experience
When it comes to cybersecurity leadership, professionals trust those who have been battle-tested, with 75% believing that experience in live attack response boosts a leader's credibility. Hands-on experience navigating high-pressure incidents gives leaders a unique perspective, composure, and trustworthiness.

Infosecurity Europe Spotlights Cyber Startups
Get ready to witness the future of cybersecurity as five innovative startups take the stage at Infosecurity Europe 2026 to pitch their game-changing ideas and compete for a coveted prize package. The event will also feature a dedicated Cyber Startups Zone, where you can discover the latest solutions and meet the minds behind them.

Global Agencies Unveil AI Supply Chain Risk Guidance with SBOMs
Global agencies have joined forces to release groundbreaking guidance on AI supply chain risk, outlining minimum elements for Software Bill of Materials (SBOMs) to enhance security and transparency. This crucial step forward aims to tackle the complex challenges of measuring and defining AI risks across organizations.

CISA Taps AI Automation to Bolster Threat Analysis Capabilities
With AI automation, CISA analysts can quickly sift through threats, cutting through the noise to focus on what matters most. This tech boost has supercharged their Security Operations Unit, enabling rapid, real-time assessments that help prevent threats from unfolding.

CISOs Confront Growing Skills Gap in Cybersecurity Teams
A growing concern for CISOs is the widening skills gap in their cybersecurity teams, with 60% citing a lack of skilled staff as a bigger challenge than filling vacant positions. The right people with the right skills are proving harder to find than more bodies to fill open roles.

NCSC Warns of Flawed SOC Metrics
The National Cyber Security Centre is warning that common security operations center metrics are fundamentally flawed, and that the only metric that truly matters is whether attacks are detected and responded to in a timely manner. By focusing on easily quantifiable but misleading metrics, organizations may inadvertently be encouraging their teams to prioritize speed over substance.

Cybersecurity Salaries Stagnate Amid Rising Threats and Workloads
Despite the rising demand for cybersecurity experts, a shocking 71% of infosec pros worldwide - and 77% in the UK - have seen their salaries stagnate over the past year, leaving them lagging behind their peers in other tech fields.

Education Sector Grapples with 63% Surge in Cyber-Attacks
The education sector is facing a daunting reality: a 63% surge in cyber-attacks is putting institutions at risk, threatening the very openness and collaboration that define higher education. Can schools and universities keep pace with the growing threat?

NIST Scales Back Vulnerability Ratings Amid Surge in Submissions
The National Institute of Standards and Technology is overhauling its vulnerability rating system, scaling back severity scores for lower-priority flaws as submissions surge. This change means some software flaws will no longer get a severity score, shifting focus to the most critical vulnerabilities.

Anthropic's Claude Mythos Preview Bolsters Cybersecurity Leaders
Anthropic's Claude Mythos Preview is giving select cybersecurity giants a powerful edge, and we're exploring what this exclusive rollout means for the industry. By granting early access to this cutting-edge AI model, Project Glasswing is poised to reshape the cybersecurity landscape.

Vendor Breaches Spotlight Healthcare's Cyber Vulnerability
Recent vendor breaches have exposed healthcare's alarming cyber vulnerability, raising critical questions about who bears the cost - and the consequences - when a vendor's systems fail. As the threat landscape evolves, one thing is clear: the healthcare industry must rethink its approach to cybersecurity and vendor risk management.

Risk Management Takes Critical Turn with NIST SP 800-39 Insights
In today's high-risk digital landscape, effective risk management is no longer a choice - it's a necessity for protecting your organization's information systems and sensitive data. By adopting a comprehensive risk management approach, you can ensure the confidentiality, integrity, and availability of your data and stay ahead of evolving cyber threats.

Critical Breach Exposes 8M Crime Tips
A shocking data breach has exposed 8 million crime tips, putting sensitive information in the wrong hands and raising serious concerns about public safety and trust. This critical breach highlights the urgent need for secure platforms that protect confidential tips from falling into the wrong hands.

Massive Data Breach Exposes 3.7M Sears Home Services Records
A massive data breach has just exposed 3.7 million Sears Home Services records, leaving millions of people vulnerable to potential identity theft and misuse of their personal information. This alarming incident serves as a harsh reminder to stay vigilant about protecting our digital lives.

public Wi‑Fi Must-Have Security: Best Practices
Free public Wi‑Fi brings huge civic benefits—but every hotspot is also a potential entry point for attackers, so CISOs must balance easy access with strong defenses. Prioritize segmentation, modern authentication, vendor controls, and clear public onboarding so communities stay connected without exposing municipal systems or citizen data.

cyber incident: Explosive FEMA Cover-Up Risk
Leaked emails and logs now cast doubt on FEMA’s insistence that last month’s sweeping security firings weren’t cyber-related, raising urgent questions about hidden breaches, operational risk, and public trust. As investigators sift the evidence, people deserve clear, timely answers about whether critical disaster systems or personal data were exposed.

cybersecurity executive order: Must-Have Best Guide
The June 6, 2025 cybersecurity executive order sets a clear — and urgent — blueprint for federal CISOs to accelerate zero‑trust, strengthen software supply chains, and tighten incident reporting while juggling legacy systems, budgets and mission continuity. Tune into our podcast briefing for practical steps, expert perspectives, and real-world playbooks to turn the EO from mandate into measurable security.

ransomware groups Stunning Pause: Risky Relief Explained
At least 15 notorious ransomware groups have announced they’re going dark, offering a welcome — if uneasy — reprieve. Experts warn it could be a ruse or a regrouping, so use the lull to patch systems, harden identity controls, and test backups.

attacker surveillance: Exclusive Risky Ethics Debate
Huntress’s cheeky description of an attacker “on a silver platter” has split infosec — praised by some as a rare, practical learning moment and criticized by others for risking privacy, investigative integrity, and even giving attackers tips. The debate highlights a bigger question: how can defenders share real-world lessons widely without creating new vulnerabilities or harming victims?

cybersecurity legislation: Must-Have Rules, Risky Tradeoffs
A new CIISec poll shows most security professionals want tougher, clearer cybersecurity laws—urging policymakers to create practical, enforceable rules that boost defenses without stifling innovation. If lawmakers listen and invest in enforcement and workforce skills, stronger regulation could deliver real protection for businesses and citizens.