Skip to main content

Tag: information security

57 articles

Security operations center with some workstations unoccupied, showing signs of understaffing.

Staffing Shortages Plague Security Operations Centers

The 2026 SANS SOC Survey reveals a disconnect: while 79% of respondents use AI or machine learning tools, only 36% have integrated them into a defined workflow, highlighting a key challenge in Security Operations Centers. Practitioners cite staffing shortages as their top operational challenge, but leaders seem less concerned.

Analyst 207
Expert researcher examines device in modern office space with natural light.

OWASP Unveils Framework to Gauge Agentic AI Security Maturity

As organizations rapidly deploy AI agents, governance often lags behind - but a new framework from OWASP aims to change that. The Enterprise Adoption Maturity Model provides a practical roadmap for gauging and improving agentic AI security maturity.

Analyst 207
Security operations center interior with analysts at workstations, surrounded by computer monitors and keyboards, under…

AI Transforms SOCs, But Human Analysts Remain Vital

AI is revolutionizing Security Operations Centers, but not by replacing human analysts - instead, it's freeing them from tedious tasks to focus on high-stakes decision-making. By automating routine work, AI is augmenting human capabilities, not replacing them.

Analyst 207
Cluttered office with filing cabinets, stacks of paperwork, and computer terminals, symbolizing inefficiency and backlog.

NIST's Vulnerability Database Plagued by Duplication, Inefficiency

The National Vulnerability Database is facing a massive backlog crisis, with unprocessed security flaws doubling from 13,000 in June 2024 to over 27,000 by the end of 2025, and officials admit they lack a long-term plan to tackle the problem. Despite promising to clear the backlog by September 2024, the database continues to struggle with inefficiencies and a lapsed contract.

Analyst 207
Business professionals in a meeting with a cityscape background and a person reviewing data on a laptop.

Cybersecurity Pros Prefer CISOs With Live Attack Response Experience

When it comes to cybersecurity leadership, professionals trust those who have been battle-tested, with 75% believing that experience in live attack response boosts a leader's credibility. Hands-on experience navigating high-pressure incidents gives leaders a unique perspective, composure, and trustworthiness.

Analyst 207
Conference scene with stage and audience, people conversing with laptops.

Infosecurity Europe Spotlights Cyber Startups

Get ready to witness the future of cybersecurity as five innovative startups take the stage at Infosecurity Europe 2026 to pitch their game-changing ideas and compete for a coveted prize package. The event will also feature a dedicated Cyber Startups Zone, where you can discover the latest solutions and meet the minds behind them.

Analyst 207
Global agency representatives meet to discuss AI supply chain risks, surrounded by laptops and documents.

Global Agencies Unveil AI Supply Chain Risk Guidance with SBOMs

Global agencies have joined forces to release groundbreaking guidance on AI supply chain risk, outlining minimum elements for Software Bill of Materials (SBOMs) to enhance security and transparency. This crucial step forward aims to tackle the complex challenges of measuring and defining AI risks across organizations.

Analyst 207
Security analysts work in a brightly-lit operations center with screens displaying threat analysis data.

CISA Taps AI Automation to Bolster Threat Analysis Capabilities

With AI automation, CISA analysts can quickly sift through threats, cutting through the noise to focus on what matters most. This tech boost has supercharged their Security Operations Unit, enabling rapid, real-time assessments that help prevent threats from unfolding.

Analyst 207
Diverse cybersecurity team gathered around a blank whiteboard in a modern conference room.

CISOs Confront Growing Skills Gap in Cybersecurity Teams

A growing concern for CISOs is the widening skills gap in their cybersecurity teams, with 60% citing a lack of skilled staff as a bigger challenge than filling vacant positions. The right people with the right skills are proving harder to find than more bodies to fill open roles.

Analyst 207
Security analysts work at desks in a bright, modern operations center with a central workstation and empty chair.

NCSC Warns of Flawed SOC Metrics

The National Cyber Security Centre is warning that common security operations center metrics are fundamentally flawed, and that the only metric that truly matters is whether attacks are detected and responded to in a timely manner. By focusing on easily quantifiable but misleading metrics, organizations may inadvertently be encouraging their teams to prioritize speed over substance.

Analyst 207
Person sitting at desk with laptop and papers, surrounded by empty office spaces, with a neutral and slightly concerned…

Cybersecurity Salaries Stagnate Amid Rising Threats and Workloads

Despite the rising demand for cybersecurity experts, a shocking 71% of infosec pros worldwide - and 77% in the UK - have seen their salaries stagnate over the past year, leaving them lagging behind their peers in other tech fields.

Analyst 207
Students and faculty in a university library with laptops and tablets on tables.

Education Sector Grapples with 63% Surge in Cyber-Attacks

The education sector is facing a daunting reality: a 63% surge in cyber-attacks is putting institutions at risk, threatening the very openness and collaboration that define higher education. Can schools and universities keep pace with the growing threat?

Analyst 207
Overflowing inbox with papers and a prominent rating sheet on top.

NIST Scales Back Vulnerability Ratings Amid Surge in Submissions

The National Institute of Standards and Technology is overhauling its vulnerability rating system, scaling back severity scores for lower-priority flaws as submissions surge. This change means some software flaws will no longer get a severity score, shifting focus to the most critical vulnerabilities.

Analyst 207
Lone figure in hoodie sits before laptop with eerie blue glow, displaying complex network diagram.

Anthropic's Claude Mythos Preview Bolsters Cybersecurity Leaders

Anthropic's Claude Mythos Preview is giving select cybersecurity giants a powerful edge, and we're exploring what this exclusive rollout means for the industry. By granting early access to this cutting-edge AI model, Project Glasswing is poised to reshape the cybersecurity landscape.

Analyst 207
Vendor Breaches Spotlight Healthcare's Cyber Vulnerability

Vendor Breaches Spotlight Healthcare's Cyber Vulnerability

Recent vendor breaches have exposed healthcare's alarming cyber vulnerability, raising critical questions about who bears the cost - and the consequences - when a vendor's systems fail. As the threat landscape evolves, one thing is clear: the healthcare industry must rethink its approach to cybersecurity and vendor risk management.

Analyst 207
Risk Management Takes Critical Turn with NIST SP 800-39 Insights

Risk Management Takes Critical Turn with NIST SP 800-39 Insights

In today's high-risk digital landscape, effective risk management is no longer a choice - it's a necessity for protecting your organization's information systems and sensitive data. By adopting a comprehensive risk management approach, you can ensure the confidentiality, integrity, and availability of your data and stay ahead of evolving cyber threats.

Analyst 207
Critical Breach Exposes 8M Crime Tips

Critical Breach Exposes 8M Crime Tips

A shocking data breach has exposed 8 million crime tips, putting sensitive information in the wrong hands and raising serious concerns about public safety and trust. This critical breach highlights the urgent need for secure platforms that protect confidential tips from falling into the wrong hands.

Analyst 207
Massive Data Breach Exposes 3.7M Sears Home Services Records

Massive Data Breach Exposes 3.7M Sears Home Services Records

A massive data breach has just exposed 3.7 million Sears Home Services records, leaving millions of people vulnerable to potential identity theft and misuse of their personal information. This alarming incident serves as a harsh reminder to stay vigilant about protecting our digital lives.

Analyst 207
public Wi‑Fi Must-Have Security: Best Practices

public Wi‑Fi Must-Have Security: Best Practices

Free public Wi‑Fi brings huge civic benefits—but every hotspot is also a potential entry point for attackers, so CISOs must balance easy access with strong defenses. Prioritize segmentation, modern authentication, vendor controls, and clear public onboarding so communities stay connected without exposing municipal systems or citizen data.

Analyst 207
cyber incident: Explosive FEMA Cover-Up Risk

cyber incident: Explosive FEMA Cover-Up Risk

Leaked emails and logs now cast doubt on FEMA’s insistence that last month’s sweeping security firings weren’t cyber-related, raising urgent questions about hidden breaches, operational risk, and public trust. As investigators sift the evidence, people deserve clear, timely answers about whether critical disaster systems or personal data were exposed.

Analyst 207
cybersecurity executive order: Must-Have Best Guide

cybersecurity executive order: Must-Have Best Guide

The June 6, 2025 cybersecurity executive order sets a clear — and urgent — blueprint for federal CISOs to accelerate zero‑trust, strengthen software supply chains, and tighten incident reporting while juggling legacy systems, budgets and mission continuity. Tune into our podcast briefing for practical steps, expert perspectives, and real-world playbooks to turn the EO from mandate into measurable security.

Analyst 207
Person in hoodie pauses over laptop with ransom demand on screen, face obscured by shadows.

ransomware groups Stunning Pause: Risky Relief Explained

At least 15 notorious ransomware groups have announced they’re going dark, offering a welcome — if uneasy — reprieve. Experts warn it could be a ruse or a regrouping, so use the lull to patch systems, harden identity controls, and test backups.

Analyst 207
attacker surveillance: Exclusive Risky Ethics Debate

attacker surveillance: Exclusive Risky Ethics Debate

Huntress’s cheeky description of an attacker “on a silver platter” has split infosec — praised by some as a rare, practical learning moment and criticized by others for risking privacy, investigative integrity, and even giving attackers tips. The debate highlights a bigger question: how can defenders share real-world lessons widely without creating new vulnerabilities or harming victims?

Analyst 207
cybersecurity legislation: Must-Have Rules, Risky Tradeoffs

cybersecurity legislation: Must-Have Rules, Risky Tradeoffs

A new CIISec poll shows most security professionals want tougher, clearer cybersecurity laws—urging policymakers to create practical, enforceable rules that boost defenses without stifling innovation. If lawmakers listen and invest in enforcement and workforce skills, stronger regulation could deliver real protection for businesses and citizens.

Analyst 207