Skip to main content

Tag: risk management

301 articles

AI in security: Must-Have Best Practices for Resilience

AI in security: Must-Have Best Practices for Resilience

AI can supercharge defenses — but only if we secure the AI stack; discover practical best practices to protect data, harden models, and keep automation from becoming a single point of failure.

Analyst 207
zero trust Must-Have: Europe’s Best Security Playbook

zero trust Must-Have: Europe’s Best Security Playbook

Across Europe, zero trust has moved from IT theory to a regulatory expectation—policymakers now expect identity-centric controls, measurable resilience and risk reporting, so organizations must re-architect defenses or accept growing exposure. Start pragmatically: protect your highest-value assets with IAM, MFA and segmentation, measure risk reduction, and build privacy-preserving telemetry as you go.

Analyst 207
Citrix vulnerability: Exclusive Alert for Risky DLL Sideload

Citrix vulnerability: Exclusive Alert for Risky DLL Sideload

A China-linked group called Salt Typhoon has been exploiting a Citrix flaw via stealthy DLL sideloading to slip malicious code into critical infrastructure and enterprise systems worldwide. It’s a wake-up call to patch, audit binaries, and tighten controls before trusted software becomes an attacker’s hiding place.

Analyst 207
Common Vulnerability Scoring System: Stunningly Risky Flaw

Common Vulnerability Scoring System: Stunningly Risky Flaw

Vulnerability scores like CVSS can create a dangerous illusion of certainty — noisy, context‑blind numbers often mislead teams into patching the wrong things while real risks slip through. It’s time to pair those scores with exploit intel, asset criticality, and business impact so we prioritize what actually matters.

Analyst 207
penetration testing: Must-Have Tips to Avoid Risky Costs

penetration testing: Must-Have Tips to Avoid Risky Costs

Passing a pen test feels great — until the invoice arrives and the same vulnerability makes the headlines, exposing whether you paid for real security or just a shiny compliance report. Treat testing as continuous, threat-informed risk management: scope by business impact, budget for remediation and retesting, and combine automated checks with expert red teams to avoid costly surprises.

Analyst 207
Cracked clock face hangs on dimly lit wall, shattered smartphone below, with cityscape visible through window.

58-hour delay: Stunning £14m fine exposes risky lapse

The ICO fined Capita £14m after a 58‑hour delay in reporting a 2023 breach that exposed 6.6 million records — a stark reminder that slow incident response can magnify harm and erode public trust.

Analyst 207
full-lifecycle COTS AI: Stunning, Risk-Reducing Choice

full-lifecycle COTS AI: Stunning, Risk-Reducing Choice

When time, budget and national‑security stakes won’t wait, full‑lifecycle COTS AI lets agencies field proven capabilities fast while offloading sustainment, security and compliance. By cutting delivery time, lowering program risk and offering predictable lifecycle costs, these platforms free teams to focus on mission outcomes instead of reinventing the plumbing.

Analyst 207
artificial intelligence risk: Essential, Costly Warning

artificial intelligence risk: Essential, Costly Warning

UK firms are feeling the sting of unmanaged AI — EY finds an average hit of £2.9m per organisation from faulty models, data breaches and regulatory slip-ups. It’s a wake-up call: invest in governance, oversight and clear accountability now or watch innovation turn into costly disruption.

Analyst 207
public Wi‑Fi Must-Have Security: Best Practices

public Wi‑Fi Must-Have Security: Best Practices

Free public Wi‑Fi brings huge civic benefits—but every hotspot is also a potential entry point for attackers, so CISOs must balance easy access with strong defenses. Prioritize segmentation, modern authentication, vendor controls, and clear public onboarding so communities stay connected without exposing municipal systems or citizen data.

Analyst 207
cloud backup service Risky Breach: Must-Have Fixes

cloud backup service Risky Breach: Must-Have Fixes

SonicWall says attackers accessed cloud backup files holding encrypted firewall credentials and configs — turning the safety net meant to speed recovery into a potential roadmap for targeted attacks. If you used their Cloud Backup, assume exposure: rotate keys and credentials, review firewall and VPN access, and verify your backups and key management now.

Analyst 207
AI Security Posture Management: Must-Have Best Practices

AI Security Posture Management: Must-Have Best Practices

Rushing to adopt generative AI? Before you buy that shiny AI‑SPM dashboard, ask five practical questions—about assets and ownership, integration, real threat detection, provenance, and legal obligations—to ensure your security investment actually reduces risk instead of just creating paperwork.

Analyst 207
ransomware attack: Stunning Risky Data Theft Exposes Flaws

ransomware attack: Stunning Risky Data Theft Exposes Flaws

Asahi has confirmed a ransomware attack that stole data and forced a switch to manual order processing, leaving customers and partners eager to know what was compromised and how quickly the company can restore operations and trust.

Analyst 207
consulting GitLab instance: Must-Have Risky Breach Fixes

consulting GitLab instance: Must-Have Risky Breach Fixes

Red Hat confirmed that an unauthorized party accessed a consulting GitLab instance and exfiltrated data, spotlighting how even non-core environments can expose customers to serious risk. Act now: audit access logs, rotate credentials and secrets, isolate consulting projects, and enforce least-privilege and stronger identity controls to stop lateral attacks.

Analyst 207
WestJet data breach: Exclusive Risk to Millions

WestJet data breach: Exclusive Risk to Millions

WestJet revealed a criminal intrusion that exposed personal and loyalty data for about 1.2 million customers, raising urgent questions about airline cybersecurity and what it means for your privacy. Read on to learn what happened, why stolen travel data is so dangerous, and simple steps you can take right now to protect yourself.

Analyst 207
data breach notices: Stunning Wave Risks 3.7M

data breach notices: Stunning Wave Risks 3.7M

About 3.7 million North Americans just received breach notices after incidents at Allianz Life, WestJet and a payroll software vendor — leaving many wondering what to do next and how to protect themselves. Read on for what happened, what to watch for, and simple steps you can take right now to guard your identity.

Analyst 207
OT security Must-Have: Best International Standard

OT security Must-Have: Best International Standard

National cyber authorities from the Five Eyes, Germany and the Netherlands have unveiled a coordinated OT security standard to help protect the industrial systems that run our power, water and factories from disruptive, safety‑threatening attacks. If paired with funding and industry buy‑in, this practical guidance could finally turn years of OT neglect into measurable resilience—otherwise it risks staying on paper while attackers probe the weakest links.

Analyst 207
data breach Shocking Harrods Supplier Risky Scandal

data breach Shocking Harrods Supplier Risky Scandal

Harrods says a third‑party supplier caused a breach that exposed about 430,000 customers, but that blame game leaves people hungry for clear details on what was taken and how they’ll be protected. As trust frays, customers and regulators will demand better transparency and tighter vendor oversight.

Analyst 207
cybersecurity staff Shortage: Must-Have Fixes for Risky Gap

cybersecurity staff Shortage: Must-Have Fixes for Risky Gap

Two-thirds of organizations lack dedicated cybersecurity staff, leaving networks and data more exposed as threats surge and hiring, burnout, and competition for talent bite. Fixing it means smarter hiring, hands-on training and public‑private action before the next big incident.

Analyst 207
Continuous Threat Exposure Management: Must-Have Best Guide

Continuous Threat Exposure Management: Must-Have Best Guide

Ever feel buried in red alerts and endless tickets? Continuous Threat Exposure Management (CTEM) flips the script—linking detections to business impact, validating exploitability, and prioritizing fixes so teams stop chasing noise and start reducing real risk.

Analyst 207
Agentic AI: Essential, Risky Breakthrough for Government

Agentic AI: Essential, Risky Breakthrough for Government

Imagine AI that not only predicts or generates, but plans, acts, and coordinates across systems—speeding up casework, simulating smarter policy choices, and shoring up cyber defenses. These agentic systems could unclog backlogs and boost resilience — if agencies pair them with clear rules, rigorous testing, and strong accountability to keep decisions transparent and fair.

Analyst 207
one bad password: Stunning Lessons from a Risky Collapse

one bad password: Stunning Lessons from a Risky Collapse

One compromised password toppled KNP Logistics after 158 years, a wake-up call that even the most storied businesses can be undone by weak cyber hygiene — adopt MFA, segmentation and tested recovery plans before it’s too late.

Analyst 207
cryptocurrency fraud ring Stunning €100M Risky Bust

cryptocurrency fraud ring Stunning €100M Risky Bust

European police dismantled an alleged €100 million crypto fraud ring this week, arresting five suspects and shutting down fake platforms, token launches and wallets that duped investors. The case shows how cross-border forensics can stop big scams — and why you should always verify platforms and be wary of returns that sound too good to be true.

Analyst 207
AI security risks: Critical Must-Have Defense Guide

AI security risks: Critical Must-Have Defense Guide

AI’s power to boost productivity is now drawing attackers to the hardware, APIs and networks that support it, creating practical risks beyond model accuracy. Organizations that treat security as an afterthought must act now—hardening firmware, clamping down on APIs and improving observability—before vulnerabilities turn into costly breaches.

Analyst 207
third-party breaches: Stunning, Risky Wake-Up Call

third-party breaches: Stunning, Risky Wake-Up Call

Stellantis warns a third‑party supplier may have exposed customer personal data, leaving millions wondering what may actually means. Customers deserve clear answers about who was affected, what was leaked, and what protections will be offered.

Analyst 207