Regulatory activity forces compliance leaders to spend more on GRC tools

Legal and compliance department investment in GRC (governance, risk, and compliance) tools will increase 50% by 2026, according to Gartner. Assurance leaders are seeking out technology solutions to help them address increasing regulatory attention on executive risk oversight and monitoring. “Recent actions ranging from the U.S. Securities and Exchange Commission (SEC) to the U.S. Department […]

Continue Reading

Generative AI lures DevOps and SecOps into risky territory

Application security leaders are more optimistic than developer leaders on generative AI, though both agree it will lead to more pervasive security vulnerabilities in software development, according to Sonatype. According to the surveyed DevOps and SecOps leaders, 97% are using the technology today, with 74% reporting they feel pressure to use it despite identified security […]

Continue Reading

Rising OT/ICS cybersecurity incidents reveal alarming trend

60% of cyberattacks against the industrial sector are led by state-affiliated actors and often unintentionally enabled by internal personnel (about 33% of the time), according to Rockwell Automation. This corroborates other industry research showing OT/ICS (Industrial Control Systems) cybersecurity incidents are increasing in volume and frequency, and are targeting critical infrastructure, such as energy producers. […]

Continue Reading

Latest fraud schemes targeting the payments ecosystem

Threat actors continued to exploit technical misconfigurations through various fraud schemes, according to a new report from Visa. These include the use of malvertising and search engine optimization (SEO) techniques to cultivate compelling and effective phishing and social engineering campaigns, the utilization of emerging advanced language model (ALM) technologies, and the increased targeting of authentication […]

Continue Reading

Privacy concerns cast a shadow on AI’s potential for software development

Organizations are optimistic about AI, but AI adoption requires attention to privacy and security, productivity, and training, according to GitLab. “The transformational opportunity with AI goes way beyond creating code,” said David DeSanto, CPO, GitLab. “According to the GitLab Global DevSecOps Report, only 25% of developers’ time is spent on code generation, but the data […]

Continue Reading

Companies need to rethink how they implement identity security

More than 80% of organizations have experienced an identity-related breach that involved the use of compromised credentials, half of which happened in the past 12 months, according to Silverfort and Osterman Research. Lack of visibility into the identity attack surface Furthering the challenges for CISOs is a continual misalignment between security and identity teams. Visibility […]

Continue Reading

CISOs need to be forceful to gain leverage in the boardroom

Over 70% of CISOs feel that the importance of information security is not recognised by senior leadership, according to BSS. The CISOs said their top four highest investment priorities in 2023 are change management (35%), information security resilience (34%), data security (32%), and information security assurance and testing (32%). These findings suggest a certain amount […]

Continue Reading