Compliance | Breaking Cybersecurity News | The Hacker News

MSPs are facing rising client expectations for strong cybersecurity and compliance outcomes, while threats grow more complex and regulatory demands evolve. Meanwhile, clients are increasingly seeking comprehensive protection without taking on the burden of managing security themselves. This shift represents a major growth opportunity. By delivering advanced cybersecurity and compliance services, MSPs can build deeper relationships, generate higher-value recurring revenue streams, and stand out in a competitive market. However, the move from basic IT and security services to strategic cybersecurity offerings requires more than technical expertise. It demands a clear service strategy, the right internal resources, and the ability to communicate security value in business terms. Without this foundation, MSPs risk inconsistent service delivery, missed opportunities, and stalled growth. We created the guide Turn Security Into Growth: Is Your MSP Ready to Expand? to help providers pin...

Artificial Intelligence (AI) is rapidly transforming Governance, Risk, and Compliance (GRC) . It's no longer a future concept—it's here, and it's already reshaping how teams operate. AI's capabilities are profound: it's speeding up audits, flagging critical risks faster, and drastically cutting down on time-consuming manual work. This leads to greater efficiency, higher accuracy, and a more proactive GRC function. However, this powerful shift introduces significant new challenges. AI brings its own set of risks, including potential bias, dangerous blind spots, and regulatory gaps that are only beginning to be addressed by governing bodies. Staying ahead of this curve—not just struggling to keep up—requires clear, practical knowledge. Don't Just Stay Afloat—Master the Change To help you navigate this complex landscape, we invite you to our free, high-impact webinar, " The Future of AI in GRC: Opportunities, Risks, and Practical Insights . " This se...

Artificial intelligence (AI) holds tremendous promise for improving cyber defense and making the lives of security practitioners easier. It can help teams cut through alert fatigue, spot patterns faster, and bring a level of scale that human analysts alone can't match. But realizing that potential depends on securing the systems that make it possible. Every organization experimenting with AI in security operations is, knowingly or not, expanding its attack surface. Without clear governance, strong identity controls, and visibility into how AI makes its decisions, even well-intentioned deployments can create risk faster than they reduce it. To truly benefit from AI, defenders need to approach securing it with the same rigor they apply to any other critical system. That means establishing trust in the data it learns from, accountability for the actions it takes, and oversight for the outcomes it produces. When secured correctly, AI can amplify human capability instead of replacing it t...

Penetration testing helps organizations ensure IT systems are secure, but it should never be treated in a one-size-fits-all approach. Traditional approaches can be rigid and cost your organization time and money – while producing inferior results.  The benefits of pen testing are clear. By empowering "white hat" hackers to attempt to breach your system using similar tools and techniques to an adversary, pen testing can provide reassurance that your IT set-up is secure. Perhaps more importantly, it can also flag areas for improvement.  As the UK's National Cyber Security Centre (NCSC) notes, it's comparable to a financial audit . "Your finance team tracks expenditure and income day to day. An audit by an external group ensures that your internal team's processes are sufficient." While the advantages are obvious, it's vital to understand the true cost of the process: indeed, the classic approach can often demand significant time and effort from your team. You need to get yo...

Every year, weak passwords lead to millions in losses — and many of those breaches could have been stopped. Attackers don't need advanced tools; they just need one careless login. For IT teams, that means endless resets, compliance struggles, and sleepless nights worrying about the next credential leak. This Halloween, The Hacker News and Specops Software invite you to a live webinar: " Cybersecurity Nightmares: Tales from the Password Graveyard " — a chilling reality check every IT leader needs. You'll explore real-world password breaches, why traditional password policies fail, and how new tools can help you stop attacks before they happen. 💀 What You'll Learn Real breach stories and the lessons behind them. Why complexity alone doesn't protect your users. How Specops blocks breached passwords in real time. A live demo of creating stronger, compliant, user-friendly policies. A simple three-step plan for IT leaders to eliminate password risks fast. 👉 Register now to jo...

AI is changing automation—but not always for the better. That's why we're hosting a new webinar, " Workflow Clarity: Where AI Fits in Modern Automation ," with Thomas Kinsella, Co-founder & Chief Customer Officer at Tines, to explore how leading teams are cutting through the hype and building workflows that actually deliver. The rise of AI has changed how organizations think about automation. But here's the reality many teams are quietly wrestling with: AI isn't a silver bullet. Purely human-led workflows buckle under pressure, rigid rules-based automations break the moment reality shifts, and fully autonomous AI agents risk introducing black-box decision-making that's impossible to audit. For cybersecurity and operations leaders, the stakes are even higher. You need workflows that are fast but reliable, powerful but secure, and—above all—explainable. So where does AI really fit in? The Hidden Problem with "All-In" Automation The push to automate everythi...

The world of enterprise technology is undergoing a dramatic shift. Gen-AI adoption is accelerating at an unprecedented pace, and SaaS vendors are embedding powerful LLMs directly into their platforms. Organizations are embracing AI-powered applications across every function, from marketing and development to finance and HR. This transformation unlocks innovation and efficiency, but it also introduces new risks. Enterprises must balance the promise of AI with the responsibility to protect their data, maintain compliance, and secure their expanding application supply chain. The New Risk Landscape With AI adoption comes a new set of challenges: AI Sprawl : Employees adopt AI tools independently, often without security oversight, creating blind spots and unmanaged risks. Supply Chain Vulnerabilities : interapplication integrations between AI tools and enterprise resources expand the attack surface and introduce dependencies and access paths enterprises can't easily control. Data Exp...

AI agents are rapidly becoming a core part of the enterprise, being embedded across enterprise workflows, operating with autonomy, and making decisions about which systems to access and how to use them. But as agents grow in power and autonomy, so do the risks and threats.  Recent studies show 80% of companies have already experienced unintended AI agent actions, from unauthorized system access to data leaks. These incidents aren't edge cases. They are the inevitable outcome of deploying AI agents at scale without purpose-built security mechanisms. Traditional IAM wasn't designed for this. Agents move too fast, operate 24/7, while relying on non-human identities (NHIs) to define precisely what they can and can't do. How can organizations possibly secure what they cannot see or control? To address this challenge, a new approach is needed—one that enables secure-by-design AI agent deployment across the enterprise. Enter: Astrix's Agent Control Plane (ACP) Astrix's AI Agent Cont...

CISOs know their field. They understand the threat landscape. They understand how to build a strong and cost-effective security stack. They understand how to staff out their organization. They understand the intricacies of compliance. They understand what it takes to reduce risk. Yet one question comes up again and again in our conversations with these security leaders: how do I make the impact of risk clear to business decision-makers? Boards want to hear how risk affects revenue, governance, and growth. They have a limited attention span for lists of vulnerabilities or technical details. When the story gets too technical, even urgent initiatives lose traction and fail to get funded. CISOs need to translate technical issues into terms the board understands. Doing so builds trust, garners support and shows how security decisions connect directly to long-term growth. It was the urgent need to bridge the CISO-Board communication gap that led us to create a new paradigm in CISO continu...

Introduction Managed service providers (MSPs) and managed security service providers (MSSPs) are under increasing pressure to deliver strong cybersecurity outcomes in a landscape marked by rising threats and evolving compliance requirements. At the same time, clients want better protection without managing cybersecurity themselves. Service providers must balance these growing demands with the need to work efficiently, deliver consistent results, and scale their offerings. Yet, many service providers still rely on manual processes that slow down delivery, make it harder to maintain consistency across clients, and limit the time teams have to focus on more strategic initiatives. Even experienced service providers can find themselves stretched thin as they try to meet rising client expectations while managing operational complexity. In this environment, automation offers an opportunity to work more effectively and deliver greater value. By streamlining repetitive tasks, improving con...

It's budget season. Once again, security is being questioned, scrutinized, or deprioritized. If you're a CISO or security leader, you've likely found yourself explaining why your program matters, why a given tool or headcount is essential, and how the next breach is one blind spot away. But these arguments often fall short unless they're framed in a way the board can understand and appreciate. According to a Gartner analysis , 88% of Boards see cybersecurity as a business risk, rather than an IT issue, yet many security leaders still struggle to raise the profile of cybersecurity within the organization. For security issues to resonate amongst the Board, you need to speak its language: business continuity, compliance, and cost impact. Below are some strategies to help you frame the conversation, transforming the technical and complex into clear business directives.  Recognize the High Stakes Cyber threats continue to evolve, from ransomware and supply chain attacks to...

In January 2025, cybersecurity experts at Wiz Research found that Chinese AI specialist DeepSeek had suffered a data leak, putting more than 1 million sensitive log streams at risk. According to the Wiz Research team, they identified a publicly accessible ClickHouse database belonging to DeepSeek. This allowed "full control over database operations, including the ability to access internal data", Wiz Research stated, with more than a million lines of log streams involved, containing chat history, secret keys and more. Wiz immediately reported the issue to DeepSeek, which quickly secured the exposure. Still, the incident underscored the danger of data leakage. Intentional or unintentional? Data leakage is a broad concept, covering a range of scenarios. As IBM notes, the term in general refers to a scenario where "sensitive information is unintentionally exposed to unauthorized parties" .  It could be intentional or unintentional. On the intentional side...

Generative AI platforms like ChatGPT, Gemini, Copilot, and Claude are increasingly common in organizations. While these solutions improve efficiency across tasks, they also present new data leak prevention for generative AI challenges. Sensitive information may be shared through chat prompts, files uploaded for AI-driven summarization, or browser plugins that bypass familiar security controls. Standard DLP products often fail to register these events. Solutions such as Fidelis Network ® Detection and Response (NDR) introduce network-based data loss prevention that brings AI activity under control. This allows teams to monitor, enforce policies, and audit GenAI use as part of a broader data loss prevention strategy. Why Data Loss Prevention Must Evolve for GenAI Data loss prevention for generative AI requires shifting focus from endpoints and siloed channels to visibility across the entire traffic path. Unlike earlier tools that rely on scanning emails or storage shares, NDR technol...

Every day, businesses, teams, and project managers trust platforms like Trello, Asana, etc., to collaborate and manage tasks. But what happens when that trust is broken? According to a recent report by Statista, the average cost of a data breach worldwide was about $4.88 million. Also, in 2024, the private data of over 15 million Trello user profiles was shared on a popular hacker forum. Yet, most organizations and project managers still assume that their platform's built-in backups are enough until they are not. The next few paragraphs will expose some risks of relying on these platform tools alone and how to better protect yourself and your organization from data loss with cloud backup and recovery . Why are project management tools becoming a prime target for data loss? More than 95% of businesses today rely heavily on project management tools like Trello and Asana to organize tasks, collaborate with teams, and track project milestones. However, as project managers become mor...

Employees are experimenting with AI at record speed. They are drafting emails, analyzing data, and transforming the workplace. The problem is not the pace of AI adoption, but the lack of control and safeguards in place. For CISOs and security leaders like you, the challenge is clear: you don't want to slow AI adoption down, but you must make it safe. A policy sent company-wide will not cut it. What's needed are practical principles and technological capabilities that create an innovative environment without an open door for a breach. Here are the five rules you cannot afford to ignore. Rule #1: AI Visibility and Discovery The oldest security truth still applies: you cannot protect what you cannot see. Shadow IT was a headache on its own, but shadow AI is even slipperier. It is not just ChatGPT, it's also the embedded AI features that exist in many SaaS apps and any new AI agents that your employees might be creating. The golden rule: turn on the lights. You need real-time visibi...

Modern businesses face a rapidly evolving and expanding threat landscape, but what does this mean for your business? It means a growing number of risks, along with an increase in their frequency, variety, complexity, severity, and potential business impact. The real question is, "How do you tackle these rising threats?" The answer lies in having a robust BCDR strategy. However, to build a rock-solid BCDR plan, you must first conduct a business impact analysis (BIA). Read on to learn what BIA is and how it forms the foundation of an effective BCDR strategy. What Is a BIA? A BIA is a structured approach to identifying and evaluating the operational impact of disruptions across departments. Disruptive incidents or emergencies can occur due to several factors, such as cyberattacks, natural disasters or supply chain issues. Conducting a BIA helps identify critical functions for a business's operations and survival. Businesses can use insights from BIA to develop strategies to resume th...