Cyber Governance | Breaking Cybersecurity News | The Hacker News

“You knew, and you could have acted. Why didn’t you?”  This is the question you do not want to be asked. And increasingly, it’s the question leaders are forced to answer after an incident. For years, many executive teams and boards have treated a large vulnerability backlog as an uncomfortable but tolerable fact of life: “we’ve accepted the risk.” If you’ve ever seen a report showing thousands (or tens of thousands) of open Highs and Critical CVEs, you’ve probably also heard the usual rationalizations from folks that would rather look the other way: we have other priorities , this will take years of engineering time to fix , how do you know these are really Critical, we’re still prioritizing, we’ll get to it. In the old world, that story, while not good, was often survivable. Exploitation was slower, more manual, and required more operator skill. Even the most sophisticated attackers had constraints. Organizations leaned on those constraints as an unspoken part of the risk mode...

Download the free guide , "It's a Generative AI World: How vCISOs, MSPs and MSSPs Can Keep their Customers Safe from Gen AI Risks." ChatGPT now boasts anywhere from 1.5 to 2 billion visits per month. Countless sales, marketing, HR, IT executive, technical support, operations, finance and other functions are feeding data prompts and queries into generative AI engines. They use these tools to write articles, create content, compose emails, answer customer questions and generate plans and strategies.  However, gen AI usage is happening far in advance of efforts to implement safeguards and cybersecurity constraints. Three primary areas of security concern associated with generative AI are: sensitive data included in gen AI scripts, outcomes produced by these tools that may put an organization at risk, and potential hazards related to utilizing third-party generative AI tools. Unchecked AI usage in organizations can lead to:  Major data breaches.  Compromised identities...