< ciso
brief />
Tag Banner

All news with #human risk management tag

57 articles · page 3 of 3

CISOs' Greatest Risk: Functional Leaders Quitting Now

⚠️ Functional security leaders are increasingly disengaging due to heavy workloads, limited autonomy, and stalled career progression, creating a direct resilience risk for CISOs and the broader enterprise. The piece cites ISACA data showing rising stress and widespread understaffing and includes perspectives from Carole Lee Hobson, Brandyn Fisher, and Monika Malik. Recommended actions include clear promotion rubrics and executive sponsorship, consolidated tooling with a quarterly kill-switch, and metrics tied to prevention and risk contribution.
read more →

Behind the Firewall: Cyber Professionals with Disabilities

🔒 Surveys and first‑person accounts reveal persistent inclusion gaps for cyber professionals with disabilities and neurodivergence. UK research (Decrypting Diversity 2021) and Deloitte’s Disability Inclusion @ Work 2024 show many report barriers to progression and frequent denial of accommodations. Three practitioners — a security awareness leader, a former cyber risk analyst and a commercial sales manager — describe bias, resilience and concrete steps for leaders: ask rather than assume, build empathy, offer flexibility and provide structural supports.
read more →

Recruitment red flags: spotting faux job applicants

🔍 Organizations are facing a growing threat from applicants who pose as legitimate job seekers but are in fact operatives tied to overseas actor networks. Recent cases — including a July 2024 incident at KnowBe4 and longer running campaigns tracked as WageMole and DeceptiveDevelopment — show perpetrators use stolen identities, deepfakes and remote infrastructure to gain employment. The article outlines practical detection cues for recruitment teams and containment steps to limit insider risk.
read more →

Closing the Cybersecurity Skills Gap: New Pathways

🔐 Cyber Awareness Month highlights the persistent cybersecurity skills shortage and the opportunities it creates for new entrants and experienced professionals. The 2025 Cybersecurity Skills Gap Report documents a global shortfall of more than 4.7 million roles and identifies high demand for data, cloud, network and AI security expertise. Employers increasingly favor certifications (65%) over degrees, opening practical pathways for career changers, veterans, and adjacent IT or business professionals. Investing in upskilling, governance, and awareness programs can reduce breach risk and improve retention.
read more →

2025 Insider Risk Report: Hidden Costs of Everyday Actions

🔍 The 2025 Insider Risk Report finds insider-driven data loss is widespread and costly, with 77% of organizations affected and many incidents stemming from human error or compromised accounts rather than malice. It warns that traditional DLP often lacks behavioral context and visibility across endpoints, SaaS, and GenAI. The report urges adoption of behavior-aware, AI-ready platforms and five practical practices to reduce false positives and prevent data loss.
read more →

Rethinking Enterprise Phishing Training Effectiveness

🔒 Phishing remains a pervasive threat—IBM attributes roughly 15% of data breaches to these attacks—yet standard training approaches are delivering limited protection. Recent studies cited in the article show annual awareness modules and embedded simulated-phish interventions often fail to change user behavior or secure genuine engagement, with many users closing training pages outright. Security leaders are advised to treat training as one element of a broader risk-reduction strategy that pairs behavioral design, clear escalation steps, measurable metrics, incentives, and technical controls such as two-factor authentication and improved phishing detection.
read more →

Supporting Teens Online: Beyond Bans Toward Guidance

👪 The early teen years are pivotal for digital development, and trust between parents and teens matters more than any single setting. Tools like Family Link and YouTube’s supervised experience are valuable, but parents juggling multiple children, apps and devices need simpler solutions—AI assistants could configure age- and app-specific controls. Rather than blanket bans, the piece calls for thoughtful restrictions developed with parents, schools and communities alongside independent digital literacy standards.
read more →

Inside a Convincing Phone Scam: Social Engineering Exposed

🔍 A reader recounts a sophisticated phone scam in which callers posed as bank employees and provided plausible details to build trust. The scammers supplied case numbers and 'cancellation codes,' then transferred the victim to a staged supervisor named Mike Wallace to legitimize their story. Even security-aware individuals can be deceived; the anecdote illustrates how social engineering exploits procedural expectations and authority. Independently verify any unexpected bank contact via official channels before taking action.
read more →

Two-Thirds of Organizations Have Unfilled Cyber Roles

🔒 Organizations face persistent cybersecurity staffing and budget gaps, with ISACA finding 65% of firms report unfilled positions. Hiring timelines remain long—38% say entry-level roles take three to six months to fill and 39% report similar delays for non-entry roles—while half of organizations struggle to retain talent. Only 56% believe their board prioritizes cybersecurity, and 53% view budgets as underfunded. ISACA urges faster investment in holistically trained, hands-on cyber workforces to keep pace with evolving threats.
read more →

Coherence: A New Core Principle for Insider Risk Management

🛡️ Coherence is framed as the operational backbone for insider-risk programs, stressing shared meaning and alignment rather than surveillance alone. The author argues most insider incidents stem from two vectors — malicious intent and human error — both amplified by semantic drift. Building coherence requires aligning messaging across HR, communications, legal, and security, training for narrative fidelity, equipping line managers with rituals and lexicons, and creating feedback channels that surface drift before behavioral anomalies.
read more →

Gen Z Frequently Falls for Phishing Despite Savviness

🔒 A YouGov survey commissioned by Initiative Sicher Handeln finds many younger internet users — the so-called Digital Natives — struggle to spot common phishing signals. Nearly half of Gen Z (49%) do not recognise unsolicited attachments as suspicious, and fewer notice impersonal salutations, spelling errors, or bogus urgency. The online poll (Sept 8–10, 2025; 2,044 German adults) prompts the Stop, Question, Protect appeal.
read more →

AI Shifts Entry-Level Cyber Hiring Toward Soft Skills

🔍Teamwork, problem-solving and analytical thinking now outrank core technical skills in entry-level cybersecurity hiring, according to an ISC2 study of 929 hiring managers across the US, UK, Canada, Germany, India and Japan. The report finds AI is reshaping priorities: managers favour human strengths that AI can't duplicate while routine monitoring is increasingly automated. Experts warn that overreliance on certifications and broken entry pipelines exclude capable candidates, prompting vendors and employers to broaden recruitment through apprenticeships, neurodiverse hiring and outreach to career changers.
read more →

ICO: Students Cause Majority of UK School Data Breaches

🔒 The ICO analyzed 215 insider personal data breach reports from the UK education sector between January 2022 and August 2024 and found students were responsible for 57% of incidents. Around 30% of breaches involved stolen login credentials, with students accounting for 97% of those attacks by guessing weak passwords or using credentials found on paper. The report highlights cases where pupils used freely available tools to break into school systems and access or alter thousands of records. The ICO urges parents, schools and the wider industry to channel curiosity into legitimate cyber careers and strengthen basic protections.
read more →

Human-centered cybersecurity rises in CISO priorities

🔐 The role of the CISO is shifting from technical expert to manager of people and systems, making a human-centered approach essential to reduce the most significant cyber risks. Rather than repeating awareness campaigns, CISOs should design practical, scenario-based training, align security with corporate values, and foster a supportive security culture. Technology and policy must enable good behavior, while deliberate, minimal friction creates effective learning moments. A mature Human Risk Management program uses assessment, segmentation, targeted interventions and continuous feedback to deliver measurable risk reductions.
read more →

Avoid Becoming a Money Mule: Risks, Tactics, Prevention

⚠️ Money mules are individuals whose bank accounts are used to move or withdraw stolen funds, often without their knowledge. Scammers recruit mules through fake job offers, in-person pleas, or off-the-books work, promising small payments for receiving or forwarding transfers. Legal consequences can be severe — fines, prosecution, and imprisonment — even if you were unaware. Protect yourself by refusing unsolicited transfers, keeping bank details private, and insisting on formal contracts for any employment.
read more →

Women Cyber Leaders Growing Representation and Mentorship

👩‍💻 Female cybersecurity leaders report improving representation and influence, with 55% of women in managerial or higher roles even though women comprise just 22% of the cybersecurity workforce, according to a recent ISC2 report. Executives including Carol Lee Hobson and Cindi Carter note more women stepping into CISO and board-level positions and a stronger talent pipeline from STEM programs. However, salary gaps persist (median US pay: men $150,000; women $140,000), and many still face limited mentorship and subtle bias. Leaders emphasize mentoring, sponsorship, and networking groups as essential to sustaining progress.
read more →

How to Break into Cybersecurity: Skills and Traits

🔐 In this Cybersecurity Podcast episode, ESET Principal Threat Intelligence Researcher Robert Lipovsky outlines the practical skills and personality traits useful for newcomers to the field. He addresses common questions about coding ability, college degrees, and whether formal qualifications are required. Lipovsky emphasizes curiosity, persistence, and a willingness to learn alongside foundational technical skills. The discussion frames these recommendations within an evolving threat landscape and ESET’s broader career guidance.
read more →