All news with #security awareness tag

🔍 ISC2’s 2025 Cybersecurity Workforce Study, based on responses from more than 16,000 professionals, reports that 59% of organizations now face critical or significant cyber-skills shortages, up from 44% last year. Technical gaps are most acute in AI (41%), cloud security (36%), risk assessment (29%) and application security (28%), with governance, risk and compliance and security engineering each at 27%. The survey cites a dearth of talent (30%) and budget shortfalls (29%) as leading causes and links shortages to concrete impacts—88% reported at least one significant security incident. Despite concerns, headcount appears to be stabilizing and many professionals view AI as an opportunity for specialization and career growth.

🔑 Renee Guttmann and other senior cyber leaders explain when professionals need mentorship versus executive coaching. At a September ISSA LA meeting, Guttmann distinguished mentoring as a one-on-one transfer of real-world experience and coaching as focused work on skills like executive presence. Speakers pointed to formal programs, networking, and industry groups as primary sources for guidance. Together, mentors and coaches help bridge technical foundations and board-level business acumen.

🛡️ A BdB survey of 1,057 German adults found that only 54% regularly or occasionally seek information about online security, even as 41% believe they are likely to face online fraud (9% very likely, 32% likely). Nearly a quarter (23%) reported being victims of online fraud in the past two years, yet 82% still consider online banking at home to be safe. BdB CEO Heiner Herkenhoff warns that awareness and basic protective measures significantly reduce the risk of falling for scams.

🧠 The democratization of advanced attack capabilities means cybersecurity leaders must rethink talent strategies now. Ann Johnson argues the primary vulnerability in an AI-transformed landscape is human: teams must combine technical expertise with cognitive diversity to interrogate and adapt to probabilistic AI outputs. Organizations should change hiring, onboarding, retention, and continuous upskilling to create resilient, future-ready security teams.

🏆 The 2025 CSO 30 Awards celebrate cybersecurity leaders blending technology, culture and measurable impact. A panel of judges recognised achievements across categories such as AI and Digital Excellence, Rising Star, Diversity and Inclusion and CSO of the Year. Highlights include Greg Emmerson’s automation and canary tooling at Applegreen, Chris Bardell’s response advances at Royal Papworth Hospital, and Craig Hickmott’s human-first transformation at the British Heart Foundation. The programme emphasises workforce development, responsible AI and organisational resilience.

📱 India’s telecommunications ministry has instructed major handset manufacturers to preload the government-backed cybersecurity app Sanchar Saathi on all new phones within 90 days, according to Reuters. The directive, dated November 28, 2025, reportedly requires the app to be non-removable and non-disableable and mandates pushing it via updates to devices already in the supply chain. Sanchar Saathi enables reporting of fraud and malicious links, blocking and tracking stolen devices, and checking multiple mobile connections; it has more than 11.4 million installs and has helped trace and recover hundreds of thousands of handsets.

🔒 Professionals routinely share work-related details on platforms such as LinkedIn, GitHub and consumer networks like Instagram and X, creating a public intelligence trove that attackers readily exploit. Job titles, project names, vendor relationships, commit metadata and travel plans are commonly weaponised into spearphishing, BEC and deepfake-enabled schemes. Organisations should emphasise security awareness, implement clear social media policies, enforce MFA and password managers, actively monitor public accounts and run red-team exercises to validate controls.

🔐 IT security often meets resistance when guidelines clash with everyday work pressures, causing employees to view measures as obstructive and to bypass them. The article advocates empathetic policy engineering: perform stakeholder analysis, design user-centered policies, and pilot changes with early adopters. Communicate with respect—use tactical empathy, collaborative 'help me to help you' dialogues, and realistic, scenario-based training to boost acceptance and embed secure practices.

🛡️ Doxxing is the deliberate public exposure of someone's personal information online, and for children it can cause serious emotional harm and physical safety risks. Parents should reduce the personal data their kids share, review privacy settings and disable geolocation. Protect accounts with unique passwords stored in a password manager and enable multifactor authentication. If doxxing occurs, document evidence, report to platforms and authorities, and provide calm, nonjudgmental support to your child.

🔍 AWS published behavioral guidelines for network scanning to help legitimate scanners distinguish themselves from malicious actors when probing AWS IP space. The guidance defines four pillars—observational, identifiable, cooperative, and confidential—and gives practical examples (non‑mutating checks, reverse DNS, meaningful user‑agents, opt‑out mechanisms). Conforming scanners should limit impact, secure collected data, and respect opt‑out requests to reduce abuse reports and improve internet security.

🛡️ Cybersecurity work creates a relentless, always-on pressure that erodes mental health, driving sleep loss, anxiety and burnout. The piece outlines how constant alerts, moral responsibility for failures and siloed teams amplify errors and organizational risk. It calls for concrete changes—from individual boundaries and therapy to organizational psychological safety—and industry shifts such as integrating wellness into ISO and NIST frameworks.

🛡️ Avast has integrated its new AI-powered Scam Guardian into Avast Free Antivirus, offering free, continuous protection against increasingly sophisticated, AI-enhanced scams worldwide. The feature analyzes website content, code, links, SMS and email context to flag deceptive intent and neutralize hidden threats. A premium Scam Guardian Pro in Avast Premium Security adds an Email Guard for contextual email scanning across devices. The rollout aims to democratize AI-based scam defense and give users clear, actionable guidance.

⚠️ Cyber insurance has become a boardroom staple, but it often creates a false sense of protection. Policies limit financial exposure but are not a blank check: insurers increasingly require documented controls and may reduce, delay, or deny claims when basic security hygiene—patching, access controls, logging, MFA, or incident readiness—is lacking. Relying on coverage without fixing these foundational failures leaves organizations exposed to financial, operational, and reputational harm.

🔒 Organizations should treat the Windows 11 migration as a strategic security opportunity rather than a routine OS update. While some users resist moving from Windows 10 or explore alternatives like Linux or legacy releases, those choices can introduce operational headaches and security gaps, especially as Microsoft phases out support. Use the transition to validate backups, recovery objectives, and patch posture to reduce exposure to unpatched vulnerabilities that increasingly target MSPs and their clients.

🔒 Surveys and first‑person accounts reveal persistent inclusion gaps for cyber professionals with disabilities and neurodivergence. UK research (Decrypting Diversity 2021) and Deloitte’s Disability Inclusion @ Work 2024 show many report barriers to progression and frequent denial of accommodations. Three practitioners — a security awareness leader, a former cyber risk analyst and a commercial sales manager — describe bias, resilience and concrete steps for leaders: ask rather than assume, build empathy, offer flexibility and provide structural supports.

🔒 Implementation and certification of ISO standards or an ISMS frequently falter due to avoidable organizational and technical mistakes. The article outlines nine recurring issues — from weak management sponsorship and treating certification as a one‑off task to poor employee engagement, inadequate skills development, dishonest assessments, and insufficient follow‑up. For each pitfall it recommends practical remedies such as executive commitment, clear planning, targeted training, honest risk analysis, automation where appropriate, and adequate resourcing to make the management system functional and sustainable.

🤝 Security policies often fail not because employees resist security in principle but because measures clash with everyday work pressures and lack practical support. CISOs should adopt empathic policy engineering, using stakeholder analysis, pilots and early adopters to align controls with real workflows. Communication should follow the RESPECT approach—tactical empathy, a “help me to help you” dialogue and immersive, scenario-based training—to increase acceptance and embed secure behavior.

🧠 Social engineering exploits human psychology to bypass technical and physical safeguards, using impersonation, deception and manipulation to gain access to systems, facilities or data. Attackers commonly use phishing, vishing, smishing, pretexting, baiting and tailgating after extensive reconnaissance to craft believable lures. High-value targets are often pursued via spear-phishing or BEC schemes, while opportunistic attackers rely on mass phishing. Practical defenses include ongoing security awareness training, verified procedures for urgent requests and realistic simulation tests; tools such as Social-Engineer Toolkit help organizations test their resilience.

🛡️ Fortinet partnered with BCIT, Cyber Catalyst, and Tech Vets Canada to deliver a one-week Industrial Control Systems cybersecurity microcredential intensive for Canadian veterans, providing hands-on labs and practical workshops. Through exercises in network segmentation, access control, and threat detection, participants translated military skills—leadership, discipline, resilience—into cybersecurity capabilities protecting critical infrastructure. The program paired technical training with mentorship, career transition support, and pathways to internships and certification, reflecting Fortinet’s commitment to building a more diverse, skilled cyber workforce.

📚 This CSO Online roundup gathers books recommended by practicing CISOs to refine judgment, influence leadership style, and navigate modern security complexity. Recommendations range from risk and AI-focused studies to cognitive science, social engineering narratives, and organizational behavior, showing how reading informs both tactical and strategic decisions. The list highlights practical guides for risk measurement, frameworks for improving focus and decision making, and titles that remind leaders to protect attention and sustain personal resilience.