#CISOs

Security awareness tips, industry news, and product updates.

A hiring manager conducting a remote video interview on a laptop
Phishing & Social EngineeringThreat Intelligence

Deepfake Job Interviews: Hiring Is Now an Attack Surface

North Korean operatives are using deepfakes and synthetic identities to get hired at Western firms. Unit 42 built a convincing fake candidate in about 70 minutes. Here is how to vet remote hires.

Natalie Hoffmann·7/10/2026·6 min read
Employee completing a short security training module on a laptop at their desk
Security Awareness Tips

Continuous Adaptive Training vs. Annual Checkbox Courses

Annual compliance training looks tidy on a spreadsheet, but the forgetting curve erases most of it within weeks. Here is why continuous, adaptive security awareness training drives durable behavior change.

Daniel Okafor·7/9/2026·7 min read
Security and governance team reviewing AI policy implications around a conference table
Compliance & Regulations

EU AI Act: What Security and Awareness Teams Must Know

The EU AI Act is no longer theoretical. From the AI-literacy duty to deepfake transparency rules, here is what security and awareness teams need to act on now.

Daniel Okafor·7/3/2026·8 min read
Security analysts monitoring threat dashboards in an operations center
Threat Intelligence

Ransomware in 2026: Data Extortion Is the New Normal

Qilin led ransomware activity in early 2026 as groups shift from encryption to pure data extortion. The constant across nearly every attack is the human layer. Here is what CISOs should do.

Marcus Chen·6/30/2026·6 min read
A professional using an AI assistant on a laptop in an office
Threat Intelligence

Prompt Injection: The Hidden Risk in AI Assistants

Hidden instructions in a web page, email, or document can hijack an AI assistant into leaking data or taking actions on your behalf. It's OWASP's #1 LLM risk - and it grows as AI agents gain access.

Daniel Okafor·6/25/2026·6 min read
Abstract visualization of connected cloud applications and integrations
Compliance & RegulationsThreat Intelligence

When the Vendor Is the Breach: The Salesloft Drift Lesson

One compromised chatbot integration exposed 700+ organizations through stolen OAuth tokens. The Salesloft Drift attack shows why third-party access is now your biggest blind spot.

Rachel Andersen·6/20/2026·4 min read
Finance team reviewing payment documents around a conference table
Security Awareness TipsThreat Intelligence

FBI IC3 2025: $20.9B Lost — and What Your Team Can Do

The FBI's 2025 Internet Crime Report tallies a record $20.9 billion in losses, with business email compromise close to the top. Here's what the numbers mean and the controls that actually help.

Sarah Mitchell·6/19/2026·4 min read
Security team reviewing breach data and charts on screens
Security Awareness TipsThreat Intelligence

Verizon DBIR 2026: The Human Element in 62% of Breaches

Verizon's 2026 Data Breach Investigations Report puts the human element in 62% of breaches and confirms attackers are pivoting to mobile and the browser. Here's what it means for your awareness program.

James Thornton·6/18/2026·4 min read
IT help desk agent wearing a headset and assisting a caller
Phishing & Social EngineeringThreat Intelligence

Help Desk Social Engineering: Scattered Spider's Front Door

Scattered Spider doesn't hack your MFA — it calls your help desk and talks an agent into resetting it. Here's how help desk social engineering works and how to lock the door.

David Kowalski·6/16/2026·4 min read
Cross-functional team gathered around a conference table running an incident response exercise
Security Awareness TipsCompliance & Regulations

Tabletop Exercises: Rehearsing Your Incident Response

A real breach is the worst time to discover that no one knows who decides whether to pay a ransom. Tabletop exercises expose those gaps in a conference room instead of a crisis.

Marcus Chen·6/15/2026·7 min read
CISO presenting security program metrics to leadership in a boardroom
Security Awareness Tips

Security Awareness Metrics Beyond the Click Rate Alone

Click rate is the metric every program reports and the one that misleads most. Report rate, time-to-report, repeat-clicker reduction and the resilience ratio tell the real story. Here is how to measure and present it.

Lisa Brennan·6/14/2026·7 min read
Security team reviewing a human risk analytics dashboard in an office
Security Awareness Tips

Human Risk Management: Beyond Awareness Training Alone

Annual click-through training checks a compliance box but rarely changes behavior. Human Risk Management replaces it with continuous, data-driven, personalized risk reduction. Here is what that shift looks like in practice.

James Thornton·6/13/2026·7 min read
« Previous12Next »