Expert Analysis – Help Net Security

AI is no longer on the horizon, it’s already transforming how organizations operate. In just a few years, we’ve gone from isolated pilots to enterprise-wide adoption. According to a recent SailPoint survey, 82% of companies are running AI agents today, often across multiple business functions. These agents aren’t just passive tools; they’re autonomous systems that act, decide, and adapt at remarkable speed and scale. These systems now handle responsibilities once reserved for skilled human oversight, … More → The post As AI grows smarter, your identity security must too appeared first on Help Net Security.

AI security governance provides a stable compass, channeling efforts and transforming AI from an experimental tool to a reliable, enterprise-class solution. With adequate governance built at the center of AI efforts, business leaders can shape AI plans with intention, while keeping data secure, safeguarding privacy, and reinforcing the strength and stability of the entire system. Building trust in intelligent systems AI models, especially large language model-based AI and sophisticated algorithms, pose distinct challenges. They develop … More → The post AI security governance converts disorder into deliberate innovation appeared first on Help Net Security.

Brandolini’s law, also known as the “bullshit asymmetry principle”, is simple but devastating: “The amount of energy needed to refute bullshit is an order of magnitude bigger than to produce it.” While it’s often thrown around in political debates and social media flame wars, I’ve been thinking a lot about how brutally relevant it is to our world of cybersecurity. Brandolini’s law casts a long shadow over everything we do, from fighting social engineering to … More → The post How Brandolini’s law informs our everyday infosec reality appeared first on Help Net Security.

July turned into a surprisingly busy month. It started slowly with a fairly ‘calm’ Patch Tuesday as I forecasted in my last blog. Although there were 130 new CVEs addressed across all the Microsoft releases, there was only one publicly disclosed CVE, so the risk was low. But a short time later, two CVEs in SharePoint were reported exploited, and the month started to heat up with hotfixes near the end of the month. Mix … More → The post August 2025 Patch Tuesday forecast: Try, try again appeared first on Help Net Security.

In many automotive companies, the same systems-engineering teams are responsible for both safety and security. As a result, cybersecurity is treated as a subset of safety, undergirded by an implicit assumption: “If it’s safe, it must be secure.” But that’s not necessarily always the case. As so many chief information and product security officers across the industry have seen, a vehicle deemed functionally safe under ISO 26262 can be highly vulnerable to cyber threats, especially … More → The post Cybersecurity and the development of software-defined vehicles appeared first on Help Net Security.

It’s often the case that the simplest tools have the longest staying power, because they ultimately get the job done. Take duct tape, for example: it’s a sturdy household classic that wasn’t invented to be elegant or high tech. It was made to work whether dealing with a leaky tent or an inconvenient puncture – a reliable way to just get the job done in a sticky situation. Stolen credentials play a similar role in … More → The post Why stolen credentials remain cybercriminals’ tool of choice appeared first on Help Net Security.

We have reached a stage where ransomware isn’t simply a cybercrime issue: it is now clearly a business disruptor, a threat to societal trust, and increasingly, a national security crisis. As James Babbage, Director General (Threats) at the UK’s National Crime Agency (NCA), recently noted, ransomware is “a national security threat in its own right, both here and throughout the world.” Alarmingly, despite years of targeted operations, global strategy papers, and industry guidance, ransomware groups … More → The post Ransomware will thrive until we change our strategy appeared first on Help Net Security.

Third-party involvement in data breaches has doubled this year from 15 percent to nearly 30 percent. In response, many organizations have sharpened their focus on third-party risk management, carefully vetting the security practices of their vendors. However, a critical gap remains that many organizations overlook: fourth-party risk. The silent threat of fourth-party vendors Most organizations focus only on the vendors directly in their orbit, while neglecting to dig one step deeper into who those vendors … More → The post Your supply chain security strategy might be missing the biggest risk appeared first on Help Net Security.

According to LinkedIn, job applications have surged over 45% in the past year, with 11,000 applications submitted every minute. This flood of applications is making it harder than ever for qualified candidates to stand out. The industry has become highly specialized. Gone are the days when you could land a job simply by calling yourself a generalist: hiring is based on specific skills that match defined roles. Know the role you’re applying for If you’re … More → The post How to land your first job in cybersecurity appeared first on Help Net Security.

In April, the cybersecurity community held its breath as the Common Vulnerabilities and Exposures (CVE) program was plunged into a moment of existential crisis. In the end, an eleventh-hour reprieve saved the day. While CVEs do not encompass the full scope of network security issues, they are still a critical component to track as part of a security program. Over the last 25 years, the CVE program has evolved into a critical, shared, and global … More → The post Why we must go beyond tooling and CVEs to illuminate security blind spots appeared first on Help Net Security.