BankInfoSecurity.com

CrowdStrike's Adam Meyers on Cybercriminals Moving From Endpoints to Softer Targets
With EDR making it difficult for cybercriminal to carry out attacks, they are now shifting focus to exploit vulnerabilities in compromised identities and unmanaged devices to move laterally across organizations, said Adam Meyers, senior vice president of counter adversary operations at CrowdStrike.

Menlo Venture's Rama Sekhar on AI Threats and Opportunities
Public attention has been focused on the dangers of large language models such as hallucinations or harmful output, but the most pressing security risks are no longer rooted in the models, but in how they are integrated with real-world tools, said Rama Sekhar, partner at Menlo Ventures.

DOD's Stacy Bostjanick Shares Cyber Strategies for Enhancing Cyber Resilience
Stacy Bostjanick, deputy CIO and chief of Defense Industrial Base Cybersecurity at the Department of Defense, shared a robust plan to protect the DIB from relentless cyberattacks through stronger standards and proactive cyber strategies.

Administration's Budget Proposals Would Slash Cyber Defense Agency Spending by 16%
President Donald Trump proposed a series of budget cuts Friday that would in part reduce the Cybersecurity and Infrastructure Security Agency's spending for fiscal year 2026 by nearly $500 million - a 16% reduction the administration said was aimed at realigning the agency with its core mission.

Ellis of YL Ventures on How Modern CISOs Must Lead, Not Master Every Discipline
There were never many 'do everything' CISOs. Today there are even fewer. But with a specialist area, strong overview and ability to channel expertise, CISOs can align with business goals, embrace the business enabler role, demonstrate quick wins, and ensure their organization makes better risk decisions.

4 Breaches Appear to Potentially Affect Hundreds of Thousands Across Several States
Catholic hospital chain Ascension Health is notifying hundreds of thousands of individuals across several states of at least four hacking incidents in recent months involving third-parties. Ascension reported one of the breaches this week, another in mid-April and the others in March and February.

CISA Staff Told to Prepare for Cuts and Crowded Work Locations Amid Growing Turmoil
Top officials at the nation's cyber defense agency want to give President Donald Trump's pick to lead the agency time to assess major restructuring plans - a move that is reportedly delaying the timeline for reductions in force while causing growing concerns for job stability among staffers.

Retailer Continues to Recover From Ransomware Incident
British retailer Marks & Spencer was reportedly targeted by financial crime group Scattered Spider, who deployed ransomware on the company's VMware ESXi server. The retailer continues to recover from a cyber incident that disrupted operations in its online and offline stores.

Panel Explores AI Innovation, Geopolitical Tensions and Cybersecurity Leadership
ISMG editors share insights from Day 3 of RSAC Conference 2025, unpacking nagging AI security challenges, evolving CISO roles, operational technology protection and the impact of geopolitical tensions on global cybersecurity collaboration.

Practical Tips for Surviving Conference Networking
Conferences are a prime opportunity to meet new people, exchange ideas and build relationships but for those of us who are introverts, the prospect of networking in large crowds can be overwhelming and exhausting.

Experts From Stibo Systems, Sitation on Tapping Into MDM and Predictive Analytics
Manufacturers want to digitally transform to tap into the latest artificial intelligence tools, but they're saddled with decades-old equipment that was not designed to easily share data with other systems. But there's hope, said James Van Pelt, manufacturing practice lead at Stibo Systems.

Zero Trust Creator John Kindervag on Barriers to Security Success Beyond Tech
Growing executive engagement with zero trust signifies a change from technical discussions to strategic business focus. Boards now view cybersecurity as fundamental to operations and seek solutions beyond products, said John Kindervag, creator of zero trust and chief evangelist, Illumio.

HIPAA Protected Health Information Among Data Stolen in Nov. 2023 Attack
The City of Long Beach, Calif. is notifying nearly 260,000 individuals that their protected health information was potentially stolen in a November 2023 hack that also disrupted IT systems for several weeks. The city has added $1 million to its cybersecurity budget since the incident.

Salt Typhoon Exposed Major Flaws in Telecom Networks. Few Changes Have Been Made
After China's Salt Typhoon breach of U.S. telecom networks, federal experts told Congress on Wednesday the nation remains dangerously exposed to another attack - despite warnings, investigations and interagency coordination, all of which have yet to produce systemic cyber defense improvements.

'Making America Safe Again Through Cyberdefense' Is Focus of Her RSAC Speech
"Cybersecurity is national security," said U.S. Homeland Security Secretary Kristi Noem during an RSAC Conference speech detailing her agenda for revamping the Department of Homeland Security's approach to cybersecurity, including a streamlined Cybersecurity and Infrastructure Security Agency.

Although the National Institutes of Health appears to have scaled back plans to build a national registry to track individuals with autism, the agency's research project still poses critical data privacy concerns, said Ariana Aboulafia and Andrew Crawford of the Center for Democracy and Technology.

Capitol Meridian Partners' Razi on Smarter AI Use, Strong Leadership and Diversity
Many AI models prioritize speed over security, exposing organizations to significant risks. Niloofar Razi, operating partner at Capitol Meridian Partners, stressed the need for companies to evaluate models carefully before adoption.