Challenging the Easy Path: Why NIS2 Demands a New Compliance Mindset
In my presentation at the KuppingerCole's cyberevolution 2023 conference in Frankfurt, entitled "Beware of Easy Paths: The Journey Towards NIS2 Compliance", I focused on the complexities of the revised Network and Information Systems Directive (NIS2) issued by the European Union. While I am neither a lawyer nor an auditor (so they might be important peers to talk to on your NIS2-journey), my focus is on the practical implications of this crucial piece of cybersecurity legislation. As a critical component of the EU's cybersecurity strategy, NIS2 extends its influence across various...
The Bletchley Declaration: The Imitation Game of a Different Kind
The result of this meeting was “ The Bletchley Declaration ”, an international agreement signed by 29 countries, including the US, EU, and China, to confirm their shared commitment for future AI developments that “should be designed, developed, deployed, and used, in a manner that is safe, in such a way as to be human-centric, trustworthy and responsible”. Sounds promising, right? Experts have been talking about the dangers of uncontrolled AI proliferation for years. James Cameron warned us about AI gaining self-awareness forty years ago! Elon Musk has been...
Foresight Consulting in Cybersecurity
In their constant quest for keeping organizations secure, cybersecurity professionals always need to look into the future in order to assess the likelihood of potential attacks. They need to combine their knowledge of the past and the present with their evaluation of the development of prominent attack vectors and come to a risk assessment for their work in the future. In his discussion with our CEO Berthold Kerl, Jonathan Blanchard Smith, Director and Fellow at SAMI Consulting, suggests that “foresight consulting is explicitly not looking into the crystal ball”. Instead,...
The Human Vector
The side effects of (re)generative AI impacting cyber security Professionally paranoids can't but look at ChatGPT and its siblings from a risk perspective. Well, at least initially. We tend to think in risk vectors, threat actors and alike. Leaving all innovative benefits of the technology aside, there are sensitive elements that require attention. This is how we currently deal with this kind of innovation: Impulse driven … In a first "impulse", we try to fit what we see into the simple equation where risk equals probability times damage. As a result, we get nervous as,...
AWS Announces EU Sovereign Cloud
On October 25th, 2023, AWS announced their intention to launch AWS European Sovereign Cloud. This is an important announcement which reflects the impact of EU GDPR regulation and the EU recent Schrems II judgement . What was Announced AWS European Sovereign Cloud will be a new, independent cloud for Europe that is designed to help public sector organizations and those in highly regulated industries meet the regulatory data residency and operational requirements. This cloud service will be located and operated within Europe. It will be physically and logically separate from...
Information and Cyber Warfare: Implications for State Strategies and Cybersecurity
In a recent interview with the Financial Times , EON chief executive Leon Birnbaum expressed frustration with Germany’s cyber protection of critical infrastructures.If a successful serious cyberattack were to occur, he believes his company, which operates Germany’s largest gas and electricity distribution network, would be “on its own”. Operating power grids in nine European countries including Sweden, Hungary and the Czech Republic, EON is “constantly” under attack by cybercriminals, some of which are suspected state-backed actors. Unlike most...
„Cyberkriminalität profitiert von sicheren Häfen“
In einer Welt, die zunehmend von digitalen Technologien geprägt ist, ist die Sicherheit unserer Daten und Systeme von entscheidender Bedeutung. Die Bedrohungen in der Cyberwelt entwickeln sich ständig weiter und die Notwendigkeit einer starken Cybersicherheitsstrategie ist unabdingbar. Im Interview mit Johannes Steger, Chefredakteur des „Tagesspiegel Background Cybersecurity“, sprachen wir über verschiedene Aspekte der Cybersicherheit. Von der geopolitischen Einflussnahme auf die Bedrohungslage bis hin zur Bedeutung von Awareness und Vielfalt in der Branche....
GPTs, Databases, and AI Agility
I can imagine that some of the readers might look at the title and wonder: what do these three terms even have in common? Well, I must confess that the last one I’ve made up (or should I say “invented”?) recently – and I will explain it later. But the former two are, in fact, connected in more than one way. Although Generative AI has been with us for quite some time in various forms (remember deepfakes, for example?), Generative Pre-trained Transformers (GPT), the new-generation large language models, have literally taken the world by storm. After people saw what...
In Loving Memory of Vittorio Bertocci: A Guiding Light in the Digital ID Community
There are rare individuals who carve out spaces of brilliance wherever they tread. Vittorio Bertocci was one of those souls; a luminary whose impact resonated not only in the corridors of professional seminars but in the hearts of those fortunate to know him personally. Today, we mourn the loss of Vittorio, who, after a fierce battle with cancer, left a void that words alone cannot fill. The European Identity & Cloud Conference (EIC) was one of the many platforms where Vittorio shone brightly. With every keynote he delivered, his fervor for the Digital ID realm was palpable. He was...
Cloud Security Alphabet Soup
Organizations are exploiting cloud services to accelerate business changes without the need for capital expenditure or lengthy procurement delays to obtain hardware. However, the dynamic nature of cloud services creates new security challenges that need a dynamic approach to governance and security controls. In addition, the responsibilities for security and compliance are shared between the CSP (Cloud Service Providers) and the cloud customer and it is up to the customer to ensure that they use the cloud in a secure and compliant manner. On top of that, each cloud service...
The Ping/ForgeRock combination
Joining forces to compete against Microsoft and Okta A couple of months ago, the series of acquisitions of SailPoint, ForgeRock, and Ping Identity by Thoma Bravo triggered discussions and rumors about the impact on the broader Identity & Access Management (IAM) market. Recently, Thoma Bravo announced that ForgeRock would be combined into Ping Identity. Such merger & acquisition (M&A) developments prompt the spate of usual questions: What does this mean to customers of the two companies? What to expect strategically from the combined companies? Where are the...
Making Cybersecurity ‘Lagom’
In today's episode of the cyberfiles we talk to Patrick Shirazi, Enterprise Security Architect at Swedbank, who thinks cybersecurity needs to be balanced. In accordance with the Swedish concept of ‘Lagom’, cybersecurity should not be too strict and not too lenient. At cyberevolution, Patrick will give a session entitled " The Human Factor: Why people are the main key to cybersecurity " in which he will present several use cases to demonstrate why it is essential to consider the human factor in any organization’s cyber threat landscape.
1 2 3 4 5 6 7 Next