CISO Insights: Voices in Cybersecurity

The global fraud landscape is currently at a turning point known as the Sophistication Shift, where high-volume, "low-effort" scams are being replaced by fewer, sharper, and far more damaging attacks engineered with professionalized precision. Fraudsters have successfully industrialized deception by leveraging a "fraud production ecosystem" that pairs generative AI and deepfakes with autonomous fraud agents and telemetry tampering to bypass traditional verification systems. To counter these advanced networks, institutions are transitioning from static, document-based checks toward continuous, behavioral-driven assurance and unified compliance workbenches.   www.scamwatchhq.com/identity-fraud-report-2025-2026-key-insights-and-analysis   Sponsor: www.scamwatchhq.com www.cisomarketplace.com     

Jurisdictions worldwide are developing AI governance policies that range from comprehensive "hard law" mandates like the EU’s AI Act to voluntary "soft law" frameworks favored by Singapore and the United Kingdom. While these approaches differ in legal enforceability and centralization, they coincide on core principles such as risk-based management and the establishment of dedicated safety institutes. The series also examines how existing privacy and intellectual property statutes serve as foundational baselines, driving new transparency requirements and shaping the legal environment through high-profile litigation like New York Times v. OpenAI www.compliancehub.wiki/global-ai-governance-comparative-analysis-of-legal-and-policy-frameworks   S...

This podcast explores how African nations have transitioned from fragmented sectoral protections to comprehensive, rights-based data frameworks inspired by global standards like the EU GDPR. We delve into the pivotal role of regional instruments like the Malabo Convention and the rise of "enforcement maturity," where increasingly confident regulators are now holding both global tech giants and government departments accountable. Finally, we examine the strategic shift toward continental enforcement norms, AI governance, and the institutionalization of regulator-to-regulator learning to secure Africa's rapidly evolving digital economy.  www.compliancehub.wiki/african-data-protection-frameworks-evolution-regulation-and-regional-convergence   Sponsors:  https://globalcompliancemap.com...

This podcast explores the "decisive role" Swedish businesses play in national resilience, ensuring that vital societal functions like energy, food distribution, and telecommunications continue to operate during armed conflict or severe crisis. We examine how companies prepare for the "two-week" continuity goal by mapping critical dependencies, implementing systematic cybersecurity measures—such as offline data backups—and training staff to recognize and resist malign information influence. Finally, the series details how public authorities and private enterprises coordinate through a "public-private collaboration" framework to manage complex threats, supply chain disruptions, and the mobilization of personnel for total defence duty.   <p...

Organizations today are struggling with a rapidly growing system of overlapping European frameworks, such as NIS2, DORA, and the GDPR, which often results in duplication of work and high administrative burdens. By adopting a Harmonised Security Management System (HSMS) and the Layered Framework Control Fabric (L-FCF), these entities can implement a "meta-compliance" strategy where a single set of controls meets multiple legal and normative requirements simultaneously. This shift from "island solutions" to an integrated model significantly reduces audit overload while strengthening operational cyber resilience through a coordinated, organisation-wide management cycle.   Sponsors: https://www.c...

We explore the rapid paradigm shift from passive chatbots to autonomous "agentic" AI, where new standards like the Model Context Protocol (MCP) grant systems the power to execute code and access sensitive files. Drawing on a massive empirical study of over 31,000 agent skills and real-world espionage campaigns like GTG-1002, we expose how attackers leverage "tool poisoning" and indirect prompt injection to hijack these agents for data exfiltration. Finally, we unpack essential defense strategies, including the NIST AI Risk Management Framework and the new OWASP Top 10 for Agentic Applications, to help organizations close the dangerous "consent gap" between user permissions...

Join us as we analyze the 2026 data protection landscape, where a stabilization in aggregate GDPR fines contrasts with a sharp 22% increase in breach notifications fueled by geopolitical tensions. We discuss how the EU's proposed "Digital Omnibus" aims to streamline the complex "Digital Decade" regulations, even as authorities ramp up enforcement against AI systems like Replika and scrutinize "consent or pay" models. The episode concludes by examining the widening gap between the EU’s focus on personal liability and the UK’s shift toward a pro-innovation, "less is best" regulatory environment following the Data (Use and Access) Act 2025. DLA...

The European Commission has introduced the "Digital Omnibus," a sweeping legislative package designed to streamline digital rules like the GDPR and AI Act to reduce administrative burdens and foster innovation. However, privacy experts warn that shifting to a subjective definition of "personal data" and creating broad commercial exemptions for "scientific research" could severely undermine fundamental rights and generate significant legal uncertainty. We analyze the clash between the Commission's promise of €5 billion in compliance savings and the potential erosion of data protection enforcement across Europe. www.compliancehub.wiki/analysis-of-the-proposed-digital-omnibus-regulation   Sponsors: www.compliancehub.wik...

The 2025 CSA and Google Cloud survey reveals a widening gap between the "haves" and "have-nots" of AI readiness, identifying formal governance as the critical "maturity multiplier" that allows organizations to innovate faster while staying secure. Contrary to historical trends where security functions lagged behind new technology, security teams have emerged as early adopters, with over 90% actively testing or planning to use AI for critical tasks like threat detection and red teaming. As enterprises navigate complex multi-model strategies and vendor consolidation, the report emphasizes that operationalizing policies today is the only way to avoid "shadow AI" and successfully transition from...

As AI agents move from experimental pilots to production via the Model Context Protocol (MCP), they introduce a fundamental architectural shift where Large Language Models sit at the center of security-critical decisions. This episode unpacks the Coalition for Secure AI’s comprehensive framework, exploring twelve core threat categories that range from novel vectors like tool poisoning and shadow servers to the "confused deputy" problem. Tune in to learn why traditional perimeter defenses are insufficient and how to implement defense-in-depth strategies, including cryptographic identity propagation, hardware-based isolation, and zero-trust validation for AI outputs https://cisomarketplace.com/blog/ai-agent-security-crisis-mcp-vulnerabilities...

This episode explores the Department of War's strategic pivot to "Agentic Warfare," where proactive AI systems evolve from passive tools into digital staff officers capable of executing complex workflows rather than just generating text. We discuss how commanders are shifting from "in the loop" controllers to "on the loop" mission directors, overseeing a "planning multiverse" that runs millions of simulations to "self-heal" operational plans in real time. Finally, we examine the critical race for "decision advantage," arguing that the ability to out-think adversaries with "force guided by foresight" has replaced mass as the primary mechanism of modern deterrence. <...

This series explores the Cyber Threat Intelligence Capability Maturity Model (CTI-CMM), a stakeholder-first framework designed to help intelligence programs support the specific decisions and actions of those protecting the organization. We guide listeners through the model’s eleven distinct domains and the cyclical five-step implementation process—Prepare, Assess, Plan, Deploy, and Measure—to transition teams from reactive, ad hoc practices to standardized, predictive operations. By analyzing specific use cases and maturity indicators, we demonstrate how to evolve metrics from simply counting effort to quantifying systemic impact and business value. www.breached.company/briefing-the-cyber-threat-intelligence-capability-maturity-model-cti-cmm   Sponsor...

Transnational cybercrime has evolved into a globally distributed ecosystem where identity is now "synthetic, scalable and weaponizable" due to the proliferation of deepfakes and camera injection tools targeted at digital verification systems. To counter this, the Cybercrime Atlas fosters global collaboration to map criminal infrastructure and identify technical "choke points," a strategy validated by the Serengeti operations which resulted in thousands of arrests and the seizure of $140 million in criminal funds. Simultaneously, experts recommend that institutions implement multi-layered defenses—such as trusted camera source controls and active liveness checks—to harden Know Your Customer (KYC) processes against the democratized thre...

This episode explores the newly drafted Cyber AI Profile, a guide designed by the National Institute of Standards and Technology (NIST) to help organizations manage the complex intersection of artificial intelligence and cybersecurity. We break down the three primary focus areas—Secure, Defend, and Thwart—which provide a structured approach to protecting AI system components, leveraging AI for defensive operations, and building resilience against AI-powered threats. Listeners will learn how this Profile integrates with the existing NIST Cybersecurity Framework (CSF) 2.0 to offer prioritized outcomes and considerations for organizations at any stage of their AI journey.   Spons...

The International Monetary Fund (IMF) actively strengthens the global financial system by evaluating national cyber frameworks through the Financial Sector Assessment Program (FSAP) and providing demand-driven Technical Assistance to address increasingly sophisticated threats. Effective regulation requires a delicate balance between principles-based flexibility and prescriptive rules, while ensuring that supervisory intensity is proportionate to an institution's size and systemic importance. However, because the financial sector is an interconnected chain, regulators must ensure that even small institutions maintain a baseline of security to prevent them from becoming the "weakest link" that triggers a systemic crisis. www.securitycareers.help/good-practices-in-cyber-risk-regulation-and-supervision<...

This episode examines how Artificial Intelligence and quantum computing have transitioned from frontier concepts to systemic forces that are fundamentally reshaping geostrategic competition and the nature of modern warfare. We investigate the critical milestone of "Q-Day," the point where the deployment of Shor's algorithm threatens to collapse the cryptographic foundations of digital trust, alongside the risks of automated military escalation driven by AI. Lastly, we explore the potential for a "quantum arms race" and the widening "quantum divide" that could leave entire regions behind in a new, bifurcated global order. www.breached.company/global-risks-report-2026-key-insights-and-analysis  </p...

This podcast explores why 2025 marked a watershed moment where counting compromised records proved to be an inadequate measure of a cyberattack's true devastation. We delve into the "cyber shockwaves" of 2025, ranging from the UK’s first officially confirmed ransomware-related death to the £1.9 billion economic hit that crippled national car production and threatened over 100,000 supply chain jobs. Finally, we examine an emerging five-dimension framework that redefines cybersecurity as a global ESG and human safety issue, focusing on operational disruption and societal harm rather than just data volume. www.breached.company/beyond-the-numbers-the-2025-data-breach-landscape   Sponsors: ww...

The Cyber-as-a-Service (CaaS) model has fundamentally reshaped the threat landscape by lowering technical barriers, allowing individuals with minimal expertise to conduct complex operations like ransomware or phishing. Thriving in marketplaces that mimic legitimate e-commerce sites, specialized "initial access brokers" act as digital key makers, selling persistent entry points to other criminals in a professionalized supply chain. This modular ecosystem is highly resilient to disruption, as actors frequently rebrand their services and state-sponsored adversaries leverage these tools to target critical infrastructure globally. www.breached.company/national-cyber-threat-assessment-2025-2026-key-insights www.breached.company/beyond-the-numbers-the-2025-data-breach-landscape   <p...

This episode explores the transition into the "Intelligence Supercycle," where organizations are deploying security AI and automation to identify data breaches 80 days faster and mitigate nearly $1.9 million in potential losses per incident. We delve into the shifting global regulatory landscape, highlighting how aggressive enforcement in the U.S., Canada, and the EU is introducing personal executive liability and mandatory cybersecurity audits that are fundamentally reshaping international business operations. Special focus is placed on the cannabis industry's "perfect storm," examining how federal rescheduling in the U.S. and clinical pivots in Thailand are forcing a rapid move toward blockchain-enabled traceability...

This episode explores how leaders worldwide are adapting to evolving cyber risks, drawing on survey responses from over 800 executives across more than 90 countries. We discuss the acceleration of the cyber arms race, examining how artificial intelligence is simultaneously strengthening defense systems while enabling faster and more sophisticated attacks. With 94% of leaders citing AI as the most significant driver of change in 2026, we break down why the vast majority identify AI-related vulnerabilities as the fastest-growing cyber risk.   Sponsors: www.generatepolicy.com www.cyberpolicy.shop