CISO on Digitaliziran si

EU Cybersecurity Package and NIS2: What InfoSec Professionals Need to Know

Tue, 10 Feb 2026 09:00:00 +0000

As someone tracking EU regulatory developments alongside ISO compliance and cryptography standards, the revised Network and Information Security Directive (NIS2) represents the most comprehensive update to European cybersecurity requirements since the original 2016 directive. What makes this particularly relevant for InfoSec professionals is the explicit integration of post-quantum cryptography timelines into regulatory frameworks - a recognition that the threat landscape is evolving faster than many organizations realize.

Understanding the NIS2 Reforms

The revised NIS2 directive aims to clarify scope, enhance legal certainty, and promote EU-wide standards across 18 critical sectors. The reforms address three areas that will directly impact operational security:

The AI Security Crisis You Can't Ignore: Why Simon Willison's 'Lethal Trifecta' Demands Immediate Action

Wed, 27 Aug 2025 07:26:05 +0000

Are your AI systems creating a perfect storm for data theft? Security researcher Simon Willison’s recent analysis reveals a chilling reality: AI agents combining three specific capabilities create what he calls the “lethal trifecta” – a combination so dangerous that attackers can easily trick systems into accessing private data and sending it directly to them.

The Three Components That Spell Disaster

Willison identifies three seemingly innocent AI capabilities that, when combined, become a security nightmare:

AI Safety vs. Security: The Critical Distinction Your Organization Can't Afford to Ignore

Tue, 26 Aug 2025 10:21:05 +0000

Are you treating AI safety and AI security as the same thing? If so, your organization might be missing critical vulnerabilities that could compromise both your operations and compliance posture.

The Dangerous Misconception

While many languages use the same word for both concepts, the OECD emphasizes that AI safety and security are distinct yet interconnected domains that require different approaches and frameworks. This distinction isn’t just academic - it has real implications for how you protect your organization.

EU Data Act Countdown: 30 Days Left to Comply – Is Your Business Ready for September 12?

Thu, 14 Aug 2025 07:13:04 +0000

Are you prepared for the most significant data regulation since GDPR? With just 30 days remaining until the EU Data Act becomes applicable on September 12, 2025, companies across Europe are scrambling to understand requirements that will fundamentally reshape how they handle connected device data.

Note: The EU Data Act entered into force on January 11, 2024, giving companies nearly two years to prepare. However, its obligations only become legally enforceable starting September 12, 2025.

Post-Quantum Cryptography: Why the Threat is Already Here

Mon, 04 Aug 2025 10:55:00 +0000

A Practical Guide for InfoSec Professionals and Auditors

As someone working daily with ISO standards and AI governance frameworks, I’ve been closely following NIST’s post-quantum cryptography (PQC) standardization process. What I’ve discovered should concern every InfoSec professional: the threat to our current encryption isn’t waiting for some hypothetical quantum computer. It’s already growing in GPU farms around the world.

In this guide, I’ll break down what you need to know about post-quantum cryptography without the complex mathematics. More importantly, I’ll explain why this matters for your organization today, not in some distant quantum future.

Your AI Guardrails Just Got Outsmarted by Emojis: The Semantic Prompt Injection Crisis

Sun, 03 Aug 2025 09:17:44 +0000

Are your AI systems as secure as you think? Recent research from NVIDIA’s AI Red Team reveals a concerning reality: attackers can now bypass some AI guardrails using something as simple as emoji sequences and visual symbols.

The Invisible Threat in Plain Sight

Semantic prompt injections represent an emerging frontier in adversarial attacks against AI systems. Unlike traditional prompt injections that rely on text manipulation, these attacks use symbolic visual inputs - emoji-like sequences, rebus puzzles, and other visual representations - to potentially compromise agentic AI systems while evading some detection methods.

Amazon's AI Assistant Nearly Wiped Developer Systems for 5 Days – Are Your Access Controls Ready?

Tue, 29 Jul 2025 19:14:46 +0000

Picture this scenario: You’re working late, relying on your trusted AI coding assistant to help debug a critical application. Unknown to you, that same assistant has been compromised and is quietly preparing to execute commands that could wipe your entire development environment – both local files and cloud infrastructure.

This isn’t a hypothetical nightmare. It actually happened to Amazon Q Developer Extension users for five consecutive days, and the implications should make every Chief Information Security Officer (CISO) reassess their AI integration strategies immediately.

Your AI Procurement Strategy Could Be Your Biggest Compliance Risk: What Financial Services Must Know

Tue, 01 Jul 2025 15:15:00 +0000

Are you rushing to procure AI solutions for your financial services firm without considering the legal minefield you’re entering? While competitors scramble to deploy the latest AI tools, smart institutions are discovering that procurement strategy - not just implementation - determines compliance success.

Most financial institutions approach AI procurement like any other technology purchase. This is a critical mistake. Unlike traditional software, AI systems in financial services must navigate an intricate web of regulations including the General Data Protection Regulation (GDPR) - the EU’s comprehensive data privacy law that governs how personal information must be handled - Digital Operational Resilience Act (DORA) - a new EU regulation requiring financial institutions to strengthen their digital resilience against cyber threats - and emerging AI-specific legislation like the EU AI Act.

MCP's Hidden Security Crisis: Why Your AI Automation Strategy Needs an Urgent Reality Check

Tue, 24 Jun 2025 16:33:37 +0000

Are you rushing to implement Model Context Protocol (MCP) for your AI automation workflows? Before you do, consider this sobering reality: MCP may be creating more security vulnerabilities than it solves.

The Promise vs. The Reality

MCP promises seamless integration between Large Language Models (LLMs) and third-party tools, positioning itself as the standard for AI-driven automation. Companies are adopting it to streamline workflows, reduce manual processes, and give AI agents unprecedented control over business operations.

DORA First: Why Financial Institutions Must Prioritize AI Readiness Before 2027

Mon, 23 Jun 2025 09:50:48 +0000

Are you prepared for the regulatory storm heading toward financial services? While your competitors scramble to understand the EU AI Act, smart institutions are taking a “DORA first” approach - and it might be the difference between thriving and merely surviving the 2027 compliance deadline.

The Perfect Storm: When DORA Meets AI Act

The Digital Operational Resilience Act (DORA), which became applicable on January 17, 2025, has already transformed how financial institutions manage ICT risk (Information and Communication Technology risks that could compromise network and information systems). Now, with the EU AI Act’s full enforcement approaching August 2, 2027, institutions face an unprecedented convergence of regulatory requirements.

Are Your AI Embeddings as Secure as You Think?

Thu, 12 Jun 2025 15:49:06 +0000

Are you confident that your organization’s AI embeddings are protecting sensitive information? A groundbreaking new research paper reveals a troubling reality: what you thought was secure data representation might be an open book to determined attackers.

What are AI embeddings? For readers new to this concept, embeddings are numerical representations that convert complex data like text, images, or audio into mathematical vectors that AI systems can process. Think of them as a way to translate human-readable information into a language that machines understand.

Cloud-based software testing for 200€/employee

Tue, 10 Jun 2025 12:54:00 +0000

Are you testing new HR software in your organization? A landmark ruling by Germany’s Federal Labour Court (Bundesarbeitsgericht) should make you pause and reconsider your approach. The court awarded €200 in damages to an employee whose personal data was improperly transferred during cloud-based HR software testing - and this decision could reshape how companies handle employee data across Europe.

The Case That Changes Everything

The case involved an employee whose personal data was transferred to Workday HR management software beyond the agreed limits of a concluded works agreement (a formal contract between employer and employee that defines terms and conditions of employment). What makes this ruling particularly significant is that the court confirmed that even limited misuse of employee data can trigger liability under the General Data Protection Regulation (GDPR).

CEOs as Data Protection Officers: The €5,000 Mistake Your Company Might Be Making

Fri, 23 May 2025 07:35:51 +0000

Is your CEO wearing too many hats? If one of those happens to be Data Protection Officer (DPO), your organization could be facing significant legal and compliance risks—as one company discovered after being hit with a €5,000 fine by Austria’s data protection authority (DSB).

The DSB penalized a company for appointing its managing director as its Data Protection Officer, highlighting a fundamental conflict of interest that violates core principles of the General Data Protection Regulation (GDPR).