DataBreachToday.com

CISA Staff Told to Prepare for Cuts and Crowded Work Locations Amid Growing Turmoil
Top officials at the nation's cyber defense agency want to give President Donald Trump's pick to lead the agency time to assess major restructuring plans - a move that is reportedly delaying the timeline for reductions in force while causing growing concerns for job stability among staffers.

Retailer Continues to Recover From Ransomware Incident
British retailer Marks & Spencer was reportedly targeted by financial crime group Scattered Spider, who deployed ransomware on the company's VMware ESXi server. The retailer continues to recover from a cyber incident that disrupted operations in its online and offline stores.

Palo Alto Networks' Nikesh Arora: Browser Security Will Surpass EDR in Importance
As enterprises rush to deploy AI across operations, Palo Alto Networks is securing models and agents through its platform approach and recent acquisitions. CEO Nikesh Arora predicts browser security will outpaceEDR as a foundational requirement.

Zscaler's Jay Chaudhry on Visibility and Policy Enforcement to Secure AI Usage
Organizations face significant risks when employees use public AI tools without governance, but security platforms can provide visibility, policy controls and data protection to safeguard sensitive information from unauthorized exposure, said Jay Chaudhry, founder, chairman and CEO, Zscaler.

Sightline Security's Kelley Misata on Why Myths Hinder Real Security Progress
Nonprofit organizations are often labeled as low-risk when it comes to cybersecurity, but that perspective misses the diversity and importance of these organizations, said Kelley Misata, founder and CEO, Sightline Security, and president, the Open Information Security Foundation.

Quick Recovery Plans Needed As Nation-State Groups Target Critical Infrastructure
Nation state threats have been outpacing defense for decades, adapting and evolving much faster. Now they're also changing motivations, from information gathering and seeking economic advantage to apparently pre-positioning to cause disruption in a future hybrid war, said Rubrik's Travis Rosiek.

Also, Nike Sued Over Shutdown of NFT Subsidiary
This week, KiloEX compensation after Oracle exploit, Nike sued over NFT shutdown, SEC dropped probe into PayPal PYUSD, Long Island man sentenced for crypto fraud, Americans lost billions to crypto scams, Loopscale exploiter agreed to return stolen funds and bank regulators softened stance on crypto.

Panel Explores AI Innovation, Geopolitical Tensions and Cybersecurity Leadership
ISMG editors share insights from Day 3 of RSAC Conference 2025, unpacking nagging AI security challenges, evolving CISO roles, operational technology protection and the impact of geopolitical tensions on global cybersecurity collaboration.

Practical Tips for Surviving Conference Networking
Conferences are a prime opportunity to meet new people, exchange ideas and build relationships but for those of us who are introverts, the prospect of networking in large crowds can be overwhelming and exhausting.

Experts From Stibo Systems, Sitation on Tapping Into MDM and Predictive Analytics
Manufacturers want to digitally transform to tap into the latest artificial intelligence tools, but they're saddled with decades-old equipment that was not designed to easily share data with other systems. But there's hope, said James Van Pelt, manufacturing practice lead at Stibo Systems.

Zero Trust Creator John Kindervag on Barriers to Security Success Beyond Tech
Growing executive engagement with zero trust signifies a change from technical discussions to strategic business focus. Boards now view cybersecurity as fundamental to operations and seek solutions beyond products, said John Kindervag, creator of zero trust and chief evangelist, Illumio.

HIPAA Protected Health Information Among Data Stolen in Nov. 2023 Attack
The City of Long Beach, Calif. is notifying nearly 260,000 individuals that their protected health information was potentially stolen in a November 2023 hack that also disrupted IT systems for several weeks. The city has added $1 million to its cybersecurity budget since the incident.

Salt Typhoon Exposed Major Flaws in Telecom Networks. Few Changes Have Been Made
After China's Salt Typhoon breach of U.S. telecom networks, federal experts told Congress on Wednesday the nation remains dangerously exposed to another attack - despite warnings, investigations and interagency coordination, all of which have yet to produce systemic cyber defense improvements.

Panel Discusses Views on Cryptocurrency, OT Security and Data Sovereignty
ISMG editors share highlights from Day 2 of the RSAC Conference 2025 in San Francisco, including insights from the cryptographers' panel, operational technology security awareness at the board level, and the growing focus on securing both public and private AI models.

Although the National Institutes of Health appears to have scaled back plans to build a national registry to track individuals with autism, the agency's research project still poses critical data privacy concerns, said Ariana Aboulafia and Andrew Crawford of the Center for Democracy and Technology.

'Providers Must Urgently Reprioritize Security," Writes Patrick Opet
Banking giant JPMorgan Chase called on software as a service providers to improve cybersecurity practices in an open letter accusing them of "quietly enabling cyberattackers." An attack "on one major SaaS or PaaS provider can immediately ripple through its customers," wrote CISO Patrick Opet.

Capitol Meridian Partners' Razi on Smarter AI Use, Strong Leadership and Diversity
Many AI models prioritize speed over security, exposing organizations to significant risks. Niloofar Razi, operating partner at Capitol Meridian Partners, stressed the need for companies to evaluate models carefully before adoption.