The Data Access Gap Putting Financial Institutions at Risk Data access almost always grows faster than it shrinks. This is even more true for financial institutions as it is a tangible risk on both the security and the compliance side. New permissions are granted as people change roles, support projects, or onboard new systems. But […]
2026 Security Resolutions: Fewer Assumptions, More Evidence Security failures rarely come from missing controls. They come from assumptions that hardened into policy and stopped being questioned. Risk emerges from access and data decisions made over time, through role changes, project work, access sharing, temporary exceptions, and system evolution, that quietly persist long after their original […]
Five Metrics to Reduce Financial Data Risk Financial institutions run comprehensive security programs, regular audits, access reviews, and controls testing. Yet when board members or regulators ask whether data risk is moving in the right direction, the answer often requires more explanation than it should. The issue isn’t missing controls. It’s that most reporting focuses […]
AI Security Needs a Reality Check AI has already changed how people work. Staff can ask a tool to draft notes, check data, review documents, or answer questions they cannot solve on their own. It has made work faster and more flexible. But it also introduced a risk many organizations still overlook. AI can quietly […]
What the BBC Ransomware Attempt Reveals It started with a message that looked more like a bribe than a breach. In September 2025, BBC cyber correspondent Joe Tidy became the target of every CISO’s nightmare: a sophisticated insider recruitment attempt by the Medusa ransomware gang. What began as an encrypted message on Signal quickly escalated […]
Lessons from Microsoft’s CVE-2025-55241 In July 2025, organizations learned a harsh truth: even the most advanced identity systems can fail catastrophically when attackers forge tokens that look legitimate, turning trusted infrastructure into an open door. Microsoft’s Graph API vulnerability (CVE-2025-55241) wasn’t just another security flaw, it was a masterclass in how modern identity systems can […]
Less Is More: The Power of Just Enough Access (JEA) When Sarah moved from the finance team to marketing three years ago, no one thought to revoke her access to the company’s financial database. She was a trusted employee and it didn’t feel urgent. Last month, Sarah’s credentials were compromised in a phishing attack. […]
