Birkin bag smashes auction records at $8.2 million
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Entrepreneur
2 hours ago
- Entrepreneur
The Security Strategy You Need in Today's Digital Workplace
It's time to rethink security through an internal lens. Here's how to secure your business without slowing innovation. Opinions expressed by Entrepreneur contributors are their own. For well over a decade, organizations have been grappling with the security, privacy and compliance challenges brought by an increasingly complex digital workplace. The continued rise of decentralized teams, artificial intelligence (AI)-driven tools and the ever-growing stack of "Software as a Service" (SaaS) applications is only exacerbating the problem, and many leaders are still struggling to get the visibility they need. It's no longer enough to only consider the threat of outside attacks; in today's efficiency-driven environment, modern security must also account for real-time application access, Shadow IT and employee behavior. Especially now, it's mission-critical for business leaders to rethink security through an internal lens. Related: 50 Things You Need To Know To Optimize Your Company's Approach to Data Privacy and Cybersecurity Productivity's hidden trade-off Amid the rapid pace of the modern work environment, employees experience constant pressure to do more with less. Still, tighter timelines and fewer resources don't equal lower expectations from management. When deadlines loom and workloads pile up, workers aren't waiting for IT approval. They're finding the tools that they believe will quickly solve problems and drive business themselves. That's why SaaS platforms, rising in demand thanks to AI's rapid adoption, have become the go-to solution for modern teams. According to Gartner, global spending on AI software is projected to reach $297.9 billion by 2027. This surge reflects widespread adoption across all business functions as employees increasingly rely on project management apps, file-sharing services and generative AI assistants that promise speed, simplicity and results. The good news? Many of these tools deliver. But these unsanctioned applications are creeping into your business workflows, becoming privy to your data without ever touching your IT department's radar. This unauthorized adoption of third-party tools is becoming a defining feature of the modern workplace. According to Verizon's 2025 Data Breach Investigations Report, 15% of employees admit to using corporate devices to access generative AI platforms, streamlining workflows and boosting output, but also expanding your organization's attack surface right under your nose. In this situation, ignorance is not bliss. Without visibility into what tools your employees are using, you're not just risking data breaches; you're operating completely in the dark. Using visibility to drive security Security isn't just about firewalls and antivirus software anymore. It's also about visibility, and right now, most leaders don't have it. Verizon notes in its report that, from 2024 to 2025, breaches involving third parties doubled from 15% to 30%. That's not just a trend; that's a dire warning. In a world where productivity often trumps policy, it's hard to bring the iron fist down on driven employees who are just trying to do more with less (trust me, I understand). Luckily, you don't have to. Related: 4 Things Your Employees Are Doing Right Now That Are Compromising Your Network Rewrite the rules with empowerment in mind When I think of SaaS sprawl, the first thing that comes to mind is Acceptable Use Policies (AUPs) — the guiding document in your company for all things access. While you might be tempted to lay down the law, rethinking your company's AUP can't be guided by fear. Instead, you have to rewrite the rules in a way that provides both security and the much-needed speed to enable productivity. With this delicate topic in mind, I remember feeling frustrated. I knew the danger SaaS sprawl posed — not just to security, but also to our favorable legal, reputational, and compliance standing — but how was I supposed to make my employees care? In the end, I knew my company had to customize our AUP to meet the needs of our workforce. To craft effective policies, it's important to: Acknowledge good intentions: It's understandable that most employees are using SaaS tools to do their jobs better, which is more admirable than malicious. Let that idea shine in your AUP to foster a sense of trust and transparency. Avoid scare tactics: Instead of cracking down on unfettered SaaS usage, make it clear that you're open to two-way dialogue and constructive compromises. Lay out a clearly defined process that enables access to innovative applications while also making sure that security controls are followed. Redirection over restriction: Outright bans on productivity tools like AI are unrealistic. Not only will your employees find workarounds, but they'll remember your cruel response when they were just trying to be better workers. If a tool or application needs to be off-limits, suggest a more secure alternative whenever possible. Make it a team effort: Today, security isn't just IT's job. Employees thrive when they are made to feel important; now is their moment of glory. Trust your employees and use your AUP to empower them to be part of the solution. Speak their language: Legal jargon doesn't help anyone but a lawyer. Encourage the use of plain language wherever possible to create an AUP that's easy to understand and easy to follow. Call out common pitfalls: If you know of a risky tool that is frequently used, it's better to name it than hope workers read between the lines. Don't let popularity create confusion, which can lead to costly mistakes. There's a tool for that While updating your AUP is a step in the right direction, you might be asking: "How do I make sure these new policies are working?" That's why SaaS monitoring platforms exist to give you the visibility you need. While features vary depending on which platform you use, these tools offer real-time insights into employee app usage, flag suspicious activity and help enforce access controls. SaaS monitoring platforms also reveal which tools your employees actually rely on daily, helping you streamline subscriptions and refine policies. Related: The Role of Leadership in Creating a Cybersecurity Culture — How to Foster Awareness and Accountability Across the Organization Security and innovation can coexist While SaaS and AI may look like enemies, what business leaders really need to tackle is secrecy around the use of these tools. The real risk lies in what you don't see. As leaders, we need to help our employees stop thinking of security as an impediment to innovation and instead see it as a potential foundation for it. By increasing visibility across the organization, embracing greater transparency, rewriting the rules and investing in the right tools, we can protect what matters most without slowing down what's next.
Fast Company
9 hours ago
- Fast Company
The rise of the CTO in the age of ‘business unusual'
Years ago, I spent a lot of time making the case for why IT mattered in large enterprises. It's fair to say the landscape has changed—dramatically. Where I once had to argue for IT's strategic importance, I now find myself doing the opposite—pushing back on the exuberant view that technology alone can fix everything from poorly designed processes to unclear roles and responsibilities. After decades of serving as essential—but often background—enablers of enterprise strategy, technologists and our alphabet soup of leadership titles (CIOs, CDTOs, CDOs, CTOs) are now at the center of business transformation. In more than 30 years in this industry, I've never witnessed IT play such a central role in shaping business dynamics. With the tailwind of generative AI and automated code completion, technology teams are now leading what can only be described as 'business as unusual'—creating previously unimaginable products, services, business models, customer and partner relationships, and employee experiences. Today, tech strategy is business strategy. The Great Unbundling Begins The traditional way we think about enterprise software is being upended. Suddenly, it's both cool and affordable to build genuinely useful things. For decades, CIOs were forced to manage constant trade-offs: lower total cost of ownership versus future-proofing, slick user interfaces versus seamless integration, best-of-breed solutions versus end-to-end platforms, on-premises versus cloud. The market subsequently converged to the point where most companies now run virtually identical application stacks. And yet, despite spending tens of millions on carefully crafted user interfaces, most employees still dislike using the enterprise software we provide. They use it because they must, not because they want to. At their core, most enterprise software platforms aren't so different from the Excel spreadsheets my brother uses to run his small business—they just come with multimillion-dollar interfaces layered on top. Whether it's HR systems, data platforms, or CRMs, the underlying logic often mirrors the same basic workflows and decision trees. What sets them apart isn't complexity—it's scale, integration capability, and the stakes involved. To put it more bluntly, all of us are spending enormous sums on the equivalent of a car that boasts luxury exterior finishes but moves you along with the horsepower of a Yugo GV. Regardless of how nice the outside looks, the engine is what actually delivers impact and value. The AI-Powered Reconstruction The emergence of agentic AI is fundamentally disrupting how we evaluate enterprise software as an industry. With novel AI frameworks like Model Context Protocol (MCP) and Agent-to-Agent (ATA) protocols, we're starting to see a future where user interfaces can be disaggregated from the underlying data itself. If AI-based tool calling delivers on its promise, there's no reason someone shouldn't be able to change an address, retrieve a paystub, modify a customer order, reset a password, or increase a purchase order—all from the same pane of glass or GenAI prompt bar. The ability to design this unified interface finally enables meaningful IT differentiation among companies. Until now, enterprise customers had no choice but to purchase software for virtually everything because developing and maintaining applications with exceptional UI, robust databases, and enterprise-grade security was prohibitively costly. With AI, the economics have shifted dramatically—the cost of building something uniquely tailored to our business is plummeting as software learns to write, maintain, and improve itself. In my field, every pharmaceutical company has historically relied on the same suite of enterprise applications, making differentiation nearly impossible. This raises a fundamental question, especially at this moment of accelerating AI innovation: Should we continue purchasing the costly applications everyone else uses, or should we start building solutions that give us an edge? AI First By adopting an AI-first approach, my company has developed an enterprise software catalog that outperforms—and costs less than—anything available for purchase, solving the age-old challenge of data discovery across our corporate systems. Throughout our organization, even in processes far removed from laboratory work, we're starting to see how bespoke tools without traditional user interfaces can execute tasks in seconds that previously required 30+ minutes across multiple systems, accelerating how we discover and develop lifesaving medicines. I'm not suggesting companies should build custom ERP systems or replace every piece of software. Rather, AI and agentic frameworks give us the freedom to assess where real value is being created—which is typically closer to the end user. We can now selectively build applications that directly improve our competitive advantage while continuing to rely on proven solutions for core operational functions. The Tech Is Changing, and So Is the Talent With this newfound ability to build transformative solutions, the domain of configuring software, while still crucial, remains a necessary but insufficient skill set. The way we think about talent is fundamentally changing. By becoming more comfortable building technology—not just buying or configuring it—my organization has doubled in size while significantly reducing its cost to the company. We're still hungry for more people with the right skills. Fortunately, we're seeing the next generation of undergraduate and graduate programs blend AI, computer and life sciences, and computational drug discovery and development. The twin torrent of advances in AI and biomedicine is creating rewarding career paths for emerging tech talent—offering purpose, future-shaping potential, and the opportunity to make a uniquely human impact. It's a uniquely exciting time to be a technologist in life sciences. In five years, the work we do to benefit patients—the applications and software we create to speed the discovery and delivery of new medicines—will be almost unrecognizable. While change at this pace brings inevitable turbulence, it also expands the role of tech leaders from enablers to architects of enterprise strategy.
Forbes
10 hours ago
- Forbes
Why Hybrid Cloud Security Is A Top CISO Priority For 2025
Jonathan Fischbein is the Chief Information Security Officer at Check Point Software Technologies. Cloud infrastructure has become the backbone of modern IT frameworks, playing a critical role in supporting services ranging from email and data storage to application hosting and DevOps. As organizations continue to accelerate their adoption of cloud technology to streamline operations and drive business efficiency; they may also be exposing themselves to an expanding array of security risks and vulnerabilities. The rise of hybrid cloud environments—where companies utilize a mix of private and public clouds—has only compounded these security risks. According to research by my company, Check Point, security risks from hybrid cloud deployments pose a unique set of challenges for cybersecurity professionals. From vulnerabilities related to administration and misconfigurations to challenges in threat detection and prevention, global CISOs must become more vigilant in their treatment of hybrid environments. The Complexity Of Cloud Administration As organizations expand their cloud footprint to take advantage of cost, performance and geographic efficiencies, they must now monitor for issues across a more diverse and disconnected cloud ecosystem. With each new cloud service provider comes a new potential threat surface and an opportunity for administrative oversight. Navigating this ever-expanding landscape is no easy task, especially when administrators are tasked with managing myriad configurations and settings to ensure the security of their environments. One of the most challenging aspects of cloud security is the management of non-human identities (NHIs), such as service accounts, API keys and built-in user accounts. These entities are critical to the functionality of cloud systems but can often be misconfigured or inadequately secured, providing easy points of entry for attackers. One example occurred in January 2024, when the advanced nation-state threat group Midnight Blizzard exploited a misconfigured OAuth application in Microsoft's Azure environment. This vulnerability allowed attackers to pivot from testing environments to production, accessing sensitive systems and even internal emails from top Microsoft executives. In India, a misconfigured S3 bucket exposed over 500GB of sensitive personal and biometric data, including information from military personnel, while other major corporations also experienced breaches due to misconfigured cloud storage containers. The Hazards Of Hybrid Environments Many organizations use identity and access management (IAM) solutions to integrate and streamline user authentication across both cloud and on-premises systems. While this integration provides seamless user experiences, it also creates potential pathways for lateral movement by attackers. Why is this so important? Once attackers compromise an on-premises network, they can pivot into cloud environments through various vectors, including hybrid user accounts and cloud connectors. In 2024, an attack like this occurred when the financially motivated threat actor Storm-0501 launched a series of multi-stage attacks against hybrid cloud environments. These attacks allowed the actor to deploy backdoor accounts, spread ransomware and infiltrate sensitive systems across the network. Securing Single Sign-On Accounts Single sign-on (SSO) systems have become a popular method for managing authentication across cloud and on-premises applications. However, as organizations increasingly rely on third-party SSO providers, cybercriminals have shifted more focus to exploiting these services. Credential stuffing and brute-force attacks are common tactics used to compromise SSO accounts, making them prime targets for advanced persistent threat (APT) groups. This highlights a critical concern: the reliance on third-party SSO providers for security can be risky, especially if their own security practices are not up to par. Without comprehensive visibility into log data and account activity, organizations may struggle to detect and respond to security incidents in a timely manner. The Emergence Of AI-Driven Threats As cloud providers integrate more advanced technologies into their offerings, one of the most significant emerging threats comes from generative AI. Cloud services now provide the infrastructure to build, train and deploy custom large language models (LLMs), enabling companies to create tailored AI solutions for their specific business needs. These models can integrate proprietary data, offering better control over sensitive information and ensuring privacy. However, as AI becomes more accessible, threat actors are finding new ways to exploit these technologies. One of the newest threats is a form of cloud hijacking known as LLM-jacking. In this attack, malicious actors compromise cloud accounts to take control of existing hosted LLM models or deploy their own. Once in control, attackers can resell access to these models or exploit them for malicious purposes. For example, one group used an LLM proxy to resell access to the model, while others leveraged jailbreaks to create and sell uncensored chatbot characters. This trend isn't just hypothetical. Threat groups have been caught using ChatGPT to generate advanced tools and research vulnerabilities. There is also now growing evidence that threat actors may pivot to private LLM instances to gain better operational security, using cloud-based AI for more sophisticated, harder-to-detect attacks. Hybrid Cloud Visibility And Protection Have Become Mission-Critical The cloud's attack surface is growing exponentially as businesses continue to leverage its capabilities for operational efficiency. Protecting these environments requires staying ahead of evolving threats, securing both cloud and hybrid infrastructures, and continuously refining security practices. The key to mitigating cloud vulnerabilities lies in understanding the technology's evolving nature and taking proactive measures to safeguard sensitive data and systems. Of course, in the AI era, a prevention-first security strategy means organizations must leverage AI solutions to drive real-time detection and response and consolidate security operations. Most importantly, security must be a primary business goal. Building modern cyber resilience requires a robust zero trust strategy, automated threat and misconfiguration management, agile and comprehensive data protection and more. Organizations must prioritize the investments and tactics that will help them build the cybersecurity foundation they need. By staying ahead of the curve, businesses can defend against the next generation of cloud-based cyberattacks. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
