Latest news with #breaches
Wall Street Journal
03-07-2025
- Health
- Wall Street Journal
The Sky-High Cyber Risk in Healthcare: WSJ Readers Weigh In
Cybersecurity in healthcare is a big problem. So far this year, the U.S. Department of Health and Human Services is investigating 307 new breaches. With six months to go in 2025, the sector is on pace to top the 385 breach cases HHS opened during all of 2024.
Forbes
23-06-2025
- Business
- Forbes
Your Biggest Cybersecurity Risk Isn't Technology—It's People
Rick Hutchinson is the CTO at VikingCloud. He has 17-plus years of experience as an accomplished executive and visionary leader. The more you spend, the more secure you feel. That's the trap. Chief information security officers (CISOs) spend most of their time in meetings discussing what cyber tools will ensure security, from endpoint detection and AI monitoring to advanced threat intel and more. But here's the uncomfortable truth: CISOs believe their cyber perimeter is secure with technology, yet the real threat is walking through the front door. That's because the weakest link isn't in your tech stack; it's your people. Human error causes 95% of breaches. What's worse? Most cyber incidents result from preventable employee mistakes, like clicking malicious links, reusing credentials, selecting weak passwords and mishandling sensitive data. Despite all the tech, people remain your most common (and most costly) security gap. As cyberattacks grow in frequency and intensity, that gap only gets riskier. Your organization needs a culture reset. Here's how to get started. Not All Human Risk Is Accidental Yes, human error is the leading cause of breaches. But there's a quieter, more concerning risk to your organization's security posture: intentional silence. 40% of cybersecurity professionals admit they've underreported incidents to avoid job-related fallout. That silence isn't carelessness—it's culture. When teams are stretched thin, reporting lines blur. When the same people setting the security protocols are also responsible for reporting incidents, objectivity breaks down. Add alert fatigue and organizations are left with blind spots hidden behind dashboards. Sixty-three of security teams spend over 208 hours a year chasing false positives, and one in three professionals say real threats get missed because of it. These visibility challenges create an inaccurate picture of cyber risk, and awareness of vulnerabilities grows dimmer the closer you get to the corner office. According to research from my company, VikingCloud, while 74% of C-suite cyber leaders rate their security posture as strong, only 29% of frontline managers agree. Worse, just 13% of C-level executives believe underreporting happens compared to 58% of managers who know it does. And here's the kicker: The next time you ask for additional budget to invest in the latest cyber tech for your fortress, you may get denied, all because the C-suite shares this false sense of security. Culture: Your First Line Of Defense If people don't feel safe reporting issues—or don't see themselves as part of the defense—your risk surface stays wide open. Cybersecurity strategy needs a culture shift alongside tech advancements. Here are the top five requirements for a culture reset action plan. Cybersecurity training isn't a one-time event or a box to check. Employees need regular, engaging education to stay sharp against evolving threats. Teach them to spot phishing attempts, protect credentials and understand how their actions impact the organization's overall risk profile. Gamified training, real-world simulations and tabletop exercises don't just engage teams—they expose weak links before the attacker does, helping identify employees who may need extra support. Think of it as stress-testing the human firewall before the inevitable occurs. Fear creates silence, and silence breeds risk. If employees worry about punishment, they won't report quickly—or at all. Build reporting channels that are confidential, clear and supportive. Be sure to reward transparency and respond constructively as well. A non-punitive environment where quick reporting is encouraged and supported is key. When people feel safe to speak up, small issues stay small. Cybersecurity doesn't belong solely to IT. It belongs to the entire organization, from interns to the CEO. Executives must lead by example, modeling secure behavior and keeping security a visible, ongoing priority. Closing the communication gap between the front lines and the C-suite is also critical. When leaders get real-time, unfiltered feedback from the front lines, they make better decisions and deploy smarter resources. For example, Microsoft's Secure Future Initiative (SFI) underscores the impact of leadership in transforming security culture. By integrating security objectives into employee performance reviews and dedicating substantial resources to cybersecurity, Microsoft set a precedent for leadership-driven security enhancement. Even your best-trained employees will miss something. That's where your tech fortress comes into play. By developing a strategy for implementing AI-powered tools, you can better detect anomalies, block phishing attempts and flag risky behavior in real time. When people and technology work together, security outcomes improve dramatically. Threats evolve, which means defenses should too. Revisit policies often, stress-test response plans and keep people informed about new risks and best practices. Cybersecurity isn't static—it's a muscle built over time. When Culture Clicks, Security Works Security-first cultures respond faster, report earlier, fall for fewer phishing attempts and earn more trust from stakeholders. But this isn't a culture that can be bought; you have to build it. This starts by recognizing that cybersecurity isn't just a tech issue—it's a people issue. So stop relying on tech tools alone. Empower your people, normalize reporting and make security a shared responsibility. Because the next breach likely won't come from a sophisticated hack. It'll come from silence. Change the culture before it costs you. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Associated Press
19-06-2025
- Sport
- Associated Press
Man City fined more than $1 million for repeatedly delaying Premier League kickoff times
Manchester City was fined more than one million pounds ($1.35 million) by the Premier League on Thursday for repeatedly delaying kickoff times 'without good reason' last season. City, managed by Pep Guardiola, admitted to nine breaches of league rules related to kickoffs and re-starts after halftime and has apologized. The most dominant team in English soccer over the past decade was handed fines for each breach, amounting to 1.08 million pounds ($1.45 million). The biggest individual fine was 210,000 pounds ($283,000) for a delay of 2 minutes, 22 seconds at the start of the second half against Ipswich on Jan. 19. 'Rules relating to kickoffs and re-starts help ensure the organization of the competition is set at the highest possible professional standard and provides certainty to fans and participating clubs,' the Premier League said in a statement. 'It also ensures the broadcast of every Premier League match is kept to schedule.' City, currently in the U.S. for the Club World Cup, delayed kickoffs for the start of both halves in a match against Manchester United in December. The start of the second half was delayed 2 minutes, 24 seconds — the longest of all the breaches. Last year, City was fined 2.09 million pounds ($2.8 million) for 22 breaches of the same rule over the previous two seasons. City is still waiting on the outcome of a hearing into more than 100 charges of alleged financial breaches over a nine-year period. The hearing began in September last year after charges were made in February 2023. ___ James Robson is at ___ AP soccer:
Forbes
18-06-2025
- Business
- Forbes
Multiplayer AI: The New Operating Model For Identity Security
Dr. John Pritchard is the Chief Product Officer at Radiant Logic, responsible for the company's global product vision. AI-powered deepfakes and credential attacks are rewriting the rules of cyber risk, with identity-related breaches now costing organizations an average of $4.45 million per incident and accounting for over 70% of successful attacks on enterprise infrastructure and supply chains. Despite record investments in detection and response, breaches keep making headlines. Why? I call this the identity security paradox: More technology doesn't equal protection, especially if tools—and the people and AI agents using them—don't work together. Identity is the primary attack surface in the enterprise. Most organizations built their identity security stack on a traditional combination of IAM, IGA and PAM, but the rapid proliferation of cloud apps, machine identities and AI agents outpace these traditional controls. The result? Siloed data, unmanaged privileged accounts and hidden nonhuman identities—each a potential attack vector. Gartner finds that 65% of organizations still lack IAM maturity, weighed down by technical debt and fragmented architectures. Point solutions deployed to 'fix' audit findings or compliance gaps create more complexity, not less. Attackers exploit these seams, moving laterally between systems and identities that aren't monitored holistically. CISA's Silentshield Red Team Assessment demonstrated that decentralized teams and poor communication allowed adversaries to persist undetected, even when individual groups spotted anomalies. The lesson is clear: Solo efforts—whether a lone expert, an isolated AI agent or a disconnected tool—cannot keep pace with adversaries who are increasingly agile, automated and collaborative. To close these gaps, interoperability must become the standard for tools and the people and AI agents using them. Interoperability means more than connecting dashboards or sharing alerts. It's about ensuring that identity security posture management (ISPM) and identity threat detection and response (ITDR) systems share data, context and workflows in real time, across both human and machine identities. Gartner recommends a 'system of systems' approach, built on identity fabric principles, to support zero trust and intelligent automation. This means breaking down technical and organizational silos so prevention and detection teams operate from a unified, continuously updated single source of truth for identity data—a concept Gartner identifies as foundational for modern identity security. This trusted, authoritative data layer enables faster, more accurate decisions and ensures that every team acts on the same intelligence. When ISPM and ITDR interoperate, and when human and AI teammates collaborate based on shared reference points, blind spots shrink and attackers have fewer seams to exploit. I call the next evolution in identity security: multiplayer AI—intelligent systems designed to amplify human capabilities through enhanced teamwork. Gartner predicts by 2027, 90% of successful AI implementations in cybersecurity will focus on tactical task automation and process augmentation, not full autonomy or staff replacement. Multiplayer AI enables human and AI collaboration, breaking down silos and bridging gaps between prevention and detection. AI excels at analyzing vast datasets, detecting patterns humans miss and automating repetitive processes. Critical decisions, like determining whether anomalies are a threat or false positives, still require human judgment and contextual understanding. Studies show organizations using collaborative AI models—human decisions based on AI recommendations—see faster response times, fewer security incidents and improved resilience. The key is not just technology, but teamwork: AI handles the heavy lift of data processing and pattern recognition, while humans provide creativity, ethical oversight and business context. Thankfully, the industry is moving quickly. With the meteoric rise of agentic AI, open standards like Model Context Protocol (MCP) and Agent2Agent (A2A) are enabling AI agents from different vendors, clouds and frameworks to communicate, share context and coordinate tasks securely. Technology partners including OpenAI, Microsoft and Google are already adopting these protocols, breaking down silos that limit automation's impact. For business leaders, agentic AI means specialized agents for threat detection, access management, compliance and user behavior analytics can now form ad hoc teams-automating complex workflows and adapt to new threats. By 2028, Gartner forecasts multiagent AI will account for 70% of threat detection and response implementations, primarily to augment—not replace—staff. Early adopters will see measurable results: Leveraging agent-to-agent collaboration is predicted to cut attacker dwell time in compromised environments by up to 50%, while accelerating response and reducing operational risk. When humans and AI work together, identity security becomes faster, smarter and more resilient. 1. Establish an interoperability baseline. Audit ISPM and ITDR tools for data sharing and workflow integration across human and machine identities. Ensure architectures support agent-to-agent interoperability using open standards like MCP and A2A, so specialized agents can collaborate and automate cross-vendor workflows. Set quarterly targets to reduce IAM tool integration gaps. 2. Pilot tactical AI augmentation. Start with a focused, data-driven use case, such as automated privilege review or anomaly detection. Track improvement in response time and risk reduction. 3. Build AI literacy and human oversight. Train teams on both the benefits and limits of AI, including where human verification is required in critical workflows. 4. Continuously review identity hygiene. Use AI-driven discovery to identify unused or risky accounts, but require human validation before making changes. Aim to reduce privileged account sprawl and remediate orphaned accounts as they are detected. 5. Measure what matters. Track outcome-driven metrics such as percentage reduction in excessive permissions, improvement in MFA deployment rates and decreased incident response times. For example, reducing excessive permissions by 20% and increasing MFA coverage to 95% of privileged accounts within one year. The next breach won't be stopped by just another dashboard or a new AI agent. Organizations that have achieved true interoperability across tools, teams and AI will be able to respond more accurately to security issues. Multiplayer AI and agent-to-agent collaboration will lead the blueprints for resilience in the age of AI turbulence. Start by assessing your current environment for interoperability gaps, unify your tools and teams and empower your people with AI that amplifies—not replaces—their expertise. In the high-stakes game of identity security, victory belongs to those who play as a team. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
BBC News
03-06-2025
- Business
- BBC News
EFL charges Sheffield Wednesday over payment delays
Sheffield Wednesday have been charged by the English Football League with multiple breaches of its regulations relating to payment Dejphon Chansiri has also been charged with "causing the club to be in breach of EFL Regulations despite his commitment to fund their cash requirements".The charges relate to the club failing to pay players' wages on time and in full in both March and May this club and Chansiri have 14 days to respond to the charges.
