The Top CISO Stories from Around the Web: June

From grappling with LLM hype to combating sophisticated cybercriminal groups and managing increased burnout, June’s CISO stories highlight critical industry insights and dig into emerging security trends.

1. LLMs hype versus reality: What CISOs should focus on

Source: CSO Online

As CISOs face FUD around LLMs hallucinations, MSAs, typosquatting, neural backdoors, and poisoned training data, the focus must shift to actionable fundamentals. Map enterprise AI usage, enforce robust data governance, and scan model files for serialization attacks. Treat AI as software with unique risk vectors, leveraging purpose-built tools and aligning security controls across BYOD, cloud, and foundation model deployments.

2. Insurance Company CISOs alert: Scattered Spider Cyber Criminals Turn to Insurance Companies as Next Targets

Source: Asisonline

Cybercrime group Scattered Spider (UNC3944) has pivoted from retail to target major U.S. insurance firms in a new wave of social engineering-led intrusions, according to Google’s Threat Intelligence Group. Using techniques like MFA bypass, phishing, and legitimate remote access tools, they breached companies like Aflac, Erie Indemnity, and Philadelphia Insurance, potentially exposing SSNs, claims data, and health records. Experts warn of rising AI-assisted human-layer attacks, prompting calls for zero trust, phishing-resistant MFA, and mobile-first security hardening.

3. CISO Burnout: How to Balance Leadership, Pressure and Sanity

Source: TechTarget

While burnout can affect anyone, it is increasingly common among CISOs due to escalating workloads and a rapidly evolving threat landscape that is difficult to manage. CISOs can avoid burnout with several approaches, including transparent business communication, joining a peer network, prioritizing automation, and setting priorities. Meanwhile, organizations can mitigate burnout by enhancing compensation and benefits, promoting work-life balance, and fostering open communication.

4. 8 Things CISOs Have Learned from Cyber Incidents

Source: CSO

A cyber incident is never just an isolated occurrence; it profoundly impacts a CISO's strategies for resilience, risk management, and even their personal well-being at work. Leading CISOs reveal the critical importance of sharing insights from actual incidents to enhance collective resilience, reduce the stigma associated with breaches, and support others who may encounter similar challenges.

5. FBI, CISA Warn Play Ransomware Targeting Critical Infrastructure with Evolving Techniques

Source: Cybersecurity Dive

The FBI and CISA have issued a warning about the Play ransomware gang, stating that the group has been using increasingly sophisticated methods to target U.S. critical infrastructure and other entities. The gang had compromised around 900 organizations across various countries since its emergence in June 2022. The new advisory updates the government’s original December 2023 warning about the group.