BankInfoSecurity.com

Medtech Maker Is Still Recovering While Iranian Hackers Threaten More Attack Victims
As medtech maker Stryker continues working to restore global IT systems brought offline by a cyberattack last week, class action lawsuits against the company are piling up in federal court and the Iranian hackers claiming credit for the attack are warning of more assaults to come on other victims.

White House Cyber Strategy Urges Deeper Industry Partnership Without Defining Roles
The administration's cyber strategy pushes deeper public-private coordination and expanded threat visibility across critical infrastructure, but lacks specifics on operational roles, incentives and legal protections needed for industry to actively disrupt malicious activity.

CEO Says Added OEM Context Can Sharpen Industrial Cybersecurity and New Use Cases
Nozomi Networks CEO Edgard Capdevielle said Mitsubishi Electric's purchase gives the industrial cybersecurity firm richer OEM context to improve OT and IoT security and pursue adjacent use cases such as asset visibility, maintenance support and operational efficiency across critical infrastructure.

Datos Insights' Serpil Hall on Using Predictive AML Tools to Support Compliance
Instant payments are reshaping financial crime controls as speed and the irreversibility of transactions strain anti-money laundering compliance programs. While many assume real-time AML means faster processing, this approach can increase risk, said Serpil Hall, strategic advisor at Datos Insights.

Cancer research and treatment innovation - and the tech that powers that - requires a great deal of collaboration and data sharing among multiple parties. But keeping that sensitive information secure and private is crucial - and requires adherence to standards, said Baxter Lee of Clearwater.

Dell's AI Blueprint for Identity, Agents and Agentic Infrastructure
Going all-in on AI with a top down strategy and a ravenous appetite for innovation has helped Dell transform its operations and grow revenue by $30 billion, and the company's evolution lays out a blueprint for how CIOs should think about building infrastructure for AI and managing an army of agents.

Startup Native Targets Enterprise Policy-to-Architecture Gap Across Clouds
Startup Native emerged from stealth with $42 million to advance a proactive cloud security model that enforces policy-driven controls, helping enterprises manage AI-driven threats and maintain consistent protections across complex multi-cloud environments.

AI, Robotics Leaders Warn Chinese Robots Could Disrupt Sensitive Operations
Witnesses told a U.S. House Homeland Security panel that Chinese-developed AI robotics platforms could give Beijing new avenues for surveillance, disruption and physical harm across critical sectors, and urged restrictions on federal use as China expands its industrial dominance.

Chinese Hacking Firm iSoon and Iran's Emennet Pasargad Among Targets
The European Union sanctioned three Chinese and Iranian hacking operations that have been under U.S. indictments or sanctions for over a year - or, in one case, since 2019. The sanctions freeze assets and forbid EU citizens and companies from funding or otherwise doing business with the targets.

New York-Based Startup's AI Agents Analyze Asset Context to Fix Security Gaps
Surf AI launched an AI-driven platform designed to automate security hygiene tasks across enterprise environments. Backed by $57 million in funding, the company uses AI agents and contextual asset analysis to identify and remediate risks across identities, cloud assets and sensitive data.

State CIO Tim Galluzi on Identity Modernization, AI and Resident Services
The State of Nevada is accelerating its cybersecurity and digital modernization efforts after a major ransomware attack exposed the importance of resilience, workforce readiness and strong governance, said State CIO Tim Galluzi.

Individual Vulnerability Severity Not Always a Good Measure of Risk Exposure
A mainstay of IT security programs across the world, the Common Vulnerability Scoring System, may have terminal flaws when applied to the mirror universe of operational technology - a place where ordinary assumptions about risk don't apply.

Program Offers Up to $100K for Security Upgrades and $50K for Assessments
New York is rolling out new cybersecurity regulations for water and wastewater utilities, requiring operators to conduct risk assessments and deploy security controls while offering $2.5 million in grants to strengthen defenses against rising cyberthreats targeting critical infrastructure.

House Democrats Demand Probe Into Former CISA Head Gottumukkala Poly Failures
Five U.S. Democratic lawmakers called for an investigation into a series of escalating controversies surrounding Cybersecurity and Infrastructure Security Agency leadership, following allegations that ex-Acting Director Madhu Gottumukkala bypassed established intelligence protocols.

Rising Liability Risks Are Reshaping the CISO Role and Cybersecurity Leadership
As regulators pursue accountability after major breaches, CISOs face growing personal liability. This is changing how security leaders report risk, weakening security culture and making the role less attractive to experienced practitioners.

Real and intense financial pressures on rural and small healthcare clinics mandate making difficult decisions on allocating funds to cybersecurity, said Greg Sieg, CISO at the University of Michigan Regional Health Network. "The funding is just not there."

Attorneys can conduct security risks assessments under the color of client privilege, making it less likely to surface in discovery during litigation. But healthcare firms should consider the cons before they take that route, said attorney Adam Greene, partner at the law firm Davis Wright Tremaine.