Inside the SMB Threat Landscape: AT&T’s Senthil Ramakrishnan on Why Small Businesses Are Cybercrime’s Favorite Target

Defining Trustworthy AI Before AI Scales Beyond Control

As enterprises move rapidly toward AI and agentic systems, questions around governance, trust, and accountability are becoming increasingly urgent. In this interview, Malcolm Harkins explores what trustworthy AI actually means, what organizations need to achieve it, and how existing cybersecurity and compliance frameworks are struggling to address the realities of AI model security. The discussion also examines the gaps emerging around governance, risk management, and accountability as organizations deploy increasingly autonomous systems.

Rethinking Security Awareness Through Human Risk Management

Traditional security awareness programs often struggle to create lasting behavioral change inside organizations. In this interview, Missy Bentzen discusses how Docusign approached security awareness and human risk management through its partnership with Hoxhunt. The conversation explores the organizational challenges the program was designed to address, the results that stood out most during implementation, and how leadership and employees responded to a more behavior-focused approach to cybersecurity education.

Why AI Is Forcing a Rethink of Data Security

Traditional security models were not designed for environments where AI systems continuously access, process, and learn from enterprise data. In this interview, Todd Moore explains why organizations are shifting toward more data-centric security strategies and what that change means in practice. The conversation explores unified data awareness, the growing importance of crypto-agility, and why organizations need to prepare now for both AI-driven risk and the coming realities of post-quantum security.

Security Blind Spots: What the Louvre Heist Reveals About Your Organization

What happens when the risks you ignore become the ones that hurt you most? In this episode of Cyber Sessions, Foundry’s Joan Goodchild is joined by Colin Zick, partner at Foley Hoag, to unpack two headline-making examples of security blind spots: The Louvre museum heist, including the now-infamous “Louvre” password The rise of AI note-takers inside sensitive corporate meetings Together, they explore how convenience, default settings, and overlooked fundamentals create security liabilities for organizations of every size. Colin explains why these incidents were predictable, preventable, and rooted in leadership decisions, culture gaps, and under-prioritized investments. What You’ll Learn in This Episode: - Why attackers always target your slowest control - How “kicking the can down the road” creates cumulative security failures - The cost of treating security as a “cost center” instead of loss prevention - Why AI note-takers are a litigation and confidentiality minefield How management blind spots—not technology—cause the biggest breaches Practical guidance on MFA adoption, accountability, and security culture How to redesign processes for hybrid/remote work so nothing “falls through the cracks” If you’re a CISO, CSO, security leader, or IT decision maker, this episode delivers actionable lessons on strengthening organizational resilience before the next attack. Like, comment, and subscribe for future episodes of Cyber Sessions, where we break down the technologies, trends, and threats shaping today’s security landscape. Follow CSO for more Business IT and Web Security News!

How Intelligence and AI Are Changing Cyber Defense | Erin Whitmore, Former CIA

What if you could stop cyberattacks before they happen? In this episode of Cyber Sessions, host Joan Goodchild sits down with Erin Whitmore, former CIA case officer and current Head of The Cipher division at Cynturion Group, to discuss how her team uses intelligence and AI to anticipate and prevent attacks before adversaries strike. Whitmore reveals how proactive cybersecurity is blending human intuition, artificial intelligence, and offensive tactics to predict threats — while balancing the line between privacy and protection.