“Identity is the new perimeter” had its moment. But as cloud-native environments and distributed teams become the norm, this mantra is starting to show its age. The risks tied to static, identity-based access are now too big to ignore, and no one sees that more clearly than security vendors themselves.

SASE has transformed how organizations approach secure networking, uniting security and connectivity into a single, cloud-delivered model. As one of the original architects of SASE (along with Neil MacDonald), I was invited at ONUG Dallas to reflect on the state of SASE and what we might have missed in our original research.

Managing the security gap between your technical defenses and user behavior just got easier! Introducing KnowBe4 SecurityCoach for Microsoft Edge for Business integration. As one of the only human risk management platforms with a native reporting connector in Microsoft Edge for Business, SecurityCoach now transforms your browser into a real-time coaching platform.

‍ ‍Risk managers have long used registers to keep track of and manage the threats their organizations face, and, as cyber risk emerged in the 21st century as one of the core market concerns, cybersecurity leaders, too, started to harness these tools to structure and prioritize their cyber-related exposure. However, while risk registers offer a starting point for this process, many have not evolved beyond their early design, remaining static qualitative inventories.

Compliance effort often comes from manual spreadsheets, one-off audits, and error-prone documentation processes. Requirements like PCI DSS 6.4.3 (script inventory and justification) and 11.6.1 (tamper detection and alerts) demand continuous monitoring — something legacy tools and manual processes struggle to provide. Legacy CSP and manual reviews are inadequate against modern threats such as Magecart attacks and dynamic script injections, increasing risk and operational cost.

Content is core to business operations, and AI is reshaping how teams engage with it. From intelligent summarization and advanced analysis to automated organization, AI streamlines workflows and accelerates decision-making across the enterprise. However, the value of AI-driven capabilities depends on one critical factor: the quality of the input prompt. Well-crafted prompts guide AI to deliver accurate, relevant, and actionable responses.

As cyber threats continue to grow in complexity and frequency, organizations must evolve their response strategies. The year 2025 demands a modern, proactive, and layered approach to dealing with cyber incidents. Whether it’s a ransomware attack, data breach, or insider threat, cyber incident response in 2025 must focus on preparation, swift action, and continuous learning.

In a stark reminder of the increasing risk to software supply chains, freelance talent platform Toptal is the latest high-profile organization impacted by a compromise of a GitHub account that led to the deployment of malicious npm packages with the capability to wipe developer machines and steal passwords. The breach, first disclosed last week, has shocked the developer community and exposed serious flaws in repository security, disclosure practices, and package ecosystem hygiene.