Finding the right people to help with security is not the main problem facing companies today.

The real issue is that many leaders are not taking enough responsibility for their teams and their technology.

The problem of training and leadership

Some bosses say there are not enough skilled workers, but they often refuse to spend time teaching the people they already have.

A good leader should be like a teacher, helping new staff learn the ropes instead of just looking for a perfect person who already knows everything.

Hidden technical debt

When computer systems are not updated or fixed properly, they build up "technical debt" which makes the company less safe.

Leaders often ignore these small issues until they turn into big, expensive problems that are much harder to solve.

Finding the real why

When a mistake happens, many teams only look at the small error that caused it instead of asking why the whole system failed.

True accountability means keeping on asking "why" until the root of the problem is found and fixed for good.

Taking a new path

It is easier to blame the budget or a lack of talent, but the best leaders choose the hard work of building and protecting their teams.

Companies that focus on helping their people grow and fixing their old systems will be much stronger in the long run.

Fixing cybersecurity starts with leaders who are willing to own their mistakes and invest in the future of their workers.

Famous luxury brands like Dior and Louis Vuitton now have to pay millions of dollars in fines after their customer data was stolen.

South Korean officials decided to punish these companies because they did not do enough to protect the private information of their shoppers.

Fines for missing data

The government group in charge of privacy handed out a total fine of about 25 million dollars.

They found that the companies let hackers get into systems that hold names, addresses, and what people bought.

The problem with outside help

The data was taken through a system managed by Salesforce, which is a large company that helps other businesses stay organized.

Even though another company was hosting the data, the officials said the luxury brands are still the ones who must make sure it stays safe.

Rules for keeping secrets

In South Korea, companies must follow very strict laws about how they store and use information from people who live there.

The groups failed to check their systems often enough and did not have strong enough locks on their digital doors.

Learning from a big mistake

This move shows that governments are getting much more serious about holding big names responsible for digital safety.

If a company wants to sell expensive goods, they must also spend money to keep their customers' identities from being stolen.

The decision makes it clear that every business is responsible for its own data safety even when they pay someone else to store it.

Buying a modern SIEM or a sophisticated AI tool will not automatically transform a Security Operations Center (SOC). Many organizations make the mistake of layering expensive technology over broken, manual processes. Lyman argues that if your workflow is inefficient, AI will simply help you "do the wrong things faster." Success comes from fixing the process first, then choosing the tool that supports it.

The conversation explores the difference between a single, centralized SOC and a federated model. In a federated approach, sub-SOCs handle specific business units or regions, allowing for more specialized knowledge. However, this creates a challenge for data centralization. AI is changing this calculus by making it easier to analyze data where it lives (federation) rather than forcing everything into a single, massive, and expensive "data lake."

There is a common, dangerous belief that EDR (Endpoint Detection and Response) covers everything. Lyman points out that many business-critical events happen outside the endpoint—in the cloud, via APIs, or through network lateral movement. He highlights that useful telemetry is often excluded from security tools due to cost or complexity. Interestingly, he defends the continued use of Excel in security, noting that for small, rapid data manipulation, it remains a "fundamentally good way to interact with a database" that modern tools haven't fully replaced.

Instead of focusing purely on "Time to Detect," leaders should look at the "Quality of Resolution" and the efficiency of the feedback loop between detection and engineering teams. The goal of a modern SOC should be to act like an "immune system"—learning from every incident to prevent the next one, rather than just acting as a "fortress" that waits to be attacked.

The European Parliament has turned off built-in AI tools on work devices given to its staff.

This move comes after IT experts found that some features were sending private data to servers far away.

The problem with cloud processing

Many new AI tools, like writing helpers and text summarizers, don't just work on your phone or tablet.

They often send what you type to external "cloud" computers to get the job done.

IT leaders in Brussels say they cannot be sure that this data stays safe or private once it leaves the device.

Protecting sensitive work

The ban affects tools that help with writing, summarizing web pages, and talking to virtual assistants.

Lawmakers are also being told to be extra careful with their personal phones if they use them for work tasks.

They were asked to avoid letting AI tools scan their work emails or official papers.

A history of careful choices

This is not the first time the Parliament has put safety over new technology.

They previously banned the app TikTok and have been looking for ways to use less software from big foreign tech companies.

For now, the people running the European Union will stick to regular email and documents that do not use these built-in AI features.

The institution is still checking how much data is being shared to see if it can safely turn these tools back on later.

Hackers are using phone calls to trick workers into giving away access to their Microsoft office accounts.

This new trick bypasses normal security steps by using a feature meant for simple devices like smart printers.

How the trap works

A hacker calls an employee and pretends to be from the IT help desk.

The caller asks the worker to go to a real Microsoft website and type in a short code.

By entering this code, the worker accidentally gives the hacker a digital key to log in as them.

Bypassing the locks

Because the website is real, many security tools do not stop the person from going there.

The hackers use these digital keys to read emails and steal private company files.

Once they are inside the account, they can even change settings to stay there for a long time.

Staying safe from the scam

Companies should tell their staff that IT workers will never ask them to enter a device code over the phone.

It is also a good idea to turn off this code feature for people who do not really need it for their daily jobs.

Groups should watch for any new logins from strange places or devices they do not recognize.

These attacks show that hackers are getting better at using voice calls to beat even the strongest digital locks.

A medical group named ApolloMD recently told the government that over 600,000 people had their private information stolen by hackers.

The group provides doctors and office help to many hospitals, which means the data theft affected patients in 18 different states.

A large medical data theft

Hackers were able to get inside the company computer systems and stay there for several days.

They stole names, birthdays, and social security numbers, as well as private notes about health and medical bills.

The group behind the attack

A criminal gang called Qilin said they were the ones who took the data and tried to hold it for money.

They claimed to have taken a massive number of digital files including very personal health records from the hospital group.

Sending out letters to patients

ApolloMD is now sending letters to everyone whose information was taken to tell them what happened.

They are offering free help to watch for identity theft to make sure no one uses the stolen names to open bank accounts.

Working with the law

The company is working with police and experts to find out how the hackers got in and to make their systems harder to break.

They have already changed their security steps to try and stop this from happening to their patients again.

This event shows that even companies that help doctors must work very hard to keep patient secrets safe from online thieves.