{"id":191962,"date":"2026-03-02T04:01:00","date_gmt":"2026-03-02T09:01:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/02\/cisos-cant-protect-what-they-cant-see\/"},"modified":"2026-03-02T04:25:09","modified_gmt":"2026-03-02T09:25:09","slug":"cisos-cant-protect-what-they-cant-see","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/02\/cisos-cant-protect-what-they-cant-see\/","title":{"rendered":"CISOs Can\u2019t Protect What They Can\u2019t See"},"content":{"rendered":"<p><a href=\"https:\/\/www.pymnts.com\/cybersecurity\/2026\/mastercards-gerber-says-cisos-cant-protect-what-they-cant-see\/\">CISOs Can\u2019t Protect What They Can\u2019t See<\/a><\/p>\n<p><a href=\"https:\/\/www.pymnts.com\/cybersecurity\/2026\/mastercards-gerber-says-cisos-cant-protect-what-they-cant-see\/\">https:\/\/www.pymnts.com\/cybersecurity\/2026\/mastercards-gerber-says-cisos-cant-protect-what-they-cant-see\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-02 04:01:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.pymnts.com\">www.pymnts.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. In cybersecurity, visibility has always been a prerequisite for control.<\/p>\n<p>Today, the scale and stakes of what organizations can no longer see are approaching a tipping point.<br \/>\nThe result is not simply greater complexity, but a growing inability for organizations to identify where their own infrastructure begins and ends.<br \/>\n\u201cIf you think about the blind spots very often for companies, it\u2019s very hard to figure out exactly their digital footprint in the modern age,\u201d Johan Gerber, executive vice president of security solutions at Mastercard, told PYMNTS. \u201cAnd if CISOs can\u2019t see these things, they can\u2019t protect [their organizations].\u201d<br \/>\nThe modern company no longer operates inside a perimeter; it exists as an ecosystem. Today\u2019s applications frequently run simultaneously across hyperscale cloud providers, edge networks and services that may never pass through a central IT ledger.<br \/>\nThe shift has created a dangerous mismatch between how businesses think they operate and where their technology actually lives.Advertisement: Scroll to Continue <\/p>\n<p>The emerging alternative is exposure management. Rather than treating every vulnerability as equal, the emphasis shifts to determining which weaknesses are likely to be exploited and therefore demand immediate attention.<br \/>\n\u201cWe\u2019re moving from vulnerability management to exposure management,\u201d Gerber said. \u201cNow I can truly say I\u2019ve got 40 vulnerabilities, 10 of them are acute because we can see them being attacked in other places in the industry. That means my exposure is X.\u201d<br \/>\nRisk, in other words, has become contextual, dynamic and tied to adversary behavior. Cyberthreats are no longer tied only to static software defects that require teams to patch them before attackers can move in.<br \/>\nBreaking Down Security Silos<br \/>\nSecurity teams are also confronting the structural problem of years of accumulated tools that rarely share context. Many organizations operate dozens of specialized products, each producing its own stream of alerts.<br \/>\nGerber added that practitioners refer to the resulting inefficiency as the \u201cswivel chair\u201d problem, where analysts move from one dashboard to another without a unified picture.<br \/>\nAt the same time, resources remain constrained.<br \/>\n\u201cOne of the biggest problems that every CISO faces is, \u2018I have limited resources. I\u2019ve got more vulnerabilities and exposures than I know how to deal with,\u2019\u201d Gerber said.<br \/>\nA more consolidated approach begins with mapping the attack surface by identifying where systems are exposed to the internet, and then layering threat intelligence to understand which weaknesses are being actively exploited. Protection is applied not as a separate activity, but within the infrastructure through which traffic already flows.<br \/>\n\u201cWhat we want to do is not only understand where exposure vulnerabilities are, but how to now protect them,\u201d Gerber said.<br \/>\nAgainst this backdrop, automation, particularly when embedded into the infrastructure through which traffic already flows, can change the security equation. Instead of requiring organizations to deploy and manage yet another tool, protection can occur directly within the connective tissue of the internet, so long as it isn\u2019t held up by walled gardens and organizational silos.<br \/>\nContinuous Posture<br \/>\nContinuous measurement is becoming central to this emerging model of enterprise fraud prevention. Through posture management, organizations can assess their external security profile at regular intervals instead of relying on periodic audits, Gerber said.<\/p>\n<p>    We\u2019d love to be your preferred source for news.<br \/>\nPlease add us to your preferred sources list so our news, data and interviews show up in your feed. Thanks!<\/p>\n<p>\u201cEvery 10 days, we assess your cyber posture from the outside in,\u201d he said.<br \/>\nThese evaluations analyze how systems communicate with the public internet, revealing dependencies, software versions and configuration weaknesses.<br \/>\nThe result is longitudinal insight.<br \/>\n\u201cYou can actually get a trend line, \u2018Am I going up, down or sideways?\u2019\u201d Gerber said.<br \/>\nArtificial intelligence is accelerating the threat environment and the defensive response. Automated systems can now conduct threat-hunting exercises continuously, identifying malicious signatures more frequently than human teams could manage alone.<br \/>\nHowever, Gerber cautioned against assuming automation will replace human judgment.<br \/>\n\u201cThe human in the loop, at least for now, is still a very, very important concept,\u201d he said, reflecting the need for interpretation and accountability even as machines handle scale.<br \/>\nRisk Facing Small Businesses<br \/>\nSmall to medium-sized businesses (SMBs) represent a substantial share of economic activity, yet they often lack dedicated security expertise.<br \/>\nFor these organizations, complexity itself is the principal barrier. Security must therefore be delivered as an embedded service, not an additional operational burden.<br \/>\n\u201cEverybody wants more protection, but they all fear the complexity of it,\u201d Gerber said. \u201cSmall businesses represent more than half of the world\u2019s GDP. If that sector gets attacked at scale, it could have a negative impact on the economy.\u201d<br \/>\nThe concern is not a single catastrophic incident but a distributed wave of automated intrusions hitting thousands of organizations simultaneously.<br \/>\n\u201cCyber events are economic events,\u201d Gerber said, adding that incidents can idle not only a targeted company, but also the ecosystem of suppliers and service providers that depend on it.<br \/>\nTo counter that possibility, defenses must also operate at scale. The goal, Gerber said, is \u201cto provide that protection for \u2026 small businesses \u2026 literally at the click of a button.\u201d<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISOs Can\u2019t Protect What They Can\u2019t See https:\/\/www.pymnts.com\/cybersecurity\/2026\/mastercards-gerber-says-cisos-cant-protect-what-they-cant-see\/ Publish Date: 2026-03-02 04:01:00 Source Domain: www.pymnts.com&#8230;<\/p>\n","protected":false},"author":1,"featured_media":191963,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.pymnts.com\/wp-content\/uploads\/2026\/03\/cybersecurity-walls-1.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[20,24,27],"class_list":["post-191962","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-artificial-intelligence","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/191962"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=191962"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/191962\/revisions"}],"predecessor-version":[{"id":191964,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/191962\/revisions\/191964"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/191963"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=191962"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=191962"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=191962"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}