{"id":233047,"date":"2026-06-17T05:26:00","date_gmt":"2026-06-17T09:26:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/17\/what-are-cybersecuritys-biggest-blind-spots-intelligent-ciso\/"},"modified":"2026-06-17T05:26:00","modified_gmt":"2026-06-17T09:26:00","slug":"what-are-cybersecuritys-biggest-blind-spots-intelligent-ciso","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/17\/what-are-cybersecuritys-biggest-blind-spots-intelligent-ciso\/","title":{"rendered":"What are cybersecurity\u2019s biggest blind spots?\u00a0 \u2013 Intelligent CISO"},"content":{"rendered":"<p><a href=\"https:\/\/www.intelligentciso.com\/2026\/06\/17\/what-are-cybersecuritys-biggest-blind-spots\/\">What are cybersecurity\u2019s biggest blind spots?\u00a0 \u2013 Intelligent CISO<\/a><\/p>\n<p><a href=\"https:\/\/www.intelligentciso.com\/2026\/06\/17\/what-are-cybersecuritys-biggest-blind-spots\/\">https:\/\/www.intelligentciso.com\/2026\/06\/17\/what-are-cybersecuritys-biggest-blind-spots\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-17 05:26:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.intelligentciso.com\">www.intelligentciso.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>From compromised credentials and supply chain vulnerabilities to workforce fatigue, quantum threats and unsecured connected devices, organisations face an increasingly complex and unpredictable cybersecurity landscape. We asked five cybersecurity experts to share their views on the most overlooked cybersecurity risk facing organisations today. Their insights highlight a range of emerging and persistent threats that often receive less attention than they deserve, while underscoring why business leaders should be taking a closer look at these risks before they become major security incidents.<\/p>\n<p>Quentyn Taylor, Senior Director of Information Security at Canon EMEA:\u00a0<\/p>\n<p>The answer to this question is simpler than most expect \u2013 it\u2019s compromised credentials.\u00a0\u00a0<\/p>\n<p>Whilst there is significant anxiety about AI being weaponised to generate new exploits, in reality, this is quite uncommon. Most of the time, hackers aren\u2019t breaking down the door; they\u2019re simply walking in with a set of keys in their hands. These keys are credentials gathered from previous breaches, tested across platforms to see where the same password has been reused.\u00a0\u00a0<\/p>\n<p>A sophisticated software exploit might work 90% of the time, if it\u2019s a good one.\u00a0A password, on the other hand, works 100% of the time, especially if there is no multi-factor authentication (MFA) or anomalous login telemetry behind it. If you are using single-factor authentication and have reused that password on another website at any point in the past, you are running a significant risk.\u00a0\u00a0<\/p>\n<p>Businesses should also know that not all MFA is equal. SMS-based codes can be intercepted through SIM-swapping, and users can be socially engineered into surrendering codes in real time. For anything of real value, hardware tokens and passkeys are still the most robust options.\u00a0\u00a0<\/p>\n<p>This is a solvable problem.\u00a0\u00a0<\/p>\n<p>Moving beyond outdated practices like forced password updates, which often result in weaker options, and implementing robust MFA, passkeys and hardware tokens instead give businesses of any size a clear and actionable path to reducing their exposure.\u00a0<\/p>\n<p>Daz Preuss, Chief Operating Officer (UK) at\u00a0CybExer:\u00a0<\/p>\n<p>The most overlooked cybersecurity risk facing\u00a0organisations\u00a0today is human fatigue and psychological pressure within the workforce, particularly among security and IT teams.\u00a0<\/p>\n<p>While boardrooms fixate on threat intelligence, zero-days\u00a0and compliance frameworks, they consistently underestimate the human layer. Security professionals\u00a0operate\u00a0under relentless pressure \u2013 alert overload, 24\/7 incident response demands and fear of being the person who\u00a0\u2018missed something\u2019. That cognitive and emotional burden\u00a0doesn\u2019t just affect wellbeing; it directly degrades security outcomes.\u00a0<\/p>\n<p>Fatigued analysts miss alerts. Pressured employees cut corners on access controls. Staff afraid of accountability delay reporting incidents \u2013 sometimes\u00a0catastrophically so.\u00a0<\/p>\n<p>As technology advances, the attack surface widens, but the human nervous system\u00a0doesn\u2019t\u00a0scale with it. Automation and AI tools help, but they also introduce new complexity that staff must interpret and manage \u2013 often with inadequate training or support.\u00a0<\/p>\n<p>Business leaders tend to treat cybersecurity as a technology investment problem. It\u00a0isn\u2019t.\u00a0It\u2019s\u00a0equally a\u00a0people\u00a0resilience problem. Burnout,\u00a0fear\u00a0culture\u00a0and lack of psychological safety in security teams are as dangerous as an unpatched vulnerability.\u00a0<\/p>\n<p>The fix\u00a0isn\u2019t\u00a0just better\u00a0tools\u00a0\u2013\u00a0it\u2019s\u00a0better leadership, realistic workloads, blameless post-incident\u00a0cultures\u00a0and genuine investment in the humans defending the\u00a0organisation.\u00a0<\/p>\n<p>Daryl Flack, Partner at Avella Security:\u00a0<\/p>\n<p>The most overlooked cybersecurity risk facing\u00a0organisations\u00a0today is the emerging Quantum Computing threat to cryptographic systems and long-term data security.\u00a0<\/p>\n<p>Across industries, awareness of quantum risk\u00a0remains\u00a0patchy. While some sectors, particularly\u00a0critical\u00a0national infrastructure, are beginning to engage, many\u00a0organisations\u00a0are still at\u00a0a very early\u00a0stage of understanding what quantum capability means for their environments.\u00a0<\/p>\n<p>For decades, cryptography has been the quiet constant of digital infrastructure. That stability has created a false sense of security, an assumption that encryption\u00a0\u2018just works\u2019\u00a0or that it is a problem for the future.\u00a0<\/p>\n<p>The reality is more immediate. The greatest exposure lies in long-lived and confidential data: legal records, medical research, state\u00a0secrets\u00a0and sensitive corporate archives that must remain secure for decades. Adversaries are already pursuing\u00a0\u2018harvest now, decrypt later\u2019\u00a0strategies, exfiltrating encrypted data today with the expectation it can be unlocked when quantum capabilities mature.\u00a0<\/p>\n<p>The transition to quantum-safe cryptography\u00a0represents\u00a0a once-in-a-generation shift, and one that is deeply complex. Cryptography is embedded across applications, networks,\u00a0devices\u00a0and operational systems, often with limited visibility.\u00a0<\/p>\n<p>The UK\u2019s National Cyber Security Centre has set out a clear roadmap \u2013 discovery and planning by 2028, migration of priority systems by 2031 and full transition by 2035\u00a0\u2013 but\u00a0waiting is not\u00a0a viable\u00a0strategy.\u00a0<\/p>\n<p>Cynthia Overby, Director of Strategic Security Solutions,\u00a0zCOE\u00a0at Rocket Software:\u00a0<\/p>\n<p>Supply chain cybersecurity is all too often being overlooked by\u00a0organisations, as\u00a0evidenced\u00a0by a series of crippling cyberattacks in recent times. 2025 saw several high-profile retailers targeted by financially motivated ransomware groups, with\u00a0a number of\u00a0breaches happening in quick succession via the supply chain. This wave of attacks was able to hit so hard because it caught most businesses unprepared.\u00a0<\/p>\n<p>Indeed, a UK government survey on cybersecurity breaches from 2025 found that just over one in 10 businesses said they reviewed the risks posed by their immediate suppliers (14%) and fewer than one in\u00a010\u00a0were looking at their wider supply chain (7%).\u00a0<\/p>\n<p>Assessing and protecting the supply chain is a new challenge for most\u00a0organisations. IDC research revealed that only 61% of\u00a0organisations\u00a0classified as\u00a0\u2018IT\u00a0modernisation\u00a0experts\u2019\u00a0are actively planning how to address any potential infrastructure supply chain disruptions.\u00a0\u00a0<\/p>\n<p>In reality, protecting\u00a0the supply chain should be a top priority for all enterprises, regardless of the maturity of their IT environment.\u00a0Organisations\u00a0need policies and procedures to\u00a0identify, assess, onboard,\u00a0monitor\u00a0and offboard third-party suppliers\u00a0in order to\u00a0mitigate supply chain risk. Nothing should be allowed on the network, in an application or on a system, without it first being tested on a sandbox. Having these management processes in place enables CISOs to control their\u00a0organisation\u2019s\u00a0environment and cover those vulnerabilities that otherwise creep in through the cracks.\u00a0<\/p>\n<p>Gianfranco\u00a0Vinucci, COO\u00a0at\u00a0PCA Cyber Security:\u00a0<\/p>\n<p>One of the most overlooked cybersecurity risks\u00a0organisations\u00a0face\u00a0is the growing reliance on embedded and connected technologies that fall outside the scope of traditional IT security programs. In the financial services sector, this includes payment terminals, ATMs,\u00a0SoftPOS\/MPoC\u00a0solutions, authentication\u00a0devices\u00a0and the software supply chains that support them.\u00a0<\/p>\n<p>Many\u00a0organisations\u00a0assume these systems are secure because they have passed certification or compliance assessments. However,\u00a0certification only\u00a0represents\u00a0a singular point in time, while cyberthreats\u00a0evolve continuously. New vulnerabilities are discovered every day in operating systems, firmware, open-source\u00a0components\u00a0and third-party software. Without continuous visibility,\u00a0organisations\u00a0struggle to understand the potential impact of these vulnerabilities on their products and services\u00a0<\/p>\n<p>What makes this risk particularly significant is that embedded devices are often customer-facing. When a vulnerability is exploited, trust, brand reputation and\u00a0potentially\u00a0customer security are all on the line. Without continuous monitoring, underpinned by vulnerability intelligence and security testing,\u00a0organisations\u00a0can be the last to uncover security issues \u2013 and at risk of doing so too late.\u00a0<\/p>\n<p>The timing is particularly relevant as\u00a0organisations\u00a0prepare for the EU Cyber Resilience Act (CRA) coming into force. The regulation reflects a broader shift in cybersecurity expectations \u2013 from\u00a0demonstrating\u00a0compliance at static points in time to\u00a0maintaining\u00a0security throughout a product\u2019s lifecycle.\u00a0Organisations\u00a0that invest early in vulnerability intelligence, continuous monitoring, software\u00a0transparency\u00a0and product security validation will be far better positioned to reckon with the overlooked risk of embedded and connected dependencies and prosper.\u00a0<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What are cybersecurity\u2019s biggest blind spots?\u00a0 \u2013 Intelligent CISO https:\/\/www.intelligentciso.com\/2026\/06\/17\/what-are-cybersecuritys-biggest-blind-spots\/ Publish Date: 2026-06-17 05:26:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,28,31,27],"class_list":["post-233047","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-data-security","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233047"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=233047"}],"version-history":[{"count":0,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/233047\/revisions"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=233047"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=233047"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=233047"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}