The post-pandemic reality. Macroeconomic turbulence. Explosive technology innovations. Generational shifts in technological expectations. All these forces and more drive rapid, often confusing change in organizations large and small.\n\nWith every such change comes opportunity\u2013for bad actors looking to game the system. Cybersecurity cannot stand still, or the waves of innovation will overrun the shores.\n\nAdversaries continue to innovate. Keeping up\u2013and hopefully, staying ahead\u2013presents new challenges. Here is a short list of recent considerations for CIOs as they work with their teams to shore up their defenses.\n\nMultifactor authentication fatigue and biometrics shortcomings\n\nMultifactor authentication (MFA) is a popular technique for strengthening the security around logins. With MFA, the website or application will send a text message or push notification to the user with a code to enter along with their password.\n\nMFA fatigue or \u2018push phishing\u2019 is a popular hack that targets MFA by repeatedly sending the user superfluous, malicious MFA notifications in hopes they inadvertently accept one or simply click to stop the annoying flood of messages.\n\nIn other cases, MFA includes a biometric step\u2013reading a fingerprint, scanning a face, and the like. Users appreciate the convenience of biometrics, but they have their flaws as well. \n\nSometimes they simply don\u2019t work, perhaps due to a change in contact lenses or a new tattoo. Any spy thriller aficionado will also know it\u2019s possible to \u2018steal\u2019 someone\u2019s fingerprint or facial image\u2013and once an individual's biometric is compromised, there\u2019s no way to change it the way we change passwords.\n\nSecurity implications of ChatGPT and its ilk\n\nChatGPT and other generative AI technologies have taken the world by storm, but the combination of their sudden popularity and a general lack of understanding of how they work is a recipe for disaster.\n\nIn reality, generative AI presents a number of new and transformed risks to the organization. For example, ChatGPT is eerily proficient at writing phishing emails\u2013well-targeted at particular individuals and free from typos.\n\nA second, more pernicious risk is the fact that ChatGPT can write malware. Sometimes the malware has errors, but with simple repetition the hacker can generate multiple working versions of the code. Such polymorphic malware is particularly hard to detect, because it may be different from one attack to another.\n\nSecuring the software supply chain\n\nThe Log4j vulnerability that reared its ugly head in late 2021 showed a bright light on the problem of software supply chain security.\n\nMost commercial enterprise software products and nearly all open-source ones depend upon numerous software packages and libraries. Many of these libraries are themselves open-source and depend upon other libraries in a complex network of opaque interdependencies.\n\nSome of these components have professional teams that test and maintain them, releasing security patches as needed. Other open-source components are the result of some lone developer\u2019s moonlighting activities from years past. \n\nFor each open-source component in your entire IT infrastructure, which are the well-maintained ones, and which are the forgotten work of hobbyists? And how do you tell?\n\nGetting ahead of the ransomware gangs\n\nRansomware is big business for the criminal gangs who have figured out how to capitalize on it. The malware itself is easy to buy on the Dark Web. In fact, there\u2019s a veritable bazaar of ransomware variations, as hackers maneuver to create the most pernicious version.\n\nFrom the enterprise side, the ransomware problem is multifaceted and dynamic. The malware itself continues to evolve, as do the criminal strategies of the perpetrators. \n\nThe most familiar strategy\u2013encrypting files on servers and then demanding a ransom for the decryption key\u2013is but one approach among many. Other attackers steal data and threaten to release it to the public. Another angle is to target the victim\u2019s backups.\n\nNo list of strategies and techniques does the ransomware problem justice, as the bad guys continue to innovate. CIOs and CISOs must remain eternally vigilant.\n\nManaging costs while supporting digital transformation\n\nThe Covid pandemic accelerated many digital transformation initiatives as executives struggled to meet the suddenly changing needs of both customers and employees.\n\nToday, economic challenges generate digital transformation headwinds as the needs of customers and employees change once again to address post-pandemic realities.\n\nCybersecurity budgets are typically caught between these two forces. Given the importance of meeting customer needs on limited resources, how important is cybersecurity?\n\nIt\u2019s vitally important, of course \u2013 but it\u2019s only one of the many risks CIOs must mitigate. Other risks include operational risk (the risk of downtime), technical debt risk (the risk of failures of legacy technologies), as well as compliance risk.\n\nThere\u2019s never enough money to drive all these risks to zero\u2013so how should executives decide which risks to mitigate and how much money and time to spend mitigating them?\n\nOrganizations must be able to engineer comprehensive risk management that quantifies each type of risk and establishes risk targets that conform to budgetary and human resource limitations.\n\nThis \u2018threat engineering\u2019 gives CIOs a justifiable approach to making cybersecurity expenditure decisions while also mitigating the other risks facing the IT organization.\n\nAdvice moving forward\n\nThis article highlights modern security trends for CIOs that weren\u2019t on anybody\u2019s radar as little as five years ago. Five years from now, the list might once again be entirely different.\n\nSuch is the nature of cybersecurity risk management. The risks continue to evolve as adversaries improve their strategies. CIOs must remain vigilant while they leverage state-of-the-art cybersecurity tools and strategies to keep one step ahead of the bad guys.\n\nRead the eBook: Views from the C-suite: Why endpoint management is more critical than ever before\n\n\u00a9 Intellyx LLC. Tanium is an Intellyx customer. Intellyx retains final editorial control of this article. No AI was used in the production of this article.