Boards Are Being Told To Rethink Their Role In Cybersecurity
Help Net Security, Monday, September 1st, 2025
Boards of directors are being told that cybersecurity is now central to business resilience and growth, and that they must engage more directly in the way their organizations manage risk.
A new report from Google Cloud's Office of the CISO lays out three areas where board oversight is becoming especially important: ransomware, cyber-enabled fraud, and the intersection of innovation and cybersecurity.
Ransomware is shifting to identity and help desks
The report describes how ransomware attacks have become more targeted and disruptive. Threat actors are no longer just encrypting files. They are exploiting identity systems, help desks, and cloud infrastructure. One example highlighted is the growing use of social engineering against help desk staff, where attackers impersonate employees and convince support teams to reset credentials or modify multifactor authentication settings. By doing so, they bypass technical defenses and gain control of accounts.