Cybersecurity News
Half of Employees Are Using AI Tools Their Security Teams Never Approved
(Based on reporting by CSO, January 29, 2026)
According to a report by CSO, roughly half of employees are using unsanctioned artificial intelligence (AI) tools in their day-to-day work, and senior leaders are among the biggest offenders.
In other words, shadow IT has evolved into “shadow AI.” Staff are passing sensitive information to AI assistants that have never been vetted by cybersecurity, risk, or compliance teams. For financial institutions, this behavior significantly expands the attack surface and raises difficult questions about data residency, model training, and regulatory exposure.
Unsanctioned Tools Relinquish Control Over Data
For CISOs and IT leaders, the immediate risk is loss of control over where sensitive data goes and how it is stored or reused. When employees experiment with public AI tools, they often bypass corporate access controls, logging, and DLP policies.
That makes it nearly impossible to reconstruct what was shared if there is a breach or regulatory inquiry. It also undermines efforts to build standardized, secure AI workflows on approved platforms, because users are already fragmented across their own tool choices.
Firms Need AI Usage Guidelines and Governance
Firms should respond by treating shadow AI as a behavior to govern, not simply a policy violation to punish.
That starts with clear, simple AI usage guidelines that are grounded in existing data-classification rules. Employees should be provided with concrete examples of what can and cannot be entered into external tools.
IT and cybersecurity teams can then introduce sanctioned AI services, such as private model deployments or AI capabilities embedded in existing productivity suites. They can configure them with enterprise-grade logging, encryption, and access controls.
Finally, leadership needs to model compliant behavior: when executives use approved tools and explain why, employees are more likely to follow.
Invoice Fraud Campaigns Turn Finance Departments into Prime Targets
(Based on reporting by Infosecurity Magazine, January 30, 2026)
Law-enforcement agencies and a major UK bank jointly warned that invoice fraud schemes are aggressively targeting corporate finance departments. Attackers are combining social engineering, compromised email accounts, and realistic-looking invoices to divert high-value payments to accounts they control, said a report by Infosecurity Magazine.
In many cases, criminals spend weeks or months studying a company’s billing patterns, vendor relationships, and approval chains before striking. This makes fraudulent requests difficult to distinguish from legitimate ones.
It Starts with Compromising Email
These campaigns often begin with a phishing email or business email compromise (BEC) incident. This gives attackers access to a real mailbox inside the organization or at a trusted supplier. Once inside, the adversaries monitor conversations, harvest invoice templates, and wait for an opportune moment, such as a large, time-sensitive payment.
They then send a carefully crafted message, sometimes from a compromised account, instructing the finance team to update bank details or expedite payment. Because the email tone, signatures, and invoice formatting all look familiar, even well-trained staff can be deceived.
Invoice Fraud Results in Significant Losses for Firms
Transaction values at financial institutions are typically high, and counterparty relationships are complex. Invoice fraud can result in seven- or eight-figure losses and regulatory scrutiny.
Controls, therefore, need to extend beyond email security. Organizations should implement strict, out-of-band verification procedures for changing bank details, such as call-back protocols using known phone numbers or secure vendor portals.
Payment approval workflows should flag unusual combinations of amount, beneficiary, and timing for additional review.
Finally, finance and operations teams should receive tailored training based on real examples. This way, they’ll know what suspicious patterns to look for, including unexpected urgency, subtle changes in account numbers, or deviations from normal communication channels.
Most CISOs Can’t See Third-Party Threats Beyond Their Direct Suppliers
(Based on reporting by Cybernews, January 14, 2026)
A recent report by Cybernews described new research from a supply-chain security provider. Based on a study of cybersecurity leaders, the provider found that 85% of CISOs say they lack visibility into cyber risks posed by third parties.
Additionally, most organizations do not monitor threats beyond their direct suppliers.
The study highlights a persistent blind spot: Many firms have questionnaires, contracts, or basic security ratings in place for key vendors. However, few extend that scrutiny to subcontractors, cloud partners, data processors, and other downstream entities that routinely handle sensitive information or have indirect access to internal systems.
Attackers Go for the Weakest Link
This limited visibility is increasingly dangerous in a world of interconnected platforms and AI-enabled workflows.
Attackers often exploit the “weakest link” in a supply chain. A smaller, less-mature provider may have weaker controls, but they can still offer a pathway into a larger financial institution’s environment.
High-profile incidents in recent years have shown how a single compromised integration, managed service, or software dependency can be weaponized. Once inside, attackers can deliver ransomware, exfiltrate data, or disrupt operations across many customers.
Firms Must Enhance Third-Party Security Measures
Security leaders should push beyond annual questionnaires and adopt measures like the following:
- Continuous monitoring of vendor attack surfaces
- External scanning tools and providers
- Threat-intelligence feeds for responsiveness
- Explicit risk tiers for critical suppliers
Contracts should require timely breach notification, clear security baselines, and evidence of controls, such as MFA, encryption, and secure software development practices.
Just as importantly, firms need an internal playbook for responding to a vendor breach. Some of the most critical steps include:
- identifying the affected data
- Isolating affected integrations
- Communicating with clients and regulators.
Treating supply-chain security as an ongoing program rather than a one-off project will be key to reducing the likelihood and impact of cascading incidents.
Cybersecurity Tips
Ten Strategic Priorities CIOs Should Focus on in 2026
(Based on “10 top priorities for CIOs in 2026,” CIO, January 19, 2026)
According to a recent article by CIO Magazine, technology leaders entering 2026 should focus on ten strategic priorities that collectively strengthen security, resilience, and innovation. Here is a quick rundown of their suggestions:
1. Assume Adversaries Will Use AI
CIOs are urged to strengthen cybersecurity resilience and data privacy as generative and agentic AI become deeply embedded in business workflows. This means assuming that adversaries will also use AI to automate attacks and prioritizing controls that protect sensitive data and maintain regulatory compliance in every phase of AI adoption.
2. Consolidate Tools into Unified Platforms
Second, CIOs should consolidate fragmented cybersecurity tools into unified platforms, a shift sometimes described as “platformization.” By reducing tool sprawl and integrating security capabilities into a cohesive architecture, organizations can improve detection, reduce operational overhead, and make it easier to embed AI-driven analytics.
3. Use Continuous Encryption
Third, the article emphasizes ensuring data protection through privacy-enhancing technologies and continuous encryption—protecting data not just at rest and in transit, but also while it is being processed, which is increasingly important for AI workloads.
4. Create an Identity-Centric Workplace
Fourth, CIOs should focus on team identity and employee experience. A seamless, identity-centric digital workplace improves adoption of secure tools and reduces the temptation to bypass controls.
5. Taking a “Clean Core” Approach
Fifth, leaders need to navigate increasingly costly ERP migrations by embracing a “clean core” approach. This means keeping the core system as standard as possible and integrating specialized tools around it, rather than over-customizing.
6. Build API-first Architectures
Sixth, CIOs should double down on innovation and data governance by building modular, API-first architectures. They should also treat data as a strategic asset with clearly defined quality, lineage, and access rules.
7. Reskill Teams for an AI-Enabled Environment
Seventh, the report calls for active workforce transformation. Leaders can upskill and reskill teams, redesigning roles for an AI-enabled environment. They can also create “fusion teams” that blend business, product, and technology skills.
8. Promote Transparency and Manage Uncertainty
Eighth, CIOs must improve team communication to manage anxiety and uncertainty in rapidly changing tech environments. This requires the use of more transparent updates in addition to targeted training.
9. Improve Agility, Trust, and Scale
Ninth, they should strengthen capabilities that drive agility, trust, and scale. This includes capabilities such as identity and access management, data platforms, and integration services.
Additionally, firms should also use least-privilege and zero-trust principles for both human and non-human identities, including AI agents.
10. Prepare for the “Agentic Enterprise.”
Finally, CIOs need to address an evolving IT architecture by preparing for an agentic enterprise model. It will require new layers for unified semantics, centralized AI/ML, scalable agent management, and secure orchestration of complex workflows.
Collectively, these ten priorities offer a roadmap for leaders who must secure today’s operations while preparing their organizations for an AI-driven future. To learn more about what you can do to improve cybersecurity, contact us at Option One Technologies today.
