#kroll-report

#kroll-report

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

In Q3 FY2026, CrowdStrike posted record net new ARR of $265 million, accelerating 73% year-over-year, and ending ARR reached $4.92B. Revenue came in at $1.234B, a slight beat versus estimates, EPS of $0.96 was also a slight beat.

ADM announced on Tuesday that it has entered into a settlement agreement with the U.S. Securities and Exchange Commission (SEC) to resolve its investigation into ADM's prior reporting of inter-segment sales, without admitting or denying any wrongdoing. As part of the settlement, ADM agreed to pay a $40 million penalty. According to the SEC, ADM engaged in years of profit-shifting that made its star nutrition segment appear to meet ambitious growth targets, even as demand softened and margins declined.

This will also greatly increase the need for AI audit trails: detailed records of what data AI used, what steps it took, what suggestions or decisions it influenced, and who ultimately confirmed the choices. These trails will become crucial for compliance, ethical accountability, and ensuring business integrity. According to Pugh, there will be a clear trend toward transparent AI workflows, and companies will increasingly see that an error in a prediction can be traced back to a specific step in the AI workflow.

IT security teams, especially the compliance cast, love drama. The slower, more arcane, and less intelligible the script, the louder the applause. Every few years, someone strides onstage with a seemingly edgy rallying cry: "Let's burn it all down and start again!" Let's be honest: torching the set doesn't fix the play. The real villain isn't any one framework. It's the lackluster production we force our best people to perform "assessments" that consume weeks, cost a fortune, and deliver stale, unread artifacts.

Rather than stolen data making headlines, it was business stoppage that triggered attention. Moving into 2026, the board's focus should be on ensuring business continuity and building resilience in the face of emerging risks generated by AI usage and attack vectors, quantum computing and geopolitics.

As audit committees confront a rapidly expanding risk landscape, their role in corporate governance is being reshaped. Boards have often turned to current and former CFOs as independent directors, particularly for audit committees, because of their ability to translate complex operational and financial realities into effective oversight.For example, this month, J. Michael Hansen, former EVP and CFO of Cintas Corporation, was appointed to the audit committee at Paychex.

Mentions of exec security protocols are popping up in more proxy filings, and companies like Starbucks are changing corporate jet policies due to what it calls "significant heightened security concerns." These moves follow the December 2024 killing of UnitedHealthcare CEO Brian Thompson in New York City and a shooting at a Park Avenue office building about eight months later. Both instances shattered long-held assumptions that corporate leaders were at least somewhat insulated from the types of violence more often associated with politicians or celebrities, several security executives told Business Insider.

Human error and internal risks continue to contribute structurally to data breaches and account takeovers. This is according to research by KnowBe4. Email remains the primary channel through which cybercriminals deceive employees in incidents. 64% of organizations reported incidents that originated via email, while 57% saw a further increase in email-related attacks. Phishing also served as a gateway to account takeovers in 59% of the affected organizations.

I belong to six professional organizations. Or maybe it's 13, 19, 26, or 47. I can't be sure. The ones where I pay dues or volunteer I know well: ASIS International, the Life Safety Alliance, Chartered Security Professionals, and a couple of others. Then come the niche and industry-specific associations like the International Council of Shopping Centers, public-private partnerships such as OSAC and Infragard, and the countless ASIS Communities.

Traditional IAM and IGA systems are designed primarily for human users and depend on manual onboarding and integration for each application - connectors, schema mapping, entitlement catalogs, and role modeling. Many applications never make it that far. Meanwhile, non-human identities (NHIs): service accounts, bots, APIs, and agent-AI processes are natively ungoverned, operating outside standard IAM frameworks and often without ownership, visibility, or lifecycle controls.