Government can demand stronger product security, Krebs said. It could help private sector, too

The federal government can use the power of the purse to leverage security improvements, which could benefit businesses at large, according to former CISA Director Chris Krebs.

By Samantha Schwartz • Oct. 22, 2021

2022 could bring OT weaponization, ransomware laws, Gartner says

In the last decade companies underwent digital transformation, with cloud taking over legacy solutions. But the same practices cannot be deployed year after year.

By Samantha Schwartz • Oct. 21, 2021

Avoid paying ransoms, Gartner says. Instead, focus on situational awareness

In the event of a ransomware attack, CISOs need to pause amid chaos and gain a better understand around steps to recovery. 

By Samantha Schwartz • Oct. 20, 2021

Kaseya taps former FBI agent as CISO

Jason Manar worked in partnership with the company following its July ransomware attack.

By Samantha Schwartz • Oct. 20, 2021

White House tackles endpoint security in federal agencies, tees up CISA

Agencies should have "enterprise-level visibility" across bureaus and sub-agencies, a Friday memo said.

By Samantha Schwartz • Oct. 13, 2021

CISOs: Approach the board with precision, simplicity

Executives from PepsiCo, Mandiant and Texas Children's Hospital honed the art of approaching the board. Their techniques leave stakeholders asking, "Do you need anything?"

By Samantha Schwartz • Oct. 8, 2021

Mandiant CEO: 3 threats that changed cybersecurity in 2020

CISOs getting comfortable in a more operational role were met with unprecedented cyberattacks — implants, zero days and ransomware — within the last year and a half.

By Samantha Schwartz • Oct. 6, 2021

Digitization costs manufacturing plants 'the luxury of isolation,' changing risk management

OT organizations transition from site-level best practices to overall best practices, and move plant operations into an enterprise SOC.

By Samantha Schwartz • Oct. 1, 2021

Companies confident in cybersecurity despite growing threats: report

There's a perception of "safety in numbers," Beazley's survey found. "Time will tell if such high levels of confidence are well placed."

By Samantha Schwartz • Sept. 16, 2021

Cybersecurity drills don't have to be 'fight or flight,' training creators say

Cyber training has followed "a very dangerous path," the co-founders of Hook Security said. But a humorous approach may turn things around.

By Ryan Golden • Sept. 15, 2021

What do tech workers want?

The COVID-19 pandemic proved that companies could accommodate flexible work and employees have more choice to join companies with better pay.

By Katie Malone • Sept. 13, 2021

What cyber insurance CEOs want to see from customers

Insurers joined high-profile CEOs at the White House summit last week to discuss how to improve national cybersecurity. For one insurance CEO, the industry needs three points of improvement.

By Samantha Schwartz • Aug. 31, 2021

Tech CEOs promise billions of dollars in cybersecurity support

The Biden administration has to strike a balance between honoring big tech's capitalism while pushing it to a higher standard for the sake of national security.

By Samantha Schwartz • Aug. 26, 2021

Companies are investing in security operations but limited by talent gaps

For some CISOs, the onus to attract talent is on them and the standards they make. 

By Samantha Schwartz • Aug. 25, 2021

3 university CISOs changed focus, not strategy, amid pandemic

Higher education institutions have a security problem: provide users the individualized experience they need to succeed without shortchanging security.

By Samantha Schwartz • Aug. 23, 2021

In the event of a cyber incident, think like a lawyer

While security professionals may not be deeply involved in the legal aspects of a cyber incident, they have to be aware of attorney-client privileges.

By Samantha Schwartz • Aug. 17, 2021

How the $1.2 trillion infrastructure bill invests in cyber

As part of the larger cyber funding injection, the legislation sets aside $100 million, allocated over five years, for the Cyber Response and Recovery Fund.

By Samantha Schwartz • Aug. 12, 2021

How human instinct can interfere with cyber crisis response

In a gut reaction to a security incident, users may make the wrong move to avoid losing data. 

By Samantha Schwartz • Aug. 10, 2021

National K-12 cybersecurity learning standards aim to strengthen pipeline

The standards arrive as the nation faces a growing number of advanced cyberattacks and a skills gap for professionals in the space.

By Roger Riddell • Aug. 9, 2021

CISA takes aim at information sharing woes, launches public-private super group

The Joint Cyber Defense Collaborative is Jen Easterly's first major initiative as CISA's second-ever director.

By Samantha Schwartz • Aug. 6, 2021

Half of security teams report to CISO, others miss out on business benefits: survey

Companies get more buy-in for risk assessments and alignment with business goals when cybersecurity reports to the CISO, an ISACA survey found.

By Samantha Schwartz • July 27, 2021

How 3 critical infrastructure security executives manage vulnerabilities

Assessment of risk and strategy depends on the technologies or services companies use for vulnerability alerts, according to executives during a Dragos webcast.

By Samantha Schwartz • July 26, 2021

Engineers need cybersecurity training, too

Companies will undergo a shift in cyber culture, eventually combining the data engineers and network security professionals use to search for vulnerabilities.

By Samantha Schwartz • July 22, 2021

Behind the Firewall: A hub for security executive information sharing

In Cybersecurity Dive's recurring column, executives tackle the issues they regularly confront, from at-home security solutions to avoided disasters.

By Naomi Eide • July 2, 2021

The risk of disconnect between CIOs and CISOs

Companies need their CIO and CISO working together to reach their strategic goals. Strain in the relationship is a recipe for breaches.

By Roberto Torres • July 1, 2021