CISA mobile security advice gets personal in wake of telecom intrusions

The agency’s recommendations are not for the technically inept. Yet the extraordinary measures, including the use of encrypted apps, are applicable to all audiences.

By Matt Kapko • Dec. 19, 2024

Pennsylvania representative pitches bill to double cyber assistance for local water systems

The proposed legislation comes amid a surge in ransomware and state-linked attacks against U.S. water utilities.

By David Jones • Dec. 17, 2024

Explore the Trendline➔

Risk Management

Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues. 

By Cybersecurity Dive staff

CISA’s pre-ransomware alerts nearly doubled in 2024

The federal agency’s efforts to improve defenses surged in fiscal year 2024. Yet, attacks continue to climb.

By Matt Kapko • Dec. 17, 2024

Executives see another CrowdStrike-level IT outage on the horizon

IT and business leaders admit to prioritizing security at the expense of service disruption readiness, a PagerDuty report found.

By Matt Ashare • Dec. 13, 2024

Snowflake to phase out single-factor authentication by late 2025

The security policy change starts one year after a wave of attacks targeted more than 100 Snowflake customer environments without MFA.

By Matt Kapko • Dec. 10, 2024

Credit risk rising as attackers strike larger companies: Moody’s

Cybercriminals are deploying generative AI tools in their efforts at ransomware and fraud, Moody’s Ratings said.

By Jim Tyson • Dec. 10, 2024

Frontline workforce tech predictions for 2025: A new era of efficiency and security

2025 Predictions: Boosting frontline efficiency with passwordless tech and identity and access management innovations

By Joel Burleson-Davis, SVP Worldwide Engineering, Cyber • Dec. 9, 2024

For IT pros, the CrowdStrike crisis was a ‘call to arms’

The global outage triggered investments in people, processes and technologies to beef up enterprise resilience, Adaptavist research found.

By Matt Ashare • Dec. 6, 2024

Protecting the cloud: combating credential abuse and misconfigurations

To defend against two of today’s biggest cloud security threats, organizations must adapt and develop proactive strategies, Google Cloud’s Brian Roddy writes. 

By Brian Roddy • Dec. 5, 2024

T-Mobile undeterred as telecom sector reels from attack campaign

Cybersecurity Dive spoke with CSO Jeff Simon about how the carrier says it thwarted a threat group resembling Salt Typhoon despite its past security failures.

By Matt Kapko • Dec. 5, 2024

UK cyber chief warns country is at an inflection point as digital threats rise

In his first major speech, NCSC CEO Richard Horne said state linked and criminal threat groups are working to undermine the nation’s reliance on technology. 

By David Jones • Dec. 3, 2024

When password rules change, who benefits?

As the National Institute of Standards and Technology rolls out updated password guidance, some experts want to make passwords a thing of the past.

By Sue Poremba • Dec. 2, 2024

FBI, CISA warn of heightened risk of BEC attacks during holiday season

Authorities encouraged prompt reporting, which can help recover stolen payments.

By David Jones • Nov. 27, 2024

CrowdStrike avoids customer exodus after triggering global IT outage

The cybersecurity vendor reported $33.9 million in expenses related to the July 19 incident, which caused the company to swing to a loss.

By Matt Kapko • Nov. 27, 2024

As holiday season begins, US braces for looming risk of cyberattacks

Security teams are on the alert for nation-state threats and ransomware as millions of workers break for a holiday.

By David Jones • Nov. 26, 2024

Healthcare providers will need to boost cyber defenses amid AI adoption: Moody’s

AI could ease labor shortages, but health systems will need to increase cybersecurity spending to manage heightened risks, according to the credit ratings agency.

By Emily Olsen • Nov. 22, 2024

Microsoft unveils resiliency, security enhancements following July global IT outage

The updates are part of a larger effort at the company to overhaul its internal security culture.

By David Jones • Nov. 21, 2024

Palo Alto Networks boasts as customers coalesce on its platforms

The cybersecurity vendor said it ended its fiscal Q1 with 1,100 platformization deals and remains on pace to reach at least 2,500 such deals within five years.

By Matt Kapko • Nov. 21, 2024

Security awareness and training is a method, not an outcome

In 2024, the idea of human risk management shifted from concept to reality as frustrated CISOs looked for solutions beyond security awareness and training to make real change. 

By Jinan Budge • Nov. 20, 2024

Splunk accelerates Cisco’s security business as core networking sales decline

Security revenue doubled to $2 billion in Cisco’s recent quarter. Without Splunk’s contribution, its total revenue would have dropped 14%.

By Matt Kapko • Nov. 18, 2024

National cyber director calls for streamlined security regulations

Harry Coker Jr. assured critical infrastructure and private sector stakeholders that while standards are necessary, there is a need to harmonize burdensome compliance demands. 

By David Jones • Nov. 14, 2024

Who should be in the room when purchasing cyber insurance?

Cyber exposure should be treated just as seriously as a fire event, each with a high potential to disrupt business for extended periods of time, Peter Hedberg of Corvus Insurance writes. 

By Peter Hedberg • Nov. 11, 2024

Empowering the next generation of cyber leaders: Mentoring and talent development initiatives

With guidance and support from mentorship programs and talent development initiatives, employees can become better equipped for success.

Nov. 11, 2024

Tech executives reassess IT resilience in CrowdStrike outage aftermath

Nearly all organizations have known operational weaknesses that leave IT systems vulnerable to service interruptions, according to Cockroach Labs.

By Matt Ashare • Nov. 8, 2024

TSA proposes cyber risk management programs for surface transportation, pipeline operators

The proposed rule would also require the disclosure of cyber incidents to CISA and physical security concerns to TSA.

By David Jones • Nov. 7, 2024