Retailers brace for cyberthreat feast ahead of Thanksgiving shopping weekend

A rise in social engineering and generative AI pose increased risks as phishing attacks and ransomware gain speed and grow more sophisticated.

By David Jones • Nov. 21, 2023

Companies are getting smarter about cyber incidents

Although incidents are up and risks are expanding, businesses are better prepared to send threat actors away empty-handed, a specialist says.

By Robert Freedman • Nov. 21, 2023

Explore the Trendline➔

Risk Management

Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues. 

By Cybersecurity Dive staff

Cisco looks to Splunk for security business growth

Security remains a small part of Cisco’s business, but Splunk could bolster the company’s ability to grow and improve other offerings.

By Matt Kapko • Nov. 16, 2023

Palo Alto Networks’ largest customers get no-cost incident response

Available through January, the response program comes at a time of heightened demand for rapid forensic services, particularly in light of the coming SEC incident response enforcement. 

By David Jones • Nov. 15, 2023

Rackspace records $5M in expenses related to 2022 ransomware attack

The cloud services company expects insurance to cover its incident costs, however multiple lawsuits are still pending.

By David Jones • Nov. 14, 2023

MGM Resorts anticipates no further disruptions from September cyberattack

The company expects insurance to cover more than $100 million in losses stemming from lost bookings and disruptions at its Las Vegas properties.

By David Jones • Nov. 9, 2023

Countries pledge to not pay ransoms, but experts question impact

There is no mandate to ban governments or businesses from paying ransom demands, but the pledge could be a step toward that outcome.

By Matt Kapko • Nov. 6, 2023

Top ways businesses can manage the risk implications of the SEC cybersecurity disclosure rule

The SEC final rule requires public companies to disclose any material cybersecurity incidents within four business days of determination.

Nov. 6, 2023

Microsoft overhauls cyber strategy to finally embrace security by default

The plan follows major backlash Microsoft experienced earlier this year for charging customers for additional security features. 

By David Jones • Nov. 3, 2023

Splunk to cut 7% of staff in latest layoff round this year

CEO Gary Steele said the cuts, which largely impact employees in the U.S., are not related to Cisco's deal to acquire the company.

By Matt Kapko • Nov. 1, 2023

BeyondTrust, Cloudflare averted Okta attacks thanks to security chops

With details scant, worries remain about how the attacks might have played out for less security-focused businesses that were impacted.

By Matt Kapko • Nov. 1, 2023

How to protect sensitive school data during a cyberattack

The CFO of a Texas school district recommends safer ways to request sensitive employee data and stronger password and verification policies.

By Kara Arundel • Oct. 27, 2023

CISA targets software identification in push to boost supply chain security

The plan is part of a wider effort to boost software security using vulnerability management and SBOMs.

By David Jones • Oct. 27, 2023

Microsoft touts demand for its security services in fiscal Q1, driven by AI appetite

The company said it is gaining market share in the cybersecurity segment and is opening access to its AI-based Security Copilot after an early preview.

By David Jones • Oct. 25, 2023

LastPass working through ‘systemic’ security overhaul

“We didn’t just address the issues that were the cause of the breach,” CEO Karim Toubba said. Still, nearly 1 in 10 customers are fleeing the password manager.

By Matt Kapko • Oct. 25, 2023

FAIR Institute wants to quantify just how much a cyberattack costs

The risk-management body is trying to create a standard to estimate material cyber attack costs and help stakeholders better understand risk.

By Matt Kapko • Oct. 20, 2023

Tech spend to hit milestone as businesses react to AI security scare

Gartner is projecting worldwide IT spend will top $5 trillion next year, and CIOs are investing more in security to curb concerns associated with AI and risk.

By Matt Ashare • Oct. 20, 2023

Cyber venture capital funding on pace to hit four-year low

VC activity in cybersecurity reflects a pragmatic period in an industry oversaturated with vendors, Crunchbase data shows.

By Matt Kapko • Oct. 19, 2023

EPA rescinds rule to include cybersecurity in water system audits after legal challenge

The Biden administration said it will continue efforts to reduce cyber risk in critical infrastructure sectors.

By David Jones • Oct. 16, 2023

CISA’s top 10 misconfigurations reveal ‘systemic weaknesses’

Common mistakes including poor credential management, weak MFA and lackluster patching continue to harm large enterprises.

By Matt Kapko • Oct. 16, 2023

SMBs seek cyber training, support as attack risk surges

A report from Sage indicates SMBs face considerable obstacles to preventing cyberattacks when compared to larger, higher resourced enterprises.

By David Jones • Oct. 16, 2023

Federal agencies press OT/ICS providers on open-source security

The U.S. is scrutinizing the security of critical infrastructure providers, which are becoming more dependent on connected infrastructure.

By David Jones • Oct. 12, 2023

CISA pivots focus to China-linked threats against critical infrastructure

The agency now considers China the top nation-state threat, after a heavy emphasis on risks related to the Russia-Ukraine war.

By David Jones • Oct. 5, 2023

What to consider when choosing cybersecurity providers

While it might be easier for an organization to build its core cybersecurity system from one company, that may not provide the best option.

By Sue Poremba • Oct. 5, 2023

AWS kicks off cloud race to mandate MFA by default

The cloud giant will start requiring users with the highest level of privileges to use MFA starting in mid-2024. Google, in response, said it will mandate MFA for certain accounts this year.

By Matt Kapko • Updated Oct. 4, 2023