Contractual obligations driving data privacy, cybersecurity upgrades

To secure work from business partners, more companies are getting serious about having the right technical and legal safeguards, a specialist says.

By Robert Freedman • Feb. 13, 2024

CISA blitzes Super Bowl with cyber campaign as businesses fumble security

CISA brought its Secure Our World initiative to Las Vegas, for the biggest annual event in sports. Will anyone heed the advice?

By Matt Kapko • Feb. 9, 2024

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

National cyber director urges private sector collaboration to counter nation-state cyber threat

Harry Coker said the Biden administration is exploring plans to hold manufacturers accountable for poor security, while also working to harmonize regulations.

By David Jones • Feb. 9, 2024

Mortgage industry attack spree punctuates common errors

Attacks against Mr. Cooper Group, Fidelity National Financial, First American Financial and loanDepot impacted operations and put customers in a bind.

By Matt Kapko • Feb. 6, 2024

Business, technology groups back SolarWinds motion to dismiss SEC charges

Former U.S. cybersecurity officials and a group of current and former CISOs warned the fraud suit against SolarWinds could chill intel sharing from the private sector.

By David Jones • Feb. 5, 2024

4 ways the role of the CISO will change in 2024

2024 marks a new era for CISOs. Faced with increasing responsibility in the wake of SolarWinds, they’ll demand better budgets, head counts, and tooling - or go elsewhere.

By Thomas Kinsella, CCO and co-founder, Tines • Feb. 5, 2024

Okta to cut 7% of workforce as push to revamp security is underway

The layoffs come during the company's 90-day overhaul to address lax security following a string of cyberattacks targeting Okta and its customers.

By Matt Kapko • Feb. 1, 2024

White House rejects efforts to undo SEC cyber disclosure rule

President Joe Biden would veto the joint resolution that aims to strip the agency’s authority to require companies to disclose cyber incidents and governance processes, the administration said Wednesday.

By Matt Kapko • Jan. 31, 2024

What’s ahead for cybersecurity in 2024

A steady stream of threats and new regulations have executives tiptoeing around how to best detail security incidents.

By Naomi Eide • Jan. 31, 2024

In 2024, the cybersecurity industry awaits more regulation — and enforcement

Private sector companies and critical infrastructure providers will face unprecedented demands for product security, intelligence sharing and transparency on data security.

By David Jones • Jan. 31, 2024

Midnight Blizzard attack seen as another sign of Microsoft falling short on security

Critics say the hack of senior Microsoft executives’ emails is another example of a longstanding series of security lapses and foot-dragging by the company.

By David Jones • Jan. 26, 2024

Progress Software shakes off MOVEit’s financial consequences, maintains customers

Executives described the file-transfer service as one of its stronger performing products and said customers remain loyal.

By Matt Kapko • Jan. 18, 2024

Cyber tops business risk for enterprises worldwide, report finds

Cyber replaced business interruption as the top concern among U.S. businesses, according to the Allianz Risk Barometer.

By David Jones • Jan. 16, 2024

Cyber funding and M&A drop in 2023

Venture capitalists shifted strategies throughout 2023 as they tightened investment levels to minimize potential losses, Pinpoint Search Group found.

By Matt Kapko • Jan. 11, 2024

5 cybersecurity trends to watch in 2024

Preventative measures remain woefully unmet, the scourge of ransomware is as bad as its ever been, and a wave of new incident reporting and compliance regulations are taking hold. Buckle up, 2024 is here.

By David Jones , Matt Kapko • Jan. 10, 2024

Merck reaches settlement in closely watched NotPetya insurance case

The pharmaceutical giant previously won a New Jersey court decision involving $700 million of a $1.4 billion dispute over war-exclusions language related to the attack.

By David Jones • Jan. 8, 2024

LastPass enforces 12-character master password lengths

The password manager made its years-old guidance on master password complexity a requirement nearly a year and a half after it was hit by a major cyberattack.

By Matt Kapko • Jan. 4, 2024

Mimecast acquires human risk management specialist Elevate Security

The acquisition is the latest in a series of deals in recent weeks, following a turbulent year of industry layoffs, spending cuts and a weaker investment climate in the sector.

By David Jones • Jan. 4, 2024

SonicWall acquires Banyan Security to boost cloud security portfolio for remote work

The company recently acquired a firm specializing in managed detection and response technology for managed service providers.

By David Jones • Jan. 3, 2024

Cisco to buy open source multicloud security vendor Isovalent

The deal for the company behind eBPF and Cilium follows Cisco’s blockbuster $28 billion agreement to acquire Splunk.

By Matt Kapko • Dec. 21, 2023

Cyber risk strategies in hot seat as SEC rules go live

A new climate of regulatory scrutiny is pushing companies to reassess how they manage cyber governance and mitigation at the highest levels.

By David Jones • Dec. 20, 2023

2 years on, Log4j still haunts the security community

Research from Veracode shows nearly 2 in 5 applications are still running vulnerable versions. 

By David Jones • Dec. 8, 2023

Fidelity National Financial still assessing cyberattack impact, but is insured

The company acknowledged real estate closings were briefly impacted, however committed to protect customer data and prioritize cybersecurity investments.

By David Jones • Dec. 7, 2023

Challenging the ‘good enough’ cybersecurity mindset

While the volume of cyber threats keeps growing, security experts struggle to navigate the perception that existing resources are enough to defend their organization.

By Jen A. Miller • Dec. 6, 2023

Businesses can turn to MSPs to navigate SEC cyber disclosure requirements

With a line of sight on security operations, managed service providers hold keys to materiality determinations and annual 10-K reports.

By Suman Bhattacharyya • Dec. 5, 2023