CISA seeks to address visibility, resilience in 3-year strategic plan

The agency outlined a major push to recognize and respond to immediate cyberthreats and make secure development practices a priority.

By David Jones • Aug. 7, 2023

Inside the most-commonly exploited CVEs of 2022

Delayed patching and unmet secure-by-design principles are aggravating the risk of compromise, the Five Eyes warned Thursday.

By Matt Kapko • Aug. 4, 2023

Explore the Trendline➔

Risk Management

Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues. 

By Cybersecurity Dive staff

Broad SBOM adoption takes root as businesses watch their supply chains

Research from Sonatype shows major companies are increasingly mandating outside vendors to account for the security of their applications.

By David Jones • Aug. 4, 2023

C-suite, rank-and-file at odds over security’s role

Security is a priority when implementing a cloud strategy, 50% of executives said in a May survey. Most security workers beg to differ.

By Roberto Torres • Aug. 4, 2023

Businesses improved cyber incident response times following Log4j, report finds

An Immersive Labs study showed security teams improved response times during attacks, but post-incident recovery still lagged.

By David Jones • Aug. 2, 2023

White House looks to close massive cyber skills gap

The Biden administration is moving to address a yearslong shortage of qualified IT security and technology industry workers.

By David Jones • Aug. 1, 2023

Generative AI risks loom as businesses increase investments

Even when risks associated with the tech are identified, most businesses aren’t putting in the work to mitigate them.

By Lindsey Wilkinson • Aug. 1, 2023

How to communicate data risk to the business

Data risk communications must be objective, pragmatic and clearly focused on the best interests of the organization to be effective, Gartner’s Joerg Fritsch writes. 

By Joerg Fritsch • July 31, 2023

New Jersey Supreme Court to hear Merck insurance dispute over NotPetya attack

The pharmaceutical giant previously won lower court rulings regarding war exclusion language. 

By David Jones • July 28, 2023

To execute the national cyber strategy, it’s going to take the whole US government

Experts applaud the desired outcomes, but the tasks and responsibilities now assigned to agencies underscore the challenges that lie ahead.

By Matt Kapko • July 25, 2023

New York cyber lead warns of what states face in critical infrastructure defense

Government agencies and the private sector must work collaboratively to combat increasingly sophisticated threat activity, Colin Ahern said.

By David Jones • July 25, 2023

White House secures safety commitments from 7 AI companies

OpenAI, Microsoft and Google are among the companies committing to robust testing and investments in cybersecurity safeguards to defend AI models prior to release.

By Lindsey Wilkinson • July 21, 2023

US government plays catchup on phishing-resistant MFA

Security tools have evolved to include more accessible protocols that meet stringent authentication requirements. The government wants to embrace that.

By Matt Kapko • July 20, 2023

Microsoft offers free security logs amid backlash from State Department hack

Federal officials and rivals blasted the company for charging customers for additional security features.

By David Jones • July 19, 2023

GoTo, parent company to LastPass, names new CISO

The change in security leadership comes months after the third-party cloud storage service GoTo shares with LastPass was breached.

By Matt Kapko • July 19, 2023

White House shares the 69 initiatives slated to shore up national cybersecurity

“If the strategy represents the president’s vision for the future, then this implementation plan is the roadmap to get there,” Acting National Cyber Director Kemba Walden said.

By Matt Kapko • July 13, 2023

Cybersecurity funding drops sharply in Q2

Seed funding rounds dominated, while the enterprise market continued a trend of consolidating security vendors.

By David Jones • July 11, 2023

JumpCloud abruptly initiates mass API key reset

The company did not specify the nature of the incident, but the sudden decision to reset all API keys could indicate something is amiss, one expert said.

By Matt Kapko • July 10, 2023

TPG to buy Forcepoint’s public sector cybersecurity business for $2.45B

The deal for Forcepoint’s government and critical infrastructure-focused business marks one of the largest in the cybersecurity market this year.

By Matt Kapko • July 10, 2023

Only 5% of CISOs report to CEOs, survey finds

CISOs are still most likely to report to the CIO, but Heidrick & Struggles expects that to change as cyber responsibilities evolve.

By Matt Kapko • July 7, 2023

IronNet in NYSE compliance crosshairs after failing to file quarterly earnings on time

Management at the cybersecurity firm has been in talks on a deal to raise additional capital and go private. 

By David Jones • July 6, 2023

The role for AI in cybersecurity

Generative AI can become an ally for new security professionals who may otherwise feel overwhelmed. For more seasoned security analysts, it can offer time to refine their skills through automation of repetitive tasks.

By Sue Poremba • July 5, 2023

How bad code fuels security mishaps

Spotting code that messes up operations or hurts security requires a proactive approach — and direct insight from developers.

By Jen A. Miller • June 30, 2023

White House releases cyber budget priorities for fiscal year 2025

Federal agencies are advised to demonstrate how their spending aligns with the national cybersecurity strategy.

By Matt Kapko • June 29, 2023

What to do after a data breach

Long before a data breach, well-prepared companies set up incident response teams with workers from multiple departments.

By Sue Poremba • June 29, 2023