US government rejects ransom payment ban to spur disclosure

Federal authorities strongly discourage organizations from paying ransoms, but Anne Neuberger of the National Security Council explains why it decided against a ban.

By Matt Kapko • Sept. 19, 2022

Industrial control systems face more cyber risks than IT, expert testifies

Most ICS technology was designed more than 20 years ago and built without cyber resilience, Idaho National Laboratory's Vergle Gipson said. 

By David Jones • Sept. 16, 2022

Explore the Trendline➔

Risk Management

Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues. 

By Cybersecurity Dive staff

Microsoft cloud security exec challenges organizations to ditch outdated practices

Modern systems and modes of attack demand a dynamic and realistic security strategy, Shawn Bice said. The problem can be managed, not solved.

By Matt Kapko • Sept. 16, 2022

State education leaders prioritize cybersecurity, but lack funding

In a survey by the State Educational Technology Directors Association, 57% of respondents said their state provides a low amount of funding for cybersecurity.

By Anna Merod • Sept. 15, 2022

Security vendor consolidation a priority for majority of organizations worldwide

Gartner research shows a surge in organizations that want to reduce the complexity of their security stacks.

By David Jones • Sept. 14, 2022

US is shoring up gaps in cyber policy, but critical goals remain unfulfilled

Legislators say the Cyberspace Solarium Commission led to significant national security enhancements, but analysts are calling for urgent momentum on a federal law on data privacy and security.

By David Jones • Sept. 13, 2022

Google closes $5.4B Mandiant acquisition

The Mandiant buy marks the second most expensive acquisition in Google’s history, underscoring the cloud provider’s commitment to become a standalone security brand.

By Matt Kapko • Sept. 12, 2022

CISA announces RFI for critical infrastructure cyber reporting mandate

The agency plans to publish the information request in the Federal Register on Monday and will kick off a national listening tour.

By David Jones • Sept. 9, 2022

CISA Director: Tech industry should infuse security at product design stage

Agency director Jen Easterly outlined a push for faster incident reporting and closer industry collaboration.

By David Jones • Sept. 7, 2022

Most organizations remain unprepared for ransomware attacks

Too many organizations are failing to meet cybersecurity demands. Ransomware attacks abound and humans are still the weakest link.

By Matt Kapko • Sept. 6, 2022

Okta CEO pushes for passwordless future in wake of phishing attacks

Customers that rely on passwords and log-in pages are putting their organizations at greater risk of attack, Todd McKinnon told analysts.

By Matt Kapko • Sept. 2, 2022

CrowdStrike, Palo Alto earnings show resilience in cyber investments amid macro concerns

Enterprises are continuing to invest in cybersecurity, but remain focused on consolidating vendors.

By David Jones • Sept. 1, 2022

SaaS sprawl amps up security challenges amid heightened risk

Two-thirds of businesses say they're spending more on SaaS applications year over year, Axonius data shows.

By Roberto Torres • Sept. 1, 2022

Multifactor authentication has its limits, but don’t blame the technology

Despite phishing attacks that evaded authentication and engulfed many technology companies of late, organizations shouldn’t hesitate to use MFA.

By Matt Kapko • Sept. 1, 2022

CISOs aim to balance investments, outsourcing against risks

Cyberattack risk still largely comes down to human error, regardless of how much organizations spend to bolster defense.

By Matt Kapko • Aug. 31, 2022

Slack enhances platform security amid rapid expansion and heightened risk

The enterprise messaging platform has faced increased customer concerns about security and privacy.

By David Jones • Aug. 31, 2022

Changing cyber insurance guidance from Lloyd’s reflects a market in turmoil

Rising ransomware attacks and higher payout demands have battered the insurance industry, leaving many organizations exposed and vulnerable. 

By David Jones • Aug. 29, 2022

Tips for how to safeguard against third-party attacks

Organizations need to demand and ensure all vendors implement rigorous security measures. Sometimes the least likely tools pose the most risk. 

By Matt Kapko • Aug. 25, 2022

Cybersecurity spending strategies in uncertain economic times

The need for strong cybersecurity programs doesn’t make it immune to cuts.

By Sue Poremba • Aug. 25, 2022

Risk of cyberattack emerges as top concern of US executives

A PwC study shows cyber risk is a top concern among entire C-suite and corporate boards as companies are spending additional funds to boost resilience.

By David Jones • Aug. 19, 2022

Google Cloud’s CISO is a short-term cyber pessimist, but a long-term optimist

Respite from seemingly omnipresent threats is hard to come by, but Phil Venables takes comfort in wins, not losses.

By Matt Kapko • Aug. 18, 2022

Mailchimp breach shines new light on digital identity, supply chain risk

Sophisticated threat actors are targeting weak links in the email marketing space to go after vulnerable financial targets.

By David Jones • Aug. 18, 2022

DigitalOcean, caught in Mailchimp security incident, drops email vendor

An attack on the email marketing firm raises questions about the continued risk of a supply chain compromise. 

By David Jones • Aug. 17, 2022

Zero trust adoption skyrockets, nearing universal adoption

A report from Okta shows organizations fully embracing zero-trust principles, as hybrid work requires long-term changes to identity management. 

By David Jones • Aug. 16, 2022

Don’t count on government, tech vendors to fix security woes, former CISA chief Krebs says

The state of cybersecurity is bad and it’s going to get worse, Chris Krebs said at Black Hat. But somehow things might eventually get better.

By Matt Kapko • Aug. 10, 2022