What cyber insurance CEOs want to see from customers

Insurers joined high-profile CEOs at the White House summit last week to discuss how to improve national cybersecurity. For one insurance CEO, the industry needs three points of improvement.

By Samantha Schwartz • Aug. 31, 2021

Why a ban on ransom payments will not work

Those most impacted by an attack are motivated to pay. In some cases, it's not the victim company but its customers who want service restored.

By Samantha Schwartz • Aug. 27, 2021

Explore the Trendline➔

Risk Management

Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues. 

By Cybersecurity Dive staff

Companies are investing in security operations but limited by talent gaps

For some CISOs, the onus to attract talent is on them and the standards they make. 

By Samantha Schwartz • Aug. 25, 2021

Why most companies don't understand speed is vital to cybersecurity

In cybersecurity folk wisdom, frequent releases are scary and the foundation for security failure. Why is there this disconnect between cybersecurity superstition and reality?

By Kelly Shortridge • Aug. 24, 2021

In the event of a cyber incident, think like a lawyer

While security professionals may not be deeply involved in the legal aspects of a cyber incident, they have to be aware of attorney-client privileges.

By Samantha Schwartz • Aug. 17, 2021

Behind the Firewall: Security investments that will stick post-pandemic

As long-term strategies for remote work solidify, VPNs, EDR and other tools are here to stay.

By Katie Malone , Samantha Schwartz • Aug. 16, 2021

Should healthcare organizations pay to settle a ransomware attack?

The decision goes beyond finances: In healthcare, it's a moral judgement, too.  "I don't think there's a single yes or no," said Michael Coates, former Twitter CISO.

By Rebecca Pifer • Aug. 13, 2021

Criminal middlemen administer access to privileged accounts

Ransomware attacks stem from a specialized division of labor selling stolen credentials and providing unauthorized access to the enterprise, according to an IntSights report. 

By David Jones • Aug. 12, 2021

How the $1.2 trillion infrastructure bill invests in cyber

As part of the larger cyber funding injection, the legislation sets aside $100 million, allocated over five years, for the Cyber Response and Recovery Fund.

By Samantha Schwartz • Aug. 12, 2021

Is XDR the next best security solution?

SOCs are still learning about extended detection and response and how to apply it to an existing security stack. But when properly deployed, it's an asset for incident response.

By Samantha Schwartz • Aug. 11, 2021

How human instinct can interfere with cyber crisis response

In a gut reaction to a security incident, users may make the wrong move to avoid losing data. 

By Samantha Schwartz • Aug. 10, 2021

It's time to bridge the gap between security and development

More than 80% of developers knowingly release applications with insecure code, but experts say security and development don't have to be at odds.

By Brian Eastwood • Aug. 9, 2021

CISA takes aim at information sharing woes, launches public-private super group

The Joint Cyber Defense Collaborative is Jen Easterly's first major initiative as CISA's second-ever director.

By Samantha Schwartz • Aug. 6, 2021

Don't ask whether to pay a ransom — ask how attackers could get in

Paying a ransom does not always mitigate damage from the attack or unlock encrypted systems. 

By Samantha Schwartz • Aug. 3, 2021

Preparedness, checklists, leadership buy-in: How to build a rapid IT response

Navigating cyberattacks and outages means companies rely on IT leaders to respond quickly, as business continuity hinges on functioning systems.

By Roberto Torres • Aug. 2, 2021

Behind the Firewall: 5 security leaders share incident response plans

With a strong plan in place, security teams can jump immediately into action when a cyber incident occurs to — hopefully — mitigate the damage.

By Katie Malone • July 30, 2021

Biden orders voluntary cybersecurity performance goals for electric utilities, other critical sectors

The president on Wednesday signed a national security memorandum that also expands and formally establishes a cross-sector Industrial Control System Cybersecurity Initiative, which was piloted by the electric sector.

By Robert Walton • July 30, 2021

Ransomware, supply chain attacks put cyber insurers on notice

Malicious cyber activity will force the insurance industry to raise premiums, raise standards and, in some cases, negotiate ransom payments, newly released data from Coalition shows.

By David Jones • July 28, 2021

Engineers need cybersecurity training, too

Companies will undergo a shift in cyber culture, eventually combining the data engineers and network security professionals use to search for vulnerabilities.

By Samantha Schwartz • July 22, 2021

Biden administration readies 3 initiatives to curb ransomware

The government wants cybercriminals to think twice before instigating an incident and private industry to engage more.

By Samantha Schwartz • July 21, 2021

Behind the Firewall: How 6 security execs screen vendors

In the wake of high-profile vendor attacks, security due diligence prior to signing a third-party contract is a must. 

By Katie Malone , David Jones • July 16, 2021

Want to quickly recover from ransomware? Plan ahead

Security teams need to understand how the business will work when an attacker limits access to its systems.

By Katie Malone • July 15, 2021

Critical goods industries face existential ransomware decisions

For certain industries, the choice is between paying millions to settle a criminal extortion or allowing a catastrophic supply chain disruption.

By David Jones • June 30, 2021

3 ways to assess the effectiveness of security awareness training

Failure to prove the effectiveness of a security awareness program can lower the executive support critical to ensuring participation in the program.

By Richard Addiscott • June 14, 2021

Bad actors hide in everyday IT tools, complicating detection

Security tools automatically block certain threats, yet there's often a larger intrusion detection teams and services need to weed out.

By Samantha Schwartz • June 9, 2021