5 considerations for securing your software supply chain

Do you know what’s in your code? These five considerations should help you drive your security activities and identify weak points in your software supply chain.

By Mike McGuire, Sr. Software Solution Manager, Synopsys • May 6, 2024

How can AI companies navigate a complex regulatory framework? — Compliance Labels

The rapid unregulated growth in the field of artificial Intelligence has given rise to Large Language Models (LLM’s) such as GPT-4 and Gemini which has contributed to major technical advancements but has also been coupled with legal and ethical issues.

By Sai Prasad, Security Analyst, CyberProof, MS Cybersecurity Risk Management '22 • May 6, 2024

Explore the Trendline➔

Risk Management

Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues. 

By Cybersecurity Dive staff

Microsoft restructures security governance, aligning deputy CISOs and engineering teams

The company will enhance management roles under the CISO and partially tie compensation to security performance.

By David Jones • May 3, 2024

Clorox lowers sales outlook as recovery from 2023 cyberattack continues

The cleaning products maker is still working to fully restore distribution capabilities after the attack.

By David Jones • May 3, 2024

Amazon CEO touts AWS cloud security as AI risk concerns mount

Andy Jassy urged enterprises “not to overlook the security and operational performance” of cloud-based generative AI services. “It’s less sexy, but critically important.”

By Matt Ashare • May 3, 2024

At Microsoft, years of security debt come crashing down

Critics say negligence, misguided investments and hubris have left the enterprise giant on its back foot.

By David Jones • April 30, 2024

What to do when your team is struggling to manage too many application security vendors

A good ASPM solution will correlate and analyze data from a variety of sources, allow you to administer and orchestrate security tools, and automate your security policies.

April 29, 2024

Microsoft CEO says security is its No. 1 priority

The comments from Satya Nadella come weeks after a withering report from the federal Cyber Safety Review Board scrutinized how the company prioritized speed to market over security.

By David Jones • April 26, 2024

What is success in cybersecurity? Failing less.

Defenders aren’t measured by pure wins or losses. Intrusions will happen, and their job is to keep a bad situation from getting worse.

By Matt Kapko • April 26, 2024

CISA director pushes for vendor accountability and less emphasis on victims’ errors

Stakeholders need to address why vendors are delivering products with common vulnerabilities, which account for the majority of attacks, Jen Easterly said.

By Matt Kapko • April 25, 2024

Enterprises are getting better at detecting security incidents

Google Cloud’s Mandiant saw significant improvements in how organizations track down threats, yet hackers are still abusing common threat vectors.

By David Jones • April 23, 2024

Cyber insurance gaps stick firms with millions in uncovered losses

A CYE analysis of 101 breaches across various sectors revealed insurance gaps resulting in an average of $27.3 million in uncovered losses per incident.

By Alexei Alexis • April 22, 2024

Majority of businesses worldwide are implementing zero trust, Gartner finds

Programs are typically sponsored by C-suite executives, while the CISO is often tasked with execution, according to Gartner.

By David Jones • April 22, 2024

The art of threat modeling: 3 frameworks to know

Organizations should use the frameworks in a manual or automated way to better understand the security threats they’re up against, Gartner’s William Dupre writes. 

By William Dupre • Updated April 24, 2024

ChatGPT grabs the shadow IT crown: report

Generative AI tools emerged as the latest villain in the enterprise battle to curb SaaS bloat and rationalize software portfolios, Productiv analysis found.

By Matt Ashare • April 16, 2024

Top officials again push back on ransom payment ban

In lieu of a ban, the Institute for Security and Technology advises governments to achieve 16 milestones, most of which are already in place or in the works.

By Matt Kapko • April 15, 2024

CISA to big tech: After XZ Utils, open source needs your support

The attempted malicious backdoor may have been part of a wider campaign using social engineering techniques, the open source community warned.

By David Jones • April 15, 2024

DevSecOps, done right, can achieve both speed and security in software development

You don’t have to choose between speed or security if you do DevSecOps correctly. Learn how.

April 15, 2024

CISO role shows significant gains amid corporate recognition of cyber risk

A report from Moody’s Ratings shows CISOs and other senior-level cyber executives have become key decision makers within the C-suite. 

By David Jones • April 9, 2024

Industry stakeholders seek 30-day delay for CIRCIA comments deadline

Industry officials are asking for additional time to comb through hundreds of pages of detailed rules about disclosure of covered cyber incidents and ransom payments.

By David Jones • April 8, 2024

The top 5 SecOps strategies to strengthen business in 2024

Learn the importance of specialized security fueled by artificial intelligence and machine learning, why comprehensive coverage from attacks is critical and how to embrace new methods of supporting your IT teams.

April 8, 2024

Cybersecurity venture funding remains weak, near three-year low

Quarterly funding levels hit $2.3 billion in Q1 2024, a far cry from the $8 billion high the market achieved in the final quarter of 2021, according to Pinpoint Search Group.

By Matt Kapko • April 5, 2024

What’s missing for SMBs? A solid cybersecurity culture

Small businesses can be especially vulnerable to cyberattacks because of their limited resources, and few have employees on staff who truly understand the value of secure business operations.

By Sue Poremba • April 1, 2024

Water woes: A federal push for cyber mitigation is highlighting the sector’s fault lines

The water utility industry says they recognize the heightened threat environment, but the current federal push fails to account for their resource constraints.

By David Jones • March 28, 2024

CISA issues notice for long-awaited critical infrastructure reporting requirements

CIRCIA will require covered entities to promptly disclose major cyber incidents and ransomware payments.

By David Jones • March 27, 2024