Opinion

The latest opinion pieces by industry thought leaders


If you are interested in having your voice heard on Cybersecurity Dive's Opinion page, please read our editorial guidelines and fill out the submission form here.

  • The back of a person sitting at their desk is seen while they are on the phone in front of a computer.
    Image attribution tooltip
    Christopher Furlong/Getty via Getty Images
    Image attribution tooltip

    Security awareness and training is a method, not an outcome

    In 2024, the idea of human risk management shifted from concept to reality as frustrated CISOs looked for solutions beyond security awareness and training to make real change. 

    Jinan Budge • Nov. 20, 2024
  • An abstract photo copy background in black and white.
    Image attribution tooltip
    BNMK0819 via Getty Images
    Image attribution tooltip

    Who should be in the room when purchasing cyber insurance?

    Cyber exposure should be treated just as seriously as a fire event, each with a high potential to disrupt business for extended periods of time, Peter Hedberg of Corvus Insurance writes. 

    Peter Hedberg • Nov. 11, 2024
  • zero trust
    Image attribution tooltip
    iStock via Getty via Getty Images
    Image attribution tooltip

    How to implement attack surface management

    ASM is a core component of exposure management that organizations can leverage to enhance vulnerability management. 

    Steve Santos • Oct. 23, 2024
  • zero trust
    Image attribution tooltip
    iStock via Getty via Getty Images
    Image attribution tooltip

    3 tips to building a robust AI security strategy

    Organizations can reap bigger benefits from AI with guardrails that combine human oversight, strong underlying security architecture and technical controls.

    Anton Chuvakin • Aug. 21, 2024
  • A blue screen with an unhappy face is depicted on a screen in the background behind glass and in front of a person looking down.
    Image attribution tooltip
    Anthony Kwan / Stringer via Getty Images
    Image attribution tooltip

    Misguided lessons from CrowdStrike outage could be disastrous

    Some leaders think moving slowly is safer in light of global outages, but this approach is wrong when addressing cyber vulnerabilities and will lead to bigger problems.

    Deepak Kumar • Aug. 13, 2024
  • cybersecurity, talent shortage, retention, leadership
    Image attribution tooltip
    Getty Images via Getty Images
    Image attribution tooltip

    How to identify and implement security automation use cases

    It might be a “fun” engineering challenge to see what is possible to automate, but often the results will not justify the expense and effort, Gartner’s Kevin Schmidt writes.

    Kevin Schmidt • June 4, 2024
  • A close up of a cursor arrow hovering over an X on a screen, pixelated with red, blue and green colors.
    Image attribution tooltip
    ar-chi via Getty Images
    Image attribution tooltip

    The art of threat modeling: 3 frameworks to know

    Organizations should use the frameworks in a manual or automated way to better understand the security threats they’re up against, Gartner’s William Dupre writes. 

    William Dupre • Updated April 24, 2024
  • U.S. Vice President Kamala Harris looks on as President Joe Biden signs an executive order.
    Image attribution tooltip
    Chip Somodevilla via Getty Images
    Image attribution tooltip

    Threat environment is changing for individuals and SMBs, White House order shows

    An executive order is trying to prevent the large-scale transfer of Americans’ data, as countries seek troves of U.S. data for blackmail, AI training and analysis, among a multitude of other purposes. 

    Michael Kosak • March 18, 2024
  • People speaking during a conference event.
    Image attribution tooltip
    sanjeri via Getty Images
    Image attribution tooltip

    Why trust is the most critical deliverable for CISOs

    Instead of a list of nebulous targets, CISOs should focus on delivering trust to three key constituencies: their leadership, their peers and their inner circle. 

    Nader Henein • Nov. 6, 2023
  • A textbox with five stars blocking out a word and a lock to simulate password protection.
    Image attribution tooltip
    kaedeezign via Getty Images
    Image attribution tooltip

    Government investigation puts spotlight on password insecurity

    A team working for the Department of Interior’s inspector general successfully cracked 1 in 5 active user passwords, a ratio that highlights traps in cybersecurity standards, Mike Kosask from LastPass writes.

    Michael Kosak • Aug. 24, 2023
  • People sitting around a board room table
    Image attribution tooltip
    Caiaimage/Paul Bradbury via Getty Images
    Image attribution tooltip

    How to communicate data risk to the business

    Data risk communications must be objective, pragmatic and clearly focused on the best interests of the organization to be effective, Gartner’s Joerg Fritsch writes. 

    Joerg Fritsch • July 31, 2023
  • Image attribution tooltip
    Michael M. Santiago via Getty Images via Getty Images
    Image attribution tooltip

    Is cybersecurity doing enough to prevent the next Colonial Pipeline attack?

    Two years have passed since the Colonial Pipeline incident, but critical infrastructure providers aren’t doing enough to proactively mitigate attacks. 

    Matthew Parsons, Brian Knudtson and Alex Reid • May 8, 2023
  • In this photo illustration, OpenAI's ChatGPT AI-generated answer to the question "What can AI offer to humanity?"
    Image attribution tooltip
    Leon Neal via Getty Images
    Image attribution tooltip

    ChatGPT at work: What’s the cyber risk for employers?

    The use of ChatGPT could run afoul of company policy, copyright concerns, customer confidentiality or even international privacy laws, BlackBerry’s CISO writes. Here’s what businesses should consider.  

    Arvind Raman • April 11, 2023
  • An overhead view of people sitting with laptops on their laps using their hands to type.
    Image attribution tooltip
    Mark Wilson / Staff via Getty Images
    Image attribution tooltip

    How cybersecurity leaders can tackle the skills shortage

    Organizations that do not address talent shortages and diversity gaps could harm their current and future security programs, leading to suboptimal security and risk outcomes.

    Akif Khan • April 5, 2023
  • Image of SEC seal on the side of a building.
    Image attribution tooltip
    Chip Somodevilla via Getty Images
    Image attribution tooltip

    The proposed SEC cyber incident disclosure rule is a positive change. But it won’t make organizations safer.

    If organizations want to actually get serious about protecting themselves, they need to have a robust system for handling incidents when they happen.

    Frank Shultz • March 27, 2023
  • zero trust
    Image attribution tooltip
    iStock via Getty via Getty Images
    Image attribution tooltip

    Zero trust is moving from hype to reality

    Organizations must plan ahead and invest in people and resources to succeed with zero trust, writes Gartner analyst John Watts. 

    John Watts • Feb. 10, 2023
  • Double exposure shot of backside of a computer and red binary codes.
    Image attribution tooltip
    Suebsiri via Getty Images
    Image attribution tooltip

    Battle of the breach: Prioritizing proactive ransomware defense

    Industry will soon face a reality where organizations are attacked every two seconds by threat actors that continue to evolve. So now what?

    Sebastian Goodwin • Jan. 25, 2023
  • A person holds a magnet pointed at multi-colored wooden figures of people sitting on dark wood-grain table.
    Image attribution tooltip
    iStock via Getty Images
    Image attribution tooltip

    Why CISOs should prioritize DEI initiatives in 2023

    Different mindsets can bring new and better solutions to the table that can mitigate advanced cyberthreats, Google Cloud’s director of the office of the CISO writes. 

    MK Palmore • Jan. 13, 2023
  • An illustrated computer with security symbols, including a person in a face mask holding a fishing pole with things representing PII dislpayed.
    Image attribution tooltip
    bagira22 via Getty Images
    Image attribution tooltip

    How to upgrade cybersecurity awareness training

    Phishing attacks are not always as obvious as a direct message from someone pretending to be Elon Musk asking you to buy cryptocurrency. To better equip employees, cyber training needs an upgrade. 

    James Karimi • Dec. 12, 2022
  • A large hallway with supercomputers inside a server room data center.
    Image attribution tooltip
    luza studios via Getty Images
    Image attribution tooltip

    How to implement an effective system to address third-party risk

    Current processes for assessing and managing third-party cybersecurity risks are cumbersome and ineffective. CISOs must adopt new principles to address business exposure.

    Sam Olyaei • Nov. 7, 2022
  • A businessperson holding up a cybersecurity symbol
    Image attribution tooltip
    greenbutterfly via Getty Images
    Image attribution tooltip

    Why user experience is essential to identity protection

    Organizations must strike a delicate balance between maximizing end-user protection and minimizing the security-related obstacles.

    Kapil Raina • Oct. 5, 2022
  • The dome of U.S. Capitol is seen framed by trees.
    Image attribution tooltip
    Dan Zukowski/Cybersecurity Dive
    Image attribution tooltip

    6 things businesses need to know about the changing privacy landscape

    New bills are proposed every day, and while only a few will become official policy, there may be important trends that impact businesses.

    Ryan P. Blaney • Sept. 26, 2022
  • Close shot of the U.S. Capitol dome against the bright blue sky.
    Image attribution tooltip
    Brendan Hoffman via Getty Images
    Image attribution tooltip

    How the US government’s cyber priorities will impact businesses

    There is a high probability that enterprise leaders will need to comply with some level of federal cybersecurity requirements or guidance.

    Tim Mackey • Sept. 9, 2022
  • A conference room equipped with laptops in a modern panoramic office.
    Image attribution tooltip
    ismagilov via Getty Images
    Image attribution tooltip

    Succession planning takes center stage in the fight to retain security talent

    To reduce attrition, security and tech leaders must provide a clear path for advancement, not just for managers but for all members of the team.

    Jess Burn • Aug. 24, 2022
  • An empty meeting room with a conference table.
    Image attribution tooltip
    Asia-Pacific Images Studio via Getty Images
    Image attribution tooltip

    Tips for translating cyber risk into board-friendly language

    Just because boards are more aware of the rise in cyberattacks does not mean they understand how digital technology and cybersecurity translate into business risk.

    Lucia Milică • Aug. 1, 2022