CISA director bullish on private sector cooperation toward cybersecurity goals

Jen Easterly urged U.S. companies to embrace the agency’s efforts to raise cybersecurity performance, create resilient products and share more information. 

By David Jones • Nov. 3, 2022

US ransomware payments surge to $1.2B in 2021: Treasury

The evidence of the rapid increase comes as the White House concluded an international summit with a pledge to strengthen anti-ransomware cooperation.

By David Jones • Nov. 2, 2022

FTC slams Chegg for chronic, ‘careless security’

The online tutoring and book rental company suffered four data breaches between 2017 and 2020, one of which exposed personal information on about 40 million customers.

By Matt Kapko • Nov. 1, 2022

White House convenes dozens of countries to fight ransomware

The second international summit follows a series of high profile attacks against CommonSpirit Health and the Los Angeles Unified School District. 

By David Jones • Oct. 31, 2022

CISA aims for target rich, resource poor sectors in rollout of security basics

Officials hope new cybersecurity performance goals will serve as a roadmap to strengthen the resilience of local providers like schools, hospitals and utilities. 

By David Jones • Oct. 28, 2022

How cybersecurity experts are reacting to CISA’s security goals

Federal authorities describe the cross-sector guidance as “a floor, not a ceiling.” 

By Matt Kapko • Oct. 28, 2022

Explore CISA’s 37 steps to minimum cybersecurity

The agency placed a premium on low cost, high impact security efforts, which account for more than 40% of the goals.

By Naomi Eide • Oct. 28, 2022

CISA releases long-awaited cybersecurity performance goals for critical infrastructure

The goals are meant to apply to every critical infrastructure, focusing on security basics such as requiring unique credentials and asset inventory.

By David Jones • Oct. 27, 2022

GAO to feds: More coordination needed to strengthen K-12 cybersecurity

The government watchdog said the Ed Department and CISA have “little to no interaction” with other agencies and the K-12 community on cybersecurity.

By Anna Merod • Oct. 25, 2022

FTC orders Drizly to tighten data security practices as 2.5M consumers exposed

The Uber subsidiary must implement a comprehensive information security program, while the CEO will be held to similar requirements in the future. 

By David Jones • Oct. 25, 2022

Help wanted for 3.4M jobs: Cyber workforce shortage is an acute, worldwide problem

Research from (ICS)2 shows an ongoing skills gap in the information security space is under greater pressure than before.

By David Jones • Oct. 24, 2022

Cybersecurity quarterly benchmarks: Q1, 2022

Gartner Peer Insights data and opinions run the gamut on cybersecurity maturity, budgets, and initiatives.

Oct. 24, 2022

White House plans IoT security labeling program for spring 2023

Major connected device manufacturers, retailers and industry groups back efforts to boost cyber awareness.

By David Jones • Oct. 21, 2022

CISA’s priority sectors for 2023: water, hospitals, K-12

The industries slated for emphasis are “target-rich, resource-poor entities,” CISA Director Jen Easterly said. They’re also heavily targeted by ransomware.

By Matt Kapko • Oct. 21, 2022

National cybersecurity strategy to debut within months, White House official says

The Biden administration’s strategy will have extensive collaboration with the private sector, National Cyber Director Chris Inglis says.

By David Jones • Oct. 20, 2022

TSA rolls out long-anticipated cyber directive for freight, passenger rail systems

The directive is part of a wider administration effort to build resilience across a series of critical infrastructure sites nationwide.

By David Jones • Oct. 19, 2022

Cyber defense is not IT’s job alone, CISA CTO says

While tech executives must provide critical tools and procedures to lower cyber risk, the whole organization is responsible for fending off attackers.

By Roberto Torres • Oct. 19, 2022

Uber ex-CSO verdict raises thorny issues of cyber governance and transparency

The former chief security officer of the ride-sharing firm is seen by many as a scapegoat for an unsupervised and unaccountable corporate culture.

By David Jones • Oct. 19, 2022

White House to raise cyber standards for healthcare, water and emergency communications

CISA will also roll out minimum security standards by late October that can apply to organizations across sectors.

By Naomi Eide • Oct. 14, 2022

White House to roll out Energy Star-like ratings for IoT

The labeling plan is part of a long-sought effort to boost security and transparency in commonly used technology products. 

By David Jones • Oct. 12, 2022

Cybersecurity needs a statewide approach, report finds

Research from Deloitte and state CIOs shows cities often hesitate to work with states on cybersecurity to protect their autonomy, but local government cyber grants could change that. 

By Michael Brady • Oct. 10, 2022

CISA orders federal IT overhaul with automated asset inventory, software scanning

Civilian agencies will be required to check for vulnerabilities in a push to gain better visibility into IT networks.

By David Jones • Oct. 4, 2022

Strict security rules could push open source community out of federal work, expert says

Agency CISOs and development experts say federal agencies need to work collaboratively with open source community contributors.

By David Jones • Sept. 27, 2022

6 things businesses need to know about the changing privacy landscape

New bills are proposed every day, and while only a few will become official policy, there may be important trends that impact businesses.

By Ryan P. Blaney • Sept. 26, 2022

How common telecom cyber risks snowball in cloud, open source

Public cloud plays a central role in the modernization of wireless networks. But more open source software, vendors and vulnerabilities could spell trouble.

By Matt Kapko • Sept. 23, 2022