Countries pledge to not pay ransoms, but experts question impact

There is no mandate to ban governments or businesses from paying ransom demands, but the pledge could be a step toward that outcome.

By Matt Kapko • Nov. 6, 2023

Top ways businesses can manage the risk implications of the SEC cybersecurity disclosure rule

The SEC final rule requires public companies to disclose any material cybersecurity incidents within four business days of determination.

Nov. 6, 2023

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

Microsoft overhauls cyber strategy to finally embrace security by default

The plan follows major backlash Microsoft experienced earlier this year for charging customers for additional security features. 

By David Jones • Nov. 3, 2023

Splunk to cut 7% of staff in latest layoff round this year

CEO Gary Steele said the cuts, which largely impact employees in the U.S., are not related to Cisco's deal to acquire the company.

By Matt Kapko • Nov. 1, 2023

BeyondTrust, Cloudflare averted Okta attacks thanks to security chops

With details scant, worries remain about how the attacks might have played out for less security-focused businesses that were impacted.

By Matt Kapko • Nov. 1, 2023

How to protect sensitive school data during a cyberattack

The CFO of a Texas school district recommends safer ways to request sensitive employee data and stronger password and verification policies.

By Kara Arundel • Oct. 27, 2023

CISA targets software identification in push to boost supply chain security

The plan is part of a wider effort to boost software security using vulnerability management and SBOMs.

By David Jones • Oct. 27, 2023

Microsoft touts demand for its security services in fiscal Q1, driven by AI appetite

The company said it is gaining market share in the cybersecurity segment and is opening access to its AI-based Security Copilot after an early preview.

By David Jones • Oct. 25, 2023

LastPass working through ‘systemic’ security overhaul

“We didn’t just address the issues that were the cause of the breach,” CEO Karim Toubba said. Still, nearly 1 in 10 customers are fleeing the password manager.

By Matt Kapko • Oct. 25, 2023

FAIR Institute wants to quantify just how much a cyberattack costs

The risk-management body is trying to create a standard to estimate material cyber attack costs and help stakeholders better understand risk.

By Matt Kapko • Oct. 20, 2023

Tech spend to hit milestone as businesses react to AI security scare

Gartner is projecting worldwide IT spend will top $5 trillion next year, and CIOs are investing more in security to curb concerns associated with AI and risk.

By Matt Ashare • Oct. 20, 2023

Cyber venture capital funding on pace to hit four-year low

VC activity in cybersecurity reflects a pragmatic period in an industry oversaturated with vendors, Crunchbase data shows.

By Matt Kapko • Oct. 19, 2023

EPA rescinds rule to include cybersecurity in water system audits after legal challenge

The Biden administration said it will continue efforts to reduce cyber risk in critical infrastructure sectors.

By David Jones • Oct. 16, 2023

CISA’s top 10 misconfigurations reveal ‘systemic weaknesses’

Common mistakes including poor credential management, weak MFA and lackluster patching continue to harm large enterprises.

By Matt Kapko • Oct. 16, 2023

SMBs seek cyber training, support as attack risk surges

A report from Sage indicates SMBs face considerable obstacles to preventing cyberattacks when compared to larger, higher resourced enterprises.

By David Jones • Oct. 16, 2023

Federal agencies press OT/ICS providers on open-source security

The U.S. is scrutinizing the security of critical infrastructure providers, which are becoming more dependent on connected infrastructure.

By David Jones • Oct. 12, 2023

CISA pivots focus to China-linked threats against critical infrastructure

The agency now considers China the top nation-state threat, after a heavy emphasis on risks related to the Russia-Ukraine war.

By David Jones • Oct. 5, 2023

What to consider when choosing cybersecurity providers

While it might be easier for an organization to build its core cybersecurity system from one company, that may not provide the best option.

By Sue Poremba • Oct. 5, 2023

AWS kicks off cloud race to mandate MFA by default

The cloud giant will start requiring users with the highest level of privileges to use MFA starting in mid-2024. Google, in response, said it will mandate MFA for certain accounts this year.

By Matt Kapko • Updated Oct. 4, 2023

C-suite leaders to boost cybersecurity compliance amid SEC disclosure rule: Deloitte

Almost two-thirds of corporate executives plan to strengthen their respective programs, and push third-party vendors to take similar measures as new incident reporting rules begin.

By David Jones • Oct. 2, 2023

Cyber investments on pace to reach $215B in 2024: Gartner

The firm expects security services, the industry’s largest segment, to account for 42% of all spending and rise 11% to $90 billion next year.

By Matt Kapko • Oct. 2, 2023

Clorox resumes normal plant operations in the wake of cyberattack

The Pine-Sol maker said it was scaling up production to replenish inventories following an extended product shortage.

By David Jones • Oct. 2, 2023

Progress Software says business impact ‘minimal’ from MOVEit attack spree

While the company reported $951,000 in cyber incident and vulnerability response expenses for its third quarter, they represent just a sliver of its revenue.

By Matt Kapko • Sept. 28, 2023

Cisco’s big bet on Splunk accelerates market shifts

The AI-equipped SIEM and observability market isn’t Cisco’s for the taking, as opportunities abound for other vendors to claim share.

By Matt Kapko • Sept. 27, 2023

AWS bets on accuracy in generative AI deployment race

The cloud giant is taking a full-stack approach to generative AI, which doubles down on security and reliable results.

By Naomi Eide • Sept. 26, 2023