Palo Alto Networks closely watched ahead of late Friday Q4 report

The cybersecurity firm's unusually timed fiscal fourth-quarter earnings report comes amid turbulence in the sector.

By David Jones • Aug. 18, 2023

Suncor CEO says company mostly recovered from June cyberattack

The incident was serious and not worth repeating, President and CEO Rich Kruger said. "I’d rather have a root canal than go through one of these attacks again.”

By David Jones • Aug. 17, 2023

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

Security basics aren’t so basic — they’re hard

Lax security controls cause heavy damages, and security experts warn how unmet basics turn up, time and again, when things go wrong.

By Matt Kapko • Aug. 17, 2023

AWS customers’ most common security mistake

All too often organizations are not doing least-privilege work with identity systems, AWS’ Mark Ryland told Cybersecurity Dive.

By Matt Kapko • Aug. 16, 2023

How disjoined threat intelligence limits companies — and what to do about it

There’s no shortage of research on attackers, but for many CISOs, turning those insights into action is a difficult endeavor.

By Matt Kapko • Aug. 15, 2023

Why Walden thinks this national cybersecurity strategy will work

The acting national cyber director, armed with more talent at the federal level and an implementation plan, is striving for lasting impact.

By Matt Kapko • Aug. 11, 2023

White House wants input on open source security, memory-safe languages

Federal agencies put out a request for information Thursday, building on Biden administration priorities to help secure open source post-Log4j.

By David Jones • Aug. 11, 2023

3 best practices from the White House K-12 cybersecurity summit

School leaders must take prevention seriously and know who to call when an attack happens, government officials and educators said.

By Kara Arundel • Aug. 11, 2023

4 ways organizations can take back the advantage from attackers

By reorienting systems defense around resilience, “we become more like attackers, we become nimble, empirical, curious,” Kelly Shortridge said at Black Hat USA 2023. 

By Matt Kapko • Aug. 10, 2023

New York rolls out statewide cybersecurity strategy

The strategy follows previous steps to enhance local cybersecurity and protect critical infrastructure across the state.

By David Jones • Aug. 10, 2023

Rapid7 to cut 18% of workforce, shutter certain offices

The cybersecurity firm had been the subject of speculation about pursuing a possible sale.

By David Jones • Aug. 9, 2023

NIST releases draft overhaul of its core cybersecurity framework

It marks the first major update to federal risk guidance since 2014 and incorporates new issues, including supply chain security and threats to small business.

By David Jones • Aug. 9, 2023

The MOVEit spree is as bad as — or worse than — you think it is

The mass exploit has compromised more than 600 organizations, but that only scratches the surface of the potential number of downstream victims. Security experts project years of fallout.

By Matt Kapko • Aug. 9, 2023

Cyber insurer Resilience raises $100M in expansion bid

The company plans to use the funding to assist the global expansion and scale the adoption of its recently launched cyber-risk platform.

By Alexei Alexis • Aug. 8, 2023

AWS pledges $20M to K-12 cyber training, incident response

The cloud services provider is participating in a broad White House plan to build additional protection to defend schools against ransomware and other threats.

By David Jones • Aug. 7, 2023

CISA seeks to address visibility, resilience in 3-year strategic plan

The agency outlined a major push to recognize and respond to immediate cyberthreats and make secure development practices a priority.

By David Jones • Aug. 7, 2023

Inside the most-commonly exploited CVEs of 2022

Delayed patching and unmet secure-by-design principles are aggravating the risk of compromise, the Five Eyes warned Thursday.

By Matt Kapko • Aug. 4, 2023

Broad SBOM adoption takes root as businesses watch their supply chains

Research from Sonatype shows major companies are increasingly mandating outside vendors to account for the security of their applications.

By David Jones • Aug. 4, 2023

C-suite, rank-and-file at odds over security’s role

Security is a priority when implementing a cloud strategy, 50% of executives said in a May survey. Most security workers beg to differ.

By Roberto Torres • Aug. 4, 2023

Businesses improved cyber incident response times following Log4j, report finds

An Immersive Labs study showed security teams improved response times during attacks, but post-incident recovery still lagged.

By David Jones • Aug. 2, 2023

White House looks to close massive cyber skills gap

The Biden administration is moving to address a yearslong shortage of qualified IT security and technology industry workers.

By David Jones • Aug. 1, 2023

Generative AI risks loom as businesses increase investments

Even when risks associated with the tech are identified, most businesses aren’t putting in the work to mitigate them.

By Lindsey Wilkinson • Aug. 1, 2023

How to communicate data risk to the business

Data risk communications must be objective, pragmatic and clearly focused on the best interests of the organization to be effective, Gartner’s Joerg Fritsch writes. 

By Joerg Fritsch • July 31, 2023

New Jersey Supreme Court to hear Merck insurance dispute over NotPetya attack

The pharmaceutical giant previously won lower court rulings regarding war exclusion language. 

By David Jones • July 28, 2023

To execute the national cyber strategy, it’s going to take the whole US government

Experts applaud the desired outcomes, but the tasks and responsibilities now assigned to agencies underscore the challenges that lie ahead.

By Matt Kapko • July 25, 2023