Strategy
-
Open source threat intel platform launched weeks after malicious backdoor targeted XZ Utils
OSSF developed warning system to protect open source maintainers, developers from social engineering, active exploits.
By David Jones • May 20, 2024 -
Sponsored by Palo Alto Networks
Enterprises are embracing AI. But can they secure it?
Taking a confident approach to AI security and navigating the path to adoption.
By Anand Oswal, Senior Vice President and General Manager of Network Security, Palo Alto Networks • May 20, 2024 -
Trendline
Risk Management
Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues.
By Cybersecurity Dive staff -
AI raises CIO cyber anxieties
Using third-party generative AI products without the proper controls exposes existing security gaps, McKinsey and Co. Partner Jan Shelly Brown said Tuesday at the MIT Sloan CIO Symposium.
By Matt Ashare • May 17, 2024 -
Palo Alto Networks signs broad enterprise cybersecurity partnership with IBM
The enterprise security giant will capitalize on a platform consolidation strategy as IBM concedes on transition to cloud security.
By David Jones • May 16, 2024 -
Cybersecurity leaders expect their SOC budgets to grow, KPMG finds
Average annual SOC budgets stand at $14.6 million, but most security leaders expect their budgets and headcount to grow by up to 20% over the next two years, the survey found.
By Maura Webber Sadovi • May 15, 2024 -
Unsafe software development practices persist, despite CISA’s push
The industry isn’t making sufficient progress in cleaning up code despite recurring efforts from the agency to eliminate entire classes of vulnerabilities.
By Matt Kapko • May 15, 2024 -
Cyber insurance costs are stabilizing as global market grows
Increased capacity is helping to meet rising demand for cyber coverage and more insurers are using tools to assess potential risk, a report from S&P Global Ratings shows.
By David Jones • May 14, 2024 -
Cyber pros weigh an intel-sharing quandary: What to share when attacks hit close to home
The detail and speed with which companies share information after an attack can prevent future pain. But businesses aren’t always keen on transparency.
By Matt Kapko • May 14, 2024 -
Only one-third of firms deploy safeguards against generative AI threats, report finds
Generative AI gives attackers an edge over cyber defenders, according to a Splunk survey of security experts.
By Jim Tyson • May 13, 2024 -
Sponsored by Synopsys
Don’t be afraid of GenAI code, but do be wary
Don’t fall for scare headlines about GenAI code—it offers multiple benefits—but also be aware of its limits and risks.
May 13, 2024 -
White House wants to hold the software sector accountable for security
Federal officials are taking steps toward a long-stated goal of shifting the security burden from technology users to the companies that build it.
By David Jones • May 10, 2024 -
Officials see a real change in Microsoft’s security plans: financial accountability
CISA Director Jen Easterly pointed to Microsoft’s decision to link security to executive compensation as a meaningful signal of its priorities.
By Matt Kapko • May 10, 2024 -
68 tech, security vendors commit to secure-by-design practices
CISA said companies ranging from Microsoft to Palo Alto Networks signed the voluntary pledge in an effort to boost resiliency and increase transparency around CVEs and cyberattacks.
By David Jones • May 9, 2024 -
CISA explains why it doesn’t call out tech vendors by name
Federal officials rarely criticize tech companies when their mistakes result in attacks. The stinging conclusions CSRB levied at Microsoft are an exception, not the norm.
By Matt Kapko • May 9, 2024 -
The US really wants to improve critical infrastructure cyber resilience
A report from the Office of the National Cyber Director highlights persistent threats targeting healthcare and water, echoing warnings from cyber officials earlier this year.
By David Jones • May 8, 2024 -
Sponsored by Synopsys
5 considerations for securing your software supply chain
Do you know what’s in your code? These five considerations should help you drive your security activities and identify weak points in your software supply chain.
By Mike McGuire, Sr. Software Solution Manager, Synopsys • May 6, 2024 -
Sponsored by Indiana University
How can AI companies navigate a complex regulatory framework? — Compliance Labels
The rapid unregulated growth in the field of artificial Intelligence has given rise to Large Language Models (LLM’s) such as GPT-4 and Gemini which has contributed to major technical advancements but has also been coupled with legal and ethical issues.
By Sai Prasad, Security Analyst, CyberProof, MS Cybersecurity Risk Management '22 • May 6, 2024 -
Microsoft restructures security governance, aligning deputy CISOs and engineering teams
The company will enhance management roles under the CISO and partially tie compensation to security performance.
By David Jones • May 3, 2024 -
Clorox lowers sales outlook as recovery from 2023 cyberattack continues
The cleaning products maker is still working to fully restore distribution capabilities after the attack.
By David Jones • May 3, 2024 -
Amazon CEO touts AWS cloud security as AI risk concerns mount
Andy Jassy urged enterprises “not to overlook the security and operational performance” of cloud-based generative AI services. “It’s less sexy, but critically important.”
By Matt Ashare • May 3, 2024 -
Deep Dive
At Microsoft, years of security debt come crashing down
Critics say negligence, misguided investments and hubris have left the enterprise giant on its back foot.
By David Jones • April 30, 2024 -
Sponsored by Synopsys
What to do when your team is struggling to manage too many application security vendors
A good ASPM solution will correlate and analyze data from a variety of sources, allow you to administer and orchestrate security tools, and automate your security policies.
April 29, 2024 -
Microsoft CEO says security is its No. 1 priority
The comments from Satya Nadella come weeks after a withering report from the federal Cyber Safety Review Board scrutinized how the company prioritized speed to market over security.
By David Jones • April 26, 2024 -
What is success in cybersecurity? Failing less.
Defenders aren’t measured by pure wins or losses. Intrusions will happen, and their job is to keep a bad situation from getting worse.
By Matt Kapko • April 26, 2024 -
CISA director pushes for vendor accountability and less emphasis on victims’ errors
Stakeholders need to address why vendors are delivering products with common vulnerabilities, which account for the majority of attacks, Jen Easterly said.
By Matt Kapko • April 25, 2024