How 7 cybersecurity experts manage their passwords

Cybersecurity Dive asked CISOs and other cyber experts what they do with their passwords. Here’s how they manage the mess that awaits us all.

By Matt Kapko • May 4, 2023

Companies need a wakeup call to fix chronic security shortcomings, cyber experts say

One researcher wonders if the industry needs another Snowden-like moment to spring organizations into action.

By Matt Kapko • May 3, 2023

Explore the Trendline➔

Risk Management

Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues. 

By Cybersecurity Dive staff

Merck cyber coverage upheld in NotPetya decision, seen as victory for policyholders

A court victory in the closely watched insurance case is expected to stabilize a turbulent market and provide some assurance for organizations amid a rise in nation-state activity.

By David Jones • May 3, 2023

Most open source maintainers still consider themselves hobbyists, despite compensation pledges

A study by Tidelift shows a compensation gap for the key producers of open source applications, raising questions about how to properly secure software supply chains.

By David Jones • May 2, 2023

Cybersecurity pros plant seeds of hope at RSA Conference

Optimism floated on the surface during the annual industry gathering. For one keynote on stage, it was the central theme.

By Matt Kapko • May 2, 2023

Organizations are boosting resilience, getting faster at incident response

While the number of data security incidents remained level between 2021 and 2022, companies improved recovery thanks to stronger security measures, BakerHostetler found.

By David Jones • May 1, 2023

Mandiant CEO’s 7 tips for cyber defense

Organizations’ institutional knowledge is an advantage that no adversary can match, Kevin Mandia told RSA Conference attendees.

By Matt Kapko • April 28, 2023

Global cyber insurance prices continue to moderate in Q1

Marsh data shows rate increases slowing, stemming in part from new entrants into the cyber insurance market and fewer ransomware attacks in 2022.

By David Jones • April 27, 2023

IT managers uneasy with snooping software: report

Surveillance tools may cause an uptick in staff attrition and make hiring more difficult, a 1E survey found. 

By Roberto Torres • April 25, 2023

Threat actors can use ChatGPT to sharpen cyberthreats, but no need to panic yet

Startling dangers, such as autonomous attack mechanisms and sophisticated malware coding, have yet to materialize. For now, the threat is more specific.

By Matt Kapko • April 21, 2023

3CX has a 7-part plan to shore up its security

The company is planning significant security upgrades and changes to network operations after a historic attack from a state-linked actor.

By David Jones • April 20, 2023

Cyber insurance premium hikes slowed in 2022, Fitch says

The deceleration was driven by a moderation of ransomware incidents and heightened levels of cyber risk awareness among corporate executives, the credit rating agency said.

By Alexei Alexis • April 18, 2023

ChatGPT prompts experts to consider AI’s mark on cybersecurity

Previous AI advancements in cybersecurity tools and practices could be a precursor of what’s to come.

By Matt Kapko • April 18, 2023

Cyber venture capital funding slows to a trickle, a sharp decline from 2022 investment

Funding declined 58% year-over-year in Q1, though this quarter marked a slight increase from Q4 2022.

By Matt Kapko • April 14, 2023

Software industry leaders debate real costs and benefits of CISA security push

The global effort to promote secure by design is seen as a potential game changer for software security, but may require substantial investments and considerable cultural changes.

By David Jones • April 14, 2023

Explore the core tactics of secure by design and default

The international joint guide encapsulates security recommendations long-touted by CISA, including technical tactics for software and infrastructure design and best practices for default security measures at large.

By Matt Kapko • April 13, 2023

CISA, partner agencies unveil secure by design principles in historic shift of software security

Authorities are engaging key stakeholders, but there is a broad understanding that these proposed changes will require massive changes in industry culture.

By David Jones • Updated April 13, 2023

CISA to unveil secure-by-design principles this week amid push for software security

The Biden administration plans to shift responsibility for product safety to the tech industry. Stakeholder discussions are already underway.  

By David Jones • April 12, 2023

How Target approaches identity and access management

Designing an identity and access management system that provides a good user experience while preventing unauthorized access is a critical responsibility.

By Matt Kapko • April 12, 2023

3CX threat actor named as company focuses on security upgrades, customer retention

Mandiant attributed the supply chain attack to a North Korea-linked adversary that targeted systems using Windows-based malware.

By David Jones • April 12, 2023

Biden cyber officials see auto, food safety as models for security overhaul

The push to hold technology stakeholders liable for secure-by-design products will be a multiyear effort likely to involve Congress, the acting national cyber director said.

By David Jones • April 10, 2023

IT security leaders still told to keep data breaches quiet, study finds

Bitdefender research found 7 in 10 IT and security professionals in the U.S. have been asked to keep a breach confidential.

By David Jones • April 6, 2023

Experts warn against ransomware complacency

Despite reports of fewer ransomware-related cyber insurance claims and decelerating premiums in 2022, experts say the threat is still serious and evolving.

By Alexei Alexis • April 3, 2023

Marsh brokerage program lowers threshold for cyber insurance coverage

Cyber Pathway aims to match organizations with insurance providers and also encourage businesses to improve their controls to get better coverage.

By Matt Kapko • March 29, 2023

Microsoft unveils Security Copilot built on GPT-4

The technology combines the capabilities of OpenAI's generative AI with Microsoft's threat intelligence and security network.  

By David Jones • March 28, 2023