The proposed SEC cyber incident disclosure rule is a positive change. But it won’t make organizations safer.

If organizations want to actually get serious about protecting themselves, they need to have a robust system for handling incidents when they happen.

By Frank Shultz • March 27, 2023

5 steps organizations can take to counter IAM threats

Many organizations lean on identity and access management tools to perform credential management and authentication. But these systems aren’t foolproof.

By Matt Kapko • March 24, 2023

Explore the Trendline➔

Risk Management

Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues. 

By Cybersecurity Dive staff

Threat intelligence isn’t for everyone, Google says

Most security professionals don’t have the time to read a 10-page threat intelligence report, let alone put those insights into action.

By Matt Kapko • March 23, 2023

Ill-prepared against cyberattacks? You’re not alone, Cisco says

The cybersecurity readiness gap looms large, and smaller organizations were ranked the least prepared.

By Matt Kapko • March 22, 2023

Ransomware gangs incite fear in victims to fuel attacks

Attacks involving data theft nearly doubled and harassment spiked 20 times by late 2022, Palo Alto Networks Unit 42 said.

By Matt Kapko • March 21, 2023

Security drives software purchases for half of US companies

The study from Capterra comes weeks after the U.S. rolled out plans to shift liability for weak product security onto the tech industry.

By David Jones • March 20, 2023

Global cybersecurity spending to top $219B this year: IDC

Persistent cyberattack threats, increased regulations and the demands of hybrid work are driving sustained growth.

By Matt Kapko • March 17, 2023

Cybersecurity market confronts potential consequences of banking crisis

Bank seizures impose new challenges on vendors in every segment and may spur consolidation.

By Matt Kapko • March 16, 2023

SVB turmoil could mean long-term uncertainty for enterprise IT

The demise of Silicon Valley Bank created a void in tech startup funding and raises questions about the health of the vendor ecosystem.

By Matt Ashare • March 14, 2023

Shift to secure-by-design must start at university level, CISA director says

Jen Easterly says secure coding and memory safety should be incorporated into computer science curriculum. 

By David Jones • March 13, 2023

GitHub to begin rollout of 2FA security upgrade for developers

The enhancement is part of a wider series of security measures following a series of malicious cyberattacks.

By David Jones • March 9, 2023

CrowdStrike grows subscriber base as customers consolidate security services

CEO George Kurtz took more shots at Microsoft as CrowdStrike draws customers looking to eliminate multiple vendors.

By David Jones • March 9, 2023

How will the government enforce the national cyber strategy?

Efforts to enact laws and regulations that impose greater responsibility on the technology sector aren’t likely to come quick or easy.

By Matt Kapko • March 8, 2023

Organizations tempt risk as they deploy code more frequently

An imbalance between developers and security professionals on staff spotlights a disconnect between these business functions and objectives.

By Matt Kapko • March 7, 2023

LastPass aftermath leaves long to-do list for business customers

Organizations using the password manager are exposed after a major breach compromised credentials and, potentially, business secrets.

By Matt Kapko • March 6, 2023

White House releases national cyber strategy, shifting security burden

The long-anticipated policy will push the technology industry to shoulder more of the load for cyber risk, while promoting long-term investments and global cooperation against common threats. 

By David Jones • March 2, 2023

An ongoing SOC skills shortage could spell trouble for compliance

Without skilled analysts to monitor the SOC, the risk of a successful cyberattack breaking through a company’s defenses grows. 

By Sue Poremba • March 1, 2023

3 CISA principles for secure by design

The Biden administration is expected to emphasize safer development practices when it rolls out the national security strategy for cyber. 

By David Jones • Feb. 28, 2023

Attackers reduce complexity to catch more potential victims

Palo Alto Networks warns attackers are building economies of scale by conducting more efficient operations and complementing their skills with commercially available tools.

By Matt Kapko • Feb. 23, 2023

6 stories that show the state of security spending and risk

In an effort to shore up business technology, organizations are investing more in security, but there is a limit to how much those budgets can grow.

By Naomi Eide • Feb. 21, 2023

GitHub Copilot for Business, now in public release, weaves in security

The coding tool includes AI-based security capabilities, automatically blocking common insecure code suggestions.

By Lindsey Wilkinson • Feb. 17, 2023

Companies grapple with post-breach disclosure risks

The concerns leading organizations to withhold information are aplenty, including reputational damage and financial impacts.

By Matt Kapko • Feb. 16, 2023

IT security budgets triple as businesses confront more cyberattacks across Europe, US

Five-year data from Hiscox shows businesses are facing more frequent and more costly attacks.

By David Jones • Feb. 16, 2023

Cybersecurity jobs least likely to be impacted by economic uncertainty, (ISC)2 says

A series of high-profile and damaging cyberattacks has underscored the critical role cybersecurity teams play, and top brass are taking notice.

By Matt Kapko • Feb. 16, 2023

Liberty Mutual launches global cyber office

The office will bring a multidisciplinary approach to cyber risk just as the global insurance industry sees signs of clarity amid a turbulent market for cyber.

By David Jones • Feb. 14, 2023