CISA pins modest security gains to performance goals program

The federal agency said the number of critical infrastructure organizations enrolled in its vulnerability scanning program nearly doubled since 2022.

By Matt Kapko • Jan. 14, 2025

The double-edged sword of AI in cybersecurity: driving efficiency gains, meeting compliance requirements and navigating greater risk

Discover the dual impact of AI in cybersecurity: enhancing efficiency and compliance while opening new risk avenues.

By Joel Burleson-Davis, SVP Worldwide Engineering, Cyber • Jan. 13, 2025

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

CISA director reiterates prior calls for C-suites, boards to take cyber risk ownership

Jen Easterly said companies need to consider cybersecurity threats as core risks that need to be fully incorporated into corporate business strategy.

By David Jones • Jan. 10, 2025

4 cybersecurity trends to watch in 2025

Critical industries are up against never before seen challenges to remain secure and operational, while regulatory pressures have completely upended the role of the CISO in corporate America.

By David Jones , Matt Kapko • Jan. 9, 2025

National cyber director calls for deterrence against China-affiliated cyber threats

Harry Coker Jr. said China and other adversaries cannot be allowed free reign to conduct malicious cyber activities.

By David Jones • Jan. 9, 2025

Investors narrow scope of cyber funding deals in 2024

Total funding was up 9% year over year to $9.5 billion. More than half of all dollars raised went to late-stage rounds, Pinpoint Search Group said.

By Matt Kapko • Jan. 8, 2025

White House program to certify the security of IoT devices goes live

The White House is also working on an executive order to limit federal purchasing of connected products that meet the minimum security standards under the program.

By David Jones • Jan. 8, 2025

What companies need to help secure AI

Experts say MLOps will bridge the gap between development and operations, creating room for the inclusion of security and privacy practices, too.

By Sue Poremba • Jan. 6, 2025

Cyber leaders are bullish on generative AI despite risks: report

Executives say they would overhaul tooling in exchange for better generative AI capabilities, according to a CrowdStrike survey.

By Lindsey Wilkinson • Jan. 3, 2025

White House says 9th telecom company hit in Salt Typhoon spree

A senior official blamed the intrusions on lax security and said in one case the compromise of a single administrator account led to access of over 100,000 routers.

By Matt Kapko • Dec. 27, 2024

CISA mobile security advice gets personal in wake of telecom intrusions

The agency’s recommendations are not for the technically inept. Yet the extraordinary measures, including the use of encrypted apps, are applicable to all audiences.

By Matt Kapko • Dec. 19, 2024

Pennsylvania representative pitches bill to double cyber assistance for local water systems

The proposed legislation comes amid a surge in ransomware and state-linked attacks against U.S. water utilities.

By David Jones • Dec. 17, 2024

CISA’s pre-ransomware alerts nearly doubled in 2024

The federal agency’s efforts to improve defenses surged in fiscal year 2024. Yet, attacks continue to climb.

By Matt Kapko • Dec. 17, 2024

Executives see another CrowdStrike-level IT outage on the horizon

IT and business leaders admit to prioritizing security at the expense of service disruption readiness, a PagerDuty report found.

By Matt Ashare • Dec. 13, 2024

Snowflake to phase out single-factor authentication by late 2025

The security policy change starts one year after a wave of attacks targeted more than 100 Snowflake customer environments without MFA.

By Matt Kapko • Dec. 10, 2024

Credit risk rising as attackers strike larger companies: Moody’s

Cybercriminals are deploying generative AI tools in their efforts at ransomware and fraud, Moody’s Ratings said.

By Jim Tyson • Dec. 10, 2024

Frontline workforce tech predictions for 2025: A new era of efficiency and security

2025 Predictions: Boosting frontline efficiency with passwordless tech and identity and access management innovations

By Joel Burleson-Davis, SVP Worldwide Engineering, Cyber • Dec. 9, 2024

For IT pros, the CrowdStrike crisis was a ‘call to arms’

The global outage triggered investments in people, processes and technologies to beef up enterprise resilience, Adaptavist research found.

By Matt Ashare • Dec. 6, 2024

Protecting the cloud: combating credential abuse and misconfigurations

To defend against two of today’s biggest cloud security threats, organizations must adapt and develop proactive strategies, Google Cloud’s Brian Roddy writes. 

By Brian Roddy • Dec. 5, 2024

T-Mobile undeterred as telecom sector reels from attack campaign

Cybersecurity Dive spoke with CSO Jeff Simon about how the carrier says it thwarted a threat group resembling Salt Typhoon despite its past security failures.

By Matt Kapko • Dec. 5, 2024

UK cyber chief warns country is at an inflection point as digital threats rise

In his first major speech, NCSC CEO Richard Horne said state linked and criminal threat groups are working to undermine the nation’s reliance on technology. 

By David Jones • Dec. 3, 2024

When password rules change, who benefits?

As the National Institute of Standards and Technology rolls out updated password guidance, some experts want to make passwords a thing of the past.

By Sue Poremba • Dec. 2, 2024

FBI, CISA warn of heightened risk of BEC attacks during holiday season

Authorities encouraged prompt reporting, which can help recover stolen payments.

By David Jones • Nov. 27, 2024

CrowdStrike avoids customer exodus after triggering global IT outage

The cybersecurity vendor reported $33.9 million in expenses related to the July 19 incident, which caused the company to swing to a loss.

By Matt Kapko • Nov. 27, 2024

As holiday season begins, US braces for looming risk of cyberattacks

Security teams are on the alert for nation-state threats and ransomware as millions of workers break for a holiday.

By David Jones • Nov. 26, 2024