AWS, Splunk lead open source effort to spot and curb cyberattacks

A broad group of 18 tech companies are collaborating to establish a less cumbersome model for cybersecurity defense coordination.

By Matt Kapko • Aug. 10, 2022

Cloudflare thwarts ‘sophisticated’ phishing attack strategy that bruised Twilio

Dissimilar responses from Cloudflare and Twilio bear important lessons in transparency, resiliency and access.

By Matt Kapko • Aug. 9, 2022

Explore the Trendline➔

Risk Management

Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues. 

By Cybersecurity Dive staff

Encevo stays resilient post-attack, but it’s still assessing the data damage

The Luxembourg energy supplier’s ability to thwart a shutdown likely empowered its refusal to pay a ransom.

By Matt Kapko • Aug. 8, 2022

Ransomware defense guidance risks hang-ups under many steps

Small and mid-sized businesses don’t typically have the resources to meet every safeguard. But every action, however small, helps.

By Matt Kapko • Aug. 4, 2022

Threat actors shifting tactics as Microsoft blocks, unblocks and reblocks macros

Proofpoint researchers say criminal hackers are turning to container files and Windows shortcuts to distribute malware.

By David Jones • July 29, 2022

Mandiant red team breaches OT servers to mimic crime group techniques

Researchers are not aware of financially motivated actors using these techniques in the wild.

By David Jones • July 27, 2022

AWS wants to be an enterprise security strategy advisor

The cloud giant advised customers to focus on specific needs, and rely on embedded defenses running automatically behind the scenes.

By Matt Kapko • July 27, 2022

SEC's cybersecurity proposals: Why visibility into risk is at the heart of it

The SEC is driving at a question every modern organization needs to consider: How should senior executives and boards manage cybersecurity risks?

July 18, 2022

Cyber insurers split on what’s most important in a security posture assessment

To keep up with demand, cyber insurers acknowledge the need to rethink the underwriting process, research from Panaseer shows.

By Naomi Eide • July 15, 2022

The US is losing the cyberspace race

Decades-old policies have failed to stem a growing threat, the Council of Foreign Relations said. What if the U.S. embraced a more limited and realistic strategy?

By Matt Kapko • July 15, 2022

Companies cannot see — or protect — nearly half of all device endpoints

Managing corporate devices was hard pre-pandemic. But as digital sprawl bloomed, visibility fell further behind. 

By David Jones • July 13, 2022

Microsoft rollback on macro blocking in Office sows confusion

The company said it remains "fully committed" to disabling macros by default, and the temporary measure will make the product more user friendly.

By David Jones • July 11, 2022

How CISOs can prepare for new and unpredictable cyberthreats

CISOs often ask, “How do I avoid being hit by the next major cyberattack?” The problem is, that’s the wrong question.  

By Jeremy D’Hoinne • July 11, 2022

Mid-sized companies grapple with response to cyber crises

Limited resources, staffing and executive awareness can hamper attack response capabilities.

By David Jones • July 8, 2022

What to watch with 5G network security

For wireless network carriers, 5G is a model of what’s next. But it also introduces features and services that dramatically expand the threat surface.

By Matt Kapko • July 8, 2022

CISO priorities for the second half of 2022

Security executives from Zoom, NS1 and Oomnitza shared their security priorities for the rest of 2022, with a special emphasis on mastering the basics. 

By Sue Poremba • July 5, 2022

Pricing pressures moderate as cyber insurance market begins to level out

A surge in new buyers has begun to offset years of rising claims and higher premiums, according to data from global insurance firm Marsh.

By Naomi Eide • July 1, 2022

Google enhances password manager to boost security across platforms

Updates will allow users to manage passwords across platforms, including Chrome, Android and iOS. 

By David Jones • June 30, 2022

Organizations lag on confidence and policies to manage open source security

It's taking longer for companies to find open source vulnerabilities, and shaky policies mean only the most critical vulnerabilities are attended to. 

By David Jones • June 24, 2022

Analysts nudge businesses to decentralize cybersecurity leadership

The push is to enable employees to make informed security decisions while meeting enterprise needs with spread out security leadership. 

By Lindsey Wilkinson • June 22, 2022

What enterprise leaders can divine from software bills of materials

Cyber defense tool: Software bills of materials (SBOMs) can expose elements of risks in applications.

By Jen A. Miller • June 17, 2022

Ransomware groups shift tactics and objectives

Malware can play a major or nonexistent role in ransomware attacks. Threat actors are often only in it for the money.

By Matt Kapko • June 15, 2022

How and why ransomware responses go haywire

A lack of fortitude and preparation on the communications front often puts enterprises at risk for greater harm.

By Matt Kapko • June 13, 2022

5 takeaways from the RSA Conference

The event tried to pick up where it left off 28 months ago. Can defenders keep up with the accelerated pace and scale of the cyber threat?

By Matt Kapko • June 13, 2022

America's cyber chiefs have a long to-do list

The federal government wants to lead by example and communicate the urgency of the moment. First, it needs to get its security affairs in order. 

By Matt Kapko • June 9, 2022