CISOs earn higher profile with remote work, evolving threats

Corporate boards are demanding regular updates on the latest threats, while simultaneously asking CISOs to make sure workers meet business objectives in the most secure manner possible.

By David Jones • June 3, 2021

Phishing attack against US government, NGOs shakes assumptions on containment

As federal authorities flex new, aggressive steps to deter malicious activity, analysts warn that an evolving threat actor may challenge industry's ability to trust anything. 

By David Jones • June 2, 2021

Explore the Trendline➔

Risk Management

Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues. 

By Cybersecurity Dive staff

Beware open source when going zero trust, expert says

To combat software insecurities, begin with software inventory and a software bill of materials requirement.

By Samantha Schwartz • May 25, 2021

Ransomware seen as top cyberthreat as extortion demands, payouts soar

Two leading threat intelligence experts warned of future risks as U.S. relations with nation-state cyber adversaries hit rock bottom, especially as attackers use shame as a tool. 

By David Jones • May 24, 2021

SolarWinds CEO extends hack timeline, rethinks intern blame

Investigators established the timeline after stumbling upon code that showed the attackers were embedded in the system since the beginning of 2019.

By David Jones • May 20, 2021

Critical infrastructure flaws surface after years of underinvestment, inaction

Providers — particularly in the energy sector — knew the warning signs but were slow to respond.

By David Jones • May 11, 2021

Third-party risk and why it matters

If not monitored or tracked, third-party remote access can expose networks to cyber threats and allow entry to bad actors who can wreak havoc on an organization's internal systems.

May 10, 2021

Targeted industrial control systems add cautionary flag to cyber defense strategies

A Defend Forward strategy used in the IT space may not translate well in the OT environment, according to panelists at the Hack the Capitol conference. 

By David Jones • May 6, 2021

What happens if threat data isn't shared?

Threats only have meaning if companies decide they do; if an organization does not deem a threat serious enough, they can go unshared. 

By Samantha Schwartz • April 30, 2021

Cyberattack on Passwordstate tests confidence in password managers

The supply chain attack is raising questions about how best to deploy and secure the tools as corporations face heightened threats across the globe.

By David Jones • April 27, 2021

Global supply chains grapple with international cyberpowers

Cybersecurity intertwines industry with geopolitics. Governments will have to grapple with how to balance national security, business continuity and intellectual property protection.

By Samantha Schwartz • April 26, 2021

Protect the keys to the kingdom: Email cyberattacks open doors to core assets

Any type of cyberattack is bad news for an organization, but when email servers are breached, cybercriminals have ready access to a company's most sensitive assets. 

By Sue Poremba • April 16, 2021

Enterprise security leaders fear rising AI use among threat actors: report

Some experts are urging companies to incorporate AI into their cyber defense strategies, while others view the threat of AI as overhyped marketing.

By David Jones • April 9, 2021

Companies missing security in rushed cloud adoptions

While misconfigurations are likely unknown today, they have the potential to become critical vulnerabilities.

By Samantha Schwartz • April 6, 2021

2020 was a record year for K-12 cybersecurity incidents

U.S. schools faced 408 publicized incidents — an 18% increase over 2019, according to the K-12 Cybersecurity Resource Center. 

By Roger Riddell • April 1, 2021

Shift online exposed and expanded college cybersecurity vulnerabilities

Ransomware attacks doubled from 2019 to 2020, according to one report, and experts say the increased use of virtual tools opened up new threats.

By Sue Poremba • March 31, 2021

To combat open source insecurity, companies need tech and leadership

With software dependencies commonplace, it's up to industry to clear a path to greater supply chain security in software.

By Samantha Schwartz • March 26, 2021

Babuk ransomware group emerges with new claims against US companies

The threat actor emerges amid heightened ransomware concerns following the Microsoft Exchange server attacks.

By David Jones • March 26, 2021

Operational threat intelligence leans on facts, less anecdotal evidence

Digesting threat intelligence looks different in IT environments than OT.

By Samantha Schwartz • March 25, 2021

Threat data sharing considered critical to defense amid rise in sophisticated attacks: report

A Ponemon Institute study shows the value of actionable data as lawmakers and the Biden administration work to encourage intelligence sharing. 

By David Jones • March 24, 2021

As cyber insurers quantify risk, security spending provides little info

Quantifying risk appetite, an assessment insurance premiums are based on, is an imperfect science for providers and customers.

By Samantha Schwartz • March 24, 2021

70% of malicious DNS traffic in tech is cryptomining, phishing: Cisco

Researchers suggested tech employees were unfamiliar with company policies, triggering cryptomining blocks in Cisco Umbrella. 

By Samantha Schwartz • March 23, 2021

SolarWinds threat actors accessing Microsoft 365 by altering permissions

Mandiant observed a threat actor linked to the SolarWinds campaign using a stealthy approach to read email in targeted mailboxes.

By David Jones • March 22, 2021

Microsoft deploys more updates to contain Exchange server fallout

The FBI and CISA are warning of additional threats from nation states and threat actors as patching and security updates leave many vulnerable companies exposed. 

By David Jones • March 12, 2021

DearCry ransomware latching onto Exchange hack, Microsoft says

Patching is the only answer — for now.

By Samantha Schwartz • March 12, 2021