Security
-
Cybersecurity jobs pay well, but gender disparities persist
ISC2’s analysis found significant financial benefits for U.S. cybersecurity professionals, but pay gaps persist across levels of seniority by gender.
By Matt Kapko • April 12, 2024 -
Microsoft Exchange state-linked hack entirely preventable, cyber review board finds
The technology giant’s corporate culture fell short on security investments and risk management, and needs significant reforms, according to a damning report by the U.S. Cyber Safety Review Board.
By David Jones • April 3, 2024 -
Trendline
Cybersecurity
Security strategies benefit from nimbleness as companies respond to Log4j and other high-profile vulnerabilities, a boundless perimeter and questions about supply chain trust.
By CIO Dive staff -
Threat groups hit enterprise software, network infrastructure hard in 2023
Actively exploited high-risk vulnerabilities rose threefold in enterprise software and network infrastructure, according to Recorded Future.
By Matt Kapko • March 25, 2024 -
How CIOs can infuse security into generative AI adoption
As the AI ecosystem grows and more tools connect to internal data, threat actors have a wider field to introduce vulnerabilities.
By Lindsey Wilkinson • March 21, 2024 -
How companies describe cyber incidents in SEC filings
The words businesses use in cybersecurity disclosures matter. They can channel confidence in the recovery process, potential impacts and legal liabilities.
By Matt Kapko • March 21, 2024 -
3 months into cyber disclosure rules, what’s material to the SEC?
As attacks become more sophisticated and destructive, companies are struggling to find conclusive estimates of the financial impact of cyberattacks.
By David Jones • March 19, 2024 -
White House adds teeth to secure software development requirements
The guidelines are designed to ensure software producers working with the U.S. government comply with standards for secure development.
By David Jones • March 15, 2024 -
Cloud intrusions spiked 75% in 2023, CrowdStrike says
Threat actors took advantage of inconsistent cloud security structures, abusing unique features of the technology to initiate attacks.
By Matt Kapko • Feb. 26, 2024 -
National cyber director urges private sector collaboration to counter nation-state cyber threat
The Biden administration is exploring plans to hold manufacturers accountable for poor security while also working to harmonize regulations, the official said.
By David Jones • Feb. 13, 2024 -
What to know about the 200-member AI safety alliance
The alliance aims to support "the development and deployment of safe and trustworthy artificial intelligence," the U.S. Department of Commerce said.
By Roberto Torres • Feb. 8, 2024 -
AI-generated code leads to security issues for most businesses: report
More than three-quarters of developers bypass established protocols to use code completion tools despite potential risks, Snyk’s research found.
By Lindsey Wilkinson • Jan. 29, 2024 -
Midnight Blizzard attack seen as another sign of Microsoft falling short on security
Critics say the hack of senior Microsoft executives’ emails is another example of a longstanding series of security lapses and foot-dragging by the company.
By David Jones • Jan. 26, 2024 -
Microsoft to overhaul internal security practices after Midnight Blizzard attack
After the company disclosed a Russia-affiliated threat actor stole data from senior executives, experts are raising questions about its security capabilities and practices.
By David Jones • Jan. 22, 2024 -
Cyber tops business risk for enterprises worldwide, report finds
Worries over cybersecurity replaced business interruption as the top concern among U.S. businesses, according to the Allianz Risk Barometer.
By David Jones • Jan. 17, 2024 -
LastPass enforces 12-character master password lengths
The password manager enforced its guidance on master password complexity nearly a year and a half after a major cyberattack.
By Matt Kapko • Jan. 5, 2024 -
CompTIA bolsters training portfolio, adds AI fundamentals and AWS pro certs
The rollout will include new cybersecurity, data science and full-stack credentials and refresh five existing certification programs.
By Matt Ashare • Jan. 3, 2024 -
Cyber risk strategies in hot seat as SEC rules go live
Shifts in regulatory scrutiny are pushing companies to reassess cyber governance and mitigation at the highest levels.
By David Jones • Dec. 22, 2023 -
What the SEC weighed as it finalized its cyber disclosure rules
Compliance costs and a company’s need to remediate security incidents shaped the SEC’s final guidance.
By David Jones • Dec. 19, 2023 -
Challenging the ‘good enough’ cybersecurity mindset
The volume of cyber threats keeps growing, pushing companies to reevaluate the adequacy of existing resources.
By Jen A. Miller • Dec. 8, 2023 -
Authorities pushing for secure AI development practices
The guidelines are part of a global effort to ensure AI is developed using security as a core component.
By David Jones • Nov. 29, 2023 -
MSPs ready to support SEC cyber disclosure requirements
With a line of sight on security operations, MSPs hold keys to materiality determinations and annual 10-K reports.
By Suman Bhattacharyya • Nov. 28, 2023 -
Cloud security myths can leave SMBs exposed
AWS identified three cyber misconceptions that hinder small- and medium-sized businesses as they migrate workloads.
By Matt Ashare • Nov. 22, 2023 -
Retailers brace for cyberthreat feast ahead of Thanksgiving shopping weekend
A rise in social engineering and generative AI pose increased risks as phishing attacks and ransomware gain speed and grow more sophisticated.
By David Jones • Nov. 22, 2023 -
CISA explains how to apply secure-by-design principles
The focus should be on what manufacturers are doing to keep their customers safe, not the damage attackers might be inflicting, CISA’s Bob Lord said.
By Matt Kapko • Nov. 21, 2023 -
FTC extends cloud competition scrutiny to generative AI
“Cloud computing is a key input for artificial intelligence technologies,” FTC Chair Lina Khan said.
By Matt Ashare • Nov. 20, 2023