The Latest
-
Sean Gallup via Getty Images
OpinionHow to secure the enterprise against REvil-style attacks
There is no way to fully protect against advanced attacks such as zero-day vulnerabilities or nation-state threats — responding quickly is critical to minimizing damage.
-
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
A security expert's guide to the top-exploited vulnerabilities
The biggest and baddest ransomware groups love an easy vulnerability.
-
Brendan Smialowski / Stringer via Getty Images
War room preparation key to ransomware response, experts say
Companies need to assemble stakeholders ahead of an attack and be ready for potential fallout from litigation, reputational risk and operations disruption.
-
Sarah Silbiger via Getty Images
Deep DiveWhat's under the hood of a medical device? Software bill of materials hits inflection point
President Joe Biden's executive order calls for SBOMs, and the FDA wants to require premarket submissions to have an inventory of third-party device components. AdvaMed is concerned the data could be exploited by hackers.
-
CISOs: Approach the board with precision, simplicity
Executives from PepsiCo, Mandiant and Texas Children's Hospital honed the art of approaching the board. Their techniques leave stakeholders asking, "Do you need anything?"
-
Courtesy of Colonial Pipeline Company
Why CEOs become communication chiefs after a cyberattack
When ransomware hit, the CEOs of Colonial Pipeline and Accellion paused their day-to-day duties. Their immediate new roles? Communication.
-
6 types of CISO and the companies they thrive in
Jeff Pollard, VP and principal analyst at Forrester, wants CISOs to discover the type of leader they are — transformational, tactical, steady — and run with it.
-
Anna Moneymaker via Getty Images
DOJ cracks down on ransomware with cyber task force, civil fraud initiative
Federal authorities will target illegal crypto trading platforms and pursue federal contractors that fail to report breaches.
-
Samantha Schwartz/Cybersecurity Dive
Mandiant CEO: 3 threats that changed cybersecurity in 2020
CISOs getting comfortable in a more operational role were met with unprecedented cyberattacks — implants, zero days and ransomware — within the last year and a half.
-
Carl Court via Getty Images
Insider threat environment faces challenges amid changing corporate landscape
As remote work becomes permanent and employee turnover rises, companies face additional challenges in protecting sensitive data, according to a panel discussion at Mandiant Cyber Defense Summit.
-
Alex Wong via Getty Images
What cyber insurance CEOs want to see from customers
Insurers joined high-profile CEOs at the White House summit last week to discuss how to improve national cybersecurity. For one insurance CEO, the industry needs three points of improvement.
-
Sean Gallup via Getty Images
Top global companies falling short in protecting domain security
Major brands leave themselves and their customers open to phishing attacks, ransomware and BEC due to inadequate measures.
-
Drew Angerer via Getty Images
REvil, DarkSide highlight surge in Q2 ransomware attacks: report
The government sector saw more ransomware attacks, while financial services companies faced increased threats in the cloud, according to McAfee Enterprise research.
-
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
With remote work, any employee could be an insider threat. How is CISA mitigating the risk?
CISA released a self-assessment tool which organizations can use to generate reports on their tolerance and capabilities for preventing insider threats.
-
Markus Spiske
NIST urges supply chain to include cyber in risk management
Industries that rely heavily on technology are the best at incorporating cyber in their supply chain risk management plans, according to NIST's Jon Boyens.
-
Ransomware attacks put availability of medical devices at risk: FDA cyber chief
Industry reached a "watershed moment" earlier this year when a device outage caused by malware endangered patient lives, said the acting director of cybersecurity at CDRH.
-
Getty
Why is the CIO-CISO dynamic strained?
In an enterprise where every executive has competing priorities in deadlines, money and personnel, some CISOs and CIOs fight for equal shares.
-
Ryan Golden/Cybersecurity Dive
Digitization costs manufacturing plants 'the luxury of isolation,' changing risk management
OT organizations transition from site-level best practices to overall best practices, and move plant operations into an enterprise SOC.
-
Getty Images
Healthcare workers concerned with cybersecurity amid burnout and pandemic woes
Nearly three-quarters of healthcare professionals are concerned that patient health information is being sent through unsecured tools, according to a new survey from hospital communications firm Spok.
-
Jeenah Moon via Getty Images
Deep DiveMicrosoft, under attack from threat actors, positions itself as cyber guardian
The pandemic created more business opportunity, but malicious actors dogged the company's technology stack. Now, the very same products touted as security defense tools are under fire.
-
David Ramos via Getty Images
Threat actors more frequently — and successfully — target Active Directory
Attacks on AD played a prominent role during the high-profile SolarWinds campaign and LockBit 2.0 ransomware attacks.
-
Traitov/iStock/Getty via Getty Images
Timely patching remains pain point even as high-profile bugs linger
With business continuity already challenged by COVID-19, patches interfering with business productivity became more of a challenge for security teams.
-
Sean Gallup via Getty Images
Microsoft warns of new credential-stealing backdoor from SolarWinds threat actor
The newly identified malware, called FoggyWeb, has been observed since April and is used to steal from compromised AD FS servers.
-
Markus Spiske
How hackers are making the leap from cloud to the software build processes
The security problem with third-party container applications is not, however, indicative of infrastructure flaws.
-
Mark Wilson via Getty Images
Ripple effects from a cyber incident take a year to develop: report
Organizations are likely to both generate and suffer the downstream consequences of cyber incidents because of the technological reliance companies have on one another.
