Half of security teams report to CISO, others miss out on business benefits: survey

The Latest

• 

  Lack of visibility leaves critical infrastructure vulnerable to ransomware

  Corporate executives approve massive payouts to attackers because they see few options to quickly restore business operations, according to security experts.

  Vulnerability

• 

  Biden administration readies 3 initiatives to curb ransomware

  The government wants cybercriminals to think twice before instigating an incident and private industry to engage more.

  Strategy

• 

  House passes broad bipartisan measures to help states fund energy cybersecurity

  The bills position the private sector to receive financial incentives for helping improve states' energy cybersecurity, which experts say will be a key to securing systems from hackers.

  UPDATED: July 22, 2021 at 10:25 a.m.

  Regulation

• 

  Why cybersecurity keeps payments executives up at night

  Payments are a critical part of the nation's infrastructure, so executives in the industry are under pressure to understand the evolving threat landscape.

  Threats

• 

  White House ties cyberattacks to China, but private sector awaits stronger action

  Security leaders urge more forceful action after the U.S. accused China of backing a campaign of malicious cyberattacks, including the early 2021 attacks against Microsoft Exchange server.

  Cyberattacks

• 

  Ransomware defenses fail to prevent attack: report

  While 54% of organizations conduct anti-phishing training, 24% of ransomware attacks used phishing as the point of entry, a Cloudian survey found.

  Threats

• 

  REvil vanished from the internet. But ransomware attackers never fully disappear

  The hacking group's absence left echoes of high-profile ransomware attacks in its wake. But few think the group is gone for good. Consider this a brief respite.

  Threats

• 

  WFH shift tests resilience of financial services amid surge in phishing, ransomware

  The Financial Stability Board warned the sector must remain vigilant amid new cyber risks and dependence on third-party technologies.

  Vulnerability

• 

  Column

  Behind the Firewall: How 6 security execs screen vendors

  In the wake of high-profile vendor attacks, security due diligence prior to signing a third-party contract is a must. 

  Strategy

• 

  Want to quickly recover from ransomware? Plan ahead

  Security teams need to understand how the business will work when an attacker limits access to its systems.

  Strategy

• 

  Grid regulators urge 'continued vigilance,' as Congress scrutinizes ransomware

  With more attacks against critical infrastructure, legislators and federal officials are urging better response and prevention to curb the rise in ransomware.

  Regulation

• 

  Failure to patch could unleash a real (print)nightmare

  If the vulnerability remains unpatched, it's a ripe target for malicious actors to escalate privileges and the perfect ingredient for an exploit kit.

  Vulnerability

• 

  Cyber leaders officially join the ranks as White House grapples with remediation

  The Senate confirmed Jen Easterly to lead CISA while the White House swore in the first national cyber director, Chris Inglis.

  Regulation

• 

  What to expect from the national cyber director

  While there are technicalities to sort out, the primary goal of the role is to fill a void in federal cybersecurity strategy across agencies and sectors. 

  UPDATED: June 18, 2021 at 8:54 a.m.

  Leadership and careers

• 

  Kaseya restores SaaS monitoring service after REvil ransomware attack

  The IT monitoring and management provider is working to restore service for on-premises customers after extensive hardening to protect against a future attack. 

  Cyberattacks

• 

  Kaseya: What's known (and unknown) about the ransomware attack

  The historic ransomware attack against the remote-monitoring provider leaves a number of outstanding questions. 

  UPDATED: July 12, 2021 at 4:41 p.m.

  Cyberattacks

• 

  Morgan Stanley falls prey to lingering effects of Accellion breach

  Data from the investment firm was compromised through the vendor of a vendor, a hallmark of difficult-to-prevent — and increasingly frequent —  supply chain security incidents.

  Breaches

• 

  Kaseya misses first attempt to restore SaaS following REvil attack

  The scope of the ransomware attack began to emerge, as thousands of SMBs and other organizations returned to work only to find systems compromised.

  Cyberattacks

• 

  WannaCry lesson still echoes: Patch

  The EternalBlue leak and unpatched Windows 7 operating systems created the perfect storm.

  Cyberattacks

• 

  Kaseya postpones service restoration, apologizes for attack

  Outside engineers warned that Kaseya needs additional layers of protection as pre-existing vulnerabilities are revealed.

  Vulnerability

• 

  Kaseya wrestles with service restoration following supply chain attack

  The company is working with federal officials to recover from a ransomware attack that Kaseya said impacted up to 1,500 downstream customers.

  Cyberattacks

• 

  Ransomware attack against Kaseya creates rippling supply chain compromise

  The remote monitoring software provider is warning customers to shut down servers after an incident that security researchers linked to REvil. 

  Cyberattacks

• 

  Cost of ransomware: CISO exits, staff layoffs and unaccounted losses

  Two-thirds of organizations incurred significant losses due to ransomware, a Cybereason survey found.

  Cyberattacks

• 

  Cloud targeted in widespread brute force campaign

  The defense, logistics and energy sectors are among the various entities under threat by the campaign, which targets organizations using Microsoft Office 365.

  Cyberattacks

• 

  Column

  Behind the Firewall: A hub for security executive information sharing

  In Cybersecurity Dive's recurring column, executives tackle the issues they regularly confront, from at-home security solutions to avoided disasters.

  Leadership and careers

More stories