If you are interested in having your voice heard on Cybersecurity Dive's Opinion page, please read our editorial guidelines and fill out the submission form here.

• 

  The art of threat modeling: 3 frameworks to know

  Organizations should use the frameworks in a manual or automated way to better understand the security threats they’re up against, Gartner’s William Dupre writes. 

  William Dupre • April 18, 2024

• 

  Threat environment is changing for individuals and SMBs, White House order shows

  An executive order is trying to prevent the large-scale transfer of Americans’ data, as countries seek troves of U.S. data for blackmail, AI training and analysis, among a multitude of other purposes. 

  Michael Kosak • March 18, 2024

• 

  Why trust is the most critical deliverable for CISOs

  Instead of a list of nebulous targets, CISOs should focus on delivering trust to three key constituencies: their leadership, their peers and their inner circle. 

  Nader Henein • Nov. 6, 2023

• 

  Government investigation puts spotlight on password insecurity

  A team working for the Department of Interior’s inspector general successfully cracked 1 in 5 active user passwords, a ratio that highlights traps in cybersecurity standards, Mike Kosask from LastPass writes.

  Michael Kosak • Aug. 24, 2023

• 

  How to communicate data risk to the business

  Data risk communications must be objective, pragmatic and clearly focused on the best interests of the organization to be effective, Gartner’s Joerg Fritsch writes. 

  Joerg Fritsch • July 31, 2023

• 

  Is cybersecurity doing enough to prevent the next Colonial Pipeline attack?

  Two years have passed since the Colonial Pipeline incident, but critical infrastructure providers aren’t doing enough to proactively mitigate attacks. 

  Matthew Parsons, Brian Knudtson and Alex Reid • May 8, 2023

• 

  ChatGPT at work: What’s the cyber risk for employers?

  The use of ChatGPT could run afoul of company policy, copyright concerns, customer confidentiality or even international privacy laws, BlackBerry’s CISO writes. Here’s what businesses should consider.  

  Arvind Raman • April 11, 2023

• 

  How cybersecurity leaders can tackle the skills shortage

  Organizations that do not address talent shortages and diversity gaps could harm their current and future security programs, leading to suboptimal security and risk outcomes.

  Akif Khan • April 5, 2023

• 

  The proposed SEC cyber incident disclosure rule is a positive change. But it won’t make organizations safer.

  If organizations want to actually get serious about protecting themselves, they need to have a robust system for handling incidents when they happen.

  Frank Shultz • March 27, 2023

• 

  Zero trust is moving from hype to reality

  Organizations must plan ahead and invest in people and resources to succeed with zero trust, writes Gartner analyst John Watts. 

  John Watts • Feb. 10, 2023

• 

  Battle of the breach: Prioritizing proactive ransomware defense

  Industry will soon face a reality where organizations are attacked every two seconds by threat actors that continue to evolve. So now what?

  Sebastian Goodwin • Jan. 25, 2023

• 

  Why CISOs should prioritize DEI initiatives in 2023

  Different mindsets can bring new and better solutions to the table that can mitigate advanced cyberthreats, Google Cloud’s director of the office of the CISO writes. 

  MK Palmore • Jan. 13, 2023

• 

  How to upgrade cybersecurity awareness training

  Phishing attacks are not always as obvious as a direct message from someone pretending to be Elon Musk asking you to buy cryptocurrency. To better equip employees, cyber training needs an upgrade. 

  James Karimi • Dec. 12, 2022

• 

  How to implement an effective system to address third-party risk

  Current processes for assessing and managing third-party cybersecurity risks are cumbersome and ineffective. CISOs must adopt new principles to address business exposure.

  Sam Olyaei • Nov. 7, 2022

• 

  Why user experience is essential to identity protection

  Organizations must strike a delicate balance between maximizing end-user protection and minimizing the security-related obstacles.

  Kapil Raina • Oct. 5, 2022

• 

  6 things businesses need to know about the changing privacy landscape

  New bills are proposed every day, and while only a few will become official policy, there may be important trends that impact businesses.

  Ryan P. Blaney • Sept. 26, 2022

• 

  How the US government’s cyber priorities will impact businesses

  There is a high probability that enterprise leaders will need to comply with some level of federal cybersecurity requirements or guidance.

  Tim Mackey • Sept. 9, 2022

• 

  Succession planning takes center stage in the fight to retain security talent

  To reduce attrition, security and tech leaders must provide a clear path for advancement, not just for managers but for all members of the team.

  Jess Burn • Aug. 24, 2022

• 

  Tips for translating cyber risk into board-friendly language

  Just because boards are more aware of the rise in cyberattacks does not mean they understand how digital technology and cybersecurity translate into business risk.

  Lucia Milică • Aug. 1, 2022

• 

  How CISOs can prepare for new and unpredictable cyberthreats

  CISOs often ask, “How do I avoid being hit by the next major cyberattack?” The problem is, that’s the wrong question.  

  Jeremy D’Hoinne • July 11, 2022

• 

  Now is the time to break gender bias in cybersecurity

  A hidden epidemic that has hindered women’s ability to continue working at pre-pandemic levels is expected to impact infosec.

  Jinan Budge • April 12, 2022

• 

  Midsize enterprises: Strengthen security for today's threat landscape

  Midsize enterprises must protect against the same security threats as larger organizations, but with smaller budgets and fewer IT resources.

  Paul Furtado • April 4, 2022

• 

  Telecoms are essential to everyone's cybersecurity challenges

  Communications systems are accessible almost anywhere, at any time by both friend and foe alike.

  Jason Atwell • March 21, 2022

• 

  Would a cyberattack on a NATO country trigger Article 5?

  Few nations have sophisticated cyber capabilities and for operational security reasons, they are closely guarded, rarely shared, and carefully used.

  Mark Laity • March 2, 2022

• 

  Talk to the board, not just IT, about ransomware

  The spread of fast-moving cyberattacks accelerates the need for rapid, clear communication between end-users, security teams and the board.

  Lucia Milică • Feb. 4, 2022

Next