Policy & Regulation


  • Image attribution tooltip
    Win McNamee via Getty Images
    Image attribution tooltip

    NIST makes it official: governance is a critical part of cybersecurity

    A collection of resources accompany CSF 2.0 to make the guidance easier for businesses to use and put into practice across their operations.

    By Feb. 29, 2024
  • A utility worker checks a power line after a tornado.
    Image attribution tooltip
    photovs via Getty Images
    Image attribution tooltip

    Utility regulators take steps to raise sector’s cybersecurity ‘baselines’

    The voluntary cyber recommendations are intended to serve as a resource for state public utility commissions, utilities and distribution operators and aggregators.

    By Robert Walton • Feb. 29, 2024
  • Exterior of MGM Grand Hotel & Casino in Las Vegas
    Image attribution tooltip
    Ethan Miller via Getty Images
    Image attribution tooltip

    MGM Resorts’ cyberattack headache continues as regulators launch investigations

    The company said it could face fines in connection with regulatory inquiries stemming from the social engineering attack.

    By Feb. 26, 2024
  • The exterior of the Department Health and Human Services headquarters.
    Image attribution tooltip
    Alex Wong via Getty Images
    Image attribution tooltip

    HHS reaches second-ever ransomware settlement

    A mental healthcare provider didn’t have sufficient protections in place before a ransomware attack exposed the protected health information of more than 14,000 people, according to the HHS’ Office for Civil Rights.

    By Emily Olsen • Feb. 22, 2024
  • Drone shot of a massive container ship arriving in the Port of Long Beach, California.
    Image attribution tooltip
    halbergman via Getty Images
    Image attribution tooltip

    Biden administration issues executive order on port cybersecurity

    The order will transfer crane manufacturing back to the U.S., amid concerns about potential cyber risk to port facilities, maritime transportation and threats from China.

    By Feb. 21, 2024
  • Image attribution tooltip
    Anna Moneymaker via Getty Images
    Image attribution tooltip

    LockBit operations dismantled following international takedown

    An international group of law enforcement partners seized the infrastructure of the prolific ransomware group, obtaining decryption keys along the way. 

    By Feb. 20, 2024
  • Grunge flags illustration of three countries with conflict and political problems (cracked concrete background) | USA, China and Russia
    Image attribution tooltip
    Barks_japan via Getty Images
    Image attribution tooltip

    FBI-led operation disrupts botnet controlled by state-linked Forest Blizzard

    Russia’s GRU-backed group exploited hundreds of vulnerable routers to conduct spear phishing and credential harvesting attacks against U.S. targets.

    By Feb. 16, 2024
  • Creative image depicting a ransomware attack.
    Image attribution tooltip
    iStock / Getty Images Plus via Getty Images
    Image attribution tooltip

    State Department puts $10M bounty on AlphV ransomware group

    The prolific ransomware group and its affiliates are behind some of the most high-profile attacks in the last year.

    By Feb. 15, 2024
  • Sphere venue in Las Vegas.
    Image attribution tooltip
    Greg Doherty via Getty Images
    Image attribution tooltip

    CISA blitzes Super Bowl with cyber campaign as businesses fumble security

    CISA brought its Secure Our World initiative to Las Vegas, for the biggest annual event in sports. Will anyone heed the advice?

    By Feb. 9, 2024
  • National Cyber Director Harry Coker speaks in Washington.
    Image attribution tooltip
    Permission granted by Information Technology Industry Council
    Image attribution tooltip

    National cyber director urges private sector collaboration to counter nation-state cyber threat

    Harry Coker said the Biden administration is exploring plans to hold manufacturers accountable for poor security, while also working to harmonize regulations.

    By Feb. 9, 2024
  • A picture of the exterior of the US Department of Health and Human Services. In front of the building is a black sign designating the building's name.
    Image attribution tooltip
    Alex Wong via Getty Images
    Image attribution tooltip

    HHS settles cybersecurity investigation with Montefiore Medical Center

    The nonprofit will pay $4.75 million to settle allegations that data security failures allowed an employee to steal and sell the protected health information of thousands of patients.

    By Emily Olsen • Feb. 8, 2024
  • FBI Director Chris Wray speaks at a House Select Committee hearing on Volt Typhoon. CISA Director Jen Easterly and NSA Director Gen. Paul Nakasone look on.
    Image attribution tooltip
    Kevin Dietsch via Getty Images
    Image attribution tooltip

    CISA, FBI confirm critical infrastructure intrusions by China-linked hackers

    Federal agencies urged critical infrastructure providers and tech manufacturers to take immediate action to protect against malicious threat activity from Volt Typhoon.

    By Feb. 7, 2024
  • Coin stack on international banknotes with house model on table.
    Image attribution tooltip
    Zephyr18 via Getty Images
    Image attribution tooltip

    Mortgage industry attack spree punctuates common errors

    Attacks against Mr. Cooper Group, Fidelity National Financial, First American Financial and loanDepot impacted operations and put customers in a bind.

    By Feb. 6, 2024
  • Close up of Gary Gensler speaking during a senate hearing
    Image attribution tooltip
    Kevin Dietsch/Getty Images via Getty Images
    Image attribution tooltip

    Business, technology groups back SolarWinds motion to dismiss SEC charges

    Former U.S. cybersecurity officials and a group of current and former CISOs warned the fraud suit against SolarWinds could chill intel sharing from the private sector.

    By Feb. 5, 2024
  • M&A, merger due diligence
    Image attribution tooltip
    NicoElNino via Getty Images
    Image attribution tooltip

    Blackbaud settles FTC data security probe into 2020 ransomware attack

    The company is required to delete unnecessary data and inform the agency of future breaches. 

    By Feb. 2, 2024
  • Oil Or Gas Transportation With Blue Gas Or Pipe Line Valves On Soil And Sunrise Background
    Image attribution tooltip
    onurdongel via Getty Images
    Image attribution tooltip

    China-linked hackers primed to attack US critical infrastructure, FBI director says

    Christopher Wray and other top cybersecurity officials warned state-linked hackers are prepositioning for catastrophic attacks to distract from a potential military action. 

    By Feb. 1, 2024
  • A photo of the White House.
    Image attribution tooltip
    PorqueNoStudios/iStock via Getty Images
    Image attribution tooltip

    White House rejects efforts to undo SEC cyber disclosure rule

    President Joe Biden would veto the joint resolution that aims to strip the agency’s authority to require companies to disclose cyber incidents and governance processes, the administration said Wednesday.

    By Jan. 31, 2024
  • The U.S. Capitol Building at night with lightning in the background.
    Image attribution tooltip
    Naomi Eide/Cybersecurity Dive
    Image attribution tooltip

    What’s ahead for cybersecurity in 2024

    A steady stream of threats and new regulations have executives tiptoeing around how to best detail security incidents.

    By Jan. 31, 2024
  • Gary Gensler speaks with his hand outstretched, seated before a microphone.
    Image attribution tooltip
    Win McNamee via Getty Images
    Image attribution tooltip

    In 2024, the cybersecurity industry awaits more regulation — and enforcement

    Private sector companies and critical infrastructure providers will face unprecedented demands for product security, intelligence sharing and transparency on data security.

    By Jan. 31, 2024
  • Interior of Progress Software's office in Rotterdam, Netherlands.
    Image attribution tooltip
    Retrieved from Progress Software on January 18, 2024
    Image attribution tooltip

    MOVEit liabilities mount for Progress Software

    The company revealed multiple government investigations are underway into the MOVEit vulnerability. It’s also party to more than 100 class-action lawsuits.

    By Jan. 30, 2024
  • Creative image depicting a ransomware attack.
    Image attribution tooltip
    iStock / Getty Images Plus via Getty Images
    Image attribution tooltip

    Will the movement to ban ransom payments gain steam in 2024?

    Policies and regulations around ransomware payments are widely expected to change in 2024, but how and to what effect remains in flux.

    By Jan. 23, 2024
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA issues emergency directive for federal agencies to mitigate Ivanti vulnerabilities

    Civilian agencies are under threat following a surge in nation-state linked exploitation of Ivanti Connect Secure and Ivanti Policy Secure devices.

    By Jan. 19, 2024
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA’s 1,200 pre-ransomware alerts saved organizations millions in damages

    The federal agency’s early warning system notified organizations across multiple critical infrastructure sectors of potential impending attacks.

    By Jan. 19, 2024
  • Rendering of digital data code in safety security technology concept.
    Image attribution tooltip
    iStock/Getty Images Plus via Getty Images
    Image attribution tooltip

    5 cybersecurity trends to watch in 2024

    Preventative measures remain woefully unmet, the scourge of ransomware is as bad as its ever been, and a wave of new incident reporting and compliance regulations are taking hold. Buckle up, 2024 is here.

    By , Jan. 10, 2024
  • CISA Director Jen Easterly speaks at Carnegie Mellon University urging the tech industry to embrace secure-by-design product development.
    Image attribution tooltip
    Permission granted by Carnegie Mellon University
    Image attribution tooltip

    CISA seeks comment on secure by design principles to boost global software security

    The agency issued an RFI seeking industry input on costs, how to incorporate security into higher education and how to reduce recurring security vulnerabilities.

    By Dec. 21, 2023