CISA updates ransomware guide 3 years after its debut

The #StopRansomware guide, updated in partnership with the FBI, NSA and MS-ISAC, reflects aggressive new techniques used by threat actors, including double extortion.

By David Jones • May 24, 2023

Critical infrastructure security spending to grow 83% by 2027: ABI Research

Analysts forecast cybersecurity spending among critical infrastructure organizations to grow from an estimated $129 billion in 2022 to almost $236 billion by 2027.

By Matt Kapko • May 19, 2023

Why and how to report a ransomware attack

The majority of ransomware attacks go unreported, creating a blind spot that hampers response, recovery efforts and the prevention of future attacks.

By Matt Kapko • May 18, 2023

House hearing details cyber resilience efforts for energy, water and healthcare

Officials from the Department of Health and Human Services, Environmental Protection Agency and the Department of Energy testified how sector agencies are responding to rising threats.

By David Jones • May 17, 2023

Flood of ransom payments continues as officials mull ban

The revived debate over the viability of a ransom payment ban comes down to the cost ransomware is causing organizations globally.

By Matt Kapko • May 11, 2023

CISA director wary of technology industry repeating its mistakes with AI

The multibillion-dollar cybersecurity industry is the result of misaligned incentives, where speed-to-market outranked security, Jen Easterly said. 

By Naomi Eide • May 11, 2023

Walden says cybersecurity strategy mostly well-received

The acting national cyber director says common ground exists in certain areas, but a great deal of work remains.

By David Jones • May 10, 2023

White House considers ban on ransom payments, with caveats

Experts suggest the effort, a reversal from the administration's previous stance, is fraught with complications that could cause unintended consequences.

By Matt Kapko • May 8, 2023

Former Uber CSO avoids prison time for ransomware coverup

Joseph Sullivan was convicted last year after covering up a cyberattack while the ride sharing firm was under a Federal Trade Commission probe.

By David Jones • May 5, 2023

Most open source maintainers still consider themselves hobbyists, despite compensation pledges

A study by Tidelift shows a compensation gap for the key producers of open source applications, raising questions about how to properly secure software supply chains.

By David Jones • May 2, 2023

CISA seeks public comment on software security attestation form

The release is part of a larger effort by the Biden administration to strengthen software security at the development stage.

By David Jones • April 28, 2023

Acting National Cyber Director downplays reports of interagency strife

There’s been no sign of tension between U.S. cybersecurity officials during Kemba Walden’s tenure, at least from her perspective.

By Matt Kapko • April 27, 2023

White House to share roadmap for national cyber strategy implementation this summer

Acting National Cyber Director Kemba Walden said the strategy is built to have a 10-year shelf life, allowing for flexibility as new technologies and threats emerge. 

By Matt Kapko • April 26, 2023

Software industry leaders debate real costs and benefits of CISA security push

The global effort to promote secure by design is seen as a potential game changer for software security, but may require substantial investments and considerable cultural changes.

By David Jones • April 14, 2023

Explore the core tactics of secure by design and default

The international joint guide encapsulates security recommendations long-touted by CISA, including technical tactics for software and infrastructure design and best practices for default security measures at large.

By Matt Kapko • April 13, 2023

CISA, partner agencies unveil secure by design principles in historic shift of software security

Authorities are engaging key stakeholders, but there is a broad understanding that these proposed changes will require massive changes in industry culture.

By David Jones • Updated April 13, 2023

CISA to unveil secure-by-design principles this week amid push for software security

The Biden administration plans to shift responsibility for product safety to the tech industry. Stakeholder discussions are already underway.  

By David Jones • April 12, 2023

Biden cyber officials see auto, food safety as models for security overhaul

The push to hold technology stakeholders liable for secure-by-design products will be a multiyear effort likely to involve Congress, the acting national cyber director said.

By David Jones • April 10, 2023

White House eyes the next frontier of cybersecurity — space

The focus comes more than a year into the Ukraine war, which led to nation state attacks on commercial satellites.

By David Jones • March 30, 2023

The proposed SEC cyber incident disclosure rule is a positive change. But it won’t make organizations safer.

If organizations want to actually get serious about protecting themselves, they need to have a robust system for handling incidents when they happen.

By Frank Shultz • March 27, 2023

US looks to reimagine cybersecurity paradigm with burden shift, rebuilt infrastructure

Security needs to be baked into the technology Americans use every day and not bolted onto aging systems, said Kemba Walden, acting national cyber director.

By David Jones • March 24, 2023

5 steps organizations can take to counter IAM threats

Many organizations lean on identity and access management tools to perform credential management and authentication. But these systems aren’t foolproof.

By Matt Kapko • March 24, 2023

CISA director urges top business leaders, board members to take cyber risk ownership

Jen Easterly said the government cannot solve challenges posed by rising threat activity without active participation and corporate oversight from the private sector.

By David Jones • March 24, 2023

FTC opens inquiry into cloud market competition, security

As consolidation among hyperscalers grows, federal authorities are raising concerns over cloud dependence in critical sectors.

By Matt Ashare • March 23, 2023

CISA revises cybersecurity performance goals

After months of feedback from stakeholders, the agency made changes to better align with the NIST framework and update language on MFA.

By David Jones • March 22, 2023