CISA director urges tech industry to take responsibility for secure products

Industry can no longer blame and shame customers who are victims of sophisticated attacks, Jen Easterly said.

By David Jones • Feb. 27, 2023

Google backs federal push for tech to embrace ‘secure by design’

CISA has urged the technology industry to develop more resilient products before they reach customers.

By David Jones • Feb. 15, 2023

National cyber director to retire this month

Chris Inglis, the president’s top cyber policy advisor, is stepping down as the nation awaits the unveiling of the National Cyber Strategy.

By David Jones • Feb. 9, 2023

Corporate boards struggle to understand cybersecurity and digital transformation

Boards are trying to navigate the ever-evolving threat landscape as federal regulators plan additional breach disclosure rules.

By David Jones • Feb. 6, 2023

Companies face data privacy maze, skills gap

New state privacy laws coming into effect could add pressure for companies trying to navigate the changing regulatory landscape. 

By Alexei Alexis • Feb. 1, 2023

CISA’s public-private cyber collaborative to focus on energy, water

The Joint Cyber Defense Collaborative dedicated its 2023 agenda to particularly vulnerable sectors and open source use in industrial systems. 

By David Jones • Jan. 27, 2023

Threat actors are using remote monitoring software to launch phishing attacks

A joint warning from CISA, the NSA and MS-ISAC warns APT actors could leverage legitimate tools using help-desk themed lures to gain persistence. 

By David Jones • Jan. 26, 2023

CISA issues baseline cybersecurity recommendations for K-12 schools

Insufficient funding and IT staffing levels make many CISA recommendations difficult for K-12 schools to achieve.

By Matt Kapko • Jan. 26, 2023

World Economic Forum officials warn global instability could lead to catastrophic cyber event

A report released at the WEF said top business leaders and security experts fear heightened geopolitical tensions could result in a major attack in the next two years.

By David Jones • Jan. 19, 2023

SEC aims to tighten cybersecurity, climate rules before May

The agency aims in early 2023 to complete several new regulations, many of them focused on increasing disclosures for investors.

By Jim Tyson • Jan. 17, 2023

CISA’s 2022 highlight reel details progress and potential for security coordination

The agency acted on 2,609 cyber incidents and produced 416 vulnerability advisories in 2022.

By Matt Kapko • Jan. 17, 2023

Surging cyberthreats, data concerns remain top dispute risks for organizations

A survey from Baker McKenzie shows a heightened risk of legal challenges amid a rise in sophisticated cyberattacks, along with concerns about the regulatory response. 

By David Jones • Jan. 12, 2023

FCC revives push to speed up telecom incident disclosures

Telecom operators are a primary target for threat actors. A change to breach reporting rules is long overdue, one analyst said.

By Matt Kapko • Jan. 10, 2023

Tech priorities out of sync with security needs, CISA director says

As long as priorities and incentives are misaligned, security and safety needs will remain unmet. “We can’t just let technology off the hook,” Jen Easterly said.

By Matt Kapko • Jan. 9, 2023

National Cyber Director eyes retirement: report

The inaugural cybersecurity chief at the White House assumed the role in June 2021 following a nearly three decade career at the NSA.

By Matt Kapko • Dec. 22, 2022

Despite enforcement delays, attorneys urge preparation for AI, privacy laws

New legislation extends to employers with applicants or workers who are residents of New York City or California — and may be a harbinger of what’s to come elsewhere.

By Ginger Christ • Dec. 21, 2022

NIST bids adieu to SHA-1 cryptographic algorithm

The widely used security specification has been insufficient since 2005, and won't fully sunset until 2030.

By Matt Kapko • Dec. 16, 2022

Google stresses unmet need for software supply chain security

The open source software ecosystem remains vulnerable, and fragmented efforts could stifle progress, according to Google.

By Matt Kapko • Dec. 8, 2022

Cyber Safety Review Board to probe Lapsus$ ransomware spree

Following an inaugural review of Log4j, the board will investigate the threat actor’s prolific campaign of cyber extortion against major companies, including Uber, T-Mobile and Nvidia.

By David Jones • Dec. 2, 2022

FCC bans imports of telecom gear from China-based companies

The latest in a series of orders aligns the agency’s equipment authorization process with national security policies.

By Matt Kapko • Nov. 28, 2022

Defense Department launches zero trust, phasing out perimeter defense strategy

Private sector partners say the rollout will raise the security bar to better protect the entire defense industry ecosystem.

By David Jones • Nov. 23, 2022

Offshore oil and gas at risk of potentially catastrophic cyberattack: GAO

A report warns the industry could see an attack that rivals the deadly 2010 Deepwater Horizon disaster and urges Interior Department officials to stand up safeguards.

By David Jones • Nov. 18, 2022

Iran-linked threat actors exploiting Log4Shell via unpatched VMware, feds warn

The actors compromised a federal civilian agency, CISA and the FBI said. Authorities warned VMware users to assume breach and hunt for threats if they skipped patches or workarounds.

By David Jones • Nov. 16, 2022

Critical infrastructure providers ask CISA to place guardrails on reporting requirements

Top companies and industry groups fear incident reporting mandates would overwhelm CISA with noise. 

By David Jones • Nov. 16, 2022

Why privacy professionals should work closely with company engineers

Transcend's general counsel, Brandon Wiebe, said the increasingly technical nature of data privacy regulations requires cross-functional collaboration. 

By Lyle Moran • Nov. 14, 2022