How common telecom cyber risks snowball in cloud, open source

Public cloud plays a central role in the modernization of wireless networks. But more open source software, vendors and vulnerabilities could spell trouble.

By Matt Kapko • Sept. 23, 2022

Morgan Stanley fined $35M by SEC over improper data disposal

The bank hired a company with no data-destruction experience to decommission hard drives and servers, which were sold to a third party and auctioned with some unencrypted customer data intact, the regulator found.

By Gabrielle Saulsbery • Sept. 21, 2022

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

Capital One freed from consent order tied to 2019 breach

The Office of the Comptroller of the Currency determined the bank had reached a level of “safety and soundness” no longer requiring extra oversight regarding a leak of 106 million customers’ data.

By Gabrielle Saulsbery • Sept. 20, 2022

White House guidance on third-party software seen as a major test of cyber risk strategy

The U.S. hopes that by forcing software producers to meet a set of minimum security standards for federal use, a new baseline strategy will be adopted industrywide. 

By David Jones • Sept. 19, 2022

Industrial control systems face more cyber risks than IT, expert testifies

Most ICS technology was designed more than 20 years ago and built without cyber resilience, Idaho National Laboratory's Vergle Gipson said. 

By David Jones • Sept. 16, 2022

CISA can’t definitively say if ransomware is getting better or worse

Organizations can be unwilling to notify government officials when ransomware intrusions occur, but that simple act might prevent the next attack.

By Matt Kapko • Sept. 15, 2022

White House sets minimum security standards for federal software use

The Office of Management and Budget is requiring agencies to get a self-attestation from software producers showing compliance with NIST guidance.

By David Jones • Sept. 14, 2022

US is shoring up gaps in cyber policy, but critical goals remain unfulfilled

Legislators say the Cyberspace Solarium Commission led to significant national security enhancements, but analysts are calling for urgent momentum on a federal law on data privacy and security.

By David Jones • Sept. 13, 2022

US Treasury sanctions Iran intelligence agency following Albanian government attack

The Treasury Department said Iran has engaged in malicious cyber activity against government and private sector organizations, including critical infrastructure targets, since at least 2007.

By David Jones • Sept. 12, 2022

CISA announces RFI for critical infrastructure cyber reporting mandate

The agency plans to publish the information request in the Federal Register on Monday and will kick off a national listening tour.

By David Jones • Sept. 9, 2022

How the US government’s cyber priorities will impact businesses

There is a high probability that enterprise leaders will need to comply with some level of federal cybersecurity requirements or guidance.

By Tim Mackey • Sept. 9, 2022

CISA Director: Tech industry should infuse security at product design stage

Agency director Jen Easterly outlined a push for faster incident reporting and closer industry collaboration.

By David Jones • Sept. 7, 2022

Feds push for developers to take lead in securing software supply chain

The guidelines from CISA and the NSA come amid a growing movement to “shift left” and evaluate software security earlier in the development cycle. 

By David Jones • Sept. 2, 2022

Twitter whistleblower claims may bolster federal privacy push

Bipartisan efforts to protect consumer information may gain momentum following allegations that Twitter failed to safeguard private data.

By Jim Tyson • Aug. 23, 2022

DOE to support development of ‘next-generation cyber tools’ to protect grid

The agency announced $45 million will be available for up to 15 “next-generation” cybersecurity research, development and demonstration projects.

By Robert Walton • Aug. 19, 2022

Zero trust adoption skyrockets, nearing universal adoption

A report from Okta shows organizations fully embracing zero-trust principles, as hybrid work requires long-term changes to identity management. 

By David Jones • Aug. 16, 2022

CISA director lauds first-year efforts of public-private cyber collaborative

One year into the Joint Cyber Defense Collaborative, Jen Easterly says the partnership has helped limit the scale of threats.

By David Jones • Aug. 15, 2022

US falters while ‘cybercriminals have been eating our lunch,’ ex-CISA chief Krebs says

A dizzying array of agencies and disorganized efforts bolsters Chris Krebs’ call for a cybersecurity governance overhaul.

By Matt Kapko • Aug. 12, 2022

Don’t count on government, tech vendors to fix security woes, former CISA chief Krebs says

The state of cybersecurity is bad and it’s going to get worse, Chris Krebs said at Black Hat. But somehow things might eventually get better.

By Matt Kapko • Aug. 10, 2022

Blockchain, privacy advocates push back on Tornado Cash sanctions

Groups are decrying the Treasury Department's virtual currency mixer sanctions, saying they harm the ability of crypto users to conduct secure and private transactions. 

By David Jones • Aug. 10, 2022

White House to incorporate performance metrics into national cybersecurity strategy

The Office of the National Cyber Director is working across multiple federal agencies and private sector partners to set priorities and assess effectiveness.

By David Jones • Aug. 5, 2022

US must take a lead role in cyber diplomacy, State Dept. nominee says

Nathaniel Fick told lawmakers the U.S. should promote international cyber norms to protect national security from authoritarian threats. 

By David Jones • Aug. 4, 2022

CISA expands cyber relationship with Ukraine authorities

The agreement formalizes closer ties between Ukraine and the key U.S. cybersecurity agency after the war with Russia led to increased threat activity. 

By David Jones • July 28, 2022

Uber reaches non-prosecution deal with feds after concealing data breach

The ride-sharing firm had been under investigation by the Federal Trade Commission, when the 2016 data breach occurred, an event undisclosed until new management entered the picture. 

By David Jones • July 26, 2022

Breach rule would give credit unions longer reporting window than banks

The 72-hour timeframe falls in line with the Critical Infrastructure Act that President Joe Biden signed in March, but is twice as long as the reporting window banks have had to comply with since May.

By Anna Hrushka • July 26, 2022