Microsoft overhauls cyber strategy to finally embrace security by default

The plan follows major backlash Microsoft experienced earlier this year for charging customers for additional security features. 

By David Jones • Nov. 3, 2023

Non-bank financial institutions must report data security breaches: FTC

The amendment to the FTC’s Safeguards Rule requires non-banking financial institutions to disclose data breaches within 30 days.

By Rajashree Chakravarty • Nov. 2, 2023

For the SEC, the fraud case against SolarWinds is a cybersecurity warning shot

Legal, risk management and cybersecurity experts say companies are now on notice to prioritize internal controls, investor transparency and material disclosure requirements.

By David Jones • Nov. 2, 2023

Global cybersecurity workforce grows, but still confronts shortfall of 4M people

Despite growing to 5.5 million professionals worldwide, a study by ISC2 shows the industry still needs millions of qualified workers to defend against rising digital threats.

By David Jones • Oct. 31, 2023

SEC charges SolarWinds, its CISO with fraud

The company allegedly misled investors regarding its cybersecurity practices and failed to disclose known risks, according to a complaint.

By David Jones • Updated Oct. 31, 2023

CISA targets software identification in push to boost supply chain security

The plan is part of a wider effort to boost software security using vulnerability management and SBOMs.

By David Jones • Oct. 27, 2023

Microsoft extends security log retention following State Department hacks

Government and private sector customers will be able to search cloud data records for malicious threat activity by default.

By David Jones • Oct. 23, 2023

FAIR Institute wants to quantify just how much a cyberattack costs

The risk-management body is trying to create a standard to estimate material cyber attack costs and help stakeholders better understand risk.

By Matt Kapko • Oct. 20, 2023

CISA launches new phase of Secure by Design to push global industry on software security

The agency plans an RFI on secure engineering, while adding guidance on AI security and emphasizing default security that does not require customer configurations.

By David Jones • Oct. 18, 2023

EPA rescinds rule to include cybersecurity in water system audits after legal challenge

The Biden administration said it will continue efforts to reduce cyber risk in critical infrastructure sectors.

By David Jones • Oct. 16, 2023

CISA’s top 10 misconfigurations reveal ‘systemic weaknesses’

Common mistakes including poor credential management, weak MFA and lackluster patching continue to harm large enterprises.

By Matt Kapko • Oct. 16, 2023

Federal agencies press OT/ICS providers on open-source security

The U.S. is scrutinizing the security of critical infrastructure providers, which are becoming more dependent on connected infrastructure.

By David Jones • Oct. 12, 2023

Progress Software’s financial hit from MOVEit cuts deeper

With insurance coverage dwindling, and class-action lawsuits and financial restitution claims piling up, more trouble could be on the way for the software company.

By Matt Kapko • Oct. 11, 2023

CISA pivots focus to China-linked threats against critical infrastructure

The agency now considers China the top nation-state threat, after a heavy emphasis on risks related to the Russia-Ukraine war.

By David Jones • Oct. 5, 2023

CISA furloughs will cut deep if government shuts down

The agency will have to operate with a skeleton staff, which will reduce assessments and other programs for underserved critical infrastructure sectors and private industry partners.

By David Jones • Sept. 29, 2023

Cisco routers abused by China-linked hackers against US, Japan companies

A longstanding group, identified as BlackTech, uses custom malware to evade detection and hack into international subsidiaries of U.S. and Japanese firms.

By David Jones • Sept. 28, 2023

CISA rolls dice on public service campaign to raise cyber awareness

The agency is hoping to get families and small businesses to adopt MFA, use stronger passwords and recognize phishing attacks.

By David Jones • Sept. 27, 2023

CISA urges use of memory safe code in software development

Unsafe programming languages, like C and C++, account for more than 70% of security vulnerabilities. 

By David Jones • Sept. 22, 2023

US is making headway on securing cyber infrastructure, commission says

While Cyberspace Solarium Commission leaders praised U.S. cybersecurity improvements, they said more work is needed to secure critical infrastructure.

By David Jones • Sept. 20, 2023

FBI director urges private sector to work with the agency on cyber threats

Christopher Wray told attendees at Mandiant’s mWISE 2023 private sector assistance contributed to the success of several recent operations.

By David Jones • Sept. 19, 2023

SEC cyber disclosure rules: What’s the role of the CIO?

CIOs are on the front lines of managing the IT estate, making them a critical part of rapid incident response. 

By Roberto Torres • Sept. 19, 2023

6 stories on how SEC’s cyber rules are changing security response

As enforcement of the rules takes effect later this year, themes around how and when businesses will disclose security incidents will emerge. 

By Naomi Eide • Sept. 15, 2023

White House, federal cyber leaders pledge renewed support for open source security

CISA released a roadmap for open source software security as industry officials convened to map out additional steps to protect federal agencies and the larger ecosystem.

By David Jones • Sept. 13, 2023

MGM Resorts discloses cyber incident in filing with SEC

Moody’s Investors Service called the cyber incident credit negative, and MGM is still taking steps to protect data and fully secure business operations. 

By David Jones • Sept. 13, 2023

White House mulls rating system to boost cybersecurity for critical infrastructure

Anne Neuberger, deputy national security advisor for cyber, told the Billington Cybersecurity Summit that a new ransomware summit is set and updated a consumer labeling push for IoT.  

By David Jones • Sept. 11, 2023