Strategy


  • Image attribution tooltip
    iStock / Getty Images Plus via Getty Images

    Extracting portions of open source in software development threatens app security

    While companies employ safeguards to detect flaws in applications, the likelihood of organizations running a complete database of all the places a vulnerability lives is slim.

    By Jan. 19, 2022
  • Image attribution tooltip
    metamorworks via Getty Images

    Can SOAR technology help SOCs regain the advantage in threat detection?

    Google's acquisition of Siemplify has placed a focus on whether automation can help restore balance in the fight against sophisticated attackers.

    By Jan. 7, 2022
  • Trendline

    Securing remote work

    It's not just remote work businesses have to secure. As companies plot office returns, security practitioners have to protect a hybrid environment, defending remote and in-person workers alike. 

    By Cybersecurity Dive staff
  • Image attribution tooltip
    Sarah Silbiger via Getty Images

    Congressional cyber commission expires but work to continue with 'Solarium 2.0'

    Despite the commission's success, unfinished business includes setting up a joint collaborative environment, institutionalizing the Cyber Diplomacy Act, creating a bureau of cyber statistics, and codifying critical infrastructure.

    By Dec. 23, 2021
  • Image attribution tooltip
    South_agency via Getty Images

    Security teams prepare for the yearslong threat Log4j poses

    Industry is still investigating the full extent of the vulnerability, which limits the actions security teams can immediately take. 

    By Dec. 16, 2021
  • Image attribution tooltip
    Sarah Silbiger via Getty Images

    Long-expected cyber incident reporting rule loses ground once again

    The House's recently passed National Defense Authorization Act is set to advance to the Senate. But it omitted a key cyber rule: mandatory incident reporting. 

    By Dec. 10, 2021
  • Image attribution tooltip
    Stefani Reynolds / Stringer via Getty Images

    What incident reporting could look like

    Legislation could remove some of the complexity of overlapping standards when CISA's roles and authorities become more robust. 

    By Dec. 10, 2021
  • Image attribution tooltip
    Luke Sharrett via Getty Images

    TSA rolls out rail cyber requirements, targeting prevention and rapid response

    The directives, with immediate implementation expected, are primarily for higher-risk freight railroads, passenger rail, and rail transit, DHS said. 

    By Dec. 3, 2021
  • Image attribution tooltip
    Dan Kitwood via Getty Images

    Crypto becoming the preferred currency of cybercriminals and rogue governments

    Authorities are turning the tables on cybercriminals by tracing the steps of illicit transactions and making it more difficult for ransomware operators to evade detection.

    By Nov. 24, 2021
  • Image attribution tooltip
    iStock / Getty Images Plus via Getty Images

    What to consider when connecting cyber, business strategy

    The common issue security and business leaders run into is miscommunication, Gartner's Jeffrey Wheatman said.

    By Nov. 17, 2021
  • Image attribution tooltip
    Michael M. Santiago via Getty Images

    Banks outpace other industries in cyber investments, defense strategies: report

    The banking industry is actively investing in cyber defense and employing sound corporate governance practices to combat threats, Moody's found.

    By Nov. 15, 2021
  • Image attribution tooltip
    Poike via Getty Images

    Trust is becoming a CISO priority, boosts customer stickiness

    Customers are more likely to forgive a particular brand for putting data at risk if they trust the company, Forrester research shows.

    By Nov. 10, 2021
  • Image attribution tooltip
    Scott Olson via Getty Images

    ICS security investments blocked by management confusion

    Until cyber risks in operational technology are better understood — and IT and OT can overcome cultural differences — companies can stall additional investments.  

    By Nov. 10, 2021
  • Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images

    CISA wants to identify the most vulnerable critical infrastructure

    The agency is basing its analysis on economic and network centrality, as well as "logical dominance in the national critical functions," Director Jen Easterly said.

    By Nov. 1, 2021
  • Image attribution tooltip
    Spencer Platt via Getty Images

    Corporate boards, C-suite finally prioritize cyber after years of business risk

    Following a surge of supply chain attacks and ransomware over the past year, enterprise leaders are finally giving cybersecurity the attention it deserves.

    By Oct. 27, 2021
  • Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images
    Q&A

    A conversation with SolarWinds' CISO

    "Our CEO got a call in the morning from Kevin Mandia. And then he called me, and then the CTO for FireEye called me. That's our nightmare moment," Tim Brown told Cybersecurity Dive. 

    By Oct. 26, 2021
  • Image attribution tooltip

    stock.adobe.com/JacobLund

    Sponsored by Cybersource

    How businesses are tackling fraud in a digital-first reality

    With digital transactions and eCommerce continuing to grow in volume, successfully taking on fraud will require businesses to explore and rely on new tools and technologies.

    Oct. 25, 2021
  • Image attribution tooltip
    Christopher Furlong via Getty Images

    2022 could bring OT weaponization, ransomware laws, Gartner says

    In the last decade companies underwent digital transformation, with cloud taking over legacy solutions. But the same practices cannot be deployed year after year.

    By Oct. 21, 2021
  • Avoid paying ransoms, Gartner says. Instead, focus on situational awareness

    In the event of a ransomware attack, CISOs need to pause amid chaos and gain a better understand around steps to recovery. 

    By Oct. 20, 2021
  • Image attribution tooltip

    Photo by cottonbro from Pexels

    8 security and risk management trends to watch: Gartner

    The pandemic is still shaping security architecture and long-term decisions. In response, businesses are creating cyber mesh architectures and consolidating products.

    By Oct. 19, 2021
  • Image attribution tooltip
    Samantha Schwartz/Cybersecurity Dive

    The public needs to understand what's at stake with cyberattacks, DHS adviser says

    The Colonial Pipeline cyberattack was a "crisis of communication" between the company and consumers, Homeland Security Adviser Suzanne Spaulding said.

    By Oct. 15, 2021
  • Image attribution tooltip
    Sean Gallup via Getty Images
    Opinion

    How to secure the enterprise against REvil-style attacks

    There is no way to fully protect against advanced attacks such as zero-day vulnerabilities or nation-state threats — responding quickly is critical to minimizing damage.

    By Chris Silva • Oct. 12, 2021
  • Image attribution tooltip
    Brendan Smialowski / Stringer via Getty Images

    War room preparation key to ransomware response, experts say

    Companies need to assemble stakeholders ahead of an attack and be ready for potential fallout from litigation, reputational risk and operations disruption. 

    By Oct. 11, 2021
  • Image attribution tooltip
    Sarah Silbiger via Getty Images
    Deep Dive

    What's under the hood of a medical device? Software bill of materials hits inflection point

    President Joe Biden's executive order calls for SBOMs, and the FDA wants to require premarket submissions to have an inventory of third-party device components. AdvaMed is concerned the data could be exploited by hackers.

    By Greg Slabodkin • Oct. 11, 2021
  • Image attribution tooltip
    Courtesy of Colonial Pipeline Company

    Why CEOs become communication chiefs after a cyberattack

    When ransomware hit, the CEOs of Colonial Pipeline and Accellion paused their day-to-day duties. Their immediate new roles? Communication.

    By Oct. 7, 2021
  • Image attribution tooltip
    Samantha Schwartz/Cybersecurity Dive

    Mandiant CEO: 3 threats that changed cybersecurity in 2020

    CISOs getting comfortable in a more operational role were met with unprecedented cyberattacks — implants, zero days and ransomware — within the last year and a half.

    By Oct. 6, 2021