Insider threat environment faces challenges amid changing corporate landscape

As remote work becomes permanent and employee turnover rises, companies face additional challenges in protecting sensitive data, according to a panel discussion at Mandiant Cyber Defense Summit.

By David Jones • Oct. 6, 2021

NIST urges supply chain to include cyber in risk management

Industries that rely heavily on technology are the best at incorporating cyber in their supply chain risk management plans, according to NIST's Jon Boyens.

By Samantha Schwartz • Oct. 5, 2021

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

Healthcare workers concerned with cybersecurity amid burnout and pandemic woes

Nearly three-quarters of healthcare professionals are concerned that patient health information is being sent through unsecured tools, according to a new survey from hospital communications firm Spok.

By Shannon Muchmore • Oct. 1, 2021

Digitization costs manufacturing plants 'the luxury of isolation,' changing risk management

OT organizations transition from site-level best practices to overall best practices, and move plant operations into an enterprise SOC.

By Samantha Schwartz • Oct. 1, 2021

With remote work, any employee could be an insider threat. How is CISA mitigating the risk?

CISA released a self-assessment tool which organizations can use to generate reports on their tolerance and capabilities for preventing insider threats. 

By Samantha Schwartz • Sept. 30, 2021

Remote work had little effect on employees' password habits: report

Employees are still reusing credentials, as vendors explore a passwordless future, according to a report from LastPass' Psychology of Passwords.

By Samantha Schwartz • Sept. 24, 2021

Enterprises plan major investments as remote work escalates security risk: report

Companies face significant challenges in managing security as the work-from-home model moves from an emergency stopgap to a more permanent environment. 

By David Jones • Sept. 22, 2021

Is there too much transparency in cybersecurity?

Between information sharing, software accountability, or incident response and disclosures, companies have to find the disclosure sweet spot.

By Samantha Schwartz • Sept. 21, 2021

What to know about software bill of materials

The Biden administration wants more transparency in the software supply chain. Will private industry join in?

By Samantha Schwartz • Sept. 20, 2021

Companies must develop operational plan for ransomware recovery

In the face of more frequent and sophisticated attacks, companies need to identify their most critical assets and work to limit cyberattack fallout.

By David Jones • Sept. 17, 2021

Companies confident in cybersecurity despite growing threats: report

There's a perception of "safety in numbers," Beazley's survey found. "Time will tell if such high levels of confidence are well placed."

By Samantha Schwartz • Sept. 16, 2021

Boards rethink incident response playbook as ransomware surges

Corporate boards are no longer rubber-stamping assurances from CIOs or CISOs but are bringing in outside experts, asking more questions and preparing for the risk of personal liability.

By David Jones • Sept. 15, 2021

How companies can defend against credential theft

Unique passwords are the best defense against credential stuffing. But users, unless forced to act differently, will stick with what makes access easy.

By Sue Poremba • Sept. 14, 2021

InfoSec teams under pressure to compromise security for productivity: report

Younger workers are fueling a backlash against corporate security policies designed to protect companies from malicious attacks, a study from HP Wolf Security shows.

By David Jones • Sept. 9, 2021

What ransomware negotiations look like

Fear can overwhelm the decision of whether to pay a ransom. But in negotiations, companies have to take a backseat.

By Samantha Schwartz • Sept. 9, 2021

Are you ready for the second wave of digital transformation?

In the second wave of digital transformation, understanding Insider Risk is more important than ever.  

Sept. 7, 2021

Behind the Firewall: What to do if your vendor has a security incident

A vendor with a checkered past with security incidents is not automatically disqualified from future contracts. Rather, there is a playbook for due diligence.

By Naomi Eide , Samantha Schwartz • Sept. 3, 2021

IT-OT crossover relitigates who is responsible for ICS security

If companies can effectively combine their IT and OT SOCs, they could be better equipped to uncover a fuller view of the kill chain.

By Samantha Schwartz • Sept. 2, 2021

What cyber insurance CEOs want to see from customers

Insurers joined high-profile CEOs at the White House summit last week to discuss how to improve national cybersecurity. For one insurance CEO, the industry needs three points of improvement.

By Samantha Schwartz • Aug. 31, 2021

Why a ban on ransom payments will not work

Those most impacted by an attack are motivated to pay. In some cases, it's not the victim company but its customers who want service restored.

By Samantha Schwartz • Aug. 27, 2021

Companies are investing in security operations but limited by talent gaps

For some CISOs, the onus to attract talent is on them and the standards they make. 

By Samantha Schwartz • Aug. 25, 2021

Why most companies don't understand speed is vital to cybersecurity

In cybersecurity folk wisdom, frequent releases are scary and the foundation for security failure. Why is there this disconnect between cybersecurity superstition and reality?

By Kelly Shortridge • Aug. 24, 2021

In the event of a cyber incident, think like a lawyer

While security professionals may not be deeply involved in the legal aspects of a cyber incident, they have to be aware of attorney-client privileges.

By Samantha Schwartz • Aug. 17, 2021

Behind the Firewall: Security investments that will stick post-pandemic

As long-term strategies for remote work solidify, VPNs, EDR and other tools are here to stay.

By Katie Malone , Samantha Schwartz • Aug. 16, 2021

Should healthcare organizations pay to settle a ransomware attack?

The decision goes beyond finances: In healthcare, it's a moral judgement, too.  "I don't think there's a single yes or no," said Michael Coates, former Twitter CISO.

By Rebecca Pifer • Aug. 13, 2021