Strategy: Page 2

Samantha Schwartz/Cybersecurity Dive

Mandiant CEO: 3 threats that changed cybersecurity in 2020

CISOs getting comfortable in a more operational role were met with unprecedented cyberattacks — implants, zero days and ransomware — within the last year and a half.
By Samantha Schwartz • Oct. 6, 2021
Carl Court via Getty Images

Insider threat environment faces challenges amid changing corporate landscape

As remote work becomes permanent and employee turnover rises, companies face additional challenges in protecting sensitive data, according to a panel discussion at Mandiant Cyber Defense Summit.
By David Jones • Oct. 6, 2021
Explore the Trendline➔

"WOCinTech Chat" by WOCinTech Chat is licensed under CC BY 2.0

Trendline

Securing remote work

It's not just remote work businesses have to secure. As companies plot office returns, security practitioners have to protect a hybrid environment, defending remote and in-person workers alike.
By Cybersecurity Dive staff
Markus Spiske

NIST urges supply chain to include cyber in risk management

Industries that rely heavily on technology are the best at incorporating cyber in their supply chain risk management plans, according to NIST's Jon Boyens.
By Samantha Schwartz • Oct. 5, 2021
Getty Images

Healthcare workers concerned with cybersecurity amid burnout and pandemic woes

Nearly three-quarters of healthcare professionals are concerned that patient health information is being sent through unsecured tools, according to a new survey from hospital communications firm Spok.
By Shannon Muchmore • Oct. 1, 2021
Ryan Golden/Cybersecurity Dive

Digitization costs manufacturing plants 'the luxury of isolation,' changing risk management

OT organizations transition from site-level best practices to overall best practices, and move plant operations into an enterprise SOC.
By Samantha Schwartz • Oct. 1, 2021
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images

With remote work, any employee could be an insider threat. How is CISA mitigating the risk?

CISA released a self-assessment tool which organizations can use to generate reports on their tolerance and capabilities for preventing insider threats.
By Samantha Schwartz • Sept. 30, 2021
Leon Neal via Getty Images

Remote work had little effect on employees' password habits: report

Employees are still reusing credentials, as vendors explore a passwordless future, according to a report from LastPass' Psychology of Passwords.
By Samantha Schwartz • Sept. 24, 2021
Photo by cottonbro from Pexels

Enterprises plan major investments as remote work escalates security risk: report

Companies face significant challenges in managing security as the work-from-home model moves from an emergency stopgap to a more permanent environment.
By David Jones • Sept. 22, 2021
Patrick Lux via Getty Images

Is there too much transparency in cybersecurity?

Between information sharing, software accountability, or incident response and disclosures, companies have to find the disclosure sweet spot.
By Samantha Schwartz • Sept. 21, 2021
Markus Spiske

What to know about software bill of materials

The Biden administration wants more transparency in the software supply chain. Will private industry join in?
By Samantha Schwartz • Sept. 20, 2021
Sean Gallup via Getty Images

Companies must develop operational plan for ransomware recovery

In the face of more frequent and sophisticated attacks, companies need to identify their most critical assets and work to limit cyberattack fallout.
By David Jones • Sept. 17, 2021
David Ramos via Getty Images

Companies confident in cybersecurity despite growing threats: report

There's a perception of "safety in numbers," Beazley's survey found. "Time will tell if such high levels of confidence are well placed."
By Samantha Schwartz • Sept. 16, 2021
Brendan Smialowski / Stringer via Getty Images

Boards rethink incident response playbook as ransomware surges

Corporate boards are no longer rubber-stamping assurances from CIOs or CISOs but are bringing in outside experts, asking more questions and preparing for the risk of personal liability.
By David Jones • Sept. 15, 2021
Bjork, Marten. Retrieved from Unsplash.

How companies can defend against credential theft

Unique passwords are the best defense against credential stuffing. But users, unless forced to act differently, will stick with what makes access easy.
By Sue Poremba • Sept. 14, 2021
Photo by cottonbro from Pexels

InfoSec teams under pressure to compromise security for productivity: report

Younger workers are fueling a backlash against corporate security policies designed to protect companies from malicious attacks, a study from HP Wolf Security shows.
By David Jones • Sept. 9, 2021
Permission granted by Screenshot via BlueVoyant

What ransomware negotiations look like

Fear can overwhelm the decision of whether to pay a ransom. But in negotiations, companies have to take a backseat.
By Samantha Schwartz • Sept. 9, 2021
iStock.com/pixelfit

Sponsored by Code42

Are you ready for the second wave of digital transformation?

In the second wave of digital transformation, understanding Insider Risk is more important than ever.
Sept. 7, 2021
Adeline Kon/Cybersecurity Dive

Column

Behind the Firewall: What to do if your vendor has a security incident

A vendor with a checkered past with security incidents is not automatically disqualified from future contracts. Rather, there is a playbook for due diligence.
By Naomi Eide , Samantha Schwartz • Sept. 3, 2021
"Kearny Generating Station September 2020" by King of Hearts is licensed under CC BY-SA 4.0

IT-OT crossover relitigates who is responsible for ICS security

If companies can effectively combine their IT and OT SOCs, they could be better equipped to uncover a fuller view of the kill chain.
By Samantha Schwartz • Sept. 2, 2021
Alex Wong via Getty Images

What cyber insurance CEOs want to see from customers

Insurers joined high-profile CEOs at the White House summit last week to discuss how to improve national cybersecurity. For one insurance CEO, the industry needs three points of improvement.
By Samantha Schwartz • Aug. 31, 2021
Sarah Silbiger via Getty Images

Why a ban on ransom payments will not work

Those most impacted by an attack are motivated to pay. In some cases, it's not the victim company but its customers who want service restored.
By Samantha Schwartz • Aug. 27, 2021
Photo by MART PRODUCTION from Pexels

Companies are investing in security operations but limited by talent gaps

For some CISOs, the onus to attract talent is on them and the standards they make.
By Samantha Schwartz • Aug. 25, 2021
gilaxia via Getty Images

Opinion

Why most companies don't understand speed is vital to cybersecurity

In cybersecurity folk wisdom, frequent releases are scary and the foundation for security failure. Why is there this disconnect between cybersecurity superstition and reality?
By Kelly Shortridge • Aug. 24, 2021
Joe Raedle via Getty Images

In the event of a cyber incident, think like a lawyer

While security professionals may not be deeply involved in the legal aspects of a cyber incident, they have to be aware of attorney-client privileges.
By Samantha Schwartz • Aug. 17, 2021
Adeline Kon/Cybersecurity Dive

Column

Behind the Firewall: Security investments that will stick post-pandemic

As long-term strategies for remote work solidify, VPNs, EDR and other tools are here to stay.
By Katie Malone , Samantha Schwartz • Aug. 16, 2021