Face it, password policies and managers are not protecting users

Passwords haven’t worked as a solid security strategy in a long time. The policies are there, so why are passwords security’s weak spot?

By Sue Poremba • Nov. 7, 2022

How to implement an effective system to address third-party risk

Current processes for assessing and managing third-party cybersecurity risks are cumbersome and ineffective. CISOs must adopt new principles to address business exposure.

By Sam Olyaei • Nov. 7, 2022

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

CISA demystifies phishing-resistant MFA

The “gold standard” safeguard isn’t a one-size-fits-all or all-or-nothing endeavor. For most organizations, a phased approach works best.

By Matt Kapko • Nov. 4, 2022

NIST seeks water industry feedback on boosting cyber resilience

The Biden administration is turning its security attention to the water and wastewater treatment industry, which has become vulnerable to cyberattacks as facilities grow more digital.

By David Jones • Nov. 4, 2022

Industrial providers ramp up cyber risk posture as OT threats evolve

The majority of industrial organizations have increased OT security budgets and conducted security audits but aging technology and staffing woes persist, a new report found. 

By David Jones • Oct. 31, 2022

‘Point solutions just need to die’: The end of the one-trick security tool

The deconstruction of security products has foisted many avoidable challenges upon organizations and the industry at large.

By Matt Kapko • Oct. 31, 2022

Microsoft security business surges as cloud segment hit by slumping economy

Higher energy costs and the macro economic slowdown is impacting the company’s cloud segment, while it continues to grow its enterprise security business.

By David Jones • Oct. 26, 2022

Help wanted for 3.4M jobs: Cyber workforce shortage is an acute, worldwide problem

Research from (ICS)2 shows an ongoing skills gap in the information security space is under greater pressure than before.

By David Jones • Oct. 24, 2022

4 security predictions from Google’s cyber leaders

The hopeful forecasts aren’t exclusive to Google’s cybersecurity experts. Many believe the industry is poised to deliver on its mission with greater efficiency and effect.

By Matt Kapko • Oct. 21, 2022

4 ways Target dynamically tracks the most alarming threats

The retailer’s threat analysts identify stakeholders and map adversaries’ intents and capabilities. The company notes it’s also important to not treat all threats equally.

By Matt Kapko • Oct. 20, 2022

Uber ex-CSO verdict raises thorny issues of cyber governance and transparency

The former chief security officer of the ride-sharing firm is seen by many as a scapegoat for an unsupervised and unaccountable corporate culture.

By David Jones • Oct. 19, 2022

Cybersecurity spending on pace to surpass $260B by 2026

Gartner pinned annual double-digit growth on three transitionary megatrends: remote work, zero trust network access, and the cloud.

By Matt Kapko • Oct. 18, 2022

Mandiant CEO pledges to automate threat intel under Google

Google’s chops in artificial intelligence, cloud computing and analytics play a central role in Mandiant’s emboldened vision.

By Matt Kapko • Oct. 17, 2022

As cybersecurity threats rage, colleges invest in risk prevention and pay higher insurance premiums

Cyber insurance policy renewal price increases are typically between 40% and 60%, with some increases hitting the triple digits, S&P said.

By Rick Seltzer • Oct. 14, 2022

4 tips to protect IT employees from phishing attacks

No one is perfect, and that includes your IT professionals. Here's what security experts say could help mitigate human error.

By Lindsey Wilkinson • Oct. 14, 2022

Signs of stability emerge in turbulent cyber insurance market

Rates continue to soar, but Marsh research shows the pace of increases is slowing. 

By Naomi Eide • Oct. 13, 2022

Microsoft’s CISO on why cloud matters for security response

Cloud can give companies insight into current and future threats as the landscape grows more complex, said Bret Arsenault.

By Roberto Torres • Oct. 12, 2022

Mandiant propels Google Cloud’s security prospects

With Mandiant officially under his wing, Google Cloud CISO Phil Venables expects the incident responders to help Google become a proactive force.

By Matt Kapko • Oct. 11, 2022

What is phishing-resistant multifactor authentication? It’s complicated.

Physical keys with cryptographic protocols can deliver higher levels of assurance, but organizations shouldn’t conflate resistance with infallibility.

By Matt Kapko • Oct. 10, 2022

CISOs, corporate boards in wide disagreement on cyber resilience

A study backed by researchers from MIT shows corporate boards are more focused on cyber risk, but are out of alignment with CISOs on key issues. 

By David Jones • Oct. 10, 2022

Cybersecurity needs a statewide approach, report finds

Research from Deloitte and state CIOs shows cities often hesitate to work with states on cybersecurity to protect their autonomy, but local government cyber grants could change that. 

By Michael Brady • Oct. 10, 2022

Multifactor authentication is not all it’s cracked up to be

Text message and email-based authentication aren’t just the weakest variants of MFA. Cybersecurity professionals say they are broken.

By Matt Kapko • Oct. 5, 2022

Why user experience is essential to identity protection

Organizations must strike a delicate balance between maximizing end-user protection and minimizing the security-related obstacles.

By Kapil Raina • Oct. 5, 2022

Security to take an outsized role in IT spending in 2023

“If you look across all of these categories, security is a line item in all of them,” Spiceworks Ziff Davis’ Peter Tsai said.

By Matt Ashare • Oct. 4, 2022

C-suite, boards are prioritizing cybersecurity, but still expect increased threats

Senior executives around the world are taking risk management more seriously, PwC research found, but many are still concerned about business resilience.

By David Jones • Sept. 30, 2022