Strategy: Page 26
-
iStock / Getty Images Plus via Getty Images
Extracting portions of open source in software development threatens app security
While companies employ safeguards to detect flaws in applications, the likelihood of organizations running a complete database of all the places a vulnerability lives is slim.
By Samantha Schwartz • Jan. 19, 2022 -
metamorworks via Getty Images
Can SOAR technology help SOCs regain the advantage in threat detection?
Google's acquisition of Siemplify has placed a focus on whether automation can help restore balance in the fight against sophisticated attackers.
By David Jones • Jan. 7, 2022 -
Explore the Trendline➔
.shock via Getty Images
TrendlineRisk Management
An esclation of cyber risks facing businesses and government has made cyber resilience a major priority.
By Cybersecurity Dive staff -
Sarah Silbiger via Getty Images
Congressional cyber commission expires but work to continue with 'Solarium 2.0'
Despite the commission's success, unfinished business includes setting up a joint collaborative environment, institutionalizing the Cyber Diplomacy Act, creating a bureau of cyber statistics, and codifying critical infrastructure.
By Samantha Schwartz • Dec. 23, 2021 -
South_agency via Getty Images
Security teams prepare for the yearslong threat Log4j poses
Industry is still investigating the full extent of the vulnerability, which limits the actions security teams can immediately take.
By Samantha Schwartz • Dec. 16, 2021 -
Sarah Silbiger via Getty Images
Long-expected cyber incident reporting rule loses ground once again
The House's recently passed National Defense Authorization Act is set to advance to the Senate. But it omitted a key cyber rule: mandatory incident reporting.
By Samantha Schwartz • Dec. 10, 2021 -
Stefani Reynolds / Stringer via Getty Images
What incident reporting could look like
Legislation could remove some of the complexity of overlapping standards when CISA's roles and authorities become more robust.
By Samantha Schwartz • Dec. 10, 2021 -
Luke Sharrett via Getty Images
TSA rolls out rail cyber requirements, targeting prevention and rapid response
The directives, with immediate implementation expected, are primarily for higher-risk freight railroads, passenger rail, and rail transit, DHS said.
By Samantha Schwartz • Dec. 3, 2021 -
Dan Kitwood via Getty Images
Crypto becoming the preferred currency of cybercriminals and rogue governments
Authorities are turning the tables on cybercriminals by tracing the steps of illicit transactions and making it more difficult for ransomware operators to evade detection.
By David Jones • Nov. 24, 2021 -
iStock / Getty Images Plus via Getty Images
What to consider when connecting cyber, business strategy
The common issue security and business leaders run into is miscommunication, Gartner's Jeffrey Wheatman said.
By Samantha Schwartz • Nov. 17, 2021 -
Michael M. Santiago via Getty Images
Banks outpace other industries in cyber investments, defense strategies: report
The banking industry is actively investing in cyber defense and employing sound corporate governance practices to combat threats, Moody's found.
By David Jones • Nov. 15, 2021 -
Poike via Getty Images
Trust is becoming a CISO priority, boosts customer stickiness
Customers are more likely to forgive a particular brand for putting data at risk if they trust the company, Forrester research shows.
By David Jones • Nov. 10, 2021 -
Scott Olson via Getty Images
ICS security investments blocked by management confusion
Until cyber risks in operational technology are better understood — and IT and OT can overcome cultural differences — companies can stall additional investments.
By Samantha Schwartz • Nov. 10, 2021 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA wants to identify the most vulnerable critical infrastructure
The agency is basing its analysis on economic and network centrality, as well as "logical dominance in the national critical functions," Director Jen Easterly said.
By Samantha Schwartz • Nov. 1, 2021 -
Spencer Platt via Getty Images
Corporate boards, C-suite finally prioritize cyber after years of business risk
Following a surge of supply chain attacks and ransomware over the past year, enterprise leaders are finally giving cybersecurity the attention it deserves.
By David Jones • Oct. 27, 2021 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images
Q&AA conversation with SolarWinds’ CISO
"Our CEO got a call in the morning from Kevin Mandia. And then he called me, and then the CTO for FireEye called me. That's our nightmare moment," Tim Brown told Cybersecurity Dive.
By Samantha Schwartz • Oct. 26, 2021 -
stock.adobe.com/JacobLund
Sponsored by CybersourceHow businesses are tackling fraud in a digital-first reality
With digital transactions and eCommerce continuing to grow in volume, successfully taking on fraud will require businesses to explore and rely on new tools and technologies.
Oct. 25, 2021 -
Christopher Furlong via Getty Images
2022 could bring OT weaponization, ransomware laws, Gartner says
In the last decade companies underwent digital transformation, with cloud taking over legacy solutions. But the same practices cannot be deployed year after year.
By Samantha Schwartz • Oct. 21, 2021 -
Avoid paying ransoms, Gartner says. Instead, focus on situational awareness
In the event of a ransomware attack, CISOs need to pause amid chaos and gain a better understand around steps to recovery.
By Samantha Schwartz • Oct. 20, 2021 -
8 security and risk management trends to watch: Gartner
The pandemic is still shaping security architecture and long-term decisions. In response, businesses are creating cyber mesh architectures and consolidating products.
By Samantha Schwartz • Oct. 19, 2021 -
Samantha Schwartz/Cybersecurity Dive
The public needs to understand what's at stake with cyberattacks, DHS adviser says
The Colonial Pipeline cyberattack was a "crisis of communication" between the company and consumers, Homeland Security Adviser Suzanne Spaulding said.
By Samantha Schwartz • Oct. 15, 2021 -
Sean Gallup via Getty Images
OpinionHow to secure the enterprise against REvil-style attacks
There is no way to fully protect against advanced attacks such as zero-day vulnerabilities or nation-state threats — responding quickly is critical to minimizing damage.
By Chris Silva • Oct. 12, 2021 -
Brendan Smialowski / Stringer via Getty Images
War room preparation key to ransomware response, experts say
Companies need to assemble stakeholders ahead of an attack and be ready for potential fallout from litigation, reputational risk and operations disruption.
By David Jones • Oct. 11, 2021 -
Sarah Silbiger via Getty Images
Deep DiveWhat's under the hood of a medical device? Software bill of materials hits inflection point
President Joe Biden's executive order calls for SBOMs, and the FDA wants to require premarket submissions to have an inventory of third-party device components. AdvaMed is concerned the data could be exploited by hackers.
By Greg Slabodkin • Oct. 11, 2021 -
Courtesy of Colonial Pipeline Company
Why CEOs become communication chiefs after a cyberattack
When ransomware hit, the CEOs of Colonial Pipeline and Accellion paused their day-to-day duties. Their immediate new roles? Communication.
By Samantha Schwartz • Oct. 7, 2021 -
Samantha Schwartz/Cybersecurity Dive
Mandiant CEO: 3 threats that changed cybersecurity in 2020
CISOs getting comfortable in a more operational role were met with unprecedented cyberattacks — implants, zero days and ransomware — within the last year and a half.
By Samantha Schwartz • Oct. 6, 2021
Previous
