Cyberthreats dog the US supply chain, complicated by global competition

As companies acquire components and services, they need mechanisms to ensure backdoors are not lurking in their systems, experts at the Hack the Capitol 2021 conference said.

By David Jones • May 5, 2021

Relationships between DevOps, security warm slowly

Some hurdles stem from miscommunication, or balancing quick product releases with undesired security gaps, research from GitLab shows. 

By Samantha Schwartz • May 5, 2021

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

When bad actors target OT, risk is recalculated

Digital transformation is shrinking the gap between IT and OT, and organizations are called to factor diverse systems into risk calculations.

By Samantha Schwartz • May 4, 2021

XDR to succeed legacy technologies as emerging threats pressure security

Older SIEM and SOAR technologies are losing ground in a more sophisticated threat landscape, Forrester research shows.

By David Jones • May 3, 2021

CISOs call for holistic enterprise approach to third-party security risk

Companies need to consider operational resilience, and take a more focused approach in their evaluation processes.

By David Jones • April 21, 2021

Pfizer segmented IT/OT after a board-level security directive

The pharma company's IT and engineering organizations formed a combined security program in 2018, responsible for technology analysis and inventory.

By Samantha Schwartz • April 21, 2021

US companies plot return to office, raising questions on hybrid security

Remote workers are migrating to the corporate workspace, opening up a set of security challenges for CISOs. 

By David Jones • April 19, 2021

How IT can support security in the event of a cyberattack

CIOs and CISOs operate as separate jobs leading different departments, but with work that overlaps. Who leads what in the event of an attack can become muddled. 

By Jen A. Miller • April 13, 2021

How to support overworked, understaffed security operations

Strapped for resources, companies can either have their security practitioners wear too many hats, or outsource the responsibilities. 

By Samantha Schwartz • April 12, 2021

4 tools to fight fraud, counterfeits and cyberattacks in the COVID-19 vaccine supply chain

Visibility technologies and real-time data provide one version of the truth in a rapidly built supply chain.

By Deborah Abrams Kaplan • April 7, 2021

Why SMBs miss out on the white-glove cyber insurance advantage

Insurance companies spend less time with SMBs evaluating individual risk profiles, weakening a piece of the global cyber economy.

By Samantha Schwartz • April 5, 2021

Half of companies lack security to support cloud-based IAM: report

Almost all (98%) of IT executives report challenges with IAM sourced from the cloud, including lack of visibility and increased complexity.

By Katie Malone • April 1, 2021

Enterprises lag on firmware security spending in face of rising threat

IT security officials are often more worried about the difficulty of detecting malware threats, in part because firmware attacks are hard to catch, a Microsoft-commissioned report found. 

By David Jones • April 1, 2021

How tools impact cyber insurance premiums

From the day insurers write a policy through its term expiration, there is too much volatility for insurance providers to adequately capture risk.

By Samantha Schwartz • March 31, 2021

Companies use cloud to make network security easier

With the cloud taking over hardware and infrastructure security responsibilities, customers are free to handle application and software security.

By Samantha Schwartz • March 29, 2021

Operational threat intelligence leans on facts, less anecdotal evidence

Digesting threat intelligence looks different in IT environments than OT.

By Samantha Schwartz • March 25, 2021

As cyber insurers quantify risk, security spending provides little info

Quantifying risk appetite, an assessment insurance premiums are based on, is an imperfect science for providers and customers.

By Samantha Schwartz • March 24, 2021

Spending on IAM, zero trust to rise as companies extend remote work

The shift to remote work placed more pressure on IT and security departments to secure corporate data without interrupting productivity.

By David Jones • March 23, 2021

Prioritizing risk in M&A due diligence in the COVID-19 era, and beyond

Imagine acquiring a company with an infected network, and then connecting your company to that flawed network. That can introduce serious issues into a previously protected company. 

By Ray Rothrock • March 22, 2021

Information sharing works, but a key obstacle awaits: reluctance

The private sector owns the majority of the attack surface. Brand-name IT and security companies have the ability, and a degree of responsibility, to contribute their expertise to national defense.

By Samantha Schwartz • March 18, 2021

SolarWinds rethinks software builds, weeds out code disparities

An attacker would have to compromise two different environments to achieve the same attack on the same code if a company has reproducibility.

By Samantha Schwartz • March 17, 2021

Cloud security a shared responsibility. Where's the confusion?

The cloud meant replacing on-premise risks with a new kind risk. Some companies are unsure how to translate those responsibilities into actions.

By Samantha Schwartz • March 15, 2021

Federal $1.9 trillion relief bill clears path for more security, modernization funds

The appropriations in the law come as the federal government and private industry respond to two major hacks: SolarWinds and Microsoft Exchange.

By Samantha Schwartz • Updated March 11, 2021

White House prioritizes software security, assesses OT

"If you can't see a network quickly, you certainly don't have a prayer defending a network," said Deputy National Security Advisor Anne Neuberger.

By Samantha Schwartz • March 8, 2021

What OT security experts want from their IT counterparts

While IT and OT have been converging for more than a decade, the culture of cybersecurity is stuck in a silo, limiting the abilities of OT security practitioners.

By Samantha Schwartz • March 5, 2021