Strategy: Page 4
-
FAIR Institute wants to quantify just how much a cyberattack costs
The risk-management body is trying to create a standard to estimate material cyber attack costs and help stakeholders better understand risk.
By Matt Kapko • Oct. 20, 2023 -
Tech spend to hit milestone as businesses react to AI security scare
Gartner is projecting worldwide IT spend will top $5 trillion next year, and CIOs are investing more in security to curb concerns associated with AI and risk.
By Matt Ashare • Oct. 20, 2023 -
Trendline
Risk Management
Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues.
By Cybersecurity Dive staff -
Cyber venture capital funding on pace to hit four-year low
VC activity in cybersecurity reflects a pragmatic period in an industry oversaturated with vendors, Crunchbase data shows.
By Matt Kapko • Oct. 19, 2023 -
EPA rescinds rule to include cybersecurity in water system audits after legal challenge
The Biden administration said it will continue efforts to reduce cyber risk in critical infrastructure sectors.
By David Jones • Oct. 16, 2023 -
CISA’s top 10 misconfigurations reveal ‘systemic weaknesses’
Common mistakes including poor credential management, weak MFA and lackluster patching continue to harm large enterprises.
By Matt Kapko • Oct. 16, 2023 -
SMBs seek cyber training, support as attack risk surges
A report from Sage indicates SMBs face considerable obstacles to preventing cyberattacks when compared to larger, higher resourced enterprises.
By David Jones • Oct. 16, 2023 -
Federal agencies press OT/ICS providers on open-source security
The U.S. is scrutinizing the security of critical infrastructure providers, which are becoming more dependent on connected infrastructure.
By David Jones • Oct. 12, 2023 -
CISA pivots focus to China-linked threats against critical infrastructure
The agency now considers China the top nation-state threat, after a heavy emphasis on risks related to the Russia-Ukraine war.
By David Jones • Oct. 5, 2023 -
What to consider when choosing cybersecurity providers
While it might be easier for an organization to build its core cybersecurity system from one company, that may not provide the best option.
By Sue Poremba • Oct. 5, 2023 -
AWS kicks off cloud race to mandate MFA by default
The cloud giant will start requiring users with the highest level of privileges to use MFA starting in mid-2024. Google, in response, said it will mandate MFA for certain accounts this year.
By Matt Kapko • Updated Oct. 4, 2023 -
C-suite leaders to boost cybersecurity compliance amid SEC disclosure rule: Deloitte
Almost two-thirds of corporate executives plan to strengthen their respective programs, and push third-party vendors to take similar measures as new incident reporting rules begin.
By David Jones • Oct. 2, 2023 -
Cyber investments on pace to reach $215B in 2024: Gartner
The firm expects security services, the industry’s largest segment, to account for 42% of all spending and rise 11% to $90 billion next year.
By Matt Kapko • Oct. 2, 2023 -
Clorox resumes normal plant operations in the wake of cyberattack
The Pine-Sol maker said it was scaling up production to replenish inventories following an extended product shortage.
By David Jones • Oct. 2, 2023 -
Progress Software says business impact ‘minimal’ from MOVEit attack spree
While the company reported $951,000 in cyber incident and vulnerability response expenses for its third quarter, they represent just a sliver of its revenue.
By Matt Kapko • Sept. 28, 2023 -
Cisco’s big bet on Splunk accelerates market shifts
The AI-equipped SIEM and observability market isn’t Cisco’s for the taking, as opportunities abound for other vendors to claim share.
By Matt Kapko • Sept. 27, 2023 -
AWS bets on accuracy in generative AI deployment race
The cloud giant is taking a full-stack approach to generative AI, which doubles down on security and reliable results.
By Naomi Eide • Sept. 26, 2023 -
Cisco to buy Splunk for $28B
Forrester's Allie Mellen calls it a massive win for Cisco's security business, but said security leaders are concerned about potential SIEM quality degradation.
By Naomi Eide • Sept. 21, 2023 -
AI is entering the enterprise application security tool stack
Reports from Gartner and Rackspace show a broad enterprise appetite to weave AI into the tool stack, especially across application security.
By Naomi Eide • Sept. 20, 2023 -
US is making headway on securing cyber infrastructure, commission says
While Cyberspace Solarium Commission leaders praised U.S. cybersecurity improvements, they said more work is needed to secure critical infrastructure.
By David Jones • Sept. 20, 2023 -
FBI director urges private sector to work with the agency on cyber threats
Christopher Wray told attendees at Mandiant’s mWISE 2023 private sector assistance contributed to the success of several recent operations.
By David Jones • Sept. 19, 2023 -
SEC cyber disclosure rules: What’s the role of the CIO?
CIOs are on the front lines of managing the IT estate, making them a critical part of rapid incident response.
By Roberto Torres • Sept. 19, 2023 -
Deep Dive
Security has an underlying defect: passwords and authentication
Cyberattacks are fueled by the shortcomings of business authentication controls. Bad things happen when access falls apart and credentials land in the wrong hands.
By Matt Kapko • Sept. 18, 2023 -
White House, federal cyber leaders pledge renewed support for open source security
CISA released a roadmap for open source software security as industry officials convened to map out additional steps to protect federal agencies and the larger ecosystem.
By David Jones • Sept. 13, 2023 -
IronNet considers bankruptcy after it furloughs most workers
The furloughs will effectively end most of the cybersecurity firm’s operations unless it can find additional sources of liquidity.
By David Jones • Sept. 12, 2023 -
CISA director: Critical infrastructure cyber incident reporting rules almost ready
The Cybersecurity and Infrastructure Security Agency is in the final stages of work on the reporting requirements included in a March 2022 law.
By David Jones • Sept. 8, 2023