Threat actors pressure OT, critical infrastructure by leaking sensitive data

Mandiant research shows threat actors exposing highly sensitive data amid increased attacks against industrial targets.

By David Jones • Feb. 2, 2022

Conflict over Ukraine raises cyber risk for US enterprises

A diplomatic standoff with Russia threatens to drag U.S. companies and critical infrastructure into wider security crisis that could echo NotPetya. 

By David Jones • Feb. 1, 2022

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

Cyberthreat trends to watch in 2022

Cybercriminals are finding ways to manipulate corporate data, and for that problem, there really is no end in sight.

By Sue Poremba • Jan. 31, 2022

3 tactics shaping ransomware mitigation in 2022

Though businesses have become more confident in preventing ransomware attacks, confronting risk is an internal commitment.

By Samantha Schwartz • Jan. 31, 2022

DHS warns local authorities, critical infrastructure providers over potential Russia threat

As tensions rise over a possible incursion into the Ukraine, federal authorities say Russia may launch direct cyberattacks against targets in the U.S. 

By David Jones • Jan. 25, 2022

Careless employees behind the majority of insider threat incidents: report

Insider cybersecurity threats continue to rise — and it's partially due to employee apathy. 

By Samantha Schwartz • Jan. 25, 2022

Boards, CISOs seek alignment on OT security challenges

CISOs at industrial companies should inform senior leadership of the unique risks and challenges of potential ransomware and supply chain attacks.

By David Jones • Jan. 24, 2022

It's time to focus on critical infrastructure systems security

Cyber-physical systems running on legacy infrastructure are ideal attack surfaces for malicious actors. 

By Katell Thielemann • Jan. 24, 2022

Ukraine tensions raise cyberthreats against US companies, critical infrastructure

CISA is urging companies to prepare for cyber activity as an offensive malware that can wipe hard drives clean spreads in Ukraine.

By David Jones • Jan. 21, 2022

Feds want businesses to report cyberattacks — the agency doesn't matter

The FBI's Bryan Vorndran compared a cyberattack to a house robbery: Law enforcement assists with attack response while CISA is representative of an alarm company tasked with prevention. 

By Samantha Schwartz • Jan. 14, 2022

Google Drive, OneDrive top cloud apps for malware delivery: report

Netskope's findings are based on blocked malware, so the hacker's attempts to get a user to open a malicious download were initially successful. 

By Samantha Schwartz • Jan. 12, 2022

NY attorney general probes widespread credential stuffing, 17 companies affected

The OAG worked with the impacted companies to uncover how threat actors bypassed security safeguards, which led almost all the companies to strengthen security controls.

By Samantha Schwartz • Jan. 6, 2022

What threats 4 security professionals are watching over the holidays

With SOCs down a few people, the time away will test processes and technology. 

By Samantha Schwartz • Dec. 23, 2021

Beyond backup: Modern ransomware coercion tactics and how to detect them before it is too late

Despite lots of ransomware advice centering on backing up files and systems, it's important to remember that precursors to ransomware can be identified and attacks disrupted, the author writes. 

By George Glass • Dec. 9, 2021

Is the security of legacy IT providers prompting a confidence crisis?

Research commissioned by CrowdStrike found security professionals are losing confidence in providers like Microsoft amid the rise in supply chain attacks. Microsoft has thoughts. 

By David Jones • Dec. 8, 2021

A year later, Nobelium-linked threat actors still target businesses, government

Threat actors seeking sensitive data are compromising CSPs and MSPs to go after Microsoft 365 and Azure AD environments, Mandiant found. 

By David Jones • Dec. 6, 2021

Insurer Lloyd's slashes coverage on state-sponsored cyberattacks, reflecting battered market

The limits for state-sponsored attack coverage comes at a time when nation-state activity and ransomware linked to foreign threat actors is surging.

By David Jones • Dec. 3, 2021

Majority of US retailers, critical infrastructure unscathed after holiday cyber warnings

Industry averted a major cyber incident amid warnings from the FBI and CISA, though home furnishings retailer Ikea fought to contain a sophisticated phishing attack.

By David Jones • Nov. 30, 2021

3 ways the cybercriminal business is changing

Now that ransomware has been thrust into the limelight, cybercriminals are adjusting their business models. Here is what enterprises need to know.

By Robert McArdle • Nov. 29, 2021

The value of threat modeling in an evolving security landscape

The flow of information is more unpredictable than it was just a few years ago, so the threat modeling that was once used doesn't work today. 

By Sue Poremba • Nov. 29, 2021

Enterprises prepare for ransomware threats during Thanksgiving

Retail, transportation and other sectors are bracing for heightened cyber risks, placing renewed pressure on security operations. 

By David Jones • Nov. 22, 2021

Data resilience: The new frontier of modern day protection

With data under constant stress, now is the time to shift from data protection to data resiliency.

By Stephen Manley, CTO, Druva • Nov. 22, 2021

ICS security investments blocked by management confusion

Until cyber risks in operational technology are better understood — and IT and OT can overcome cultural differences — companies can stall additional investments.  

By Samantha Schwartz • Nov. 10, 2021

Ransomware actors attempt to toy with stock valuation, disrupt M&A, FBI says

The agency warns that threat actors are trying to access time sensitive information in order to force targeted companies into making fast decisions on whether to pay a ransom. 

By David Jones • Nov. 3, 2021

Most companies dealing with employee misuse of business apps: report

Nearly half of organizations say they lack the ability to see how remote workers are using business applications that contain high-value data.

By David Jones • Nov. 2, 2021