Defending the unknown: Companies may not be getting the full story on cyberthreats

Because of the way some data is presented, there is no way to know what vital information might be missing.

By Sue Poremba • Jan. 4, 2021

How one hospital is defending against ransomware

By the time the Ryuk ransomware alert was issued, Rush Memorial Hospital had at least two risk mitigation measures: improved backup as a service and a systems engineer with an evasion plan. 

By Samantha Schwartz • Dec. 22, 2020

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

Tracking SolarWinds cyberattack fallout, play-by-play

As more companies are discovering impact from the SolarWinds hack, attention is turning toward far-reaching supply chain vulnerabilities. 

By Samantha Schwartz , David Jones , Naomi Eide , Katie Malone • Updated Jan. 4, 2021

CISA warns of more backdoors beyond SolarWinds Orion

The extent of compromised data is not disclosed. What is clear? Threat actors relied on the supply chain for widespread access.

By Samantha Schwartz • Dec. 17, 2020

Microsoft to begin blocking binaries linked to SolarWinds cyberattack

Microsoft Defender Antivirus will quarantine the trojan before it can begin processing, though the company said "it may not be simple to remove the product from service."

By Samantha Schwartz • Dec. 16, 2020

IT execs face growing pressure to balance security with productivity

Companies are caught between competing interests as remote workers offset digital security needs with work-life balance.

By David Jones • Dec. 14, 2020

Federal agencies warn of heightened cyberthreats against K-12 schools

Cyberattackers are trying to steal data and disrupt remote learning as COVID-19 continues to impact schools, the FBI, CISA and MS-ISAC said. 

By David Jones • Dec. 11, 2020

NSA calls out Russia-backed exploit of VMware virtual workspace platform

Network administrators in defense and national security were warned to patch systems where bad actors can gain access to data.

By David Jones • Dec. 8, 2020

State of K-12 cybersecurity, from traditional IT to classroom lessons

Panelists at the annual ed tech conference last week told educators about the importance of cybersecurity practices as schools are targeted for disruptions and unauthorized disclosures. 

By Roger Riddell • Dec. 7, 2020

Why some industries are more secure than others

Threats go beyond industry and target organizations depending on business size. Company size is a factor, but so is investment in cyber defense. 

By Sue Poremba • Dec. 7, 2020

Kmart's reported ransomware attack highlights ongoing threat to retail

Egregor is emerging as growing cyberthreat as the pandemic shifts holiday shopping even further toward e-commerce.

By David Jones • Dec. 4, 2020

NERC expands IT-focused cybersecurity program as hackers target grid operations tech

Previously focused on utility operations IT, the Cybersecurity Risk Information Sharing Program will now include two pilots scanning for threats to operational technologies.

By Robert Walton • Dec. 4, 2020

Trickbot evolves, adding firmware-level threat to its repertoire, report says

The biggest implication of the discovery focuses on resiliency planning for enterprises, with the risk of mass destruction, researchers found. 

By Samantha Schwartz • Dec. 3, 2020

Persistent cyberthreat groups target US think tanks, CISA says

Advanced persistent threat groups, including Cozy Bear, have a history victimizing research and policy institutes. 

By Samantha Schwartz • Dec. 2, 2020

Supreme Court decision on computer fraud law hinges on one word — 'so'

The U.S. Supreme Court held the Computer Fraud and Abuse Act does not cover incidents which individuals with authorized access to a computer system abuse access privileges.

By Samantha Schwartz • Updated June 3, 2021

A cyber stakeholder's guide to Van Buren vs. US

The Supreme Court could determine what constitutes the limits of authorized computer access under the Computer Fraud and Abuse Act. Should this issue be left for Congress?

By Samantha Schwartz • Nov. 30, 2020

Sharp rise in IT spending as cyberthreats evolve, Crowdstrike finds

Companies had to evolve as legacy security systems, including firewalls and antivirus software, fell short during the pandemic. 

By David Jones • Nov. 25, 2020

Black Friday threat to watch: Inevitable employee online shopping

This year, security organizations had just over eight months to adapt to security challenges of remote work and risky behaviors.

By Samantha Schwartz • Nov. 25, 2020

Carnegie researchers seek urgent action to combat financial cyberthreats

Fintech business development and digital transformation in banking is creating opportunities for malicious actors to attack vulnerable systems.

By David Jones • Nov. 20, 2020

Why does industry say there are air gaps between IT and OT?

Not only is OT connected to the internet now, cyberattacks can trickle through IT environments.

By Samantha Schwartz • Nov. 16, 2020

Ransomware latches onto fake ads for Microsoft Teams updates

When a victim clicked on a corrupt link, a PowerShell script was executed via a payloader. To disguise the malicious activity, a "legitimate copy" of Microsoft Teams was also installed.

By Samantha Schwartz • Nov. 12, 2020

How companies are meeting the challenge of a changing cyberthreat landscape

Security teams don't have as much access to remote work devices, which obscures network visibility. Cybercriminals capitalized on the opportunity.

By Sue Poremba • Nov. 11, 2020

US election cybersecurity ushers in public, private sector coordination next steps

A quiet Election Day highlights what's possible in cybersecurity deterrence, Sen. Angus King said. 

By Samantha Schwartz • Nov. 9, 2020

Ryuk is challenging traditional 'find a flaw, fix a flaw' strategy

There is no universal solution for ransomware prevention, and even simulated phishing campaigns for employee awareness and deterrence fall short.

By Samantha Schwartz • Nov. 4, 2020

Most organizations don't have an election cyber war room. They don't need one

The latest technological developments are almost irrelevant if security is absent from company culture. It's a matter of reminding organizations of their security hygiene.

By Samantha Schwartz • Nov. 3, 2020