Ransomware defense guidance risks hang-ups under many steps

Small and mid-sized businesses don’t typically have the resources to meet every safeguard. But every action, however small, helps.

By Matt Kapko • Aug. 4, 2022

Most cyberattacks come from ransomware, email compromise

Attackers are scanning for vulnerabilities in unpatched systems within 15 minutes, stressing the pace and scale of the threat.

By Matt Kapko • Aug. 2, 2022

Explore the Trendline➔

IT Security

Security strategies benefit from nimbleness as companies respond to high-profile vulnerabilities and support internal talent gaps.

By CIO Dive staff

AWS wants to be an enterprise security strategy advisor

The cloud giant advised customers to focus on specific needs, and rely on embedded defenses running automatically behind the scenes.

By Matt Kapko • July 27, 2022

Where 5 programs are investing to close cyber skills gap

In line with a White House push to close the cyber skills gap, technology firms, nonprofits and other organizations have launched a range of programs to develop a new generation of workers.

By David Jones • July 26, 2022

Threat actors use Google Drive, Dropbox to launch cyberattacks

By using trusted applications, threat actors gain a low-cost way to collect data and host malware, Unit 42 researchers said.

By David Jones • July 20, 2022

Fake GitHub commits can trick developers into using malicious code

Threat actors can easily alter the identity and timestamp associated with software updates, putting developers at serious risk, Checkmarx research shows.

By Matt Kapko • July 18, 2022

5 experts demystify post-cloud migration challenges

Businesses must think about what comes after cloud migration and prepare for the challenges that arise once workloads are transferred.

By Lindsey Wilkinson • July 15, 2022

Log4j is far from over, cyber review board says

Exploitation of Log4j occurred at lower levels than experts predicted, yet it remains an "endemic vulnerability," the Cyber Safety Review Board said.

By Naomi Eide • July 14, 2022

Latest Marriott breach shows a human error pattern

The latest incident at the hotel chain is relatively minor compared to major breaches in late 2018 and early 2020, but it signals a pattern of neglect.

By Matt Kapko • July 7, 2022

Cybersecurity expertise creeps onto Fortune 500 boards

Companies are trusting technology experts to advise on cybersecurity and regulatory pressures from the board’s perspective.

By Barbara DeLollis • July 6, 2022

CISO priorities for the second half of 2022

Security executives from Zoom, NS1 and Oomnitza shared their security priorities for the rest of 2022, with a special emphasis on mastering the basics. 

By Sue Poremba • July 5, 2022

Is your remote IT job candidate legit?

Organizations are seeing a rise in deepfakes and stolen identities during the job application process, the FBI said.

By Naomi Eide • June 29, 2022

Organizations lag on confidence and policies to manage open source security

It's taking longer for companies to find open source vulnerabilities, and shaky policies mean only the most critical flaws are attended to. 

By David Jones • June 24, 2022

Analysts nudge businesses to decentralize cybersecurity leadership

The push is to enable employees to make informed security decisions while meeting enterprise needs with spread out security leadership. 

By Lindsey Wilkinson • June 22, 2022

What enterprise leaders can divine from software bills of materials

Cyber defense tool: Software bills of materials (SBOMs) can expose elements of risks in applications.

By Jen A. Miller • June 13, 2022

5 takeaways from the RSA Conference

The event tried to pick up where it left off 28 months ago. Can companies keep up with the accelerated pace and scale of cyber threats?

By Matt Kapko • June 13, 2022

Organizational changes required to mitigate security risks

CIOs are implementing new strategies to lower software supply chain risk, but evaluating internal operations could prove more effective.

By Lindsey Wilkinson • June 7, 2022

Attackers aim for Atlassian Confluence zero day with mass, targeted exploitation

The threat activity comes days after the company released a security fix for the on-premise vulnerability.

By David Jones • June 7, 2022

Microsoft Office zero day leaves researchers scrambling over the holiday weekend

The company warns a successful attack could allow an attacker to install programs, delete data or create new accounts. 

By David Jones • Updated May 31, 2022

Critical VMware vulnerabilities resurface after threat actors evade patches within 48 hours

Even with new patches available, CISA is concerned that threat actors will easily shake off the fixes once again.

By Matt Kapko • May 19, 2022

What cyber insurance companies want from clients

Insurers evaluate how a company leverages technology and what internal standards are in place to manage risk.

By Sue Poremba • April 28, 2022

IT leaders remain bullish on open source despite security hiccups

Enterprise adoption of open source has not cooled, but flaws have highlighted the need for a better understanding of dependencies. 

By Brian Eastwood • April 25, 2022

Threat detection accelerates in Asia, Europe, as notification trends shift

As companies boost defenses and share threat intelligence, malicious actors have less time to escalate attacks.

By David Jones • April 19, 2022

2 years later: What's next in security for the pandemic-era workforce

Organizations can expect the return-to-work model to stress a corporate infrastructure that has languished in recent years. 

By Sue Poremba • April 13, 2022

Federal authorities urged to bolster intel sharing amid nation-state threats

Current Russian cyber activity has been limited, but experts called on federal authorities to keep providing actionable intelligence as risks endure.

By David Jones • April 6, 2022