Big tech is fixing bugs faster. Will that influence trickle down?

If a customer lacks urgency in deploying a patch, a flaw can linger. 

By Sue Poremba • April 1, 2022

The security challenge for 2022: Operating under a continuous assurance model

Companies are turning to continuous assurance to answer increased compliance maturity expectations.

March 28, 2022

Explore the Trendline➔

IT Security

Security strategies benefit from nimbleness as companies respond to high-profile vulnerabilities and support internal talent gaps.

By CIO Dive staff

White House warns US of possible Russian cyberattack linked to Ukraine invasion

The warnings come after federal authorities convened more than 100 critical infrastructure organizations to share classified cyberthreat information.

By David Jones • March 21, 2022

Dinner is served: Cyber M&A feeding frenzy shows hunger for trust

Google spent $5.4 billion to acquire Mandiant, which it plans to fold into Google Cloud. It was just one of 200-plus cybersecurity deals struck last year.

By Naomi Eide • March 17, 2022

Russian state-sponsored actors target PrintNightmare, MFA settings

ESET researchers are separately warning about new data wiping malware.

By David Jones • March 16, 2022

Google swoops in to buy Mandiant for $5.4B after weeks of market speculation

The deal follows reported negotiations between Microsoft and Mandiant, after the incident response specialist sold off its FireEye products business late last year.

By David Jones • March 8, 2022

How to prepare employees for elevated cyber risk from the Ukraine crisis

The conflict is still in its early stages, which may complicate employer response. But a good place to start may be to ensure baseline preparedness.

By Ryan Golden • March 3, 2022

Ukraine war tests cyber insurance exclusions

Enterprise customers should expect higher premiums and more restrictive underwriting criteria, though a recent court ruling may force insurers to honor wartime claims.

By David Jones • March 3, 2022

New cyberattacks emerge in Ukraine targeting government and industry

Researchers say the release of new malware strains was planned for months.

By David Jones • March 1, 2022

Cyberattack on Nvidia results in data leak, credential theft

The incident took place as Russia's war in Ukraine unfolds against a backdrop of U.S. warnings to protect critical industries.

By Naomi Eide , David Jones • Updated March 1, 2022

Botnets, data wiping malware spread as Ukraine incursion begins

A new variant of Cyclops Blink is now targeting Asus routers. 

By David Jones • Updated March 18, 2022

Ukraine conflict spotlights business need for cyber resilience

In the crosshairs: critical infrastructure and companies with global operations.

By Roberto Torres • Updated Feb. 24, 2022

Security hampers enterprise cloud adoption: report

Multicloud adds complexity as IT security teams struggle with alert fatigue.

By David Jones • Feb. 23, 2022

Critical SAP vulnerabilities leave broad exposure, fixes require downtime

Thousands of systems remain vulnerable, including applications not connected to the public internet. 

By David Jones • Feb. 17, 2022

Critical SAP vulnerabilities spur CISA, researcher pleas for urgent patching

Onapsis security researchers warn attackers could take full control of systems to steal data, disrupt critical business functions and launch ransomware.

By David Jones • Feb. 10, 2022

Security strategies evolve while spending flatlines

Organizations want more bang for their buck, which can mean eschewing single-use products. 

By Brian Eastwood • Feb. 9, 2022

Cyberthreat trends to watch in 2022

Cybercriminals are finding ways to manipulate corporate data, and for that problem, there really is no end in sight.

By Sue Poremba • Jan. 31, 2022

How Log4j is shaping enterprise security strategies

Federal officials warned companies of the long-term implications of Log4j. Leaders are taking internal steps to keep threat actors at bay.

By Roberto Torres • Jan. 27, 2022

CIO involvement in security grows as CEOs target risk reduction

An IDG survey found security improvements are driving IT budget increases. 

By Samantha Schwartz • Jan. 27, 2022

Careless employees behind the majority of insider threat incidents: report

As companies come to terms with the semi-permanence of mass remote work, insider cybersecurity threats continue to rise — and it's partially due to employee apathy. 

By Samantha Schwartz • Jan. 25, 2022

Using portions of open source in software development threatens app security

While companies employ safeguards to detect flaws in applications, the likelihood of organizations running a complete database of all the places a vulnerability lives is slim.

By Samantha Schwartz • Jan. 20, 2022

Google Drive, OneDrive top cloud apps for malware delivery: report

Google Drive replaced Microsoft OneDrive as the app with most malware downloads in 2021, accounting for more than one-third of malware downloads.

By Samantha Schwartz • Jan. 12, 2022

Phishing lures await in Google Docs comments

Email addresses are hidden when someone mentions a user in a comment, so the human instinct to question the legitimacy of the notification decreases. 

By Samantha Schwartz • Jan. 10, 2022

C-suite leaders confident in ransomware protections, despite more attacks

The increase in confidence may come from improved communication between business leaders and security teams, according to (ISC)².

By Samantha Schwartz • Jan. 5, 2022

Log4j threats expected to play out well into 2022

As industry returns from the holiday break, organizations are assessing potential security threats from Log4j, ranging from coin miners to hands-on-keyboard attacks.

By David Jones • Jan. 4, 2022