Organizations still downloading vulnerable Log4j versions

Log4j vulnerabilities impacted more than 17,000 Java packages, representing about 4% of the ecosystem, researchers found.

By David Jones • Dec. 22, 2021

5 trends businesses to consider when planning 2022 cybersecurity budgets

Read more from Kaspersky's Vice President of Corporate Business on 2022 cybersecurity budget trends.

By Evgeniya Naumova, Executive VP, Corporate Business at Kaspersky • Dec. 20, 2021

Explore the Trendline➔

IT Security

Security strategies benefit from nimbleness as companies respond to high-profile vulnerabilities and support internal talent gaps.

By CIO Dive staff

Log4j: What we know (and what's yet to come)

The vulnerability has upended federal officials and the infosec industry, putting hundreds of millions of devices and systems at risk. 

By David Jones • Dec. 17, 2021

Security teams prepare for the years-long threat Log4j poses

Industry is still investigating the full extent of the vulnerability, which limits the actions security teams can immediately take. 

By Samantha Schwartz • Dec. 16, 2021

Log4j threat expands as second vulnerability emerges and nation states pounce

Early-stage ransomware attempts are underway, and federal officials are urging organizations to protect IT systems.

By David Jones • Dec. 15, 2021

Log4j under siege, millions of devices vulnerable

Technology firms are scrambling to investigate and patch their systems amid reports of more than 800,000 attempted attacks.

By David Jones • Dec. 14, 2021

Is the security of legacy IT providers prompting a confidence crisis?

Research commissioned by CrowdStrike found security professionals are losing confidence in providers like Microsoft amid the rise in supply chain attacks. Microsoft has thoughts. 

By David Jones • Dec. 8, 2021

More research connects security burnout with business risk

One in three 1Password respondents said burnout adds to a decline in initiative and motivation, which also reduces compliance with security protocols.

By Samantha Schwartz • Dec. 7, 2021

The death of non-competes and how to protect an IP

Non-competes don't stop IP theft, but this new approach to data protection will.

Dec. 6, 2021

The 5 risks of sharing data with partners

Selecting a provider that focuses on privacy will help you build trust with data governance stakeholders.

By Davis Wilkinson, Senior Product Manager, LiveRamp Privacy Tech Solutions • Dec. 6, 2021

Marriott is still covering — and recovering — expenses from its 2018 data breach

The hotel has seen an increase in renewal costs for its cyber insurance "over the last several years," the company said. 

By Samantha Schwartz • Dec. 3, 2021

Security disconnect: Why the CISO role is evolving

CISOs are too focused on security operations, writing policies or vendor management. But their time is better spent on business strategy.

By Samantha Schwartz • Nov. 29, 2021

Enterprises prepare for ransomware threats during Thanksgiving

Retail, transportation and other sectors are bracing for heightened cyber risks, placing renewed pressure on security operations. 

By David Jones • Nov. 23, 2021

The Water Cooler: How 5 executives disconnect for the holidays

Fully unplugging during a holiday break can be challenging — and a little scary, given the elevated cybersecurity risk. But it's not impossible.

By Roberto Torres • Nov. 19, 2021

What to consider when connecting cyber, business strategy

The common issue security and business leaders run into is miscommunication, Gartner's Jeffrey Wheatman said. 

By Samantha Schwartz • Nov. 17, 2021

A year after SolarWinds, third-party risk still threatens the software supply chain

Using open source or commercially available software for digital transformation has introduced risk into organizations' environments.

By David Jones • Nov. 12, 2021

Better security, access policies can combat cloud misconfigurations

Data disclosures from cloud misconfigurations are often the result of human error — but policies, not users, are to blame.  

By Brian Eastwood • Nov. 4, 2021

Corporate boards, C-suites finally prioritize cyber after years of business risk

Following a surge of supply chain attacks and ransomware over the past year, enterprise leaders are giving cybersecurity the attention it deserves.

By David Jones • Nov. 3, 2021

Solving the people problem: insider risk and trust

Insider risk is a people problem — but your people aren't the problem.

Nov. 1, 2021

The Water Cooler: How 5 execs operate under crisis

When an outage or attack hits, IT executives must calmly guide the organization toward a resolution. It's often easier said than done.

By Roberto Torres • Oct. 29, 2021

IT's most 'anxiety-inducing' cyberattacks of 2021

"PrintNightmare is just like the flipping gift that keeps on giving," Jason Slagle of CNWR IT Consultants said. "You can get popped by it, and then literally every week there's some sort of update." 

By Samantha Schwartz • Oct. 29, 2021

SolarWinds threat actor targeted IT service providers in thousands of attacks, Microsoft says

The Russian nation-state threat actor Nobelium used password spraying to gain access to reseller and IT service provider systems. At least 14 attacks resulted in breaches, Microsoft said. 

By Samantha Schwartz • Oct. 25, 2021

Avoid paying ransoms, Gartner says. Instead, focus on situational awareness

In the event of a ransomware attack, CISOs need to pause amid chaos and gain a better understand around steps to recovery. 

By Samantha Schwartz • Oct. 20, 2021

As ransomware attacks skyrocket, blind spots leave organizations vulnerable

Ransomware attacks are becoming more complex with organizations now facing double or triple extortions. Common blind spots continue to place scores of organizations at risk.

By Chris Ripkey, Senior Director – Cybersecurity, ConvergeOne • Oct. 18, 2021

Users have bad security habits. What can businesses do?

"As strange as it sounds, in the case of a security incident in the enterprise, you can't blame the user," Bitdefender's Alex "Jay" Balan said. 

By Samantha Schwartz • Oct. 14, 2021