Only one-third of firms deploy safeguards against generative AI threats, report finds

Generative AI gives attackers an edge over cyber defenders, according to a survey of security experts.

By Jim Tyson • May 13, 2024

68 tech, security vendors commit to secure-by-design practices

Microsoft and Google are among the providers signing a voluntary pledge to boost cyber resiliency and transparency.

By David Jones • May 10, 2024

Explore the Trendline➔

IT Security

Security strategies benefit from nimbleness as companies respond to high-profile vulnerabilities and support internal talent gaps.

By CIO Dive staff

Microsoft restructures security governance, aligning deputy CISOs and engineering teams

The company will enhance management roles under the CISO and partially tie compensation to security performance.

By David Jones • May 7, 2024

Amazon tempts enterprises to customize AI on AWS

CEO Andy Jassy called the hyperscaler’s move to open its Bedrock platform to tailored models “a sneaky big launch.”

By Matt Ashare • May 3, 2024

Amazon CEO touts AWS cloud security as AI risk concerns mount

Andy Jassy urged enterprises “not to overlook the security and operational performance” of cloud-based generative AI services. “It’s less sexy, but critically important.”

By Matt Ashare • May 1, 2024

What is success in cybersecurity? Failing less.

Defenders aren’t measured by pure wins or losses. Intrusions will happen, and their job is to keep a bad situation from getting worse.

By Matt Kapko • April 29, 2024

Cybersecurity jobs pay well, but gender disparities persist

ISC2’s analysis found significant financial benefits for U.S. cybersecurity professionals, but pay gaps persist across levels of seniority by gender.

By Matt Kapko • April 12, 2024

Microsoft Exchange state-linked hack entirely preventable, cyber review board finds

The technology giant’s corporate culture fell short on security investments and risk management, and needs significant reforms, according to a damning report by the U.S. Cyber Safety Review Board.

By David Jones • April 3, 2024

Threat groups hit enterprise software, network infrastructure hard in 2023

Actively exploited high-risk vulnerabilities rose threefold in enterprise software and network infrastructure, according to Recorded Future.

By Matt Kapko • March 25, 2024

How CIOs can infuse security into generative AI adoption

As the AI ecosystem grows and more tools connect to internal data, threat actors have a wider field to introduce vulnerabilities.

By Lindsey Wilkinson • March 21, 2024

How companies describe cyber incidents in SEC filings

The words businesses use in cybersecurity disclosures matter. They can channel confidence in the recovery process, potential impacts and legal liabilities.

By Matt Kapko • March 21, 2024

3 months into cyber disclosure rules, what’s material to the SEC?

As attacks become more sophisticated and destructive, companies are struggling to find conclusive estimates of the financial impact of cyberattacks.

By David Jones • March 19, 2024

White House adds teeth to secure software development requirements

The guidelines are designed to ensure software producers working with the U.S. government comply with standards for secure development.

By David Jones • March 15, 2024

Cloud intrusions spiked 75% in 2023, CrowdStrike says

Threat actors took advantage of inconsistent cloud security structures, abusing unique features of the technology to initiate attacks.

By Matt Kapko • Feb. 26, 2024

National cyber director urges private sector collaboration to counter nation-state cyber threat

The Biden administration is exploring plans to hold manufacturers accountable for poor security while also working to harmonize regulations, the official said.

By David Jones • Feb. 13, 2024

What to know about the 200-member AI safety alliance

The alliance aims to support "the development and deployment of safe and trustworthy artificial intelligence," the U.S. Department of Commerce said.

By Roberto Torres • Feb. 8, 2024

AI-generated code leads to security issues for most businesses: report

More than three-quarters of developers bypass established protocols to use code completion tools despite potential risks, Snyk’s research found. 

By Lindsey Wilkinson • Jan. 29, 2024

Midnight Blizzard attack seen as another sign of Microsoft falling short on security

Critics say the hack of senior Microsoft executives’ emails is another example of a longstanding series of security lapses and foot-dragging by the company.

By David Jones • Jan. 26, 2024

Microsoft to overhaul internal security practices after Midnight Blizzard attack

After the company disclosed a Russia-affiliated threat actor stole data from senior executives, experts are raising questions about its security capabilities and practices.

By David Jones • Jan. 22, 2024

Cyber tops business risk for enterprises worldwide, report finds

Worries over cybersecurity replaced business interruption as the top concern among U.S. businesses, according to the Allianz Risk Barometer.

By David Jones • Jan. 17, 2024

LastPass enforces 12-character master password lengths

The password manager enforced its guidance on master password complexity nearly a year and a half after a major cyberattack.

By Matt Kapko • Jan. 5, 2024

CompTIA bolsters training portfolio, adds AI fundamentals and AWS pro certs

The rollout will include new cybersecurity, data science and full-stack credentials and refresh five existing certification programs.

By Matt Ashare • Jan. 3, 2024

Cyber risk strategies in hot seat as SEC rules go live

Shifts in regulatory scrutiny are pushing companies to reassess cyber governance and mitigation at the highest levels.

By David Jones • Dec. 22, 2023

What the SEC weighed as it finalized its cyber disclosure rules

Compliance costs and a company’s need to remediate security incidents shaped the SEC’s final guidance.

By David Jones • Dec. 19, 2023

Challenging the ‘good enough’ cybersecurity mindset

The volume of cyber threats keeps growing, pushing companies to reevaluate the adequacy of existing resources.

By Jen A. Miller • Dec. 8, 2023