Software industry urged to assume risk on open source security

The Open Source Security Foundation called on commercial and non-commercial organizations that use open source software components to adopt better security practices.

By David Jones • Sept. 1, 2023

Security basics aren’t so basic — they’re hard

Lax security controls cause heavy damages, and security experts warn unmet basic requirements lead, time and again, to data breaches.

By Matt Kapko • Aug. 21, 2023

Explore the Trendline➔

IT Security

Security strategies benefit from nimbleness as companies respond to high-profile vulnerabilities and support internal talent gaps.

By CIO Dive staff

Hidden revenue: Checkout is the key to conversion in retail

Learn how important the customer checkout experience is in e-commerce.

Aug. 21, 2023

AWS customers’ most common security mistake

All too often organizations are not doing least-privilege work with identity systems, according to AWS’ Mark Ryland.

By Matt Kapko • Aug. 18, 2023

Zoom’s AI terms overhaul set the stage for broader data use scrutiny

The shift to adopt generative AI has created tension between SaaS vendors' data desires and enterprises' security concerns.

By Lindsey Wilkinson • Aug. 16, 2023

SEC cyber rules ignite tension between reputation and security risk

The rules, which take effect Sept. 5, encountered mixed reactions. Some champion board-level accountability. Others say the rules are too big of a lift.

By David Jones • Aug. 16, 2023

Microsoft, cloud security under the microscope with federal cyber review

The federal Cyber Safety Review Board will examine issues related to the state-linked hack of Microsoft Exchange and larger concerns tied to identity management and authentication.

By David Jones • Aug. 14, 2023

How to create seamless customer journeys with generative AI

Explore the transformative power of generative artificial intelligence (GAI) in enhancing customer experiences, leveraging big data and fostering brand loyalty.

By Rick Laner, Chief Customer Officer, Elastic • Aug. 14, 2023

The MOVEit spree is as bad as — or worse than — you think it is

The mass exploit has compromised more than 600 organizations, but that only scratches the surface of the potential number of downstream victims. Security experts project years of fallout.

By Matt Kapko • Aug. 10, 2023

White House launches AI cyber competition to fix software vulnerabilities

In partnership with OpenAI, Anthropic, Google and Microsoft, participants will have access to top AI companies’ technology for designing new cybersecurity solutions.

By Lindsey Wilkinson • Aug. 9, 2023

Zoom emphasizes customer consent as critics question AI service terms

Concerns stem from what Zoom says it will do with customer and service-generated data and what its policy language allows. 

By Lindsey Wilkinson • Updated Aug. 11, 2023

AWS pledges $20M to K-12 cyber training, incident response

The cloud services provider is participating in a broad White House plan to build additional protection to defend schools against ransomware and other threats.

By David Jones • Aug. 8, 2023

Businesses improved cyber incident response times following Log4j, report finds

Security teams have improved their response times during attacks, but post-incident recovery still lagged, according to Immersive Labs.

By David Jones • Aug. 4, 2023

C-suite, rank-and-file at odds over security’s role

Half of executives say security is prioritized when implementing a cloud strategy. Most security workers beg to differ.

By Roberto Torres • Aug. 3, 2023

FINOS moves to rationalize financial industry cloud controls

Citi, Goldman Sachs and Morgan Stanley are among the companies participating in the Fintech Open Source Foundation project, which will introduce a framework this year.

By Matt Ashare • July 28, 2023

SEC votes to overhaul disclosure rules for material cyber events

After a fierce debate, the agency voted to require companies to come clean on material breaches and attacks within four business days of determination.

By David Jones • July 26, 2023

Cybercriminals target highly profitable companies, study finds

Damage from cybercrime far exceeds the sum of costs to targeted companies, harming peer companies and the broader economy, researchers at AEI found. 

By Jim Tyson • July 7, 2023

The role for AI in cybersecurity

Generative AI can become an ally for new security professionals who may otherwise feel overwhelmed. For more seasoned security analysts, it can offer time to refine their skills through automation of repetitive tasks.

By Sue Poremba • July 5, 2023

AI linked to new crop of business email scams

Fraudsters appear to be using AI to craft well-written, malicious email messages at scale.

By Alexei Alexis • June 28, 2023

Google backs $20M effort to train students for key cybersecurity jobs

The program will train diverse students at 20 higher education centers in the U.S. Students will then provide services at under-resourced infrastructure providers.

By David Jones • June 27, 2023

6 strategies for optimizing the security of your SaaS stack

Learn more about different solutions for how your organizations can enhance the security of your ever-growing SaaS stacks.

By Robbie Strickland, Chief Information Officer at Miro • June 26, 2023

Cyber CEOs are all-in on generative AI

Generative AI and LLMs are gaining attention in the security industry, but not everyone is convinced the technologies will deliver the benefits promised.

By Matt Kapko • June 23, 2023

Banks are leveraging modern cloud security tools to mitigate human error

The financial sector’s cloud workloads more than doubled from 2021 to 2022. What does this mean for the industry?

By Brandon Mavleos • June 20, 2023

Hyperscalers seen as key tool in shifting balance of cyber risk

The acting national cyber director says more oversight may be necessary, but a resilient cloud infrastructure is critical to the national cybersecurity strategy.

By David Jones • June 12, 2023

Cybercriminals target C-suite, family members with sophisticated attacks

Senior executives are being targeted for IP theft, doxxing and extortion, often through home office networks.

By David Jones • June 7, 2023