Security

More research connects security burnout with business risk

One in three 1Password respondents said burnout adds to a decline in initiative and motivation, which also reduces compliance with security protocols.

By Samantha Schwartz • Dec. 7, 2021

The 5 risks of sharing data with partners

Selecting a provider that focuses on privacy will help you build trust with data governance stakeholders.

By Davis Wilkinson, Senior Product Manager, LiveRamp Privacy Tech Solutions • Dec. 6, 2021

Explore the Trendline➔

Cybersecurity

Security strategies benefit from nimbleness as companies respond to a pandemic, a boundless perimeter and questions about supply chain trust. 

By CIO Dive staff

The death of non-competes & how to protect an IP

Non-competes don't stop IP theft, but this new approach to data protection will.

Dec. 6, 2021

Marriott is still covering — and recovering — expenses from its 2018 data breach

The hotel has seen an increase in renewal costs for its cyber insurance "over the last several years," the company said. 

By Samantha Schwartz • Dec. 3, 2021

Security disconnect: Why the CISO role is evolving

CISOs are too focused on security operations, writing policies or vendor management. But their time is better spent on business strategy.

By Samantha Schwartz • Nov. 29, 2021

Enterprises prepare for ransomware threats during Thanksgiving

Retail, transportation and other sectors are bracing for heightened cyber risks, placing renewed pressure on security operations. 

By David Jones • Nov. 23, 2021

The Water Cooler: How 5 executives disconnect for the holidays

Fully unplugging during a holiday break can be challenging — and a little scary, given the elevated cybersecurity risk. But it's not impossible.

By Roberto Torres • Nov. 19, 2021

What to consider when connecting cyber, business strategy

The common issue security and business leaders run into is miscommunication, Gartner's Jeffrey Wheatman said. 

By Samantha Schwartz • Nov. 17, 2021

A year after SolarWinds, third-party risk still threatens the software supply chain

Using open source or commercially available software for digital transformation has introduced risk into organizations' environments.

By David Jones • Nov. 12, 2021

Better security, access policies can combat cloud misconfigurations

Data disclosures from cloud misconfigurations are often the result of human error — but policies, not users, are to blame.  

By Brian Eastwood • Nov. 4, 2021

Corporate boards, C-suites finally prioritize cyber after years of business risk

Following a surge of supply chain attacks and ransomware over the past year, enterprise leaders are giving cybersecurity the attention it deserves.

By David Jones • Nov. 3, 2021

Solving the people problem: insider risk and trust

Insider risk is a people problem — but your people aren't the problem.

Nov. 1, 2021

The Water Cooler: How 5 execs operate under crisis

When an outage or attack hits, IT executives must calmly guide the organization toward a resolution. It's often easier said than done.

By Roberto Torres • Oct. 29, 2021

IT's most 'anxiety-inducing' cyberattacks of 2021

"PrintNightmare is just like the flipping gift that keeps on giving," Jason Slagle of CNWR IT Consultants said. "You can get popped by it, and then literally every week there's some sort of update." 

By Samantha Schwartz • Oct. 29, 2021

SolarWinds threat actor targeted IT service providers in thousands of attacks, Microsoft says

The Russian nation-state threat actor Nobelium used password spraying to gain access to reseller and IT service provider systems. At least 14 attacks resulted in breaches, Microsoft said. 

By Samantha Schwartz • Oct. 25, 2021

Avoid paying ransoms, Gartner says. Instead, focus on situational awareness

In the event of a ransomware attack, CISOs need to pause amid chaos and gain a better understand around steps to recovery. 

By Samantha Schwartz • Oct. 20, 2021

As ransomware attacks skyrocket, blind spots leave organizations vulnerable

Ransomware attacks are becoming more complex with organizations now facing double or triple extortions. Common blind spots continue to place scores of organizations at risk.

By Chris Ripkey, Senior Director – Cybersecurity, ConvergeOne • Oct. 18, 2021

Users have bad security habits. What can businesses do?

"As strange as it sounds, in the case of a security incident in the enterprise, you can't blame the user," Bitdefender's Alex "Jay" Balan said. 

By Samantha Schwartz • Oct. 14, 2021

CISOs: Approach the board with precision, simplicity

Executives from PepsiCo, Mandiant and Texas Children's Hospital honed the art of approaching the board. Their techniques leave stakeholders asking, "Do you need anything?"

By Samantha Schwartz • Oct. 11, 2021

The Water Cooler: 4 IT execs on their first incident response steps

The first step to recovery is planning ahead. But during a crisis, how leadership prioritizes resources and actions from the get-go can determine mitigation.

By Katie Malone , Roberto Torres • Oct. 1, 2021

With remote work, any employee could be an insider threat. How is CISA mitigating the risk?

Companies can use a new self-assessment tool from CISA to generate reports on their tolerance and capabilities for preventing insider threats. 

By Samantha Schwartz • Sept. 30, 2021

How hackers are making the leap from cloud to the software build processes

Almost all deployed third-party container applications have known vulnerabilities, research from Palo Alto Networks' Unit 42 found.

By Samantha Schwartz • Sept. 29, 2021

How to build software supply chain transparency

The Biden administration wants more transparency in the software supply chain. Will private industry join in?

By Samantha Schwartz • Sept. 22, 2021

Enterprises plan major investments as remote work escalates security risk: report

Companies are struggling to manage security as the work-from-home model moves from an emergency stopgap to a more permanent environment. 

By David Jones • Sept. 22, 2021

Boards rethink incident response playbook as ransomware surges

Corporate boards are no longer rubber-stamping assurances from CIOs or CISOs but are bringing in outside experts, asking more questions and preparing for the risk of personal liability.

By David Jones • Sept. 16, 2021