Security


  • CrowdStrike booth at RSA Conference in San Francisco.
    Image attribution tooltip
    Matt Kapko/CIO Dive
    Image attribution tooltip

    Cloud intrusions spiked 75% in 2023, CrowdStrike says

    Threat actors took advantage of inconsistent cloud security structures, abusing unique features of the technology to initiate attacks.

    By Matt Kapko • Feb. 26, 2024
  • National Cyber Director Harry Coker speaks in Washington.
    Image attribution tooltip
    Permission granted by Information Technology Industry Council
    Image attribution tooltip

    National cyber director urges private sector collaboration to counter nation-state cyber threat

    The Biden administration is exploring plans to hold manufacturers accountable for poor security while also working to harmonize regulations, the official said.

    By David Jones • Feb. 13, 2024
  • Cybersecurity priorities 2020 Explore the Trendline
    Image attribution tooltip
    Yujin Kim/CIO Dive
    Image attribution tooltip
    Trendline

    Cybersecurity

    Security strategies benefit from nimbleness as companies respond to Log4j and other high-profile vulnerabilities, a boundless perimeter and questions about supply chain trust. 

    By CIO Dive staff
  • The White House in Washington DC at summer day.
    Image attribution tooltip
    lucky-photographer via Getty Images
    Image attribution tooltip

    What to know about the 200-member AI safety alliance

    The alliance aims to support "the development and deployment of safe and trustworthy artificial intelligence," the U.S. Department of Commerce said.

    By Feb. 8, 2024
  • IT workers code in office
    Image attribution tooltip
    AnnaStills via Getty Images
    Image attribution tooltip

    AI-generated code leads to security issues for most businesses: report

    More than three-quarters of developers bypass established protocols to use code completion tools despite potential risks, Snyk’s research found. 

    By Jan. 29, 2024
  • Microsoft's visitor center at its Redmond campus.
    Image attribution tooltip
    Stephen Brashear via Getty Images
    Image attribution tooltip

    Midnight Blizzard attack seen as another sign of Microsoft falling short on security

    Critics say the hack of senior Microsoft executives’ emails is another example of a longstanding series of security lapses and foot-dragging by the company.

    By David Jones • Jan. 26, 2024
  • Satya Nadella, CEO of Microsoft, speaks to the media about a joint project called the Volkswagen Automotive Cloud on February 27, 2019 in Berlin, Germany
    Image attribution tooltip
    Sean Gallup via Getty Images
    Image attribution tooltip

    Microsoft to overhaul internal security practices after Midnight Blizzard attack

    After the company disclosed a Russia-affiliated threat actor stole data from senior executives, experts are raising questions about its security capabilities and practices.

    By David Jones • Jan. 22, 2024
  • With cyberattacks becoming more frequent, now is the time for CFOs to shore up their cybersecurity programs and strategies.
    Image attribution tooltip
    Getty Images via Getty Images
    Image attribution tooltip

    Cyber tops business risk for enterprises worldwide, report finds

    Worries over cybersecurity replaced business interruption as the top concern among U.S. businesses, according to the Allianz Risk Barometer.

    By David Jones • Jan. 17, 2024
  • A photo illustration of LastPass logos on a hard drive disk held in someone's hand.
    Image attribution tooltip
    Leon Neal via Getty Images
    Image attribution tooltip

    LastPass enforces 12-character master password lengths

    The password manager enforced its guidance on master password complexity nearly a year and a half after a major cyberattack.

    By Matt Kapko • Jan. 5, 2024
  • Photograph of a man conducting a seminar on Python computer coding in an open plan work arena.
    Image attribution tooltip
    Laurence Dutton via Getty Images
    Image attribution tooltip

    CompTIA bolsters training portfolio, adds AI fundamentals and AWS pro certs

    The rollout will include new cybersecurity, data science and full-stack credentials and refresh five existing certification programs.

    By Jan. 3, 2024
  • Silhouette of several business people at a conference room table.
    Image attribution tooltip
    FangXiaNuo via Getty Images
    Image attribution tooltip

    Cyber risk strategies in hot seat as SEC rules go live

    Shifts in regulatory scrutiny are pushing companies to reassess cyber governance and mitigation at the highest levels.

    By David Jones • Dec. 22, 2023
  • Close up of Gary Gensler speaking during a senate hearing
    Image attribution tooltip
    Kevin Dietsch/Getty Images via Getty Images
    Image attribution tooltip

    What the SEC weighed as it finalized its cyber disclosure rules

    Compliance costs and a company’s need to remediate security incidents shaped the SEC’s final guidance.

    By David Jones • Dec. 19, 2023
  • Coin stacks and blue bar and line graphs on black background.
    Image attribution tooltip
    MicroStockHub via Getty Images
    Image attribution tooltip

    Challenging the ‘good enough’ cybersecurity mindset

    The volume of cyber threats keeps growing, pushing companies to reevaluate the adequacy of existing resources.

    By Dec. 8, 2023
  • CISA Director Jen Easterly
    Image attribution tooltip

    Center for Strategic and International Studies

    Image attribution tooltip

    Authorities pushing for secure AI development practices

    The guidelines are part of a global effort to ensure AI is developed using security as a core component.

    By David Jones • Nov. 29, 2023
  • two technologists looking at a laptop inside a server room
    Image attribution tooltip
    Jacob Wackerhausen via Getty Images
    Image attribution tooltip

    MSPs ready to support SEC cyber disclosure requirements

    With a line of sight on security operations, MSPs hold keys to materiality determinations and annual 10-K reports.

    By Suman Bhattacharyya • Nov. 28, 2023
  • Attendees arrive during AWS re:Invent 2021, a conference hosted by Amazon Web Services, at The Venetian Las Vegas on November 30, 2021 in Las Vegas, Nevada.
    Image attribution tooltip
    Noah Berger / Stringer via Getty Images
    Image attribution tooltip

    Cloud security myths can leave SMBs exposed

    AWS identified three cyber misconceptions that hinder small- and medium-sized businesses as they migrate workloads.

    By Nov. 22, 2023
  • Black Friday weekend 25% off discount banner in a boutique.
    Image attribution tooltip
    Shaun Taylor via Getty Images
    Image attribution tooltip

    Retailers brace for cyberthreat feast ahead of Thanksgiving shopping weekend

    A rise in social engineering and generative AI pose increased risks as phishing attacks and ransomware gain speed and grow more sophisticated.

    By David Jones • Nov. 22, 2023
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/CIO Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA explains how to apply secure-by-design principles

    The focus should be on what manufacturers are doing to keep their customers safe, not the damage attackers might be inflicting, CISA’s Bob Lord said. 

    By Matt Kapko • Nov. 21, 2023
  • Federal Trade Commission Chair Lina Khan speaks during a discussion on antitrust reforms at the Brookings Institution October 4, 2023 in Washington, DC.
    Image attribution tooltip
    Drew Angerer / Staff via Getty Images
    Image attribution tooltip

    FTC extends cloud competition scrutiny to generative AI

    “Cloud computing is a key input for artificial intelligence technologies,” FTC Chair Lina Khan said. 

    By Nov. 20, 2023
  • Bottles of Clorox bleach on a supermarket shelf.
    Image attribution tooltip
    Justin Sullivan via Getty Images
    Image attribution tooltip

    Clorox CISO departs, CIO to step in, months after cyberattack

    The C-suite change comes in the aftermath of a cyberattack that damaged IT infrastructure, led to widespread disruption and negatively impacted earnings. 

    By Nov. 16, 2023
  • Female IT Server Specialist Standing in Data Center. View from Rack Server Cabinet with Cloud Server User Interface Icons and Visualization in the Foreground.
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    CISA targets software identification in push to boost supply chain security

    The plan is part of a wider effort to boost software security using vulnerability management and SBOMs.

    By David Jones • Oct. 31, 2023
  • A photo illustration of LastPass logos on a hard drive disk held in someone's hand.
    Image attribution tooltip
    Leon Neal via Getty Images
    Image attribution tooltip

    LastPass working through ‘systemic’ security overhaul

    The company is retooling its security infrastructure in the wake of a major cyberattack that impacted customer trust last year.

    By Matt Kapko • Oct. 26, 2023
  • Server room (Sefa Ozel/Getty)
    Image attribution tooltip
    Sefa Ozel/Getty via Getty Images
    Image attribution tooltip

    CISA’s top 10 misconfigurations reveal ‘systemic weaknesses’

    Poor credential management, lackluster patching and other common security mistakes continue to harm large enterprises.

    By Matt Kapko • Oct. 20, 2023
  • SEC reporting
    Image attribution tooltip
    Kobus Louw via Getty Images
    Image attribution tooltip

    SMBs seek cyber training, support as attack risk surges

    Small- and medium-sized businesses deal with higher cyber risks than larger enterprises with more resources, according to Sage analysis.

    By David Jones • Oct. 19, 2023
  • Exterior shot of a corporate campus,
    Image attribution tooltip
    Scott Olson/Getty Images) via Getty Images
    Image attribution tooltip

    How P&G rolled out its internal generative AI model

    Built on OpenAI's API, the solution supports over 35 use cases, CIO Vittorio Cretella said.

    By Oct. 18, 2023
  • CISA Director Jen Easterly, RSA Conference 2022
    Image attribution tooltip
    Matt Kapko/CIO Dive
    Image attribution tooltip

    Where to invest to close the cybersecurity skills gap

    Executives in search of top cybersecurity talent should refine their recruitment processes and company culture.

    By Oct. 9, 2023