Security


  • 3D digital circular dynamic wave.
    Image attribution tooltip
    Vitalii Pasichnyk/Getty via Getty Images
    Image attribution tooltip

    Snowflake-linked attacks are testing the cloud’s shared responsibility status quo

    Assigning responsibility for missing security controls is tricky. The burden is collective but cloud providers need to raise minimum standards, experts say.

    By Matt Kapko • June 14, 2024
  • A male IT professional with a laptop in check a server stack.
    Image attribution tooltip
    SolStock via Getty Images
    Image attribution tooltip

    How much does unplanned IT downtime really cost?

    Shutdown digital systems can take a bite out of revenue, but regulatory fines can hit, too, according to a Splunk report released Tuesday.

    By June 11, 2024
  • Bottles of Clorox bleach on a supermarket shelf.
    Image attribution tooltip
    Justin Sullivan via Getty Images
    Image attribution tooltip

    Clorox to restart ERP upgrade as it looks past August cyberattack

    With the company out of recovery mode, teams are looking to advance on digital transformation projects. 

    By June 10, 2024
  • The lobby inside a Snowflake office building.
    Image attribution tooltip
    Courtesy of Snowflake
    Image attribution tooltip

    Pressure mounts on Snowflake and its customers as attacks spread

    More businesses are likely impacted by an attacker’s access to multiple Snowflake customer databases.

    By Matt Kapko • June 7, 2024
  • Snowflake office building in San Mateo, CA.
    Image attribution tooltip
    Permission granted by Snowflake
    Image attribution tooltip

    Snowflake customers caught in identity-based attack spree

    Cyber authorities and researchers warn multiple major companies could be compromised by the targeted attacks against Snowflake customer environments.

    By Matt Kapko • June 3, 2024
  • Silhouette of several business people at a conference room table.
    Image attribution tooltip
    FangXiaNuo via Getty Images
    Image attribution tooltip

    Security chiefs under pressure from boards to downplay cyber risk: study

    Research from Trend Micro shows tension between CISOs and senior enterprise leadership. Many security leaders say they're perceived as nags.

    By David Jones • June 3, 2024
  • Abstract black and white monochrome art with surreal funnel.
    Image attribution tooltip
    Philipp Tur/Getty Images Plus via Getty Images
    Image attribution tooltip

    Cyberattacks are good for security vendors, and business is booming

    More secure enterprise technology could stem the tide of cyberattacks, but digital threats are ever present.

    By Matt Kapko • May 29, 2024
  • Close-up of customer service representative wearing wireless headset working on desktop computer in call center.
    Image attribution tooltip
    simonkr via Getty Images
    Image attribution tooltip

    AI could perform more than half of HR assistant tasks by 2032, report says

    Companies will overhaul their business and operating models as AI adoption grows over the next three years, according to a Cognizant report.

    By Carolyn Crist • May 21, 2024
  • A sign is posted in front of a Google office on April 26, 2022 in San Francisco, California. Google parent company Alphabet will report first quarter earnings today after the closing bell.
    Image attribution tooltip
    Justin Sullivan via Getty Images
    Image attribution tooltip

    Google leverages Microsoft’s cyber gaps to woo Workspace customers

    “The repeated security challenges with Microsoft call for a better alternative for enterprises and public-sector organizations alike,” Google said Monday.

    By May 20, 2024
  • An IBM sign stands outside an IBM building May 10, 2005 in downtown Chicago, Illinois.
    Image attribution tooltip
    Tim Boyle / Staff via Getty Images
    Image attribution tooltip

    Palo Alto Networks signs broad enterprise cybersecurity partnership with IBM

    The enterprise security giant will capitalize on a platform consolidation strategy as IBM concedes on transition to cloud security.

    By David Jones • May 17, 2024
  • The White House in Washington, D.C.
    Image attribution tooltip
    TriggerPhoto via Getty Images
    Image attribution tooltip

    White House wants to hold the software sector accountable for security

    Federal officials are taking steps toward a long-stated goal of shifting the security burden from technology users to the companies that build it.

    By David Jones • May 13, 2024
  • Fingers hover over a computer keyboard with numbers on a screen, against a shadowy backdrop.
    Image attribution tooltip
    jariyawat thinsandee via Getty Images
    Image attribution tooltip

    Only one-third of firms deploy safeguards against generative AI threats, report finds

    Generative AI gives attackers an edge over cyber defenders, according to a survey of security experts.

    By Jim Tyson • May 13, 2024
  • CISA Director Jen Easterly speaks at Carnegie Mellon University urging the tech industry to embrace secure-by-design product development.
    Image attribution tooltip
    Permission granted by Carnegie Mellon University
    Image attribution tooltip

    68 tech, security vendors commit to secure-by-design practices

    Microsoft and Google are among the providers signing a voluntary pledge to boost cyber resiliency and transparency.

    By David Jones • May 10, 2024
  • Azure OpenAI confidentiality loophole
    Image attribution tooltip
    jeenah Moon via Getty Images
    Image attribution tooltip

    Microsoft restructures security governance, aligning deputy CISOs and engineering teams

    The company will enhance management roles under the CISO and partially tie compensation to security performance.

    By David Jones • May 7, 2024
  • Attendees walk through an expo hall at AWS re:Invent 2023, a conference hosted by Amazon Web Services, at The Venetian Las Vegas on November 28, 2023 in Las Vegas, Nevada.
    Image attribution tooltip
    Noah Berger / Stringer via Getty Images
    Image attribution tooltip

    Amazon tempts enterprises to customize AI on AWS

    CEO Andy Jassy called the hyperscaler’s move to open its Bedrock platform to tailored models “a sneaky big launch.”

    By May 3, 2024
  • Andy Jassy, Amazon President & CEO attends the Los Angeles Premiere of Amazon Prime Video's "The Lord Of The Rings: The Rings Of Power" at The Culver Studios on August 15, 2022 in Culver City, Califor
    Image attribution tooltip
    Kevin Winter / Staff via Getty Images
    Image attribution tooltip

    Amazon CEO touts AWS cloud security as AI risk concerns mount

    Andy Jassy urged enterprises “not to overlook the security and operational performance” of cloud-based generative AI services. “It’s less sexy, but critically important.”

    By May 1, 2024
  • Abstract black and white monochrome art with surreal funnel.
    Image attribution tooltip
    Philipp Tur/Getty Images Plus via Getty Images
    Image attribution tooltip

    What is success in cybersecurity? Failing less.

    Defenders aren’t measured by pure wins or losses. Intrusions will happen, and their job is to keep a bad situation from getting worse.

    By Matt Kapko • April 29, 2024
  • Young Woman Writing Code on Desktop Computer in Stylish Loft Apartment in the Evening.
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    Cybersecurity jobs pay well, but gender disparities persist

    ISC2’s analysis found significant financial benefits for U.S. cybersecurity professionals, but pay gaps persist across levels of seniority by gender.

    By Matt Kapko • April 12, 2024
  • Microsoft logo is seen in the background.
    Image attribution tooltip
    Jeenah Moon via Getty Images
    Image attribution tooltip

    Microsoft Exchange state-linked hack entirely preventable, cyber review board finds

    The technology giant’s corporate culture fell short on security investments and risk management, and needs significant reforms, according to a damning report by the U.S. Cyber Safety Review Board.

    By David Jones • April 3, 2024
  • Matrix background of blurred programming code.
    Image attribution tooltip
    Getty Plus via Getty Images
    Image attribution tooltip

    Threat groups hit enterprise software, network infrastructure hard in 2023

    Actively exploited high-risk vulnerabilities rose threefold in enterprise software and network infrastructure, according to Recorded Future.

    By Matt Kapko • March 25, 2024
  • Threat actor views data file
    Image attribution tooltip
    iStock / Getty Images Plus via Getty Images
    Image attribution tooltip

    How CIOs can infuse security into generative AI adoption

    As the AI ecosystem grows and more tools connect to internal data, threat actors have a wider field to introduce vulnerabilities.

    By March 21, 2024
  • Photo illustration of a VF Corp. SEC filing.
    Image attribution tooltip

    Photo illustration: Industry Dive; US Securities and Exchange Commission

    Image attribution tooltip

    How companies describe cyber incidents in SEC filings

    The words businesses use in cybersecurity disclosures matter. They can channel confidence in the recovery process, potential impacts and legal liabilities.

    By Matt Kapko • March 21, 2024
  • Close up of Gary Gensler speaking during a senate hearing
    Image attribution tooltip
    Kevin Dietsch/Getty Images via Getty Images
    Image attribution tooltip

    3 months into cyber disclosure rules, what’s material to the SEC?

    As attacks become more sophisticated and destructive, companies are struggling to find conclusive estimates of the financial impact of cyberattacks.

    By David Jones • March 19, 2024
  • Computer language script and coding on screen.
    Image attribution tooltip
    themotioncloud via Getty Images
    Image attribution tooltip

    White House adds teeth to secure software development requirements

    The guidelines are designed to ensure software producers working with the U.S. government comply with standards for secure development.

    By David Jones • March 15, 2024
  • CrowdStrike booth at RSA Conference in San Francisco.
    Image attribution tooltip
    Matt Kapko/CIO Dive
    Image attribution tooltip

    Cloud intrusions spiked 75% in 2023, CrowdStrike says

    Threat actors took advantage of inconsistent cloud security structures, abusing unique features of the technology to initiate attacks.

    By Matt Kapko • Feb. 26, 2024