Using portions of open source in software development threatens app security

While companies employ safeguards to detect flaws in applications, the likelihood of organizations running a complete database of all the places a vulnerability lives is slim.

By Samantha Schwartz • Jan. 20, 2022

Google Drive, OneDrive top cloud apps for malware delivery: report

Google Drive replaced Microsoft OneDrive as the app with most malware downloads in 2021, accounting for more than one-third of malware downloads.

By Samantha Schwartz • Jan. 12, 2022

Phishing lures await in Google Docs comments

Email addresses are hidden when someone mentions a user in a comment, so the human instinct to question the legitimacy of the notification decreases. 

By Samantha Schwartz • Jan. 10, 2022

C-suite leaders confident in ransomware protections, despite more attacks

The increase in confidence may come from improved communication between business leaders and security teams, according to (ISC)².

By Samantha Schwartz • Jan. 5, 2022

Log4j threats expected to play out well into 2022

As industry returns from the holiday break, organizations are assessing potential security threats from Log4j, ranging from coin miners to hands-on-keyboard attacks.

By David Jones • Jan. 4, 2022

Organizations still downloading vulnerable Log4j versions

Log4j vulnerabilities impacted more than 17,000 Java packages, representing about 4% of the ecosystem, researchers found.

By David Jones • Dec. 22, 2021

5 trends businesses to consider when planning 2022 cybersecurity budgets

Read more from Kaspersky's Vice President of Corporate Business on 2022 cybersecurity budget trends.

By Evgeniya Naumova, Executive VP, Corporate Business at Kaspersky • Dec. 20, 2021

Log4j: What we know (and what's yet to come)

The vulnerability has upended federal officials and the infosec industry, putting hundreds of millions of devices and systems at risk. 

By David Jones • Dec. 17, 2021

Security teams prepare for the years-long threat Log4j poses

Industry is still investigating the full extent of the vulnerability, which limits the actions security teams can immediately take. 

By Samantha Schwartz • Dec. 16, 2021

Log4j threat expands as second vulnerability emerges and nation states pounce

Early-stage ransomware attempts are underway, and federal officials are urging organizations to protect IT systems.

By David Jones • Dec. 15, 2021

Log4j under siege, millions of devices vulnerable

Technology firms are scrambling to investigate and patch their systems amid reports of more than 800,000 attempted attacks.

By David Jones • Dec. 14, 2021

Is the security of legacy IT providers prompting a confidence crisis?

Research commissioned by CrowdStrike found security professionals are losing confidence in providers like Microsoft amid the rise in supply chain attacks. Microsoft has thoughts. 

By David Jones • Dec. 8, 2021

More research connects security burnout with business risk

One in three 1Password respondents said burnout adds to a decline in initiative and motivation, which also reduces compliance with security protocols.

By Samantha Schwartz • Dec. 7, 2021

The death of non-competes and how to protect an IP

Non-competes don't stop IP theft, but this new approach to data protection will.

Dec. 6, 2021

The 5 risks of sharing data with partners

Selecting a provider that focuses on privacy will help you build trust with data governance stakeholders.

By Davis Wilkinson, Senior Product Manager, LiveRamp Privacy Tech Solutions • Dec. 6, 2021

Marriott is still covering — and recovering — expenses from its 2018 data breach

The hotel has seen an increase in renewal costs for its cyber insurance "over the last several years," the company said. 

By Samantha Schwartz • Dec. 3, 2021

Security disconnect: Why the CISO role is evolving

CISOs are too focused on security operations, writing policies or vendor management. But their time is better spent on business strategy.

By Samantha Schwartz • Nov. 29, 2021

Enterprises prepare for ransomware threats during Thanksgiving

Retail, transportation and other sectors are bracing for heightened cyber risks, placing renewed pressure on security operations. 

By David Jones • Nov. 23, 2021

The Water Cooler: How 5 executives disconnect for the holidays

Fully unplugging during a holiday break can be challenging — and a little scary, given the elevated cybersecurity risk. But it's not impossible.

By Roberto Torres • Nov. 19, 2021

What to consider when connecting cyber, business strategy

The common issue security and business leaders run into is miscommunication, Gartner's Jeffrey Wheatman said. 

By Samantha Schwartz • Nov. 17, 2021

A year after SolarWinds, third-party risk still threatens the software supply chain

Using open source or commercially available software for digital transformation has introduced risk into organizations' environments.

By David Jones • Nov. 12, 2021

Better security, access policies can combat cloud misconfigurations

Data disclosures from cloud misconfigurations are often the result of human error — but policies, not users, are to blame.  

By Brian Eastwood • Nov. 4, 2021

Corporate boards, C-suites finally prioritize cyber after years of business risk

Following a surge of supply chain attacks and ransomware over the past year, enterprise leaders are giving cybersecurity the attention it deserves.

By David Jones • Nov. 3, 2021

Solving the people problem: insider risk and trust

Insider risk is a people problem — but your people aren't the problem.

Nov. 1, 2021

The Water Cooler: How 5 execs operate under crisis

When an outage or attack hits, IT executives must calmly guide the organization toward a resolution. It's often easier said than done.

By Roberto Torres • Oct. 29, 2021