IT's most 'anxiety-inducing' cyberattacks of 2021

"PrintNightmare is just like the flipping gift that keeps on giving," Jason Slagle of CNWR IT Consultants said. "You can get popped by it, and then literally every week there's some sort of update." 

By Samantha Schwartz • Oct. 29, 2021

SolarWinds threat actor targeted IT service providers in thousands of attacks, Microsoft says

The Russian nation-state threat actor Nobelium used password spraying to gain access to reseller and IT service provider systems. At least 14 attacks resulted in breaches, Microsoft said. 

By Samantha Schwartz • Oct. 25, 2021

Avoid paying ransoms, Gartner says. Instead, focus on situational awareness

In the event of a ransomware attack, CISOs need to pause amid chaos and gain a better understand around steps to recovery. 

By Samantha Schwartz • Oct. 20, 2021

As ransomware attacks skyrocket, blind spots leave organizations vulnerable

Ransomware attacks are becoming more complex with organizations now facing double or triple extortions. Common blind spots continue to place scores of organizations at risk.

By Chris Ripkey, Senior Director – Cybersecurity, ConvergeOne • Oct. 18, 2021

Users have bad security habits. What can businesses do?

"As strange as it sounds, in the case of a security incident in the enterprise, you can't blame the user," Bitdefender's Alex "Jay" Balan said. 

By Samantha Schwartz • Oct. 14, 2021

CISOs: Approach the board with precision, simplicity

Executives from PepsiCo, Mandiant and Texas Children's Hospital honed the art of approaching the board. Their techniques leave stakeholders asking, "Do you need anything?"

By Samantha Schwartz • Oct. 11, 2021

The Water Cooler: 4 IT execs on their first incident response steps

The first step to recovery is planning ahead. But during a crisis, how leadership prioritizes resources and actions from the get-go can determine mitigation.

By Katie Malone , Roberto Torres • Oct. 1, 2021

With remote work, any employee could be an insider threat. How is CISA mitigating the risk?

Companies can use a new self-assessment tool from CISA to generate reports on their tolerance and capabilities for preventing insider threats. 

By Samantha Schwartz • Sept. 30, 2021

How hackers are making the leap from cloud to the software build processes

Almost all deployed third-party container applications have known vulnerabilities, research from Palo Alto Networks' Unit 42 found.

By Samantha Schwartz • Sept. 29, 2021

How to build software supply chain transparency

The Biden administration wants more transparency in the software supply chain. Will private industry join in?

By Samantha Schwartz • Sept. 22, 2021

Enterprises plan major investments as remote work escalates security risk: report

Companies are struggling to manage security as the work-from-home model moves from an emergency stopgap to a more permanent environment. 

By David Jones • Sept. 22, 2021

Boards rethink incident response playbook as ransomware surges

Corporate boards are no longer rubber-stamping assurances from CIOs or CISOs but are bringing in outside experts, asking more questions and preparing for the risk of personal liability.

By David Jones • Sept. 16, 2021

InfoSec teams under pressure to compromise security for productivity: report

Younger workers are fueling a backlash against corporate security policies designed to protect companies from malicious attacks, a study from HP Wolf Security shows.

By David Jones • Sept. 9, 2021

Tech CEOs to invest billions in cybersecurity support

The Biden administration has to strike a balance between honoring big tech's capitalism while pushing it to a higher standard for the sake of national security.

By Samantha Schwartz • Aug. 26, 2021

Men more likely to engage in risky online behavior: report

Male employees are three times as likely to click on phishing emails, raising questions about gender-based behaviors that open companies to compromise.

By David Jones • Aug. 24, 2021

It's time to bridge the gap between security and development

More than 80% of developers knowingly release applications with insecure code, but experts say security and development don't have to be at odds.

By Brian Eastwood • Aug. 10, 2021

Decade-old router flaw allows cross-network access, Tenable finds

Threat actors are actively exploiting the vulnerability, which impacts millions of devices across 11 countries and raises questions about the extent of undiscovered supply chain weaknesses.

By David Jones • Updated Aug. 10, 2021

1 in 4 security teams report to CIOs, but would benefit from CISO leadership: survey

Companies get more buy-in for risk assessments and alignment with business goals when cybersecurity reporting centers on the CISO, ISACA found.

By Samantha Schwartz • July 27, 2021

Engineers need cybersecurity training, too

Companies will undergo a shift in cyber culture, eventually combining the data engineers and network security professionals use to search for vulnerabilities.

By Samantha Schwartz • July 22, 2021

In modernization, security is a barrier and an incentive

Performance issues, training users on new systems and bandwidth costs represent hurdles to cloud transformation, according to an IBM survey.

By Katie Malone • July 21, 2021

IT defenses fail to prevent ransomware attacks: report

While 54% of organizations conduct anti-phishing training, 24% of ransomware attacks used phishing as the point of entry, a Cloudian survey found.

By Katie Malone • July 20, 2021

Want to quickly recover from ransomware? Plan ahead

Security teams need to understand how the business will work when an attacker limits access to its systems.

By Katie Malone • July 15, 2021

Kaseya: What's known (and unknown) about the ransomware attack

The historic ransomware attack against the remote-monitoring provider leaves a number of outstanding questions. 

By David Jones • July 12, 2021

Kaseya wrestles with service restoration following supply chain attack

The company is working with federal officials to recover from a ransomware attack that Kaseya said impacted up to 1,500 downstream customers.

By David Jones • July 6, 2021

Cost of ransomware: CISO exits, staff layoffs and unaccounted losses

Two-thirds of organizations incurred significant disruptions due to ransomware, a Cybereason survey found.

By Samantha Schwartz • June 21, 2021