How Atlanta's CIO rebuilt IT after the city's cyberattack — and what's next

Inheriting a city technologically and economically wounded by a cyberattack, Gary Brantley had to turn to the basics.

By Samantha Schwartz • Oct. 20, 2020

Transit agencies 'ill prepared' for cyberattack: survey

Only 60% of agencies have a cybersecurity plan in place and 43% say their plan is insufficient, according to the Mineta Transportation Institute.

By Chris Teale • Oct. 14, 2020

Treasury threatens fines for ransomware payments

The math problem organizations were solving for — does recovery cost less than the ransom — must now factor in an unknown quantity: fines.

By Samantha Schwartz • Oct. 2, 2020

Slack picks Reddit alum as chief security officer

The company named its first CSO Geoff Belknap in 2016, but Larkin Ryder has been serving as Slack's interim CSO since Belknap departed in 2019. 

By Samantha Schwartz • Oct. 1, 2020

Major ocean carrier suspects malware attack led to data breach

CMA CGM said its back offices are being reconnected to the network, which will improve bookings and document processing time.

By Matt Leonard • Updated Sept. 30, 2020

Security experts overlook attacker-favored credential stuffing

With an endless cycle of breaches, hackers have a large pool of exposed credentials to throw at websites, increasing their probability of success. 

By Samantha Schwartz • Sept. 30, 2020

UHS hit with ransomware attack, working to restore IT operations

The for-profit owner of around 400 hospitals is struggling to contain the ripple effects of a cyberattack that locked it out of computer and phone systems.

By Rebecca Pifer • Sept. 29, 2020

How global companies factor their supply chain into data protection, privacy

International Paper purposefully duplicates technologies to comply with international laws, from one vendor to another.

By Samantha Schwartz • Sept. 25, 2020

'Rogue' employees caused Shopify's data breach. What makes an insider a threat?

Coinciding crises are contributing to "a perfect storm for malicious insiders," Forrester's Joseph Blankenship says.

By Samantha Schwartz • Sept. 24, 2020

How to negotiate software costs as IT budgets are slashed

If vendors can't provide a degree of flexibility, abandon the deal, according to Paul McKay, senior analyst at Forrester.

By Samantha Schwartz • Sept. 23, 2020

6 types of CISO and the companies they thrive in

Jeff Pollard, VP and principal analyst at Forrester, wants CISOs to discover the type of leader they are — transformational, tactical, steady — and run with it.

By Samantha Schwartz • Sept. 22, 2020

How cloud threat protection takes on shadow IT

Cloud access security broker capabilities — discovery, data loss prevention, threat protection, encryption, logging — should sit between every kind of app a company houses.

By Samantha Schwartz • Sept. 21, 2020

What security needs to know before diving into SaaS contracts

If employees don't engage with security red flags, the agreement fails to address the underlying issue: an application outside of a company's risk appetite.

By Samantha Schwartz • Sept. 18, 2020

Data doesn't speak for itself: 4 benefits of giving security metrics context

When presenting security metrics and data to non-technical stakeholders, security leaders' messaging could get lost in translation.

By Samantha Schwartz • Sept. 17, 2020

Security pushes DevOps to breaking point

The future of DevOps is "going to break application security," said Dale Gardner, research director at Gartner.

By Samantha Schwartz • Sept. 16, 2020

Gartner: 10 key security projects through 2021

As companies adapt to changes in March and what's anticipated for the next 12 months, Brian Reed, senior director analyst at Gartner, wants the focus on projects, not programs.

By Samantha Schwartz • Sept. 15, 2020

How a government security framework reduces third-party risks

The DOD says its contractor network includes upwards of 300,000 companies, and conducting an audit of all of them couldn't be done. This logjam helped create the Cybersecurity Maturity Model Certification Accreditation Body.

By Samantha Schwartz • Sept. 14, 2020

Targeted cyberattacks on telehealth vendors skyrocketed along with adoption, report finds

Telehealth vendor security alerts jumped 30% during COVID-19 compared to pre-pandemic levels, analysis from SecurityScorecard and DarkOwl found.

By Rebecca Pifer • Sept. 11, 2020

Zero trust is widely praised. What's the adoption hangup?

The framework has a steep learning curve and requires modern technology, a Deloitte expert said.

By Samantha Schwartz • Sept. 10, 2020

From VPNs to zero trust, coronavirus shaped security priorities

While there are differences in security priorities pre-pandemic, a lot of hurdles were related to scale.

By Samantha Schwartz • Sept. 9, 2020

How last week's outages, DDoS attacks impacted internet infrastructure

The outages highlight two areas of concern: cyberattacks in the age of COVID-19 and the internet's longstanding fragility.

By Samantha Schwartz • Updated Sept. 9, 2020

Cloud shared responsibility models are misunderstood, report says

Any disconnect between where a CSP's security services end and the customer's security responsibilities pick up is a recipe for disaster.

By Samantha Schwartz • Sept. 3, 2020

Comprehensive DevSecOps includes securing cloud infrastructure

Teams often overlook emerging security risks. Fortunately, new tools can help find and proactively mitigate those risks before they lead to data breaches.

Sept. 3, 2020

Top network services companies leave exposed to the internet

Gaps in security programs, including a lack of personnel, expertise or resources, amplify the risk of an unsafe service going undetected.

By Samantha Schwartz • Sept. 2, 2020

Ransomware attacks 'raising the bar' as cities struggle to respond

A former FBI special agent in New York walked through a typical ransomware attack with a series of redacted screenshots, as well as the report.

By Chris Teale • Aug. 31, 2020