What industry gets wrong about cyber insurance

Despite common perception, recovery from a cyber event — such as paying a ransom — cannot be decided by a carrier.

By Samantha Schwartz • Oct. 31, 2019

Zappos bucks cash payouts, proposes 10% discount as breach settlement

Impacted customers received emails this week entitling them to a one-time, 10% discount through the end of the year following the 2012 data breach.

By Samantha Schwartz • Oct. 18, 2019

The forgotten ones: Ransomware preys on the resource-poor

When Brookside Medical Center was hit with ransomware, it refused to pay. The practice was forced to shutter. 

By Samantha Schwartz • Oct. 17, 2019

Bracing for 'holy crap,' zero-day exploits

If malicious code is written with "purpose," any computer can run it.

By Samantha Schwartz • Oct. 15, 2019

3 things CIOs should discuss with the CEO to optimize cybersecurity

As a business partner, the CIO must provide solutions to cybersecurity concerns and become a champion for working collaboratively with the business.

By Aaron Shum • Oct. 14, 2019

Are retailers doomed for more outages this holiday season?

J. Crew, Lowe's and Walmart experienced tech glitches or crashes last Black Friday. Experts weigh in on how companies can prevent a repeat this year.

By Caroline Jansen • Oct. 7, 2019

63% of new hires bring data from old employers. What's the risk?

To get a leg up when starting a new job some employees bring data from past roles. While enterprising, it threatens business reputation and poses legal, security and financial risks. 

By Samantha Schwartz • Oct. 3, 2019

Zero trust 101 and the art of healthy skepticism

Where Kubernetes, multifactor authentication and default suspicion intersect.

By Samantha Schwartz • Oct. 1, 2019

Success in DevOps adoption can boost security, research finds

Puppet research found companies that integrate security into the software development lifecycle are "twice as confident in their security posture."

By Naomi Eide • Oct. 1, 2019

DoorDash data breach impacts 4.9M people

Customers, delivery workers and merchants had names, email and delivery addresses, order history, phone numbers and passwords stolen in the May 4 breach, the company confirmed this week.

By Alicia Kelso • Sept. 27, 2019

Shift to digital business is booming, but are CEOs ignoring associated risk?

Risk that exists beyond a company's core network and into the cloud is "stuff that CEOs really do not understand," said John Wheeler, senior director analyst at Gartner.

By Samantha Schwartz • Sept. 27, 2019

Fidelity Investments​ translates risk scenarios for the C-suite

One of the most important pieces of risk management is having a more strategic presentation. Take it to the people who facilitate change.

By Samantha Schwartz • Sept. 26, 2019

Pickles, mayo and data privacy: Jersey Mike's rethinks mobile authentication

While historically slow to adopt new technologies, restaurants have to rethink mobile systems in an era of heightened privacy concerns.

By Samantha Schwartz • Sept. 25, 2019

Companies miss 99% of IaaS configuration errors, McAfee says

In some cases, companies aren't even aware the number of IaaS providers they have.

By Naomi Eide • Sept. 24, 2019

Cybersecurity confidence rattled by continued investments, small results

Only 11% of firms feel a "high degree of confidence" in their cyber resilience, according to Microsoft's annual cyber survey.

By Samantha Schwartz • Sept. 20, 2019

Skepticism slows cloud and SaaS adoption

CISOs perceive on-premise solutions as the safer option. Relinquishing control to SaaS vendors amplifies a sense of paranoia.

By Samantha Schwartz • Sept. 17, 2019

Target tackles identity and access management with zero trust

When designing an identity ecosystem, companies need to define access by a "need to know" classification reinforced by zero trust, said Jing Zhang-Lee, principal security architect and engineer at Target.

By Samantha Schwartz • Sept. 17, 2019

10 lessons Fannie Mae learned redesigning its security network

The lending company experienced minor hiccups while building out micro-segmentation. 

By Samantha Schwartz • Sept. 16, 2019

Internet treated casually, but it's 'live-fire combat,' experts say

Nation state actors attract the attention and get the blame, but cyberattacks are more likely executed by run-of-the-mill cybercriminals.

By Samantha Schwartz • Sept. 13, 2019

First remote cyberattack on US grid found, regulator says

A March cyberattack resulted in a denial of service condition at a "low-impact" control center and multiple remote generation sites, according to newly released analysis.

By HJ Mai • Sept. 9, 2019

Cybercriminals rake in billions using email compromise, fraudulent tech support

Total losses from internet cybercrimes reached nearly $3 billion 2018, according to the FBI.

By Samantha Schwartz • Sept. 9, 2019

Banks have more to lose from data breaches than other companies

Differences in notification urgency highlights data sensitivity. Exposed email addresses are far less sensitive than banking information or social security numbers.

By Dan Ennis • Sept. 6, 2019

Report: Google lobbyists push to add loopholes to California's privacy law

As lobbyists make last-minute effort to exclude digital advertising from the California Consumer Privacy Act, other states watch closely.

By Roberto Torres • Sept. 4, 2019

Faith in cloud security strengthens, but concerns persist

For a time, CISOs held off cloud adoption because of a lingering belief the cloud was less secure, a Nominet survey found.

By Samantha Schwartz • Sept. 3, 2019

Insurers do the math and instruct cities to pay the ransom, ProPublica reports

The cyberattack market exists, and while insurers didn't create it, their actions could help sustain it.

By Samantha Schwartz • Aug. 29, 2019