Azure bug bounty reaches $40K, Microsoft encourages participants to 'do their worst'

The Azure Security Lab isolates research so individuals can look for vulnerabilities and exploit them.

By Samantha Schwartz • Aug. 6, 2019

From Equifax to Capital One: The problem with web application security

Flaws in web applications are abundant and easy to manipulate, making them a target for bad actors.

By Samantha Schwartz • Aug. 5, 2019

Explore the Trendline➔

IT Security

Executives are working to improve the security posture of their businesses, a task that requires cross-function collaboration.

By CIO Dive staff

Capital One breach raises questions about security and cloud-first strategies

If a breach hits a company with technology maturity, how vulnerable are less mature organizations?

By Naomi Eide • Aug. 2, 2019

Web application vulnerabilities top reported flaw by bug bounty hunters

Major data breaches often come from "nascent" flaws, according to Bugcrowd. 

By Samantha Schwartz • Aug. 1, 2019

5 things to know about Capital One's breach

Even with a detailed disclosure and a swift arrest, a dark cloud lingers over the bank.

By Samantha Schwartz • Updated Aug. 1, 2019

Capital One's data breach hits 106M customers

The company expects incremental costs between $100 million and $150 million in 2019 because of the incident. 

By Samantha Schwartz • July 30, 2019

'We're as weak as the weakest link': Virginia looks to a statewide data governance policy

As cities battle increased ransomware attacks, the commonwealth hopes to get ahead of the curve and protect its network with a data privacy framework.

By Kira Barrett • July 26, 2019

A call to end 'warrant-proof' encryption, but where does privacy protection fit in?

Despite the complexities of technology, it doesn't bar law enforcement from taking the necessary actions it would in physical pursuits of evidence.

By Samantha Schwartz • July 26, 2019

How to protect intellectual property

The high value of intangible assets means organizations are starting to protect them like physical assets — and insure like them too. 

By Jen A. Miller • July 24, 2019

Cybersecurity Risk: What does a 'reasonable' posture entail and who says so?

Without a defined standard of care to reference, companies are left wandering in the wilderness when it comes to cybersecurity compliance.

By Rick Lazio, Mike Davis • July 22, 2019

Ed Dept: Hackers created thousands of fake college student profiles

Some accounts were used for criminal activity, according to the department, while the software developer says the event is an "industry issue."

By Natalie Schwartz • Updated Aug. 7, 2019

Morgan Stanley launches encrypted document-sharing platform powered by Box

In an age of nearly ubiquitous data breaches, Morgan Stanley sees the technology as an added layer of protection for sensitive customer data.

By Roberto Torres • July 22, 2019

Equifax to pay up to $650M in 'largest data breach settlement in history'

"Equifax put profits over privacy and greed over people," said New York Attorney General Letitia James.

By Samantha Schwartz • July 22, 2019

Data compliance lagging issue for US businesses, yet 42% vulnerable to fines

U.S. companies' resistance to compliance correlates with the federal government's slow crawl to passing a comprehensive data privacy law.

By Samantha Schwartz • July 16, 2019

US mayors: No more ransomware payments

The mayors' consensus comes just after two Florida cities paid their attackers' ransom demands.

By Samantha Schwartz • July 15, 2019

FTC approves $5B settlement in Facebook privacy probe

The Federal Trade Commission is also requiring Facebook add a privacy compliance system to its corporate structure.

By Roberto Torres • Updated July 24, 2019

British Airways, Marriott International set the stage for GDPR fines outside tech industry

"GDPR is designed to protect consumers and their data," said Tim Erlin, VP of product management and strategy at Tripwire. "The type of company holding that data is irrelevant."

By Samantha Schwartz • July 11, 2019

GDPR strikes again: Marriott International faces $124M fine

The ICO stated that Marriott's data breach was a result of a failure to "undertake sufficient due diligence when it bought Starwood and should have done more to secure its systems." 

By Samantha Schwartz • July 9, 2019

British Airways slammed with record, 'unexpectedly stiff' GDPR fine

Though British Airways cooperated with the ICO in the aftermath of the breach, it didn't insulate the company from penalties.

By Samantha Schwartz • July 9, 2019

4 years of CIO Dive: All the trends we watched

Obsessive focus on digital transformation and next-generation technology is ubiquitous across sectors. And the CIO influence has grown.

By Naomi Eide • July 3, 2019

How to lower your cyber exposure over the holiday weekend

On-the-go employees getting some work done over the Fourth of July weekend are moving targets. But there are tools and practices that can help reduce risk.

By Roberto Torres • July 3, 2019

Cloudflare outage highlights the internet's fragility

"Our network operates as an extension of our customers' networks," said Cloudflare CTO John Graham-Cumming. If "we're down, they're down."

By Samantha Schwartz • July 3, 2019

Cloudflare's outage sends quake through global internet

The internet is comprised of a network of networks, which creates intimate interconnectedness. When one provider goes down, a domino effect begins.

By Samantha Schwartz • July 2, 2019

Ransomware: Why it's sometimes OK to pay up

"It's really a straightforward math problem," said Josh Zelonis, senior analyst at Forrester.

By Samantha Schwartz • July 1, 2019

American Express wields 'stick' to enforce phishing prevention program

The company added consequences to its phishing training program, creating a corporate culture buzzing about security. 

By Naomi Eide • June 26, 2019