More than passwords: Quora breach highlights risks of third-party authentication

While the company did report and act on the incident in a timely manner, the compromise of consumer data is still serious. 

By Alex Hickey • Dec. 5, 2018

CISO of the Year: Jamil Farshchi, Equifax

Equifax brought on Jamil Farshchi, the former CISO of Home Depot, after suffering a catastrophic breach in 2017.

By Alex Hickey • Dec. 3, 2018

Explore the Trendline➔

IT Security

Executives are working to improve the security posture of their businesses, a task that requires cross-function collaboration.

By CIO Dive staff

Marriott's cybersecurity nightmare: A lesson in M&A risks

When an acquisition takes place, security continuity isn't always part of the contract. Now, the cost of Starwood is more than Marriott initially bargained for. 

By Samantha Schwartz • Dec. 3, 2018

500M hit by Marriott data breach; intrusion undetected since 2014

The perpetrators had copied and encrypted guest information and begun the process of removing it.

By Samantha Schwartz • Nov. 30, 2018

AWS takes on shadow IT with customizable software marketplace

Most IT professionals want to ignore software as a service applications, but they can't afford to do so because eventually a enough of it will demand attention.

By Samantha Schwartz • Nov. 28, 2018

Uber hit with $1.2M in fines for 2016 data breach

Regulators from the U.K. and the Netherlands penalized Uber, which tried to cover up the breach that compromised 57 million worldwide accounts.

By Samantha Schwartz • Nov. 27, 2018

'Regulation without teeth is just a document': 6 months in, industry awaits major GDPR enforcement

Experts worry that without significant enforcement action in 2019, businesses could stop caring about the data privacy regulation. 

By Alex Hickey • Nov. 26, 2018

Cyberthreats swallow SMBs burdened by supply chain attacks

A sufficient security posture is hindered by a lack of personnel, small budgets and general confusion over how to protect against cyberattacks.

By Samantha Schwartz • Nov. 26, 2018

BlackBerry to buy Cylance for $1.4B as company continues security evolution

After retiring its mobile phone in 2016, the company has found new footing and confidence in mobile security. 

By Samantha Schwartz • Nov. 16, 2018

Gotta catch 'em all: Pokémon International complies with data privacy standards

The Pokémon Company International, following the successes of Pokémon Go, is learning the rules of the world its app has taken by storm.

By Alex Hickey • Nov. 14, 2018

IT professionals looking for work can name their price

Companies of all sizes plan to increase their cybersecurity talent, but smaller organizations also want more skills for DevOps, hardware and infrastructure. 

By Samantha Schwartz • Nov. 7, 2018

What digital change means for cybersecurity: Rip up the playbook and take risks

Playbooks are good learning tools, but if attackers aren't following the rules, why should anyone else?

By Samantha Schwartz • Nov. 1, 2018

CIOs and CISOs no longer solely own cybersecurity responsibility

"Very few people own consequence right now," said William Evanina, director at the Office of the National Intelligence, but "we should all own consequence."

By Samantha Schwartz • Oct. 31, 2018

How the nastiest ransomware and flaws get their names

Which one of these was not the name of an attack/flaw: Heartbleed, Masacre3, Venom, Petya, Frogwarts? Read to find out. 

By Samantha Schwartz • Oct. 31, 2018

What businesses can learn from election security vulnerabilities

It's inevitable that voting machines will be hacked, according to Absolute's Josh Mayfield. The real question is how widespread it will be and whether a catastrophe can be avoided.

By Alex Hickey • Oct. 30, 2018

As federal policy lags, state legislative pipeline is more important for CIOs

California is a good place to look to gauge where state policy is headed. 

By Alex Hickey • Oct. 29, 2018

Highest-paying IT certifications and why they matter

Companies turn away from "four-year-degree-itis" to widen the talent pool.

By Naomi Eide • Oct. 26, 2018

95% of companies report cybersecurity culture disconnect

Moving away from a checkbox mindset and toward a collaborative view can help establish a culture of shared reasonability for security. 

By Samantha Schwartz • Oct. 26, 2018

Apple's Cook pushes for US privacy law, with GDPR model in mind

As scrutiny around handling of user data grows, a more comprehensive, countrywide law would potentially give Apple an edge over competitors.

By Peter Adams • Oct. 25, 2018

'Inherited' code flaws in software supply chains invite security risk

Sometimes a flaw's severity isn't known until the damage has been done.

By Samantha Schwartz • Oct. 24, 2018

Mega cybersecurity coalition courts Walmart, Microsoft for next-generation defense

The coalition is looking to integrate cybersecurity from product design, using it as an active part of the business rather than a defense mechanism.

By Alex Hickey • Oct. 23, 2018

Organizations need to care and tend to SaaS apps 'like a puppy'

When SaaS is not trained appropriately, it can get unruly and expose a company to a range of implications. 

By Samantha Schwartz • Oct. 22, 2018

Why security teams are last to adopt the cloud

"Perimeters are dissolving," and people are beginning to ask why they need firewall on their network when it can be in the cloud.

By Samantha Schwartz • Oct. 16, 2018

Modern-day bank robbing: How hackers are becoming public enemy No. 1

The internet is the getaway car and malware is the firearm. 

By Samantha Schwartz • Oct. 15, 2018

Facebook attackers accessed personal data of 29M users in breach

The breach of tens of millions of users' personal information is a huge bump in the road for a company that has been grappling with user trust and privacy issues this year.

By Alex Hickey • Oct. 12, 2018