White House considers ban on ransom payments, with caveats

Experts suggest the effort, a reversal from the administration's previous stance, is fraught with complications that could cause unintended consequences.

By Matt Kapko • May 8, 2023

How 7 cybersecurity experts manage their passwords

What do CIOs and other cyber experts do to manage credentials? Hint: they don’t reuse passwords.

By Matt Kapko • May 4, 2023

Explore the Trendline➔

Cybersecurity

Security strategies benefit from nimbleness as companies respond to Log4j and other high-profile vulnerabilities, a boundless perimeter and questions about supply chain trust. 

By CIO Dive staff

Software industry leaders debate real costs and benefits of CISA security push

The global effort toward secure by design is seen as a potential game changer for software security, but may require investments and cultural changes.

By David Jones • April 17, 2023

There’s a movement afoot to make tech vendors responsible for cybersecurity

The international joint guide to secure by design encapsulates security recommendations long-touted by CISA, including technical tactics for software and infrastructure design.

By Matt Kapko • April 13, 2023

How Target approaches identity and access management

Designing an IAM system that provides a good user experience while preventing unauthorized access is a critical responsibility.

By Matt Kapko • April 12, 2023

Leftover data lurks in the enterprise, creating business risk

When an organization has little data visibility, it becomes even more vulnerable to leaks and breaches — as well as insider and external threats. 

By Sue Poremba • April 11, 2023

Samsung employees leaked corporate data in ChatGPT: report

Data privacy is a concern for companies with employees using ChatGPT’s web-based interface, as input data is used to train and improve the tool.

By Lindsey Wilkinson • April 7, 2023

IT security leaders still told to keep data breaches quiet, study finds

Bitdefender research found 7 in 10 IT and security professionals in the U.S. have been asked to keep a breach confidential.

By David Jones • April 6, 2023

Upskilling, reskilling central to competing for tech talent, survey finds

Leading organizations were more likely than their peers to put in place upskilling or reskilling initiatives, a report from NTT DATA found.

By Roberto Torres • April 4, 2023

Microsoft unveils Security Copilot built on GPT-4

The technology combines OpenAI's generative AI capabilities with Microsoft's threat intelligence and security network.

By David Jones • March 28, 2023

Tech vendor risk raises vetting stakes in wake of SVB crisis

Deposits are safe, but tech startups may no longer have access to venture debt and the lines of credit that helped fuel innovation.

By Matt Ashare • March 27, 2023

5 tips to counter identity and access management risks

Many organizations rely on identity and access management tools for credential management and authentication. But these systems aren’t foolproof.

By Matt Kapko • March 24, 2023

ChatGPT bug underlines need to limit shadow IT

If you share information with the tool, you do so at your own risk, according to experts.

By Lindsey Wilkinson • March 23, 2023

FTC opens inquiry into cloud market competition, security

As consolidation among hyperscalers grows, federal authorities are raising concerns over cloud dependence in critical sectors.

By Matt Ashare • March 22, 2023

Ill-prepared against cyberattacks? You’re not alone, Cisco says

The cybersecurity readiness gap looms large, and smaller organizations were ranked the least prepared.

By Matt Kapko • March 22, 2023

Security drives software purchases for half of US companies

The study from Capterra comes weeks after the U.S. announced plans to shift liability for weak product security onto the tech industry.

By David Jones • March 21, 2023

Workforce reductions hinder tech upskilling: report

As layoffs and hiring freezes reach tech companies, funding and scheduling training becomes a problem, a Pluralsight report found.

By Matt Ashare • March 20, 2023

Cybersecurity market confronts potential consequences of banking crisis

Bank seizures impose new challenges on vendors in every segment — and may spur consolidation.

By Matt Kapko • March 17, 2023

Bank failure panic fuels moment of opportunity for threat actors

Threat hunters and security executives warned organizations to look out for malicious activity as regulators step in to operate Silicon Valley Bank.

By Matt Kapko • March 15, 2023

Organizations tempt risk as they deploy code more frequently

An imbalance between developers and security professionals on staff spotlights a disconnect between these business functions and objectives.

By Matt Kapko • March 7, 2023

LastPass aftermath leaves long to-do list for business customers

Organizations using the password manager are exposed after a major breach compromised credentials and, potentially, business secrets.

By Matt Kapko • March 6, 2023

The US cyber strategy is out. Now, officials just have to implement it

Industry stakeholders signal a willingness to discuss further steps, while congressional leaders hint additional action may be on the table.

By David Jones • March 3, 2023

Stressed much? It’s chronic in cybersecurity

The psychological toll of security will spur high levels of churn among security leaders, Gartner expects.

By Naomi Eide • Feb. 28, 2023

Companies grapple with post-breach disclosure risks

The concerns leading organizations to withhold information are aplenty, including reputational damage and financial impacts.

By Matt Kapko • Feb. 21, 2023

Threat actors can use ChatGPT, too. Here’s what businesses should watch

While IT departments seek enterprise applications, cyber teams must be on the lookout for attacks using the generative AI technology.

By Lindsey Wilkinson • Feb. 21, 2023