Fear, panic and Log4j: One year later

Fears of catastrophic cyberattacks have thus far failed to materialize. But federal authorities stress threat actors are playing the long game.

By David Jones • Dec. 12, 2022

Google stresses unmet need for software supply chain security

The open source software ecosystem remains vulnerable, and fragmented efforts could stifle progress, according to Google.

By Matt Kapko • Dec. 9, 2022

Explore the Trendline➔

Cybersecurity

Security strategies benefit from nimbleness as companies respond to Log4j and other high-profile vulnerabilities, a boundless perimeter and questions about supply chain trust. 

By CIO Dive staff

Internet Explorer is still a viable attack vector

North Korea-linked threat actors are using a technique that has been widely used to exploit the browser since 2017, Google researchers found.

By Matt Kapko • Dec. 8, 2022

AWS CEO stresses the core elements of cloud security

Adam Selipsky described security as a prerequisite for organizations to trust cloud infrastructure. And for that, he claimed, AWS is the best in the game.

By Matt Kapko • Dec. 1, 2022

Why cyberattackers love IT professionals — and how organizations can keep risk at bay

Limiting admin access is one step toward strengthening defenses, but there are other ways to reduce vulnerabilities.

By Brian Eastwood • Nov. 30, 2022

Tech surveillance can stave off insider threats, but employers need guardrails

When security surveillance becomes intrusive, electronic surveillance and automated management strategies can evolve into a liability.

By Lindsey Wilkinson • Nov. 29, 2022

As CIOs tighten tech spend, demand for cybersecurity services grows

Managed service providers can help fill talent needs and tame costs, but that strategy may require additional risk mitigation.

By Suman Bhattacharyya • Nov. 28, 2022

Cybercriminals strike understaffed organizations on weekends and holidays

Organizations are short-staffed on holidays and weekends, even though that's when attackers are likely to strike, Cybereason research found.

By Matt Kapko • Nov. 21, 2022

McDonald’s to launch cybersecurity apprenticeship program

The restaurant chain's initiative is among nearly 200 registered apprenticeships programs approved or under development as part of the White House's Cybersecurity Apprenticeship Sprint.

By Lindsey Wilkinson • Nov. 16, 2022

No, your CEO is not texting you

Everyone wants to stay on good terms with their employer. Threat actors know this too and exploit this weakness accordingly. Don’t fall for it.

By Matt Kapko • Nov. 11, 2022

Cloud or on-prem? Companies flip-flop on workload decisions

Shifting data back and forth between cloud and on-prem, a common practice, complicates cybersecurity efforts.

By Matt Ashare • Nov. 10, 2022

Break-fix, cloud integration and security open enterprise doors for MSPs

Managed service providers are using one-off projects to initiate long-term relationships with companies beset by talent shortages and budgeting constraints.

By Matt Ashare • Nov. 7, 2022

Face it, password policies and managers are not protecting users

Passwords haven’t worked as a solid security strategy in a long time. The policies are there, so why are passwords security’s weak spot?

By Sue Poremba • Nov. 7, 2022

‘Point solutions just need to die’: The end of the one-trick security tool

The deconstruction of security products makes companies grapple with avoidable IT challenges.

By Matt Kapko • Oct. 31, 2022

Resource constraints, recession woes and risks: What’s driving vendor consolidation

After surging attacks remodeled the security landscape, organizations are realizing the downfalls of having multiple vendors.

By Wes Wright, Chief Technology Officer, Imprivata • Oct. 31, 2022

Microsoft security business surges as cloud segment hit by slumping economy

Higher energy costs and the macro economic slowdown are impacting the company’s cloud segment, but it continues to grow its enterprise security business.

By David Jones • Oct. 26, 2022

Cybersecurity spending on pace to surpass $260B by 2026

Gartner pinned annual double-digit growth on three transitionary megatrends: remote work, zero trust network access, and the cloud.

By Matt Kapko • Oct. 21, 2022

4 ways Target tracks cyberthreats to defend its systems

Not all threats are treated equally, the retailer’s threat analysts said. 

By Matt Kapko • Oct. 20, 2022

Cyber defense is not IT’s job alone, CISA CTO says

While tech executives must provide critical tools and procedures to lower cyber risk, the whole organization is responsible for fending off attackers.

By Roberto Torres • Oct. 18, 2022

4 tips to protect IT employees from phishing attacks

No one is perfect, and that includes your IT professionals. Here's what security experts say could help mitigate human error.

By Lindsey Wilkinson • Oct. 14, 2022

Mandiant propels Google Cloud’s security prospects

With Mandiant officially under his wing, Google Cloud CISO Phil Venables expects the incident responders to help Google become a proactive force.

By Matt Kapko • Oct. 12, 2022

Struggling to find cyber pros? Look to your network admins

Network knowledge and skills are central to cyber. Certification programs provide a direct route from systems to security.

By Matt Ashare • Oct. 10, 2022

Multifactor authentication is not all it’s cracked up to be

MFA is only as strong as the weakest link in the supply chain — and the resilience of each individual using it.

By Matt Kapko • Oct. 6, 2022

Tenable’s CIO pushes resource optimization as company pursues $1B in revenue

Technology veteran Patricia Grant is joining the cybersecurity company amid sustained industry growth. Her challenge now is to help Tenable scale.

By Lindsey Wilkinson • Oct. 5, 2022

C-suite, boards are prioritizing cybersecurity, but still expect increased threats

Senior executives are taking risk management more seriously, PwC found. But many are still concerned about business resilience.

By David Jones • Oct. 4, 2022