Midnight Blizzard attack seen as another sign of Microsoft falling short on security

Critics say the hack of senior Microsoft executives’ emails is another example of a longstanding series of security lapses and foot-dragging by the company.

By David Jones • Jan. 26, 2024

Microsoft to overhaul internal security practices after Midnight Blizzard attack

After the company disclosed a Russia-affiliated threat actor stole data from senior executives, experts are raising questions about its security capabilities and practices.

By David Jones • Jan. 22, 2024

Explore the Trendline➔

IT Security

Executives are working to improve the security posture of their businesses, a task that requires cross-function collaboration.

By CIO Dive staff

Cyber tops business risk for enterprises worldwide, report finds

Worries over cybersecurity replaced business interruption as the top concern among U.S. businesses, according to the Allianz Risk Barometer.

By David Jones • Jan. 17, 2024

LastPass enforces 12-character master password lengths

The password manager enforced its guidance on master password complexity nearly a year and a half after a major cyberattack.

By Matt Kapko • Jan. 5, 2024

CompTIA bolsters training portfolio, adds AI fundamentals and AWS pro certs

The rollout will include new cybersecurity, data science and full-stack credentials and refresh five existing certification programs.

By Matt Ashare • Jan. 3, 2024

Cyber risk strategies in hot seat as SEC rules go live

Shifts in regulatory scrutiny are pushing companies to reassess cyber governance and mitigation at the highest levels.

By David Jones • Dec. 22, 2023

What the SEC weighed as it finalized its cyber disclosure rules

Compliance costs and a company’s need to remediate security incidents shaped the SEC’s final guidance.

By David Jones • Dec. 19, 2023

Challenging the ‘good enough’ cybersecurity mindset

The volume of cyber threats keeps growing, pushing companies to reevaluate the adequacy of existing resources.

By Jen A. Miller • Dec. 8, 2023

Authorities pushing for secure AI development practices

The guidelines are part of a global effort to ensure AI is developed using security as a core component.

By David Jones • Nov. 29, 2023

MSPs ready to support SEC cyber disclosure requirements

With a line of sight on security operations, MSPs hold keys to materiality determinations and annual 10-K reports.

By Suman Bhattacharyya • Nov. 28, 2023

Cloud security myths can leave SMBs exposed

AWS identified three cyber misconceptions that hinder small- and medium-sized businesses as they migrate workloads.

By Matt Ashare • Nov. 22, 2023

Retailers brace for cyberthreat feast ahead of Thanksgiving shopping weekend

A rise in social engineering and generative AI pose increased risks as phishing attacks and ransomware gain speed and grow more sophisticated.

By David Jones • Nov. 22, 2023

CISA explains how to apply secure-by-design principles

The focus should be on what manufacturers are doing to keep their customers safe, not the damage attackers might be inflicting, CISA’s Bob Lord said. 

By Matt Kapko • Nov. 21, 2023

FTC extends cloud competition scrutiny to generative AI

“Cloud computing is a key input for artificial intelligence technologies,” FTC Chair Lina Khan said. 

By Matt Ashare • Nov. 20, 2023

Clorox CISO departs, CIO to step in, months after cyberattack

The C-suite change comes in the aftermath of a cyberattack that damaged IT infrastructure, led to widespread disruption and negatively impacted earnings. 

By Lindsey Wilkinson • Nov. 16, 2023

CISA targets software identification in push to boost supply chain security

The plan is part of a wider effort to boost software security using vulnerability management and SBOMs.

By David Jones • Oct. 31, 2023

LastPass working through ‘systemic’ security overhaul

The company is retooling its security infrastructure in the wake of a major cyberattack that impacted customer trust last year.

By Matt Kapko • Oct. 26, 2023

CISA’s top 10 misconfigurations reveal ‘systemic weaknesses’

Poor credential management, lackluster patching and other common security mistakes continue to harm large enterprises.

By Matt Kapko • Oct. 20, 2023

SMBs seek cyber training, support as attack risk surges

Small- and medium-sized businesses deal with higher cyber risks than larger enterprises with more resources, according to Sage analysis.

By David Jones • Oct. 19, 2023

How P&G rolled out its internal generative AI model

Built on OpenAI's API, the solution supports over 35 use cases, CIO Vittorio Cretella said.

By Lindsey Wilkinson • Oct. 18, 2023

Where to invest to close the cybersecurity skills gap

Executives in search of top cybersecurity talent should refine their recruitment processes and company culture.

By Jen A. Miller • Oct. 9, 2023

What to consider when choosing cybersecurity providers

While it might be easier for an organization to build its core cybersecurity system from a single company, that may not always be the right option.

By Sue Poremba • Oct. 6, 2023

AWS kicks off cloud race to mandate MFA by default

The cloud giant will start requiring users with the highest level of privileges to use MFA starting in mid-2024.

By Matt Kapko • Oct. 4, 2023

Cyber investments on pace to reach $215B in 2024: Gartner

The firm expects security services, the industry’s largest segment, to account for 42% of all spending and rise 11% to $90 billion next year.

By Matt Kapko • Oct. 4, 2023

Threats in cloud top list of executive cyber concerns, PwC finds

Lack of tech talent is a contributing factor, as more than 2 in 5 executives grapple with in-house skills gaps.

By Matt Ashare • Oct. 3, 2023