www.cybersecuritydive.com
Open in
urlscan Pro
172.64.147.160
Public Scan
Submitted URL: https://go.network-perception.com/NjY5LUpOWi00NTgAAAGQmY0a3PTnmjtJQmQInuF0qRrUN1UW4eipmnIbVmHsZJtFn1mvXJf6EBGNLzYhQUHhT6vDaVE=
Effective URL: https://www.cybersecuritydive.com/news/cybersecurity-trends-ransomware-business-risk/704214/?utm_source=Sailthru&utm_medium=email&...
Submission: On January 12 via manual from CA — Scanned from CA
Effective URL: https://www.cybersecuritydive.com/news/cybersecurity-trends-ransomware-business-risk/704214/?utm_source=Sailthru&utm_medium=email&...
Submission: On January 12 via manual from CA — Scanned from CA
Form analysis
10 forms found in the DOMName: signup-inter-form — POST /signup/
<form id="signup-inter-form" class="form-basic" name="signup-inter-form" action="/signup/" method="POST">
<input type="hidden" name="signup_box_location" value="interstitial">
<input type="hidden" name="signup_initial_url_path" value="/">
<h1> Don’t miss tomorrow’s Cybersecurity industry news </h1>
<p class="interstitial-text"> Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox. </p>
<p class="form-error__message" id="interstitial-error"></p>
<div id="form-interstitial">
<input type="email" name="email" placeholder="Work email address" class="email" required="" id="id_9e972a_email">
<div id="newsletter-list-section">
</div>
<div id="interstitial-consent-container">
<input name="user_consent" value="1" id="id_user_consent" type="checkbox">
<span> By signing up to receive our newsletter, you agree to our <a href="https://www.industrydive.com/terms-of-use/" target="_blank">Terms of Use</a> and
<a href="https://www.industrydive.com/privacy-policy/" target="_blank">Privacy Policy</a>. You can unsubscribe at anytime. </span>
</div>
</div>
<input id="signup-inter-submit" class="email_submit submit button" type="submit" data-role="none" value="Subscribe today">
</form>
GET /search/
<form action="/search/" method="GET" data-ajax="false">
<label for="search-desktop">
<span class="screen-reader-text search">Search</span>
</label>
<input id="search-desktop" type="search" name="q" placeholder="Search" data-role="none">
<button type="submit" value="" data-role="none" class="search-button-front analytics t-search-navigation-drawer">
<img src="/static/img/menu_icons/search.svg?320116291121" alt="search" height="16" width="16" loading="lazy">
</button>
<img class="close" src="/static/img/menu_icons/close.svg?273117231121" width="16" height="16" alt="close search" loading="lazy">
</form>
Name: signup — POST /signup/
<form class="form js-form-email-validate" name="signup" action="/signup/" method="POST" target="_blank">
<label for="id_c0f4a1_email" class="email-input js-email-input">
<span class="screen-reader-text">Email:</span>
<input type="email" name="email" placeholder="Work email address" class="email" required="" id="id_c0f4a1_email">
</label>
<input type="hidden" name="signup_box_location" value="inline">
<input type="hidden" name="signup_initial_url_path" value="/news/cybersecurity-trends-ransomware-business-risk/704214/">
<input type="hidden" name="js_enabled" value="1" id="id_c0f4a1_js_enabled">
<ul class="signup-list list-no-bullets">
<li>
<label><span class="screen-reader-text">Select user consent:</span></label>
<input type="checkbox" name="user_consent" id="id_user_consent-inline" value="1" class="checkbox">
<label for="id_user_consent-inline">
<span class="signup-user-consent_box">
<span> By signing up to receive our newsletter, you agree to our <a href="https://www.industrydive.com/terms-of-use/" target="_blank">Terms of Use</a> and
<a href="https://www.industrydive.com/privacy-policy/" target="_blank">Privacy Policy</a>. You can unsubscribe at anytime. </span>
</span>
</label>
</li>
</ul>
<button class="button button--medium signup-button" type="submit" value="Sign up">Sign up</button>
<label class="error email_error" style="display:none;">A valid email address is required.</label>
<label class="error newsletter-error" style="display:none;">Please select at least one newsletter.</label>
</form>
Name: signup — POST /signup/
<form class="form js-form-email-validate" name="signup" action="/signup/" method="POST" target="_blank">
<label for="id_6f936f_email" class="email-input js-email-input">
<span class="screen-reader-text">Email:</span>
<input type="email" name="email" placeholder="Work email address" class="email" required="" id="id_6f936f_email">
</label>
<input type="hidden" name="signup_box_location" value="inline">
<input type="hidden" name="signup_initial_url_path" value="/news/cybersecurity-trends-ransomware-business-risk/704214/">
<input type="hidden" name="js_enabled" value="1" id="id_6f936f_js_enabled">
<ul class="signup-list list-no-bullets">
<li>
<label><span class="screen-reader-text">Select user consent:</span></label>
<input type="checkbox" name="user_consent" id="id_user_consent-inline" value="1" class="checkbox">
<label for="id_user_consent-inline">
<span class="signup-user-consent_box">
<span> By signing up to receive our newsletter, you agree to our <a href="https://www.industrydive.com/terms-of-use/" target="_blank">Terms of Use</a> and
<a href="https://www.industrydive.com/privacy-policy/" target="_blank">Privacy Policy</a>. You can unsubscribe at anytime. </span>
</span>
</label>
</li>
</ul>
<button class="button button--medium signup-button" type="submit" value="Sign up">Sign up</button>
<label class="error email_error" style="display:none;">A valid email address is required.</label>
<label class="error newsletter-error" style="display:none;">Please select at least one newsletter.</label>
</form>
Name: signup —
<form id="content_gate_signup" class="js-form-email-validate" name="signup" style="">
<h3>Continue reading for free</h3>
<label id="subtitle">Sign up for our daily newsletter to access this article.</label>
<p style="display: none" class="signup-form-error-message form-error__message padding-left">YOU MUST AGREE TO OUR TERMS OF USE AND PRIVACY POLICY.</p>
<div id="input-container" class="email-input js-email-input">
<input id="content_gate_input" type="email" placeholder="Work email address" required="">
<div id="content_gate_button">
<button class="button button--medium">Read now</button>
</div>
</div>
<p class="email-check js-already-subscriber-prompt padding-left">Already a subscriber? Sign in with your email above.</p>
<ul style="display: none" class="signup-list list-no-bullets padding-left inline-gate-signup">
<li>
<input type="checkbox" name="user_consent" id="id_user_consent-gate" value="1" class="checkbox">
<label for="id_user_consent-gate">
<span class="signup-user-consent_box">
<span> By signing up to receive our newsletter, you agree to our <a href="https://www.industrydive.com/terms-of-use/" target="_blank">Terms of Use</a> and
<a href="https://www.industrydive.com/privacy-policy/" target="_blank">Privacy Policy</a>. You can unsubscribe at anytime. </span>
</span>
</label>
</li>
</ul>
<label style="display: none" id="confirmation">All set! You’ll get a confirmation email from us shortly.</label>
</form>
Name: signup — POST /signup/
<form class="form js-form-email-validate" name="signup" action="/signup/" method="POST">
<label for="id_c7a98_email" class="email-input js-email-input">
<span class="screen-reader-text">Email:</span>
<input type="email" name="email" placeholder="Work email address" class="email" required="" id="id_c7a98_email">
</label>
<input type="hidden" name="signup_box_location" value="elevated_footer">
<input type="hidden" name="signup_initial_url_path" value="/news/cybersecurity-trends-ransomware-business-risk/704214/">
<input type="hidden" name="js_enabled" value="1" id="id_c7a98_js_enabled">
<ul class="signup-list list-no-bullets">
<li>
<label><span class="screen-reader-text">Select user consent:</span></label>
<input type="checkbox" name="user_consent" id="id_user_consent-elevated_footer" value="1" class="checkbox">
<label for="id_user_consent-elevated_footer">
<span class="signup-user-consent_box">
<span> By signing up to receive our newsletter, you agree to our <a href="https://www.industrydive.com/terms-of-use/" target="_blank">Terms of Use</a> and
<a href="https://www.industrydive.com/privacy-policy/" target="_blank">Privacy Policy</a>. You can unsubscribe at anytime. </span>
</span>
</label>
</li>
</ul>
<button class="button button--medium signup-button" type="submit" value="Sign up">Sign up</button>
<label class="error email_error" style="display:none;">A valid email address is required.</label>
<label class="error newsletter-error" style="display:none;">Please select at least one newsletter.</label>
</form>
Name: signup — POST /signup/
<form class="form js-form-email-validate" name="signup" action="/signup/" method="POST">
<label for="id_90e193_email" class="email-input js-email-input">
<span class="screen-reader-text">Email:</span>
<input type="email" name="email" placeholder="Work email address" class="email" required="" id="id_90e193_email">
</label>
<input type="hidden" name="signup_box_location" value="sidebar">
<input type="hidden" name="signup_initial_url_path" value="/news/cybersecurity-trends-ransomware-business-risk/704214/">
<input type="hidden" name="js_enabled" value="1" id="id_90e193_js_enabled">
<ul class="signup-list list-no-bullets">
<li>
<label><span class="screen-reader-text">Select user consent:</span></label>
<input type="checkbox" name="user_consent" id="id_user_consent-sidebar" value="1" class="checkbox">
<label for="id_user_consent-sidebar">
<span class="signup-user-consent_box">
<span> By signing up to receive our newsletter, you agree to our <a href="https://www.industrydive.com/terms-of-use/" target="_blank">Terms of Use</a> and
<a href="https://www.industrydive.com/privacy-policy/" target="_blank">Privacy Policy</a>. You can unsubscribe at anytime. </span>
</span>
</label>
</li>
</ul>
<button class="button button--medium signup-button" type="submit" value="Sign up">Sign up</button>
<label class="error email_error" style="display:none;">A valid email address is required.</label>
<label class="error newsletter-error" style="display:none;">Please select at least one newsletter.</label>
</form>
Name: signup — POST /signup/
<form class="form js-form-email-validate" name="signup" action="/signup/" method="POST">
<label for="id_3f5696_email" class="email-input js-email-input">
<span class="screen-reader-text">Email:</span>
<input type="email" name="email" placeholder="Work email address" class="email" required="" id="id_3f5696_email">
</label>
<input type="hidden" name="signup_box_location" value="elevated_footer">
<input type="hidden" name="signup_initial_url_path" value="/news/cybersecurity-trends-ransomware-business-risk/704214/">
<input type="hidden" name="js_enabled" value="1" id="id_3f5696_js_enabled">
<ul class="signup-list list-no-bullets">
<li>
<label><span class="screen-reader-text">Select user consent:</span></label>
<input type="checkbox" name="user_consent" id="id_user_consent-elevated_footer" value="1" class="checkbox">
<label for="id_user_consent-elevated_footer">
<span class="signup-user-consent_box">
<span> By signing up to receive our newsletter, you agree to our <a href="https://www.industrydive.com/terms-of-use/" target="_blank">Terms of Use</a> and
<a href="https://www.industrydive.com/privacy-policy/" target="_blank">Privacy Policy</a>. You can unsubscribe at anytime. </span>
</span>
</label>
</li>
</ul>
<button class="button button--medium signup-button" type="submit" value="Sign up">Sign up</button>
<label class="error email_error" style="display:none;">A valid email address is required.</label>
<label class="error newsletter-error" style="display:none;">Please select at least one newsletter.</label>
</form>
GET /search/
<form action="/search/" method="GET" data-ajax="false">
<label for="search-mobile">
<span class="screen-reader-text">Search</span>
<input id="search-mobile" type="search" name="q" placeholder="Search" data-role="none">
</label>
<button type="submit" value="" data-role="none" class="search-button-front analytics t-search-navigation-mobile">
<img src="/static/img/menu_icons/search.svg?320116291121" width="15" height="15" alt="search">
</button>
</form>
Name: signup — POST /signup/
<form class="form js-form-email-validate" name="signup" action="/signup/" method="POST">
<label for="id_2fc33f_email" class="email-input js-email-input">
<span class="screen-reader-text">Email:</span>
<input type="email" name="email" placeholder="Work email address" class="email" required="" id="id_2fc33f_email">
</label>
<input type="hidden" name="signup_box_location" value="integrated_menu">
<input type="hidden" name="signup_initial_url_path" value="/news/cybersecurity-trends-ransomware-business-risk/704214/">
<input type="hidden" name="js_enabled" value="1" id="id_2fc33f_js_enabled">
<ul class="signup-list list-no-bullets">
<li>
<label><span class="screen-reader-text">Select user consent:</span></label>
<input type="checkbox" name="user_consent" id="id_user_consent-integrated_menu" value="1" class="checkbox">
<label for="id_user_consent-integrated_menu">
<span class="signup-user-consent_box">
<span> By signing up to receive our newsletter, you agree to our <a href="https://www.industrydive.com/terms-of-use/" target="_blank">Terms of Use</a> and
<a href="https://www.industrydive.com/privacy-policy/" target="_blank">Privacy Policy</a>. You can unsubscribe at anytime. </span>
</span>
</label>
</li>
</ul>
<button class="button button--medium signup-button" type="submit" value="Sign up">Sign up</button>
<label class="error email_error" style="display:none;">A valid email address is required.</label>
<label class="error newsletter-error" style="display:none;">Please select at least one newsletter.</label>
</form>
Text Content
Skip to main content CONTINUE TO SITE ➞ DON’T MISS TOMORROW’S CYBERSECURITY INDUSTRY NEWS Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox. By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. * Deep Dive * Library * Press Releases * Topics Sign up * Search * Sign up Search * Strategy * Breaches * Vulnerability * Cyberattacks * Threats * Leadership & Careers * Policy & Regulation An article from 5 CYBERSECURITY TRENDS TO WATCH IN 2024 Preventative measures remain woefully unmet, the scourge of ransomware is as bad as its ever been, and a wave of new incident reporting and compliance regulations are taking hold. Buckle up for 2024. Published Jan. 10, 2024 David Jones Reporter Matt Kapko Senior Reporter * * * * * iStock/Getty Images Plus via Getty Images The trends that lived rent free in the minds of cybersecurity professionals in 2023 are certain to continue and reshape the landscape in 2024. Long-trumpeted measures for prevention remain woefully unmet, the scourge of ransomware is as bad as its ever been, and a wave of new incident reporting and compliance regulations are taking hold. These are the five trends Cybersecurity Dive identified as the most prominent and perplexing heading into 2024. Is there a trend or prediction you think we should highlight? Email us at cybersecurity.dive.editors@industrydive.com. Sponsored by studioID Expert Network Provide insights to Industry Dive’s 14M+ readers Join our Expert Network community for speaking opportunities to share your expertise alongside top brands. Learn more 1. IN SECURITY, PREVENTION IS THE BEST MEDICINE One of the best ways to make products more secure is to eliminate risk at the design phase. The technology industry is beginning to embrace simple changes at the development stage that could signal a willingness to build security into the earliest stage of new applications. Among the most basic elements of developing secure software is to ensure the code is safe. A large number of applications have been developed using C and C++ — these languages have been around for decades and are built for speed. However, these languages are also considered more at risk to memory safety issues. Two-thirds of software vulnerabilities have been linked to memory safe coding concerns, according to CISA. The White House In August issued a request for information on open-source security and memory safety. In December, CISA, the FBI and key foreign partner agencies released a road map for manufacturers to embrace the use of memory-safe languages as a way to reduce software vulnerabilities. The open source community is also taking steps to boost security during the development phase. “The biggest shift we’ve seen is an emphasis on prevention, not just remediation, both in the open source community and with our enterprise customers,” said Eric Tooley, senior product marketing manager at GitHub. For example, GitHub provides tools like Dependabot to help developers keep outdated and vulnerable dependencies out of their software. In 2023, developers pulled 60% more automated Dependabot pull requests for vulnerable packages, compared with 2022. In November, GitHub launched an AI-based code scanning autofix feature, which allows developers to keep secrets and vulnerabilities from creeping into code. Keep up with the story. Subscribe to the Cybersecurity Dive free daily newsletter Email: * Select user consent: By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. Sign up A valid email address is required. Please select at least one newsletter. 2. RANSOMWARE ATTACKS TARGET BIG WHALES WITH HIGH IMPACT Ransomware attacks against large, high-profile targets were abundant in 2023, resulting in operationally visible impacts. Attacks against multiple real estate firms disrupted closings, and the Clorox Company is expected to report a financial loss due to order processing delays and product shortages following an attack. MGM Resorts and Caesars Entertainment, the second- and third-largest casino companies in Las Vegas, suffered financial losses and business operation impacts from ransomware attacks. “Hackers target whatever creates the most pain for an organization,” said Kris Lovejoy, global practice leader of security and resiliency at Kyndryl. In 2024, cybersecurity experts expect ransomware groups to continue targeting high-value targets, particularly organizations that are more likely to pay ransom demands in a bid to mitigate serious operational disruptions. “There are advantages to whale hunting with extortion. Bigger companies have the potential to pay larger ransom demands versus small and midsize businesses. Criminals can go the low-volume, high-payout route with their targeting,” said Rick Holland, VP and CISO at Reliaquest. Attacks on high-profile targets are a validation and continuation of what security leaders at large enterprises already know, according to Allie Mellen, principal analyst at Forrester. “They need to be prepared to face ransomware attacks and subsequent business disruption as much as possible, from having proper backups, prevention, to detection and response,” Mellen said. The definitions of high-value targets and impacts are evolving to include software vendors and third-party service providers as well, according to Dave Burg, EY America’s cybersecurity leader. Keep up with the story. Subscribe to the Cybersecurity Dive free daily newsletter Email: * Select user consent: By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. Sign up A valid email address is required. Please select at least one newsletter. READ MORE IN STRATEGY Jan 11, 2024 Cyber funding and M&A drop in 2023 Jan 08, 2024 Merck reaches settlement in closely watched NotPetya insurance case Jan 04, 2024 LastPass enforces 12-character master password lengths Jan 04, 2024 Mimecast acquires human risk management specialist Elevate Security Jan 03, 2024 SonicWall acquires Banyan Security to boost cloud security portfolio for remote work Dec 21, 2023 Cisco to buy open source multicloud security vendor Isovalent Dec 20, 2023 Cyber risk strategies in hot seat as SEC rules go live Dec 08, 2023 2 years on, Log4j still haunts the security community Want to see more stories in Strategy? Read More ➔ “A small provider of outsourced help desk services may not have much budget for security, but if their customers are some of the biggest companies in the world, they are going to be a target,” Burg said. 3. 2024 AWAITS MORE INCIDENT REPORTING AND COMPLIANCE Federal agencies and various state authorities are placing new pressure on corporations and critical infrastructure providers to share intelligence and report incidents in order to prevent the spread of malicious threat activity. Among the most important developments following the SolarWinds and Colonial Pipeline cyberattacks, federal authorities launched efforts to share intelligence and collect information about data breaches and attacks so organizations can better prepare for threat activity before data is stolen or critical operations are disrupted. Companies should expect to see an increased amount of regulatory scrutiny at the federal and state level over the coming year, as government authorities seek to encourage prompt, accurate and complete disclosure of security threats and management-level preparedness, according to legal experts. 2023 already brought significant changes to corporate reporting mandates. The Securities and Exchange Commission now requires publicly traded companies to report material cybersecurity incidents within four business days of determining materiality. These include U.S. companies and foreign issuers that trade on U.S. exchanges. The disclosure is designed to increase transparency for investors, but also serves as an incentive for companies to tighten up their threat hunting capabilities and incident response procedures. SCALE YOUR CONTENT MARKETING PROGRAM, FUEL YOUR CHANNELS, AND BUILD TRUST. DIVE IN WITH 2,200 OF THE WORLD’S BEST PUBLISHERS. Learn More READ MORE IN STRATEGY Jan 11, 2024 Cyber funding and M&A drop in 2023 Jan 08, 2024 Merck reaches settlement in closely watched NotPetya insurance case Jan 04, 2024 LastPass enforces 12-character master password lengths Jan 04, 2024 Mimecast acquires human risk management specialist Elevate Security Jan 03, 2024 SonicWall acquires Banyan Security to boost cloud security portfolio for remote work Dec 21, 2023 Cisco to buy open source multicloud security vendor Isovalent Dec 20, 2023 Cyber risk strategies in hot seat as SEC rules go live Dec 08, 2023 2 years on, Log4j still haunts the security community Want to see more stories in Strategy? Read More ➔ The changes are placing enormous pressure on companies to have the technical expertise in place to quickly assess cybersecurity threats, have a team in place to respond to those threats and accurately assess how a breach or attack will impact investors and customers. A lot of companies have viewed this risk as an investment risk, so “if you don’t have good policies and procedures in place, they’re losing money,” said Keith Billotti, a partner at Seward & Kissel’ s Capital Markets & Corporate Securities group. For companies to be efficient and profitable, they need to have robust policies and procedures in place to stop, identify and respond to an attack. The SEC has investigated companies that failed to properly disclose or made misleading statements about cyber incidents. Companies have also faced investigations for misleading investors about their data security capabilities. The Federal Trade Commission increased scrutiny on companies regarding their efforts to protect customer data. In November, the agency said non-bank financial institutions, including mortgage brokers, payday lenders and motor vehicle dealers, need to report data breaches and other security incidents within 30 days. State regulators like the New York State Department of Financial Services in November unveiled enhancements that require banks, insurance firms and other regulated entities to report ransomware payments, conduct risk assessments and offer enhanced cybersecurity training. 4. THREAT ACTORS TARGET THIRD-PARTY VENDORS TO AMPLIFY IMPACT Attacks against third-party vendors, including file-transfer services, continued to ensnare downstream victims last year. These supply-chain attacks will carry on, resulting in some of the most potent cyberattacks in 2024, according to cybersecurity experts. “Third-party vendors are not the only victims of their cyber incidents — all of their customers become second-degree victims due to any operational disruption and data theft that occurs,” Burg said. The rippling effect can spread even further, he added. “Many organizations are looking outside their own IT departments to expand their digital footprint and power business processes, but a complex IT partner ecosystem also creates several potential risks,” Lovejoy said. “Bad actors may try a third-party entry point to get into an organization’s systems and either infect them, steal data or disrupt business operations.” While enterprises can defend against attacks on their own infrastructure, they don’t have direct control of the third-party infrastructure they work with, and this leaves a defensive gap, according to Mellen. “Supply chain attacks are unique because they take advantage of something we have come to rely heavily on in the internet age: interconnectivity,” Mellen said. It’s the open-source vendors that most people have never heard about that cause the most concern for Burg heading into 2024. “The ones that create software libraries for encryption, logging and system management that underpin all the business applications we use are the ones I believe are most susceptible,” Burg said. “Because these are free and open source, they’re often maintained by a volunteer skeleton crew that doesn’t have the time or resources to conduct the robust security we’d hope for.” 5. SECURE OUT OF THE BOX An age-old debate in the security industry is who should bear the responsibility for making sure products are secure. Customers have long complained about insecure products, but software developers and manufacturers have tempered that debate by saying users are failing to properly configure devices and applications. The debate may have come full circle in 2023 and play a huge role in security as 2024 unfolds. Two of the biggest information security crises of 2023 involved critical infrastructure providers and government agencies, respectively, threatened by products that lacked basic configuration elements. The Iran-linked hacks of U.S. water and wastewater providers and the hack of U.S. State Department emails linked to the People’s Republic of China, both exposed flaws in the nation’s security infrastructure. A threat group linked to the Islamic Revolutionary Guard Corps was suspected of exploiting potential weaknesses in logic controllers used by water treatment facilities, including devices visible on the open internet and weak default passwords. The Cybersecurity and Infrastructure Security Agency by mid-December issued guidance to manufacturers to eliminate the use of default passwords, which are easy for malicious threat groups to exploit. The State Department hacks, linked to the theft of an inactive Microsoft consumer signing key by Storm-0558, exposed the company’s policy of forcing customers to pay additional money for security logs, which can help network defenders hunt for malicious activity. In the case of the Microsoft Exchange hacks, it was government officials that notified Microsoft that outside threat groups had compromised their operating environments. Microsoft was forced to change its security log policy and by November overhauled its security policy to finally embrace secure by default design practices. Spurred on by these major security threats and extensive government pressure, the tech industry is taking numerous steps to embed security as a core feature of the development lifecycle. AWS will mandate multifactor authentication for most privileged users by mid-2024. AWS Management Console customers signing in with the root user of an AWS Organizations management account will be required to set up MFA. AWS will expand the requirements further to standalone accounts, too. “Enabling MFA is one of the simplest and most effective mechanisms to enhance account security, offering an additional layer of protection to help prevent unauthorized individuals from gaining access to data,” Mark Ryland, director of Amazon Security, said via email. IT-ISAC in December published a white paper calling on SaaS and other cloud companies to embrace secure by default principles. The debate has long centered around the conflict between increasing security risk, while reducing speed to market for the manufacturer and a slowdown in productivity for the user. “Of course there are trade-offs, in the same way that there are trade-offs when the more general user experience is prioritized,” James Dolph, CISO at Guidewire Security and co-author of the white paper, said via email. As outlined in the white paper, Dolph said “the user experience of security should be on par with other goals in software if we’re going to elevate the security of the software industry and avoid negative outcomes like we all see in the news.” CONTINUE READING FOR FREE Sign up for our daily newsletter to access this article. YOU MUST AGREE TO OUR TERMS OF USE AND PRIVACY POLICY. Read now Already a subscriber? Sign in with your email above. * By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. All set! You’ll get a confirmation email from us shortly. * post * share * tweet * print * email Filed Under: Strategy, Cyberattacks, Threats, Policy & Regulation CYBERSECURITY DIVE NEWS DELIVERED TO YOUR INBOX Get the free daily newsletter read by industry experts Email: * Select user consent: By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. Sign up A valid email address is required. Please select at least one newsletter. EDITORS’ PICKS * Getty via Getty Images HOW 7 CYBERSECURITY EXPERTS MANAGE THEIR PASSWORDS Cybersecurity Dive asked CISOs and other cyber experts what they do with their passwords. Here’s how they manage the mess that awaits us all. By Matt Kapko • May 4, 2023 * Motortion via Getty Images RACKSPACE EXECUTIVES STAND BY RANSOMWARE RESPONSE Chief Product Officer Josh Prewitt said the company restored email access to more than three-quarters of its Hosted Exchange customers. But Rackspace officials pushed back on alleged connections to ProxyNotShell. By David Jones • Dec. 16, 2022 Healthcare Dive Be the smartest healthcare industry leader in the room Join the thousands of healthcare industry leaders who read Healthcare Dive’s Daily Dive to stay on the pulse of the latest healthcare news and what it means for the industry. Get the Free Newsletter GET THE FREE NEWSLETTER Subscribe to Cybersecurity Dive for top news, trends & analysis Email: * Select user consent: By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. Sign up A valid email address is required. Please select at least one newsletter. COMPANY ANNOUNCEMENTS * Live Webinar on Automating DISA STIG Compliance for VMware Workloads in US Federal Space From Runecast Solutions Ltd. View all | Post a press release Cybersecurity Dive Want more cybersecurity insights in your inbox? Get the Daily Dive newsletter from Cybersecurity Dive, the free newsletter that keeps industry leaders in-the-know on the latest news and analysis. Subscribe CYBERSECURITY DIVE NEWS DELIVERED TO YOUR INBOX Get the free daily newsletter read by industry experts Email: * Select user consent: By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. Sign up A valid email address is required. Please select at least one newsletter. COMPANY ANNOUNCEMENTS View all | Post a press release Live Webinar on Automating DISA STIG Compliance for VMware Workloads in US Federal Space From Runecast Solutions Ltd. January 09, 2024 Want to share a company announcement with your peers? Get started ➔ Editors’ picks * Getty via Getty Images HOW 7 CYBERSECURITY EXPERTS MANAGE THEIR PASSWORDS Cybersecurity Dive asked CISOs and other cyber experts what they do with their passwords. Here’s how they manage the mess that awaits us all. By Matt Kapko • May 4, 2023 * Motortion via Getty Images RACKSPACE EXECUTIVES STAND BY RANSOMWARE RESPONSE Chief Product Officer Josh Prewitt said the company restored email access to more than three-quarters of its Hosted Exchange customers. But Rackspace officials pushed back on alleged connections to ProxyNotShell. By David Jones • Dec. 16, 2022 Latest in Strategy * Cyber funding and M&A drop in 2023 By Matt Kapko * 5 cybersecurity trends to watch in 2024 By David Jones and Matt Kapko * Merck reaches settlement in closely watched NotPetya insurance case By David Jones * LastPass enforces 12-character master password lengths By Matt Kapko -------------------------------------------------------------------------------- * * * * EXPLORE * About * Editorial Team * Contact Us * Newsletter * Article Reprints * Press Releases * What We’re Reading REACH OUR AUDIENCE * Advertising * Post a press release RELATED PUBLICATIONS * CIO Dive -------------------------------------------------------------------------------- image/svg+xml Industry Dive is an Informa business © 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy. Cookie Preferences / Do Not Sell Search * Home * Topics * Strategy * Breaches * Vulnerability * Cyberattacks * Threats * Leadership & Careers * Policy & Regulation * Deep Dive * Library * Press Releases GET CYBERSECURITY DIVE IN YOUR INBOX The free newsletter covering the top industry headlines Email: * Select user consent: By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at anytime. Sign up A valid email address is required. Please select at least one newsletter.