Security news aggregator

Latest coverage for Lessons

Lessons from information-security incidents explain how controls and response decisions can reduce risk and strengthen future cyber defenses.

25 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Lessons captures documented insights from security incidents, vulnerability disclosures, exercises, audits, and other operational experience—what happened, why defenses failed or worked, and what should change. The focus is not the event itself, but transferable understanding grounded in evidence, such as a missed patch, excessive privilege, weak recovery process, or detection rule that did not alert.

For practitioners, these accounts help turn failures into changes across the security lifecycle. A useful lesson identifies the affected asset and attack path, separates root causes from contributing conditions, and assigns verifiable corrective actions: reduce exposure through vulnerability management, improve logging and containment for incident response, or revise access and recovery controls. It should also state limits—an observation from one environment may not apply universally—and consider privacy and compliance when sharing technical or personal details. Readers should look for validated findings, measurable follow-up, and evidence that fixes remain effective, rather than treating a postmortem or case study as a checklist.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 25 Filtered view
Bank Info Security 1 day, 3 hours ago

Lessons Learned: US Cybersecurity Agency Leaked Secrets

CISA Lauded for Fast Response, Transparency and Detailing Security RecommendationsSecure developers' use of public code repositories, monitor them for secrets and if they get exposed, have a well-tested incident response playbook at the ready. The U.S. Cybersecurity and Infrastructure Security Agency has shared these and other lessons learned after suffering a data leak.

National Risk Assessment Cites CrowdStrike Lessons Learned, Hybrid Warfare RisksThe British government's latest national security risk register sees a rising threat posed by cyberattacks disrupting operational technology in more critical national infrastructure sectors, and cites the CrowdStrike outage in "digital resilience failure" lessons to be learned.

Frame's AI Models Build Contextualized Security Lessons Automatically in MinutesFrame Security, founded by former Wiz product and sales leader Tal Shlomo, emerged from stealth with $50 million to build AI-generated cyber training and simulations designed to prepare employees for phishing, deepfakes, voice cloning and other personalized social engineering attacks.

Bank Info Security 3 months, 2 weeks ago

AI Versus AI: The Future of Cyber Defense

Segura's Joe Carson on Agentic AI, Cyber Resilience and Estonia's LessonsAI is accelerating both attackers and defenders, transforming cybersecurity into an AI-versus-AI battle. Segura's Joe Carson discusses why organizations must treat agentic AI as a force multiplier, not a replacement, and how to harness it responsibly in a future driven by autonomous agents.

Lessons From Lightning-Fast AI-Based Attacks and How Cyber Defenders Should RespondAI-based attacks will come faster and the sequence of activities will be less predictable. Cyber defenders are skilled in network analysis, incident response and cloud or identity management, but in the face of AI-based attacks, they need new skills, tools and defensive tactics.

Bank Info Security 8 months, 3 weeks ago

AWS Outage Exposes Cloud Dependency, Concentration Risks

Forrester's Brent Ellis and Dario Maisto on Lessons Learned for Large EnterprisesThe cascading outage across the U.S. East Coast triggered this week by a domain name system failure in an AWS DynamoDB service demonstrates the risks of deep architectural dependencies and the challenges of building true multi-region cloud resilience, said Forrester's Brent Ellis and Dario Maisto.

Bank Info Security 9 months, 1 week ago

Deepfake Fraud: Trust No Voice, Doubt Every Face

In Today's Reality, Zero Trust Principles Matter, Verification Is an ImperativeThis month, a judge made history by throwing out an $8.7 million lawsuit after discovering something that had never before appeared in her courtroom: deepfake testimony. But these new legal lessons are already a reality in business: the need for trust, verification and authentic communication.

Bank Info Security 9 months, 1 week ago

Deepfake Fraud: Trust No Voice, Doubt Every Face

In Today's Reality, Zero Trust Principles Matter, Verification Is an ImperativeThis month, a judge made history by throwing out an $8.7 million lawsuit after discovering something that had never before appeared in her courtroom: deepfake testimony. But these new legal lessons are already a reality in business: the need for trust, verification and authentic communication.

Bank Info Security 1 year, 1 month ago

Profits Over Consumer Protection? HSBC's Legal Challenge

Australian Securities Commission Says HSBC Ignored Repeated Internal WarningsSome lessons come with a price. The recent lawsuit against HSBC by the Australian Securities and Investments Commission claims the bank prioritized profits over customer safety. Despite repeated internal warnings from its own fraud experts, HSBC failed to act.

Bank Info Security 1 year, 1 month ago

Profits Over Consumer Protection? HSBC's Legal Challenge

Australian Securities Commission Says HSBC Ignored Repeated Internal WarningsSome lessons come with a price. The recent lawsuit against HSBC by the Australian Securities and Investments Commission claims the bank prioritized profits over customer safety. Despite repeated internal warnings from its own fraud experts, HSBC failed to act.

New Cyber and Electromagnetic Command Pitched as Lessons Learned from UkraineThe United Kingdom pledged Thursday one billion pounds for a military "Digital Targeting Web" the government said will enable quick fire targeting of enemy assets, including through offensive cyber operations. "Ways of warfare are rapidly changing," said Defense Secretary John Healy.

Bank Info Security 1 year, 4 months ago

Ransomware Recovery Lessons Learned From Arnold Clark

Disruptive Data-Stealing Attackers Hit Vehicle Retail Giant Right Before ChristmasCyber resilience lessons learned: In the wake of a disruptive ransomware attack, the head of automotive retail giant Arnold Clark said continually practicing and refining the organization's resilience plan has driven its response time down from at least 12 hours, to just one or two.

Bank Info Security 1 year, 4 months ago

Change Healthcare's Mega Attack: 1 Year Later

Ransomware Attack Taught Lessons on Health Sector Resiliency, Vendor RedundancyIt's been one year since hackers attacked IT services provider Change Healthcare, quickly shutting down critical processes for thousands healthcare entities, triggering a data breach affecting 190 million people. So what top lessons are emerging from that massive disruption and data compromise?

Identity Theft Resource Center's Lee on Lessons Learned From 2024 Mega-BreachesSix mega cybersecurity incidents led to a record 1.7 billion data breach notices going out to victims in 2024 - a dramatic 312% increase over the previous year. Identity Theft Resource Center President James E. Lee says the increase exposes industry-wide failures in basic cybersecurity practices.

Bank Info Security 1 year, 5 months ago

Don't Get Schooled: Lessons From PowerSchool's Big Breach

Why MFA and Data Minimization Remain Key for Preventing Massive Data BreachesWhile PowerSchool's investigation into the massive theft of its customers' data is continuing, clear lessons have already emerged. Count among them the importance of using multi-factor authentication, which could have safeguarded access to PowerSchool's exploited customer support systems.

Bank Info Security 1 year, 6 months ago

US CFPB Needs to Look Beyond Zelle to Curb Scams

Ken Palla on Lessons From U.K and Australia to Reduce Fraud and ScamsThe U.S. Consumer Financial Protection Bureau's decision to file a lawsuit against Zelle is too late and too narrow to reduce scams, said Ken Palla, retired director with MUFG Bank. CFPB last month sued the operator of Zelle, as well as three banks for failing to protect consumers from fraud.

Looking Back on the Ransomware Attacks, Resilience Lessons and Tech TrendsIn the latest weekly update, ISMG editors discussed defining cybersecurity moments of 2024, from the CrowdStrike outage and its implications for vendor resilience to ransomware's continued evolution, and the shifting dynamics in the tech industry affecting startups and M&A activity.

Loading more headlines...