Switching to Offense: US Makes Cyber Strategy Changes
The US national cyber director describes the next cyber strategy as focusing "on shaping adversary behavior," adding consequences and aggressive response.
Cybersecurity strategy guides how organizations prioritize risks, protect critical systems, and prepare for incidents, recovery, and resilience.
Search across headline titles and summaries.
Background for this topic.
Security strategy is the long-term direction an organization uses to manage information-security risk and support its business objectives. It sets priorities for protecting systems and data, assigns decision-making authority, defines acceptable risk, and guides investment in controls, skills, architecture, and suppliers. A sound strategy turns risk assessments and threat intelligence into measurable security outcomes rather than a disconnected list of tools.
For practitioners, strategy determines which assets and attack paths receive priority in vulnerability management, how privacy and regulatory obligations shape data handling, and what capabilities must exist for detection, containment, recovery, and testing. It should account for dependencies such as cloud services, software providers, identities, and legacy systems, while establishing review points as technology, threats, and business operations change. Effective governance links these choices to owners, budgets, metrics, and documented exceptions.
The US national cyber director describes the next cyber strategy as focusing "on shaping adversary behavior," adding consequences and aggressive response.
A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks as part of a nearly three-year campaign
The regime's cyber-espionage strategy employs dual-use targeting, collecting info that can support both military needs and broader political objectives.
Fortinet's Rashish Pandey on Security Leadership, Regulation and IT-OT ConvergenceAI is transforming businesses, but it is also expanding the attack surface and accelerating risk. Rashish Pandey, VP of marketing at Fortinet, explains why CIOs and CISOs must share accountability, unify platforms and prepare for a future defined by regulatory complexity and AI-powered threats.
The C-suite will have zero interest in zero trust without a good business case Partner Content In today's enterprise environment, technology investments are no longer judged solely by their technical sophistication. Approval depends on their ability to support business goals, mitigate risk, and create value for shareholders. CIOs and CISOs are expected to present their strategies not as technical upgrades but as business enablers. The challenge is not just making the right investments, but framing them in ways that resonate at the boardroom level.…
Cyber Leaders Address AI Threats, Compliance Resilience, Zero TrustFrom AI‑driven fraud schemes to tightening regulations and identity threats, ISMG's New York Fraud Prevention and Financial Cybersecurity Summits brought together CISOs, investigators and risk leaders to share practical strategies for strengthening defenses and building true resilience.
Bug bounty programs create formal channels for organizations to leverage external security expertise, offering researchers legal protection and financial incentives for ethical vulnerability disclosure.