A Good Year for North Korean Cybercriminals
North Korea shifted its strategy to patiently target "bigger fish" for larger payouts, using sophisticated methods to execute attacks at opportune times.
Cybersecurity strategy guides how organizations prioritize risks, protect critical systems, and prepare for incidents, recovery, and resilience.
Search across headline titles and summaries.
Background for this topic.
Security strategy is the long-term direction an organization uses to manage information-security risk and support its business objectives. It sets priorities for protecting systems and data, assigns decision-making authority, defines acceptable risk, and guides investment in controls, skills, architecture, and suppliers. A sound strategy turns risk assessments and threat intelligence into measurable security outcomes rather than a disconnected list of tools.
For practitioners, strategy determines which assets and attack paths receive priority in vulnerability management, how privacy and regulatory obligations shape data handling, and what capabilities must exist for detection, containment, recovery, and testing. It should account for dependencies such as cloud services, software providers, identities, and legacy systems, while establishing review points as technology, threats, and business operations change. Effective governance links these choices to owners, budgets, metrics, and documented exceptions.
North Korea shifted its strategy to patiently target "bigger fish" for larger payouts, using sophisticated methods to execute attacks at opportune times.
The future of cybersecurity means defending everywhere. Securing IoT, cloud, and remote work requires a unified edge-to-cloud strategy. First in a three-part series.
AI Is Now the Top Focus for Modernization to Relieve Budget, Staffing PressuresAccording to the National Association of State CIOs, this year AI tech - including generative and agentic AI - is the top strategic initiative for state CIOs - marking an "unprecedented" shift in IT priorities, said NASCIO Executive Director Doug Robinson. In fact, AI first appeared on the organization's annual survey of state and territory CIOs just three years ago.
The key elements in a security operations center's strategy map very closely to the swim/bike/run events in a triathlon. SOCs, like triathletes, perform well when their "inputs" are strong.
Experts predict big changes are coming for IT infrastructure in 2026 driven by AI adoption, hybrid cloud strategies, and evolving security demands.
Phishing attacks in 2025 increasingly moved beyond email, with attackers using social platforms, search ads, and browser-based techniques to bypass MFA and steal sessions. Push Security outlines key phishing trends and what security teams must know as identity-based attacks continue to evolve in 2026. [...]