A robust cyber incident response plan will minimize both damages and recovery time and ensure business continuity. Proactive measures to defend against data breaches, malware, social engineering, and other cyberattacks are crucial to enterprise cybersecurity, but there’s no such thing as a completely impenetrable system. Despite your best efforts, your company could still be hacked;… Read More
The California Consumer Privacy Act represents a significant milestone for consumer data privacy in the U.S. Tired of the federal government dragging its feet on consumer data privacy legislation, states have started to take matters into their own hands. The biggest example is the California Consumer Privacy Act (CCPA), which takes effect on January 1,… Read More
The DoD unveiled its proposed Cybersecurity Maturity Model Certification (CMMC) to prevent supply chain attacks Cyberattacks on the U.S. government’s vast network of contractors and subcontractors pose a serious threat to national security, and the DoD is taking action. The agency tasked NIST with developing a set of guidelines addressing advanced persistent threats against contractors… Read More
IT Compliance and Cyber Security: Understanding the Differences IT compliance and cyber security are often used interchangeably, even within the cyber security and compliance fields. This is the basis for the completely incorrect and dangerous notion that achieving compliance automatically equals being secure. While there is some overlap, and the two fields complement each other,… Read More
Understanding FedRAMP security impact levels and baselines You would never pay $1,000 upfront and $30/month for a security system to protect a shed containing $100 worth of lawn equipment. However, you wouldn’t hesitate to spend that much or more to protect your home and family. The same concept applies in information security. Different kinds of… Read More
Your guide to the SOC 2 Trust Services Criteria (formerly the Trust Services Principles) Outsourcing IT services to service organizations has become a normal part of doing business, even for small companies. However, there are risks to using service providers, and these continue to evolve and change. In this dynamic environment, the American Institute of… Read More
Advice for writing a successful FedRAMP SSP A FedRAMP SSP (System Security Plan) is the bedrock of a FedRAMP assessment and the primary document of the security package in which a cloud service provider (CSP) details their system architecture, data flows and authorization boundaries, and all security controls and their implementation. Keep in mind that… Read More
Is Docker Hub hack a harbinger of increasing cyber attacks on cloud containers? According to an official email sent to users, hackers gained access to Docker Hub, the official repository for Docker container images, “for a brief period.” However, during that “brief period,” approximately 190,000 user accounts were compromised, containing data such as usernames, hashed… Read More
Hackers Can Use DICOM Bug to Hide Malware in Medical Images DICOM bug enables hackers to insert fully functioning executable code into medical images A newly discovered design flaw in DICOM, a three-decade-old medical imaging standard, could be used to deliver malware inside what appears to be an innocuous image file, a researcher from Cylera… Read More
Poor cybersecurity practices complicated recovery from the Arizona Beverages ransomware attack. What appears to have been a targeted ransomware attack knocked over 200 networked computers and servers offline at Arizona Beverages, one of the largest beverage suppliers in the U.S., TechCrunch reports. The attack, which the company was still struggling to recover from two weeks… Read More
NIST SP 800-177 Rev. 1 was written with federal email security in mind, but SMBs can also use the guidance to secure their email systems. Email breaches can be just as destructive to organizations as customer data breaches; just ask Sony Pictures and the Democratic National Committee. A breach of a federal government agency’s email… Read More
Hybrid cloud security survey shows that most organizations are implementing hybrid clouds far faster than their security teams can manage them. For many organizations, particularly those in highly regulated industries such as healthcare, hybrid cloud environments offer the best of both worlds. Companies get to enjoy the easy scalability and other benefits of AWS, Microsoft… Read More
Think your company “can’t afford” cyber security? How much will a cyber attack cost? Cost is arguably the biggest impediment to robust, proactive cyber security at small and medium sized businesses (SMBs). SMBs are aware of the need to secure their systems and data, but when presented with a solution, the costs may give them… Read More
Malicious browser extensions can steal credentials, cryptocurrency, and more From blocking ads and coin miners to saving news stories for later reading, browser extensions allow users to customize their web browsers for convenience, efficiency, and even privacy and security – usually for free. However, browser extensions need a wealth of access permissions to operate, including… Read More
The 5 top healthcare cyber threats, according to the U.S. Department of Health & Human Services’ new guide The financial impact of healthcare cyber attacks can be devastating, especially to small organizations. The HHS points out that the healthcare industry has the highest data breach cost of any industry, at an average of $408 per… Read More
These common cyber security mistakes could get your company hacked. With an estimated 90% of cyber attacks caused by human error or behavior, it’s important to understand the most common cyber security mistakes your employees are probably making and know how to mitigate them. Becoming victims of phishing schemes Stolen login credentials are the most… Read More
Chinese hackers have successfully breached contractors for the U.S. Navy, according to WSJ report. The years-long Marriott Starwood database breach was almost certainly the work of nation-state hackers sponsored by China, likely as part of a larger campaign by Chinese hackers to breach health insurers and government security clearance files, The New York Times reports.… Read More
Hackers love it when businesses believe in these common cyber security myths. Let’s debunk them. Like other criminals, hackers take advantage of people’s misconceptions regarding their risk of being victimized. Here are six common cyber security myths that could be putting your enterprise at risk. Security Myth #1: Compliance Equals Cyber Security Compliance with regulatory… Read More
The California Consumer Privacy Act may not be the “American GDPR,” but it’s a harbinger of data privacy laws to come. As California goes, so does the rest of the country. While the California Consumer Privacy Act (CCPA), which was passed this summer and goes into effect in 2020, falls short of being an “American… Read More
While digital currencies, particularly bitcoin, are the most common and well-known application of blockchain technology, they are far from being the sole or even the most important use. Blockchain is one of the most important technological advancements of the digital age, and its full potential has barely been tapped. Among the most exciting potential uses… Read More
SEC cyber enforcement action charges Iowa broker-dealer with “deficient cybersecurity procedures” Des Moines-based Voya Financial Advisors (VFA) has agreed to pay the U.S. Securities and Exchange Commission a $1 million penalty in the wake of an April 2016 breach that affected several thousand VFA customers. The SEC cyber enforcement action charged VFA with not having… Read More
NIST 800-171 Compliance Explained If your company is part of the federal supply chain, you likely need to comply with NIST 800-171. NIST 800-171 compliance applies to contractors for the DoD, GSA, NASA, and other federal and state agencies; universities and research institutions that accept federal grants; consulting firms with federal contracts; manufacturers who supply… Read More
Not only is PCI DSS compliance mandatory, it’s also the starting point for solid payment system cyber security PCI DSS compliance is mandatory for any organization that accepts or processes payment cards, yet shockingly, a recent study by SecurityScorecard found that over 90% of U.S. retailers fail to meet four or more PCI DSS requirements.… Read More
An SOC 2 Type 2 report is crucial when selecting a cloud service vendor We are living in a cloud-first world; cloud services, including storage services and SaaS providers, are wildly popular. Unfortunately, third-party vendor breaches are at epidemic levels, and new regulations such as the EU GDPR are seeking to hold organizations accountable if… Read More