New York State Cybersecurity Regulations for Financial Institutions Could Be Model for Other States The first phase of the New York state cybersecurity regulations, which apply to insurance companies, banks, and other financial institutions operating within the state, went into effect on March 1. While the insurance and finance industries are already highly regulated, New… Read More
Jackpotting! Are ATMs at the end of every rainbow? ATMs were designed to protect their cash vaults, not their computer components, which leaves them vulnerable to “jackpotting” cyber attacks. Earlier this month, the American Bankers Association announced changes to its Bank Capture incident tracking system, which logs data on ATM attacks, as well as robberies,… Read More
As compliance costs skyrocket, standards grow increasingly complex, and the cyber threat environment evolves, organizations are turning to RegTech solutions to automate their compliance processes and improve their overall cybersecurity posture. Compliance with regulatory and industry standards, such as HIPAA, PCI DSS, FedRAMP, and SSAE 16 SOC reporting, are a burdensome yet necessary part of… Read More
How RegTech Simplifies Governance, Risk, and Compliance Complying with standards such as HIPAA, PCI DSS, FISMA, and SSAE 16 SOC reporting is complex, costly, and time-consuming, especially for organizations that must comply with multiple standards. You may have heard the term “RegTech” mentioned as a solution. What is RegTech, and how can it help your… Read More
Consumers love shopping online and are abandoning malls for mobile shopping apps in droves. However, online shopping environments offer multiple opportunities for hackers to steal payment card data. Even worse, as more brick-and-mortar stores implement card chip technology to defeat skimmers and other forms of POS system fraud, thieves are gravitating toward card-not-present (CNP) ecommerce… Read More
Education Cyber Security Vulnerabilities and What Schools Can Do About Them K-12 schools, colleges, and universities are attractive targets for hackers. Their networks contain an enormous amount of identifying information on staff members, students, and students’ families, including names, birth dates, addresses, Social Security numbers, and even health records. Additionally, educational institutions are frequently connected… Read More
Be Prepared for these New and Emerging Ransomware Threats Ransomware threats are everywhere, and the problem is going to get much worse before it gets any better. According to a recent survey, about half of all businesses have experienced a ransomware attack at least once in the last 12 months, and a staggering 85% had… Read More
Internet-connected smart toys, a popular holiday gift item, have vulnerabilities that put both children and parents at risk of data breaches and identity theft. Smart toys, which connect to the internet and offer children a personalized, interactive play experience, were a very popular gift item this past holiday season. However, the interactive features of smart… Read More
In a new report, UC Berkeley’s Center for Long-Term Cybersecurity offers suggestions to President Elect Trump Now that the election is over, the nation’s attention has turned to President Elect Donald Trump and what a Trump Administration will mean for cyber security. Notably, information security was the only tech-related topic Trump addressed directly on his… Read More
Cybersecurity Due Diligence Has Become a Fundamental Part of M&A Transactions Data breaches and a failure to comply with governmental and industry standards can impact a company in many ways, as Yahoo is finding out the hard way. The company’s recent disclosure of a massive data breach, which resulted in 500 million user accounts being… Read More
For Years, Yahoo Put Usability Ahead of Cybersecurity The massive Yahoo data breach, which compromised 500 million user accounts and has put its planned acquisition by Verizon at risk, happened because the company repeatedly put product user experience ahead of security, the New York Times reports: Six years ago, Yahoo’s computer systems and customer email… Read More
Vote hacking is a legitimate concern, and election officials need to take it seriously. Right alongside immigration, healthcare, and the minimum wage, cybersecurity has emerged as a major – and contentious – issue in this year’s presidential election. First, the Democratic National Convention’s email server was hacked, and thousands of embarrassing emails were published on… Read More
If IoT cybersecurity concerns aren’t addressed, consumers will reject self-driving cars and other smart devices Shortly after rideshare company Uber launched a pilot test of self-driving cars in Pittsburgh, competitor Lyft made the bold prediction that most of its cars would be self-driving within five years. While it can be argued that Lyft’s proclamation is… Read More
Free HIPAA Risk Awareness & Compliance Survey If you are in the healthcare business you have HIPAA compliance requirements to adhere to. Maybe you are not aware of what they or maybe you just want to gauge your organization’s readiness prior to seeking professional help? We have provided a short survey quiz that will give… Read More
A Proactive Approach Could Have Prevented the DNC Email Hack The NSA isn’t the only Washington organization being embarrassed by a data breach. The sorry state of cybersecurity in America has taken center stage in this year’s presidential election. In June, it was discovered that Russian cyber criminals had managed to hack the Democratic National… Read More
The NSA Hack Proves that Much More Needs to Be Done to Protect Enterprise Data In the hit USA Network series Mr. Robot, a rogue group of hacktivists target major corporations and the government. In a recent episode, the group enlisted the help of a malicious insider to hack the FBI. Sound far-fetched? Maybe not:… Read More
Doping allegations, illegal gambling, and other attempts to game the system and give a player or a team an edge have long plagued the professional sports world. Now, the cheating has gone cyber. Chris Correa, a former executive with the Saint Louis Cardinals MLB team, has been sentenced to nearly four years in prison for… Read More
It sounds like the plot of a James Bond movie: A band of international bank robbers have made off with nearly $100 million, and bank executives are biting their nails as the thieves remain at large. But these heists happened in real life, and the thieves never actually set foot inside a bank. They used… Read More
Wendy’s Data Breach: Forget the beef, where’s the data security? The Wendy’s data security breach, news of which first broke in January, is much worse than the fast-food company originally thought. Wendy’s first reported that the POS system breach impacted only about 5% — or approximately 300 – of its franchise-owned restaurants. However, after allegations… Read More
Up until now, healthcare cyber security has been focused on protecting patient data, ensuring HIPAA compliance, and, more recently, protecting systems from ransomware attacks. However, as healthcare technology advances, a new threat is emerging: the potential for hackers to attack smart medical devices such as insulin pumps and pacemakers. If IoT security is not taken… Read More
In a previous blog, we discussed the recent epidemic of ransomware attacks on U.S. healthcare organizations and the importance of the industry taking this very serious cybersecurity threat – and healthcare cybersecurity in general – seriously. The good news is that although a ransomware attack can bring a healthcare facility to its knees, ransomware attacks… Read More
A recent report revealed that “More than 209,000 cybersecurity job postings in the U.S. are unfilled, and postings are up 74% over the past five years.” Lazarus Alliance Cybervisors are the front line for the global business community, bridging this critical cyber security job talent shortage. Steve Morgan, a professional acquaintance who writes about cyber… Read More
Continuum GRC unveils the next generation of cybercrime prevention for organizations with NIST and SEC, NFA compliance requirements in concert with the Cybersecurity Act of 2015. Continuum GRC released the next generation antidote to fight cyber crime, compliance failures, corporate fraud, and criminal cyber-misconduct with the IT Audit Machine (ITAM IT audit software. Considered to… Read More
In a previous blog, we provided a primer on HIPAA compliance and discussed the importance of complying with this complex federal law, which is geared toward protecting patients’ private health information (PHI). While healthcare providers and healthcare industry vendors cannot afford to ignore HIPAA, a new threat has emerged and is poised to become much… Read More