CMMC certification is rolling out in RFPs in the defense and federal security compliance space. This framework promotes a uniform approach to security to protect important, unclassified data that passes through third-party vendors working with federal agencies. To ensure that companies meet their compliance requirements, CMMC leverages outside certified assessors to serve as a third-party… Read More
Thousands of companies, and an increasing number of government agencies, are relying on managed service providers for products like cloud storage, security administration, and productivity technologies. This has put tech experts in the profitable and challenging position of providing innovative products to support their clients.
Last year, the Wi-Fi Alliance announced the launch of the WPA3 WiFi security standard, which was developed to eliminate a number of security problems with WPA2. One of the major defense measures in WPA3 is the Simultaneous Authentication of Equals (SAE) handshake, which replaced the Pre-Shared Key (PSK) used in WPA2. Also known as “Dragonfly,”… Read More
Last year, the FBI reported that incidents of business email compromise (BEC), also known as spear phishing, CEO fraud, and invoice fraud, had been reported in all 50 states and 150 countries, with global losses exceeding $12 billion. BEC scams are continuing to explode in popularity among cyber criminals, with attacks increasing by 476% between… Read More
Anthem – yes, that Anthem – has been hacked again. About a month after the beleaguered health insurer agreed to fork over a record-setting $115 million to settle a class action lawsuit related to its massive 2015 breach, it was breached again, or rather, one of its third-party vendors was. The 2017 Anthem breach involved… Read More
Cryptocurrency mining malware may end up being a bigger problem than WannaCry Organizations that think they dodged a bullet when their older systems did not fall prey to the WannaCry ransomware may want to think again. Weeks prior to the WannaCry attacks, a group of hackers was taking advantage of the same Windows vulnerabilities that… Read More
Who should be held responsible when a company’s systems get breached? Historically, the CIO, the CISO, or both have shouldered the lion’s share of data breach responsibility; well over half of security decision-makers expect to lose their jobs if a hack happens at their organizations. However, breaches don’t happen in vacuums, and CIOs and CISOs… Read More
Over the past year, the healthcare industry has been battered by an epidemic of ransomware attacks. The problem has become so ubiquitous that it is making its way into works of fiction: A ransomware attack on a hospital in a major city is the focus of an upcoming episode of the NBC drama Chicago Med.… Read More
Cyber Insurance Coverage: a Brave, Uncertain New World for Insurers and Policyholders Despite the escalating intensity and frequency of cyber attacks, fewer than 1/3 of U.S. businesses have purchased cyber insurance policies. A recent report by Deloitte provides insight into why organizations are deciding to go without cyber coverage, as well as why many insurers… Read More
As compliance costs skyrocket, standards grow increasingly complex, and the cyber threat environment evolves, organizations are turning to RegTech solutions to automate their compliance processes and improve their overall cybersecurity posture. Compliance with regulatory and industry standards, such as HIPAA, PCI DSS, FedRAMP, and SSAE 16 SOC reporting, are a burdensome yet necessary part of… Read More
Consumers love shopping online and are abandoning malls for mobile shopping apps in droves. However, online shopping environments offer multiple opportunities for hackers to steal payment card data. Even worse, as more brick-and-mortar stores implement card chip technology to defeat skimmers and other forms of POS system fraud, thieves are gravitating toward card-not-present (CNP) ecommerce… Read More
In a heated political climate, even the appearance of vote hacking could threaten our nation’s democracy. The most contentious issue this election season may not be immigration or minimum wage laws but cybersecurity; specifically, the specter of vote hacking. Shortly after the discovery that the Democratic National Convention’s email server had been hacked came news… Read More
Human hacking, also known as social engineering, has surpassed hardware and software vulnerabilities and is now the top cybersecurity threat, Computer Weekly reports: [A]ttackers shifted away from automated exploits in 2015. Instead, attackers engaged people through email, social media and mobile apps to do the dirty work of infecting systems, stealing credentials and transferring funds.… Read More
Hackers Hold Hollywood Healthcare Hostage Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoin to hackers who seized control of the hospital’s computer systems holding them a healthcare hostage. The cyber assault on Hollywood Presbyterian occurred Feb. 5, 2016, when hackers using malware infected the institution’s computers, preventing hospital staff from being able to… Read More
The stunning reality is that the majority of retailers accepting credit cards are still vulnerable to the newest threat to accepting credit cards from consumers. Lazarus Alliance has been years ahead with proactive cybersecurity services. Researchers from the Cisco Security Solutions team have dubbed the latest malware to attack point-of-sales (POS) systems PoSeidon. Compromised POS… Read More