Artificial Intelligence in Cybersecurity Artificial Intelligence (AI) can be used in the Cybersecurity Industry in many ways, which are still yet to be tapped into. Just as much as other technologies are constantly and dynamically changing, so too is this field. It has just started to make its debut for security applications, and there is… Read More
Cybervisors to the rescue! For many businesses today, the severe lack of a skilled Cybersecurity workforce is becoming clearly evident on a daily basis. Just consider some of these statistics: 45% of organizations report that they do not have an adequate IT security staff in order to ensure 24 × 7 × 365 monitoring; 54%… Read More
The sobering statistics of SMB cybersecurity. In 2020, the Cyber attacker is not going to be going after the quantity of hacks, but rather, for the “quality” of attacks. In other words, they simply won’t launch a specific threat vector en masse, but instead, they will pick a very select number of victims. From there,… Read More
Dark data doesn’t just cost organizations money; it also damages their cybersecurity and compliance postures Server rooms filled with digital files may look neater than the paper file rooms of old, but they’re not necessarily more organized, and “dark data” lurks around every corner. Sixty percent of respondents to a survey by big data software… Read More
A new Ponemon report on SMB cyber security reveals the top challenges and threats facing global small and medium-sized businesses If you think your company is too small to be hacked, think again. According to a new report on SMB cyber security by the Ponemon Institute and Keeper Security, 66% of small and medium-sized businesses… Read More
If you think your company is too small to be hacked, think again. According to a new report on SMB cybersecurity by the Ponemon Institute and Keeper Security, 66% of small and medium-sized businesses (SMBs) around the world experienced a cyberattack in the past year. In the U.S., the situation is particularly dire, with 76%… Read More
The NIST Privacy Framework will complement the popular NIST CSF Data privacy and cyber security have a symbiotic and sometimes conflicting relationship. Without robust cyber security, it is impossible to ensure data privacy, as evidenced by the Equifax hack. However, it’s fully possible for an organization to seriously violate users’ data privacy despite practicing robust… Read More
Server rooms filled with digital files may look neater than the paper file rooms of old, but they’re not necessarily more organized, and “dark data” lurks around every corner. Sixty percent of respondents to a survey by big data software vendor Splunk admitted that more than half of their organizations’ data is dark, and one-third… Read More
A robust cyber incident response plan will minimize both damages and recovery time and ensure business continuity. Proactive measures to defend against data breaches, malware, social engineering, and other cyberattacks are crucial to enterprise cybersecurity, but there’s no such thing as a completely impenetrable system. Despite your best efforts, your company could still be hacked;… Read More
From refrigerators and doorbells to insulin pumps and heart monitors, a growing number of devices are being connected to wireless networks. IoT devices offer a world of convenience and benefits, from a homeowner being able to monitor their property while at work to a doctor being able to monitor a patient’s response to a treatment… Read More
Insurers operating in multiple states must comply with a patchwork of state-level legislation patterned after the NAIC’s Insurance Data Security Model Law In 2017, the National Association of Insurance Commissioners (NAIC) developed the Insurance Data Security Model Law in response to a growing number of cyber incidents within the insurance industry. Similar to the NIST… Read More
The California Consumer Privacy Act represents a significant milestone for consumer data privacy in the U.S. Tired of the federal government dragging its feet on consumer data privacy legislation, states have started to take matters into their own hands. The biggest example is the California Consumer Privacy Act (CCPA), which takes effect on January 1,… Read More
The DoD unveiled its proposed Cybersecurity Maturity Model Certification (CMMC) to prevent supply chain attacks Cyberattacks on the U.S. government’s vast network of contractors and subcontractors pose a serious threat to national security, and the DoD is taking action. The agency tasked NIST with developing a set of guidelines addressing advanced persistent threats against contractors… Read More
IT Compliance and Cyber Security: Understanding the Differences IT compliance and cyber security are often used interchangeably, even within the cyber security and compliance fields. This is the basis for the completely incorrect and dangerous notion that achieving compliance automatically equals being secure. While there is some overlap, and the two fields complement each other,… Read More
NIST proposes a Secure Software Development Framework to address software supply chain attacks Applying software updates and patches as soon as possible is a cyber security best practice, but what if an update contains malicious code inserted by a hacker? Software supply chain attacks are a serious and growing problem for both private-sector organizations and… Read More
Understanding FedRAMP security impact levels and baselines You would never pay $1,000 upfront and $30/month for a security system to protect a shed containing $100 worth of lawn equipment. However, you wouldn’t hesitate to spend that much or more to protect your home and family. The same concept applies in information security. Different kinds of… Read More
Your guide to the SOC 2 Trust Services Criteria (formerly the Trust Services Principles) Outsourcing IT services to service organizations has become a normal part of doing business, even for small companies. However, there are risks to using service providers, and these continue to evolve and change. In this dynamic environment, the American Institute of… Read More
Advice for writing a successful FedRAMP SSP A FedRAMP SSP (System Security Plan) is the bedrock of a FedRAMP assessment and the primary document of the security package in which a cloud service provider (CSP) details their system architecture, data flows and authorization boundaries, and all security controls and their implementation. Keep in mind that… Read More
Is Docker Hub hack a harbinger of increasing cyber attacks on cloud containers? According to an official email sent to users, hackers gained access to Docker Hub, the official repository for Docker container images, “for a brief period.” However, during that “brief period,” approximately 190,000 user accounts were compromised, containing data such as usernames, hashed… Read More
Formjacking allows hackers to steal payment card data and other information submitted through online forms As individuals become more savvy about avoiding phishing emails, and enterprises get better at filtering them out before they ever reach employees’ inboxes, it’s become more difficult for hackers to infect enterprise systems with ransomware and cryptojacking malware. Companies are… Read More
Hackers Can Use DICOM Bug to Hide Malware in Medical Images DICOM bug enables hackers to insert fully functioning executable code into medical images A newly discovered design flaw in DICOM, a three-decade-old medical imaging standard, could be used to deliver malware inside what appears to be an innocuous image file, a researcher from Cylera… Read More
Hackers Can Use DICOM Bug to Hide Malware in Medical Images DICOM bug enables hackers to insert fully functioning executable code into medical images A newly discovered design flaw in DICOM, a three-decade-old medical imaging standard, could be used to deliver malware inside what appears to be an innocuous image file, a researcher from Cylera… Read More
Dragonblood flaws in WPA3 impact the very technology that was supposed to make it safer than WPA2. Last year, the Wi-Fi Alliance announced the launch of the WPA3 WiFi security standard, which was developed to eliminate a number of security problems with WPA2. One of the major defense measures in WPA3 is the Simultaneous Authentication… Read More
Last year, the Wi-Fi Alliance announced the launch of the WPA3 WiFi security standard, which was developed to eliminate a number of security problems with WPA2. One of the major defense measures in WPA3 is the Simultaneous Authentication of Equals (SAE) handshake, which replaced the Pre-Shared Key (PSK) used in WPA2. Also known as “Dragonfly,”… Read More