In the earliest days of what could be considered cybersecurity, the primary threats were malicious programs that would operate against the wishes of the machine and its operator. These programs, referred to as viruses, served as the progenitors of what we generally refer to in modern parlance as malicious software or “malware.” Because the long… Read More
PCI DSS compliance is verifying that your systems, those that handle personal and cardholder information, meet all the expectations of the 12 requirements of the standard. These requirements describe security and privacy controls to protect against modern threats and vulnerabilities and call for both attention to implementing controls and maintaining long-term best practices. The best… Read More
Blockchain, blockchain, blockchain. It seems like you can’t throw a rock without hitting someone discussing the potential for blockchain technology. And, for the most part, this is driven by consumer interest in technologies and the potential for innovation in the web 3.0 world we live in. While the consumer market is having a so-so engagement… Read More
Companies attempting to navigate the complex world of private and public cybersecurity might get confused about what they should focus on. The truth is that you can’t adopt them all… but you can focus on the regulations that directly impact how you do business. Here, we’ll discuss two of the most prevalent security frameworks–FedRAMP and… Read More
Any organization in the healthcare industry knows that cybersecurity is a critical component of doing business. So much so, in fact, that any enterprise handling protected health information (PHI) must implement and maintain strict cybersecurity and privacy controls to protect patient data from unauthorized disclosure. However, understanding that HIPAA is a requirement for operation doesn’t… Read More
We started our series on risk management a few weeks ago by introducing the concept of risk. One of the general stereotypes about risk is that it lacks some discreteness of security compliance–it doesn’t lend itself to checklists or paint-by-numbers approaches. This is, overall, a good thing, but can prove challenging for enterprises not ready… Read More
The Healthcare Insurance Portability and Accountability Act (HIPAA) is one of the more complex regulations in the U.S., due in no small part to the complicated and open-ended nature of the law. What should companies do? In this case, covered organizations are turning to risk-based assessments to help them support their security approaches. Here, we… Read More
Discussions about security and compliance disproportionately focus on businesses and enterprises, precisely because these organizations serve as central repositories for critical industrial or consumer information. Accordingly, regulations and best practices are often tied to securing this infrastructure, with consumers getting little to no attention. However, the reality of modern cybersecurity threats is that almost all… Read More
FISMA is one of the foundational cybersecurity documents in the U.S. government. Its passage in 2002 and subsequent update in 2014 have defined the security landscape for federal IT systems and associated contractors. However, a one-two punch from Congress and the President has changed things again. With recent cyber threats causing major damage to public… Read More
Words like cybersecurity and compliance are often interchangeable without much care taken with how they differ. But make no mistake: while they are related practices, both are different approaches to a common problem of cybersecurity threats. Here we break down the differences and, more importantly, why these differences are important for when you have to… Read More
Dark data doesn’t just cost organizations money; it also damages their cybersecurity and compliance postures Server rooms filled with digital files may look neater than the paper file rooms of old, but they’re not necessarily more organized, and “dark data” lurks around every corner. Sixty percent of respondents to a survey by big data software… Read More
A new Ponemon report on SMB cyber security reveals the top challenges and threats facing global small and medium-sized businesses If you think your company is too small to be hacked, think again. According to a new report on SMB cyber security by the Ponemon Institute and Keeper Security, 66% of small and medium-sized businesses… Read More
Seal up your cloud containers with these Kubernetes security best practices. Lightweight cloud containers are fast replacing resource-sucking virtual machines, and Kubernetes is fast becoming the de facto standard for container orchestration. Kubernetes adoption doubled in 2018. Unfortunately, as with any popular technology, it was only a matter of time before hackers discovered a way… Read More
Hybrid cloud security survey shows that most organizations are implementing hybrid clouds far faster than their security teams can manage them. For many organizations, particularly those in highly regulated industries such as healthcare, hybrid cloud environments offer the best of both worlds. Companies get to enjoy the easy scalability and other benefits of AWS, Microsoft… Read More
Malicious browser extensions can steal credentials, cryptocurrency, and more From blocking ads and coin miners to saving news stories for later reading, browser extensions allow users to customize their web browsers for convenience, efficiency, and even privacy and security – usually for free. However, browser extensions need a wealth of access permissions to operate, including… Read More
The top cyber security threats your organization may encounter in 2019 The cyber threat environment is becoming more dangerous every day. A recent survey by the World Economic Forum revealed that cyber-attacks were the number-one concern of executives in Europe and other advanced economies. As we approach the winter holidays and the end of the… Read More
As the popularity of medical IoT devices grows, so do security vulnerabilities. There are more connected devices than there are humans on Earth. Organizations have been as quick to embrace the Internet of Things as consumers have, and the healthcare industry is no exception. Medical IoT devices have exploded in popularity and grown in complexity.… Read More
The Under Armour breach provides lessons in the do’s and don’ts of enterprise cyber security and compliance with the EU GDPR Last week, athletic apparel manufacturer Under Armour announced that its popular MyFitnessPal weight loss and fitness tracking app had been hacked, compromising 150 million accounts. The Under Armour breach is the largest data breach… Read More
Two new reports illustrate the threat of employee carelessness and maliciousness to healthcare data security Healthcare data security is under attack from the inside. While insider threats – due to employee error, carelessness, or malicious intent – are a problem in every industry, they are a particular pox on healthcare data security. Two recent reports… Read More
Cyber Security Tips for 2018 and Beyond Now that the year is coming to an end, all eyes are on what’s possibly around the corner. More attacks on cryptocurrencies? An escalation in attacks by state-sponsored cyber criminals? Chaos as the EU’s GDPR is implemented? In cyber security, only one thing is certain: It’s a continuous… Read More
Hacks in the City: Latest in String of HBO Hacks Targets Company’s Social Media Accounts HBO has had a rough summer, and things are getting progressively worse for the cable titan. The HBO hacks began in late June, when an individual hacker or group calling themselves “Mr. Smith” dumped several episodes of upcoming HBO series… Read More
Back to School: Education Cyber Security K-12 school systems, colleges, and universities are being increasingly targeted by hackers, yet education cyber security is as woefully lacking as other industries, as these recent incidents illustrate: In November 2016, Columbia County School District in Georgia admitted to a breach of personal information belonging to its employees and… Read More
POS Data Security? The next time you buy a burger at McDonald’s or Wendy’s, a computer may be the one asking, “Would you like fries with that?” After decades of depending on human workers to take orders – and payments – American fast food chains are finally moving into the computer age, driven by rising… Read More
Up until now, healthcare cyber security has been focused on protecting patient data, ensuring HIPAA compliance, and, more recently, protecting systems from ransomware attacks. However, as healthcare technology advances, a new threat is emerging: the potential for hackers to attack smart medical devices such as insulin pumps and pacemakers. If IoT security is not taken… Read More