UC Berkeley Offers Cyber Security Advice to Donald Trump

In a new report, UC Berkeley’s Center for Long-Term Cybersecurity offers suggestions to President Elect Trump Now that the election is over, the nation’s attention has turned to President Elect Donald Trump and what a Trump Administration will mean for cyber security. Notably, information security was the only tech-related topic Trump addressed directly on his… Read More

Mirai Botnet Attacks Likely Pulled Off By Teenagers

The recent Mirai botnet DDoS attacks were the largest on record – and they were likely masterminded by teenagers. In October, a massive DDoS attack on the Dyn DNS “Managed DNS” infrastructure brought down a number of major websites, including PayPal, Twitter, Amazon, Netflix, and Spotify. The attack was accomplished through the use of the… Read More

Cyber Security Due Diligence and the Yahoo Breach

Cyber Security Due Diligence Has Become a Fundamental Part of M&A Transactions Data breaches and a failure to comply with governmental and industry standards can impact a company in many ways, as Yahoo is finding out the hard way. The company’s recent disclosure of a massive data breach, which resulted in 500 million user accounts… Read More

Vote Hacking: Could Cyber Criminals “Rig” the Election?

Vote hacking is a legitimate concern, and election officials need to take it seriously. Right alongside immigration, healthcare, and the minimum wage, cyber security has emerged as a major – and contentious – issue in this year’s presidential election. First, the Democratic National Convention’s email server was hacked, and thousands of embarrassing emails were published… Read More

IoT Cyber Security Issues Could Stall Self-Driving Cars

How quickly self-driving cars roll out is dependent on the industry addressing some very serious IoT cyber security issues. Now that Uber has commenced a pilot test of driverless vehicles in Pittsburgh, and competitor Lyft has predicted that most of its cars will be driverless by 2021, self-driving cars are what everyone is talking about.… Read More

PCI DSS Compliance Alone Won’t Protect Your Customer Data

PCI DSS compliance is serious business for anyone who processes or accepts major payment cards. Retailers or payment processors who are found to be in violation of PCI DSS can be fined millions of dollars, and they may even be stripped of their ability to accept major credit cards. However, PCI DSS compliance standards are… Read More

Poor Cyber Security Led to Houston Astros Hack

Baseball may be America’s favorite pastime, but from the Black Sox scandal to Pete Rose to the “Steroid Era,” cheating schemes have long tarnished the game. Sadly, it was only a matter of time before cheating went high-tech. Former St. Louis Cardinals executive Chris Correa has been sentenced to 46 months in prison for violating… Read More

3 Cyber Security Lessons from the SWIFT Network Attacks

Over the past few months, an international group of cyber bank robbers, possibly funded by the North Korean government, have stolen nearly $100 million, thrown the integrity of a decades-old banking industry messaging system into question, and remain at large. Sound like the plot of the latest James Bond summer blockbuster? Unfortunately, these hacks, utilizing… Read More

Where’s the Data Security? Wendy’s Data Breach Bigger than Originally Thought

Wendy’s Data Breach: Forget the beef, where’s the data security? The Wendy’s data security breach, news of which first broke in January, is much worse than the fast-food company originally thought. Wendy’s first reported that the POS system breach impacted only about 5% — or approximately 300 – of its franchise-owned restaurants. However, after allegations… Read More

Continuum Clarifies What SSAE 16 Compliance Means

When contracting with a service provider, such as a data center, it is important for companies to ensure that their provider possesses the cyber security-related certifications and compliance standards that are applicable to the company’s industry. Data centers, as well as service providers who contract with data centers, sometimes claim to be “SSAE 16” certified.… Read More

IoT Security: Medical Devices Are the Next Target for Hackers

Up until now, healthcare cyber security has been focused on protecting patient data, ensuring HIPAA compliance, and, more recently, protecting systems from ransomware attacks. However, as healthcare technology advances, a new threat is emerging: the potential for hackers to attack smart medical devices such as insulin pumps and pacemakers. If IoT security is not taken… Read More

5 Tips for Healthcare Cyber Security

In a previous blog, we discussed the recent epidemic of ransomware attacks on U.S. healthcare organizations and the importance of the industry taking this very serious cybersecurity threat – and healthcare cybersecurity in general – seriously. The good news is that although a ransomware attack can bring a healthcare facility to its knees, ransomware attacks… Read More

The Citadel Breached – The Cyber Security Act of 2015

Continuum GRC unveils the next generation of cybercrime prevention for organizations with NIST and SEC, NFA compliance requirements in concert with the Cybersecurity Act of 2015. Continuum GRC released the next generation antidote to fight cyber crime, compliance failures, corporate fraud, and criminal cyber-misconduct with the IT Audit Machine (ITAM IT audit software. Considered to… Read More

Ransomware Attacks Show that Healthcare Must Take Cybersecurity Seriously

In a previous blog, we provided a primer on HIPAA compliance and discussed the importance of complying with this complex federal law, which is geared toward protecting patients’ private health information (PHI). While healthcare providers and healthcare industry vendors cannot afford to ignore HIPAA, a new threat has emerged and is poised to become much… Read More

Human Hacking, Not Automated Attacks, Top Cyber Threat

Human hacking, also known as social engineering, has surpassed hardware and software vulnerabilities and is now the top cybersecurity threat, Computer Weekly reports: [A]ttackers shifted away from automated exploits in 2015. Instead, attackers engaged people through email, social media and mobile apps to do the dirty work of infecting systems, stealing credentials and transferring funds.… Read More

Hooray for Hollywood! – Hackers Hold Healthcare Hostage

Hackers Hold Hollywood Healthcare Hostage Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoin to hackers who seized control of the hospital’s computer systems holding them a healthcare hostage. The cyber assault on Hollywood Presbyterian occurred Feb. 5, 2016, when hackers using malware infected the institution’s computers, preventing hospital staff from being able to… Read More

Cyber Forensics Protect the Innocent

Cyber Forensics Protect the Innocent It is always rewarding when cybersecurity and cyber forensics protect the innocent.  Monique Vivien Macias of KPNX 12 News Phoenix discusses with Lazarus Alliance and Continuum GRC’s CEO Michael Peters how cyber forensics has become such a vital resource in law enforcement’s toolkit. Christopher Thomas McKenna, the former Chaparral High School teacher… Read More

Security audit done the same old way?

Still doing security audit and compliance assessments the same old way? The definition of insanity is doing something over and over again and expecting a different result. Data breaches are occurring at an alarming and escalating rate despite the traditional assessment methodology and  tools. It’s time to shake up and wake up the cybersecurity industry… Read More

Why Excel is so Old-School and how to be Cool-School

We get it. We completely understand why you still use Excel as an assessment and audit tool. We suffered through it just the same but we believe that working smarter and not harder which is why we invented ITAM IT audit software. The IT Audit Machine (ITAM IT audit software) is the patent pending, industry… Read More