Uber Breach a Case Study in Awful Cyber and Business Ethics The Uber breach, which compromised the data of 57 million drivers and customers worldwide, has just gone from bad to worse. Not only did the company wait for a year to disclose the hack, it scrambled to cover it up by forking over $100,000… Read More
Data Governance Is at the Core of GDPR Compliance Organizations have until May 25, 2018, to comply with the EU’s new General Data Protection Regulation (GDPR). Arguably the most comprehensive, far-reaching data privacy law passed to date, the GDPR grants European consumers numerous new data privacy rights and places new data governance responsibilities on organizations.… Read More
Forever 21 Breach Disclosed on the Cusp of the Holiday Shopping Season Clothing retailer Forever 21 suffered a POS system breach in an undisclosed number of stores from March to October 2017, the company announced last week. The Forever 21 breach was discovered by a third party and involved hackers taking advantage of POS systems… Read More
Social Media Security Matters; Just Look at the Trump Twitter Account Debacle The recent Trump Twitter account incident – where the president’s Twitter feed was deactivated for 11 minutes – was fodder for many late-night television jokes. All kidding aside, though, enterprise social media security is serious business. A social media presence is an integral… Read More
FedRAMP Certification Can Help Grow Your Cloud Service Business The Federal Risk and Authorization Management Program (FedRAMP) was designed to support the federal government’s “cloud-first” initiative by making it easier for federal agencies to contract with cloud providers. Like FISMA, DFARS, CJIS, and HIPAA, FedRAMP’s security controls are based on NIST 800-53. If your cloud… Read More
Don’t want your company to be the next Yahoo, Equifax, Deloitte, or SEC? Don’t ignore cyber risk management. October is National Cyber Security Awareness Month in the U.S., which is quite fitting right now, being as barely a day is going by without yet another disclosure of a massive hack, and Americans are far more… Read More
The SEC, NFA hack has pitched the international finance world into turmoil as Wall Street’s top regulator admits to not having secured its own systems. Move over, Equifax; the SEC, NFA hack may have just stolen your thunder. Less than two weeks after Equifax disclosed that it had been breached, compromising the personal information of… Read More
The Equifax breach isn’t the largest data breach, but it is one of the most troubling because of its massive scope, the nature of the information stolen, and the absolutely awful way in which it has been handled. While Hurricane Irma dominated the national news late last week, a man-made disaster unfolded in the background… Read More
HBO Hack Targeted Valuable Intellectual Property and Company Secrets Corporate espionage and the theft of intellectual property and company secrets have gone cyber. The latest victim is cable network HBO and its flagship series Game of Thrones. The HBO hack, perpetrated by a hacker or group calling themselves “Mr. Smith,” may involve as much as… Read More
Department of Defense contractors and their subcontractors have until December 31 to obtain DFARS compliance Third-party data breaches are a serious problem, especially when highly sensitive data is involved – and our nation’s infrastructure, including our defense systems, are built and maintained by third-party government contractors. Recognizing this, the U.S. Department of Defense is requiring… Read More
Verizon, Trump Hotels, and the RNC are Among the Recent Victims of Third-Party Breaches Even if your own cyber security is up to snuff, your organization could be at risk of third-party breaches if your business partners are not as diligent as you are. Verizon just learned this lesson the hard way after one of… Read More
The NotPetya attacks weren’t as bad as WannaCry; they were worse, and we all need to start cooperating to prevent the next attack. It’s looking more and more like last week’s NotPetya malware attacks, which infected computers around the world but hit Ukraine particularly hard, were designed to cause widespread damage and disruption, not make… Read More
White-Hat Hackers Are Already Being Caught in the Cryptocurrency Regulation Net Cryptocurrencies have long been associated with cyber crime. The cryptocurrency Bitcoin was the de facto currency of the notorious online black market Silk Road, it remains the preferred payment method on the Dark Net, and the majority of ransomware attacks, including WannaCry, demand payment… Read More
The Healthcare Industry Cybersecurity Task Force’s report on healthcare cyber security echoes a similar study on medical device security issued by Synopsys and the Ponemon Institute. On the heels of a damning study by Synopsys and the Ponemon Institute, which provides a blow-by-blow accounting of the many problems with medical device security, a federal task… Read More
Four Important Lessons from the WannaCry Ransomware Attacks The recent WannaCry ransomware attacks put cyber security on the front page of every newspaper in the world. Now, everyone knows what ransomware is and how destructive it can be, but will anything change? Following are four critical lessons that both organizations and individuals should take away… Read More
Why Your Employees Keep Clicking on Phishing Emails, and How You Can Stop It The 2017 Verizon Data Breach Report is out, and it’s full of great news – if you’re a hacker. The study, which examined over 1,900 breaches and more than 42,000 attempts in 84 countries, showed that cyberespionage and ransomware are on… Read More
Hacked Companies Are Facing Data Breach Lawsuits Filed by Financial Institutions Data breaches aren’t cheap to clean up. Just ask Rosen Hotels, whose costs to clean up a 2016 breach could end up exceeding $2.4 million. Shockingly, that’s below the $4 million average cited by IBM. In addition to direct costs, such as fines, labor… Read More
“ClearEnergy” May Have Been Fake News, But Threats Against ICS / SCADA Security Are Quite Real Accusations of “fake news” rocked the cyber security industry last week after infosec provider CRITIFENCE implied that it had detected a brand-new “in the wild” ransomware variant called ClearEnergy that posed a clear and present danger to ICS and… Read More
Don’t depend on a cyber insurance policy to cover your losses after a ransomware attack. Hackers have discovered that there’s fast, easy money in holding enterprise systems hostage, especially in industries that process and store highly sensitive data, such as education and healthcare. The U.S. Department of Justice recently reported that ransomware attacks quadrupled between… Read More
New York State Cyber Security Law Heavy on GRC and Proactive Cyber Security The first phase of the New York state cyber security regulations, which apply to insurance companies, banks, and other financial institutions operating within the state, went into effect at the beginning of March. While the insurance and finance industries are already subject… Read More
Jackpotting! Are ATMs at the end of every rainbow? ATMs were designed to protect their cash vaults, not their computer components, which leaves them vulnerable to “jackpotting” cyber attacks. Earlier this month, the American Bankers Association announced changes to its Bank Capture incident tracking system, which logs data on ATM attacks, as well as robberies,… Read More
How RegTech Simplifies Governance, Risk, and Compliance Complying with standards such as HIPAA, PCI DSS, FISMA, and SSAE 16 SOC reporting is complex, costly, and time-consuming, especially for organizations that must comply with multiple standards. You may have heard the term “RegTech” mentioned as a solution. What is RegTech, and how can it help your… Read More
Education Cyber Security Vulnerabilities and What Schools Can Do About Them K-12 schools, colleges, and universities are attractive targets for hackers. Their networks contain an enormous amount of identifying information on staff members, students, and students’ families, including names, birth dates, addresses, Social Security numbers, and even health records. Additionally, educational institutions are frequently connected… Read More
Be Prepared for these New and Emerging Ransomware Threats Ransomware threats are everywhere, and the problem is going to get much worse before it gets any better. According to a recent survey, about half of all businesses have experienced a ransomware attack at least once in the last 12 months, and a staggering 85% had… Read More