Hybrid Cloud Security Lags Behind Implementation

Hybrid cloud security survey shows that most organizations are implementing hybrid clouds far faster than their security teams can manage them. For many organizations, particularly those in highly regulated industries such as healthcare, hybrid cloud environments offer the best of both worlds. Companies get to enjoy the easy scalability and other benefits of AWS, Microsoft… Read More

Cyber Attack Costs Can Cripple Small and Medium Sized Businesses

Think your company “can’t afford” cyber security? How much will a cyber attack cost? Cost is arguably the biggest impediment to robust, proactive cyber security at small and medium sized businesses (SMBs). SMBs are aware of the need to secure their systems and data, but when presented with a solution, the costs may give them… Read More

What Is Ransomware-as-a-Service? Understanding RaaS

Ransomware-as-a-service lowers the bar for entering the entering the cyber extortion game Ransomware isn’t a new threat. It first rose to prominence back in 2016, when Hollywood Presbyterian Medical Center shelled out $17,000 in bitcoin after an attack took the hospital offline. Since then, ransomware has only become more popular, especially for hackers targeting the… Read More

Browser Extensions Can Pose Significant Cyber Security Threats

Malicious browser extensions can steal credentials, cryptocurrency, and more From blocking ads and coin miners to saving news stories for later reading, browser extensions allow users to customize their web browsers for convenience, efficiency, and even privacy and security – usually for free. However, browser extensions need a wealth of access permissions to operate, including… Read More

Are You Protected Against the 5 Top Healthcare Cyber Threats?

The 5 top healthcare cyber threats, according to the U.S. Department of Health & Human Services’ new guide The financial impact of healthcare cyber attacks can be devastating, especially to small organizations. The HHS points out that the healthcare industry has the highest data breach cost of any industry, at an average of $408 per… Read More

Chinese Hackers Pose a Serious Threat to Military Contractors

Chinese hackers have successfully breached contractors for the U.S. Navy, according to WSJ report. The years-long Marriott Starwood database breach was almost certainly the work of nation-state hackers sponsored by China, likely as part of a larger campaign by Chinese hackers to breach health insurers and government security clearance files, The New York Times reports.… Read More

The Top Cyber Security Threats Facing Enterprises in 2019

The top cyber security threats your organization may encounter in 2019  The cyber threat environment is becoming more dangerous every day. A recent survey by the World Economic Forum revealed that cyber-attacks were the number-one concern of executives in Europe and other advanced economies. As we approach the winter holidays and the end of the… Read More

NIST Issues Guidance for Medical IoT Device Security

As the popularity of medical IoT devices grows, so do security vulnerabilities. There are more connected devices than there are humans on Earth. Organizations have been as quick to embrace the Internet of Things as consumers have, and the healthcare industry is no exception. Medical IoT devices have exploded in popularity and grown in complexity.… Read More

Penetration Tests vs. Vulnerability Scans: Understanding the Differences

Penetration tests and vulnerability scans are related but different cyber security services The difference between penetration tests and vulnerability scans is a common source of confusion. While both are important tools for cyber risk analysis and are mandated under PCI DSS, HIPAA, and other security standards and frameworks, they are quite different. Let’s examine the… Read More

Cyber Security Lesson Brief from the Under Armour Breach

The Under Armour breach provides lessons in the do’s and don’ts of enterprise cyber security and compliance with the EU GDPR Last week, athletic apparel manufacturer Under Armour announced that its popular MyFitnessPal weight loss and fitness tracking app had been hacked, compromising 150 million accounts. The Under Armour breach is the largest data breach… Read More

Tax Phishing Scams Are Back: Here Are 3 to Watch Out For

This Year’s Crop of Tax Phishing Scams Target Individuals, Employers, and Tax Preparers Tax season is stressful enough without having to worry about becoming the victim of a cyber crime. Here are three different tax phishing scams targeting employers, individuals, and even tax preparers that are currently making the rounds. Employers: W-2 Phishing Emails The… Read More

Employees Are Biggest Threat to Healthcare Data Security

Two new reports illustrate the threat of employee carelessness and maliciousness to healthcare data security Healthcare data security is under attack from the inside. While insider threats – due to employee error, carelessness, or malicious intent – are a problem in every industry, they are a particular pox on healthcare data security. Two recent reports… Read More

#MeToo Prompts Employers to Review their Anti-Harassment Policies

Comprehensive anti-harassment policies are even more important in light of #MeToo movement The #MeToo movement, which was birthed in the wake of sexual abuse allegations against Hollywood mogul Harvey Weinstein, has shined a spotlight on the epidemic of sexual harassment and discrimination in the U.S. According to a nationwide survey by Stop Street Harassment, a… Read More

States Worry About Election Hacking as Midterms Approach

Mueller indictments of Russian cyber criminals put election hacking at top of mind State officials expressed grave concerns about election hacking the day after Special Counsel Robert Mueller handed down indictments of 13 Russian nationals on charges of interfering with the 2016 presidential election. The Washington Post reports: At a conference of state secretaries of… Read More

Crypto-Mining Malware May Be a Bigger Threat than Ransomware

Crypto-Mining Malware is Crippling Enterprise Networks Cryptocurrencies such as Bitcoin and Ethereum have gone mainstream; it seems like everybody and their brother is looking to buy some crypto and get their piece of the digital currency gold rush. Hackers want a piece of it, too. In addition to hacking ICO’s and cryptocurrency exchanges, they’re using… Read More

Post Equifax, New Data Breach Notification Laws are Inevitable

New data breach notification regulations aren’t a matter of if, but when The U.S. Securities and Exchange Commission plans to update its six-year-old guidelines regarding data breach notification and cyber risk disclosure, Bank Info Security reports: The agency has indicated that it expects to refine guidance around how businesses disclose cybersecurity risks to investors as… Read More

5 Reasons Why Your Enterprise Should Put IRM Before GRC

Gartner Is Shifting Its Focus Toward IRM, and You Should, Too Over the summer, Gartner announced that it was moving its focus away from GRC and launching a new Magic Quadrant for integrated risk management, or IRM: IRM enables simplification, automation and integration of strategic, operational and IT risk management processes and data. IRM goes… Read More

FISMA, FedRAMP, and NIST: Federal Compliance Demystified

FISMA vs. FedRAMP and NIST: Making Sense of Government Compliance Standards FISMA, FedRAMP, NIST, DFARS, CJIS, HIPAA … Government compliance standards can seem like a veritable alphabet soup. Making matters even worse, a lot of them overlap, and many organizations aren’t certain which standards they need to comply with. Even if your organization does not… Read More

Will Cryptocurrency Regulation Attempts Do More Harm Than Good?

White-Hat Hackers Are Already Being Caught in the Cryptocurrency Regulation Net Cryptocurrencies have long been associated with cyber crime. The cryptocurrency Bitcoin was the de facto currency of the notorious online black market Silk Road, it remains the preferred payment method on the Dark Net, and the majority of ransomware attacks, including WannaCry, demand payment… Read More

It’s Time to Get Serious About Education Cyber Security

Back to School: Education Cyber Security K-12 school systems, colleges, and universities are being increasingly targeted by hackers, yet education cyber security is as woefully lacking as other industries, as these recent incidents illustrate: In November 2016, Columbia County School District in Georgia admitted to a breach of personal information belonging to its employees and… Read More

Is Cloud Computing Really Secure? A Pragmatic Approach

Is Cloud Computing Really Secure? A Pragmatic Approach Considering Cloud Computing? So, you are making plans to move into cloud computing and are considering your options offered by the plethora of providers out there but you have questions and concerns. Congratulations! The bottom line up front is yes, cloud computing can be very secure. You… Read More