Federal cyber security breach has left millions of American citizens as casualties. Lazarus Alliance responds with proactive cyber-crime prevention. Lazarus Alliance ups the ante with proactive cyber security weapons in the corporate arsenal to fight cybercrime, corporate fraud, espionage and criminal cyber-misconduct. The egregious revelations following this security breach is that the Office of Personnel… Read More
Do Cyber Security Breaches Determine Your Fate?
Over the past year we have seen corporate cyber security breaches decimating business value, killing companies and ending careers. Even at the highest levels within the largest corporations, no one is exempt from the damage a cyber security breach causes. Outside of traditional global war, never before have we experiences technological war quite like the… Read More
The Fallacy of Despair: Why your security breach is not inevitable!
There is a growing sentiment within the business community that a security breach affecting their company is inevitable. This is perpetuated by security professionals and providers or services and products who reinforce this mythos with statements resembling: “It’s not if your company is going to be breached but when your company is going to be… Read More
Dumb Luck: Why Security Breaches Are Like Playing Russian Roulette
“The future masters of technology must be light-hearted and intelligent. The machine easily masters the grim and the dumb.” Marshall McLuhan This quote has been a long standing personal favorite because it really illustrates on many levels the need to embrace the “Life Learner” concept; always pushing to enhance your own skill-set and capabilities. It… Read More
Expanding Security Breach Notification Requirements in California
A new amendment to California’s security breach notification law will raise the stakes for businesses required to give notice of a data security breach affecting California residents. California Senate Bill 24 (“SB 24”), signed by Governor Brown on August 31, 2011, imposes detailed new requirements for the content of security breach notices. Significantly, SB 24… Read More
Ultimate Security: Data Breach Prevention in 2023
According to a recent report by IT Governance, there were over 70 data breaches in June 2023 alone–accounting for compromising over 14 million data records. Once these records are out in the open, they are often sold on the dark web. Following that, it’s just a matter of time before hackers can use this data… Read More
Cyber Security Lesson Brief from the Under Armour Breach
The Under Armour breach provides lessons in the do’s and don’ts of enterprise cyber security and compliance with the EU GDPR Last week, athletic apparel manufacturer Under Armour announced that its popular MyFitnessPal weight loss and fitness tracking app had been hacked, compromising 150 million accounts. The Under Armour breach is the largest data breach… Read More
What the Biggest Data Breaches in Retail Have Taught Us about Cybersecurity
2014 Data Breaches by Industry With the holiday season upon us, much attention turns to the retail sector, which is expected to see unprecedented activity as shoppers in a strengthening economy take advantage of seasonal deals and yet-further-expanded shopping hours. However, overshadowing the energy of the holiday shopping season, the specter of data breaches past… Read More
CP-CSC, CMMC, and North American Cybersecurity
International collaboration between countries in cybersecurity isn’t unheard of, but it involves several miles of red tape and regulations. That’s why many countries seek parity in their security frameworks. One such parity that Canadian officials are seeking is between their own CP-CSC and the CMMC model for handling CUI.
The OCR HIPAA Report and Proper Breach Requirements
HIPAA is a core cybersecurity framework for patients and healthcare providers in the U.S. Unfortunately, a new report from the OCR shows an increase in significant events and a lack of resources to follow up on critical compliance issues. We’re covering some of this report and the underlying HIPAA requirements reflected in it.
What Is NIST 800-172 and Advanced Security Structures
The ongoing rise of state-sponsored Advanced Persistent Threats (APTs) has increased scrutiny of federal and state IT systems security systems. The latest version of CMMC includes a high-maturity level specifically designed to address these threats, which relies primarily on advanced security controls listed in NIST Special Publication 800-172.
Third-Party Vendor Security and PCI DSS
We’ve regularly written about maintaining security and compliance with third-party vendors. While vendors and managed service providers are a crucial part of digital economies, it’s up to the client businesses to ensure they work with vendors that meet their needs. Following previous discussions of third-party vendor security under standards like SOC 2 and HIPAA, we’re… Read More
What Are Security Control Assessor-Validator (SCA-V) Services?
Security Control Assessor-Validator (SCA-V) services are a core part of many compliance frameworks, and any agency proposing to offer these services will often provide a common set of expertise, certifications, and knowledge to support their customers. Here, we’re covering the basics of SCA services and what you should look for when signing on with a… Read More
What Is the European Cybersecurity Certification Scheme for Cloud Services (EUCS)
The European Cybersecurity Certification Scheme for Cloud Services (EUCS) is an initiative to establish a unified certification process for cloud services across the EU. Cloud services and associated managed services are critical to most government and business functions, and the EU follows the example of other jurisdictions in focusing explicitly on this area of cybersecurity… Read More
Endpoint Security and Modern Compliance
With all the focus on network security, SaaS compliance, and big data protection, it’s sometimes very easy to forget that the most vulnerable parts of any given system are often those tied to the user. These devices (endpoints) are where these users do most of their work and where a lack of security best practices… Read More
Understanding API Security
One of the fastest-growing security attack surfaces is the Application Programming Interface (API). These functions allow programmers to tap into distributed services like data retrieval or social media broadcasting, vastly expanding the interoperability of different software tools. Accordingly, because API access often requires connecting to or using sensitive data, this presents significant security risks. We’re… Read More
Security, Integrity, and SaaS Solutions
Software-as-a-Service (SaaS) is, for better or worse, the model of modern software distribution and use. There are many benefits to this arrangement, but there are also significant security issues. Unfortunately, these security issues are ever-evolving and target almost every managed service provider on the market. This article touches on some foundational realities, challenges, and considerations… Read More
Shadow IT and the Foundational Threat to Cybersecurity
Companies can only monitor some of the pieces of software that their employees use. It’s inevitable, then, that those employees will start to kludge together their solutions through personal software or freeware from the Internet. This is such a problem that Splunk recently rated shadow IT as one of the top 50 threats to cybersecurity… Read More
Non-Human Access Vulnerabilities and Modern Cybersecurity
The advent of non-human identities–encompassing service accounts, application IDs, machine identities, and more–has reshaped the cybersecurity landscape, introducing a new dimension of vulnerabilities and attack vectors. While helpful, these digital entities are an increasingly vulnerable spot where attackers focus resources. This article will cover this relatively new attack vector, how hackers leverage new technology to… Read More
Logging Requirements for Federal Agencies and the Importance of Logging for Cybersecurity
A new report shines a light on some unfortunate news in the world of federal cybersecurity. According to the U.S. Government Accountability Office (GAO), only three of 23 federal agencies have reached their expected logging requirements as dictated by Executive Order 14028. In this article, we’re talking about this executive order and what it calls… Read More
Promoting a Culture of Cybersecurity Awareness in Your Organization
The cybersecurity landscape isn’t getting any easier for any business, large or small. With high-profile cyber attacks making headlines, from ransomware attacks crippling global infrastructure to data breaches compromising millions of users’ personal information, the stakes for major corporations have never been higher. While offering unprecedented opportunities, the digital realm also presents a minefield of… Read More
Security Operations Centers, MSSPs, and Outsourced Security
The Security Operations Center (SOC) is central to this defense strategy – a dedicated hub for monitoring, detecting, and responding to security incidents. But as businesses grapple with establishing their in-house SOCs or outsourcing to specialized Managed Security Service Providers (MSSPs), many considerations come into play. In this article, we discuss the complexities of these… Read More
What Is Proactive Cybersecurity? Preparing for Threats Before They Strike
Modern cybersecurity is about more than just reacting to threats as they emerge. Adopting proactive cybersecurity measures is not just a strategic advantage; it’s an operational necessity that can spell the difference between business as usual and breaches that erode customer trust and shareholder value. Whether you’re a cybersecurity veteran or new to the domain,… Read More
How to Determine Cybersecurity Impact Level Using FIPS 199
The Federal Information Processing Standard (FIPS) 199 provides organizations and individuals with the necessary guidance to determine a cybersecurity threat’s impact level accurately. These impact levels define the level of security a system should have to protect the data contained therein adequately. This article will take you through an overview of FIPS 199 and how… Read More