Yahoo is trying to pass the buck, but data breach responsibility starts at the top.
Who should be held responsible when a company’s systems get breached? Historically, the CIO, the CISO, or both have shouldered the lion’s share of data breach responsibility; well over half of security ... Views:29
“ClearEnergy” May Have Been Fake News, But Threats Against ICS / SCADA Security Are Quite Real
Accusations of “fake news” rocked the cyber security industry last week after infosec provider CRITIFENCE implied that it had detected a brand-new “in the wild” ransomware variant called ClearEnergy ... Views:40
How RegTech Simplifies Governance, Risk, and Compliance
Complying with standards such as HIPAA, PCI DSS, FISMA, and SSAE 16 SOC reporting is complex, costly, and time-consuming, especially for organizations that must comply with multiple standards. You may have heard the term “RegTech” ... Views:31
New PCI DSS Ecommerce Best Practices Replace Previous Guidelines Issued in 2013
Consumers love shopping online and are abandoning malls for mobile shopping apps in droves. However, online shopping environments offer multiple opportunities for hackers to steal payment card data. Even worse, as ... Views:36
K-12 schools, colleges, and universities are attractive targets for hackers. Their networks contain an enormous amount of identifying information on staff members, students, and students’ families, including names, birth dates, addresses, Social Security numbers, and even health records. ... Views:43
Be Prepared for these New and Emerging Ransomware Threats
Ransomware threats are everywhere, and the problem is going to get much worse before it gets any better. According to a recent survey, about half of all businesses have experienced a ransomware attack at least once in the last 12 ... Views:54
Online shopping is booming, but customers will shun ecommerce if they do not feel their data is secure.
Just as “Video Killed the Radio Star,” ecommerce is making shopping malls go the way of the horse and buggy. In 2016, consumers reported making 51% of their purchases online, up from 48% in ... Views:57
In a new report, UC Berkeley’s Center for Long-Term Cybersecurity offers suggestions to President Elect Trump.
Now that the election is over, the nation’s attention has turned to President Elect Donald Trump and what a Trump Administration will mean for cyber security. Notably, information ... Views:52
What will the state of cyber security look like under a Donald Trump administration?
The election is over, the votes have been counted, and thankfully, other than a few isolated reports of malfunctioning voting machines, Election Night was unremarkable from a cyber security perspective. Now, ... Views:39
The Mirai botnet DDoS attacks were the largest on record – and they were likely masterminded by teenagers.
In October, a massive DDoS attack on the Dyn DNS “Managed DNS” infrastructure brought down a number of major websites, including PayPal, Twitter, Amazon, Netflix, and Spotify. The attack ... Views:42
The Yahoo hack demonstrates that cyber security has become a fundamental part of M&A transactions.
Data breaches and a failure to comply with governmental and industry standards can impact a company in many ways, as Yahoo is finding out the hard way. The company’s recent disclosure of a ... Views:42
In a heated political climate, even the appearance of vote hacking could threaten our nation’s democracy.
The most contentious issue this election season may not be immigration or minimum wage laws but cyber security; specifically, the specter of vote hacking. Shortly after the discovery that ... Views:37
The NSA isn’t the only Washington organization being embarrassed by a data breach. The sorry state of cyber security in America has taken center stage in this year’s presidential election. In June, it was discovered that Russian cyber criminals had managed to hack the Democratic National ... Views:37
In the hit USA Network series Mr. Robot, a rogue group of hacktivists target major corporations and the government. In a recent episode, the group enlists the help of a malicious insider to hack the FBI. Sound far-fetched? Maybe not: Around the same time this episode aired, an anonymous group of ... Views:38
No organization wants to think that one of its own trusted employees is out to get the firm. However, a study by Intel found that 43% of data losses are the result of “internal actors” – and about half of these incidents were due to the intentional acts of malicious insiders, not accidents or ... Views:36
Cyber criminals don’t care who they hurt. This was made obvious during the rash of ransomware attacks on healthcare facilities this year, where hackers locked down electronic health records systems, putting patients at grave risk. There is great concern that the proliferation of Internet of ... Views:37
As 2016 comes to an end, we look back at six of the year’s worst data breaches and what went wrong.
It seems like not a day went by this year without reports of yet another major data breach, or two or three data breaches. From healthcare to fast food to adult entertainment, no industry was ... Views:69
Both brick-and-mortar and ecommerce retail stores make attractive targets for hackers, especially during the holidays.
Retail stores are favorite targets of cyber criminals, especially during the holiday shopping season, when brick-and-mortar and ecommerce stores are flooded with customers, ... Views:46
IoT manufacturers should take heed from the recent Mirai DDoS attacks.
Late last year, a widespread attack on Dyn DNS “Managed DNS” infrastructure wreaked havoc across the internet and brought down a number of major websites, including PayPal, Twitter, Amazon, Netflix, GitHub, and Reddit. ... Views:39
For Years, Yahoo Put Usability Ahead of Cyber Security
The massive Yahoo data breach, which compromised 500 million user accounts and put its acquisition by Verizon at risk, happened because the company repeatedly put product user experience ahead of security, the New York Times ... Views:46
If IoT cyber security concerns aren’t addressed, consumers will reject self-driving cars and other smart devices.
Shortly after rideshare company Uber launched a pilot test of self-driving cars in Pittsburgh, competitor Lyft made the bold prediction that most of its cars would be self-driving ... Views:22
How quickly self-driving cars roll out is dependent on the industry addressing some very serious cyber security issues with smart cars and IoT devices in general.
Self-driving cars are what everyone is talking about, but many people question whether the machine learning and artificial ... Views:43
Healthcare is one of the most regulated industries in the U.S. HIPAA, or the Health Insurance Portability and Accountability Act of 1996, requires healthcare organizations and their third-party service providers, such as labs and billing companies, to have data security measures in place protect ... Views:41
PCI DSS compliance is serious business for any organization that processes or accepts major payment cards, including SaaS providers that offer payment processing solutions to their customers. Retailers or payment processors who are found to be in violation of PCI DSS can be fined millions of ... Views:32
Baseball may be America’s favorite pastime, but from the Black Sox scandal to Pete Rose to the “Steroid Era,” cheating schemes have long tarnished the game. Sadly, it was only a matter of time before cheating went high-tech. Last summer, former St. Louis Cardinals executive Chris Correa was ... Views:46
Over several months last year, an international group of cyber bank robbers, possibly funded by the North Korean government, stole nearly $100 million, threw the integrity of a decades-old banking industry messaging system into question, and remained at large. Sound like the plot of the latest ... Views:43
The Hollywood portrayal of a hacker is a mysterious hooded figure sitting in a dark room, furiously tapping away at a keyboard in search of a back door into an organization’s system. However, the real enemy may be sitting in a brightly lit cubicle right outside the CEO’s office; insider threats ... Views:35
When contracting with a service provider, such as a data center, it is important for companies to ensure that their provider possesses the cyber security-related certifications and compliance standards that are applicable to the company’s industry. Data centers, as well as service providers who ... Views:38
The next time you buy a burger at McDonald’s or Wendy’s, a computer may be the one asking, “Would you like fries with that?” After decades of depending on human workers to take orders – and payments – American fast food chains are finally moving into the computer age, driven by rising minimum ... Views:46
Up until now, healthcare cyber security has been focused on protecting patient data, ensuring HIPAA compliance, and, more recently, protecting systems from ransomware attacks. However, as healthcare technology advances, a new threat is emerging: the potential for hackers to attack smart medical ... Views:70
In a previous blog, we discussed the recent epidemic of ransomware attacks on U.S. healthcare organizations and the importance of the industry taking this very serious cyber security threat – and information security in general – seriously. The good news is that although a ransomware attack can ... Views:38
While healthcare providers and healthcare industry vendors cannot afford to ignore HIPAA compliance, a new threat emerged in 2016 and has only gotten bigger in the past year: ransomware attacks on hospitals and healthcare providers that are not seeking to breach patient information but instead ... Views:43
Confused about PCI DSS compliance and what your business needs to do to comply with it? This article will explain PCI DSS and the importance of complying with this important information security standard.
What is PCI DSS?
PCI DSS stands for the Payment Card Industry (PCI) Data Security ... Views:62
Confused about HIPAA and whether your business must comply with it? This article will explain HIPAA and the importance of complying with this complex federal law.
What is HIPAA?
HIPAA is the Health Insurance Portability and Accountability Act of 1996, which was signed into law by President ... Views:65
Don’t let your business get caught on a spear phisher’s hook.
Like regular phishing, spear phishing involves sending legitimate-looking but fraudulent emails asking users to provide sensitive information and/or initiate wire transfers. However, while regular phishing emails are sent out en ... Views:53
ATMs were designed to protect their cash vaults, not their computer components, which leaves them vulnerable to “jackpotting” cyber attacks.
Earlier this month, the American Bankers Association announced changes to its Bank Capture incident tracking system, which logs data on ATM attacks, as ... Views:54
New York State Cyber Security Law Heavy on GRC and Proactive Cyber Security
The first phase of the New York state cyber security regulations, which apply to insurance companies, banks, and other financial institutions operating within the state, went into effect at the beginning of March. ... Views:106
Despite the escalating intensity and frequency of cyber attacks, fewer than 1/3 of U.S. businesses have purchased cyber insurance policies. A recent report by Deloitte provides insight into why organizations are deciding to go without cyber coverage, as well as why many insurers are hesitant to ... Views:58
The word “ransomware” has become synonymous with the healthcare industry, but government ransomware attacks are a growing threat.
Over the past year, the healthcare industry has been battered by an epidemic of ransomware attacks. The problem has become so ubiquitous that it is making their ... Views:56
Don’t depend on a cyber insurance policy to cover your losses after a ransomware attack.
Hackers have discovered that there’s fast, easy money in holding enterprise systems hostage, especially in industries that process and store highly sensitive data, such as education and healthcare. The ... Views:65
Internet-connected smart toys, a popular holiday gift item, have vulnerabilities that put both children and parents at risk of data breaches and identity theft.
Smart toys, which connect to the internet and offer children a personalized, interactive play experience, were a very popular gift ... Views:61
K-12 school systems, colleges, and universities are being increasingly targeted by hackers, yet education cyber security is as woefully lacking as other industries, as these recent incidents illustrate:
• In November 2016, Columbia County School District in Georgia admitted to a breach of ... Views:92
Doxware Leaks Your Private Data if You Don’t Pay the Ransom
Ransomware began grabbing headlines about a year ago, after Hollywood Presbyterian Medical Center paid hackers thousands of dollars in ransom after it got locked out of its systems. This large payday apparently encouraged hackers to ... Views:45