Image The payment industry is bracing for the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0, heralding significant changes in cybersecurity practices. As we approach the implementation of this revised standard, a critical focal point emerges: the role and new mandate of web application firewalls (WAFs) in...

Image Earlier this year, the SEC proposed a new set of rules on cybersecurity governance, which would require public companies to make appropriate disclosures of cyber risks and management procedures. Although the amendments target the financial sector, it is one more evidence of the fact that cybersecurity is no longer a backburner...

Image Frankly stated, operational resilience is your ability to climb the mountain, no matter the weather. Businesses now need more than a good security structure to weather the storms of AI-driven threats, APTs, cloud-based risks, and hyper-distributed environments. And more importantly, operational resilience in 2024 requires a...

Image Electrical utilities are responsible for just about everything we do. This presents a tremendous burden on those who operate those utilities. One way these organizations offer assurance is through the audit process. While audits can generate tremendous anxiety, good planning, and tools can help make the entire process go...

Image Organizations looking to protect their sensitive data and assets against cyberattacks may lack the ability to build a cybersecurity strategy without any structured help. The National Institute of Standards and Technology (NIST) has a free, public framework to help any organization mature its IT security posture. Recently, the...

Image It’s the small vines, not the large branches, that trip us up in the forest. Apparently, it’s no different in Healthcare. In November, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Mitigation Guide aimed at the Healthcare and Public Health (HPH) sector. In the midst of current hybrid cloud security...

Image While the EU AI Act is poised to introduce binding legal requirements, there's another noteworthy player making waves—the National Institute of Standards and Technology's (NIST) AI Risk Management Framework (AI RMF), published in January 2023. This framework promises to reshape the future of responsible AI uniquely and...

Image Tripwire recently held its annual Energy and NERC Compliance Working Group. This year's attendees included more than 200 Tripwire customer utility personnel representing over 80 different registered entities from all across the US and Canada. The company sizes ranged from public utility districts and city municipalities to...

Image In late September 2023, the US-based National Institute of Standards and Technology (NIST) published its Cybersecurity Framework Profile for Hybrid Satellite Networks, otherwise known as NIST IR 8441. This blog will explore the reasons behind NIST developing the framework, outline its intentions, and summarize its key points. ...

Image Boards of directors need to maintain an appropriate level of cyber expertise, incidents must be reported within 72 hours after determination, and all ransom payments made must be reported within a day. Those are just some of the changes made by The New York State Department of Financial Services to its Cybersecurity...

Image The heat has just been turned up for companies hoping to “hide out” a data breach. Announced October 27th, all non-banking financial institutions are now required to report data breach incidents within 30 days. The amendment to the Safeguards Rule was made by the U.S. Federal Trade Commission (FTC). It will go into effect 180...

Image A recent report from RPC has revealed that cybersecurity breaches in UK pension schemes increased by 4,000% from 2021/22 to 2022/23. Understandably, the announcement has raised serious concerns about the efficacy of financial service organization’s cybersecurity programmes. Although the reasons for cyberattacks on financial...

Image Plastic surgeries across the United States have been issued a warning that they are being targeted by cybercriminals in plots designed to steal sensitive data including patients' medical records and photographs that will be later used for extortion. The warning, which was issued by the FBI yesterday and is directed towards...

Image Footprinting, also known as fingerprinting, is a methodology used by penetration testers, cybersecurity professionals, and even threat actors to gather information about a target organization to identify potential vulnerabilities. Footprinting is the first step in penetration testing. It involves scanning open ports, mapping...

Image Compliance and security often go hand in hand as ideas that attempt to protect against cyber threats. While both compliance and security are designed to lower risk, they are not mutually inclusive—that is, not everything that is required for compliance will necessarily help with security, and not everything that bolsters...

Image While always a part of business, compliance demands have skyrocketed as the digital world gives us so many more ways to go awry. We all remember the Enron scandal that precipitated the Sarbanes-Oxley Act (SOX). Now, SOX compliance means being above board on a number of cybersecurity requirements as well. Fortra's Tripwire...

Image Electric grids are part of every nation’s critical infrastructure. Every societal activity and business depends on reliable and safe electricity distribution. The US electric grid is a huge network of powerlines, distribution hubs, and renewable and non-renewable energy generators that is increasingly exposed to cyber-physical...

Image On August 10th, the Pentagon introduced "Task Force Lima," a dedicated team working to bring Artificial Intelligence (AI) into the core of the U.S. defense system. The goal is to use AI to improve business operations, healthcare, military readiness, policy-making, and warfare. Earlier in August, the White House announced a...

Image The then-new 2014 NIST Cybersecurity Framework (CSF) was designed to plug security gaps in operational technology. It’s still in use today and more relevant than ever. Fortra’s whitepaper provides a cohesive review of this security staple and how to glean the best out of it for your strategy. A Brief History of NIST CSF “The...

Image Patience is one of those time-dependent, and often situational circumstances we experience. Few things define relativity better than patience.  Think of the impatience of people who have to wait ten minutes in a line at a gas station, yet the thought of waiting ten minutes for a perfectly brewed cup of coffee seems entirely...