Recently, the nonpartisan think tank New America published a report called “The Digital Deciders: How a group of often overlooked countries could hold the keys to the future of the global internet." The purpose of this report – authored by Robert Morgus, Jocelyn Woolbright and Justin Sherman – is to survey how nations around the world approach...

Authorities in the United States have charged two people in connection with a series of notorious ransomware attacks. According to the Department of Justice, 34-year-old Faramarz Shahi Savandi and 27-year-old Mohammad Mehdi Shah Mansouri were the masterminds behind attacks against more than 200 networks since 2015. Unlike normal ransomware attacks ...

Whoever said “crime doesn’t pay” hasn’t been following the growth of cybercrime across the globe. A thriving underground economy has evolved over the past decade to become a massive industry. Estimates in the Web of Profit research paper show cybercriminal revenues worldwide of at least $1.5 trillion – equal to the GDP of Russia. If cybercrime was a...

Regulations like the GDPR are changing both how we do business and how customers engage with their data. Healthcare is no exception to that rule. Even in light of strict frameworks like HIPAA, health organizations face a number of unique challenges where privacy laws are concerned. Here’s why – and how you can overcome them. The European Union’s...

Amazon’s new security issue, which came to light just days before one of its biggest sale events of the year, is making recent headlines. And whilst it probably won’t stop the online retail giant from achieving a profitable Black Friday and Cyber Monday this year, it certainly will make many users stop and think. Though it’s still early in the...

A German social media provider received an order to pay a €20,000 fine for a data breach that occurred in the summer of 2018. Knuddels.de (Source: Spiegel Online) On 22 November, the regional data protection watchdog LfDI Baden-Württemberg announced that it had imposed the fine on a local "social...

A data breach at Bankers Life might have compromised the personally identifiable information of over half a million people. On 25 October 2018, Fortune 1000 company CNO Financial Group, Inc. submitted a report to the Office for Civil Rights' Breach Portal at the U.S. Department of Health and Human Services. The report revealed an instance of...

HSBC Bank sent a letter to an undisclosed number of customers informing them of a data breach that might have exposed their personal information. The California Attorney General's Office recently received a template of a letter that HSBC Bank sent out to customers on 2 November. In the notice, the...

Thanks to a new notification service launched by the United States government in 2018, the President now has the power to issue alerts to every citizen with a working cell phone. The technology for this service, known as the Wireless Emergency Alerts (WEA) system, has been around for a number of years and has been implemented for events like Amber...

The Information Commissioner's Office (ICO) has issued a fine of £500,000 to Facebook for the the data scandal involving Cambridge Analytica. On 25 October, the ICO confirmed it had issued the fine after notifying Facebook of its intention back in July. The United Kingdom's independent authority...

Online shopping has become so popular that it has contributed to the fall of once giant businesses like Sears. But beneath the convenience of ordering goods at home is a mammoth cybersecurity problem that affects millions of users every year. You may think shopping on sites like Amazon and eBay is completely safe – but it’s not. Hackers can get your...

On September 20, 2018, the White House released a new cybersecurity strategy with several important changes in direction meant to give government agencies and law enforcement partners a greater ability to respond to cybercrime and nation-state attacks. The new U.S. cyber strategy makes one message clear: America will not sit back and watch when...

Another National Cyber Security Awareness Month is upon us, and although I have recently wished for its demise through better automated protections, there are some things that cannot be automated. One such area of manual interaction is all the social networks that we use. Unless you are a celebrity with a public relations team behind your every post...

In a recent article about U.S federal policy concerning IoT security, Justin Sherman identified several gaps in both cybersecurity and privacy policies. As Sherman has highlighted: The United States federal government, like the rest of the world, is increasingly using IoT devices to improve or enhance its existing processes or to develop new...

A recent report found that data breaches compromised a total of more than 4.5 billion records in the first half of 2018. In its report "2018: Data Privacy and New Regulations Take Center Stage," Gemalto wrote that its Breach Level Index (BLI) system tracked 4,553,172,708 breached data records during...

The first article in this series examined configuration hardening, essentially looking at ports, processes and services as the “doors, gates and windows” into a network where security configuration management (SCM) becomes the job of determining which of these gateways should be open, closed, or locked at any given time. Now it’s time to look at...

The debate over the degree of regulation of broadband Internet providers in the U.S. has been going on almost as long as broadband Internet service has been available. In 2004, the U.S. Federal Trade Commission (FTC) first described a set of non-discrimination principles to ensure that users had access to content on an equal basis. In 2008, the FCC...

Inspired by Europe’s General Data Protection Regulation (GDPR), the State of California has set a new precedent with the passage of the California Consumer Privacy Act (CCPA). The major data incidents last year have driven citizens into a frenzy about securing their data, and states have rushed to developing and passing policies and legislation....

The healthcare industry continues to be challenged with securing patient health information. According to the Verizon Protected Health Information Data Breach Report (PHIDBR), 58 percent of all security incidents involved insiders, ransomware accounts for 70 percent of all malicious code, and alarmingly, basic security hygiene is still lacking at...