Online shopping has become so popular that it has contributed to the fall of once giant businesses like Sears. But beneath the convenience of ordering goods at home is a mammoth cybersecurity problem that affects millions of users every year. You may think shopping on sites like Amazon and eBay is completely safe – but it’s not. Hackers can get your...

On September 20, 2018, the White House released a new cybersecurity strategy with several important changes in direction meant to give government agencies and law enforcement partners a greater ability to respond to cybercrime and nation-state attacks. The new U.S. cyber strategy makes one message clear: America will not sit back and watch when...

Another National Cyber Security Awareness Month is upon us, and although I have recently wished for its demise through better automated protections, there are some things that cannot be automated. One such area of manual interaction is all the social networks that we use. Unless you are a celebrity with a public relations team behind your every post...

In a recent article about U.S federal policy concerning IoT security, Justin Sherman identified several gaps in both cybersecurity and privacy policies. As Sherman has highlighted: The United States federal government, like the rest of the world, is increasingly using IoT devices to improve or enhance its existing processes or to develop new...

A recent report found that data breaches compromised a total of more than 4.5 billion records in the first half of 2018. In its report "2018: Data Privacy and New Regulations Take Center Stage," Gemalto wrote that its Breach Level Index (BLI) system tracked 4,553,172,708 breached data records during...

The first article in this series examined configuration hardening, essentially looking at ports, processes and services as the “doors, gates and windows” into a network where security configuration management (SCM) becomes the job of determining which of these gateways should be open, closed, or locked at any given time. Now it’s time to look at...

The debate over the degree of regulation of broadband Internet providers in the U.S. has been going on almost as long as broadband Internet service has been available. In 2004, the U.S. Federal Trade Commission (FTC) first described a set of non-discrimination principles to ensure that users had access to content on an equal basis. In 2008, the FCC...

Inspired by Europe’s General Data Protection Regulation (GDPR), the State of California has set a new precedent with the passage of the California Consumer Privacy Act (CCPA). The major data incidents last year have driven citizens into a frenzy about securing their data, and states have rushed to developing and passing policies and legislation....

The healthcare industry continues to be challenged with securing patient health information. According to the Verizon Protected Health Information Data Breach Report (PHIDBR), 58 percent of all security incidents involved insiders, ransomware accounts for 70 percent of all malicious code, and alarmingly, basic security hygiene is still lacking at...

I am extremely pleased today to announce Claroty’s integration into Tripwire's ICS security capabilities. The integration of our respective technologies, based on a shared vision of how the security landscape is evolving, addresses a fast-growing need within industrial enterprises for top-floor to shop-floor visibility across both business and...

DevOps is redefining the way organizations handle software development. But it’s also challenging security professionals in their efforts to manage digital risk. With that said, there are security teams need to be strategic about how they approach DevOps security. Here are some expert recommendations on what to do and what to avoid when implementing...

New updates and additions to compliance requirements are as regular as the rising and setting of the sun. Recently, The National Institute of Standards and Technology (NIST) released a companion publication to NIST 800-171 that provides guidance on how organizations can assess the CUI requirements in NIST 800-171, known as SP 800-171A. The purpose...

It is a common trend now to see most of the organizations opting for the cloud. Growing business demands, competition and the growth of Software-as-a-Service (SaaS) have helped propel this trend. While everything looks smart in the cloud, what about security? Does that look smart, too? Now that organizations use different kinds of cloud environments...

The Information Commissioner's Office (ICO) of the United Kingdom announced it will fine Equifax £500,000 for a data breach that occurred in 2017. In a monetary penalty notice filed on 19 September, the ICO revealed its decision to impose the maximum fine specified in section 55A of the Data...

Over the past several months, increased attention has been paid to U.S. federal government policies surrounding internal use of IoT devices. In January 2018, researchers discovered they could track the movements of fitness tracker-wearing military personnel over the Internet. In July, a similar revelation occurred with fitness app Polar, which was...

Governments, businesses and societies as a whole benefit enormously from Artificial Intelligence (AI). AI assists organisations in reducing operational costs, boosting user experience, elevating efficiency and cultivating revenue. But it also creates a number of security challenges for personal data and forms many ethical dilemmas for organisations....

Vulnerability management (VM) programs are the meat and potatoes of every comprehensive information security program. They are not optional anymore. In fact, many information security compliance, audit and risk management frameworks require organizations to maintain a vulnerability management program. If you don’t have vulnerability management tools,...

Bolting on security after the fact. It’s been a common approach to software security for decades. We architect, build code, deploy it and then figure out how to secure it. From the parade of application-related breaches and data thefts over the last few years, we pretty much know this approach does not work. Fortunately, the evolution of continuous...

Have you ever wondered how much your patient health record could garner on the black market? Whereas a cybercriminal only needs to shell out a mere dollar for your social security number, your electronic health record (EHR) is likely to sell for something closer to the tune of $50. This is according to research firm Cybersecurity Ventures, who also...