Blog
Discover How to Stay Secure and Compliant
What’s happening in the field of cyber security? How do you define 'reasonable' security controls? Which threats can be prevented? What steps should you take to make your systems safer? Read our blog posts to gain new insights into security awareness, the latest threats, penetration testing, compliance and so much more.
Keeping Track of PCI DSS v4.0
UPDATE: New Blog on PCI DSS 4.0
Get updates on the status on PCI DSS review of the 2019 RFC comments, when the final version of PCI DSS is planned to be completed, timing of the next RFC, and information about the RFC feedback they received. (more…)
HALOCK Pandemic Breaches Bulletin: Exfiltrating Remote User Accounts to inject Ransomware
| During the pandemic HALOCK and the information security community have been responding to a significant spike in cyber security incidents. (more…) |
CMMC 101: The Basics of Cybersecurity Maturity Model Certification
WHAT IS CMMC? CMMC which stands for ‘Cybersecurity Maturity Model Certification’ is the upcoming required standard for all contractors and suppliers that work with the Department of Defense (DoD). (more…)
M&A: The Cyber Risk of Business
The impact of the COVID-19 pandemic is profound – every business has been touched, forcing many to explore how their organizations adapt to the new economy. Some industries have bigger challenges due to the nature of their business – travel and lodging, restaurants, transportation, oil and gas and more due to social distancing ordinances. (more…)
May the Fourth Be with You
Happy Star Wars Day – May the fourth be with you. Celebrate by protecting your data, terminals, code, and technology from bad slicers (hackers). Get your security awareness reminders for your team, especially now when it seems you are galaxies away. (more…)
PCI DSS v4.0 Expected Mid-2021
UPDATE: New Blog on PCI DSS 4.0
Get updates on the status on PCI DSS review of the 2019 RFC comments, when the final version of PCI DSS is planned to be completed, timing of the next RFC, and information about the RFC feedback they received. The new blog covers timing of supporting documents, transition between PCI DSSv3.2.1 and v4.0, an explanation of “future-dated requirements,” development and transition timelines for the project and more.
The PCI SSC just announced that the final version of PCI DSS v4.0 won’t be published until 2021 and won’t be required for 2 years after the publication date.
(more…)
Cyber Insurance Carriers Are Insuring the Wrong Thing
By Chris Cronin
Cyber insurance is rapidly becoming a staple for cyber security risk management. Organizations are increasingly transferring cyber security risk to insurance carriers who will cover costs that result from a cybersecurity breach. (more…)
Payment Processing in a Remote Working Environment
Organizations are facing a lot of change with remote work set ups – in both physical location and operational shifts. Especially challenged are businesses that manage credit card information electronically and over the phone. These new working conditions unearth new risks for sensitive data. Social distancing can also bring about more social engineering attempts. According to the U.S. Secret Service, social engineering/phishing is a very common online attack right now.* (more…)
Taking Care with Telehealth: Health Care. Cyber Care. Duty of Care.
Social distancing and stay-at-home orders are designed to protect us from the spread of COVID-19, but what about patients that still require check-ups, post-hospitalization follow-ups, continued monitoring due to other conditions – Telehealth is a convenient solution. (more…)