We forecast cybersecurity threats and events not to predict the future, but to change it. Regulators and litigators all hold us accountable for knowing foreseeable threats so we can avoid them. But what is foreseeable?
Since 2017, the Verizon Database Investigations Report repeatedly shows that more than 80 percent of hacking related breaches each year are tied to passwords.
CLOUD ENVIRONMENT: The Capital One incident is one of the largest data breaches of all time, involving 100 million credit card applications and 140,000 Social Security numbers; the bank’s stock market price took an immediate hit as company executives and IT personnel began scrambling to implement the firm’s incident response plan.
By Todd HackeThe moment you realize you are experiencing a network-based breach, you may not know what to do. Minute one, hour one, day one, what should a technical team do to respond to a breach while it’s still in play? While having a full incident response plan, a trained response team, and well-placed log […]
HACKER INDICTMENTS – Cybersecurity audits mean nothing to hackers. And in fact, neither do short-sighted privacy regulations. Hackers have been showing us this for years. And not just because they find ways to exploit systems before you have a chance to lock them down. It’s more than that. Hackers find value in your systems and […]
Author: Glenn A. Stout, Ph.D, PMP Your organization just experienced a data security breach. All of the data that was entrusted to your organization to be kept safe is now “out there” on the Internet. Your organization doesn’t have an incident response plan (IRP). Who do you call? When should you call? What information needs to […]
Author: Chris Cronin, ISO 27001 Auditor The Third Circuit Court of Appeals announced on Monday, August 24, 2015 that the Federal Trade Commission is acting within its authority when it takes action against companies for poor data security practices. Take heed. You may be doing exactly what the FTC is complaining about.
PREPARING FOR YOUR DATA BREACH. Author: Chris Cronin, ISO 27001 Auditor Most InfoSec professionals don’t want to think about becoming the next victim of a major data breach to make the headlines. And yet when faced with another major data breach it is a time when Executive Management and security teams reflect on their own insecurities. […]
Why read another article on the Shellshock bug when there have been a number of well-written articles and blog posts on it? Because almost all of the articles and blogs are talking about the bug itself, how it can be exploited, and how much of the Internet is open to it. However, what you should […]