The Homeland and Cyber Threat Act (HACT) was introduced in the U.S. House on March 12, 2021. This bill would allow U.S. citizens to sue foreign governments, agents and officials and to collect monetary damages for personal...more
5/20/2021
/ Citizen Suits ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Foreign Agents ,
Foreign Governments ,
Foreign Official ,
Foreign Sovereign Immunities Act of 1976 (FSIA) ,
Hackers ,
Legislative Agendas ,
Proposed Legislation
Disruptionware is an emerging type of cyberattack calculated not only to disrupt the availability, integrity and confidentiality of victims’ data, systems and networks, but also to interrupt or shut down the essential...more
Disruptionware attacks have become increasingly more common over the last few months. Just last month, I wrote about a dangerous disruptionware attack against a Florida Water Treatment Center that could have been a mass...more
5/13/2021
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Emergency Response ,
Executive Orders ,
Hackers ,
Information Technology ,
National Security ,
Oil & Gas ,
Pipelines ,
Popular ,
Ransomware ,
Supply Chain ,
Threat Management
On April 15, 2021, the New York Department of Financial Services (NYDFS) issued a report on the recent SolarWinds cyberattack. A copy of the report is available... NYDFS called the attack a “wake-up call” to regulated...more
I spent over 22 years in the FBI performing criminal cyber and forensics investigations. Many of these investigations led us to people who were innocent of the alleged crimes but who were guilty of unknowingly allowing...more
As the COVID era drags on, it is clear that work life “post-COVID” may be very different from life “pre-COVID.” This is especially true as it relates to IT security. More and more employees have shifted to a telecommuting...more
1/15/2021
/ Coronavirus/COVID-19 ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Employees ,
Employer Liability Issues ,
Multi-Factor Authentication ,
Network Security ,
Remote Working ,
Telecommuting ,
Virtual Private Networks
Earlier this week, Texas-based IT software vendor SolarWinds issued a critical security advisory, acknowledging that a “highly sophisticated” hacker had inserted a vulnerability in an updated version of SolarWinds’ Orion...more
It is estimated that by the end of 2020, there will be more than 50,000,000,000 (yes, billion) connected devices that are part of the Internet of Things (IoT). This is a five million percent increase in IoT devices over the...more
12/16/2020
/ Connected Items ,
Customers ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Security ,
End-Users ,
Hackers ,
Internet of Things ,
NIST ,
Personal Data ,
Popular ,
Risk Mitigation ,
Smart Devices ,
Software ,
Trump Administration
As COVID-19 vaccine approvals and eventual distribution kicks into high gear, there has been a corresponding – and not particularly surprising – increase in cyber threat activity targeting both vaccine producers and other...more
On October 28, 2020, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) issued a...more
10/30/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
FBI ,
Federal Agency Taskforce ,
Healthcare ,
Healthcare Facilities ,
Malware ,
Public Health ,
Ransomware
On October 1, 2020, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory to companies that pay a ransom in the wake of a cyberattack. Specifically, the advisory warned that...more
Business Email Compromise (BEC) scams have become increasingly commonplace and financially destructive. According to the Federal Bureau of Investigation (FBI), 2019 was the worst year on record for BEC scams — both in terms...more
Over the past few months, I have written about the threat first identified by the Institute for Critical Infrastructure Technology (ICIT) called disruptionware. We have previously described what disruptionware is, how it...more
The U.K. government recently launched a consultation process for regulating consumer Internet of Things (IOT) security. This could have significant implications for U.S. manufacturers, given that the U.K. will remain a key...more
In the first blog in this series, we defined “Disruptionware” and showed how it was growing as a threat to many types of industries throughout the country and the world. The threat was especially noticeable within the...more
As COVID-19 has prompted a massive shift by organizations to the implementation and use of remote working solutions for their employees, there has been an unfortunate, but not surprising, corresponding rise in malicious...more
The spread of COVID-19 has prompted an enormous shift by organizations to the use and implementation of remote working solutions for a wide range and number of employees. Unfortunately – but perhaps not surprisingly – this...more
As of September 2020, contractors with the Department of Defense (DoD) will be required to comply with the recently released Cybersecurity Maturity Model Certification (CMMC) requirements. The CMMC requirements are designed...more
We recently published a blog about a very new and emerging threat coined “disruptionware,” now faced by workforces in multiple industries – especially focused on workers employed in government and in the health care sector....more
Beware, health care providers — there’s a new form of cyberattack coming to an organization near you! Disruptionware is an “emerging category of malware designed to suspend operations within a victim organization by...more
Disruptionware is defined by the Institute for Critical Infrastructure Technology (ICIT) as a new and “emerging category of malware designed to suspend operations within a victim organization through the compromise of the...more
1/27/2020
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Security ,
FBI ,
Government Agencies ,
Health Care Providers ,
Hospitals ,
Incident Response Plans ,
Information Governance ,
Information Technology ,
Malware ,
Municipalities ,
Popular ,
Ransomware ,
Risk Management ,
Risk Mitigation ,
School Districts
October is National Cybersecurity Awareness Month (NCAM). NCAM serves as a timely reminder to continue to assess and improve organizational cybersecurity.
In honor of NCAM, here are five fundamental steps that every...more
10/25/2019
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Employee Training ,
Encryption ,
Hackers ,
Incident Response Plans ,
Personally Identifiable Information ,
Risk Mitigation
A recent report by researchers at the Helmholz Center for Information Security (CISPA), Singapore University of Technology and Design, and the University of Oxford has revealed that Bluetooth technology is vulnerable to a new...more
9/10/2019
/ Bluetooth ,
Cell Phones ,
Connected Items ,
Cyber Crimes ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Theft ,
Hackers ,
Mobile Privacy ,
Popular ,
Smartphones ,
Technology Sector