Patching vulnerabilities has always been challenging, but these days, it is getting more and more complicated as manufacturers try to stay abreast of zero-day vulnerabilities and issue patches as quickly as they can....more
CYBERSECURITY -
U.S. Chamber of Commerce and FICO Release Security Guidelines
on Telework During COVID-19 -
It is no secret that companies are experiencing an increase in security incidents following the transition...more
10/9/2020
/ California Consumer Privacy Act (CCPA) ,
Chamber of Commerce ,
Construction Project ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Privacy ,
Drones ,
FBI ,
Governor Newsom ,
Hackers ,
OCR ,
Personal Data ,
Premera Blue Cross ,
Ransomware ,
Risk Management ,
Telecommuting ,
Wifi
It is no secret that companies are experiencing an increase in security incidents following the transition from work in the office to work from home during the pandemic. There are a number of causes, including the difficulty...more
On October 6, 2020, the Federal Bureau of Investigations (FBI) issued a warning to consumers about using WiFi when teleworking from a hotel.
The FBI acknowledges that many workers are having difficulty working from home...more
10/9/2020
/ Coronavirus/COVID-19 ,
Cybersecurity ,
Data Protection ,
FBI ,
Hotels ,
Infectious Diseases ,
Remote Working ,
Risk Management ,
Telecommuting ,
Virtual Private Networks ,
Wifi
On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory “to highlight the sanctions risks associated with ransomware payments related to malicious cyber-enabled...more
10/5/2020
/ Cryptocurrency ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Digital Wallets ,
Economic Sanctions ,
Financial Institutions ,
Foreign Policy ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Risk Management ,
Risk-Based Approaches ,
Sanction Violations
In the wake of the increase in ransomware attacks, including data exfiltration prior to or during a ransomware attack, I think it is worth the time and resources to focus on data recovery and business continuity....more
Auditors have to continue doing their job of auditing, but with the pandemic, audits now are rarely on-site. Many auditing firms are using remote technology to conduct audits, and companies are either forwarding files...more
Security researchers are warning companies to be aware of a new resurgence of the Emotet botnet that has been reactivated after a hiatus of five months.
According to the researchers, the Emotet malware steals information,...more
Live adult streaming website CAM4 has reportedly not secured 7TB of users’ information, which may be able to be used for blackmail and identity theft purposes, according to researchers from Safety Detectives....more
5/8/2020
/ Adult Entertainment ,
Blackmail ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Hackers ,
Identity Theft ,
Internet Streaming ,
Online Platforms ,
Risk Management ,
Vulnerability Assessments
Google has warned users in a blog article that nation state-backed hackers are using the COVID-19 crisis to ramp up phishing attempts and, in one example, are posing as American fast food franchises and sending malicious...more
The transition from work-from-the-office to work-from-home has been rapid during the pandemic. All of a sudden, millions of workers are working from home, while data security personnel were not able to plan and operationalize...more
The scammers know that most of us are working from home and are trying to use this to their advantage. The robocalls have increased, and telemarketers are calling more frequently, but with a new twist—preying on fears of...more
In response to the coronavirus crisis, many companies have mandated that employees work from home in order to assist in slowing the spread of the virus....more
On March 5, 2020, Vermont Governor Phil Scott signed into law Senate Bill 110, “An act relating to data privacy and consumer protection,” which provides authority to develop a statewide data privacy inventory of the...more
3/13/2020
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Databases ,
Information Governance ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Risk Management ,
State and Local Government
The conference I was supposed to speak at next week was just cancelled, as many are and will be, due to coronavirus concerns. The topic was “Insider Threats and How to Mitigate Them.”...more
3/13/2020
/ Best Practices ,
China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Data Management ,
Data Protection ,
Emergency Management Plans ,
Health and Safety ,
Infectious Diseases ,
Policies and Procedures ,
Public Health ,
Risk Management ,
Risk Mitigation ,
Telecommuting ,
Threat Management ,
Workplace Safety
Scammers always go back to the good old scams, even when they are making bundles on new scams. Although our lives have been consumed of late with an onslaught of ransomware attacks, this past week, we have seen an uptick in...more
The Department of Homeland Security (DHS) announced this week that a ransomware attack shut down a natural gas compressor facility for two days. While in the network, the attacker deployed software trying to “identify...more
2/20/2020
/ Cyber Attacks ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Incident Response Plans ,
Infrastructure ,
Natural Gas ,
Phishing Scams ,
Power Infrastructure ,
Ransomware ,
Risk Management ,
Risk Mitigation
Confirming what we are seeing in the field, cybersecurity firm Cybersecurity Ventures has predicted that, globally, businesses in 2021 will fall victim to a ransomware attack every 11 seconds, down from every 14 seconds in...more
2/18/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Email ,
Hackers ,
Information Technology ,
Personally Identifiable Information ,
Phishing Scams ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
The Ponemon Institute recently issued its 2020 Cost of insider Threats Global Report, which finds that the frequency and cost of insider threats is continued to increase. Sponsored by ObserveIT and IBM, the 2020 report is the...more
2/11/2020
/ Confidential Information ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Employee Misconduct ,
Information Sharing ,
Internal Controls ,
Negligence ,
Popular ,
Risk Management ,
Threat Management ,
Vulnerability Assessments
Researchers at Sentinel One and Dragos have detected malicious code, called EKANS or Snake, that has been designed specifically to target industrial control systems (ICS), including those of oil refineries, manufacturing...more
2/10/2020
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Information Technology ,
Malware ,
Manufacturing Facilities ,
Oil & Gas ,
Pipelines ,
Power Grid ,
Ransomware ,
Refineries ,
Risk Assessment ,
Risk Management ,
Vulnerability Assessments
A new report published by Coveware concludes that companies hit with ransomware attacks spend an average of 16 days recovering from the attack. Think about being offline and unable to do business for 16 business days. It is...more
1/31/2020
/ Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Drones ,
Hackers ,
Internet of Things ,
Ransomware ,
Request For Information ,
Risk Management ,
Super Bowl ,
Unmanned Aircraft Systems ,
USPS
I am on vacation this week in beautiful Jackson Hole. The skiing is epic, the restaurants amazing, 1921 silver dollars inlaid in the tops of two bars, elk and moose abound, and I’ve had a sighting of several coyotes, a...more
A new report published by Coveware concludes that companies hit with ransomware attacks spend an average of 16 days recovering from the attack. Think about being offline and unable to do business for 16 business days. It is...more
It’s getting difficult to keep up with the jargon of all of the new digital scams. The SaaSes in the beginning became regular business terms, such as Software-as-a-Service (SaaS), and Business Processes-as-aService (BPaaS)....more
1/24/2020
/ Artificial Intelligence ,
Cyber Crimes ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data-Sharing ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
Online Platforms ,
Personal Data ,
PHI ,
Risk Management ,
SaaS
The National Institute of Standards and Technology (NIST) released its first privacy framework tool (the “Privacy Framework”) on January 16, 2020. In the Executive Summary...more
1/23/2020
/ Consumer Privacy Rights ,
Cybersecurity ,
Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
Data Security ,
Framework Agreement ,
NIST ,
Personal Data ,
Popular ,
Risk Management