No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
Fintech Focus Podcast | Responding to a Cyber Attack – Key Considerations for GCs and CISOs
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
The Justice Insiders Podcast - Human Beings: Cybersecurity's Most Fragile Attack Surface
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Decoding Cyber Threats: Protecting Critical Infrastructure in a Digital World — Regulatory Oversight Podcast
No Password Required: Chief Adversarial Officer at Secure Yeti, a DEF CON Groups Global Ambassador, and a World-Class Awkward Hugger
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
Marketing Minute with NP Strategy (Video): How to Respond to a Cyber Security Breach
Life With GDPR – Lessons Learned from The Singtel Opus Data Breach
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
2023 DSIR Deeper Dive: State Privacy and Data Collection
Digital Planning Podcast Episode: When Cyber Attacks Hit Home
No Password Required: Threat Intelligence Analyst at Recorded Future, the Ransomware Sommelier, and a Guy With a Mildly Exciting Expense Account
Compliance & Disaster Preparedness
Taking the Pulse, A Health Care and Life Sciences Video Podcast | Episode 157: Sarah Glover, Maynard Nexsen Cybersecurity Attorney
Overview of Cybersecurity in Government Contracts
Episode 282 -- CISO and CCOs -- The Evolving Partnership
On April 8, the Office of the Comptroller of the Currency (OCC) officially notified Congress of a significant information security incident involving its email system. This notification, mandated by the Federal Information...more
In one type of “man-in-the-middle” (MITM or MTM) attack, a bad actor inserts himself between a user (individual or business) and a web application (such as a bank’s website) to capture sensitive or personal confidential...more
This week we learned that the email and social media marketing company Mailchimp suffered a data breach that allowed an intruder to view 319 Mailchimp accounts. According to multiple sources, audience data were accessed from...more
Where We Stand - This year kicks off against the backdrop of the security flaw found in Log4j, a system-logging code library widely used in applications and services across the Internet. In the aftermath of this crisis, a...more
If you are an organization that uses Microsoft Office 365 as your email platform, be on the lookout for a new tricky phishing attack recently used by cyber criminals. ...more
Recent compliance-related news coverage has identified an increase in anonymous hoax emails and online reports posted to companies through their internal reporting systems. Whether filed via email or through an online...more
We’ve all heard the sad story: A transaction is about to close. The buyer is preparing to wire funds to the seller. Unbeknownst to the buyer, a hacker has hijacked the parties’ email communications to replace the wiring...more
Media outlets recently reported that Barbara Corcoran, one of the judges on the popular ABC show "Shark Tank," was the victim of a "spear phishing" scam....more
Confirming what we are seeing in the field, cybersecurity firm Cybersecurity Ventures has predicted that, globally, businesses in 2021 will fall victim to a ransomware attack every 11 seconds, down from every 14 seconds in...more
The National Cyber Security Centre (NCSC), an organisation of the UK Government that provides cybersecurity advice and support for the public and private sector, published an article earlier this year relating to a recent...more
The Baltimore city government's email and other systems have been offline for more than three weeks as the result of a ransomware attack in early May. This is not the first local government to have been the victim of such...more
For several years now, we’ve been alerting employers about the dangers of phishing scams that attempt to obtain private and personal information from employers... Many of these scams rear their ugly head around tax season,...more
Many companies are migrating their email systems to Microsoft Office 365 (O365). The majority of security incidents that we have been involved in over the past six months involve a hacker successfully phishing an employee of...more
Toyota Industries North America (TINA) has discovered that a hacker was able to access its corporate email system, compromising the personal and protected health information of approximately 19,000 individuals, apparently...more
We previously warned readers about the Locky ransomware, which is potent and designed to use phishing emails to lure users to click on links and attachments, including pdfs. Now, researchers at Cylance have discovered...more
The FBI and Department of Homeland Security issued a joint statement on October 20 warning of an increased danger of a malicious “multi-stage intrusion campaign” to critical infrastructure industries, including the energy...more
In the last few weeks, we have seen yet another widespread ransomware attack that hit nearly one hundred companies around the world. It reminded me of a recent request from a client, made just after news broke of the...more
Last month, Southern Oregon University (SOU) announced that it was the victim of a $1.9 million phishing scheme. SOU received an email purportedly from their contractor, Anderson Construction, requesting the April payment for...more
Buffalo, New York Erie County Medical Center has announced that its IT system has been shut down since Sunday, April 11, 2017, due to an unnamed virus. The shut-down has affected the medical facility’s email system,...more
Last week, IBM published its X-Force Threat Intelligence Index (Index), which summarizes the state of leaked records and vulnerabilities to data in 2016. It is depressing, but informative....more
Yahoo’s troubles for failing to timely disclose security breaches provides rare insight into quantifying the financial and other costs to a company’s shareholders and leadership when a security breach occurs and is...more