Chances are if you are reading this article, you have already moved some, or perhaps most, of your IT infrastructure to the cloud. While most organizations spend lots of time, energy and money developing strategies for integrating their important data and workflow to the cloud, they usually don’t worry about security and risk management strategies...

The world of IT is moving to the cloud. Market data varies but estimates of cloud usage show approximately 20-25% of overall computing workloads operate in public cloud environments today, with that number expected to grow to 50% over the next 5-10 years (Goldman-Sachs forecast). Organizations are starting to operate in a hybrid environment that...

A vendor of health information technology has restored access to electronic health records (EHR) after it suffered a ransomware attack. On 24 April, EHR and revenue cycle management solutions provider Greenway Health disclosed the ransomware incident to its customers. CEO Scott Zimmerman said there was no evidence that those responsible for the...

April 29, 2017, marked Donald Trump's 100th day in office as President of the United States. Since his inauguration on January 20, President Trump has fulfilled his campaign promises of nominating a conservative judge to the Supreme Court and withdrawing the United States from the Trans-Pacific Partnership. But he has yet to meet some of his other...

Earlier this year, I had the opportunity to present at S4x17 in Miami on the topic of deep packet inspection (DPI) technologies and the ways in which you could evaluate products that tout DPI features. At first glance, I thought, "Sure, no problem. How hard could it be?" It turns out that this is a difficult problem for a few reasons. The...

When the 2017 Verizon Data Breach Investigations Report (DBIR) came out last week, I read through it like I do every year. Each time I go through the report, I challenge myself to find something new and interesting. This year, I was intrigued by the "Things to consider" and "Areas of focus" at the end of each section. These two blurbs gave tips on...

Bug bounties, security acknowledgements and reward programs all have strong ties to IT security today. But that wasn't always the case. In the past, public penetration testers and security researchers mostly looked out for their personal benefit without recognizing their own responsibility to the security community. The reason? In a lot of cases,...

Sometimes you find inspiration in unlikely places. Never did I think, for example, that I would be able to connect my day job as a writer in the security awareness field with a burgeoning hobby of mine: birdwatching. But the more I “bird,” the more what I learn about birdwatching—both in the field and from birdwatching blogs—begins to filter into my...

Victims of identity theft don't always need to file a police report, explains the Federal Trade Commission (FTC) in an alert. In an effort to help simplify the recovery process for identity theft victims, the FTC has created a government portal at IdentityTheft.gov. Victims just need to register with this page and answer some questions. ...

10 years and counting! Such is the milestone of Verizon's 2017 Data Breach Investigations Report (DBIR). Like in years past, the 10th version of Verizon's research initiative highlights new patterns, evolving trends, and interesting findings in the information security field. It does so by synthesizing reports that Verizon received of discovered...

On average, each person has 27 online logins and passwords. They protect our bank accounts, our social media, our phones, and more. Passwords are the keys that unlock our digital lives. But what makes them so secure, and how can you make sure your passwords are doing a good job of protecting your information and your identity? Creating a Secure...

A battle between two rival families of malware is being blamed for the downtime that a Californian ISP suffered earlier this month. As BleepingComputer reports, customers of Sierra Tel unexpectedly found themselves without telephone and internet connectivity on April 10. In a statement issued by the ISP the following day, the blame was put firmly on...

Whenever you talk about WordPress security, every gig hands you a list of security plugins. My point of view and approach are different. I am not saying that using security plugins will not provide you efficient security. All I am saying is that only using security plugins will not completely secure your website. You have to take actions out of the...

Women currently represent only 11 percent of the cyber security workforce worldwide. This statistic is cause for alarm because it’s a key factor in the massive talent shortage that is impacting this crucially important field. It is estimated that, as of now, there are 1 million unfilled cyber security jobs—and that number is growing fast. This...

Tickets went fast for BSides Charm 2017. In just over two hours, this three-year-old event sold out and looks like it will welcome about 1,000 students, hackers and Information Security professionals to Baltimore’s famous Inner Harbor this weekend. Not bad for a con that drew just under 300 attendees in 2015. Perhaps it’s no surprise that BSides...

The upcoming GDPR compliance deadline of May 2018 affects any organization across the world that collects, processes, or stores data on citizens of the European Union. The intent behind the GDPR is to better protect the privacy of EU citizens, and the mechanism to do so is through harmonizing the existing data privacy laws across Europe. “The six...

Governments ought to disclose zero-day vulnerabilities and begin to collaborate to make digital disarmament more than just ‘a thing.’ The case for these policy changes is becoming increasingly clear as new public debates begin to take shape around online privacy, trust and the prevention of cyber conflict. However, much work lies ahead in correctly...

The cybersecurity industry can be made stronger if we attract more women and non-males. I've had the pleasure of interviewing some in my series. I spoke to Dr. Jessica Barker, who advises organizations on information security and maintains a blog at Cyber.uk. Then I spoke to Emily Crose, a network threat hunter. Most recently, I had the opportunity...

The title of this piece is quite obvious, but it is also an unappreciated fact. Consider for a moment the change we have seen over the last 30 years: access to cyberspace was scarce, often limited to enterprise users such as governments, educational institutions and the largest corporation, whereas today, there are billions of users that treat the...

Many organizations migrate to the cloud because of increased efficiency, data space, scalability, speed and other benefits. But cloud computing comes with its own security threats. To address these challenges, companies should create a hybrid cloud environment, confirm that their cloud security solution offers 24/7 monitoring and multi-layered...