A question that often comes up around cybersecurity and incident response is when to involve legal. The best time to get advice from your attorney is before an incident. Here are 5 tips from legal resources of steps to take NOW: 1) Obtain verification from key vendors that they have measures in place to protect […]
Cybersecurity Risks Are Threatening Deals
Recent acquisitions highlight the threat that cyber risks can pose to a company’s reputation and bottom line. When Verizon was making a bid for Yahoo’s internet business, the sale price was discounted $350,000 million after Yahoo’s security breaches were discovered. Spirit AeroSystems Holdings had been approved to purchase Asco Industries prior to Asco being hit […]
4 Cybersecurity Budget Focus Areas for Higher Education in 2020
Chief information security officers are grappling with a variety of issues as they try to keep their campuses safe from cyber criminals. In fact, the No. 1 issue for higher ed IT leaders this year is information security, according to EDUCAUSE, a nonprofit association of IT leaders in higher ed. Let’s look at 4 top […]
How Is FTC Data Security Enforcement Changing?
The U.S. Appellate Court agreed with LabMD that an order by the Federal Trade Commission (FTC) for them to “establish a comprehensive information security program” was too vague, leading to changes in the way the FTC handles penalties after conducting audits to confirm that organizations who are collecting data are also taking steps to protect […]
New NIST Requirements Increase Cyber Security Controls
A new supplement to the National Institute of Standards and Technology (NIST) 800-171 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” is on the way. The proposed supplement 800-171B adds 35 new requirements that go alongside the 110 controls in 800-171rev2. Supplement B applies to companies that receive controlled unclassified information (CUI) as part […]
Record fines come on the heels of warnings about cyber risk
Record fines come on the heels of warnings from US Intelligence warning of a growing risk to our utility providers. Similar warnings have been issued for law firms, higher education, and small businesses, so this information is relevant to a wide spectrum of organizations who may need to review how they are protecting their data […]
Are your Application Programing Interfaces (API) Secured?
Today we delve into the world of Application Programing Interface or “API” security. These interfaces are typically used to share information between applications, such as a CRM like Salesforce and mobile applications that your sales team may want to use. These are sets of tasks and instructions prebuilt into Salesforce that you can ‘call’ to […]
How Expensive is Effective Cybersecurity?
There is almost no limit to how much you could spend on cybersecurity solutions, and with Gartner estimating global spend on security is equal to about 1.5% of worldwide revenue – does that mean that effective cybersecurity has to be expensive? And what is “expensive”? Surely that is different for an SMB client than a […]
CASE STUDY: The unique complexity of cyber security municipalities and governments
The challenges: Municipalities and governments find themselves in an interesting situation as often the IT and information security departments are a generic city or county service, however based on the numerous departments they support they have very nuanced information security requirements. In addition the goal is always to cut down on taxpayer burden so they […]
Special Directive on Domain Name System (DNS) Compromise
Last week the USA’s Department of Homeland Security (DHS) sent out a directive for all agencies to upgrade their Domain Name System (DNS) security in light of a wave of Iranian hack attempts specifically targeted at compromising DNS. The compromise The Iranian cyber-criminals attempted (it’s unknown if they succeeded), to figure out through DNS records […]