Calculating the cost of cyber-risk

Most businesses understand the need to protect networks and data assets if client trust and operational functionality are to be maintained. With the General Data Protection Regulation coming into force on May 25, failure to do so could lead to fines of up...

read more

Why 2017 will be the worst year ever for security

Sony. Anthem. The Office of Personnel Management. Target. Yahoo. The past two years have seen one mega-breach after another—and 2017 promises to be the most catastrophic year yet. Security experts have long warned that most organizations don’t even know they’ve been...

read more

Austria’s FACC, hit by cyber fraud, fires CEO

The head of Austrian aerospace parts maker FACC has been fired after the company was hit by a cyber fraud that cost it 42 million euros ($47 million). The firm's supervisory board decided at a 14-hour meeting on Tuesday to dismiss CEO Walter Stephan with "immediate...

read more

How Fortune got inside the Sony hack

What Peter Elkind found in his six-month investigation of the cybercrime of the century should terrify corporate America. We have devoted 12,000 words in our July 1 issue to an extraordinary story by Peter Elkind on the now infamous cyber­attack against Sony Corp.,...

read more

Millions of hacked LinkedIn IDs advertised ‘for sale’

A hacker is advertising what he says is more than one hundred million LinkedIn logins for sale.The IDs were reportedly sourced from a breach four years ago, which had previously been thought to have included a fraction of that number.At the time, the business-focused...

read more

Survey: 90% of businesses hacked at least once in 2015

For risk managers — indeed for most businesses — among the most disturbing words they can hear are “We’ve been hacked.” What was once something to fear for only large businesses is now an issue for the majority, according to a survey of business risk managers released...

read more

Building a brand-new Internet

We do not possess the ability to read the future, and yet we can predict with a high level of certainty that we will see more major cybersecurity incidents in 2016 and 2017. The world’s cybersecurity capability is not able to advance in line with the growing...

read more

The two misconceptions dominating the encryption debate

Cybersecurity is a massive challenge affecting everyone –- startups, government, corporate systems and consumers, costing the global economy billions of dollars annually. Tragically, the one solution we are seriously considering — mandating encryption backdoors — will...

read more

Seagate Phish Exposes All Employee W-2’s

Email scam artists last week tricked an employee at data storage giant Seagate Technology into giving away W-2 tax documents on all current and past employees, KrebsOnSecurity has learned. W-2 forms contain employee Social Security numbers, salaries and other personal...

read more

Hackers Target Anti-DDoS Firm Staminus

Staminus Communications Inc., a California-based Internet hosting provider that specializes in protecting customers from massive “distributed denial of service” (DDoS) attacks aimed at knocking sites offline, has itself apparently been massively hacked. Staminus’s...

read more

The Tsunami in 2016 that is NIST (SP) 800-171

2015 was the year of the hacker. There is no segment that was left un-scathed from breaches, attacks, or disruption. Dozens of hospital patient record databases were breached, multiple fortune X corporation’s customer data exposed, and anyone who holds or has held a...

read more

Rob Enderle – Product of the Week

The "Enigma" name comes from an encryption machine Germany developed and used very successfully in the Second World War, until Alan Turing helped crack it. Turing -- who arguably was key to winning the war for the Allies and then, as a twisted thank you, effectively...

read more

Secure your data; you never know who’s looking

By now, it should be abundantly clear that our data is not secure.  Over the past 15 years, we’ve seen an exponential increase in organized, methodical cyber-related attacks to steal confidential data, assume identities, drain bank accounts and plunder consumer and...

read more

Did TalkTalk breach the Data Protection Act?

On Wednesday, online criminals decided to attack the UK broadband provider TalkTalk. This wasn’t an attack aimed at interrupting its ability to do business or provide its services, this was an attack the goal of which seemed to be accessing the personal data of its...

read more

Pentagon Farmed Out Its Coding to Russia

By Patrick Malone, Center for Public Integrity The Pentagon was tipped off in 2011 by a longtime Army contractor that Russian computer programmers were helping to write computer software for sensitive U.S. military communications systems, setting in motion a four-year...

read more

Open Letter on the OPM Breach

"It's really frustrating to think that my family might suffer from my information having been stolen." Those are the words of David Thul, who served 22 years with the Minnesota National Guard, was deployed to Kosovo in 2003 and again to Iraq from 2005 to 2007. "My...

read more

Should All Personal Information Be Encrypted?

Last month, the Health Insurance and Medical Privacy Act, or HIPAA, made your electronic medical records a lot safer. As welcome as these changes are, we need to go further. It is time for a federal law requiring encryption of any database that contains personally...

read more

Are Ashley Madison users at risk of blackmail?

The group behind the hack of adultery website Ashley Madison appears to have made good on its threat, leaking the site's user database online—and potentially exposing those users to threats of blackmail. Last month, a group of hackers known as The Impact Team claimed...

read more

OPM Hack: Can it get any worse?

For those of you that don’t have a security clearance, the information that is on these forms is staggering. Due to the fact that an initial security background has to be complete in order to properly “vet” the individual for access to classified data, applicants are...

read more

Catching Up on the OPM Breach

I heard from many readers last week who were curious why I had not weighed in on the massive (and apparently still unfolding) data breach at the U.S. Office of Personnel Management (OPM). Turns out, the easiest way for a reporter to make sure everything hits the fan...

read more

What does OPM’s data breach mean for you?

A massive cyber breach at the Office of Personnel Management may have exposed the personal and financial information of 4 million employees, putting their credit and finances at risk. But what does it mean for you? It means being vigilant about your credit scores and...

read more

Why the OPM Breach is such a security and privacy debacle

If it’s not already a maxim, it should be: Every big hack discovered will eventually prove to be more serious than first believed. That’s holding to be especially true with the recently disclosed hack of the federal Office of Personnel Management, the government’s...

read more

How to get your CEO ready for a security breach

It’s never been more obvious how great a threat cybercriminals pose to every organization. Hackers, corporate spies, and nation-states have all targeted the defenses of global corporations, and increasingly embarrassing breach reports are making business executives...

read more

Fines Remain Rare Even As Health Data Breaches Multiply

In a string of meetings and press releases, the federal government’s health watchdogs have delivered a stern message: They are cracking down on insurers, hospitals and doctors offices that don’t adequately protect the security and privacy of medical records. “We’ve...

read more

You’ve been hacked. Now what?

What should a company do after it’s been hacked? It’s a question Target, Home Depot, Sony Pictures Entertainment and others have had to ask over the past year or so. And it’s likely that other organizations will be facing the same question over the coming months....

read more

Top 10 Myths About Identity Theft

Each new data breach and phishing scam alert is accompanied by a wave of cyber security articles and commentary. The tone of these stories can range from panicked to apathetic. But the facts can't be ignored: identity theft is an epidemic in the United States....

read more

People Want Safe Communications, Not Usable Cryptography

For encryption to be widely used, it must be built into attractive, easy-to-use apps like those people already rely on. Security and privacy expert Micah Lee recently described how he helped set up cryptographically protected communications between whistleblower...

read more

You’ve already been hacked

There are two things now driving the security industry: 1. The bad guys are already inside. 2. New platforms — cloud and mobile — have arrived. …Both are forcing a different set of technologies, and the creation of new kinds of companies. If we take the new...

read more

Box gets customer-managed key encryption

Fresh off its initial public offering, cloud file synch share and storage company Box has a new Enterprise Key Management (EKM) offering out this week that analysts say could ease customer concerns with using a cloud-based service. Box’s EKM uses Amazon Web Services’...

read more

Lessons from Anthem

The breach involving 80 million records at the nation’s second-largest health insurer fulfilled the warnings many have offered for years: there is no such thing as a secure electronic health information system. Large numbers have a tendency to concentrate the minds of...

read more