The Future Security of the Internet of Things

One interesting concept I’ve come across recently is something perhaps all of us who cover cybersecurity news and the tech industry are culpable in perpetuating.  Dubbed “security fatigue” by Tom Pendergast, Ph.D., chief strategist of Security, Privacy and Compliance at MediaPro, it predicts there will be people who start to believe that protecting their personal… Read More

Yahoo’s Cyber Problems and Yours

I saw a funny tweet the other day, riffing on the new Star Wars movie, Rogue One. “Find out your Star Wars’ droid name!  Just enter your last name and the last 4 digits of your Social Security number!”  Or something like that. Very clever.  While I would assume there is no earthly way anyone… Read More

Wintertime Data Raids

The holiday season has arrived, which of course means winter is once again upon us.  As each day bites colder, it brings to mind people in other times and place, who have had to deal with truly frigid conditions: such as what the medieval Norsemen encountered when they sailed to Iceland.  A bitter winter is… Read More

Employees and Third Parties and the Risks They Pose

For any number of reasons, be it active intent or, less maliciously, ignorant blunder, employees continue to be one of the weakest links in the data security chain.  When that person works for a third party business associate, the risk is compounded, since an organization has even less control and awareness of their actions.  I’ve… Read More

The Legacy of Legacy Applications

All things decay over time.  So it is with the security of “legacy” software.  Antiquated versions of an organization’s Windows and even (gasp!) DOS applications, some even built a decade or two ago, eventually become outdated.  Perhaps millions of these applications are still in use out there in the wild, holding sensitive information for which… Read More

EHR Vulnerabilities and AI Safeguards

Who would have thought that Dwight Schrute’s blustering outrage would only become more relevant year by year?  While it was a funny prank on that episode of The Office, identity theft is now less of a joke than it has ever been.  Businesses handle more and more customer data, and the bad guys always seem… Read More

Security on the Ballot

In case you somehow missed the ubiquitous reminders, today is Election Day, where you get to exercise your civic rights at the polls (make sure to stretch first).  Much has been made recently of the security of voting machines, and their susceptibility to outside cyber intrusion.  Stories about Russian hackers targeting government agencies have only… Read More

Healthcare industry leaving neck exposed to cyber attacks

In a recent report that’s no doubt of great interest to the bloodsucking undead, Australia’s recent data breach—its largest ever—exposed around 1.3 million records, affecting 550,000 people who donated blood to the Red Cross.  An anonymous source discovered that a 1.74 GB file containing this information had been posted to a public site, and alerted… Read More

Dyn DDoS Attack Reveals IoT Security Failures

It looks like security in the Internet of Things, whose vulnerabilities has been a topic among tech experts for some time now, might finally have been exposed to the light of the mainstream. First, though: DDoS attacks are not hacks.  I just want to get that out there right off the bat.  It’s a common… Read More

Data Risk Analysis: The Yahoo Example

The cost of data breaches directly affects the cost-benefit analysis when companies are planning their budgets.  Studies on the average and median costs of breaches can play a significant role in guiding this analysis.  A study that reports these costs as being generally low, therefore, is likely to be cited as reason to deemphasize the… Read More