Employees and Third Parties and the Risks They Pose

For any number of reasons, be it active intent or, less maliciously, ignorant blunder, employees continue to be one of the weakest links in the data security chain.  When that person works for a third party business associate, the risk is compounded, since an organization has even less control and awareness of their actions.  I’ve… Read More

The Legacy of Legacy Applications

All things decay over time.  So it is with the security of “legacy” software.  Antiquated versions of an organization’s Windows and even (gasp!) DOS applications, some even built a decade or two ago, eventually become outdated.  Perhaps millions of these applications are still in use out there in the wild, holding sensitive information for which… Read More

EHR Vulnerabilities and AI Safeguards

Who would have thought that Dwight Schrute’s blustering outrage would only become more relevant year by year?  While it was a funny prank on that episode of The Office, identity theft is now less of a joke than it has ever been.  Businesses handle more and more customer data, and the bad guys always seem… Read More

Security on the Ballot

In case you somehow missed the ubiquitous reminders, today is Election Day, where you get to exercise your civic rights at the polls (make sure to stretch first).  Much has been made recently of the security of voting machines, and their susceptibility to outside cyber intrusion.  Stories about Russian hackers targeting government agencies have only… Read More

Healthcare industry leaving neck exposed to cyber attacks

In a recent report that’s no doubt of great interest to the bloodsucking undead, Australia’s recent data breach—its largest ever—exposed around 1.3 million records, affecting 550,000 people who donated blood to the Red Cross.  An anonymous source discovered that a 1.74 GB file containing this information had been posted to a public site, and alerted… Read More

Your guide to the seven types of malicious hackers

Originally published at: InfoWorld.Com Copyright: InfoWorld   When I learned over the weekend that hackers had planted malware on a Nasdaq Web server, I wasn’t exactly surprised. It’s the rare company that isn’t owned by hackers. Even the most well-defended organization will likely find itself under attack by outsiders. Whether you’re attacked today or tomorrow,… Read More

Dyn DDoS Attack Reveals IoT Security Failures

It looks like security in the Internet of Things, whose vulnerabilities has been a topic among tech experts for some time now, might finally have been exposed to the light of the mainstream. First, though: DDoS attacks are not hacks.  I just want to get that out there right off the bat.  It’s a common… Read More

Data Risk Analysis: The Yahoo Example

The cost of data breaches directly affects the cost-benefit analysis when companies are planning their budgets.  Studies on the average and median costs of breaches can play a significant role in guiding this analysis.  A study that reports these costs as being generally low, therefore, is likely to be cited as reason to deemphasize the… Read More

Cybersecurity Risks and Incentives

Business leaders across America continue, in largely increasing proportions, to cite cybersecurity as a leading concern to their organization.  In fact, according to the 2016 Travelers Risk Index (an annual survey on the biggest worries for businesses and consumers), 54% of enterprise leaders share this view.  This complements the mere 13% who feel their organization… Read More

Election Interference and What Could Come Next

If I had to guess, I’d say there must be some disgruntled sports fans in Russia right now.  In what I can only assume is retaliation for the whole doping scandal that banned almost the entire Russian team from the Rio Olympics last month, cyber thieves have released information on athletes of other countries, including… Read More