Organizations Must Brace for Privacy Impacts This Year
In 2022, we saw broad support behind federal privacy legislation in the US Congress. While the American Data Privacy Protection Act (ADPPA) did not see the president’s pen prior to the midterms, the fact that such a bill saw a committee vote in the House — approved 53–2, with bipartisan support — and both industry…
What’s next? CISOs weigh in on COVID’s long-term effects on security
As lockdowns ease, CISOs are looking ahead at how their teams operate and how they protect employees and assets. The most likely change is permanently supporting more work-at-home employees. According to a report released in April by (ISC)2, 96% of organizations had moved at least some of their staff to remote work, with nearly half…
Cloud configuration drift leaves organizations open to attack, research finds
Many organizations are automating their cloud infrastructure deployments through code. This allows them to establish a secure configuration baseline early in their DevOps lifecycle, but the security posture of most cloud resources later drifts due to undocumented changes that often remain undetected. A new study from cloud security company Accurics found that in as many…
8 key security considerations for protecting remote workers
Your boss just called and all your employees are mandated to work from home for the next two to three weeks due to the potential COVID-19 pandemic. What could go wrong? What risks are you now bringing to the firm? These are the actions should you take immediately to ensure you can allow your workforce…
Secure IT: Individual Responsibility and Cybersecurity
Cybersecurity is everyone’s responsibility. In a world where the cyberthreat landscape continues growing rapidly in size and sophistication, that’s the key message driving the focus of 2019’s National Cybersecurity Awareness Month (NCSAM) this October. Held every October, NCSAM is a collaborative effort between government and the private sector to promote cybersecurity awareness and the need…
How a Rapid Response Helped Thwart an Active Ransomware Attack
Early this year, when an executive at a hospital called our Incident Response (IR) team, he had yet to realize that his organization was confronting an active ransomware attack. Symantec Endpoint Protection (SEP) and his internal team had flagged as suspicious some data that was marked with a four-letter file name, he explained, and multiple…
There May be A Ceiling on Vulnerability Remediation
Security has no shortage of metrics — everything from the number of vulnerabilities and attacks to the number of bytes per second in a denial-of-service attack. Now a new report focuses on how long it takes organizations to remediate vulnerabilities in their systems — and just how many of the vulnerabilities they face they’re actually…