Every week there seems to be a news story about another massive data breach with millions—and sometimes billions—of records containing personal data lost or stolen. We regularly hear about cyberattacks involving brute-forcing secure logins or exploiting software flaws, but there’s a new segment of the cybercriminal economy that’s growing fast: attackers who target companies that have unintentionally left data out in the open via misconfigured databases.
Bottomline and Strategic Treasurer released the results of the 2021 Treasury Fraud & Controls Survey. This is the 6th annual survey between the long-time collaborators, whose research partnership also includes the annual B2B Payments Survey. As in prior years, the 2021 survey gathered details about corporate and banking experiences, actions and plans regarding fraud. Results show that the pandemic accelerated both the threat of fraud and the response to it, with corporate and banking alignment on defensive automation.
Privacy lawyer Vivek Mohan has joined Mayer Brown as a partner in the Cybersecurity & Data Privacy practice in Northern California. Mr. Mohan joins from Apple Inc., where he served as a senior attorney on the company’s global privacy law & policy team and as head of information security law.
As part of an effort to help users apply its well-known Cybersecurity Framework (CSF) as broadly and effectively as possible, the National Institute of Standards and Technology (NIST) has released finalized cybersecurity guidance for positioning, navigation and timing (PNT) services.
Risk assessment is a key element of any discussion around security and the cloud. Security is measured in terms of how much risk there is of something happening – and nothing is without risk. So, when it comes to evaluating a move to cloud desktops, companies are really looking at how it will reduce risk.
With work from home becoming the norm, employees are likely letting their guards down, allowing people in the same household, whether family or visitors, to have access to work-related content. That is why a good cybersecurity strategy starts with people—and a zero trust approach.
Four different states (Washington, Virginia, Oklahoma and Minnesota) are on track to enact new data privacy laws in 2021, but are businesses ready to comply with state-by-state regulations? This patchwork of legislation could leave companies confused and vulnerable to legal action if they are unprepared.
The Cybersecurity and Infrastructure Security Agency (CISA), the nation’s first federal cybersecurity agency, is kicking off a series of virtual hiring events in 2021 for job seekers, while aiming to further increase the representation among women, minorities, and persons with disabilities in order to more fully realize the goal of using the talents of all segments of society.
A record number of critical and high severity vulnerabilities were logged to the National Institute of Standards and Technology (NIST) and its National Vulnerability Database (NVD) in 2020. THE NVD is a repository of Common Vulnerabilities and Exposures (CVEs) reported by security professionals, researchers and vendors. It is used by security teams around the world to stay up to date with security vulnerabilities as they are discovered. In January 2021, Redscan performed an analysis of the NVD to examine security and vulnerability trends. Their report focuses on vulnerabilities discovered in 2020, but also highlights wider CVE trends that have emerged since 1989.
As organizations look to strengthen their enterprise data security and privacy programs, they must consider the new risks that remote work has uncovered. More specifically, how legacy business applications and ERP systems may be exposing organizations to new levels of risk because these applications were not designed for user access from unmanaged networks and devices.
RSS
