The National Security Agency (NSA) has released an information sheet with guidance on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS (DoH). When configured appropriately, strong enterprise DNS controls can help prevent many initial access, command and control, and exfiltration techniques used by threat actors.
On average, organizations experience 180 incidents involving sensitive data, or one every 12 working hours, according to Egress. The three top causes of outbound email data breaches include: the wrong recipient added, wrong file attached or replying to a phishing scam.
Finding and implementing a cybersecurity risk framework is a challenge every organization faces. Time has shown that this endeavor almost always calls for the heavy lifting to be carried by chief information security officers (CISOs) and their staff. So where do you start?
What are some current trends in cybersecurity threat research? To get some insight, we spoke to Aamir Lakhani, cybersecurity researcher and practitioner with FortiGuard Labs.
Vitaliy Panych has officially been appointed CISO to the state of California after spending the past two years as California’s acting chief information security officer.
Consumers can easily identify opportunities to opt out of sharing personal data through the first-of-its-kind “Opt-Out Easy” browser plug-in developed by researchers from Carnegie Mellon’s CyLab Security and Privacy Institute. The plug-in makes opt-out choices more accessible to users, automatically extracting privacy information from websites’ policies and presenting it in a user-friendly way.
Telehealth was an unexpected technology bright spot in 2020, as the Office for Civil Rights (OCR) relaxed enforcement of certain aspects of HIPAA, helping to reduce COVID exposure via virtual rounding and virtual visits. The following three high-level recommendations provide a basis for defense in depth for healthcare organizations in 2021.
The Cybersecurity and Infrastructure Security Agency (CISA) has launched a new cybersecurity effort: The Systemic Cyber Risk Reduction Venture on developing actionable metrics to quantify cyber risk. This information will be used to reduce shared risk to the nation's security.
The average employee is the greatest risk to an organization’s security. Here’s how to rethink enterprise-wide training to fight cybercrime and utilize gamification to make it stick.
What is the best path forward? Should companies upgrade their existing platforms or replace them entirely? What makes the most sense both financially and for the security of your data?