With ransomware attacks on the rise and data breaches increasingly commonplace, more organizations are looking into purchasing cyber insurance. But current prices for cyber policies may not accurately reflect risk.
When it comes to cybersecurity, there are many terms and concepts that are beneficial for physical security professionals and IT professionals alike to understand. Here are a few to help you get started.
Thirty-seven percent of cyber threats in 2020 were specifically designed to utilize removable media—almost doubling from 19 percent in 2019.
Cyberattacks on the food supply chain like JBS, cause prices to soar, demand to increase, and supply to wane. And our food supply will continue to be a target.
Organizations shifted in how they conducted business to include an increasingly connected industrial environment. This trend has existed for many years, even while many organizations still believed they had highly segmented or even air-gapped ICS networks.
Following a series of high-profile cyber incidents, a watchdog highlighted the increasing threat breaches, intrusions, and attacks pose to the U.S. government.
Following a year of remote learning, educational institutions are prime targets for criminals looking for ransomware victims.
Nearly half of board members surveyed identified cybersecurity as a top source of risk moving forward. CISOs should expect more scrutiny, support, and resources as a result of the board’s attention.
A massive intrusion into U.S. government and private sector networks shows how nation-state actors are developing supply chain attacks for cyber space.
Following a major drop in deal making in March 2020, executives expressed increasing interest in deal-making and deep dives into targets cybersecurity posture.
With the proliferation of connected homes, virtual assistants, and smartphones, abusers have more tools than ever to track and control victims. When the workplace enters the home, however, this puts employees and employers at increased risk.
California’s attorney general began enforcing the first U.S. state-level comprehensive privacy law in summer 2020, creating opportunities and challenges for organizations subject to compliance.
After a series of nation-state cyberattacks, the Australian government pledged to make the largest investment ever to improve its cyber defense and security posture.
Vehicles and the trucking infrastructure that is vital to transporting goods across North America are becoming increasingly connected. But the requirements for cybersecurity remain lacking.
The challenges to secure the 2020 U.S. Presidential Election and its system infrastructure are vast. But so are the new tools in place to help monitor and protect the 2020 election.
Keren Elazari shares how security professionals can learn from hackers to help empower their employees to promote organizational security.
The increasing ease and availability of media manipulation and deepfake production is opening up new avenues of attack for fraudsters, market manipulators, and malicious actors.
With a converged security team, Mastercard is taking a unified approach to addressing risks and educating its workforce to reduce threats.
Critical infrastructure owners are increasingly creating remote connections to their operational equipment—potentially introducing unforeseen vulnerabilities.
New research finds that while organizations have made strides to improve data management, they still lack investment in breach detection.
End users are increasingly adopting unmanned aerial systems for security and operational needs. But they could be introducing cybersecurity risks in flight.
The United States is taking a multi-prong approach to preventing intellectual property theft. But it needs international partners to succeed.
Cybersecurity is a stressful business. Here’s what managers can do to help reduce stress in the workplace and promote a healthy work–life balance.
Threat actors tend to be one-step ahead of corporate security. Scams that prey on fear and concern related to the coronavirus show how they’re taking advantage of the pandemic.
The U.S. intelligence community released a strategy that incorporates a whole-of-society approach to counterintelligence.
Automation has received mixed reviews in IT security departments—while some say it reduces staff time spent on repetitive tasks, it makes jobs more complex.
A recent survey finds that the aviation sector has more work to do to increase the cybersecurity of flights.
An FBI alert suggests moving away from SMS authenticators to a more secure method of multifactor authentication.
The European Union’s privacy regulation poses new challenges for investigators looking to carry out their work.
New research by the ASIS Foundation indicates that full convergence of physical security, cybersecurity, and business continuity is not commonplace.
Researchers, technologists, and executives look at how artificial intelligence can have a positive impact on society.
Tarah Wheeler shares her thoughts on convergence and responding to security incidents at GSX 2019.
Stakeholders can work hand in hand to protect against insider and external threats and reduce the risk of data loss while simultaneously improving data protection and streamlining processes.
Equifax will pay $575 million and implement security reforms to settle charges stemming from its 2017 data breach.
Cannabis growers and retailers are prime targets for malicious cyber actors.
Through focus, patience, and non-linear thinking, malicious actors create new paths into organizations. Defenders can use attackers’ tactics against them.
Municipalities are increasingly becoming targets for ransomware attacks.
Executives are being targeted through a variety of cyberattacks. Stressful work environments are helping them succeed.
The cybersecurity workforce gap increased to more than 2.9 million globally in 2018, surpassing earlier estimates of unfilled positions.
Transnational criminal organizations are using improved connectivity and technology to discover new pathways to profit and stymie investigators.
Cryptojackers use the resources of their hosts’ computers and Internet of Things (IoT) devices to mine for cryptocurrency while evading detection.
The threat of compromising someone’s digital security to create a physical threat to an individual or an organization is on the rise.
A French regulator issued the first major fine for violations of the EU’s General Data Protection Regulation. Other organizations are taking note.
The longest U.S. government shutdown in history could have major ramifications for the nation’s cybersecurity.
Once siloed, cyber and physical security teams are now working together to address corporate risk.
Following the U.S. midterm elections, officials move their focus to the 2020 presidential election.
LinkedIn can be a valuable networking and recruitment tool. It can also be used to target employees to obtain corporate secrets.
Private companies come together to demand that authorities create privacy regulations to protect users’ data and technology.
Officials arrested 12 individuals in Ukraine and Switzerland on 26 October for their alleged role in carrying out ransomware attacks against critical infrastructure, Europol announced on Friday.
Three high-profile cyber attacks in the past few days indicate the ongoing war between hackers with malicious intent and cybersecurity postures of companies, organizations, and nations continues without abatement.
Threat actors are consistently attempting to infiltrate U.S. water and wastewater sector (WWS) facilities, according to a joint advisory issued Thursday.
The U.S. Department of Justice is launching an initiative to address the use of cryptocurrency to facilitate criminal activity, including ransomware.
After a review of 12 agencies, the GAO found that while all of them invested in the technology needed to support remote work, four had not fully documented their plans to mitigate weaknesses found in IT security controls.
Research examines the Dark Web advertisements of ransomware perpetuators to build a profile of the ideal target: a U.S.-based company with at least $100 million in revenue not operating in taboo sectors.
The Irish Data Protection Commission (DPC) issued a new record high fine against WhatsApp for breaching privacy regulations under the European Union’s GDPR rules.
The new Personal Information Protection Law in China imposes major restrictions on the collection and use of personal data by companies, however, the government is not subject to the same restrictions.
Blackberry became aware of a vulnerability that impacted multiple components of its software in April 2021, but waited until this week to disclose it after facing increased pressure.
The report, Federal Cybersecurity: America’s Data Still At Risk, found that only one out of the eight U.S. federal agencies audited for their cybersecurity programs showed improvements in 2020.
This roundup of news from the week covers the recent ransomware payments and recoveries, right-wing extremism in police units, environmental activism, apps that cause suspicion and apps that catch criminals, pandemic updates, workplace shooting motivations, currency wars, and a nun who embezzled and gambled it away.
In a diverse six to three decision, the U.S. Supreme Court rejected the U.S. Department of Justice’s (DOJ’s) interpretation of a major computer fraud law in a victory for security researchers.
Hackers gained access to an email marketing service account used by a U.S. State Department agency to carry out a string of attacks on other agencies, think tanks, consultants, and non-governmental organizations (NGO), Microsoft announced Thursday evening.
While it took nearly seven years for the FBI's Internet Crime Complaint Center tally to reach 1 million, the latest million took just 14 months—from mid-March 2020 to mid-May 2021.
U.S. President Joe Biden signed a long-awaited cybersecurity executive order on Wednesday evening, which instructs the federal government to take a host of actions to improve the nation’s security and resiliency.
Colonial Pipeline, responsible for a major portion of the East Coast's fuel supply, shut down its pipelines over the weekend due to a ransomware attack.
A task force recommended a series of actions to mitigate the threat of ransomware, including requiring cryptocurrencies to adopt anti-money laundering regulatory requirements.
Data from the Washington, D.C., police department ransomware attack has leaked online, adding the Metropolitan Police to the ever-growing list of organizations compromised by hijacked data.
In response to the country’s alleged misconduct linked to the SolarWinds hack and attempts to generate confusion in the United States’ election process, the Biden administration levied new sanctions on Russia.
The personal information—including phone numbers—of Facebook users exploited in a vulnerability originally uncovered and fixed in 2019 is now freely available.
Up to 150,000 security cameras installed in schools, hospitals, factories, and businesses were compromised, giving outsiders access to video from Tesla factories, prisons, psychiatric hospitals, and more.
While security professionals are continuing to address the fallout from the SolarWinds breach, Microsoft announced this week that it had detected several 0-day exploits being used to attack versions of Microsoft Exchange Server.
The world is at a turning point when it comes to artificial intelligence (AI), and the United States is at risk of falling behind, according to a new report from the National Security Commission on Artificial Intelligence (NSCAI).
CISA released its first international strategy on Thursday in a commitment to work with international partners to address risks and threats to critical infrastructure.
The attack on an Oldsmar, Florida, water utility was unsuccessful; however, it chillingly spotlights a potential vulnerability to critical infrastructure in the United States.
Global law enforcement agencies came together to take down one of the most significant botnets in the world: EMOTET, responsible for distributing the EMOTET malware.
The U.S. Cybersecurity and Infrastructure Security Agency issued an alert this week, warning security practitioners of recent cyberattacks against organizations’ cloud services that exploited poor hygiene practices and phishing tactics.
The recently enacted defense authorization bill and other federal and state laws call for research and begin to codify restrictions on deepfake technology; European countries have not addressed the issue directly.
Philadelphia area hunger relief organization Philabundance was the target of a cyberattack that cost the charity group almost $1 million.
Approximately 115,000 students have been affected by the ransomware-triggered shutdown, and there is no clear timeline for schools to reopen.
If enacted, the IoT Cybersecurity Improvement Act would help consolidate security requirements and considerations for Internet of Things (IoT) devices, including secure development, identity management, patching, and configuration management.
U.S. President Donald Trump announced on Twitter Tuesday that he decided to fire Chris Krebs, the director of CISA, which has led the way for federal cybersecurity initiatives, public–private sector information sharing and partnerships, and election security.
Facebook banned new political ads for the week leading up to the 3 November 2020 U.S. elections.
An artificial intelligence enabled bot created deepfake nude images of more than 100,000 women, some of whom seem to be underage, according to a new report from intelligence firm Sensity.
Six Russian intelligence hackers were charged with the NotPetya attack, as well as several other cyber crimes involving the 2017 French election and the 2018 Olympics.
The ban marks a sharp escalation in Facebook’s battle to curb the movement and its conspiracy theories—which have been identified as a potential domestic terror threat by the FBI.
The year 2020 may permanently shift the way individuals use the Internet. Cybersecurity Awareness Month aims to help people—and security practitioners—take control of their cybersecurity to enhance their overall security posture.
City council members in Portland, Oregon, voted unanimously to enact the strictest ban on facial recognition technology in the United States.
One of the largest public school systems in Connecticut was forced to delay its first day of classes after a ransomware attack affected 200 of the city’s 300 servers.
The U.S. Office of Management and Budget (OMB) released a memo that instructs U.S. federal agencies to create and publish coordinated vulnerability disclosure program (VDP) policies.
Facebook and Twitter reported that the FBI warned them that Russia is again targeting Americans with disinformation, attempting to influence the 2020 U.S. presidential election.
U.S. prosecutors charged the former chief security officer of Uber for his alleged role in an attempted cover up of a data breach of the company in 2016.
U.S. President Donald Trump issued executive orders late Thursday night that bar transactions by U.S. persons or that involve property subject to U.S. jurisdiction with the parent companies of WeChat and TikTok.
The European Union issued its first sanctions for cyberattacks on Thursday against Chinese, North Korean, and Russian groups linked to recent major hacking incidents.
The Court of Justice of the European Union struck down a major data sharing agreement between the United States and the European Union, but confusion remains about what measures corporations can use to share data across the Atlantic.
The United States has ordered China to close its Houston, Texas, diplomatic consulate within 72 hours—a move made in response to alleged violations of American sovereignty and “massive illegal spying and influence operations” from China, including intellectual property theft.
Several accounts of high profile Americans were taken over on 15 July, directing followers of billionaires and politicians to send cryptocurrency to a Bitcoin wallet.
A new study from Deloitte gives overview of the state of AI adoption and highlights risk and ethical concerns companies face.
A joint task force of European investigators cracked the EncroChat encrypted messaging platform, unlocking a gold mine of leads on criminal activities and plots.
The race to exploit COVID-19 fears for profit continues as fraudsters are rapidly evolving their methods—now posing as COVID-19 contact tracers to steal personal information.
Symantec sent a notice to its customers Thursday night, alerting them to a series of attacks against U.S. companies by threat actors attempting to deploy WastedLocker ransomware on their networks.
Despite a 400 percent rise in COVID-19-related cyberattacks, Americans remain largely unconcerned about cyber crime, according to a new report.
New reporting finds CIA did not take appropriate insider threat precautions, which enabled the massive data leak to Wikileaks in 2017.
IBM announced it will discontinue its general-purpose facial recognition business and opposes the use of the technology to conduct mass surveillance and racial profiling.
Recent social media activity has experts concerned about the potential for disinformation to color the outcome of upcoming elections, including the 2020 presidential election in the United States.
The COVID-19 pandemic has spurred more discussion about the possibility of online voting, but some security experts and officials are voicing security concerns about the risks.
The first Thursday of May is designated World Password Day, arguably more important than before as several organizations in various countries have workers operating remotely in response to the COVID-19 pandemic.
The U.S. Department of Defense CIO released a list of a list of best practices for cybersecurity and protecting an information network while teleworking.
From phishing to malware to ransomware, COVID-19-related attacks seek to take advantage of vulnerabilities.
Researchers note the limited use of artificial intelligence in the U.S. government, as well as opportunities for enhancement.
The United States linked a Russian military unit to the hacking group known as Sandworm which is said to be responsible for some of the most significant cyberattacks around the globe over the past 10 years.
The U.S. Department of Justice charged Huawei and its subsidiaries with racketeering conspiracy and conspiracy to steal trade secrets in an indictment released late Thursday afternoon.
The breach compromised sensitive personal information on more than 145 million Americans.
A security lapse by an app maker led to the exposure of data from all 6.5 million eligible voters in Israel, including full names, addresses, genders, phone numbers, and identity card numbers.
A vital U.S. government agency tasked with aiding state and local election officials to secure election systems “has not yet completed” plans to secure the 2020 U.S. presidential election less than 10 months away, a watchdog report found.
FBI Director Chris Wray tells Congress that Russia is conducting "information warfare" leading into the 2020 U.S. presidential election.
The State of Convergence report shows slow adoption of a converged security function, but business conditions may speed up the timetable.
On Data Privacy Day, here are a collection of resources for security professionals.
Department of Interior, military, other agencies cite security concerns with Chinese-made drones.
A study from the University of Michigan found that voting machines advertised as a secure alternative are still hackable.
The internationalization of far-right threats and tension between the Persian Gulf countries rank as the top two security risks for companies in 2020, according to a new risk forecast.
The U.S. Office of Personnel Management (OPM) has made strides in increasing its cybersecurity, but more work remains to be done almost five years after the agency suffered one of the largest government data breaches in history.
ASIS Foundation study researches the degree to which physical security, cybersecurity, and business continuity have converged into a single department.
Despite writing and releasing the text of a bill, bipartisan work on a federal online privacy law is expected to continue well into 2020.
U.S. intelligence officials confirmed that Russia has been spreading a disinformation campaign about Ukrainian efforts to interfere in the 2016 U.S. presidential election.
U.S. federal officials say that foreign governments are trying to steal ideas, proprietary information, and research from American universities.
A group of U.S. federal agencies released a joint statement Tuesday pledging to work with states and localities to protect the 2020 election.
U.S. superiority in artificial intelligence is endangered, according to a new report from the National Security Commission on Artificial Intelligence.
U.S. Representatives Matt Gaetz and Steve Scalise led a group of lawmakers into a closed hearing on Capitol Hill on Wednesday in a major breach of protocol and security.
As part of National Cybersecurity Awareness month, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) and the National Cyber Security Alliance (NCSA)—launched the “Own IT. Secure IT. Protect IT.” campaign.
A new study says employees are to blame for as many as half of all data breaches.
Australian, British, and U.S. officials asked Facebook not to fully encrypt its messaging services to provide greater access to data for law enforcement.