Varonis Perspective on the Sony Breach

While we have few details on the Sony Pictures attack itself, this very public breach (or pwning in hacker slang) has shown the extent of the actual exposure—it is massive. The always informative Krebs knows, at this point at least, as much as the rest of us—possible North Korean connection and perhaps the use of destructive erase-all malware….

5-things-privacy-wearables

5 Things Privacy Experts Want You to Know About Wearables

There’s been a lot of news lately in the health and fitness wearables space. Apple just announced they’re releasing an app, called “Health,” as well as a cloud-based platform “Health Kit”. Somewhat related, Nike recently pulled the plug on its activity tracking Fuelband. The conventional wisdom is that fitness trackers are on the decline, while…

NTLM warning

A Closer Look at Pass the Hash, Part III: How NTLM will get you hacked (and what you should do about it)

I was about ready to wrap up this series of posts (part 1, part 2 ) on PtH and make my larger point, which is that you should assume hackers will break into your system. And then I learned new information about credential stealing that amplifies this warning by a factor of 10. The most…

privacy policy

Data Brokers and Data Governance Practices

Along with other data security and privacy wonks, I was looking through the FTC’s 110-page report on the data broker industry. Released last Tuesday, “Data Brokers: A Call for Transparency and Accountability” has some interesting and even a few eyebrow-raising facts based on the FTC’s year-long investigations. The FTC looked into nine data brokers to…

3 Challenges for the National Patient-Centered Clinical Research Network (PCORnet)

3 Challenges for the National Patient-Centered Clinical Research Network (PCORnet)

Have you noticed that a lot of health information created daily during patient visits is still not digitized? And if it is, the opportunities to use this data for research and for prevention are often missed because the networks that store this data cannot easily collaborate or communicate with each other. Finally, at the end…

Digital StillCamera

Ultimate Security Wisdom From Verizon’s DBIR: Limit, Control, and Monitor

For those in IT too busy to read the 60-page Data Breach Investigations Report, Verizon provides the shorter executive summary. And to summarize the summary, they’ve come up with seven tips based on their analysis of over 60,000 security incidents. If I had to condense this list into a simple one sentence security mantra it…

767px-Siege_orleans

2014 Verizon DBIR: Year of Living Dangerously

One of the sure signs of spring, besides tulips and daffodils, is the release of the 2014 Verizon Data Breach Investigations Report. For those who are excited by survey methodology, this year’s report marks a dramatic change for the DBIR. They’re no longer sticklers about verifying breaches leading to actual data exposures, which limited the…

Low_hanging_fruit_(grapes)

Insights from the SANS Survey on Event Logging

SANS Critical Security Controls (CSC) have been getting more attention over the last few years. As security experts come around to focusing on the actual techniques used by hackers, the SANS “offense informs defense” approach is resonating. And now with the 2014 Verizon Data Breach Investigations Report (DBIR), it has received a new and important endorsement….

report-card-ferpa-edtech

For a passing grade, EdTech needs a privacy solution

Last week, New York state lawmakers passed legislation to prevent identifiable student data from being uploaded to a centralized national database. The database belongs to a non-profit in the growing education technology or EdTech sector. Their goal was to collect PII, student scores, attendance, and other information and then disseminate it to teachers and administrators…

800px-Anonymous_at_Scientology_in_Los_Angeles

Malevolent Marketplaces

When considering security, it’s typical to think of systems in terms of technology: bugs, errors, and broken or exploited code. However, underlying the technical issues we face every day as technology professionals, there are economic forces attempting to exploit those cracks in the security facade for their own gain. While that fact is fairly self-evident and an intrinsic…