locks

CryptoLocker: The Marketing Behind the Malware

CryptoLocker is a frightening piece of malware that, when executed, encrypts your local and network files until a ransom is paid. CryptoLocker has well-implemented encryption that is generally considered unfeasible to brute force, as well as a multitude of distribution vectors—botnets, emails, Trojans, etc.  But what really sets CryptoLocker apart as ransomware, which has existed…

Continue Reading

Test_(student_assessment)

PCI Penetration Testing and Vulnerability Scanning: There’s Room for Improvement

One of the criticisms against PCI DSS is that it isn’t keeping up with the dynamic threat environment. As we all know, phishing, APTs, and PoS malware have been especially effective in the retail sector. The Verizon PCI report I mentioned in my last post has some revealing data as to why this may be…

Continue Reading

[VIDEO] Why Work At Varonis

Below you’ll find a video we’re really happy to share with you. While watching the video, you’ll get a real sense of what it’s like to work at Varonis. You’ll hear directly from employees on the company culture, and perks – while getting a glimpse of our offices in the heart of Manhattan. We hope…

Continue Reading

creepometer

How to Avoid Being Known as a Creepy Company

While data breaches have been driving news headlines this year, privacy concerns have been riding shotgun. Unfortunately, for lack of a better word, “creepy” has been the word often used to describe the way companies have been leveraging our personal data, whether it is with passive location tracking, apps secretly absorbing your personal address book,…

Continue Reading

money

What’s Your Reputation Worth?

During this past year, we’ve been reminded (too) many times that data breaches are costly and damaging to a company’s reputation. According to the Ponemon Institute’s 2014 Cost of Data Breach Study, the average total cost of a data breach—which can include credit monitoring, legal fees, remediation, and customer loss—for the companies who participated in…

Continue Reading

tilt-cards

State of PCI Compliance: Verizon Report Tracks Highs and Lows

In addition to publishing the Metadata Era’s favorite source for hacking stats, Verizon also has a separate survey on PCI Data Security Standard (DSS) compliance. Since 2009, Verizon and its associated QSA testers have done 4,000 assessments of mostly large multi-national companies. With the recent high-profile credit card number heists, it’s a particularly opportune time…

Continue Reading

privacy ftc

FTC Says Do the Reasonable Security Thing

Metadata Era readers know the FTC has become the de facto enforcer of data privacy and security protection. When there aren’t specific laws to apply, it uses the broad powers given to it by Congress—back in the earlier part of the last century—to prohibit “unfair or deceptive acts or practices” in the digital realm.  A…

Continue Reading

What You May Have Missed

What You May Have Missed

1. Here’s an interesting perspective from a CTO on why metadata matters. 2. By September 30th, California Governor Jerry Brown will either veto or sign two very important bills that will protect student data and their privacy. Major protections of SB 1177 include prohibiting any website or mobile app from targeted advertising to K-12 students, their parents…

Continue Reading

SSAE16

How Varonis Helps with the Statement on Standards for Attestation Engagements 16(SSAE16)

The Statement on Standards for Attestation Engagements 16 (SSAE16) is a regulation for how service organizations report on compliance controls. Created by the Auditing Standards Board of the American Institute of Certified Public Accountants, SSAE16 requires a written statement of assertion to the auditor that their controls description accurately represents their business operations. To learn…

Continue Reading

399px-Golden_North_Samon_Derby_Winner_1955_Meyer

Phishing Attacks Classified: Big Phish vs. Little Phishes

The CMU CERT team I referred to in my last post also has some interesting analysis on the actual mechanics of these phishing attacks. Based on reviewing their incident database, the CERT team was able to categorize phishing attacks into two broader types: single- versus multi-stage. What’s the difference? Think of single-stage as catching lots of…

Continue Reading