VIP Data Security Lessons From the Hack of Colin Powell’s Personal Email Account


Are C-levels, high-government officials, and other power elite really all that different than the rest of us? We now know after email hacks involving former Secretary of State Colin Powell’s Gmail account, former CIA director John Brennan’s AOL account, and the Gmail account of John Podesta, a top advisor to the Democrats, that they are, but not for the […]

Continue Reading →

HIPAA and Cloud Provider Refresher


As far as regulators are concerned, the cloud has been a relatively recent occurrence. However, they’ve done a pretty good job in dealing with this ‘new’ computing model.  Take HIPAA. We wrote that if a cloud service processes or stores protected health information (PHI), it’s considered in HIPAA-ese, a business associate or BA. As you […]

Continue Reading →

21st Century Cyber Wars: Defense Lags Offense


We don’t often get to see data security and cyber attacks discussed in detail on a top-rated national talk show, but that was the case last week. John Carlin, Assistant Attorney General for National Security, talked to Charlie Rose about cyber espionage, attack attribution, insider threats, and prevention. Even for those of us in the […]

Continue Reading →

IoT Pen Tester Ken Munro: Security Holes (Part 1)


If you want to understand the ways of a pen tester, Ken Munro is a good person to listen to. An info security veteran for over 15 years and founder of UK-based Pen Test Partners, his work in hacking into consumer devices — particularly coffee makers — has earned lots of respect from vendors. He’s […]

Continue Reading →

The Federal Trade Commission Likes the NIST Cybersecurity Framework (and You Should Too)


Remember the Cybersecurity Framework that was put together by the folks over at the National Institute of Standards and Technology (NIST)?  Sure you do! It came about because the US government wanted to give the private sector, specifically the critical infrastructure players in transportation and energy, a proven set of data security guidelines. The Framework […]

Continue Reading →

NSA Contractor Arrest Reinvigorates Interest in Insider Threat

Processed with VSCO with c4 preset

Despite efforts to reform its security after the Edward Snowden breach three years ago, the NSA announced another security breach involving one of its own contractors, Harold Thomas Martin III. This latest bombshell suggests continued vulnerabilities at our nation’s spookiest agency. In an effort to better guard the government’s sensitive data, White House spokesman Josh […]

Continue Reading →

When a Cyber Attack Is a Political Weapon


We’re not surprised when hackers attack companies to scoop up credit card numbers or to cause IT disruption. If they’re state sponsored, they may target organizations to pull out intellectual property – military secrets or other sensitive information — as part of a cyber-espionage program. But hackers associated with a party (or state) hacking into another […]

Continue Reading →

Five More Videos from RSA 2016


It’s been a few months since we last visited the RSA sessions from this year’s conferences. Much has happened since then: for starters,  more ransomware, Yahoo, increased GDPR awareness, news details on OPM, and state actors behaving badly. With that in mind, we reviewed the archived RSA 2016 videos and came up with five prescient sessions that help […]

Continue Reading →

New York State Proposes Real-World Cybersecurity Regulations for Banks


The EU General Data Protection Regulation (GDPR) has raised the bar for what we expect from a national data security and privacy law. The US doesn’t really have anything close (outside of HIPAA for medical PII). So it’s interesting to see some movement at the state level. Let’s now give a shout out to New […]

Continue Reading →

Attorney and Data Scientist Bennett Borden: Find Insider Threats (Part 2)


In this second podcast, Bennett continues where he left off last time. Borden describes his work on developing algorithms to find insider threats based on analyzing content and metadata.

Continue Reading →

If the GDPR Were in Effect, Yahoo Would Have to Write a Large Check


Meanwhile back in the EU, two data protection authorities have announced they’ll be looking into Yahoo’s breach-acopalypse. Calling the scale of the attack “staggering”, the UK’s Information Commissioner’s Office (ICO) has signaled they’ll be conducting an investigation.  By the way, the ICO rarely comments this way on an on-going security event. In Ireland, where Yahoo […]

Continue Reading →