SBOM mandate to improve cybersecurity in the US
Friday, March 17, 2023 by Freeman Lightner
The number of cyberattacks waged against government sectors worldwide increased by 95% in the second half of 2022 compared to the same time period in 2021. (1) The global cost of cyberattacks is expected to grow exponentially from $8.44 trillion in 2022 to $23.84 trillion by 2027. (2) To support the nation’s critical infrastructure and Federal Government networks,...
Identity will hold the keys to the kingdom for cybercriminals
Wednesday, February 8, 2023 by Brittany Hainzinger
In 2023, identity will continue to hold the keys to the kingdom for cybercriminals. This is a continuation from 2022, with the Verizon Data Breach Investigations Report (DBIR) attributing 80% of basic web application attacks to the use of stolen credentials like passwords. Security incidents usually involve a variety of techniques, from social engineering to supply chai...
Offshore software developers risks and advantages
Thursday, October 28, 2021 by Vivien F. Peaden
The onset of COVID-19 has hastened CEOs’ prioritization of digital transformation to future-proof their organizations. This paradigm change is driving the IT outsourcing spend to improve operational agility, integrate new technologies, and achieve cost-savings and faster time-to-market.
Risks and advantages of using offshore software developers
The pandemic ...
Protecting source code
Wednesday, October 6, 2021 by Nigel Thorpe
Earlier this year, EA (Electronic Arts), reported a cyberattack and the theft of some 780GB of source code for games such as FIFA 21 and the proprietary Frostbite game engine used for many other high-profile games such as Battlefield. The threat actors responsible for the EA data breach put the stolen data up for sale on an underground hacking forum for $28 million, pro...
Vanta launches Automated ISO 27001 Certification and HIPAA Compliance
Tuesday, July 13, 2021 by Brittany Hainzinger
Vanta announced public availability for two new certification standards that help secure the internet and protect consumer data. Vanta provides automated compliance audits and continuous security monitoring through a robust SaaS platform, enabling companies to achieve industry standardization in weeks instead of months.
The rise of data leaks and privacy concerns hav...
GDPR and data security
Friday, September 18, 2020 by Jonathan Weicher
How has the General Data Protection Regulation (GDPR) affected your firm during the past two years? It has been nearly that long since GDPR went into effect across Europe, applicable for any organizations handling the personal information of European citizens. Since that time, it appears to be performing well up to expectations. Firms of all kinds find themse...
New online ordering platform emerges from stealth
Wednesday, May 20, 2020 by Brittany Hainzinger
Facebook recently announced “Facebook Shops”. It’s an attempt (again) to do e-commerce for their masses. They’ve been trying since 2012 to pull it off, but now the COVID crisis and the use of 3rd party platforms are making it more of a reality.
Oh, Facebook, when are you going to learn to stay in your lane..
Under the hood, Facebook Shops a...
Data Privacy Day 2020 is here
Tuesday, January 28, 2020 by Richard Harris
Data Privacy Day is here, and with the recent implementation of the California Consumer Privacy Act, the timing could not be better to discuss the importance of taking steps to protect sensitive data while also keeping personal data private and secure.
Similar to GDPR, CCPA will have a profound impact on data privacy and protection, making this year’s Data Priv...
The DMV is selling driver data and Eve Maler weighs in
Tuesday, September 24, 2019 by Richard Harris
Motherboard broke the news on September 6 that Departments of Motor Vehicles (DMVs) around the nation have been making millions by selling drivers’ personally identifiable information to thousands of businesses. Amongst the DMVs customers are insurance agencies, tow companies, data brokers and even private investigators – all who are able to purchase records...
IBM's z15 launches with Data Privacy Passports
Friday, September 13, 2019 by Freeman Lightner
Against a backdrop of global privacy breaches, with the cost of each security breach in the U.S. clocking in on avg $8.2 million, IBM launched "z15", the enterprise platform that delivers the ability to fully manage the privacy of customer data across hybrid and multi-cloud environments.
As part of the launch, IBM is announcing Data Privacy Passports, ...
AI for cybersecurity
Tuesday, November 27, 2018 by Richard Harris
As organizations struggle to deal with the growing sophistication of hackers and the influx in data breaches, it's becoming clear that AI could be a critical tool for automatically defending applications from cyber attacks - but there are challenges to overcome. Ivan Novikov, the CEO of AI security company Wallarm, offers some insight below on how AI can be utilized...
IAST supports AppSec efficiencies while cutting costs and headaches
Monday, November 26, 2018 by Asma Zubair
It’s easy to feel passionate about interactive application security testing (IAST) in the world of application security. You see, IAST makes security testing almost invisible. It’s not something that requires a highly trained team to be brought in to carry out and analyze testing results. It doesn’t hold up other teams or processes from moving forward....
Sensor network data integrity gets help from a new blockchain solution
Wednesday, November 21, 2018 by Christian Hargrave
Sixgill, LLC unveiled its new breakthrough blockchain or distributed ledger-based solution for sensor network data integrity. Sixgill Integrity is a ledger-agnostic solution and is designed from the ground up to solve the fundamental need for an end-to-end, real-time sensor data authenticity system. With Integrity, organizations are assured that their emitted data, tran...
How the reddit security breach reminds us to be careful
Monday, August 6, 2018 by Christian Hargrave
reddit recently disclosed in their announcements feed of a security breach into their system which the hacker "managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords." Include in the disclosed information was some reddit source code and some log files.
They went on to sa...
Questioning the future of privacy and the safety of personal identity
Thursday, June 28, 2018 by Richard Harris
While consumers and businesses expand their use of social media and electronic services to record levels, many of America’s most knowledgeable security professionals don’t believe that individuals will be able to protect their privacy and online identity, even with precautionary measures and new regulations such as GDPR.
These findings and more are outlin...
What some experts are saying about GDPR
Friday, May 18, 2018 by Christian Hargrave
The GDPR bill is causing an uproar in the industry as the compliance date comes ever nearer. Yet few can say they actually know much about the bill that will come into place on May 25th.GDPR, or the General Data Protection Regulation, is an expansion upon the EU’s previous Data Protection Act of 1998, extending the boundary of its territorial mandate from whatever juris...
New partnership emerges to simply IoT security
Wednesday, May 16, 2018 by Richard Harris
In an attempt to simplify IoT security when developing, Mocana Corporation has announced that it is partnering with Verizon to integrate Mocana’s endpoint security software solution, Mocana TrustPoint, with Verizon’s ThingSpace. Mocana TrustPoint, the company’s flagship IoT endpoint security solution, provides compliant security that protects more than 100 million ...
This is how much dating apps make every minute
Wednesday, December 6, 2017 by Christian Hargrave
There’s no denying the huge impact dating apps have had on our romantic lives, with 49 million Americans having participated in online dating at least once. With so many people now looking for love online, just how much money are our favorite dating apps making?Tech buy-back site Decluttr has crunched the numbers, looking at just how much money apps like Tinder, Bumble ...
SlashNext launches AI internet threat protection system
Thursday, November 9, 2017 by Christian Hargrave
SlashNext announced the company’s broad market release of the SlashNext Internet Access Protection System to protect organizations from cross platform social engineering and phishing, malware, exploits and callback attacks. The system goes beyond first generation signature-based and second generation sandbox-based technologies and deploys artificial intelligence and cog...
Is your app ready for Black Friday
Wednesday, September 6, 2017 by Tony Branson
With the increasing use of mobile devices for online shopping, a major share of every wallet is now going to online retailers. The convenience of shopping anytime; anywhere perfectly suits the busy, on-the-go generation that is giving eCommerce businesses a big boost. Despite this reality, more than 70% of SMBs do not have their websites ready for a sudden rise in traff...
Cyberbit's SOC 3D automation updates and what you should know
Tuesday, December 20, 2016 by Richard Harris
Cyberbit just announced a new version of its SOC 3D automation and orchestration platform that increases productivity and effectiveness of the SOC and substantially reduces incident response times. The new platform integrates with all major SIEM and security solutions, automates SOC runbooks and workflows, and prioritizes incidents according to their business impact. It...
Humans are still the biggest threat to cyber security report shows
Saturday, December 17, 2016 by Christian Hargrave
Global technology company Nuix have released the findings from its third annual survey of corporate information security practitioners who almost universally agreed that human behavior was their largest security threat. While businesses were investing to develop broad and mature cybersecurity capabilities, many survey respondents were uncertain about the most effective ...
Why Every DevOps Practice Needs NextGeneration Data Security
Monday, June 27, 2016 by Louis Evans
As engineers and managers, we live in a world of tradeoffs. A fast solution is usually a sloppy one; a cheap solution is often a fragile one. Any solution that breaks these tradeoffs is extraordinary. A major one can bring about a revolution. The DevOps transformation is just such a revolution. It offers orders-of-magnitude acceleration in software delivery, while ...
IT Governance of Sensitive Files on Corporate and BYOD Mobile Devices
Monday, June 20, 2016 by Jeff Steuart
Mobile content has brought new agility and efficiency to just about every enterprise. "Mobile communication and collaboration is accelerating and improving enterprise productivity and growth like no other universal technology since the dawn of the Web 25 years ago,” says Josh Bohls, Founder, Inkscreen. But these advantages come at a cost.Says Bohls, “Ask any o...
Tips to Use Penetration Testing to Protect Your Business From Cyber Attacks
Thursday, May 12, 2016 by Joaquín Rodríguez Varela
Forty-seven percent of all breaches were caused by malicious or criminal attacks according to the most recent global data breach study released by the Ponemon Institute. Resolving an attack cost businesses an average of $170 per record, translating to an average total cost of $3.79 million for a data breach.Today’s cybercriminals are getting smarter at finding and breac...
Delphix 5.0 Release Offers Fully Integrated Data Masking
Thursday, April 7, 2016 by Stuart Parkerson
Delphix had announced technology enhancements to it data operations platform designed to accelerate and simplify secure application development in the data center and in the cloud. Delphix 5.0 introduces a new data-masking capability, Selective Data Distribution, support for IBM DB2 and expanded support for Oracle E-Business Suite. The Delphix platform is offered a...
Guidelines to Identify and Protect Against Internal Network Security Threats
Friday, February 19, 2016 by Stuart Parkerson
APCON, a provider of intelligent network monitoring solutions, has published a new guide to identify and protect against internal network security threats. The publication, “Safeguarding Your Network from Insider Threats,” highlights the impact of data breaches and internal threats, which despite receiving less public attention, can be just as dangerous and damaging as ...
Mitigating Data Exposure Risks on z Systems
Friday, February 19, 2016 by Richard Harris
We visited with Ashok Reddy, CA Technologies’ General Manager – Mainframe, to discuss how the CA Data Content Discovery helps identify data exposure risks on z Systems and reduces these risks by scanning through the mainframe data infrastructure so that the right business decisions can be made to secure, encrypt, archive, or delete the data identified based on its sensi...
Why Privileged Identity Management is Critical for Secure IT Outsourcing
Thursday, January 21, 2016 by Richard Harris
We visited with David McNeely, VP of Product Strategy at Centrify, to talk about why secure privileged identity management is critical as more of today’s businesses are outsourcing IT functions and relying on vendors to troubleshoot systems and applications. Centrify recently released a new privileged identity management solution supporting federated privileg...
5 Steps for Mastering App Data Collection for User Acquisition and Reengagement
Thursday, January 7, 2016 by Diego Meller
User acquisition and re-engagement are essential to the success of any app marketing strategy. Whether the goal is bringing back dormant users, acquiring quality users who complete in-app events (like bookings or purchases), or even showing custom ads to a segment of users who have achieved an in-app activity threshold, collecting the right app data plays a major role i...
New Report Highlights Wide Ranging Cybersecurity Challenges
Wednesday, September 2, 2015 by Richard Harris
Cybersecurity Ventures has released its Cybersecurity Market Report for Q3 2015 which provides an overview of software development and application security trends, statistics, best practices, and resources. Highlights of the report include:- “The SANS Institute 2015 State of Application Security Report” states that many information security engineers don’t understa...
The FIDO Alliance Announces FIDO 1.0 Specifications
Thursday, December 11, 2014 by Richard Harris
The FIDO Alliance has announced FIDO 1.0 Specifications. FIDO 1.0 Specifications is the first open industry specifications for universal strong authentication. Members of the FIDO Alliance members can now access FIDO authentication which is known to be more private, secure and easier to use.According to Verizon’s Data Breach Investigations Report, weak or...
CurrentC Payment System Vs Apple Pay: Does CurrentC Data Breach Doom it Before it Starts
Monday, November 3, 2014 by Stuart Parkerson
It’s been well publicized recently that a number of retailers - including Wal-Mart, Target, Dillards, and Lowes - are bucking against Apple Pay to pave the way for the introduction of the CurrentC payment system, which has been created by these companies under the guise of the Merchant Customer Exchange.Where some merchants like Macy’s are going full steam ahead on the ...
O Brother, Where Art Thou How New Laws Are Governing the Collection and Use of Geolocation Information Inside Apps
Saturday, September 20, 2014 by Adam Grant
Trying to find out where someone is located is valuable information for businesses and attorneys, but there are new laws winding their way through Congress which directly impact how this information is obtained. In 2000, George Clooney appeared in the Joel and Ethan Coen comedy titled O Brother, Where Art Thou? The Coen brothers’ movie created the story as a modern...
41 percent of US Mobile Business Users Have Used Unsanctioned Enterprise Services
Friday, May 23, 2014 by Richard Harris
Enterprises continue to struggle with security issues as IT departments fight what seems to be a losing battle as they struggle to protect data.On specific problem is unintentional data compromises caused by sloppy employee mobile practices. A report by Harmon.ie outlines this ‘Rogue IT’ phenomenon, which occurs when workers circumvent organizational controls by exploit...