Self Improvement Site
On The Internet! Take the Self Improvement Tour
On The Internet! Take the Self Improvement Tour
Articles from Michael Peters | Selfgrowth.com
- GandCrab Ransomware Exploiting an Old Vulnerability to Infect New Victims - by Submitted on Feb 21, 2019 from Michael PetersThird-party vendor hacks, where hackers attack a company by compromising one of their business associates, have been a problem for a while. Now, the hackers behind GandCrab ransomware have gotten into the act, exploiting a year-old SQL injection vulnerability in a common remote IT support ...
Views: 1170 - GDPR Compliance Issues Could Cause WHOIS Directory to Go Dark - by Submitted on Apr 25, 2018 from Michael PetersThe deadline for compliance with the EU’s General Data Protection Regulation (GDPR) is fast approaching, and an astounding number of organizations are woefully unprepared to meet it. A new survey of IT decision-makers by Crowd Research Partners found that a whopping 60% of organizations will ...
Views: 882 - GDPR Compliance Means Transforming Your Data Governance - by Submitted on Dec 07, 2017 from Michael PetersOrganizations have until May 25, 2018, to comply with the EU’s new General Data Protection Regulation (GDPR). Arguably the most comprehensive, far-reaching data privacy law passed to date, the GDPR grants European consumers numerous new data privacy rights and places new data governance ...
Views: 998 - Get Ready for Greater SEC Cyber Security Enforcement - by Submitted on Jul 12, 2017 from Michael PetersSEC cyber security enforcement is set to intensify in light of recent global attacks and new enforcement chiefs Public companies and firms operating in regulated industries, especially finance, should expect more SEC cyber security enforcement in the wake of new and emerging threats, like ...
Views: 939 - Government Ransomware Is Everyone's Problem - by Submitted on Apr 06, 2017 from Michael PetersThe word “ransomware” has become synonymous with the healthcare industry, but government ransomware attacks are a growing threat. Over the past year, the healthcare industry has been battered by an epidemic of ransomware attacks. The problem has become so ubiquitous that it is making their ...
Views: 1198 - GSA Proposes Changes to Cyber Security Rules for Federal Contractors - by Submitted on Jan 31, 2018 from Michael PetersThe General Services Administration (GSA) is planning to tighten up federal contractor cyber security requirements regarding sensitive non-classified data, according to a Federal Register Notice dated January 12. The rules would cover internal contractor systems, external contractor systems, ...
Views: 830 - Hackers Can Use DICOM Bug to Hide Malware in Medical Images - by Submitted on Apr 24, 2019 from Michael PetersA newly discovered design flaw in DICOM, a three-decade-old medical imaging standard, could be used to deliver malware inside what appears to be an innocuous image file, a researcher from Cylera has discovered. Because the malware would not alter the protected health information (PHI) contained ...
Views: 1248 - Hackers’ Next Target: Smart Toys - by Submitted on Apr 18, 2017 from Michael PetersCyber criminals don’t care who they hurt. This was made obvious during the rash of ransomware attacks on healthcare facilities this year, where hackers locked down electronic health records systems, putting patients at grave risk. There is great concern that the proliferation of Internet of ...
Views: 1092 - HBO Hack Underscores the Growing Threat of Digital IP Theft - by Submitted on Aug 16, 2017 from Michael PetersHBO Hack Targeted Valuable Intellectual Property and Company Secrets Corporate espionage and the theft of intellectual property and company secrets have gone cyber. The latest victim is cable network HBO and its flagship series Game of Thrones. The HBO hack, perpetrated by a hacker or group ...
Views: 975 - HBO Hacks Indicate a Company in Cyber Security Crisis - by Submitted on Aug 26, 2017 from Michael PetersHacks in the City: Latest in String of Attacks at HBO Targets Company’s Social Media Accounts HBO has had a rough summer, and things are getting progressively worse for the cable titan. The HBO hacks began in late June, when an individual hacker or group calling themselves “Mr. Smith” dumped ...
Views: 1044 - HHS Publishes New Cyber Security Guidelines for Healthcare Industry - by Submitted on Jan 09, 2019 from Michael PetersNoting that cyber security is “the responsibility of every health care professional, from data entry specialists to physicians to board members,” the U.S. Department of Health and Human Services (HHS) has published Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients ...
Views: 1099 - HIPAA Compliance Does Not Equal Data Security - by Submitted on Apr 14, 2017 from Michael PetersHealthcare is one of the most regulated industries in the U.S. HIPAA, or the Health Insurance Portability and Accountability Act of 1996, requires healthcare organizations and their third-party service providers, such as labs and billing companies, to have data security measures in place protect ...
Views: 884 - How Are IT Compliance and Cyber Security Different? - by Submitted on Jul 03, 2019 from Michael PetersIT compliance and cyber security are often used interchangeably, even within the cyber security and compliance fields. This is the basis for the completely incorrect and dangerous notion that achieving compliance automatically equals being secure. While there is some overlap, and the two ...
Views: 1287 - How to Protect Your Business Website from Formjacking - by Submitted on May 05, 2019 from Michael PetersAs individuals become more savvy about avoiding phishing emails, and enterprises get better at filtering them out before they ever reach employees’ inboxes, it’s become more difficult for hackers to infect enterprise systems with ransomware and cryptojacking malware. Companies are also becoming ...
Views: 1315 - How to Protect Your Enterprise & Yourself from Phishing Attacks - by Submitted on May 30, 2018 from Michael PetersPhishing attacks are big business. The FBI estimates that business email compromise, a highly targeted form of phishing, costs U.S. businesses half a billion dollars a year, and the Verizon 2018 Data Breach Investigations Report found that 90% of cyber attacks began with a phishing ...
Views: 882 - How to Protect Your Organization From Malicious Insiders - by Submitted on Apr 18, 2017 from Michael PetersNo organization wants to think that one of its own trusted employees is out to get the firm. However, a study by Intel found that 43% of data losses are the result of “internal actors” – and about half of these incidents were due to the intentional acts of malicious insiders, not accidents or ...
Views: 889 - Hybrid Cloud Security Lags Behind Implementation - by Submitted on Mar 01, 2019 from Michael PetersFor many organizations, particularly those in highly regulated industries such as healthcare, hybrid cloud environments offer the best of both worlds. Companies get to enjoy the easy scalability and other benefits of AWS, Microsoft Azure, or Google Cloud while isolating their critical workloads ...
Views: 1182 - ICS Security: 3 Reasons Why Air Gapping No Longer Works - by Submitted on Jun 06, 2018 from Michael PetersThere has never been a power outage in the U.S. due to a cyber attack, but it happened in Ukraine over the Christmas holidays in 2015, and there have been attempts to breach U.S. power companies and hack the power grid. In March, the U.S. Department of Homeland Security issued an alert ...
Views: 882 - IoT Cyber Security Threatens Consumer Adoption of Smart Devices - by Submitted on Apr 14, 2017 from Michael PetersIf IoT cyber security concerns aren’t addressed, consumers will reject self-driving cars and other smart devices. Shortly after rideshare company Uber launched a pilot test of self-driving cars in Pittsburgh, competitor Lyft made the bold prediction that most of its cars would be self-driving ...
Views: 860 - Is the California Consumer Privacy Act the “American GDPR”? - by Submitted on Jul 12, 2018 from Michael PetersThe recent Exactis data leak, which could surpass Equifax in the sheer number and scope of records exposed, has data privacy advocates calling for an “American GDPR.” While it is unlikely that a federal data privacy law will come to pass anytime soon, some states have already taken matters into ...
Views: 984 - Is Your Company Protected Against Insider Threats? - by Submitted on Apr 14, 2017 from Michael PetersThe Hollywood portrayal of a hacker is a mysterious hooded figure sitting in a dark room, furiously tapping away at a keyboard in search of a back door into an organization’s system. However, the real enemy may be sitting in a brightly lit cubicle right outside the CEO’s office; insider threats ...
Views: 807 - It’s Time to Get Serious About Education Cyber Security - by Submitted on Apr 06, 2017 from Michael PetersK-12 school systems, colleges, and universities are being increasingly targeted by hackers, yet education cyber security is as woefully lacking as other industries, as these recent incidents illustrate: • In November 2016, Columbia County School District in Georgia admitted to a breach of ...
Views: 920 - Jackpotting: How Secure Are Your Bank’s ATMs? - by Submitted on Apr 06, 2017 from Michael PetersATMs were designed to protect their cash vaults, not their computer components, which leaves them vulnerable to “jackpotting” cyber attacks. Earlier this month, the American Bankers Association announced changes to its Bank Capture incident tracking system, which logs data on ATM attacks, as ...
Views: 999 - Kubernetes Security Best Practices to Protect Your Cloud Containers - by Submitted on Apr 03, 2019 from Michael PetersLightweight cloud containers are fast replacing resource-sucking virtual machines, and Kubernetes is fast becoming the de facto standard for container orchestration. Kubernetes adoption doubled in 2018. Unfortunately, as with any popular technology, it was only a matter of time before hackers ...
Views: 1157 - Latest Anthem Breach Traced Back to Third-Party Vendor - by Submitted on Aug 10, 2017 from Michael PetersNew Anthem breach underscores the need to manage cyber risk throughout the enterprise ecosystem Anthem – yes, that Anthem – has been hacked again. About a month after the beleaguered health insurer agreed to fork over a record-setting $115 million to settle a class action lawsuit related to ...
Views: 997 - Lower HIPAA Fines Aren’t a License to Relax Cyber Security - by Submitted on May 16, 2019 from Michael PetersFollowing a record year for HIPAA settlements that saw the U.S. Department of Health and Human Services (HHS) collect $28.7 million in HIPAA fines, HHS has reduced the maximum annual HIPAA fine in three out of the four penalty tiers. However, HHS’ move doesn’t mean that healthcare organizations ...
Views: 1189 - Make These Cyber Security Resolutions for 2018 - by Submitted on Dec 28, 2017 from Michael PetersNow that the year is coming to an end, all eyes are on what’s possibly around the corner. More attacks on cryptocurrencies? An escalation in attacks by state-sponsored cyber criminals? Chaos as the EU’s GDPR is implemented? In cyber security, only one thing is certain: It’s a continuous game of ...
Views: 1002 - Many U.S. Companies Unaware that the GDPR Applies to Them - by Submitted on May 02, 2018 from Michael PetersWith just over three weeks to go until the May 25, 2018, deadline, many U.S. companies are woefully unprepared for the EU’s new General Data Protection Regulation, or GDPR. In fact, quite a few of them don’t yet realize they have to achieve GDPR compliance. A new survey by CompTIA found that “A ...
Views: 948 - Marriott Starwood Breach Spotlights Multiple Cyber Security Issues - by Submitted on Dec 12, 2018 from Michael PetersThe Marriott Starwood breach, which exposed the personal data of 500 million guests, was not the largest data breach in terms of size; Yahoo still holds that dubious honor. However, because of the nature of the data stolen, it has the potential for a very long reach and highlights multiple cyber ...
Views: 1091 - Medical Device Security Is Largely Nonexistent - by Submitted on May 31, 2017 from Michael PetersA new report by Synopsys and the Ponemon Institute finds that medical device security is plagued by a lack of standards, testing, and accountability. Healthcare organizations tend to focus their cyber security efforts on HIPAA compliance, protecting patient data, and defending against ...
Views: 959 - Mirai Botnet Attacks Likely Pulled Off By Bored Teenagers - by Submitted on Apr 18, 2017 from Michael PetersThe Mirai botnet DDoS attacks were the largest on record – and they were likely masterminded by teenagers. In October, a massive DDoS attack on the Dyn DNS “Managed DNS” infrastructure brought down a number of major websites, including PayPal, Twitter, Amazon, Netflix, and Spotify. The attack ...
Views: 1005 - Mirai DDoS Attacks Illustrate Vulnerability of IoT Devices - by Submitted on Apr 18, 2017 from Michael PetersIoT manufacturers should take heed from the recent Mirai DDoS attacks. Late last year, a widespread attack on Dyn DNS “Managed DNS” infrastructure wreaked havoc across the internet and brought down a number of major websites, including PayPal, Twitter, Amazon, Netflix, GitHub, and Reddit. ...
Views: 916 - Navy Cybersecurity Failures Detailed in New Report - by Submitted on Mar 23, 2019 from Michael PetersEveryone already knew that Navy cybersecurity had big problems. Last fall, a Wall Street Journal report on Navy cybersecurity revealed that Chinese nation-state hackers had successfully breached a number of third-party Navy contractors over an 18-month period, stealing highly classified ...
Views: 1169 - Nearly 340 Million Records Exposed in Exactis Data Leak - by Submitted on Jul 05, 2018 from Michael PetersLast week’s data leak at Exactis, a Florida-based marketing and data aggregation firm, has cyber security experts and data privacy advocates up in arms. WIRED reports: Earlier this month, security researcher Vinny Troia discovered that Exactis, a data broker based in Palm Coast, Florida, had ...
Views: 995 - New PCI DSS Ecommerce Guidelines Stress TLS 1.1 Migration - by Submitted on Apr 19, 2017 from Michael PetersNew PCI DSS Ecommerce Best Practices Replace Previous Guidelines Issued in 2013 Consumers love shopping online and are abandoning malls for mobile shopping apps in droves. However, online shopping environments offer multiple opportunities for hackers to steal payment card data. Even worse, as ...
Views: 984 - New York State Cyber Security Regulations Emphasize Governance, Risk & Compliance - by Submitted on Apr 06, 2017 from Michael PetersNew York State Cyber Security Law Heavy on GRC and Proactive Cyber Security The first phase of the New York state cyber security regulations, which apply to insurance companies, banks, and other financial institutions operating within the state, went into effect at the beginning of March. ...
Views: 1148 - New York State Cyber Security Regulations Mandate Common-Sense Practices - by Submitted on May 18, 2017 from Michael PetersNew York State Cyber Security Regulations for Financial Institutions Could Be Model for Other States The first phase of the New York state cyber security regulations, which apply to insurance companies, banks, and other financial institutions operating within the state, finally went into ...
Views: 1092 - NIST 800–171 Compliance: A Guide for Government Contractors - by Submitted on Oct 14, 2018 from Michael PetersIf your company is part of the federal supply chain, you likely need to comply with NIST 800–171. NIST 800–171 compliance applies to contractors for the DoD, GSA, NASA, and other federal and state agencies; universities and research institutions that accept federal grants; consulting firms with ...
Views: 947 - NIST Issues Guidance for Medical IoT Device Security - by Submitted on Sep 05, 2018 from Michael PetersThere are more connected devices than there are humans on Earth. Organizations have been as quick to embrace the Internet of Things as consumers have, and the healthcare industry is no exception. Medical IoT devices have exploded in popularity and grown in complexity. Smart medical devices allow ...
Views: 999 - NIST Issues Revised Guidance for Bolstering Federal Email Security - by Submitted on Mar 13, 2019 from Michael PetersEmail breaches can be just as destructive to organizations as customer data breaches; just ask Sony Pictures and the Democratic National Committee. A breach of a federal government agency’s email system may not just be embarrassing or scandalous to the agency; it could put national security at ...
Views: 1134 - NIST Privacy Framework Under Development to Complement NIST CSF - by Submitted on Oct 05, 2018 from Michael PetersCiting the success of its cybersecurity framework and the advent of IoT devices, artificial intelligence, and other technologies that are making it more challenging than ever for enterprises to protect their customers’ privacy, NIST has launched a collaborative project to develop a voluntary ...
Views: 932 - NIST Proposes Secure Software Development Framework - by Submitted on Jun 29, 2019 from Michael PetersApplying software updates and patches as soon as possible is a cyber security best practice, but what if an update contains malicious code inserted by a hacker? Software supply chain attacks are a serious and growing problem for both private-sector organizations and the federal government. Among ...
Views: 1240 - NIST Proposes Stronger Cyber Standards for Defense Contractors - by Submitted on Jul 10, 2019 from Michael PetersU.S. defense contractors are being heavily targeted by foreign cybercriminals. An internal Navy cyber security audit ordered after a series of successful breaches of Navy contractors revealed an agency in complete cyber chaos “in ways few appreciate, fewer understand, and even fewer know what to ...
Views: 1343 - Outsourcing Can Help Bridge the Cyber Security Skills Gap - by Submitted on Jun 29, 2017 from Michael PetersThe cyber security skills gap is real and growing; there simply aren’t enough cyber security employees to go around. Cyber crime is rapidly escalating, and board rooms are taking notice. KPMG’s 2017 U.S. CEO Outlook survey shows cyber security risks to be among CEOs’ top concerns, yet only ...
Views: 991 - PCI DSS Compliance Alone Won’t Protect Your Customer Data - by Submitted on Apr 14, 2017 from Michael PetersPCI DSS compliance is serious business for any organization that processes or accepts major payment cards, including SaaS providers that offer payment processing solutions to their customers. Retailers or payment processors who are found to be in violation of PCI DSS can be fined millions of ...
Views: 823 - Penetration Tests vs. Vulnerability Scans: Understanding the Differences - by Submitted on Sep 19, 2018 from Michael PetersThe difference between penetration tests and vulnerability scans is a common source of confusion. While both are important tools for cyber risk analysis and are mandated under PCI DSS, HIPAA, and other security standards and frameworks, they are quite different. Let’s examine the similarities ...
Views: 878 - Phishing for Dollars: Email Scams Costing Companies Billions - by Submitted on May 10, 2017 from Michael PetersWhy Your Employees Keep Clicking on Phishing Emails, and How You Can Stop It The 2017 Verizon Data Breach Report is out, and it’s full of great news – if you’re a hacker. The study, which examined over 1,900 breaches and more than 42,000 attempts in 84 countries, showed that cyberespionage ...
Views: 1019 - Poor Cyber Security Led to Houston Astros Hack - by Submitted on Apr 14, 2017 from Michael PetersBaseball may be America’s favorite pastime, but from the Black Sox scandal to Pete Rose to the “Steroid Era,” cheating schemes have long tarnished the game. Sadly, it was only a matter of time before cheating went high-tech. Last summer, former St. Louis Cardinals executive Chris Correa was ...
Views: 856 - POS Data Security an Issue as Fast-Food Restaurants Automate Ordering - by Submitted on Apr 10, 2017 from Michael PetersThe next time you buy a burger at McDonald’s or Wendy’s, a computer may be the one asking, “Would you like fries with that?” After decades of depending on human workers to take orders – and payments – American fast food chains are finally moving into the computer age, driven by rising minimum ...
Views: 957 - Post Equifax, New Data Breach Notification Laws are Inevitable - by Submitted on Jan 12, 2018 from Michael PetersThe U.S. Securities and Exchange Commission plans to update its six-year-old guidelines regarding data breach notification and cyber risk disclosure, Bank Info Security reports: The agency has indicated that it expects to refine guidance around how businesses disclose cybersecurity risks to ...
Views: 908