Proof, rarely a concern Proof that the data was safe at a particular point in time is rarely a concern for most organizations implementing security controls. There are many other areas believed to be more important. Hence, the focus is mostly on protecting information by assessing and mitigating risk associated with its loss. Part of […]
When counting lost records officially reported so far in 2016 in the US, 3.2 out of 4.7 Million were stolen by external attackers (according to Privacy Rights Clearinghouse database). These numbers show that in spite of increased security awareness, bigger budgets, stricter standards and regulations, companies are still easy prey for hackers. This article explores […]
The integrity of system and configuration files of various services and applications is critical for building and maintaining secure IT environments. Hence, multiple compliance objectives (HIPAA, PCI DSS, SOX, FISMA and more) require implementing file integrity monitoring to ensure that these critical files are changed as part of authorized, documented and controlled processes only. Many […]
What is Petya and how is it different from other ransomware? Petya ransomware is meant to prevent users from accessing their data and force them to pay ransom in order to recover it. However, unlike other types of ransomware, it does not use encryption to compromise the files one by one, which may take time […]
The first two weeks of July were rich in data breaches, especially in the healthcare sector. According to official reports in the US, a number of 17 breaches were reported, the large majority, affecting healthcare organizations, where all data breaches affected more than 500 individuals, hence, falling under the requirements of section 13402(e)(4) of the […]
Ransomware is already pandemic and there isn’t a cure yet. Why? Mainly because ransomware attacks are relatively easy to devise (can run in a valid application, even as a script) and the traditional anti-virus applications are bypassed completely as they look at different areas that can indicate or be subject of malware attacks. A good […]
Breaches are an extremely common occurrence for companies, especially if they are large businesses. Even though not all data breaches are cyber-attacks, valuable data is exposed to outsiders or lost in all cases. An example of a data incident is an employee copying data to their personal device, violating the company policies. Sending documents by […]
Auditing access to data has been an important concern for companies that need to protect intellectual property and security-sensitive information. This concern became even more important during the last decade, with the increase in cybercrime, driving an array of regulations, security frameworks and associated standards that enforce this need, and establish penalties for lack of […]