Confidence levels in securing the election are low, and declining, according to an ISACA survey of more than 3,000 IT governance, risk, security and audit professionals in the US. While federal, state and local governments continue to harden election i… Continue reading What’s causing uncertainty about election security?
QR codes are rising in popularity and use, according to a consumer sentiment study by MobileIron. Sixty-four percent of respondents stated that a QR code makes life easier in a touchless world – despite a majority of people lacking security on their mo… Continue reading Most people ignore QR code security concerns
Bruce Schneier coined the phrase security theater to describe “security measures that make people feel more secure without doing anything to actually improve their security.” That’s the situation we still face today when it comes to defending against c… Continue reading How security theater misses critical gaps in attack surface and what to do about it
Hackers are targeting everyone and taking advantage of fear, uncertainty, and a 24/7 news cycle that can dwell on a single theme for weeks on end. The victim pool includes everyone from the global remote workforce (some working in industries that didn’… Continue reading In uncertain times, CISOs have a golden opportunity
Cyber attacks have increased in number and severity since the onset of the pandemic. The changes organizations implemented to facilitate remote work have given cybercriminals new opportunities to launch campaigns exploiting mass uncertainty and fear. R… Continue reading Cyber losses are increasing in frequency and severity
While COVID-19 has proven the healthcare industry’s overall resilience, it has also increased its cybersecurity risk with new and emerging threats. The rapid adoption and onboarding of telehealth vendors led to a significantly increased digital f… Continue reading Telehealth is healthcare industry’s biggest cybersecurity risk
Officials at the U.S. Postal Service let multiple vulnerable applications languish on the agency’s IT network for years — flaws that could have been exploited by hackers to steal sensitive data, an inspector general audit has found. The inspector general investigation, distributed to Postal Service leadership in July, faults IT officials at the agency for not keeping a slew of applications up to date. Six of the IT applications were left on the Postal Service network for up to seven years with things like incomplete certification and accreditation from technology executives, according to the IG memo. A dozen vulnerabilities were deemed “catastrophic” by the USPS’s Corporate Information Security Office, the watchdog said, meaning they exposed the agency to big financial damages. “These are common, well-known vulnerabilities that have been present for three years that could be exploited by an attacker utilizing publicly available methods,” the memo reads. Simply put, the Postal […]
The post Postal Service left vulnerable IT applications unaddressed for years, inspector general finds appeared first on CyberScoop.
Massachusetts Institute of Technology (MIT) scientists have created a cryptographic platform that allows companies to securely share data on cyber attacks they suffered and the monetary cost of their cybersecurity failures without worrying about reveal… Continue reading Which cybersecurity failures cost companies the most and which defenses have the highest ROI?
Employees, whether careless or malicious, can pose a great risk to organizations, a Bitglass survey reveals. 61% of survey respondents reported at least one insider attack over the last 12 months (22% reported at least six separate attacks). Insider th… Continue reading The cost of an insider attack is as much as $2 million
Liability for cyber-physical security incidents will pierce the corporate veil to personal liability for 75% of CEOs by 2024, according to Gartner. Due to the nature of cyber-physical systems (CPSs), incidents can quickly lead to physical harm to peopl… Continue reading Financial impact of cyber-physical system attacks expected to grow