• July 30, 2018

  Business Email Compromise and the Importance of Being Earnest

  By Justin Silbert. Business Email Compromise (BEC), along with all cyber crime, is continuing to thrive.  The FBI is now estimating that the cost of BEC has reached $12 billion since October 2013 and the losses continue to grow.  When talking about financial cyber crimes, BEC is one of the simplest and most effective scams. … Continue reading Business Email Compromise and the Importance of Being Earnest → READ MORE >

  • 1
  • read more
• July 26, 2018

  Insurance Occurrence Assurance?

  You may have seen our friend Brian Krebs’ post regarding the lawsuit filed last month in the Western District of Virginia after $2.4 million was stolen from The National Bank of Blacksburg from two separate breaches over an eight-month period. Though the breaches are concerning, the real story is that the financial institution suing its insurance … Continue reading Insurance Occurrence Assurance? → READ MORE >

  • 0
  • read more
• July 12, 2018

  Cyber Security ROI: It may happen sooner than you think

  By Seth Jaffe. You’ve heard it before. Companies are slow to invest in cyber security because they see few returns.[1]  But that is likely to change, and it may occur sooner than we expected. Let’s first set the context. An executive recently made the comment to me that “cyber security is just another cost of … Continue reading Cyber Security ROI: It may happen sooner than you think → READ MORE >

  • 0
  • read more
• June 7, 2018

  Alabama Requires Entities to Safeguard Sensitive Information

  By Seth Jaffe. Alabama recently became the 50th state to pass a data breach notification law, but in doing so, the state upped the ante by including security obligations generally found in industry-specific cyber security laws. I’ve written about the Eight Principles of Cyber Security Laws in a prior blog post. Alabama adopted seven of … Continue reading Alabama Requires Entities to Safeguard Sensitive Information → READ MORE >

  • 0
  • read more
• June 5, 2018

  The 8 Principles of Cyber Security Laws

  By Seth Jaffe. The United States has yet to promulgate a comprehensive federal cyber security law aimed at improving the cyber hygiene of companies serving its citizens. But a collation of industry-specific laws (both federal and state), proposed bills, guidance documents, and cyber strategies yields a fair indication of where our nation is headed. This … Continue reading The 8 Principles of Cyber Security Laws → READ MORE >

  • 0
  • read more
• May 15, 2018

  Lowering Risk By Putting Response Before Incident

  Justin Silbert As individuals, some people are good at improvisation, that is, dealing with things as they come and creating the best outcome for it. But, organizations in the midst of an incident are notoriously terrible at improvising. There is no better example than Equifax, whose initial response was fraught with missteps. First, it downplayed … Continue reading Lowering Risk By Putting Response Before Incident → READ MORE >

  • 1
  • read more
• May 11, 2018

  When It Comes to Cyber Security, Lack of Vendor Oversight Can Lead to Legal Trouble

  By Seth Jaffe. Third-party cyber security programs got a shot in the arm this week in the form of two legal actions. The first, well summarized by Sue Ross over at Norton Rose Fulbright, is a proposed consent agreement by the Federal Trade Commission against mobile phone manufacturer BLU Products, Inc., alleging that BLU’s failure … Continue reading When It Comes to Cyber Security, Lack of Vendor Oversight Can Lead to Legal Trouble → READ MORE >

  • 0
  • read more
• May 7, 2018

  Just How Prolific is Ransomware?

  Our friends over at Bromium recently published a study entitled “into the web of profit” that focussed on revenue flow and profit distribution as it pertains to ransomware. The annual revenue from the ransomware supply chain – $1.5 trillion (no, this isn’t a typo). The amount of money involved is staggering when you consider that … Continue reading Just How Prolific is Ransomware? → READ MORE >

  • 0
  • read more
• May 1, 2018

  NIST Releases Cybersecurity Framework 1.1

  By Heath C Renfrow, CISSP, C|CISO, C|EH, C|NDA The National Institute of Standards and Technology (NIST) announced on April 16, 2018 the release of the Cyber Security Framework (CSF) 1.1, intended to improve Critical Infrastructure Cybersecurity. The focus of this framework when first developed in 2014 was geared towards industries vital to economic and national security, … Continue reading NIST Releases Cybersecurity Framework 1.1 → READ MORE >

  • 0
  • read more
• April 24, 2018

  FDA and the Medical Device Security Action Plan

  By Heath C Renfrow, CISSP, C|CISO, C|EH, C|NDA Since 2013, cyber professionals have been warning about the cyber risk and exposure healthcare organizations face from cyber-attacks on medical devices and software. As a result of these concerns the Health and Human Services (HHS) extended security and privacy rules to business associates, and the Federal Drug Administration … Continue reading FDA and the Medical Device Security Action Plan → READ MORE >

  • 0
  • read more