Ransomware Trains Its Sights on Cloud Providers

Dark Reading

Ransomware writers are now targeting cloud service providers with network file encryption attacks as a way to hold hostage the maximum number of customers that they can, notes Chris Morales, head of security analytics for Vectra. He also discusses Vectra's new ransomware report, which offers tips for protecting against virtual hostage taking

MY TAKE: As phishers take aim at elections, why not train employees to serve as phishing police?

The Last Watchdog

Today, the most common way to utilize attachments is via regular encrypted and encoded scripting in Office documents. For Cofense, the solution goes beyond security training but to fruitful immersion. If there is a data breach or some other cybersecurity incident, a phishing attack was probably involved. Over 90 percent of incidents begin with a phishing email. One of the more infamous hacks in recent years, the DNC data breach , was the result of a phishing attack.

Facebook Will Shift to Emphasize Encrypted Ephemeral Messages, Zuckerberg Says: eDiscovery Trends

eDiscovery Daily

In a post to Facebook last week, founder Mark Zuckerberg outlined a vision of the future that includes end-to-end encryption and an ephemeral lifespan for private messages and photos.

GDPR Compliance — The Fines Have Begun!


Maintain a fully documented training program to prove everyone that handles client data has been fully trained on how to comply with the regulatory requirements. This means complete data access logs, end-to-end encryption, and documented expungement procedures and logs.

Emergency Power Outage? Don’t Forget Old-School Redundancy


Hint: Such runbooks should include pesky details like login passwords, software license keys , encryption keys, network topology diagrams, recovery steps, etc.). Storage & Destruction Training & Awareness "blackout" "business power outage checklist" "business power outage" "disaster recovery plan" "emergency communications" "power outage After a sudden power outage, you tend to have questions and want fast answers.

Paper 40

Be Aware of Non-Obvious Healthcare Cybersecurity Threats


I cannot imagine any organization having a health IT system that does not have appropriate encryption. If you do not make sure the people in your organization are well trained, then all the technology in the world will not help you against things like phishing attacks. Plus, many organizations are doing their own internal phishing efforts as a way to train their employees on phishing breaches.

GDPR: What’s the difference between personal data and sensitive data?

IT Governance

As with personal data generally, it should only be kept on laptops or portable devices if the file has been encrypted and/or pseudonymised. Avoid a regulatory fine with GDPR training . EU GDPR GDPR GDPR training personal data sensitive data


Transferring personal data under the GDPR

IT Governance

Pseudonymisation and encryption. The GDPR advises organisations to pseudonymise and/or encrypt all personal data. According to Gemalto’s Breach Level Index , only 4% of data breaches since 2013 have involved encrypted data. Implementing encryption.


The GDPR: Get a crucial cyber security qualification in one day

IT Governance

Our ISO27001 Certified ISMS Foundation Training Course will help you on your way. Save 15% when you book this course alongside our ISO27001 Lead Implementer course >> EU GDPR ISO 27001 Cyber Security GDPR Training


The GDPR: Do you know the difference between personal data and sensitive data?

IT Governance

As with personal data generally, it should only be kept on laptops or portable devices if the file has been encrypted and/or pseudonymised. GDPR training. You can avoid these kinds of mistakes by enrolling on one of our GDPR training courses.


GUEST ESSAY: 3 key ingredients to stress-free compliance with data handling regulations

The Last Watchdog

Encryption provides an extra layer of security and control over your data, as well as the systems holding and transmitting your data. Data encryption also allows your employees to continue sharing files through familiar systems like email. For complete control of your encrypted data, you must have sole access to your encryption keys. Train employees.

Using Foundational Controls to “Secure IT”

Thales eSecurity

Organizations cannot secure their information technology (IT) simply by training everyone in the organization to identify and avoid falling victim to a phishing attack. Phishing attacks, account takeover (ATO) fraud and data breaches can be mitigated by multi-factor authentication, strong access controls for regular as well as privileged users, and by encrypting all sensitive data for instance. Data Encryption. Data encryption and key management go hand-in-hand.

Payroll Provider Gives Extortionists a Payday

Krebs on Security

19, Apex was alerted that its systems had been infected with a destructive strain of ransomware that encrypts computer files and demands payment for a digital key needed to unscramble the data. “When they encrypt the data, that happens really fast,” he said.

5 Cybersecurity Trends in the Professional Services Sector

Security Affairs

Employee Training on Phishing and Digital Security. Employees will need training on digital safety: how to spot phishing emails, and also how to spot bad links and downloads that can be a vector for viruses or other attacks.

These hackers have breached FBI-affiliated websites and leaked data online

Security Affairs

The association promotes federal and law enforcement leadership and training located at the FBI training academy in Quantico, VA. TechCrunch spoke to one of the hackers, who didn’t identify his or her name, through an encrypted chat late Friday. “We

China Releases National Standard on Personal Information Security

Hunton Privacy

Encryption measures must be adopted whenever sensitive personal information is retained. Enterprises must also implement staff training and audit the security measures which they have adopted to protect personal information. Cybersecurity Information Security Online Privacy Security Breach Anonymization China Consent Data Processor Encryption Information Sharing Personal Data Personal Information Privacy Privacy Policy

Own Your Cloud Security

Thales eSecurity

First, every person who has the potential to use the cloud needs to be trained to consider the type of data they are uploading to the cloud and how it is to be protected. It’s hard to believe it’s mid-October. Along with autumn, comes National Cybersecurity Awareness Month (NCSAM).

Cloud 108

IoT and Quantum Computing’s Impact on the Federal Government

Thales eSecurity

I spoke at both an Air Force Information Technology and Cyberpower (AFITC) training event and the 2019 Billington Cybersecurity Summit. I would not recommend entrusting your data in the cloud without maintaining control of the encryption keys that protect that data.

IoT 100

OMB Publishes Memorandum on Responding to Data Breaches

Hunton Privacy

The Breach Memorandum next notes the importance of breach response and awareness training, and emphasizes key provisions to include in agency contracts that obligate contractors to (1) encrypt PII in accordance with OMB and agency-specific guidelines, (2) report breaches to the relevant agency as soon as possible and (3) cooperate with any forensic investigation and analysis. Federal Law Compliance Encryption Obama Administration Personally Identifiable Information

Consumer Financial Protection Bureau Imposes First Ever Data Security Fine

Hunton Privacy

Specifically, the CFPB found that Dwolla failed to: adopt and implement data security policies and procedures reasonable and appropriate for the organization; use appropriate measures to identify reasonably foreseeable security risks; ensure that employees who have access to or handle consumer information received adequate training and guidance about security risks; use encryption technologies to properly safeguard sensitive consumer information; and.

Risk 43

SHARED INTEL: How digital certificates could supply secure identities for enterprise blockchains

The Last Watchdog

Early adopters are trial-running Hyperledger blockchains in trade financing, in education and training programs and in supply chains for certain vertical industries. Blockchain gave rise to Bitcoin.

Weekly Update 135

Troy Hunt

The timing actually works out pretty well as there was this week's announcement around Let's Encrypt transition of their root cert which is right up his alley.

Putting VMware’s Cloud Certification Platform to the Test with Thales’s Vormetric Data Security Manager

Thales eSecurity

The integration of DSM into VMware provides one-stop enterprise encryption key management for VMware customers. VMware supports end-to-end VM and vSAN encryption solutions. Plus, advanced encryption can also be performed from this single platform.

New Report on Police Digital Forensics Techniques

Schneier on Security

Survey results indicate that accessing data from service providers -- much of which is not encrypted -- is the biggest problem that law enforcement currently faces in leveraging digital evidence. A plurality of respondents said they only received annual training.

Data Security Act Introduced in New York State Assembly

Hunton Privacy

The Data Security Act obligates entities to develop an information security program that includes: administrative safeguards, such as conducting risk assessments, training employees and selecting service providers capable of maintaining appropriate safeguards; technical safeguards, such as assessing risks in network and software design and regularly testing and monitoring the effectiveness of key controls; and.

GUEST ESSAY: The true cost of complacency, when it comes to protecting data, content

The Last Watchdog

Heathrow Airport was fined £120,000 when it lost a USB stick containing non-encrypted and sensitive data. ” Even with sharper teeth attached to the regulatory fining regime, companies still operate as if non-encrypted data, on a non-password protected USB stick, should be considered acceptable. The ICO found that there was a “catalogue of shortcomings in corporate standards, training and vision.”

Boosting Your Data Protection Strategy in 2019

Archive Document Data Storage

Use Encryption Software. You can protect your data from hackers by encrypting your data. Encryption software scrambles your emails and files, so only authorised end users with the encryption key can unlock and read them. Several software providers offer high-security encryption software. Invest in Employee Training. Schedule ongoing training sessions to educate your staff about evolving risks and data breach prevention strategies.

FTC Enters into Memorandum of Understanding with Dutch Data Protection Authority

Hunton Privacy

The Memorandum also discusses protective measures for transmitting information related to a request for assistance on a privacy-related matter, such as encryption or maintaining materials in secured, restricted locations. Federal Law Consumer Protection Cross-Border Data Flow Data Protection Authority Edith Ramirez Encryption Federal Trade Commission Information Commissioners Office Ireland Jacob Kohnstamm Netherlands United Kingdom

Information Governance: Trends and Highlights From 2018


Documenting the GDPR compliance training program to prove that everyone who handles client data has been appropriately equipped. Continuing the annual tradition, it’s time to review the valuable information governance (IG) lessons of the past year.

Nutanix and Thales, Hyerconverged & Hypersecure

Thales eSecurity

Nutanix certainly knows this and is working hard with Thales eSecurity to protect the confidentiality and integrity of sensitive data through strong encryption of user and application data to a level of FIPS 140-2 Level 2 compliance.

Payments and Security: Putting security where your money is

Thales eSecurity

ensuring staff are fully trained in security protocols. Originally published in Payments Journal on July 31, 2019.

More on Backdooring (or Not) WhatsApp

Schneier on Security

And that is, we have been training our AI models on the server and making inferences on the server when all the data are flooding into our data centers. Instead, we should ­ we must ­ take steps to constructively demand what we actually want: End to End Encryption which is worthy of the name.

Artificial intelligence in cyber security

IT Governance

This technology enables computers to be trained to process large amounts of data and identify trends and patterns. The 2018 Cisco Annual Cybersecurity Report expects organisations to increase their use of encryption. Cyber security has become a major priority for every organisation.

MY TAKE: How digital technology and the rising gig economy are exacerbating third-party risks

The Last Watchdog

Allen is a widely respected thought leader on this topic, having launched Shared Assessments in 2005 as an intel-sharing and training consortium focused on third-party risks. And once you have that, then you have the ability to reverse algorithms and unlock encryption.

Risk 173

Enterprise SaaS – and threats to your data

Thales eSecurity

Add to this the lifetime of support, maintenance, infrastructure and training required. If organizations have the resources and tools available to build out secure infrastructure and interfaces, they are able to control their encryption keys.

My 7 top security publications from the ICO

Data Protector

Encryption (Mar 2016) This 35-page guide highlights, through a range of practical scenarios, when different encryption strategies can help provide a greater level of protection.

How SMEs can improve their data protection practices

IT Governance

To prevent this, you should avoid WEP encryption (which can be cracked in minutes) and use only WPA2, which uses AES-based encryption and provides better security than WPA. Train staff. Our Certified Introduction to Data Protection Training Course is the perfect place to start. SMEs (small and medium-sized enterprises) tend to be the hardest hit by cyber attacks – and they only have themselves to blame.