The Latest News in Cybersecurity

The Many Risks of Hardware Security Failures New NIST report examines hardware security failure scenarios and the risks they pose to your organization In November 2024, the Information Technology Laboratory at the National Institute of Standards and Technology (NIST) released NIST Report 8517, which examines nearly 100 scenarios that highlight the extensive possibilities for hardware-related IT security failures. Leveraging existing data on hardware weaknesses and design flaws documented in the Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) indexes, overlaid by the lab’s own research and evaluation, the report provides security failure scenarios that describe where each weakness typically occurs and its risk of exploitation. NIST Report 8517 is useful for anyone desiring to understand the various ways computer hardware can experience security-related failures that can lead to malicious exploitation, data breaches, ransom demands, and their associated costs.

Six Reasons for a New Security Risk Assessment If your last risk assessment is older than a year or two, it’s time for an update Security risk assessments are a vital requirement in federal regulations that impose security safeguards, which is just about all of them these days. They are also required by the major cybersecurity frameworks and cybersecurity standards that have been adopted by countless organizations.

2024 Cybersecurity Survey Offers New Insights into Internet User Behavior and Attitudes Now in its fourth year, the survey of online behaviors and attitudes is conducted annually by the National Cybersecurity Alliance and CybSafe. The 2024 survey, conducted between March 6 and April 22, 2024, included 7,012 adult individuals in the United States, Canada, United Kingdom, Germany, Australia, New Zealand, and India. 2024 represents the largest sample size to date.

HIPAA Security Rule Compliance Urged by OCR to Reduce Vulnerability to Hacking and Ransomware Office for Civil Rights warns healthcare providers, business associates, insurers against perils of non-compliance

How the New v4.0.1 Changed PCI DSS 4.0 (and How it Didn’t) Compliance with PCI Data Security Standard 4.0 is still mandatory by March 31, 2025!

CMMC 2.0 Compliance: Newly Updated Timeline for Defense Contractors, Subs, and Suppliers If you handle Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) as part of your contractual work with the Department of Defense (DoD), you will be required to demonstrate compliance with the CMMC 2.0 cybersecurity framework in order to maintain your ability to bid on DoD work. This is Fact 1.

New cybersecurity requirements affect financial firms doing business in Europe plus IT and comm tech providers who serve them from U.S. and elsewhere The Digital Operational Resilience Act (DORA), also known as EU 2022/2554, took initial effect January 16, 2023, and allowed two years for firms to comply. Full DORA compliance becomes mandatory on January 17, 2025—just four months from now. Are you ready?

Preparing for HITRUST Certification Here’s how to do it, why you should, and two checklists to help you succeed The most effective way to meet the relentless challenges of the digital age is through a robust cybersecurity and regulatory compliance program. Several cybersecurity frameworks have been developed over time as roadmaps toward this goal and one, arguably, has become the gold standard.

Latest Survey Spotlights Top Causes of Ransomware Unpatched vulnerabilities, phishing/malicious emails, and stolen credentials are leading causes of ransomware The latest ransomware survey confirms what previous surveys and studies have shown—that the leading causes of ransomware remain unchanged in recent years. In addition to revealing more about the root causes, the survey conducted by Sophos in January and February 2024 and released in April offers new insights into the size of ransom demands, who pays the ransoms, and how much they pay. Still, the important lessons lie in the root causes of ransomware, for those smart enough to learn from them.

This Emerging Cybercrime Hurts Everyone It Touches Synthetic identity fraud is a crime. It is either a felony or misdemeanor depending on its scale and financial impact. In this emerging form of fraud, a cybercriminal combines stolen information, such as an actual Social Security number, with other data that may be a mix of real and invented information, such as name, date of birth, address, and social media handles. The result of this forged alliance is a fake or synthetic identity that can then be used to commit acts of financial fraud. Synthetic identities are effective because they appear to be real and legitimate.