Data security and privacy

Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.

Top Stories

Video 30 Jun 2025
Ransomware: Examples, prevention and mitigating the damage

Top cybersecurity experts gathered to discuss the latest threats from ransomware and how organizations, large and small, can prevent or, at least, mitigate an attack. Continue Reading
By
- Staff report
Tip 30 Jun 2025
What is attack surface management? Guide for organizations

Attack surface management can help CISOs and other cybersecurity managers address the growth in the number of potential entry points threat actors might exploit. Continue Reading
By
- John Moore, Industry Editor

Tip 30 Jun 2025
What is attack surface management? Guide for organizations

Attack surface management can help CISOs and other cybersecurity managers address the growth in the number of potential entry points threat actors might exploit. Continue Reading
By
- John Moore, Industry Editor
Tip 30 Jun 2025
8 Drupal security best practices

Drupal offers advanced security features, but admins must know how to implement and configure them. Best practices include using the latest version and backing up sites. Continue Reading
By
- Reda Chouffani, Biz Technology Solutions
Tip 30 Jun 2025
Cybersecurity outsourcing: Strategies, benefits and risks

For companies battling data breaches and cyberattacks, MSSPs can offer lower costs, better reliability, broader experience and more -- if organizations define their needs well. Continue Reading
By
- Mary K. Pratt
Definition 27 Jun 2025
What is phishing? Understanding enterprise phishing threats

Phishing is a fraudulent practice in which an attacker masquerades as a reputable entity or person to trick users into revealing sensitive information. Continue Reading
By
- Kinza Yasar, Technical Writer
- Alexander S. Gillis, Technical Writer and Editor
Tip 27 Jun 2025
Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Definition 26 Jun 2025
What is cyber resilience?

Cyber resilience is the ability of a computing system to identify, respond to and recover quickly from a security incident. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Corinne Bernstein
Tip 26 Jun 2025
10 key cybersecurity metrics and KPIs your board wants tracked

Security leaders need cybersecurity metrics to track their programs and inform decision-makers. These 10 metrics and KPIs provide a good foundation for tracking essential activity. Continue Reading
By
- Cynthia Brumfield, DCT Associates
Guest Post 25 Jun 2025
Authorization sprawl: Attacking modern access models

Attackers exploit authorization sprawl by using legitimate credentials and SSO tokens to move between systems, bypassing security controls and deploying ransomware undetected. Continue Reading
By
- Joshua Wright, SANS Institute
Tip 25 Jun 2025
Ransomware threat actors today and how to thwart them

Top experts convened on BrightTALK's 'CISO Insights' to discuss 'Ransomware 3.0' -- the current threat and what organizations, large and small, must do to thwart these bad actors. Continue Reading
By
- Staff report
Tip 24 Jun 2025
Cybersecurity governance: A guide for businesses to follow

Cybersecurity governance is now critical, with NIST CSF 2.0 recently adding it as a dedicated function. Learn why governance is core to an effective cyber strategy. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tip 23 Jun 2025
SentinelOne vs. CrowdStrike: EPP tools for the enterprise

Compare SentinelOne and CrowdStrike endpoint protection platforms, which both offer strong endpoint security with GenAI, but differ in pricing tiers and specialized strengths. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tip 23 Jun 2025
How to choose a cybersecurity vendor: 12 key criteria

Choosing a cybersecurity vendor entails a two-phase approach: shortlisting vendors using clear requirements, then conducting thorough evaluations based on key criteria. Here's how. Continue Reading
By
- Leah Zitter, Ph.D.
Definition 16 Jun 2025
What is HMAC (Hash-Based Message Authentication Code)?

Hash-based message authentication code (HMAC) is a message encryption method that uses a cryptographic key with a hash function. Continue Reading
By
- Scott Robinson, New Era Technology
- Rahul Awati
Tip 10 Jun 2025
Enumeration attacks: What they are and how to prevent them

User and network enumeration attacks help adversaries plan strong attack campaigns. Prevent them with MFA, rate limiting, CAPTCHA, secure code and more. Continue Reading
By
- Ravi Das, ML Tech Inc.
Answer 10 Jun 2025
Symmetric vs. asymmetric encryption: Understand key differences

Explore the differences between symmetric vs. asymmetric encryption, including how they work and common algorithms, as well as their pros and cons. Continue Reading
By
- Michael Cobb
Tip 02 Jun 2025
The DOGE effect on cybersecurity: Efficiency vs. risk

The DOGE effect on security is a complex issue. Pursuit of efficiency might be a legitimate goal, but experts caution it can conflict with cybersecurity defenses. Continue Reading
By
- Staff report
Video 02 Jun 2025
The DOGE effect on cyber: What's happened and what's next?

In this webinar, part of 'CISO Insights' series, cybersecurity experts debate the pros and cons of the Department of Government Efficiency's actions and the impact on their field. Continue Reading
By
- Staff report
Definition 30 May 2025
What is security?

Security for information technology (IT) refers to the methods, tools and personnel used to defend an organization's digital assets. Continue Reading
By
- Nick Barney, Technology Writer
- Madelyn Bacon, TechTarget
Definition 30 May 2025
What is triple extortion ransomware?

Triple extortion ransomware is a type of ransomware attack in which a cybercriminal extorts their victim multiple times -- namely by encrypting data, exposing exfiltrated data and then threatening an additional third attack vector. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Sean Michael Kerner
News 30 May 2025
News brief: Week's top breaches stem from third-party attacks

Check out the latest security news from the Informa TechTarget team. Continue Reading
By
- Staff report
Feature 30 May 2025
Thwart nation-state threat actors with these CISO tips

Foreign adversaries now infiltrate rival nation resources by using cyberattackers to pose as remote workers. Learn how to protect your organization with tips from this CISO. Continue Reading
By
- Alicia Landsberg, Senior Managing Editor
Definition 22 May 2025
What is FileZilla?

FileZilla is a free, open source file transfer protocol (FTP) application that enables users to transfer files between local devices and remote servers. Continue Reading
By
- Katie Terrell Hanna
Feature 20 May 2025
What is data risk management? Key risks and best practices

Data risk management identifies, assesses and mitigates threats to organizational data, safeguarding sensitive information from unauthorized access. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
Definition 20 May 2025
What is data security posture management (DSPM)?

Data security posture management, or DSPM, is an approach that combines technologies and processes to provide a holistic view of a company's sensitive data, including where the data is, who has access to it, how it has been used and its security posture. Continue Reading
By
- Kyle Johnson, Technology Editor
Conference Coverage 16 May 2025
RSAC Conference 2025

Follow SearchSecurity's RSAC 2025 guide for insightful pre-conference insights and reports on notable presentations and breaking news at the world's biggest infosec event. Continue Reading
By
- Sharon Shea, Executive Editor
Definition 14 May 2025
What is penetration testing?

A penetration test, also called a 'pen test,' is a simulated cyberattack on a computer system, network or application to identify and highlight vulnerabilities in an organization's security posture. Continue Reading
By
- Kinza Yasar, Technical Writer
- Puneet Mehta, SDG
Opinion 14 May 2025
DLP in the GenAI Era: Shadow data and DLP product churn

Recent Enterprise Strategy Group research found data loss prevention product churn combined with undiscovered data and shadow IT are changing the DLP landscape. Continue Reading
By
- Todd Thiemann, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Definition 09 May 2025
What is a security operations center (SOC)?

A security operations center (SOC) is a command center facility in which a team of information technology (IT) professionals with expertise in information security (infosec) monitors, analyzes and protects an organization from cyberattacks. Continue Reading
By
- Kinza Yasar, Technical Writer
- Paul Kirvan
- Sarah Lewis
Feature 01 May 2025
RSAC 2025: The time for crypto-agility adoption is now

An RSAC 2025 speaker explained why companies should begin their quantum-safe journey now and how crypto-agility adoption helps prepare for post-quantum cryptography. Continue Reading
By
- Kyle Johnson, Technology Editor
Tip 01 May 2025
Why is document version control important?

Although best practices have changed, many organizations lack a suitable versioning strategy. Proper document version control can improve collaboration and fact-checking. Continue Reading
By
- Laurence Hart, CGI Federal
- Geoffrey Bock, Bock & Company
Tip 28 Apr 2025
How payment tokenization works and why it's important

Payment tokenization benefits merchants and customers alike. It not only helps protect financial transaction data, but also improves UX. Continue Reading
By
- Ravi Das, ML Tech Inc.
Tip 24 Apr 2025
DLP vs. DSPM: What's the difference?

Data loss prevention and data security posture management tools give organizations powerful features to protect data in the cloud and on-premises. Continue Reading
By
- Ravi Das, ML Tech Inc.
Definition 23 Apr 2025
What is ransomware? Definition and complete guide

Ransomware is malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment. Continue Reading
By
- Sharon Shea, Executive Editor
- Alissa Irei, Senior Site Editor
Opinion 22 Apr 2025
3 EUC security topics I'll be looking for at RSAC 2025

There will be a ton of security topics that RSA Conference-goers can check out, but IT admins should be aware of three common themes surrounding email and endpoints. Continue Reading
By
- Gabe Knuth, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Definition 22 Apr 2025
What is crypto ransomware? How cryptocurrency aids attackers

Crypto ransomware is a form of ransomware that uses cryptography to encrypt computer files so that the victim cannot access them. In exchange for the demanded ransom, the attacker claims it will tell the victimized business how to regain access to the stolen data. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Feature 22 Apr 2025
9 quantum computing challenges IT leaders should know

While the theory of quantum mechanics is complex, the technology might offer practical uses for organizations. Learn about the challenges and opportunities of quantum computing. Continue Reading
By
- George Lawton
Tip 21 Apr 2025
How to create a CBOM for quantum readiness

Quantum is on the horizon -- is your organization ready to migrate to post-quantum cryptographic algorithms? Make a CBOM to understand where risky encryption algorithms are used. Continue Reading
By
- Rob Shapland
Definition 16 Apr 2025
What is Pretty Good Privacy and how does it work?

Pretty Good Privacy, or PGP, was a popular program used to encrypt and decrypt email over the internet, as well as authenticate messages with digital signatures and encrypted stored files. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Peter Loshin, Former Senior Technology Editor
- Rob Wright, Senior News Director
News 09 Apr 2025
Google Gemini 2.5 Pro extends on-prem GenAI support

Google Gemini is the first proprietary frontier model that can be run on-premises via Google Distributed Cloud for privacy- and cost-conscious enterprises. Continue Reading
By
- Beth Pariseau, Senior News Writer
Feature 09 Apr 2025
How to create a data breach response plan, with free template

A data breach response plan outlines how a business reacts to a breach. Follow these six steps, and use our free template to develop your organization's plan. Continue Reading
By
- Rob Shapland
Opinion 09 Apr 2025
Data security and identity security themes at RSAC 2025

Check out what Enterprise Strategy Group analyst Todd Thiemann has on his agenda for RSA Conference 2025. Continue Reading
By
- Todd Thiemann, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 09 Apr 2025
Quantum-resistant algorithms: Why they matter

Quantum-resistant algorithms play a crucial role in post-quantum cryptography, which protects against threats on digital signatures and current encryption methods. Continue Reading
By
- Michael Nadeau
Tip 08 Apr 2025
Ransomware payments: Considerations before paying

To pay or not to pay -- that's the question after a ransomware attack. Law enforcement recommends against it, but that doesn't stop some companies from paying up. Continue Reading
By
- Kyle Johnson, Technology Editor
Answer 08 Apr 2025
How to report ransomware attacks: Steps to take

The Cybersecurity and Infrastructure Security Agency and FBI recommend reporting ransomware attacks to the authorities as soon as possible. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 03 Apr 2025
4 ransomware detection techniques to catch an attack

While prevention is key, it's not enough to protect a company's systems from ransomware. Learn how early detection with these four methods helps reduce damage from attacks. Continue Reading
By
- Kyle Johnson, Technology Editor
Definition 02 Apr 2025
What is an initialization vector?

An initialization vector (IV) is an arbitrary number that can be used with a secret key for data encryption to foil cyber attacks. Continue Reading
By
- Rahul Awati
Tip 31 Mar 2025
How quantum cybersecurity changes the way you protect data

Here's a full guide to the threats quantum computers pose to today's encryption algorithms -- and how to prepare now to become "crypto-agile" enough to stay ahead of bad actors. Continue Reading
By
- Michael Nadeau
Tip 31 Mar 2025
How to prevent a data breach: 11 best practices and tactics

When it comes to data breach prevention, the stakes are high. While it's impossible to eliminate the risk, organizations can minimize it by following these best practices. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Video 27 Mar 2025
An explanation of personally identifiable information

Everyone has personally identifiable information -- some of it sensitive and some of it not. Keeping PII safe is important, since bad actors can use it for malicious ends. Continue Reading
By
- Sabrina Polin, Managing Editor
Definition 17 Mar 2025
What is elliptical curve cryptography (ECC)?

Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller and more efficient cryptographic keys. Continue Reading
By
- Rahul Awati
- Andrew Froehlich, West Gate Networks
Feature 13 Mar 2025
10 biggest data breaches in history, and how to prevent them

Did you know the biggest data breach in history exposed a whopping 3 billion user records? Don't make the same mistakes these companies did in the largest data breaches in history. Continue Reading
By
- Sharon Shea, Executive Editor
Feature 12 Mar 2025
Cyber Trust Mark explained: Everything you need to know

The Cyber Trust Mark has been put in place to encourage manufacturers to improve IoT security and provide consumers with more information on the security of their devices. Continue Reading
By
- Rosa Heaton, Content Manager
Feature 06 Mar 2025
How to create a data security policy, with template

When it comes to data security, the devil is in the details. One critical detail organizations shouldn't overlook is a succinct yet detailed data security policy. Continue Reading
By
- Paul Kirvan
Definition 06 Mar 2025
What is the Twofish encryption algorithm?

Twofish is a symmetric-key block cipher with a block size of 128 bits and variable-length key of size 128, 192 or 256 bits. Continue Reading
By
- Rahul Awati
Tutorial 06 Mar 2025
Using shred and dd commands in Linux to securely wipe data

When it's time to get rid of old systems or when moving one system from one location to another, it's a good idea to use Linux utilities to securely delete existing data. Continue Reading
By
- Damon Garn, Cogspinner Coaction
Definition 04 Mar 2025
What is BitLocker?

BitLocker Drive Encryption, or BitLocker, is a Microsoft Windows security and encryption feature included with certain Windows versions. Continue Reading
By
- Mary E. Shacklett, Transworld Data
- Alexander S. Gillis, Technical Writer and Editor
Definition 28 Feb 2025
What is the NSA and how does it work?

The National Security Agency (NSA) is a federal government surveillance and intelligence agency that's part of the U.S. Department of Defense and is managed under the authority of the director of national intelligence (DNI). Continue Reading
By
Definition 28 Feb 2025
What is multifactor authentication?

Multifactor authentication (MFA) is an IT security technology that requires multiple sources of unique information from independent categories of credentials to verify a user's identity for a login or other transaction. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
- Kinza Yasar, Technical Writer
- Mary E. Shacklett, Transworld Data
News 27 Feb 2025
FBI: Lazarus Group behind $1.5 billion Bybit heist

Researchers say the heist, in which North Korean state-sponsored hackers stole funds from a cold wallet, is the biggest theft in the history of the cryptocurrency industry. Continue Reading
By
- Arielle Waldman, News Writer
Definition 27 Feb 2025
What is quantum in physics and computing?

A quantum, the singular form of quanta, is the smallest discrete unit of any physical entity. For example, a quantum of light is a photon, and a quantum of electricity is an electron. Continue Reading
By
- Mary E. Shacklett, Transworld Data
- Gavin Wright
News 27 Feb 2025
CrowdStrike: China hacking has reached 'inflection point'

In its 2025 Global Threat Report, CrowdStrike observed an increase in China's cyber capabilities, with a focus on espionage and 'pre-positioning' itself in critical environments. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 26 Feb 2025
NCC Group tracks alarming ransomware surge in January

NCC Group found ransomware activity in January surpassed previous monthly highs with 590 attacks, as one notorious gang experienced a notable resurgence. Continue Reading
By
- Arielle Waldman, News Writer
News 25 Feb 2025
Black Basta ransomware leak sheds light on targets, tactics

VulnCheck found the ransomware gang targeted CVEs in popular enterprise products from Microsoft, Citrix, Cisco, Fortinet, Palo Alto Networks, Confluence Atlassian and more. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 25 Feb 2025
How to check and verify file integrity

Organizations planning content migrations should verify file integrity to make sure files weren't corrupted during the move. File validation can keep critical data secure. Continue Reading
By
- Jordan Jones
News 25 Feb 2025
Dragos: Ransomware attacks against industrial orgs up 87%

Ransomware attacks continue to be a major pain point for industrial organizations, as the sector has historically struggled with vulnerability management. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 24 Feb 2025
Apple pulls Advanced Data Protection in UK, sparking concerns

Privacy and security concerns mount, as Apple pulls the end-to-end encryption feature for users located in the U.K. following pressures from the government. Continue Reading
By
- Arielle Waldman, News Writer
News 20 Feb 2025
CISA, FBI warn of Ghost/Cring ransomware attacks

Ghost is a China-based financially motivated ransomware group that has launched attacks against organizations in more than 70 countries -- including its own. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 20 Feb 2025
Penetration testing vs. vulnerability scanning: What's the difference?

Confused by the distinctions between penetration testing and vulnerability scanning? You're not alone. Learn the key differences between the two and when to use each. Continue Reading
By
- Kyle Johnson, Technology Editor
- Andrew Froehlich, West Gate Networks
Definition 20 Feb 2025
What is a checksum?

A checksum is a value that represents the number of bits in a transmission message. IT professionals use it to detect high-level errors within data transmissions. Continue Reading
By
- Rahul Awati
- Kinza Yasar, Technical Writer
- Laura Fitzgibbons
Definition 19 Feb 2025
What is email spoofing?

Email spoofing is a form of cyber attack in which a hacker sends an email that has been manipulated to seem as if it originated from a trusted source. Continue Reading
By
- Scott Robinson, New Era Technology
- Peter Loshin, Former Senior Technology Editor
Definition 18 Feb 2025
What is defense in depth?

Defense in depth is a cybersecurity strategy that uses multiple security measures to protect an organization's networks, systems and data. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 18 Feb 2025
Chinese companies on DoD CMC list: Tech giants on the list

Several Chinese tech giants including Huawei, Tencent and CATL are now on the U.S. Chinese Military Companies list due to security concerns. Continue Reading
By
- Kinza Yasar, Technical Writer
Opinion 13 Feb 2025
Entrust sells certificate business: Implications and actions

Entrust selling its certificate business to Sectigo isn't the only change that enterprises will face when it comes to the future of digital certificates. Continue Reading
By
- Todd Thiemann, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Definition 11 Feb 2025
What is information security management system (ISMS)?

An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. Continue Reading
By
- Paul Kirvan
- Kinza Yasar, Technical Writer
Tip 11 Feb 2025
How to build an API security strategy

Lax API protections make it easier for threat actors to steal data, inject malware and perform account takeovers. An API security strategy helps combat this. Continue Reading
By
- Colin Domoney
Definition 11 Feb 2025
What is Blowfish?

Blowfish is a variable-length, symmetric, 64-bit block cipher. Continue Reading
By
- Rahul Awati
News 07 Feb 2025
Ransomware hits healthcare, critical services in January

Ransomware attacks against healthcare organizations in January reflect an increasing need for threat actors to adapt and get aggressive as defenders improve. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 07 Feb 2025
What is cyber insurance, and why is it important?

Cyber insurance, also called cyber liability insurance or cybersecurity insurance, is a contract a business or other organization can purchase to reduce the financial risks associated with doing business online. Continue Reading
By
- Cameron Hashemi-Pour, Former Site Editor
- Kinza Yasar, Technical Writer
News 05 Feb 2025
Chainalysis records 35% decrease in ransom payments in 2024

While the first half of 2024 was on pace to surpass 2023's record-setting numbers, Chainalysis found that the volume of ransom payments dropped in the second half of the year. Continue Reading
By
- Arielle Waldman, News Writer
News 04 Feb 2025
AMD, Google disclose Zen processor microcode vulnerability

AMD said CVE-2024-56161, which first leaked last month, requires an attacker to have local administrator privileges as well as developed and executed malicious microcode. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 31 Jan 2025
What is cryptology?

Cryptology is the mathematics, such as number theory and the application of formulas and algorithms, that underpin cryptography and cryptanalysis. Continue Reading
By
- Rahul Awati
Definition 31 Jan 2025
What is biometrics?

Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics. Continue Reading
By
- Cameron Hashemi-Pour, Former Site Editor
- Alexander S. Gillis, Technical Writer and Editor
- Peter Loshin, Former Senior Technology Editor
Podcast 30 Jan 2025
Risk & Repeat: DeepSeek security issues emerge

The introduction of DeepSeek's new generative AI models has been met with fervor, but security issues have created apparent challenges for the Chinese startup. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 30 Jan 2025
What is blockchain? Definition, examples and how it works

Blockchain is a distributed ledger technology (DLT) that's shared across a network of computers to keep a digital record of transactions. Continue Reading
By
- Kinza Yasar, Technical Writer
- Nick Barney, Technology Writer
- Mary K. Pratt
News 30 Jan 2025
Wiz reveals DeepSeek database exposed API keys, chat history

Wiz expressed concern about security shortcomings with AI tools and services amid the rapid adoption and rising popularity of offerings like DeepSeek-R1. Continue Reading
By
- Arielle Waldman, News Writer
News 30 Jan 2025
German police disrupt Cracked, Nulled cybercrime forums

Cracked and Nulled had a combined community of approximately 10 million users who used the sites to discuss cybercrime and sell malware and hacking tools. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 28 Jan 2025
What is a hardware security module?

A hardware security module (HSM) is a physical device that provides extra security for sensitive data. Continue Reading
By
- Rahul Awati
- Elizabeth Davies
- Cameron McKenzie, TechTarget
News 24 Jan 2025
DOJ indicts 5 individuals in North Korea IT worker scam

An unsealed indictment revealed threat actors working for North Korea tricked at least 64 U.S. businesses into hiring fake IT workers for financial and propriety data gains. Continue Reading
By
- Arielle Waldman, News Writer
Tip 24 Jan 2025
Data sovereignty compliance challenges and best practices

Organizations that use the cloud face stiff challenges in complying with data sovereignty laws and regulations. The first step: Understand which laws apply. Continue Reading
By
- Damon Garn, Cogspinner Coaction
Definition 24 Jan 2025
What is SAML (Security Assertion Markup Language)?

Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems. Continue Reading
By
- Kinza Yasar, Technical Writer
- Peter Loshin, Former Senior Technology Editor
Definition 21 Jan 2025
What is a private key?

A private key, also known as a secret key, is a variable in cryptography used with an algorithm to encrypt or decrypt data. Continue Reading
By
- Rahul Awati
- Peter Loshin, Former Senior Technology Editor
- Michael Cobb
News 17 Jan 2025
Treasury Department sanctions company tied to Salt Typhoon

The sanctions were in response to significant cyberattacks by Chinese nation-state threat groups against the U.S. government and critical infrastructure in recent months. Continue Reading
By
- Arielle Waldman, News Writer
News 16 Jan 2025
Threat actor publishes data of 15K hacked FortiGate firewalls

Although the threat actor published the alleged stolen Fortinet FortiGate firewall data this week, the data is apparently tied to older zero-day exploitation from 2022. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 15 Jan 2025
FBI removes Chinese PlugX malware from 4,258 U.S. computers

The FBI did not inform individuals that it deleted PlugX malware from users' computers beforehand, citing the possibility of Chinese state-sponsored hackers making adjustments. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 14 Jan 2025
Symmetric key encryption algorithms and security: A guide

Scrambling plaintext into ciphertext is essential to ensure data cannot be read or used by the wrong people. Learn the basics of symmetric key encryption algorithms here. Continue Reading
By
- Sharon Shea, Executive Editor
- Pearson Education
News 09 Jan 2025
December ransomware attacks slam healthcare, public services

In December, one victim organization paid a $1.5 million ransom to restore services, while another continued to experience disruptions for more than one month following an attack. Continue Reading
By
- Arielle Waldman, News Writer
Tip 09 Jan 2025
Top 7 data loss prevention tools for 2025

Data loss prevention software is a necessity for most companies. Our guide gives you a quick overview of seven top DLP providers and tells you what works -- and what doesn't. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Opinion 08 Jan 2025
Data security spending in 2025: Up and to the right

Cybersecurity investments are set to increase in 2025, according to Enterprise Strategy Group's annual spending survey, and data loss prevention is leading the priority pack. Continue Reading
By
- Todd Thiemann, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 07 Jan 2025
CISA: BeyondTrust breach affected Treasury Department only

The government cybersecurity agency says fallout from a breach against BeyondTrust last month has not affected other federal agencies, although the investigation is ongoing. Continue Reading
By
- Arielle Waldman, News Writer
News 02 Jan 2025
Dozens of Chrome extensions hacked in threat campaign

Although data security vendor Cyberhaven disclosed that its Chrome extension was compromised on Dec. 24, additional research suggests the broader campaign could be months older. Continue Reading
By
- Alexander Culafi, Senior News Writer