Data security and privacy
Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.
Top Stories
-
News
20 Sep 2023
Okta: Caesars, MGM hacked in social engineering campaign
Identity management vendor Okta had previously disclosed that four unnamed customers had fallen victim to a social engineering campaign that affected victims' MFA protections. Continue Reading
-
Podcast
19 Sep 2023
Risk & Repeat: MGM, Caesars casino hacks disrupt Las Vegas
This podcast episode compares the cyber attacks suffered by casino giants MGM Resorts and Caesars Entertainment in recent weeks and the fallout from them. Continue Reading
-
News
13 Oct 2022
NPM API flaw exposes secret packages
A flaw in the API for NPM could potentially allow a threat actor to see the internal packages for corporate users -- a possible first step for a supply chain attack. Continue Reading
-
Tip
12 Oct 2022
Combat ransomware with continuous backup software, strategy
No IT organization is safe from a ransomware attack, making backup maintenance critical. Learn the pros and cons of continuous backups in terms of costs, storage and recovery time. Continue Reading
-
Feature
12 Oct 2022
The history and evolution of zero-trust security
Before zero-trust security, enterprise insiders were trusted and outsiders weren't. Learn about the history of zero trust and the public and private sector efforts to adopt it. Continue Reading
-
Feature
12 Oct 2022
7 steps for implementing zero trust, with real-life examples
More than a decade since the term's inception, zero-trust security is still much easier said than done. Here's how to get started. Continue Reading
-
News
11 Oct 2022
NPM malware attack goes unnoticed for a year
A cybercriminal crew known as "LofyGang" poisoned software supply chains with bad NPM packages for more than a year, according to Checkmarx researchers. Continue Reading
-
Feature
11 Oct 2022
LinkedIn scams, fake Instagram accounts hit businesses, execs
Even the most secure business and executive social media accounts that have strong passwords and multifactor authentication are vulnerable to cloning schemes. Continue Reading
-
News
11 Oct 2022
Cohesity founder, new CEO discuss data management strategy
The current and former Cohesity CEOs seek to bring the company to 'the next level.' Plans include melding backup and security as well as potentially going public. Continue Reading
-
Feature
11 Oct 2022
How to choose the best ZTNA vendor for your organization
In a sea of options, finding the best ZTNA vendor for your organization can pose a major challenge. Weed through the marketing hype with advice from the experts. Continue Reading
-
Tip
11 Oct 2022
Top 6 challenges of a zero-trust security model
Zero trust has a number of challenges, but because the model is highly beneficial, it's important for organizations to learn how to overcome them. Continue Reading
-
Tip
07 Oct 2022
Perimeter security vs. zero trust: It's time to make the move
Perimeter security requires a border to protect enterprise data. With more and more users working outside that border, zero trust promises a better security option for the future. Continue Reading
-
News
06 Oct 2022
Former Uber CSO Joe Sullivan found guilty in breach cover-up
Sullivan was convicted of obstruction of proceedings of the Federal Trade Commission and misprision of felony in connection with the cover-up of Uber's 2016 data breach. Continue Reading
-
News
05 Oct 2022
Ransomware attacks ravage schools, municipal governments
Attacks disclosed in September revealed that K-12 schools, universities and local governments continued to suffer at the hands of gangs such as Vice Society and BlackCat/Alphv. Continue Reading
-
Feature
05 Oct 2022
Top zero-trust certifications and training courses
Most organizations are expected to implement zero trust in the next few years. Learn about zero-trust certifications and trainings that can help prepare your security team. Continue Reading
-
Tip
04 Oct 2022
Top zero-trust use cases in the enterprise
Still hesitating to adopt zero trust? Learn about the main zero-trust use cases, as well as its benefits, myths and trends that are beginning to emerge. Continue Reading
-
News
03 Oct 2022
Intermittent encryption attacks: Who's at risk?
Threat analysts have observed some ransomware gangs using a new technique that only partially encrypts victims' files, which could evade some ransomware defenses. Continue Reading
-
Tip
29 Sep 2022
How to create a zero-party data strategy
Zero-party data can enable better personalization and customer retention without tracking users across sites, like third-party cookies. These steps can kickstart your strategy. Continue Reading
-
Answer
28 Sep 2022
Compare zero trust vs. the principle of least privilege
Zero trust and the principle of least privilege may appear to solve the same issue, but they have their differences. Read up on the two methodologies. Continue Reading
-
Answer
28 Sep 2022
Zero trust vs. defense in depth: What are the differences?
Security administrators don't have to choose between zero-trust and defense-in-depth cybersecurity methodologies. Learn how the two frameworks complement each other. Continue Reading
-
Tip
27 Sep 2022
10 PCI DSS best practices to weigh as new standard rolls out
PCI's Security Standards Council revamped the requirements governing how organizations store payment card information. Companies need to act fast to ensure they are in compliance. Continue Reading
-
Tip
26 Sep 2022
Does AI-powered malware exist in the wild? Not yet
AI sending out malware attacks may invoke images of movielike, futuristic technology, but it may not be too far from reality. Read up on the future of AI-powered malware. Continue Reading
-
Podcast
23 Sep 2022
Risk & Repeat: Uber and Rockstar Games hacked
This podcast episode discusses recent hacks against Uber and Rockstar Games, the techniques of the attackers and the possible connection to the Lapsus$ cybercrime group. Continue Reading
-
Tip
22 Sep 2022
10 security-by-design principles to include in the SDLC
Security is rarely a priority in the SDLC, but it should be. Adhere to these security-by-design principles for secure software and learn the importance of threat modeling. Continue Reading
-
News
21 Sep 2022
Cybercriminals launching more MFA bypass attacks
New research from Okta shows that cybercrime groups have stepped up their attacks on multifactor authentication systems in an effort to thwart account security measures. Continue Reading
-
News
19 Sep 2022
Uber says Lapsus$ hackers behind network breach
Uber said a hacker from the Lapsus$ group used stolen credentials from a contractor to gain access to several important silos within its internal network. Continue Reading
-
News
19 Sep 2022
Rockstar Games confirms hack after 'Grand Theft Auto' leak
A threat actor this weekend published in-development footage from a forthcoming 'Grand Theft Auto' video game and claimed to have breached its publisher, Rockstar Games. Continue Reading
-
News
16 Sep 2022
DOJ drops report on cryptocurrency crime efforts
The U.S. Department of Justice issued a report to President Biden on its various enforcement efforts around cybercrime and digital currency, as well as looming challenges. Continue Reading
-
Guest Post
16 Sep 2022
How SOCs can identify the threat actors behind the threats
Learn how SOC teams can track threat actors by understanding the factors that influence an attack, such as the type of infrastructure used or commonly targeted victims. Continue Reading
-
News
16 Sep 2022
Companies need data privacy plan before joining metaverse
Experts speaking during ITIF's AR/VR Policy Conference pointed out that businesses need to head into the metaverse with a strong data privacy plan. Continue Reading
-
News
16 Sep 2022
Uber responds to possible breach following hacker taunts
Security researchers spotted suspicious activity on Uber's HackerOne page when the alleged hacker posted messages claiming they had compromised the ride-share company's network. Continue Reading
-
News
15 Sep 2022
Transparency, disclosure key to fighting ransomware
Current and former CISA members say the best methods for curbing ransomware attacks are organizations reporting attacks and assisting in investigations. Continue Reading
-
News
15 Sep 2022
Webworm retools old RATs for new cyberespionage threat
Symantec's Threat Hunter Team uncovered a new cyberespionage campaign run by a threat group named Webworm, which uses customized versions of old remote access Trojans. Continue Reading
-
News
14 Sep 2022
Consumer data needs better protection by government
Though legislation is before Congress that would address data privacy, it may not set clear enough guidelines or give individuals enough control. Continue Reading
-
News
14 Sep 2022
Data privacy concerns grow as legislation lags
While healthcare and financial data are protected by federal legislation, individuals have little control over how consumer data is collected and used. Continue Reading
-
News
13 Sep 2022
CrowdStrike threat report: Intrusions up, breakout time down
According to a new report by CrowdStrike's threat hunting team, Falcon OverWatch, attempted intrusions against the healthcare sector doubled year over year. Continue Reading
-
Opinion
12 Sep 2022
How data security posture management complements CSPM
Data security posture management can provide comprehensive defense-in-depth security for cloud data. Find out more about how DSPM policies move with the data. Continue Reading
-
Feature
12 Sep 2022
How to prepare for post-quantum computing security
One of the biggest fears about quantum computing is its ability to break encryption algorithms more easily. Learn why and how to start making quantum security preparations now. Continue Reading
-
News
08 Sep 2022
LockBit gang leads the way for ransomware
New research from Malwarebytes shows LockBit is far and away the most prolific ransomware gang, with hundreds of confirmed attacks across the globe in recent months. Continue Reading
-
News
07 Sep 2022
Google: Former Conti ransomware members attacking Ukraine
Google said former members of the Conti ransomware gang are operating as part of threat group UAC-0098, which is conducting attacks of both political and financial nature. Continue Reading
-
News
06 Sep 2022
Healthcare and education remain common ransomware targets
August disclosures showed ransomware attacks against education and healthcare entities resulted in slow recovery times and the potential loss of highly sensitive information. Continue Reading
-
News
06 Sep 2022
Ransomware hits Los Angeles Unified School District
The second-largest public school system in the U.S. confirmed a ransomware attack caused districtwide disruption to various services over the holiday weekend. Continue Reading
-
News
01 Sep 2022
Researcher unveils smart lock hack for fingerprint theft
An academic researcher demonstrated how IoT smart locks could become tools for attackers to covertly steal fingerprints and potentially access more sensitive personal data. Continue Reading
-
Tip
01 Sep 2022
Cybersecurity budget breakdown and best practices
Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
-
News
26 Aug 2022
LastPass discloses data breach
LastPass CEO Karim Toubba said no customer data or password details were compromised, and the company does not recommend an immediate course of action to users. Continue Reading
-
News
25 Aug 2022
Twitter whistleblower report holds security lessons
The whistleblower report from Twitter's former security lead should provide companies and boards with lessons on how not to handle internal security concerns. Continue Reading
-
Tip
25 Aug 2022
15 benefits of outsourcing your cybersecurity operations
For companies battling increasing security breaches and cyber attacks, MSSPs can offer reliability, continuity, nonstop coverage, broader experience and better access to talent. Continue Reading
-
Podcast
24 Aug 2022
Risk & Repeat: Whistleblower spells trouble for Twitter
A new whistleblower report unveiled troubling accusations against Twitter from the social media company's former head of security, Peiter 'Mudge' Zatko. Continue Reading
-
News
22 Aug 2022
CEO of spyware vendor NSO Group steps down
Current NSO Group COO Yaron Shohat will replace outgoing CEO Shalev Hulio as part of a reorganization for the vendor, which has come under fire from the U.S. government. Continue Reading
-
Tip
19 Aug 2022
8 secure file transfer services for the enterprise
With a plethora of options, finding the best secure file transfer service for your business can pose a challenge. Learn how to make an informed decision. Continue Reading
-
Tip
19 Aug 2022
7 key cybersecurity metrics for the board and how to present them
Learn how to present important cybersecurity metrics for the board to ensure that business leaders understand that money allocated to security is money well spent. Continue Reading
-
News
18 Aug 2022
Shunned researcher Hadnagy sues DEF CON over ban
Researcher Christopher Hadnagy is seeking damages from DEF CON and founder Jeff Moss over their decision to ban him citing multiple claims of conduct violations. Continue Reading
-
Tip
18 Aug 2022
What is identity sprawl and how can it be managed?
With identity-based attacks on the rise, organizations need to prioritize identity management. Learn about identity sprawl, why it's a risk and how it can be managed. Continue Reading
-
Opinion
17 Aug 2022
Data security as a layer in defense in depth against ransomware
Having data security as part of a defense-in-depth strategy can reduce the likelihood of a successful ransomware attack. Continue Reading
-
Podcast
17 Aug 2022
Risk & Repeat: Black Hat 2022 recap
This Risk & Repeat podcast episode discusses the Black Hat 2022 conference in Las Vegas and the notable sessions, major themes and hot topics from the show. Continue Reading
-
News
16 Aug 2022
Mailchimp suffers second breach in 4 months
While the source of the breach has not been confirmed, an attacker got into Mailchimp and gained access to the customer account of cloud hosting provider DigitalOcean. Continue Reading
-
Answer
15 Aug 2022
Zero-party data vs. first-party data: What's the difference?
Zero-party data comes from customer surveys and polls, but first-party data comes from customer web activity. Marketers can use both data types to personalize their ad campaigns. Continue Reading
-
Tip
15 Aug 2022
Cybersecurity skills gap: Why it exists and how to address it
The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
-
News
11 Aug 2022
Cisco hacked by access broker with Lapsus$ ties
No Cisco employee or customer personal information was stolen in the hack, though some data did make it onto the dark web. Continue Reading
-
Opinion
11 Aug 2022
Why 2023 is the year of passwordless authentication
Passwords may soon be relegated to the past thanks to IAM vendors' efforts to create passwordless login options. Here's why 2023 should be the year of passwordless authentication. Continue Reading
-
News
11 Aug 2022
Google researchers dissect Android spyware, zero days
Researchers with Google's Threat Analysis Group say the ecosystem of surveillance vendors is far larger than just NSO Group, and some vendors are sharing or trading exploits. Continue Reading
-
Feature
11 Aug 2022
What is data security? The ultimate guide
Dig into the essentials of data security, from must-have tools, technologies and processes to best practices for keeping data safe. Continue Reading
-
News
10 Aug 2022
Chris Krebs: It's still too hard to work with the government
Former CISA Director Chris Krebs offered multiple areas of improvement to the U.S. government's cyber readiness during a Black Hat 2022 keynote. Continue Reading
-
Tip
09 Aug 2022
Top 6 e-signature software providers in 2022
E-signature software can reduce paper costs and improve productivity across departments. Organizations can explore the following six software options to fit their business needs. Continue Reading
-
Tip
05 Aug 2022
5 data security challenges enterprises face today
Data empowers enterprises to succeed. But with great power comes great responsibility -- to keep that data secure. Here are five challenges today's businesses must meet. Continue Reading
-
Feature
05 Aug 2022
Importance of enterprise endpoint security during a pandemic
Enterprises often focus greatly on communications security and less on endpoint security. Review the importance of enterprise endpoint security and best practices to implement it. Continue Reading
-
Feature
05 Aug 2022
Cybersecurity lessons learned from COVID-19 pandemic
Cybersecurity lessons companies learn from the COVID-19 pandemic include having work-from-home preparations and developing disaster recovery and business continuity plans. Continue Reading
-
News
02 Aug 2022
July another down month in ransomware attack disclosures
July saw a similar number of ransomware attack disclosures as June, previously the sparsest month for disclosures this year, according to SearchSecurity's data. Continue Reading
-
Tip
02 Aug 2022
Data masking vs. data encryption: How do they differ?
Discover how the data security techniques of data masking and data encryption compare, while also learning about different types of both and their use cases. Continue Reading
-
Feature
02 Aug 2022
The importance of data security in the enterprise
Three industry experts discuss the criticality of data security in the enterprise, including the significance of data breaches and compliance regulations. Continue Reading
-
Tip
02 Aug 2022
10 enterprise database security best practices
Beyond protecting enterprise databases from vulnerabilities, it is critical to improve and review their security on a regular basis. Learn more with these database security best practices. Continue Reading
-
Tip
01 Aug 2022
Top 10 UEBA enterprise use cases
The top user and entity behavior analytics use cases fall in cybersecurity, network and data center operations, management and business operations. Check out the risks. Continue Reading
-
Feature
29 Jul 2022
10 biggest data breaches in history, and how to prevent them
Did you know the biggest data breach in history exposed a whopping 3 billion records? Learn more about the largest data breaches and get advice on how to prevent similar attacks. Continue Reading
-
Tip
28 Jul 2022
How to perform a data risk assessment, step by step
Organizations need confidence that they are properly identifying and protecting sensitive data. Follow these five steps to create a data risk assessment. Continue Reading
-
News
28 Jul 2022
Microsoft: Austrian company DSIRF selling Subzero malware
Microsoft said Austrian penetration testing firm DSIRF exploited multiple zero-day vulnerabilities, including the recently patched CVE-2022-22047. Continue Reading
-
Tip
28 Jul 2022
How to prevent a data breach: 10 best practices and tactics
When it comes to data breach prevention, the stakes are high. While it's impossible to eliminate the risk, organizations can minimize it by following these best practices. Continue Reading
-
Feature
28 Jul 2022
How to develop a data breach response plan: 5 steps
A data breach response plan outlines how a business will react to a breach. Follow these five steps, and use our free template to develop your organization's plan. Continue Reading
-
News
28 Jul 2022
AWS adds anti-malware and PII visibility to storage
New tools unveiled by AWS at re:Inforce 2022 add new anti-malware capabilities to AWS block storage and a way to find personally identifiable information with S3 object storage. Continue Reading
-
Feature
28 Jul 2022
How to secure data at rest, in use and in motion
With internal and external cyber threats on the rise, check out these tips to best protect and secure data at rest, in use and in motion. Continue Reading
-
News
27 Jul 2022
Deepfake technology risky but intriguing for enterprises
Enterprises can generate synthetic data sets with the technology. It is useful in broadcast and for advertising. However, its privacy and political implications can be dangerous. Continue Reading
-
Tip
22 Jul 2022
Top 10 enterprise data security best practices
To protect your organization's data and prevent its misuse, incorporate these 10 data security best practices into your enterprise data security strategy. Continue Reading
-
Answer
22 Jul 2022
Symmetric vs. asymmetric encryption: What's the difference?
Explore the differences between symmetric vs. asymmetric encryption, including how they work and common algorithms, as well as their pros and cons. Continue Reading
-
Answer
22 Jul 2022
What are the pros and cons of electronic signatures?
Electronic signatures are quick, secure and can support hybrid and distributed workforces, but not everyone trusts or has access to e-signature technology. Continue Reading
-
Feature
21 Jul 2022
How to create a data security policy, with template
Are you looking to create or update your organization's data security policy? Learn about the key elements of a data security policy, and use our free template to get started. Continue Reading
-
Tip
18 Jul 2022
Key factors to achieve data security in cloud computing
Enterprises face a variety of data security concerns when deploying assets to the cloud. But there are some guidelines you can follow to make sure your assets are protected. Continue Reading
-
News
15 Jul 2022
Cryptocurrency mixer activity reaches new heights in 2022
Chainalysis observed a stark uptick in April that led to a steady decline in May and June, but illicit addresses and DeFi platforms have kept mixers busy so far this year. Continue Reading
-
Podcast
15 Jul 2022
Risk & Repeat: Ransomware in 2022 so far
This podcast episode discusses ransomware in 2022, including an apparent decrease in attacks, the evolution of cybercrime operations and the lack of visibility into the threat. Continue Reading
-
News
14 Jul 2022
Cryptocurrency crash triggers crisis for dark web exchanges
Cybersixgill says dark web exchanges that help cybercriminals launder their funds are facing a crisis as users are cashing out amid a cryptocurrency price crash. Continue Reading
-
Tip
14 Jul 2022
SecOps vs. CloudSecOps: What does a CloudSecOps team do?
Now, more than ever, organizations need to build controls, monitor and enact security response activities for the cloud. This is where the CloudSecOps team comes into play. Continue Reading
-
Tip
14 Jul 2022
How AI governance and data privacy go hand in hand
Given instances where AI compromise data privacy and security, it's imperative that organizations understand both AI and data privacy can coexist in their AI governance frameworks. Continue Reading
-
News
13 Jul 2022
Researcher develops Hive ransomware decryption tool
Despite being only a year old, Hive ransomware has grown into a prominent ransomware-as-a-service operator. The decryptor tackles Hive's newer, better-encrypted version. Continue Reading
-
News
13 Jul 2022
Supreme Court justices doxxed on dark web
Five conservative Supreme Court justices were reportedly doxxed by threat actors that claim to have obtained credit card numbers, addresses and other information. Continue Reading
-
Tip
11 Jul 2022
How end-to-end encryption supports secure team collaboration
End-to-end encryption provides secure collaboration but limits certain productivity features. Learn how end-to-end encryption fits in a team collaboration security strategy. Continue Reading
-
Feature
08 Jul 2022
Top 7 types of data security technology
These seven types of data security technologies -- from encryption to masking -- will better protect customer and enterprise data from inappropriate and unauthorized access and use. Continue Reading
-
News
07 Jul 2022
Early detection crucial in stopping BEC scams
Cofense Intelligence studied hundreds of business email compromise attacks and found that most scams attempt to establish trust with targeted employees over multiple emails. Continue Reading
-
News
07 Jul 2022
Public sector still facing ransomware attacks amid decline
While ransomware activity has reportedly decreased worldwide in recent months, several public sector organizations in the U.S. suffered attacks in June. Continue Reading
-
News
05 Jul 2022
Ransomware in 2022: Evolving threats, slow progress
Experts say trends involving new forms of leverage, increasing numbers of affiliates and the evolving cyber insurance market are shaping the ransomware landscape in 2022. Continue Reading
-
News
28 Jun 2022
Cisco Talos techniques uncover ransomware sites on dark web
One of the three techniques Cisco Talos used to de-anonymize ransomware dark web sites is to match TLS certificate serial numbers from dark web leak sites to the clear web. Continue Reading
-
Guest Post
23 Jun 2022
3 threats dirty data poses to the enterprise
The Information Security Forum predicted dirty data will pose three threats to the enterprise. Learn about these threats, and get tips on how to protect your organization from them. Continue Reading
-
News
22 Jun 2022
Kaspersky unveils unknown APT actor 'ToddyCat'
The origin of 'ToddyCat' is unknown. However, Kaspersky said the APT actor carries similarities with a number of Chinese-speaking threat groups. Continue Reading
-
Feature
22 Jun 2022
Publicly disclosed U.S. ransomware attacks database
Each day SearchSecurity looks for every publicly available instance of a ransomware attack in the U.S. and compiles this data into a list to keep readers updated on recent threats. Continue Reading
-
News
20 Jun 2022
Cleveland BSides takes heat for Chris Hadnagy appearance
The Cleveland BSides security conference is experiencing turmoil after booking a 'surprise' keynote speaker who was recently barred from DEF CON for misconduct. Continue Reading