Data security and privacy
Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.
Top Stories
-
Feature
23 Apr 2026
The push for digital sovereignty: What CISOs need to know
Digital sovereignty is reshaping global IT strategies and governments are prioritizing local tech to reduce foreign dependencies. Find out what this means for your organization. Continue Reading
-
Tip
22 Apr 2026
What can organizations do to address BYOD privacy concerns?
BYOD privacy concerns focus on the extent of IT's access to personal devices. Clear policies, selective management, and transparent enrollment can balance privacy and security. Continue Reading
-
News
18 Dec 2024
CISA issues mobile security guidance following China hacks
Following the Salt Typhoon attacks, CISA offers advice to 'highly targeted' individuals, such as using end-to-end encryption and moving away from purely SMS-based MFA. Continue Reading
-
Tip
17 Dec 2024
The pros and cons of biometric authentication
Biometric authentication can be a solid supplement to passwords when securing data and systems. But understanding potential drawbacks, and planning to minimize them, is essential. Continue Reading
-
Feature
17 Dec 2024
Cryptocurrency scams: Common types and prevention
Cryptocurrency scams are rising, and thieves are using new and old techniques to steal money. Some of the latest scams involve rug pull scams, Ponzi schemes and phishing scams. Continue Reading
-
News
16 Dec 2024
Cleo zero-day vulnerability gets CVE as attacks continue
The new Cleo zero-day vulnerability, CVE-2024-55956, is separate from CVE-2024-50623 despite both vulnerabilities being used by threat actors to target the same endpoints. Continue Reading
-
News
16 Dec 2024
ESET: RansomHub most active ransomware group in H2 2024
The antimalware vendor says law enforcement operations against the LockBit ransomware gang were successful, but a new prolific group has emerged in its place. Continue Reading
-
Podcast
13 Dec 2024
Risk & Repeat: Attacks ramp up on Cleo MFT software
Earlier this week, threat actors began exploiting a zero-day vulnerability in Cleo's managed file transfer products, but the details of the flaw remain unclear. Continue Reading
-
News
12 Dec 2024
Cleo patches file transfer zero-day flaw under attack
Cleo published a patch for its Harmony, VLTrader and LexiCom managed file transfer products, which addresses a 'critical vulnerability' that's separate from CVE-2024-50623. Continue Reading
-
News
12 Dec 2024
Aqua Security warns of significant risks in Prometheus stack
The cloud security vendor called on Prometheus to provide users with additional safeguards to protect against misconfigurations discovered in the open source monitoring tool. Continue Reading
-
News
10 Dec 2024
Microsoft enhanced Recall security, but will it be enough?
Microsoft's controversial Recall feature began rolling out to certain Windows Insiders with Copilot+ PCs in November, with more expected to participate this month. Continue Reading
-
Definition
10 Dec 2024
What is a stream cipher?
A stream cipher is an encryption method in which data is encrypted one byte at a time. Continue Reading
-
Definition
10 Dec 2024
What is a block cipher?
A block cipher is a method of encrypting data in blocks to produce ciphertext using a cryptographic key and algorithm. Continue Reading
-
News
09 Dec 2024
Attackers exploit vulnerability in Cleo file transfer software
Cleo disclosed and patched the remote code execution vulnerability in late October, but managed file transfer products have proved to be popular targets for threat actors. Continue Reading
-
Definition
09 Dec 2024
What is cipher block chaining (CBC)?
Cipher block chaining (CBC) is a mode of operation for a block cipher -- one in which a sequence of bits are encrypted as a single unit, or block, with a cipher key applied to the entire block. Continue Reading
-
Opinion
05 Dec 2024
2025 identity security and data security predictions
From securing nonhuman identities to post-quantum cryptography to DSPM and DLP combining, here's what's in store for identity and data security in 2025. Continue Reading
-
News
05 Dec 2024
Police bust cybercrime marketplace, phishing network
As part of Europol's announcement of the cybercriminal marketplace's disruption, the agency included an image of a takedown notice referencing the 'Manson Market.' Continue Reading
-
Tip
04 Dec 2024
How to protect against malware as a service
Malware operators are further monetizing their malicious software by selling it to other attackers on a subscription basis. Learn how to detect and mitigate the threat. Continue Reading
-
News
03 Dec 2024
Ransomware attacks on critical sectors ramped up in November
Supply chain software vendor Blue Yonder and energy management giant Schneider Electric SE experienced some of the most notable ransomware incidents in November. Continue Reading
-
News
26 Nov 2024
New York fines Geico, Travelers $11.3M over data breaches
The two insurance giants were fined millions by New York state regulators and are required to enhance security protocols around authentication and penetration testing. Continue Reading
-
Feature
21 Nov 2024
How to detect AI-generated content
AI- or human-generated? To test their reliability, six popular generative AI detectors were asked to judge three pieces of content. The one they got wrong may surprise you. Continue Reading
-
News
21 Nov 2024
DOJ charges 5 alleged Scattered Spider members
The defendants, charged for conducting alleged phishing scams across the U.S., are suspected members of a prolific threat group responsible for last year's casino attacks. Continue Reading
-
Podcast
20 Nov 2024
Risk & Repeat: China hacks major telecom companies
The FBI and CISA confirmed reports that Salt Typhoon breached several major telecom companies and accessed data related to law enforcement requests. Continue Reading
-
Tip
19 Nov 2024
Biometric privacy and security challenges to know
Fingerprints and facial scans can make identity access more convenient than passwords, but biometric tools present significant ethical and legal challenges. Continue Reading
-
News
15 Nov 2024
MFA required for AWS Organizations member accounts in 2025
AWS is one of several cloud providers that will implement MFA requirements over the next year, with other relevant names including Google Cloud and Microsoft Azure. Continue Reading
-
News
14 Nov 2024
CISA, FBI confirm China breached telecommunication providers
The government agencies confirmed Wall Street Journal reports that China-backed threat actors breached telecommunication providers and access data for law enforcement requests. Continue Reading
-
News
12 Nov 2024
Amazon employee data leaked from MoveIt Transfer attack
Although Amazon confirms that employee data was leaked, it stresses that data was stolen via a third-party vendor and that only contact information was obtained. Continue Reading
-
Tip
12 Nov 2024
SIEM vs. SOAR vs. XDR: Evaluate the key differences
SIEM, SOAR and XDR each possess distinct capabilities and drawbacks. Learn the differences among the three, how they can work together and which your company needs. Continue Reading
-
Opinion
08 Nov 2024
Address skills shortages with third-party data discovery tools
Homegrown might be best in some scenarios, but resource-constrained security teams should consider third-party tools for data discovery and resilience. Continue Reading
-
Tip
08 Nov 2024
3 key generative AI data privacy and security concerns
Those charged with protecting and ensuring the privacy of user data are facing new challenges in the age of generative AI. Continue Reading
-
News
07 Nov 2024
Ransomware attacks caused prolonged disruptions in October
The Ransomhub, Rhysdia and Interlock ransomware gangs claimed responsibility for attacks that knocked victims' services offline, sometimes for several weeks. Continue Reading
-
Feature
07 Nov 2024
15 IAM interview questions to prep for your next career move
The job market for identity and access management positions is strong right now, but the competition could be tough. Use these 15 questions to guide your interview prep. Continue Reading
-
News
05 Nov 2024
Canadian authorities arrest alleged Snowflake hacker
Alexander Moucka was arrested last week and is expected to appear in court Tuesday for allegedly breaching dozens of Snowflake customers. Continue Reading
-
News
05 Nov 2024
Google Cloud to roll out mandatory MFA for all users
Google's three-phase plan for mandatory MFA, which will culminate in late 2025, follows similar efforts from other cloud providers such as AWS and Microsoft. Continue Reading
-
News
04 Nov 2024
CISA: U.S. election disinformation peddled at massive scale
CISA said the U.S. cybersecurity agency has seen small-scale election incidents 'resulting in no significant impacts to election infrastructure,' such as low-level DDoS attacks. Continue Reading
-
Feature
04 Nov 2024
Privacy and security risks surrounding Microsoft Recall
Microsoft's Recall feature promises AI-powered convenience, but it raises significant security and privacy concerns that the company must address before a public release. Continue Reading
-
Tip
01 Nov 2024
API security testing checklist: 7 key steps
APIs are a common attack vector for malicious actors. Use our API security testing checklist and best practices to protect your organization and its data. Continue Reading
-
News
31 Oct 2024
China-based APTs waged 5-year campaign on Sophos firewalls
For years, several advanced persistent threat groups tied to the Chinese government targeted Sophos firewall products with custom malware and zero-day exploits. Continue Reading
-
News
31 Oct 2024
Lottie Player NPM package compromised in supply chain attack
Threat actors published compromised versions of the Lottie Player component on NPM, and the malicious code prompted users to access their cryptocurrency wallets. Continue Reading
-
News
30 Oct 2024
Play ransomware attack tied to North Korean nation-state actor
A relationship between North Korean actor Jumpy Pisces and Play ransomware would be unprecedented, as the former has not collaborated with cybercrime gangs previously. Continue Reading
-
Podcast
29 Oct 2024
Risk & Repeat: SEC cracks down on cybersecurity disclosures
The SEC's charges against Unisys, Avaya, Check Point Software Technologies and Mimecast have raised questions about expectations for transparency in cybersecurity. Continue Reading
-
Tip
28 Oct 2024
How to identify and prevent insecure output handling
Sanitation, validation and zero trust are essential ways to reduce the threat posed by large language models generating outputs that could cause harm to downstream systems and users. Continue Reading
-
Feature
28 Oct 2024
Types of cybersecurity controls and how to place them
A unilateral cybersecurity approach is ineffective in today's threat landscape. Learn why organizations should implement security controls based on the significance of each asset. Continue Reading
-
Tip
28 Oct 2024
How to achieve crypto-agility and future-proof security
Quantum computing will render current asymmetric encryption algorithms obsolete. Organizations need to deploy crypto-agile systems to remain protected. Continue Reading
-
Tip
24 Oct 2024
EDR vs. EPP: How are they different and which is right for you?
Endpoint detection and response tools and endpoint protection platforms offer similar security features. Which is better for your organization: EDR, EPP or both? Continue Reading
-
News
22 Oct 2024
SEC charges 4 companies for downplaying SolarWinds attacks
The U.S. Securities and Exchange Commission fined the companies for misleading investors about intrusions stemming from the SolarWinds supply chain attack. Continue Reading
-
News
21 Oct 2024
Cisco confirms attackers stole data from DevHub environment
While Cisco said its systems were not breached, the vendor did confirm that attackers stole sensitive information from the public-facing portal. Continue Reading
-
News
21 Oct 2024
Study outlines 'severe' security issues in cloud providers
Possible security issues involving cloud systems should be taken seriously, as the paper noted the five vendors outlined are responsible for more than 22 million users. Continue Reading
-
News
17 Oct 2024
September a quiet month for ransomware attacks
Notable ransomware attacks in September involved a Rhode Island public school district, a Texas hospital system, and Kawasaki Motors' European branch. Continue Reading
-
News
16 Oct 2024
Microsoft sees drop in ransomware reaching encryption phase
In its Digital Defense Report 2024, Microsoft observed a significant increase in the number of human-operated ransomware attacks, which often originated from unmanaged devices. Continue Reading
-
News
16 Oct 2024
Microsoft: Nation-state activity blurring with cybercrime
Microsoft's Digital Defense Report 2024 noted that Russia 'outsourced some cyberespionage operations' against Ukraine to otherwise independent cybercrime gangs. Continue Reading
-
News
16 Oct 2024
Experts slam Chinese research on quantum encryption attack
Researchers at Shanghai University claim to have cracked RSA encryption using D-Wave quantum systems, but infosec experts say the claims are overblown. Continue Reading
-
News
15 Oct 2024
FIDO unveils new specifications to transfer passkeys
The proposed FIDO Alliance specifications would enable users and organizations to securely transfer credentials from one identity provider to another. Continue Reading
-
Tip
15 Oct 2024
7 common intrusion detection system evasion techniques
Malicious attackers use various evasion tactics to infiltrate networks without intrusion detection systems noticing. Learn what these techniques are and how to mitigate them. Continue Reading
-
News
11 Oct 2024
Zero-day flaw behind Rackspace breach still a mystery
More than two weeks after threat actors exploited a zero-day vulnerability in a third-party utility to breach Rackspace, the details about the flaw and the utility remain unknown. Continue Reading
-
News
10 Oct 2024
FTC orders Marriott to pay $52M and enhance security practices
The Federal Trade Commission says an investigation revealed that poor security practices led to three data breaches at Marriott and Starwood hotels between 2014 and 2020. Continue Reading
-
News
10 Oct 2024
OpenAI details how threat actors are abusing ChatGPT
While threat actors are using generative AI tools like ChatGPT to run election influence operations and develop malware, OpenAI says the efforts are rarely successful. Continue Reading
-
News
10 Oct 2024
Coalition: Ransomware severity up 68% in first half of 2024
The cyber insurance carrier examined claims trends for the first half of 2024, which showed policyholders experienced disruptive and increasingly costly ransomware attacks. Continue Reading
-
News
09 Oct 2024
Ivanti zero-day vulnerabilities exploited in chained attack
The new exploit chains targeting Ivanti Cloud Service Application customers are connected to a previously disclosed critical path traversal flaw, CVE-2024-8963. Continue Reading
-
Podcast
08 Oct 2024
Risk & Repeat: Is Microsoft security back on track?
Microsoft has made significant changes to its cybersecurity practices and policies under the Secure Future Initiative. Are they enough to right the ship? Continue Reading
-
News
07 Oct 2024
American Water discloses breach, utilities unaffected
American Water says in its 8-K filing that it disconnected and deactivated certain systems in its incident response, though the nature of the cyberattack is unknown. Continue Reading
-
Tip
07 Oct 2024
Top 8 e-signature software providers for 2025
E-signature software can reduce paper costs and improve productivity across departments. Organizations can explore the following eight software options to fit their business needs. Continue Reading
-
News
03 Oct 2024
Microsoft SFI progress report elicits cautious optimism
Infosec experts say the Secure Future Initiative progress report shows Microsoft has made important changes to its policies, practices and accountability structures. Continue Reading
-
Feature
03 Oct 2024
'Defunct' DOJ ransomware task force raises questions, concerns
A report from the Office of the Inspector General reviewed the U.S. Department of Justice's efforts against ransomware and found its task force was largely ineffective. Continue Reading
-
News
03 Oct 2024
Cryptomining perfctl malware swarms Linux machines
Aqua Security researchers believe that perfctl malware has infected thousands of Linux machines in the last three to four years and that countless more could be next. Continue Reading
-
News
01 Oct 2024
Law enforcement agencies arrest 4 alleged LockBit members
Operation Cronos' efforts to disrupt the LockBit ransomware gang continue as authorities announced the arrests of four alleged members, including one developer. Continue Reading
-
News
01 Oct 2024
T-Mobile reaches $31.5M breach settlement with FCC
After suffering several breaches, T-Mobile agreed to pay a $15.75 million civil penalty and make a $15.75 million investment to bolster its security over the next two years. Continue Reading
-
News
26 Sep 2024
Ransomware Task Force finds 73% attack increase in 2023
The Institute for Security and Technology's Ransomware Task Force says a shift to big game hunting tactics led to a significant rise in attacks last year. Continue Reading
-
Podcast
24 Sep 2024
Risk & Repeat: What's next for Telegram and Pavel Durov?
Telegram made updates to its FAQ and privacy policy following Pavel Durov's arrest. But will the changes influence cybercriminals' abuse of the platform? Continue Reading
-
Definition
18 Sep 2024
What is email spam and how to fight it?
Email spam, also known as 'junk email,' refers to unsolicited email messages, usually sent in bulk to a large list of recipients. Humans send spam, but more often, botnets are responsible for sending it. Continue Reading
-
Feature
17 Sep 2024
Infosec experts detail widespread Telegram abuse
Cybersecurity vendors say threat activity on Telegram has grown rapidly in recent years, and they don't expect the arrest of founder and CEO Pavel Durov to change that trend. Continue Reading
-
News
13 Sep 2024
Fortinet confirms data breach, extortion demand
Fortinet confirmed that a threat actor stole data from a third-party cloud-based shared file drive, which affected a small number of customers, but many questions remain. Continue Reading
-
Definition
12 Sep 2024
What is threat detection and response (TDR)? Complete guide
Threat detection and response (TDR) is the process of recognizing potential cyberthreats and reacting to them before harm can be done to an organization. Continue Reading
-
Tip
06 Sep 2024
7 essential steps to create a contact center RFP
Successful contact center RFPs are built on collaboration, vendor research, countless questions and answers, scorecards, shortlists, trial runs, bakeoffs and the final decision. Continue Reading
-
News
06 Sep 2024
Ransomware rocked healthcare, public services in August
Ransomware remained a highly disruptive threat last month, as notable attacks claimed victims in healthcare, technology, manufacturing and the public sector. Continue Reading
-
Feature
03 Sep 2024
MTA vs. MMM: What's the difference?
MTA and MMM help marketers improve their strategies, but MTA has a narrower focus. Key differences between these techniques include focus and data requirements. Continue Reading
-
News
29 Aug 2024
Russia's APT29 using spyware exploits in new campaigns
A new report from Google TAG suggests that Russia's APT29 is using vulnerability exploits first developed from spyware vendors to target Mongolian government websites. Continue Reading
-
Tip
27 Aug 2024
Contact center outsourcing: What businesses need to know
Businesses use contact center outsourcing to alleviate agent understaffing, expand customer service and reduce costs, but loss of control and service inconsistency are concerns. Continue Reading
-
Tip
27 Aug 2024
Why contact centers have high turnover and how to combat it
The alarming rise in contact center turnover rates negatively impacts agent morale, customer interactions and ROI. In many ways, AI is seen as both the cause and the solution. Continue Reading
-
Podcast
26 Aug 2024
Risk & Repeat: National Public Data breach questions remain
The breach of National Public Data may have put billions of personal records at risk, but the scope of the attack and impact on consumers are still unclear. Continue Reading
-
Opinion
23 Aug 2024
Security teams need to prioritize DSPM, review use cases
New research showed data resilience is a top priority for security teams, as data security posture management grows to help manage and protect data and improve GenAI. Continue Reading
-
News
22 Aug 2024
GuidePoint talks ransomware negotiations, payment bans
GuidePoint Security's Mark Lance discusses the current ransomware landscape and the steps that go into negotiating potential payments with cybercriminal gangs. Continue Reading
-
News
22 Aug 2024
NCC Group: Ransomware down in June, July YoY
While ransomware activity in July increased from the previous month, NCC Group researchers found the number of attacks was much lower compared to earlier this year. Continue Reading
-
Tip
21 Aug 2024
How to manage today's remote contact center agents
Technologies like agent analytics, video conferencing, collaboration tools, workforce management applications and cloud software can help manage remote contact centers. Continue Reading
-
News
20 Aug 2024
U.S. agencies attribute Trump campaign hack to Iran
CISA, the FBI and the Office of the Director of National Intelligence attributed a recent hack-and-leak attack on former President Donald Trump's 2024 election campaign to Iran. Continue Reading
-
Tip
19 Aug 2024
Guide to data detection and response (DDR)
Data is one of the most important assets in any organization. To truly protect it, you need a DDR strategy. Here's what you need to know, with tips on buying DDR tools. Continue Reading
-
Podcast
19 Aug 2024
Generative AI fuels growth of online deepfakes
As generative AI systems and voice cloning apps grow, organizations are seeing a rise in fraudulent calls. Organizations need to be vigilant and plan to deal with these threats. Continue Reading
-
Feature
16 Aug 2024
History and evolution of contact centers
Alexander Graham Bell, Steve Jobs and the Baby Bells played notable roles in the contact center's transformation into the front line of communication for businesses and customers. Continue Reading
-
Opinion
16 Aug 2024
Cyber-risk management: Key takeaways from Black Hat 2024
Product updates announced at Black Hat USA 2024 can help security teams better manage constantly changing attack surfaces and ensure new AI projects won't pose security risks. Continue Reading
-
News
15 Aug 2024
July ransomware attacks slam public sector organizations
The global IT outage caused by an errant CrowdStrike channel file update dominated security news last month. But there were still plenty of ransomware attacks to go around. Continue Reading
-
News
15 Aug 2024
National Public Data confirms breach, scope unknown
Reports suggest billions of personal records could have been compromised in the attack against data aggregator National Public Data, but the reality is more complicated. Continue Reading
-
Tip
15 Aug 2024
How to select an MDR security service
With the threat landscape as challenging as it is, organizations are looking for reinforcements. One option is to bolster detection and response via third-party MDR services. Continue Reading
-
Opinion
14 Aug 2024
Black Hat USA 2024 takeaways for data security and IAM
Black Hat USA 2024 showcased recurring themes of data security and IAM, encompassing the platform vs. point product debate, cleaning identity data and GenAI security. Continue Reading
-
Video
13 Aug 2024
Explaining third-party cookies vs. tracking pixels
Websites personalize content using third-party cookies and tracking pixels but do so in different ways. Continue Reading
-
News
13 Aug 2024
Law enforcement disrupts Radar/Dispossessor ransomware group
The now-disrupted Radar/Dispossessor ransomware gang was launched in August 2023, and its members have targeted dozens of SMBs across critical sectors via dual extortion. Continue Reading
-
Tip
09 Aug 2024
10 best practices for contact center quality assurance
To ensure quality and results in the contact center, businesses must define clear metrics, use real-time analytics, seek customer feedback, upskill agents and automate everywhere. Continue Reading
-
Report
09 Aug 2024
15 essential contact center features
Today's multifunctional contact centers must cut through the product hype and incorporate software features that meet customer demands for fast, seamless and personalized service. Continue Reading
-
News
08 Aug 2024
Wiz researchers hacked into leading AI infrastructure providers
During Black Hat USA 2024, Wiz researchers discussed how they were able to infiltrate leading AI service providers and access confidential data and models across the platforms. Continue Reading
-
News
07 Aug 2024
Researchers unveil AWS vulnerabilities, 'shadow resource' vector
During a Black Hat USA 2024 session, Aqua Security researchers demonstrated how they discovered six cloud vulnerabilities in AWS services and a new attack vector. Continue Reading
-
Guest Post
02 Aug 2024
How to prepare for a secure post-quantum future
Quantum computing is expected to arrive within the next decade and break current cryptographic algorithms. SANS' Andy Smith explains how to start securing your company now. Continue Reading
-
Tip
30 Jul 2024
Google isn't killing third-party cookies: What now?
The end of third-party cookies was on the horizon for years. For marketers, this termination meant finding new strategies and alternatives to third-party data. Continue Reading
-
Answer
30 Jul 2024
Benefits and challenges of electronic signatures
Electronic signatures are quick, secure and can support hybrid and distributed workforces, but not everyone trusts or has access to e-signature technology. Continue Reading