Data security and privacy
Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.
Top Stories
-
News
20 Mar 2023
FBI arrests suspected BreachForums owner in New York
The BreachForums arrest occurred days after DC Health Link's data went up for sale on the dark web message board, though the affidavit did not cite the breach in the arrest. Continue Reading
-
Tip
16 Mar 2023
How to approach data loss prevention in virtual servers
As security risks evolve, organizations are turning to data loss prevention tools and methods to combat external and internal risks. Learn how to get started with DLP. Continue Reading
-
Feature
02 Feb 2022
A day in the life of a cybersecurity manager
The role of a cybersecurity leader is often misunderstood. Experience a day in the life of a cybersecurity manager with this breakdown of a security leader's typical schedule. Continue Reading
-
Feature
02 Feb 2022
Top cybersecurity leadership challenges and how to solve them
Security isn't always a top business priority. This creates challenges for the cybersecurity managers and teams that hope to integrate security into their company's agenda. Continue Reading
-
News
02 Feb 2022
SolarMarker malware spread through advanced SEO poisoning
Sophos discovered SolarMarker malware was being distributed through fake SEO-focused topics in Google Groups, as well as malicious PDF files. Continue Reading
-
Feature
31 Jan 2022
How to prepare for malicious insider threats
Stopping malicious insider threats is just as important as preventing external ones. Uncover what to look for and strategies to prevent insider threats before they cause damage. Continue Reading
-
Feature
31 Jan 2022
Include defensive security in your cybersecurity strategy
Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
-
News
31 Jan 2022
Emsisoft releases DeadBolt ransomware decryption tool
Emsisoft's DeadBolt ransomware decryption tool fixes broken decryptor keys issued by threat actors, and works only if the victim has paid the ransom and received a key. Continue Reading
-
Tip
31 Jan 2022
8 best practices for blockchain security
In a world of decentralized record-keeping, remember all emerging technologies come with their own security risks. Follow these eight best practices to minimize the risk. Continue Reading
-
Tip
28 Jan 2022
Protect APIs against attacks with this security testing guide
API security cannot be overlooked. Learn how security testing can detect API vulnerabilities and weaknesses before attackers can take advantage of them. Continue Reading
-
Podcast
28 Jan 2022
Risk & Repeat: The complicated world of Monero
This Risk & Repeat podcast episode looks at the state of Monero, a privacy-focused cryptocurrency, as well as recent cyber attacks against crypto exchanges. Continue Reading
-
Feature
28 Jan 2022
4 data privacy predictions for 2022 and beyond
Data privacy will continue to heat up in 2022. From regulations to staffing to collaboration, will these data privacy predictions come to fruition in the next 12 months and beyond? Continue Reading
-
News
26 Jan 2022
DeadBolt ransomware targeting QNAP NAS storage devices
In addition to DeadBolt, QNAP NAS users have had to deal with multiple types of ransomware in recent months, including Qlocker and eCh0raix. Continue Reading
-
Tip
26 Jan 2022
Integrating zero-trust practices into private 5G networks
One of the first steps in deploying a technology is protecting it from potential security threats. Learn how to secure a private 5G network with zero-trust security practices. Continue Reading
-
News
24 Jan 2022
Monero and the complicated world of privacy coins
Monero is known for being one of the most common cryptocurrencies seen in illicit transactions, but its development community paints a different picture of the privacy coin. Continue Reading
-
Tip
21 Jan 2022
How to start implementing passwordless authentication today
Everyone is tired of passwords, but a truly passwordless world isn't quite there yet. Learn what options companies currently have to implement passwordless authentication. Continue Reading
-
Guest Post
21 Jan 2022
5 infosec predictions for 2022
If the predictions are correct, 2022 will be another groundbreaking year for information security. Have a look at the security forecast for the next 12 months. Continue Reading
-
News
18 Jan 2022
Ransomware actors increasingly demand payment in Monero
Though Bitcoin is still the cryptocurrency standard in ransomware payment demands, Monero has gained prominence due to its more private, less traceable technology. Continue Reading
-
News
18 Jan 2022
Police seize VPN host allegedly facilitating ransomware
VPNLab is accused of facilitating cybercrime including ransomware and malware distribution, and its services were allegedly advertised on the dark web. Continue Reading
-
Guest Post
13 Jan 2022
Is ransomware as a service going out of style?
Increased government pressure has backed many ransomware gangs into a corner, in turn forcing attackers to replace the ransomware-as-a-service model with a smash-and-grab approach. Continue Reading
-
News
12 Jan 2022
New RAT campaign abusing AWS, Azure cloud services
Cisco Talos discovered threat actors taking advantage of public cloud services to spread remote administration tools such as NanoCore, NetWire and AsyncRAT. Continue Reading
-
Guest Post
11 Jan 2022
Endpoint security is nothing without human operators
The growing threat landscape has made endpoint security more important than ever. Deploying an endpoint security platform without the proper staff, however, is simply not enough. Continue Reading
-
Tip
10 Jan 2022
Allowlisting vs. blocklisting: Benefits and challenges
Allowlisting and blocklisting are key components of access control. Learn the benefits and challenges of each approach and why a combination of the two is often the best strategy. Continue Reading
-
Tip
10 Jan 2022
3 areas privacy and cybersecurity teams should collaborate
Organizations can get a lot of value by having their privacy and cybersecurity teams work closely together. Collaborating on compliance objectives is just one benefit. Continue Reading
-
Opinion
06 Jan 2022
IoT ethics must factor into privacy and security discussions
With the adoption of IoT devices, consumers voluntarily trade privacy for the convenience of instant connectivity. Organizations must consider the ethics of their data collection. Continue Reading
-
News
05 Jan 2022
NY AG's credential stuffing probe finds 1M exposed accounts
The threat of credential stuffing attacks prompted an investigation by the New York Attorney General, which found stolen passwords for customer accounts across 17 companies. Continue Reading
-
News
05 Jan 2022
FTC warns companies to mitigate Log4j vulnerability
In a blog post about the critical Log4Shell vulnerability, the FTC mentioned 2017's Equifax breach and the legal consequences that followed. Continue Reading
-
Feature
04 Jan 2022
Is quantum computing ready to disrupt cybersecurity?
Quantum computing isn't here yet, but now is the time for companies to start considering how it may affect their business -- both negatively and positively -- in the next decade. Continue Reading
-
Tip
04 Jan 2022
7 API security testing best practices, with checklist
APIs are an increasingly common attack vector for malicious actors. Use our API security testing checklist and best practices to protect your organization and its data. Continue Reading
-
Feature
29 Dec 2021
Editor's picks: Top cybersecurity articles of 2021
As we call it a wrap on 2021, SearchSecurity looks at the top articles from the last 12 months and their sweeping trends, including ransomware, career planning and more. Continue Reading
-
Feature
28 Dec 2021
Types of cybersecurity controls and how to place them
A unilateral cybersecurity approach is ineffective in today's threat landscape. Learn why organizations should implement security controls based on the significance of each asset. Continue Reading
-
Feature
28 Dec 2021
Top infosec best practices, challenges and pain points
Weak infosec practices can have irrevocable consequences. Read up on infosec best practices and challenges, as well as the importance of cybersecurity controls and risk management. Continue Reading
-
Tip
21 Dec 2021
Cybersecurity teamwork: C-suite roles CIOs should befriend
To strengthen organizational cybersecurity, CIOs must work closely with other leaders. Learn why it's important to loop in the CEO, CFO and chief human resources officer. Continue Reading
-
Tip
21 Dec 2021
Fortify security with IoT data protection strategies
It's only a matter of time before attackers target IoT data. Organizations must be ready with IoT data security best practices, including data encryption and visibility. Continue Reading
-
News
20 Dec 2021
5 Russians charged in hacking, illegal trading scheme
A group of hackers based in Russia and tied to the GRU stand accused of breaking into companies and using confidential data to profit from illegal stock trades. Continue Reading
-
Tip
20 Dec 2021
Call center security best practices to protect customer data
If customers know an organization can keep their data safe, they have more positive experiences. These best practices can help establish trust and keep data safe in call centers. Continue Reading
-
News
20 Dec 2021
Apple v. NSO Group: How will it affect security researchers?
While the full extent of impact won't be revealed until the lawsuit concludes, negative impacts on security researchers are possible. Continue Reading
-
Tip
14 Dec 2021
Use these 6 user authentication types to secure networks
One layer of security that all networks and applications need is authentication. Read up on six authentication types, from 2FA to biometrics to certificates. Continue Reading
-
Tip
14 Dec 2021
4 API authentication methods to better protect data in transit
The API attack surface isn't always well protected. Learn about the authentication methods your company can use to secure its APIs. Continue Reading
-
Tip
13 Dec 2021
Why you need an email security policy and how to build one
Companies must have an effective security policy in place to keep email protected from cybercriminals and employee misuse. Learn the best route to build one for your company. Continue Reading
-
News
10 Dec 2021
Dark web posts shed light on Panasonic breach
A network breach at Japanese electronics giant Panasonic was possibly set up as far back as January, according to researchers who were monitoring dark web forums. Continue Reading
-
Guest Post
10 Dec 2021
The business benefits of data compliance
Beyond appeasing auditors and avoiding fines, data compliance offers several business benefits. Discover how data compliance can build trust and improve publicity. Continue Reading
-
Tip
10 Dec 2021
Cybersecurity employee training: How to build a solid plan
Cybersecurity training often misses the mark, while threats continue to grow. Succeed where others have failed by keeping training fresh, current and real. Here's how. Continue Reading
-
Feature
08 Dec 2021
Is a passwordless future getting closer to reality?
Industry analysts offer predictions on the future of passwordless authentication and whether we'll ever truly get rid of one of security's weakest links. Continue Reading
-
News
07 Dec 2021
BadgerDAO users' cryptocurrency stolen in cyber attack
Following last week's attack, BadgerDAO sent the threat actor a message, offering to 'compensate' the individual for finding a vulnerability in the company's systems. Continue Reading
-
News
06 Dec 2021
BitMart the latest crypto exchange to suffer cyber attack
BitMart, which describes itself as the 'most trusted crypto trading platform,' confirmed it was the victim of an attack where $150 million in assets were stolen. Continue Reading
-
Tip
06 Dec 2021
Top blockchain security attacks, hacks and issues
These five factors have created issues for the blockchain security landscape. Learn more about blockchain hacks and attacks and how they will affect the future of Web3. Continue Reading
-
Tip
03 Dec 2021
Top 3 information security strategy essentials CIOs need
Cybersecurity is more important than ever before as hackers get more aggressive and vulnerabilities grow. Learn how to approach it in the right way and why getting alignment is so key. Continue Reading
-
News
02 Dec 2021
Former Ubiquiti engineer arrested for inside threat attack
Nickolas Sharp is accused of attacking his former employer, stealing confidential data and attempting to extort the company into paying him approximately $2 million. Continue Reading
-
Tip
30 Nov 2021
How to create a company password policy, with template
Use these guidelines and our free template to ensure your company's password policy sets the ground rules for strong and effective password creation and use. Continue Reading
-
Feature
29 Nov 2021
The components and objectives of privacy engineering
Privacy engineering helps organizations balance business and privacy needs, while mitigating the impact of data breaches. Learn about its components and objectives. Continue Reading
-
Feature
29 Nov 2021
The intersection of privacy by design and privacy engineering
Data privacy concerns are widespread. Privacy by design and privacy engineering help organizations balance privacy with utility and usability. Learn how. Continue Reading
-
News
23 Nov 2021
Apple files lawsuit against spyware vendor NSO Group
Apple sued the Israeli technology vendor, whose Pegasus spyware has been implicated in several malicious attacks on journalists, activists and government officials. Continue Reading
-
News
22 Nov 2021
GoDaddy discloses breach of 1.2M customer account details
Web hosting provider GoDaddy said an attacker broke into its Managed WordPress service and accessed the account details and SSL keys of 1.2 million customers. Continue Reading
-
News
22 Nov 2021
Cryptocurrency exchange BTC-Alpha confirms ransomware attack
While it is common for threat actors to use cryptocurrency platforms to move and obfuscate ransom payments, this time an exchange platform was the victim of such an attack. Continue Reading
-
Tip
22 Nov 2021
Top 5 password hygiene tips and best practices
Passwords enable users to access important accounts and data -- making them attractive targets to attackers, too. Follow these password hygiene tips to keep your organization safe. Continue Reading
-
Answer
22 Nov 2021
What are the most important email security protocols?
Email was designed without security considerations, but these top email security protocols add mechanisms to keep messaging safe from threats. Continue Reading
-
Guest Post
15 Nov 2021
Reduce the risk of cyber attacks with frameworks, assessments
Don't rely on a compliance mandate to reduce the risk of cyber attacks or on a cyber insurer to cover an attack's aftermath. Assessments and frameworks are key to staying safe. Continue Reading
-
News
11 Nov 2021
Aruba Central breach exposed customer data
HPE-owned Aruba Networks said one of its cloud databases was accessed by hackers who were able to make off with location and telemetry data for its customers' Wi-Fi gear. Continue Reading
-
Guest Post
10 Nov 2021
4 concepts that help balance business and security goals
The goal of enterprise security is to maintain connectivity, while remaining protected. Use these four concepts to balance business and security goals. Continue Reading
-
Guest Post
03 Nov 2021
To improve resilience, augment zero-trust models
Zero-trust models are a start, but to improve resilience, they should be augmented and extended to include verification procedures, supply chain security and open source software. Continue Reading
-
News
02 Nov 2021
FBI: Ransomware gangs using financial info to target companies
The FBI assessed that ransomware threat actors are likely using information like mergers, acquisitions and stock valuations to determine vulnerable enterprise targets. Continue Reading
-
News
28 Oct 2021
Hackers upping SSL usage for encrypted attacks, communications
A report from cloud security vendor Zscaler found that cybercriminals are using secure connections to evade detection while carrying out network attacks. Continue Reading
-
News
28 Oct 2021
Twitter details internal Yubico security key rollout
Following last year's breach, Twitter obtained 100% security key enrollment from its 5,500 internal employee accounts within a month of the cutover date. Continue Reading
-
News
25 Oct 2021
SolarWinds hackers attacking more IT supply chain targets
According to Microsoft, the Russian threat group known as Nobelium has already compromised 14 technology service providers across the United States and Europe. Continue Reading
-
News
18 Oct 2021
Sinclair Broadcast Group suffers ransomware attack, breach
The media giant disclosed a ransomware attack Monday that caused massive disruptions across networks and saw threat actors obtain corporate data. Continue Reading
-
News
14 Oct 2021
Google digs into Iran's APT35 hacking group
Covert phishing tactics and cleverly disguised notifications are among the calling cards of the increasingly sophisticated operation aimed at Iran's opponents. Continue Reading
-
Tip
14 Oct 2021
What is attack surface management and why is it necessary?
Attack surface management approaches security from the attacker's perspective. Discover how ASM can help better secure your organization's sprawling assets and resources. Continue Reading
-
News
08 Oct 2021
Senators want FTC to enforce a federal data security standard
U.S. Senators debated creating federal data privacy and security standards and providing the FTC with enough resources to enforce them. Continue Reading
-
News
06 Oct 2021
Twitch confirms data breach following massive leak
Leakers claim to have stolen almost 6,000 internal Git repositories, including 'the entirety of Twitch.tv' and content creator payouts. Continue Reading
-
News
23 Sep 2021
Autodiscover flaw in Microsoft Exchange leaking credentials
Guardicore found that exploiting a design flaw in Autodiscover allowed it to capture more than 372,000 Windows domain credentials and nearly 97,000 unique application credentials. Continue Reading
-
Feature
14 Sep 2021
SolarWinds CEO: Breach transparency 'painful' but necessary
SolarWinds CEO Sudhakar Ramakrishna discusses his company's ongoing breach investigation, shares lessons learned from the attack and cautions IT pros on zero trust. Continue Reading
-
News
31 Aug 2021
SEC sanctions financial firms for cybersecurity failures
Three financial services firms were charged with failing to implement proper cybersecurity policies after cyber attacks led to the exposure of customer data. Continue Reading
-
News
18 Aug 2021
T-Mobile breach exposes data for more than 40M people
The telecom giant confirmed reports that its network was breached by a threat actor who stole personal data on more than 40 million current, former and prospective customers. Continue Reading
-
News
16 Aug 2021
FBI watchlist exposed by misconfigured Elasticsearch cluster
A terrorist watchlist was found in an exposed database, and security researcher Bob Diachenko says there is no way of knowing just how long it was open to the public. Continue Reading
-
News
12 Aug 2021
Months after the Accellion breach, more victims emerge
The Accellion breach occurred last December, but more victims have come to light in recent weeks as investigations, notifications and disclosures stretch on through the summer. Continue Reading
-
News
11 Aug 2021
Accenture responds to LockBit ransomware attack
The LockBit ransomware crew claims to have stolen data from IT services and consulting giant Accenture, but the company said no customer systems were affected in the attack. Continue Reading
-
News
09 Aug 2021
'ProxyShell' Exchange bugs resurface after presentation
A critical vulnerability in Microsoft Exchange is once again making the rounds with attackers, following a Black Hat presentation from the researcher who found it. Continue Reading
-
Answer
06 Aug 2021
Is bitcoin safe? How to secure your bitcoin wallet
As bitcoin use increases, so too have the number of cyber attacks on cryptocurrency exchanges and wallets. Learn how to keep bitcoin use secure. Continue Reading
-
News
05 Aug 2021
Hackers build a better timing attack to crack encryption keys
A new technique for cracking encryption keys can overcome the limitations of popular timing attacks by analyzing network packets, according to researchers at Black Hat 2021. Continue Reading
-
Guest Post
16 Jul 2021
4 healthcare risk management tips for secure cloud migration
From improving the security posture and updating threat modeling to securing cloud data, learn about four risk management tips for healthcare organizations migrating to cloud. Continue Reading
-
News
14 Jun 2021
Accellion breach raises notification concerns
Victims of the breach continue to emerge, and one customer said it could have acted sooner, but a critical alert about a zero-day never left Accellion's email system. Continue Reading
-
News
11 Jun 2021
Securolytics COO charged in Georgia hospital cyber attack
Details on the cyber attack are scarce, but according to the indictment, Vikas Singla allegedly attempted to steal data and disrupt the hospital's phone system. Continue Reading
-
Tip
11 Jun 2021
5 steps to achieve a risk-based security strategy
Learn about the five steps to implement a risk-based security strategy that will help naturally deliver compliance as a consequence of an improved security posture. Continue Reading
-
News
02 Jun 2021
ExaGrid revealed as latest Conti ransomware casualty
The data backup vendor appears to have paid a $2.6 million ransom after Conti threat actors breached its corporate network and stole internal documents. Continue Reading
-
News
26 May 2021
US agencies lack supply chain best practices post-SolarWinds
Vijay D'Souza, the GAO's director of IT and cybersecurity, said during a joint hearing that 'none of the agencies have fully implemented our recommendations.' Continue Reading
-
Quiz
25 May 2021
Cryptography quiz questions and answers: Test your smarts
Put your encryption knowledge to the test, and perhaps even learn a new word or concept in the process with these cryptography quiz questions. Continue Reading
-
News
18 May 2021
Attorneys share worst practices for data breach response
Angry emails, bad jokes and sloppy reports can all lead to legal headaches following a data breach, according to a panel of experts at RSA Conference 2021. Continue Reading
-
News
13 May 2021
Verizon DBIR shows sharp increase in ransomware attacks
According to Verizon's latest Data Breach Investigations Report, 60% of ransomware cases involved either direct installation or installation via desktop sharing software. Continue Reading
-
News
12 May 2021
Funding is key to strengthening national cybersecurity
In the wake of the Colonial Pipeline ransomware attack, national cybersecurity experts make the case for additional funding during a Senate hearing. Continue Reading
-
News
28 Apr 2021
Codecov breach raises concerns about software supply chain
So far, only HashiCorp has disclosed a breach connected to the attack on Codecov, but threat researchers have drawn parallels to the SolarWinds supply chain attacks. Continue Reading
-
Guest Post
28 Apr 2021
Cybersecurity key to protect brands in the digital landscape
The digital transformation disrupted the relationship between brand value and risk. Vishal Salvi explains how the right cybersecurity strategy protects both brands and customers. Continue Reading
-
News
27 Apr 2021
Rise in ransom payments may fuel more dangerous attacks
A new report from Coveware found that ransom payments increased significantly in Q1 this year, as did ransomware actors' use of software vulnerabilities in attacks. Continue Reading
-
Guest Post
16 Apr 2021
Companies must train their SOC teams well to prevent breaches
SOC teams can have all the latest and greatest cybersecurity tools, but unless they have the proper training, it won't be enough to mitigate an attack. Continue Reading
-
Guest Post
07 Apr 2021
Utilizing existing tech to achieve zero-trust security
A zero-trust security model can immediately be used to address current gaps and provide a secure foundation for managing risk going forward, from both internal and external threats. Continue Reading
-
Quiz
30 Mar 2021
Data loss prevention quiz: Test your training on DLP features
Data loss prevention tools can help infosec manage insider threat, shadow IT and compliance initiatives. Test your know-how with this DLP quiz. Continue Reading
-
News
25 Mar 2021
Cyber insurance company CNA discloses cyber attack
Though the nature of the cyber attack is unclear, CNA confirmed the attack caused a network disruption and affected systems such as corporate email and the company's website. Continue Reading
-
Guest Post
18 Mar 2021
3 ways CISOs can align cybersecurity to business goals
To work effectively with the C-suite, CISOs can take three steps to align business goals with cybersecurity needs to reduce risk, guest contributor Mike McGlynn advises. Continue Reading
-
News
16 Mar 2021
Timeline of Microsoft Exchange Server attacks raises questions
Multiple security vendors reported that exploitation of the Microsoft Exchange Server zero-days began well before their disclosure, but researchers are at a loss to explain why. Continue Reading
-
Guest Post
11 Mar 2021
How security teams can prepare for advanced persistent threats
Daniel Clayton explains how any organization can devise its cybersecurity strategy to account for advanced persistent threats, which have started changing the threat landscape. Continue Reading
-
News
25 Feb 2021
Vastaamo breach, bankruptcy indicate troubling trend
The blackmailing of patients directly, as well as the resulting bankruptcy of Vastaamo Psychotherapy Centre, could single a shift in cyber crime tactics. Continue Reading
-
Tip
25 Feb 2021
3 post-SolarWinds supply chain security best practices
Following the devastating SolarWinds breach, IT leaders should renew their focus on third-party risk management. Start by implementing supply chain security best practices. Continue Reading