Data security and privacy
Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.
Top Stories
-
News
01 Jun 2023
Zero-day vulnerability in MoveIt Transfer under attack
Rapid7 observed exploitation of a SQL injection vulnerability in Progress Software's managed file transfer product, which was disclosed this week but has not been patched. Continue Reading
-
Opinion
01 Jun 2023
6 ways Amazon Security Lake could boost security analytics
Amazon's new security-focused data lake holds promise -- including possibly changing the economics around secure data storage. Continue Reading
-
Guest Post
15 Nov 2021
Reduce the risk of cyber attacks with frameworks, assessments
Don't rely on a compliance mandate to reduce the risk of cyber attacks or on a cyber insurer to cover an attack's aftermath. Assessments and frameworks are key to staying safe. Continue Reading
-
News
11 Nov 2021
Aruba Central breach exposed customer data
HPE-owned Aruba Networks said one of its cloud databases was accessed by hackers who were able to make off with location and telemetry data for its customers' Wi-Fi gear. Continue Reading
-
Guest Post
10 Nov 2021
4 concepts that help balance business and security goals
The goal of enterprise security is to maintain connectivity, while remaining protected. Use these four concepts to balance business and security goals. Continue Reading
-
Guest Post
03 Nov 2021
To improve resilience, augment zero-trust models
Zero-trust models are a start, but to improve resilience, they should be augmented and extended to include verification procedures, supply chain security and open source software. Continue Reading
-
News
02 Nov 2021
FBI: Ransomware gangs using financial info to target companies
The FBI assessed that ransomware threat actors are likely using information like mergers, acquisitions and stock valuations to determine vulnerable enterprise targets. Continue Reading
-
News
28 Oct 2021
Hackers upping SSL usage for encrypted attacks, communications
A report from cloud security vendor Zscaler found that cybercriminals are using secure connections to evade detection while carrying out network attacks. Continue Reading
-
News
28 Oct 2021
Twitter details internal Yubico security key rollout
Following last year's breach, Twitter obtained 100% security key enrollment from its 5,500 internal employee accounts within a month of the cutover date. Continue Reading
-
News
25 Oct 2021
SolarWinds hackers attacking more IT supply chain targets
According to Microsoft, the Russian threat group known as Nobelium has already compromised 14 technology service providers across the United States and Europe. Continue Reading
-
News
18 Oct 2021
Sinclair Broadcast Group suffers ransomware attack, breach
The media giant disclosed a ransomware attack Monday that caused massive disruptions across networks and saw threat actors obtain corporate data. Continue Reading
-
News
14 Oct 2021
Google digs into Iran's APT35 hacking group
Covert phishing tactics and cleverly disguised notifications are among the calling cards of the increasingly sophisticated operation aimed at Iran's opponents. Continue Reading
-
Tip
14 Oct 2021
What is attack surface management and why is it necessary?
Attack surface management approaches security from the attacker's perspective. Discover how ASM can help better secure your organization's sprawling assets and resources. Continue Reading
-
News
08 Oct 2021
Senators want FTC to enforce a federal data security standard
U.S. Senators debated creating federal data privacy and security standards and providing the FTC with enough resources to enforce them. Continue Reading
-
News
06 Oct 2021
Twitch confirms data breach following massive leak
Leakers claim to have stolen almost 6,000 internal Git repositories, including 'the entirety of Twitch.tv' and content creator payouts. Continue Reading
-
News
23 Sep 2021
Autodiscover flaw in Microsoft Exchange leaking credentials
Guardicore found that exploiting a design flaw in Autodiscover allowed it to capture more than 372,000 Windows domain credentials and nearly 97,000 unique application credentials. Continue Reading
-
Feature
14 Sep 2021
SolarWinds CEO: Breach transparency 'painful' but necessary
SolarWinds CEO Sudhakar Ramakrishna discusses his company's ongoing breach investigation, shares lessons learned from the attack and cautions IT pros on zero trust. Continue Reading
-
News
31 Aug 2021
SEC sanctions financial firms for cybersecurity failures
Three financial services firms were charged with failing to implement proper cybersecurity policies after cyber attacks led to the exposure of customer data. Continue Reading
-
News
18 Aug 2021
T-Mobile breach exposes data for more than 40M people
The telecom giant confirmed reports that its network was breached by a threat actor who stole personal data on more than 40 million current, former and prospective customers. Continue Reading
-
News
16 Aug 2021
FBI watchlist exposed by misconfigured Elasticsearch cluster
A terrorist watchlist was found in an exposed database, and security researcher Bob Diachenko says there is no way of knowing just how long it was open to the public. Continue Reading
-
News
12 Aug 2021
Months after the Accellion breach, more victims emerge
The Accellion breach occurred last December, but more victims have come to light in recent weeks as investigations, notifications and disclosures stretch on through the summer. Continue Reading
-
News
11 Aug 2021
Accenture responds to LockBit ransomware attack
The LockBit ransomware crew claims to have stolen data from IT services and consulting giant Accenture, but the company said no customer systems were affected in the attack. Continue Reading
-
News
09 Aug 2021
'ProxyShell' Exchange bugs resurface after presentation
A critical vulnerability in Microsoft Exchange is once again making the rounds with attackers, following a Black Hat presentation from the researcher who found it. Continue Reading
-
Answer
06 Aug 2021
Is bitcoin safe? How to secure your bitcoin wallet
As bitcoin use increases, so too have the number of cyber attacks on cryptocurrency exchanges and wallets. Learn how to keep bitcoin use secure. Continue Reading
-
News
05 Aug 2021
Hackers build a better timing attack to crack encryption keys
A new technique for cracking encryption keys can overcome the limitations of popular timing attacks by analyzing network packets, according to researchers at Black Hat 2021. Continue Reading
-
Guest Post
16 Jul 2021
4 healthcare risk management tips for secure cloud migration
From improving the security posture and updating threat modeling to securing cloud data, learn about four risk management tips for healthcare organizations migrating to cloud. Continue Reading
-
News
14 Jun 2021
Accellion breach raises notification concerns
Victims of the breach continue to emerge, and one customer said it could have acted sooner, but a critical alert about a zero-day never left Accellion's email system. Continue Reading
-
News
11 Jun 2021
Securolytics COO charged in Georgia hospital cyber attack
Details on the cyber attack are scarce, but according to the indictment, Vikas Singla allegedly attempted to steal data and disrupt the hospital's phone system. Continue Reading
-
Tip
11 Jun 2021
5 steps to achieve a risk-based security strategy
Learn about the five steps to implement a risk-based security strategy that will help naturally deliver compliance as a consequence of an improved security posture. Continue Reading
-
News
02 Jun 2021
ExaGrid revealed as latest Conti ransomware casualty
The data backup vendor appears to have paid a $2.6 million ransom after Conti threat actors breached its corporate network and stole internal documents. Continue Reading
-
News
26 May 2021
US agencies lack supply chain best practices post-SolarWinds
Vijay D'Souza, the GAO's director of IT and cybersecurity, said during a joint hearing that 'none of the agencies have fully implemented our recommendations.' Continue Reading
-
Quiz
25 May 2021
Cryptography quiz questions and answers: Test your smarts
Put your encryption knowledge to the test, and perhaps even learn a new word or concept in the process with these cryptography quiz questions. Continue Reading
-
News
18 May 2021
Attorneys share worst practices for data breach response
Angry emails, bad jokes and sloppy reports can all lead to legal headaches following a data breach, according to a panel of experts at RSA Conference 2021. Continue Reading
-
News
13 May 2021
Verizon DBIR shows sharp increase in ransomware attacks
According to Verizon's latest Data Breach Investigations Report, 60% of ransomware cases involved either direct installation or installation via desktop sharing software. Continue Reading
-
News
12 May 2021
Funding is key to strengthening national cybersecurity
In the wake of the Colonial Pipeline ransomware attack, national cybersecurity experts make the case for additional funding during a Senate hearing. Continue Reading
-
News
28 Apr 2021
Codecov breach raises concerns about software supply chain
So far, only HashiCorp has disclosed a breach connected to the attack on Codecov, but threat researchers have drawn parallels to the SolarWinds supply chain attacks. Continue Reading
-
Guest Post
28 Apr 2021
Cybersecurity key to protect brands in the digital landscape
The digital transformation disrupted the relationship between brand value and risk. Vishal Salvi explains how the right cybersecurity strategy protects both brands and customers. Continue Reading
-
News
27 Apr 2021
Rise in ransom payments may fuel more dangerous attacks
A new report from Coveware found that ransom payments increased significantly in Q1 this year, as did ransomware actors' use of software vulnerabilities in attacks. Continue Reading
-
Guest Post
16 Apr 2021
Companies must train their SOC teams well to prevent breaches
SOC teams can have all the latest and greatest cybersecurity tools, but unless they have the proper training, it won't be enough to mitigate an attack. Continue Reading
-
Guest Post
07 Apr 2021
Utilizing existing tech to achieve zero-trust security
A zero-trust security model can immediately be used to address current gaps and provide a secure foundation for managing risk going forward, from both internal and external threats. Continue Reading
-
Quiz
30 Mar 2021
Data loss prevention quiz: Test your training on DLP features
Data loss prevention tools can help infosec manage insider threat, shadow IT and compliance initiatives. Test your know-how with this DLP quiz. Continue Reading
-
News
25 Mar 2021
Cyber insurance company CNA discloses cyber attack
Though the nature of the cyber attack is unclear, CNA confirmed the attack caused a network disruption and affected systems such as corporate email and the company's website. Continue Reading
-
Guest Post
18 Mar 2021
3 ways CISOs can align cybersecurity to business goals
To work effectively with the C-suite, CISOs can take three steps to align business goals with cybersecurity needs to reduce risk, guest contributor Mike McGlynn advises. Continue Reading
-
News
16 Mar 2021
Timeline of Microsoft Exchange Server attacks raises questions
Multiple security vendors reported that exploitation of the Microsoft Exchange Server zero-days began well before their disclosure, but researchers are at a loss to explain why. Continue Reading
-
Guest Post
11 Mar 2021
How security teams can prepare for advanced persistent threats
Daniel Clayton explains how any organization can devise its cybersecurity strategy to account for advanced persistent threats, which have started changing the threat landscape. Continue Reading
-
News
25 Feb 2021
Vastaamo breach, bankruptcy indicate troubling trend
The blackmailing of patients directly, as well as the resulting bankruptcy of Vastaamo Psychotherapy Centre, could single a shift in cyber crime tactics. Continue Reading
-
Tip
25 Feb 2021
3 post-SolarWinds supply chain security best practices
Following the devastating SolarWinds breach, IT leaders should renew their focus on third-party risk management. Start by implementing supply chain security best practices. Continue Reading
-
Guest Post
12 Feb 2021
How SolarWinds attack will change CISOs' priorities
Following cybersecurity best practices used to be enough, but after the SolarWinds supply chain attack, CISOs now have to rethink all their security protocols. Continue Reading
-
Feature
08 Feb 2021
5 cybersecurity lessons from the SolarWinds breach
Ransomware attack simulations, accessing enterprise logs and pen testing software code are among the best practices cybersecurity pros suggest following the SolarWinds breach. Continue Reading
-
Feature
01 Feb 2021
The dark web in 2021: Should enterprises be worried?
SearchSecurity spoke with multiple experts to find out how the dark web has changed, what the security risks are for enterprises and the value of dark web monitoring services. Continue Reading
-
Guest Post
27 Jan 2021
2021 cybersecurity predictions: Oh, where cybersecurity may go
Jonathan Meyers sees 2021 bringing cybersecurity challenges to the forefront, like more cyberattacks on local governments, BYOD security issues and AI and ML overhype. Continue Reading
-
News
26 Jan 2021
Mimecast certificate compromised by SolarWinds hackers
Mimecast conducted an investigation after being alerted by Microsoft that a certificate for Microsoft 365 Exchange Web Services authentication was stolen by a sophisticated actor. Continue Reading
-
Guest Post
25 Jan 2021
4 ways to minimize the risk of IT supply chain attacks
Mark Whitehead breaks down the importance of taking a zero-trust cybersecurity approach when it comes to protecting networks and data accessible by third-party partners. Continue Reading
-
Guest Post
22 Jan 2021
Standardize cybersecurity terms to get everyone correct service
Some cybersecurity terms can refer to multiple service offerings, which can be confusing for companies looking to implement them as well as the companies providing them. Continue Reading
-
News
19 Jan 2021
Malwarebytes breached by SolarWinds hackers
Malwarebytes, which is not a SolarWinds customer, confirmed that nation-state actors used an entirely different vector to breach the antimalware vendor and access internal emails. Continue Reading
-
Guest Post
19 Jan 2021
Combine ML with human intelligence for your security strategy
As hackers target the ever-increasing complexity of company networks, enterprises need to find a balance between machine learning and human intelligence when protecting systems and data. Continue Reading
-
Feature
29 Dec 2020
Editor's picks: Top cybersecurity articles of 2020
As the year no one could have predicted comes to a close, SearchSecurity takes a 30,000-foot view of the cybersecurity trends and challenges that defined the last 12 months. Continue Reading
-
Feature
22 Dec 2020
Enterprise cybersecurity threats spiked in 2020, more to come in 2021
After an unprecedented year from an enterprise cybersecurity threat standpoint, security leaders are preparing for growing number and sophistication of attacks in 2021. Continue Reading
-
Feature
04 Dec 2020
Security operations center use cases, strategies vary
More CISOs are turning to security operations centers to centralize infosec processes, but experience shows SOC use cases will depend on the organization's infosec objectives. Continue Reading
- E-Zine 02 Nov 2020
-
Feature
27 Oct 2020
Zero-trust methodology's popularity a double-edged sword
The authors of 'Zero Trust Networks' discuss how the zero-trust methodology's popularity produces both vendor hype and renewed attention to critical areas of security weakness. Continue Reading
-
News
16 Oct 2020
Twitter hackers posed as IT staff, used VPN issues as a lure
A report by New York State's Department of Financial Services found that hackers breached Twitter's network by posing as IT support and obtaining credentials through vishing. Continue Reading
-
Tip
08 Oct 2020
Weighing double key encryption challenges, payoffs
Microsoft's new double key encryption offering brings data security and compliance benefits. Are they worth the implementation challenges? Continue Reading
-
Guest Post
05 Oct 2020
Developing a cyber resilience plan for today's threat landscape
A cyber resilience plan should complement a company's cybersecurity strategy so that the security culture and cyber hygiene is thought through in all IT and cybersecurity initiatives. Continue Reading
-
Tip
30 Sep 2020
What are the top secure data transmission methods?
Safe information transfer is a must for modern organizations, but not all secure data transmission methods are equal. Explore your secure data transfer options in this tip. Continue Reading
-
News
24 Sep 2020
Shopify discloses data breach caused by insider threats
Canadian e-commerce company Shopify disclosed a data breach involving two insider threats, but questions remain about the breach and how it was discovered. Continue Reading
-
Tip
22 Sep 2020
Format-preserving encryption use cases, benefits, alternative
With format-preserving encryption, a ciphertext's format is the same as its plaintext's. Read up on the benefits of this cryptography method, NIST FPE methods, vendors and more. Continue Reading
-
Guest Post
15 Sep 2020
How to protect companies from business email compromise
Research shows that business email compromise attacks continue to proliferate as threat actors continue to see success. Here are a few ways to protect your company. Continue Reading
-
News
31 Aug 2020
The Uber data breach cover-up: A timeline of events
The criminal charges against former Uber CSO Joe Sullivan were the latest development in the ongoing scandal over the ride-sharing company's concealment of a 2016 data breach. Continue Reading
-
News
21 Aug 2020
Former Uber CSO charged over 'hush money' payment to hackers
Joe Sullivan, who was fired by Uber in 2017, was charged by federal prosecutors for allegedly covering up a massive 2016 data breach at the ride-sharing company. Continue Reading
-
Feature
11 Aug 2020
Security team analyzes data breach costs for better metrics
Security researchers discuss their findings on misleading and incorrect data breach cost metrics and share how breach reporting and information sharing can help all organizations. Continue Reading
-
News
04 Aug 2020
Twitter breach raises concerns over phone phishing
The alleged mastermind behind the Twitter breach has been arrested, and the method of social engineering attack has also been revealed: phone phishing, or vishing. Continue Reading
-
Feature
03 Aug 2020
Security pros explain how to prevent cyber attacks
Even during pandemics, hackers use malware such as ransomware and phishing to exploit an organization's vulnerabilities. IT security pros discuss how they prevent cyber attacks. Continue Reading
-
Feature
31 Jul 2020
Security issues with working remotely (and how to fix them)
With companies continuing work from home for the foreseeable future, Rohit Dhamankar offers home security advice to help security teams and employees address security issues with working remotely. Continue Reading
-
News
29 Jul 2020
IBM: Compromised credentials led to higher data breach costs
The average total cost of a data breach is $3.86 million, according to new research from IBM and the Ponemon Institute, and compromised credentials are the biggest reason why. Continue Reading
-
News
23 Jul 2020
Microsoft unveils new DLP, 'Double Key Encryption' offerings
Microsoft revealed new security products and features this week, including an Endpoint Data Loss Prevention product as well as "Double Key Encryption" for Microsoft 365. Continue Reading
-
Feature
21 Jul 2020
Complexity exacerbates cloud cybersecurity threats
As cloud becomes intrinsic to IT, shifting roles have led to some risks being overlooked. But companies are getting smarter about alleviating cloud cybersecurity threats. Continue Reading
-
News
20 Jul 2020
Twitter breach caused by social engineering attack
Twitter was breached last Wednesday though a social engineering attack. Forty-five accounts were hijacked and up to eight accounts may have had their private messages stolen. Continue Reading
-
Podcast
17 Jul 2020
Risk & Repeat: Twitter breach leads to account hijacking
This week's Risk & Repeat podcast discusses how threat actors gained access to Twitter's internal systems and hijacked the accounts of Jeff Bezos, Bill Gates and others. Continue Reading
-
News
15 Jul 2020
Citrix data exposed in third-party breach
Citrix CISO Fermin Serna said a third-party organization is investigating a data breach after some of the vendor's customer data ended up on a dark web marketplace. Continue Reading
-
News
16 Jun 2020
Repeat ransomware attacks: Why organizations fall victim
Some organizations get hit with ransomware multiple times. Threat researchers explain why repeat attacks happen and how victims can prevent it from occurring again. Continue Reading
-
News
10 Jun 2020
Maze ransomware builds 'cartel' with other threat groups
Operators behind the Maze ransomware posted data leaks from competing ransomware gangs to their victim shaming website, suggesting they have joined forces. Continue Reading
-
Feature
05 Jun 2020
A case for both cybersecurity detection and prevention tools
Companies need both detection and prevention cybersecurity tools to effectively keep data and employees safe from attackers. Just one or the other isn't enough. Continue Reading
-
News
29 May 2020
Cisco servers breached through SaltStack vulnerabilities
Threat actors exploited critical SaltStack flaws, which were disclosed and patched last month, in a Cisco product to breach several of the networking company's salt-master servers. Continue Reading
-
Feature
29 May 2020
How security testing could change after COVID-19
As companies look to bring employees back into the office, security teams must consider how to handle security testing due to initial remote work deployments and shadow IT. Continue Reading
-
News
19 May 2020
Verizon DBIR: Breaches doubled, but plenty of silver linings
The 2020 Verizon Data Breach Investigations Report showed the number of confirmed breaches last year nearly doubled, but it also highlighted some positive trends. Continue Reading
-
News
12 May 2020
Q1 data breaches down, but exposed records reach new high
Threat intelligence firm Risk Based Security released its 2020 Q1 Report, which shows a 273 percent increase in exposed records and 42 percent decrease in publicly reported breaches. Continue Reading
-
Tip
05 May 2020
How data loss prevention strategies benefit from UBA
Data loss prevention strategies require unique insight into user activity. Can user behavior analytics capabilities benefit threat management and breach detection? Continue Reading
-
News
05 May 2020
Critical SaltStack vulnerabilities exploited in several data breaches
SaltStack patched two critical vulnerabilities in its software last week, but hackers used the flaws over the weekend to breach several unpatched networks and systems. Continue Reading
-
Feature
28 Apr 2020
Utilize SMB security tools to work from home safely
With the global pandemic forcing enterprise workers home, SMB security tools can provide necessary protection for newly built home offices in order to keep business moving. Continue Reading
-
Tip
06 Apr 2020
Using AIOps for cybersecurity and better threat response
AIOps platforms, when properly tuned, can benefit all of IT in important ways. Learn how these advanced security tools improve threat detection and response in myriad ways. Continue Reading
-
Feature
31 Mar 2020
Will nonprofit's evolution of zero trust secure consumer data?
An Australian nonprofit aims to deliver an improved security protocol through what it calls a 'true zero-trust custody layer.' Will the protocol improve consumer data protection? Continue Reading
-
Feature
26 Mar 2020
Explore 7 data loss prevention tools for utmost security
Explore how DLP products secure enterprise data and these seven specialized vendors that provide protection through varying installation, platforms and features. Continue Reading
-
News
24 Mar 2020
Canon breach exposes General Electric employee data
Canon Business Process Services was breached last month, according to an announcement by General Electric, which used Canon for employee document processing. Continue Reading
-
Infographic
13 Mar 2020
Analyzing the top 2019 data breach disclosures: Hindsight in 2020
Make 2020 the year your company keep its resolution to avoid a data breach. Experts offer lessons learned from the top 2019 data breaches to help stay secure in the year ahead. Continue Reading
-
Tip
28 Feb 2020
6 cybersecurity strategies to solidify personal data protection
As consumers add more connected devices to personal networks, cybersecurity risk is hitting close to home. Here are steps individuals can take to ensure personal data protection. Continue Reading
-
Feature
28 Feb 2020
Cyberinsurance coverage reflects a changing threat landscape
A constant deluge of data breach disclosures has prompted an increase in cybersecurity insurance coverage adoption. Learn how a policy can enhance an enterprise risk management program. Continue Reading
-
Tip
19 Feb 2020
Who wins the security vs. privacy debate in the age of AI?
When trying to maintain balance between security and privacy in an AI-enabled world, who decides which side should tip and when? So continues the security vs. privacy debate. Continue Reading
-
Podcast
05 Feb 2020
Risk & Repeat: 2019 data breaches in review
This week's Risk & Repeat podcast looks at some of the biggest data breach disclosures from the second half of 2019 and discusses the trends around these incidents. Continue Reading
-
Infographic
03 Feb 2020
Data breach costs hit hard; where are you most vulnerable?
Breaking down the cost of a data breach isn't for the faint of heart. But with millions of dollars on the line for a single event, companies also need to have their eyes wide open. Continue Reading
- 03 Feb 2020
-
News
30 Jan 2020
Payment cards from Wawa data breach found on dark web
Payment card information from customers of the convenience store chain Wawa has reportedly gone up for sale on the dark web, though questions about the breach remain. Continue Reading