Data security and privacy

Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.

Top Stories

Feature 01 Dec 2023
How to solve 2 MFA challenges: SIM swapping and MFA fatigue

While MFA improves account security, attacks still exploit it. Learn about two MFA challenges -- SIM swapping and MFA fatigue -- and how to mitigate them. Continue Reading
News 30 Nov 2023
Black Basta ransomware payments exceed $100M since 2022

Insurance provider Corvus and blockchain analytics vendor Elliptic partnered to examine how much damage the Black Basta ransomware group has caused in less than two years. Continue Reading

Feature 31 Mar 2022

Why CISOs need to understand the business

While CISOs need technical skills, business skills help them push their team's agenda and get the support and funding they need to protect their company. Continue Reading
News 30 Mar 2022

Lack of competition is driving federal budget antitrust hike

In Biden's proposed budget, the FTC would gain an additional $139 million, while the DOJ's antitrust division would see an $88 million increase. Continue Reading
Tip 29 Mar 2022

Why is document version control important?

Although best practices have changed, many organizations lack a suitable versioning strategy. Proper document version control can improve collaboration and fact-checking. Continue Reading
Guest Post 28 Mar 2022

The benefits and challenges of SBOMs

While software bills of material present new challenges for security teams, they offer the benefits of improved visibility, transparency and security. Continue Reading
Tip 25 Mar 2022

Review Microsoft Defender for endpoint security pros and cons

Microsoft wants to make Defender the only endpoint security product companies need, but does the good outweigh the bad? Read up on its features and pitfalls. Continue Reading
Podcast 25 Mar 2022

Risk & Repeat: Lapsus$ highlights poor breach disclosures

This Risk & Repeat podcast episode examines two high-profile breaches by emerging threat group Lapsus$ and how Microsoft and Okta responded to these attacks. Continue Reading
Tip 24 Mar 2022

How to overcome GDPR compliance challenges

As GDPR fines and penalties increase, organizations must prioritize compliance to avoid financial and reputational damages. Learn about the top challenges and their solutions. Continue Reading
News 24 Mar 2022

Okta provides new details on Lapsus$ attack

The authentication provider shed new light on how a customer service agent at subcontractor Sitel was hacked and then used to obtain data on hundreds of Okta clients. Continue Reading
News 23 Mar 2022

Lawsuit claims Kronos breach exposed data for 'millions'

A class-action lawsuit was filed against Ultimate Kronos Group for alleged negligence regarding a ransomware attack and private cloud breach in December. Continue Reading
News 23 Mar 2022

Microsoft confirms breach, attributes attack to Lapsus$

Microsoft disclosed it had been breached by emerging threat group Lapsus$ toward the end of a threat intelligence post dedicated to the extortion gang and its tactics. Continue Reading
News 22 Mar 2022

Lapsus$ hacking group hit authentication vendor Okta

Authentication vendor Okta is the latest tech giant to be named as a victim of the prolific Lapsus$ crew, through key details about the attack remain in dispute. Continue Reading
Tip 22 Mar 2022

Will Google kill third-party cookies?

The end of third-party cookies has been on the horizon for years. For marketers, this termination means finding new strategies and alternatives to third-party data. Continue Reading
News 21 Mar 2022

Cryptocurrency companies impacted by HubSpot breach

A compromised employee account at HubSpot led to the breach of several companies' customers in the cryptocurrency industry. Continue Reading
News 16 Mar 2022

FTC accuses CafePress of covering up 2019 data breach

The proposed FTC settlement would require CafePress' former owner to pay $500,000 in compensation to customers who were victimized in the company's 2019 data breach. Continue Reading
Tip 16 Mar 2022

10 key elements to follow data compliance regulations

Data privacy laws are changing around the world on a constant basis. These 10 elements can help keep organizations up to speed with data compliance regulations. Continue Reading
News 16 Mar 2022

Biden signs law on reporting critical infrastructure cyber attacks

President Joe Biden signed a law that requires critical infrastructure entities to report cyber attacks within 72 hours and report ransom payments in 24 hours. Continue Reading
News 15 Mar 2022

Container vulnerability opens door for supply chain attacks

A CRI-O container engine vulnerability could allow attackers to bypass security controls and take over a host system, according to CrowdStrike researchers. Continue Reading
Tip 15 Mar 2022

How endpoint encryption works in a data security strategy

Companies should use encryption to keep data on endpoints protected should an attacker successfully get hold of a device or breach enterprise security measures. Continue Reading
News 15 Mar 2022

Infosec news cycles: How quickly do they fade?

Google Trends spikes, on average, lasted a few weeks for major infosec news events like SolarWinds, Log4Shell and the Colonial Pipeline ransomware attack. Continue Reading
Tip 11 Mar 2022

How to write an information security policy, plus templates

Infosec policies are key to any enterprise security program. Read up on types of security policies and how to write one, and download free templates to start the drafting process. Continue Reading
Guest Post 11 Mar 2022

How to build a security champions program

Security champions are key to promoting and creating a security-first company. Learn how to build a security champions program using these four steps. Continue Reading
Feature 10 Mar 2022

6 potential enterprise security risks with NFC technology

Some NFC risks include payment processing fraud, eavesdropping and replay attacks. Continue Reading
News 09 Mar 2022

Researchers disclose new Spectre V2 vulnerabilities

The Spectre class of data disclosure vulnerabilities is once again at the security forefront after researchers discovered a new variant of the side-channel attack. Continue Reading
Tip 09 Mar 2022

How to check and verify file integrity

Organizations planning content migrations should verify file integrity and ensure files weren't corrupted in the move. File validation can keep critical data secure. Continue Reading
News 07 Mar 2022

Samsung breached, Nvidia hackers claim responsibility

Samsung said Galaxy device source code was stolen, but no employee or customer personal information was taken by the attackers, who appear to be with the Lapsus$ ransomware group. Continue Reading
News 04 Mar 2022

Hackers using stolen Nvidia certificates to sign malware

The recent breach of Nvidia's corporate network has resulted in the posting of valid software certificates that are now being used to spread malware in the wild. Continue Reading
Feature 04 Mar 2022

Use digital identity proofing to verify account creation

Validating users during account creation with identity proofing helps prevent data breaches but isn't without challenges. Discover how it works and concerns to address. Continue Reading
Podcast 04 Mar 2022

Risk & Repeat: Conti ransomware gang gets breached

This Risk & Repeat podcast episode covers the massive Conti leaks, including the data that was published and what it reveals about the infamous ransomware gang. Continue Reading
News 04 Mar 2022

February ransomware attacks hit major enterprises

Enterprises, colleges and municipalities in the U.S. continued to be hit by ransomware as publicly reported attacks for February piled up. Continue Reading
Feature 03 Mar 2022

How to stop malicious or accidental privileged insider attacks

How many permissions or privileges a user has will affect how big of an insider threat they are. Discover the issues surrounding privileged users and how to curtail these threats. Continue Reading
News 01 Mar 2022

Conti ransomware source code, documentation leaked

The Conti ransomware gang's primary Bitcoin address, found in the leak, showed the crime outfit has taken in over $2 billion in cryptocurrency since 2017. Continue Reading
News 28 Feb 2022

Conti ransomware gang backs Russia, threatens U.S.

The Conti ransomware gang announced last week that they were in 'full support' of Russia and would retaliate if the West attacked Russian critical infrastructure. Continue Reading
Feature 28 Feb 2022

Tips for creating a cybersecurity resume

Resumes help candidates leave an impression on potential employers. But did you know one resume often isn't enough? Learn this and other tips for creating a cybersecurity resume. Continue Reading
Feature 28 Feb 2022

How to manage imposter syndrome in cybersecurity

The imposter syndrome phenomenon is readily apparent in cybersecurity. Learn how to manage it, along with mishaps to avoid during the job hunt and other career advice. Continue Reading
Feature 28 Feb 2022

Implement API rate limiting to reduce attack surfaces

Rate limiting can help developers prevent APIs from being overwhelmed with requests, thus preventing denial-of-service attacks. Learn how to implement rate limiting here. Continue Reading
Feature 28 Feb 2022

API security methods developers should use

Developers can reduce the attack surface by implementing security early in the API development process and knowing methods to secure older APIs that can't be deprecated. Continue Reading
Tip 25 Feb 2022

Privacy-enhancing technology types and use cases

Data is key to companies' success, but maintaining its privacy and ensuring regulatory compliance is difficult. Learn about privacy-enhancing technologies that keep data protected. Continue Reading
News 24 Feb 2022

New data wiper malware hits Ukraine targets

HermeticWiper is similar to another data-wiping malware known as WhisperGate, which was used in cyber attacks against Ukraine last month. Both used ransomware as an apparent decoy. Continue Reading
News 24 Feb 2022

New tech, same threats for Web 3.0

Emerging technologies are prone to old-school social engineering attacks and credential-swiping techniques, according to Cisco Talos researchers who analyzed the new platforms. Continue Reading
Tip 23 Feb 2022

How to use PKI to secure remote network access

Public key infrastructure is a more secure option than password-based or multifactor authentication. Learn how those benefits can extend to remote employees and access. Continue Reading
News 16 Feb 2022

Kronos attack fallout continues with data breach disclosures

Employees at both public and private sector organizations had their data compromised during a December ransomware attack on Kronos that also took down payroll systems. Continue Reading
News 15 Feb 2022

Biometric technology like facial recognition is here to stay

Despite resistance, government agencies and private companies continue to use the technology. A key issue is whether people are informed about how their information will be used. Continue Reading
Opinion 14 Feb 2022

Data storage and security make a mission-critical mix

At a time of heightened cyberthreats, IT administrators should look to improve their data storage security. There are numerous proactive ways to prepare for the next attack. Continue Reading
News 11 Feb 2022

FBI seized Colonial Pipeline ransom from DarkSide affiliate

New research from Chainalysis claims the DarkSide ransomware affiliate involved in last year's Colonial Pipeline attack also had ties to the NetWalker ransomware operation. Continue Reading
News 10 Feb 2022

Why Massachusetts' data breach reports are so high

Massachusetts discloses breaches of companies that affect just a single resident, giving the commonwealth a much larger number of 2021 incidents than other states. Continue Reading
News 09 Feb 2022

Google: 2-step verification led to 50% fewer account hacks

Google auto-enrolled more than 150 million users into two-step verification last October and mandated two-step verification for 2 million-plus YouTube accounts. Continue Reading
Guest Post 09 Feb 2022

How automated certificate management helps retain IT talent

Organizations shouldn't waste their IT pros' time on unnecessary tasks -- especially during a skills shortage. Learn about the benefits of automated digital certificate management. Continue Reading
News 08 Feb 2022

Russia continues cybercrime offensive with SkyFraud takedown

Officials in Russia have knocked the SkyFraud credit card fraud operation offline in the latest of a string of police actions against cybercriminals in the region. Continue Reading
News 07 Feb 2022

Metaverse rollout brings new security risks, challenges

When companies and users decide to adapt the technologies of the coming metaverse, they will also expose themselves to a new class of security risks and vulnerabilities. Continue Reading
News 03 Feb 2022

Cryptocurrency platform Wormhole loses $320M after attack

After a threat actor made off with 120,000 wrapped Ethereum, Wormhole said the stolen cryptocurrency had been 'restored,' but what that means remains in question. Continue Reading
News 03 Feb 2022

Distrust, feuds building among ransomware groups

In an industry that operates in anonymity, trust is everything -- but recent accusations of ransomware actors working with or being law enforcement is threatening that work model. Continue Reading
Feature 02 Feb 2022

A day in the life of a cybersecurity manager

The role of a cybersecurity leader is often misunderstood. Experience a day in the life of a cybersecurity manager with this breakdown of a security leader's typical schedule. Continue Reading
Feature 02 Feb 2022

Top cybersecurity leadership challenges and how to solve them

Security isn't always a top business priority. This creates challenges for the cybersecurity managers and teams that hope to integrate security into their company's agenda. Continue Reading
News 02 Feb 2022

SolarMarker malware spread through advanced SEO poisoning

Sophos discovered SolarMarker malware was being distributed through fake SEO-focused topics in Google Groups, as well as malicious PDF files. Continue Reading
Feature 31 Jan 2022

How to prepare for malicious insider threats

Stopping malicious insider threats is just as important as preventing external ones. Uncover what to look for and strategies to prevent insider threats before they cause damage. Continue Reading
Feature 31 Jan 2022

Include defensive security in your cybersecurity strategy

Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
News 31 Jan 2022

Emsisoft releases DeadBolt ransomware decryption tool

Emsisoft's DeadBolt ransomware decryption tool fixes broken decryptor keys issued by threat actors, and works only if the victim has paid the ransom and received a key. Continue Reading
Tip 28 Jan 2022

Protect APIs against attacks with this security testing guide

API security cannot be overlooked. Learn how security testing can detect API vulnerabilities and weaknesses before attackers can take advantage of them. Continue Reading
Podcast 28 Jan 2022

Risk & Repeat: The complicated world of Monero

This Risk & Repeat podcast episode looks at the state of Monero, a privacy-focused cryptocurrency, as well as recent cyber attacks against crypto exchanges. Continue Reading
Feature 28 Jan 2022

4 data privacy predictions for 2022 and beyond

Data privacy will continue to heat up in 2022. From regulations to staffing to collaboration, will these data privacy predictions come to fruition in the next 12 months and beyond? Continue Reading
News 26 Jan 2022

DeadBolt ransomware targeting QNAP NAS storage devices

In addition to DeadBolt, QNAP NAS users have had to deal with multiple types of ransomware in recent months, including Qlocker and eCh0raix. Continue Reading
Tip 26 Jan 2022

Integrating zero-trust practices into private 5G networks

One of the first steps in deploying a technology is protecting it from potential security threats. Learn how to secure a private 5G network with zero-trust security practices. Continue Reading
News 24 Jan 2022

Monero and the complicated world of privacy coins

Monero is known for being one of the most common cryptocurrencies seen in illicit transactions, but its development community paints a different picture of the privacy coin. Continue Reading
Tip 21 Jan 2022

How to start implementing passwordless authentication today

Everyone is tired of passwords, but a truly passwordless world isn't quite there yet. Learn what options companies currently have to implement passwordless authentication. Continue Reading
Guest Post 21 Jan 2022

5 infosec predictions for 2022

If the predictions are correct, 2022 will be another groundbreaking year for information security. Have a look at the security forecast for the next 12 months. Continue Reading
News 18 Jan 2022

Police seize VPN host allegedly facilitating ransomware

VPNLab is accused of facilitating cybercrime including ransomware and malware distribution, and its services were allegedly advertised on the dark web. Continue Reading
News 18 Jan 2022

Ransomware actors increasingly demand payment in Monero

Though Bitcoin is still the cryptocurrency standard in ransomware payment demands, Monero has gained prominence due to its more private, less traceable technology. Continue Reading
Guest Post 13 Jan 2022

Is ransomware as a service going out of style?

Increased government pressure has backed many ransomware gangs into a corner, in turn forcing attackers to replace the ransomware-as-a-service model with a smash-and-grab approach. Continue Reading
News 12 Jan 2022

New RAT campaign abusing AWS, Azure cloud services

Cisco Talos discovered threat actors taking advantage of public cloud services to spread remote administration tools such as NanoCore, NetWire and AsyncRAT. Continue Reading
Guest Post 11 Jan 2022

Endpoint security is nothing without human operators

The growing threat landscape has made endpoint security more important than ever. Deploying an endpoint security platform without the proper staff, however, is simply not enough. Continue Reading
Tip 10 Jan 2022

3 areas privacy and cybersecurity teams should collaborate

Organizations can get a lot of value by having their privacy and cybersecurity teams work closely together. Collaborating on compliance objectives is just one benefit. Continue Reading
Opinion 06 Jan 2022

IoT ethics must factor into privacy and security discussions

With the adoption of IoT devices, consumers voluntarily trade privacy for the convenience of instant connectivity. Organizations must consider the ethics of their data collection. Continue Reading
News 05 Jan 2022

NY AG's credential stuffing probe finds 1M exposed accounts

The threat of credential stuffing attacks prompted an investigation by the New York Attorney General, which found stolen passwords for customer accounts across 17 companies. Continue Reading
News 05 Jan 2022

FTC warns companies to mitigate Log4j vulnerability

In a blog post about the critical Log4Shell vulnerability, the FTC mentioned 2017's Equifax breach and the legal consequences that followed. Continue Reading
Feature 04 Jan 2022

Is quantum computing ready to disrupt cybersecurity?

Quantum computing isn't here yet, but now is the time for companies to start considering how it may affect their business -- both negatively and positively -- in the next decade. Continue Reading
Tip 04 Jan 2022

7 API security testing best practices, with checklist

APIs are an increasingly common attack vector for malicious actors. Use our API security testing checklist and best practices to protect your organization and its data. Continue Reading
Feature 29 Dec 2021

Editor's picks: Top cybersecurity articles of 2021

As we call it a wrap on 2021, SearchSecurity looks at the top articles from the last 12 months and their sweeping trends, including ransomware, career planning and more. Continue Reading
Feature 28 Dec 2021

Types of cybersecurity controls and how to place them

A unilateral cybersecurity approach is ineffective in today's threat landscape. Learn why organizations should implement security controls based on the significance of each asset. Continue Reading
Feature 28 Dec 2021

Top infosec best practices, challenges and pain points

Weak infosec practices can have irrevocable consequences. Read up on infosec best practices and challenges, as well as the importance of cybersecurity controls and risk management. Continue Reading
Tip 21 Dec 2021

Fortify security with IoT data protection strategies

It's only a matter of time before attackers target IoT data. Organizations must be ready with IoT data security best practices, including data encryption and visibility. Continue Reading
News 20 Dec 2021

5 Russians charged in hacking, illegal trading scheme

A group of hackers based in Russia and tied to the GRU stand accused of breaking into companies and using confidential data to profit from illegal stock trades. Continue Reading
Tip 20 Dec 2021

Call center security best practices to protect customer data

If customers know an organization can keep their data safe, they have more positive experiences. These best practices can help establish trust and keep data safe in call centers. Continue Reading
News 20 Dec 2021

Apple v. NSO Group: How will it affect security researchers?

While the full extent of impact won't be revealed until the lawsuit concludes, negative impacts on security researchers are possible. Continue Reading
Tip 14 Dec 2021

4 API authentication methods to better protect data in transit

The API attack surface isn't always well protected. Learn about the authentication methods your company can use to secure its APIs. Continue Reading
News 10 Dec 2021

Dark web posts shed light on Panasonic breach

A network breach at Japanese electronics giant Panasonic was possibly set up as far back as January, according to researchers who were monitoring dark web forums. Continue Reading
Guest Post 10 Dec 2021

The business benefits of data compliance

Beyond appeasing auditors and avoiding fines, data compliance offers several business benefits. Discover how data compliance can build trust and improve publicity. Continue Reading
Feature 08 Dec 2021

Is a passwordless future getting closer to reality?

Industry analysts offer predictions on the future of passwordless authentication and whether we'll ever truly get rid of one of security's weakest links. Continue Reading
News 07 Dec 2021

BadgerDAO users' cryptocurrency stolen in cyber attack

Following last week's attack, BadgerDAO sent the threat actor a message, offering to 'compensate' the individual for finding a vulnerability in the company's systems. Continue Reading
News 06 Dec 2021

BitMart the latest crypto exchange to suffer cyber attack

BitMart, which describes itself as the 'most trusted crypto trading platform,' confirmed it was the victim of an attack where $150 million in assets were stolen. Continue Reading
News 02 Dec 2021

Former Ubiquiti engineer arrested for inside threat attack

Nickolas Sharp is accused of attacking his former employer, stealing confidential data and attempting to extort the company into paying him approximately $2 million. Continue Reading
Feature 29 Nov 2021

The components and objectives of privacy engineering

Privacy engineering helps organizations balance business and privacy needs, while mitigating the impact of data breaches. Learn about its components and objectives. Continue Reading
Feature 29 Nov 2021

The intersection of privacy by design and privacy engineering

Data privacy concerns are widespread. Privacy by design and privacy engineering help organizations balance privacy with utility and usability. Learn how. Continue Reading
News 23 Nov 2021

Apple files lawsuit against spyware vendor NSO Group

Apple sued the Israeli technology vendor, whose Pegasus spyware has been implicated in several malicious attacks on journalists, activists and government officials. Continue Reading
News 22 Nov 2021

GoDaddy discloses breach of 1.2M customer account details

Web hosting provider GoDaddy said an attacker broke into its Managed WordPress service and accessed the account details and SSL keys of 1.2 million customers. Continue Reading
News 22 Nov 2021

Cryptocurrency exchange BTC-Alpha confirms ransomware attack

While it is common for threat actors to use cryptocurrency platforms to move and obfuscate ransom payments, this time an exchange platform was the victim of such an attack. Continue Reading
Guest Post 15 Nov 2021

Reduce the risk of cyber attacks with frameworks, assessments

Don't rely on a compliance mandate to reduce the risk of cyber attacks or on a cyber insurer to cover an attack's aftermath. Assessments and frameworks are key to staying safe. Continue Reading
News 11 Nov 2021

Aruba Central breach exposed customer data

HPE-owned Aruba Networks said one of its cloud databases was accessed by hackers who were able to make off with location and telemetry data for its customers' Wi-Fi gear. Continue Reading
Guest Post 10 Nov 2021

4 concepts that help balance business and security goals

The goal of enterprise security is to maintain connectivity, while remaining protected. Use these four concepts to balance business and security goals. Continue Reading
Guest Post 03 Nov 2021

To improve resilience, augment zero-trust models

Zero-trust models are a start, but to improve resilience, they should be augmented and extended to include verification procedures, supply chain security and open source software. Continue Reading
News 02 Nov 2021

FBI: Ransomware gangs using financial info to target companies

The FBI assessed that ransomware threat actors are likely using information like mergers, acquisitions and stock valuations to determine vulnerable enterprise targets. Continue Reading

1
2
3
4
5
6
7
8
9

Networking

Top 5 use cases for 5G augmented and virtual reality
By integrating augmented and virtual reality technologies with 5G, several industries could reap significant benefits. But beware...
Palo Alto Networks SASE Converge updates boost security, UX
With the announcement of its latest SASE portfolio updates and the acquisition of Talon, Palo Alto Networks connects the dots ...
5G Advanced features include accurate timing, AI support
5G Advanced is the latest 5G specification, aiming to deliver enhanced massive MIMO, 5G integration with AI and accurate location...

CIO

2024 US election guide: Where candidates stand on tech
The next U.S. president will set the tone on issues such as AI regulation, data privacy and climate tech. Where do prominent ...
Top 10 business process management certifications for 2024
These BPM certifications can help you gain the specialized knowledge you need to perform your job better. Get all the details to ...
RPA vs. BPM: How are they different?
Don't confuse RPA with BPM. These process-oriented initiatives are distinctly different but also highly complementary when ...

Enterprise Desktop

12 best patch management software and tools for 2024
These 12 tools approach patching from different perspectives. Understanding their various approaches can help you find the right ...
Tanium aims to be first with autonomous endpoint management
The new term 'autonomous endpoint management' aims to offer IT teams AI-driven automation that can improve employee experience ...
The 6 best rugged computers for business use cases
Finding the right device for a business scenario can be challenging, and adding rugged conditions to the mix can complicate ...

Cloud Computing

Evaluate serverless computing best practices
Serverless computing strategies require enterprises to evaluate tools, features and costs, while understanding application ...
Hybrid cloud connectivity best practices and considerations
Private and public clouds stress networks in different ways and don't always play well together. Here's what to know to set up a ...
Use resource tagging to optimize cloud costs
When it comes to cost management in cloud computing, tags and additional metadata can help with reporting, allocation and ...

ComputerWeekly.com

Microsoft leaves SME resellers 'in the dark' over Cloud Compute 2 framework snub
SME IT suppliers are calling on Microsoft to explain why it has banned them from reselling its services through the government's ...
5G to be the last 'G' for Orange as comms hits singularity
Telco believes mobile communications has hit tipping point with imminent end of traditional generational paradigm and delivery of...
CTO interview: Greg Lavender, Intel
Computer Weekly caught up with Intel's chief technology officer to find out the semiconductor giant’s plans for the European ...

Close