Data security and privacy

Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.

Top Stories

Feature 01 Dec 2023
How to solve 2 MFA challenges: SIM swapping and MFA fatigue

While MFA improves account security, attacks still exploit it. Learn about two MFA challenges -- SIM swapping and MFA fatigue -- and how to mitigate them. Continue Reading
News 30 Nov 2023
Black Basta ransomware payments exceed $100M since 2022

Insurance provider Corvus and blockchain analytics vendor Elliptic partnered to examine how much damage the Black Basta ransomware group has caused in less than two years. Continue Reading

News 19 Dec 2019

Clumio eyes security, BaaS expansion with VC funding

Clumio CTO Chad Kinney and CSO Glenn Mulvaney discuss their company's roadmap and how Clumio addresses ransomware threats in a way that's different from other backup providers. Continue Reading
Feature 17 Dec 2019

Data breach risk factors, response model, reporting and more

Dig into five data breach risk factors, and learn how the DRAMA data breach response model can help enterprises counter breaches in a timely and efficient manner. Continue Reading
Tip 10 Dec 2019

Use a data privacy framework to keep your information secure

Find out how a data privacy framework gives companies the tools they need to ensure their information is protected -- from both internal and external threats. Continue Reading
Answer 05 Dec 2019

What are best practices for a modern threat management strategy?

Infosec pros need to mitigate traditional cyberthreats, as well anticipate sophisticated, emerging threats. Learn how to build a threat management strategy that helps with both. Continue Reading
News 05 Dec 2019

Session cookie mishap exposed HackerOne private reports

A security researcher used a mishandled session cookie to access private HackerOne bug reports with an account takeover attack and earned a bug bounty for their efforts. Continue Reading
Tip 22 Nov 2019

Building a security operations center with these features

Building a security operations center means understanding the key features you need to ensure your network remains protected against threats. Continue Reading
Answer 20 Nov 2019

Comparing Diffie-Hellman vs. RSA key exchange algorithms

See which encryption method uses digital signatures, symmetric key exchanges, bulk encryption and much more in this Diffie-Hellman vs. RSA showdown. Continue Reading
News 12 Nov 2019

How and why data breach lawsuits are settled

For all of the talk about data breach class action lawsuits, virtually none of them reach a courtroom. Here's why and how data breach lawsuits almost always end in settlements. Continue Reading
Answer 22 Oct 2019

The difference between AES and DES encryption

Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between AES and DES. Continue Reading
Answer 17 Oct 2019

Is a cybersecurity insurance policy a worthy investment?

Variables such as third-party business partners create unique cyberthreats for organizations. Find out when a cybersecurity insurance policy is a wise investment to prevent risk. Continue Reading
Answer 16 Oct 2019

How should I choose a cybersecurity insurance provider?

To vet potential cybersecurity insurance providers, there are a few questions every customer should ask. Learn more about the questions to ask and how to get the answers you need. Continue Reading
Answer 15 Oct 2019

What types of cybersecurity insurance coverage are available?

Cybersecurity insurance coverage could prove invaluable to risk mitigation -- if it's chosen carefully. Find out which type of insurance plan is right for your organization. Continue Reading
News 03 Oct 2019

Zendesk breach in 2016 affected 10,000 customers

Zendesk disclosed a previously undetected security incident from 2016 in which data for 10,000 customer accounts was accessed, but the disclosure is missing some key details. Continue Reading
Answer 27 Sep 2019

Should I invest in attack simulation tools?

Attack simulation tools -- along with third-party penetration testing -- can help improve an organization's enterprise security. Find out why. Continue Reading
Answer 26 Sep 2019

When should I use breach and attack simulation tools?

Thanks to automation and other features, breach and attack simulation tools are an effective way to help network administrators keep their operations secure. Continue Reading
News 09 Aug 2019

Broadcom-Symantec deal troubles cybersecurity experts

Broadcom laid down a $10.7 billion bet in buying Symantec's enterprise security software. While some are optimistic, security experts predict another Intel-McAfee deal. Continue Reading
News 05 Aug 2019

Capital One hack highlights SSRF concerns for AWS

Infosec pros warn of server-side request forgery vulnerabilities in AWS following the Capital One data breach, which may have revealed an issue regarding the AWS metadata service. Continue Reading
News 30 Jul 2019

FBI charges former AWS engineer in Capital One breach

The FBI arrested a former AWS engineer who allegedly stole data for more than 100 million Capital One customers and credit card applications, thanks to a misconfigured firewall. Continue Reading
News 30 Jul 2019

AT&T introduces managed threat detection and response service

Using Alien Labs threat intelligence, AT&T Cybersecurity's Managed Threat Detection and Response service intends to identify and contain cybersecurity threats sooner to reduce data breaches. Continue Reading
News 30 Jul 2019

2019 data breach disclosures: 10 of the biggest -- so far

Enterprises have disclosed a number of significant data breaches in the first half of 2019. Here's a look at some of the biggest and most notable breaches so far this year. Continue Reading
Answer 29 Jul 2019

What are the pros and cons of outsourcing IT security?

Companies are facing increased costs when maintaining an internal security group. Outsourcing IT security has its advantages, but there are some challenges to keep in mind. Continue Reading
News 22 Jul 2019

Equifax to pay up to $700 million in data breach settlement

Under the settlement with the FTC and state attorneys general, Equifax will fork over at least $575 million in civil penalties and provide credit monitoring services to consumers. Continue Reading
Tip 24 Jun 2019

The case for continuous security monitoring

When done correctly, continuous security monitoring provides real-time visibility into an organization's IT environment. Here are the best practices for building a CSM program. Continue Reading
Feature 30 May 2019

Dark data raises challenges, opportunities for cybersecurity

Dark data is the data enterprises didn't know they had. Splunk CTO Tim Tully explains where this data is hiding, why it's important and how to use and secure it. Continue Reading
E-Zine 01 May 2019

Conquering cloud security threats with awareness and tools

Continue Reading
Feature 30 Apr 2019

How information sharing can reduce cybersecurity vulnerabilities

Cybersecurity vulnerabilities come from multiple fronts for modern businesses, but information sharing about real-world breaches -- good and bad -- provides valuable intelligence. Continue Reading
News 19 Apr 2019

Forcepoint pushes 'human-centric cybersecurity' approach

During the launch of the Forcepoint Cyber Experience Center in Boston, Forcepoint execs emphasized the need for adopting a new approach to cybersecurity that focuses on the human factor. Continue Reading
Tip 17 Apr 2019

AI, machine learning in cybersecurity focused on behavior

Artificial intelligence, and machine learning in particular, is being fruitfully employed in IT security tools. Learn where this advanced technology works best now. Continue Reading
Tip 16 Apr 2019

A look at security threats to critical infrastructure

Threats to critical infrastructure, like Operation Sharpshooter, should motivate CI sectors to take cybersecurity seriously. Learn about the threats and how to defend against them. Continue Reading
News 15 Apr 2019

New programs released aim to improve Google Cloud security

With the release of programs like Access Transparency, Virtual Private Cloud and GKE Sandbox, Google aims to improve Google Cloud security and identity protection. Continue Reading
Tip 28 Mar 2019

Four container security vulnerabilities and how to avoid them

Find out how container security best practices can address the four most common types of container and orchestrator vulnerabilities. Then mitigate threats with the right processes and tools. Continue Reading
Answer 26 Mar 2019

What is post-quantum cryptography and should we care?

Post-quantum cryptographic algorithms are aimed at securing encrypted data against super-powerful computers in the future, but will they even be necessary? Hanno Böck explains. Continue Reading
News 25 Mar 2019

FEMA data exposure affects 2.3 million disaster victims

FEMA's data exposure is another high-profile example of accidental data disclosures -- a trend that has some security experts calling for more focus on failed security controls. Continue Reading
News 22 Mar 2019

Hundreds of millions of Facebook passwords exposed internally

Facebook learned three months ago that hundreds of millions of passwords were stored internally in plaintext, but it didn't disclose the issue or notify users until the news leaked. Continue Reading
Answer 07 Mar 2019

How can I protect my self-encrypting drives?

Dutch researchers discovered flaws in ATA security and TCG Opal affecting self-encrypting drives. What steps can you take to guard data stored on vulnerable solid-state drives? Continue Reading
News 26 Feb 2019

Eclypsium: Bare-metal cloud servers vulnerable to firmware attacks

Eclypsium found IBM SoftLayer cloud services are vulnerable to what it calls Cloudborne, which allows threat actors to make small, but potentially deadly firmware changes. Continue Reading
News 21 Feb 2019

CrowdStrike report says breakout time for threat actors is increasing

CrowdStrike's annual global threat report highlights why speed is critical for cybersecurity defenders. Experts sound off on key findings, including the rise of 'big game hunting.' Continue Reading
Answer 12 Feb 2019

Should large enterprises add dark web monitoring to their security policies?

Security expert Nick Lewis says dark web monitoring can help enterprises gather threat intelligence, but enterprises need to understand how to validate the data they find. Continue Reading
Answer 07 Feb 2019

Is there a viable breach notification tool?

A breach notification tool from Firefox Monitor and Have I Been Pwned could help consumers understand more quickly if their email or other vital information has been hacked. Continue Reading
Infographic 01 Feb 2019

Cutting SecOps breach response time is key to success

A new survey measures the success of security operations breach response by how long it takes to complete a three-step process to detect, understand and contain incidents. Continue Reading
News 30 Jan 2019

New DDoS attack technique puts CSPs at risk

Nexusguard found a new DDoS attack technique that targeted CSPs in which attackers used a bit-and-piece approach to inject junk into legitimate traffic and dodge detection. Continue Reading
News 29 Jan 2019

Insecure MongoDB databases expose Russian backdoor access

A security researcher found more than 2,000 exposed MongoDB databases that revealed a backdoor-access account operated by the Russian government, according to a report from ZDNet. Continue Reading
Tip 17 Jan 2019

How to perform an ICS risk assessment in an industrial facility

An important step to secure an industrial facility is performing an ICS risk assessment. Expert Ernie Hayden outlines the process and why each step matters. Continue Reading
News 08 Jan 2019

Marriott data breach exposed 5 million unencrypted passport numbers

Marriott's data breach affected fewer customers than the hotel giant originally estimated, but the breach exposed millions of unencrypted passport numbers. Continue Reading
News 04 Jan 2019

Cloud provider blames Ryuk ransomware for Christmas Eve attack

News roundup: Data Resolution claimed the Ryuk ransomware attack on its systems originated from North Korea. Plus, the EU is set to launch 14 open source bug bounties, and more. Continue Reading
Answer 20 Dec 2018

Ticketmaster breach: How did this card skimming attack work?

The hacking group Magecart was recently found to have run a card skimming campaign that put customer information at risk. Learn how this attack worked from Nick Lewis. Continue Reading
Podcast 19 Dec 2018

Risk & Repeat: Lessons from the Equifax breach report

This week's Risk & Repeat podcast looks at the U.S. House Committee on Oversight and Government Reform report on the Equifax breach and the infosec lessons to be learned from it. Continue Reading
Blog Post 17 Dec 2018

Marriott Starwood data breach notification de-values customers

The Marriott Starwood data breach exposed half a billion customers' data, but the hospitality giant seems to have learned from recent megabreaches that the standard response to a breach can be the ... Continue Reading
News 30 Nov 2018

Marriott discloses Starwood data breach affecting 500 million guests

Marriott International admitted to a Starwood data breach that began in 2014 and affects about 500 million customers. Experts are unsure about the GDPR implications. Continue Reading
News 30 Nov 2018

Ponemon study shows data valuation discrepancies in enterprises

A new study from the Ponemon Institute shows enterprises are underestimating the value of their data, including critical and confidential information assets. Continue Reading
Blog Post 29 Nov 2018

Breaking down Dell's "potential cybersecurity incident" announcement

Dell provided some information about a "potential cybersecurity incident" earlier this month, but it's unclear how the company and customers should be reacting. Continue Reading
News 27 Nov 2018

USPS website flaw exposed data for one year

The U.S. Postal Service inadvertently exposed the data of 60 million users and has only just fixed the underlying website flaw, despite being notified of the issue one year ago. Continue Reading
News 20 Nov 2018

Recorded Future names Tessa88 suspect in LinkedIn, Myspace breaches

Researchers at Recorded Future identified the individual behind the notorious Tessa88 hacker handle, but it's unclear what role he played in the LinkedIn and Myspace breaches. Continue Reading
Tip 20 Nov 2018

Zero-trust security means new thinking plus practical steps

Implementing a security policy that, essentially, trusts no one and nothing doesn't have to be overwhelming if you understand the basics behind the security model. Continue Reading
News 20 Nov 2018

AWS moves to curb S3 data leaks, but Chris Vickery is doubtful

Amazon unveils new settings to help users avoid S3 data leaks, but UpGuard's Chris Vickery, who uncovered most AWS exposures, is doubtful the changes will end the problem. Continue Reading
News 12 Nov 2018

SSD encryption failures made worse by BitLocker settings

Researchers discover major manufacturers poorly implemented SSD encryption, allowing easy access to data, and Microsoft BitLocker made the issue worse. Continue Reading
Answer 07 Nov 2018

How does site isolation defend against Spectre vulnerabilities?

Spectre exploits how processors manage performance-enhancing features. Expert Michael Cobb explains Google Chrome's initiative to use site isolation as a defense mechanism. Continue Reading
News 26 Oct 2018

Settlement in Yahoo data breach leaves company to pay $50M

News roundup: The Yahoo data breach will cost the company another $50 million in a settlement deal. Plus, Check Point acquired cloud security company Dome9, and more. Continue Reading
Podcast 25 Oct 2018

Risk & Repeat: Facebook breach raises regulatory questions

This week's Risk & Repeat podcast discusses new developments regarding Facebook's recent data breach, as well as the social networking giant's response to the incident. Continue Reading
News 19 Oct 2018

Facebook hack the work of spammers, not foreign adversary

News roundup: The Facebook hack was the work of spammers, according to The Wall Street Journal. Plus, 35 million voter records are for sale on the dark web, and more. Continue Reading
Answer 09 Oct 2018

How was Google Firebase security bypassed?

Google Firebase's inadequate back-end development led to data leaks and vulnerabilities, including HospitalGown. Learn more about this security flaw from expert Michael Cobb. Continue Reading
News 02 Oct 2018

Facebook GDPR fate uncertain following data breach

Facebook's GDPR consequences are still up in the air following a data breach, as Irish regulators are waiting on more information before determining if the social network will face a fine. Continue Reading
News 21 Sep 2018

State Department data breach exposes employee info

A State Department data breach involving the agency's unclassified email system may have been due to a lack of multi-factor authentication, according to one expert. Continue Reading
News 20 Sep 2018

GovPayNow leak exposes 14 million records dating back six years

Experts question the security audit and government agency vetting that took place before the GovPayNow leak, which affected 14 million customer records dating back six years. Continue Reading
Blog Post 14 Sep 2018

What the GAO Report missed about the Equifax data breach

The Government Accountability Office investigated the Equifax data breach, but the GAO's report leaves out several important points about the infamous incident. Continue Reading
News 14 Sep 2018

British Airways data breach may be the work of Magecart

News roundup: The British Airways data breach may be the handiwork of hacking group Magecart, according to researchers. Plus, hacker Guccifer will be extradited to U.S., and more. Continue Reading
Podcast 12 Sep 2018

Risk & Repeat: Inside the GAO's Equifax breach report

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Government Accountability Office's report on the Equifax breach and the questions it raises. Continue Reading
News 05 Sep 2018

Five Eyes wants to weaken encryption, or legislation may be needed

Five Eyes -- the government intelligence alliance between Australia, Canada, New Zealand, the U.K. and the U.S. -- vows not to weaken encryption, while pushing for encryption backdoors. Continue Reading
Answer 24 Aug 2018

What risks does the OpenFlow protocol vulnerability present?

Researchers found a vulnerability in OpenFlow that can cause problems. Learn how vendor-specific SDN controllers may cause these OpenFlow protocol vulnerabilities. Continue Reading
Answer 10 Aug 2018

Facebook user data: How do malicious apps steal user data?

Malicious apps collected Facebook user data through Facebook APIs. Expert Michael Cobb explains how social networking platforms can monitor third-party apps' access to data. Continue Reading
News 31 Jul 2018

Yale data breach discovered 10 years too late

A Yale University data breach from 2008 was only just discovered, and the school has released details on the compromised information, including Social Security numbers. Continue Reading
Tip 31 Jul 2018

Three steps to improve data fidelity in enterprises

Ensuring data fidelity has become crucial for enterprises. Expert Char Sample explains how to use dependency modeling to create boundaries and gather contextual data. Continue Reading
News 27 Jul 2018

LifeLock vulnerability exposed user email addresses to public

News roundup: A LifeLock vulnerability exposed the email addresses of millions of customers. Plus, Amazon's Rekognition misidentified 28 members of Congress as criminals, and more. Continue Reading
News 26 Jul 2018

Ponemon: Mega breaches, data breach costs on the rise

The Ponemon Institute's '2018 Cost of a Data Breach Study' details a rise in data breaches with a look at mega breaches and why U.S. companies experience the greatest loss. Continue Reading
Answer 26 Jul 2018

How does SirenJack put emergency warning systems at risk?

Bastille researchers created the SirenJack proof of concept to show how a vulnerability could put San Francisco's emergency warning system at risk. Judith Myerson explains how it works. Continue Reading
Tip 26 Jul 2018

How to identify and protect high-value data in the enterprise

Protecting data in the enterprise is a crucial but challenging task. Expert Charles Kao shares key steps and strategies to consider to identify and protect high-value data. Continue Reading
Feature 24 Jul 2018

Cisco's chief privacy officer on the future of data after GDPR

Michelle Dennedy, vice president and chief privacy officer at Cisco, discusses her company's approach to meeting the requirements of the EU's General Data Protection Regulation. Continue Reading
News 29 Jun 2018

Exactis leak exposes database with 340 million records

Experts said the Exactis leak needs to be treated as a learning moment for defining identity online after the marketing firm exposed data on 230 million adults and 110 million businesses. Continue Reading
Answer 27 Jun 2018

How are air-gapped computers put at risk by the Mosquito attack?

Researchers recently discovered Mosquito -- an air-gapped attack that bites computers to put air-gapped networks at risk. Discover the logistics of this technique with Judith Myerson. Continue Reading
Tip 07 Jun 2018

How lattice-based cryptography will improve encryption

As the prospect of quantum computing-based attacks grows, the need for stronger encryption increases. Expert Michael Cobb discusses lattice-based cryptography as an option. Continue Reading
Opinion 01 Jun 2018

Q&A: Why data security controls are a hard problem to solve

Feeling less friendly after Facebook? "There is a great deal of power in being able to combine data-sources," says Jay Jacobs, security data scientist. Continue Reading
29 May 2018

Q&A: Why data security controls are a hard problem to solve

Continue Reading
Tip 22 May 2018

DeOS attacks: How enterprises can mitigate the threat

An increase in DeOS attacks has been reported just as the 'Cisco 2017 Midyear Cybersecurity Report' predicted. Learn how these attacks target off-site backups with David Geer. Continue Reading
Podcast 17 May 2018

Risk & Repeat: Why Ray Ozzie's Clear proposal isn't so clear

In this week's Risk & Repeat podcast, SearchSecurity editors discuss Ray Ozzie's solution for going dark, known as Clear, and what infosec experts are saying about it. Continue Reading
Answer 17 May 2018

SSH private keys: How do threat actors find exposed keys?

Cybersecurity vendor Wordfence reported a rise in scans for SSH private keys that are often accidentally exposed to the public. Learn how to stay protected with Nick Lewis. Continue Reading
News 20 Apr 2018

Another misconfigured Amazon S3 bucket exposes 48M records

News roundup: A misconfigured Amazon S3 bucket led to the exposure of 48 million records collected by a private data analytics firm. Plus, PCI SSC updated its cloud guidelines, and more. Continue Reading
News 17 Apr 2018

Fidelis rolls out new active deception approach to security

Active deception is set to be an important part of cloud defense, as Fidelis Cybersecurity adds active decoys to protect cloud assets in the enterprise. Continue Reading
Tip 17 Apr 2018

What the security incident response process should look like

An enterprise needs to have a strong security incident response process plan mapped out early. Expert Ernie Hayden shares how to turn an incident into a learning experience. Continue Reading
Feature 11 Apr 2018

Cybersecurity defense in depth means more than ticking boxes

F-Secure's Tom Van de Wiele explains the realities of cybersecurity defense in depth, and why companies need to have the right attitude to defend against cyberattacks. Continue Reading
News 06 Apr 2018

Misconfigured cloud storage leaves 1.5B files exposed

Researchers found misconfigured cloud storage across multiple platforms left huge amounts of data exposed, including medical information and payroll data. Continue Reading
Opinion 03 Apr 2018

Cost of data privacy breach may not be enough

While the European Union is taking major steps to protect residents' data privacy, little has happened in the United States, even after Equifax and Facebook. Continue Reading
30 Mar 2018

Cost of data privacy breach may not be enough

Continue Reading
News 22 Mar 2018

Watson's Law: IBM preaches data stewardship as A.I. advances

At IBM's Think conference, executives discussed the importance of protecting and managing data as artificial intelligence offerings like Watson grow and touch more information. Continue Reading
News 20 Mar 2018

IBM outlines visions for crypto anchors, lattice cryptography

At IBM's Think conference, Big Blue researchers discussed new security-centric projects around blockchain databases, crypto anchors and quantum-resilient encryption. Continue Reading
News 16 Mar 2018

Following Equifax data breach, executive charged with insider trading

News roundup: A CIO has been charged with insider trading after the Equifax data breach. Plus, Trump blocked Broadcom's acquisition of Qualcomm, and more. Continue Reading
Tip 08 Mar 2018

Entropy sources: How do NIST rules impact risk assessments?

NIST recently released new guidance on entropy sources used for random bit generation. Judith Myerson explains these recommendations and how they alter cryptography principles. Continue Reading
News 06 Mar 2018

Equifax data breach affected 2.4 million more consumers

The massive Equifax data breach affected even more people. The startling total is now 147.9 million U.S. consumers who had their information stolen by hackers. Continue Reading
Answer 26 Feb 2018

Uber breach: How did a private GitHub repository fail Uber?

The recent Uber breach calls into question the use of code repositories. Expert Matt Pascucci explains how the breach of GitHub and Amazon Web Services occurred. Continue Reading
News 14 Feb 2018

Equifax breach worsens, additional consumer data exposed

The Equifax breach compromised even more consumer data, including tax identification numbers, than originally reported. But the credit rating agency didn't disclose the update. Continue Reading
Feature 01 Feb 2018

GDPR breach notification: Time to focus on the requirements

Some large U.S. companies have been working behind the scenes on GDPR requirements for more than a year, but there's strong evidence that many have not been as diligent. Continue Reading