Cybersecurity

Going by the online handle “erratic,” a former Amazon software engineer conducted an extensive hacking scheme that gave her access to the personal information of tens of millions of Capital One customers, a Seattle jury determined this spring. She’s set...

Lloyd’s of London, the world’s leading insurance market, says that cyber insurance policies it issues after March 31, 2023 will not cover most state-sponsored attacks. Cordery Compliance’s Jonathan Armstrong and Andre Bywater explore what this means for companies and how...

The average cost of a business data breach today is just over $15 million, according to a new analysis from Black Kite, a third-party risk intelligence platform. Black Kite’s report, “The Cost of a Data Breach: A New Perspective,” examined...

Notorious bank robber Willie Sutton famously said “because that’s where the money is” in response to why he robbed banks. Today, many threat actors view cryptocurrency and other digital assets in the same light. The lack of regulation and security...

An attitude of “productivity at all costs” gave employees a heightened level of control over their app choices in the early weeks and months of Covid-19. Now they don’t want to give that up. Matt Chiodi, technical adviser and chief...

 “Alexa, how many execs and board members of U.S. companies have unsecured home networks and open ports on public IP addresses?” The answer is: way too many. Experts warn that the modern attack surface has expanded, and board members’ homes...

OneTrust has confirmed it’s laid off 950 employees, or about 25 percent of its workforce, as part of a reorganization despite record quarters and increasing customer demand. Some analysts predict rough times ahead for startups in the security space.  One...

Understandably, most businesses prioritize compliance when it comes to security risks. But as KnowBe4 CEO Stu Sjouwerman explains, a compliance mindset can create a false sense of security in the world of cyber threats. Compliance is an ongoing business concern,...

Proposed rules relating to incident reporting aim to improve cybersecurity in public companies, but FTI Consulting’s Jordan Rae Kelly suggests the SEC's well-intentioned requirements could have unintended consequences. The SEC recently voted in favor of a proposal that would require...

Unauthorized use of unsecured business applications presents growing danger. So-called shadow IT presents GRC teams with the need to prevent end users from taking actions that while seemingly expedient, completely undermine otherwise robust cybersecurity and data protection measures.  Let’s say...

As part of its ongoing commitment to cyber threat research, Kroll’s threat intelligence team looked at hundreds of real-life cyber incidents to determine how intrusions occur. Alan Brill, senior managing director of cyber risk at Kroll, explains what they’re seeing...

With increased scrutiny from a litany of regulators, cryptocurrency exchanges and financial institutions are now required to monitor, flag and report suspected ransomware payments. Doing so calls for a range of technological capabilities and a sophisticated approach to identifying suspicious...