placeholder

Estonia and the United States to Build a Joint Cyber Threat Intelligence Platform

“The goal is to develop an automized cyber threat intelligence system between the US and Estonian defense forces, tailored to the specific needs of the two nations to enhance the cyber defense capabilities of the two parties. Regular exchange of threat intelligence between actors is one of the core principles of cyber defense today,” said Kusti Salm, Director General of the Estonian Centre for Defence Investment.

placeholder

Conscious Unclouding? A Hard Look at Data Security and the Cloud

The security of data is fast becoming one of the most prominent and visible areas of concern in the selection of eDiscovery software solutions. With public examples of data security failures increasing in regularity and impact, it behooves any discovery solution decision-maker to carefully consider how they manage this important risk factor as they make on and off-premise enterprise software selection decisions.

placeholder

Schrems 2.0: European Court of Justice Advocate General Renders Opinion

On December 19, 2019, the European Court of Justice (ECJ) Advocate General, Henrik Saugmandsgaard ØE, provided his opinion on the validity of Standard Contractual Clauses (SCCs) adopted by the European Commission for the transfer of personal data from controllers to processors. The rendered opinion confirms that companies relying upon SCCs do not need to consider changing their approach at this time.

placeholder

A Framework for Improving Cybersecurity: Infrastructure Considerations from NIST

Due to the increasing pressures from external and internal threats, organizations responsible for critical infrastructure need to have a consistent and iterative approach to identifying, assessing, and managing cybersecurity risk. This approach is necessary regardless of an organization’s size, threat exposure, or cybersecurity sophistication today. NIST’s Framework for Improving Critical Infrastructure Cybersecurity may be helpful for organizations seeking to apply the principles and best practices of risk management to improve security and resilience.

placeholder

Defining and Describing the Impact of Business Email Compromise

Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. The scam is frequently carried out when a subject compromises legitimate business or personal email accounts through social engineering or computer intrusion to conduct unauthorized transfers of funds. Between June 2016, and July 2019, more than $26B in exposed dollar losses due to BEC/EAC were reported to the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3).

placeholder

FBI Highlights Ransomware Threat to U.S. Businesses

Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent. Since early 2018, the incidence of broad, indiscriminate ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly, according to complaints received by IC3 and FBI case information.

placeholder

A Warship on the Network? A New Cybersecurity Challenge

Similar to wardriving, when you cruise a neighborhood scouting for Wi-Fi networks, warshipping allows a hacker to remotely infiltrate corporate networks by simply hiding inside a package a remote-controlled scanning device designed to penetrate the wireless network–of a company or the CEO’s home–and report back to the sender.

placeholder

Equifax to Pay $575 Million as Part of 2017 Data Breach Settlement

“Companies that profit from personal information have an extra responsibility to protect and secure that data,” said FTC Chairman Joe Simons. “Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”