OPM Breach – What Went Wrong?

Posted by Lia Konieczny on Sep 23, 2016 10:58:06 AM

Trending_News_Blog_Post.jpg

Recently, a congressional investigation conducted by the U.S. House of Representatives’ Committee on Oversight and Government Reform reported that the two major data breaches suffered by the U.S. Office of Personnel Management (OPM) in 2014 and 2015 were indeed preventable and in fact, made worse by lax security regulations and ineffective management. The OPM is an organization that manages aspects of federal employment, such as background checks, for most government agencies. These massive attacks resulted in the compromise of sensitive data belonging to more than 22 million people.

Read More

Topics: Breach

How to Avoid a Costly Incident in the Cloud

Posted by Casey Lang on Jul 7, 2016 10:19:35 AM

Erics_2_Essential_Security_Program_Elements_Blog_Post.jpg

This post describes a scenario-based security incident that can have significant financial impact on a business operating a cloud environment, and portrays the development practices that could enable such an incident to occur with considerations for how to reduce the risks of this type of incident by appropriately applying secure development practices and security practices around the use of cloud services and web-based tools.

 

Read More

Topics: Breach, cloud

Watching the Watchers: FBI Warns of Massive Government Breach

Posted by Ross Moir on Apr 20, 2016 11:00:00 AM

 Trending_News_Blog_Post.jpg

 

In a recent article by Motherboard, the FBI warned of massive government data breaches from a group that has had access to US Government files for years.  APT6 have “compromised and stolen sensitive information from various government and commercial networks since at least 2011”.  While it is unclear from the article just which government agencies are involved, the FBI has released an alert that details several domains that are associated with command and control (C2) of customized malicious software and any activity related to these domains “detected on a network should be considered an indication of a compromise requiring mitigation and contact with law enforcement”.

 

Read More

Topics: Breach

3 Tips to Secure Data in a BYOD Environment

Posted by Kristen Morales on Jan 14, 2016 11:26:44 AM

BYOD_Blog_Post.jpgBring your own device (BYOD) is the use of an employee’s personal mobile device, e.g., smartphone, tablet and/or laptop, to access a company’s data or network.  Once a trend, BYOD has gained wide acceptance across businesses succeeding in today’s markets.  Findings from Tech Pro Research in early 2015 indicated “74 percent of organizations [are] either already using or planning to allow employees to bring their own devices to work.” What is the main motivator for this movement? A study conducted by IBM found the main advantages of the BYOD environment were a raise in employee productivity and satisfaction as well as an overall financial savings for the business. The benefits of BYOD are great, but what does it mean for the overworked IT environment already combating constant attacks on their network?

Read More

Topics: Security, Breach

Defense Contract Management Agency Investigating Possible Cyber Breach

Posted by Kris Kimmerle on Feb 10, 2015 8:14:00 PM


In the latest cybersecurity breach, the Defense Contract Management Agency (DCMA), responsible for administrating contracts on behalf of the Department of Defense (DoD), has taken several of its servers offline in response to a potential cybersecurity incident.  According to Krebsonsecurity, a Cyber Protection strike team from the DoD is now working closely with the DCMA to elevate its security posture following the incident.

Read More

Topics: Breach

MILCOM, the 2013 Military Communications Conference

Posted by Eric Noonan on Nov 20, 2013 7:50:00 PM

Security assessments can be of transformational value for your organization or they can be shelfware, the determining factor on what you end up with is a matter of leadership and strategy. Here just one example of how an assessment can be transformational.

Read More

Topics: CyberArk, Business, eGRC, Cyber Attack, Breach, Information Sharing