Category Archives: Expert Analysis

What’s next for cloud backup?

Cloud adoption was already strong heading into 2020. According to a study by O’Reilly, 88% of businesses were using the cloud in some form in January 2020. The global pandemic just accelerated the move to SaaS tools. This seismic shift where businesses live day-to-day means a massive amount of business data is making its way into the cloud. All this data is absolutely critical for core business functions. However, it is all too often mistakenly … More

The post What’s next for cloud backup? appeared first on Help Net Security.

Can automated penetration testing replace humans?

In the past few years, the use of automation in many spheres of cybersecurity has increased dramatically, but penetration testing has remained stubbornly immune to it. While crowdsourced security has evolved as an alternative to penetration testing in the past 10 years, it’s not based on automation but simply throwing more humans at a problem (and in the process, creating its own set of weaknesses). Recently though, tools that can be used to automate penetration … More

The post Can automated penetration testing replace humans? appeared first on Help Net Security.

What the IoT Cybersecurity Improvement Act of 2020 means for the future of connected devices

Connected devices are becoming more ingrained in our daily lives and the burgeoning IoT market is expected to grow to 41.6 billion devices by 2025. As a result of this rapid growth and adoption at the consumer and commercial level, hackers are infiltrating these devices and mounting destructive hacks that put sensitive information and even lives at risk. These attacks and potential dangers have kept security at top of mind for manufacturers, technology companies and … More

The post What the IoT Cybersecurity Improvement Act of 2020 means for the future of connected devices appeared first on Help Net Security.

Political campaigns adopt surveillance capitalism at their own peril

Since the middle of the 20th century, commercial advertising and marketing techniques have made their way into the sphere of political campaigns. The tactics associated with surveillance capitalism – the commodification of personal data for profit as mastered by companies like Google and Facebook – have followed the same path. The race between competing political campaigns to out-collect, out-analyze and out-leverage voter data has raised concerns about the damaging effects it has on privacy and … More

The post Political campaigns adopt surveillance capitalism at their own peril appeared first on Help Net Security.

How to apply data protection best practices to the 2020 presidential election

It’s safe to assume that we need to protect presidential election data, since it’s one of the most critical sets of information available. Not only does it ensure the legitimacy of elections and the democratic process, but also may contain personal information about voters. Given its value and sensitivity, it only makes sense that this data would be a target for cybercriminals looking for some notoriety – or a big ransom payment. In 2016, more … More

The post How to apply data protection best practices to the 2020 presidential election appeared first on Help Net Security.

Work from home strategies leave many companies in regulatory limbo

Like most American businesses, middle market companies have been forced to rapidly implement a variety of work-from-home strategies to sustain productivity and keep employees safe during the COVID-19 pandemic. This shift, in most cases, was conducted with little chance for appropriate planning and due diligence. This is especially true in regard to the security and compliance of remote work solutions, such as new cloud platforms, remote access products and outsourced third parties. Many middle market … More

The post Work from home strategies leave many companies in regulatory limbo appeared first on Help Net Security.

5 tips to reduce the risk of email impersonation attacks

Email attacks have moved past standard phishing and become more targeted over the years. In this article, I will focus on email impersonation attacks, outline why they are dangerous, and provide some tips to help individuals and organizations reduce their risk exposure to impersonation attacks. What are email impersonation attacks? Email impersonation attacks are malicious emails where scammers pretend to be a trusted entity to steal money and sensitive information from victims. The trusted entity … More

The post 5 tips to reduce the risk of email impersonation attacks appeared first on Help Net Security.

Data protection predictions for 2021

2020 presented us with many surprises, but the world of data privacy somewhat bucked the trend. Many industry verticals suffered losses, uncertainty and closures, but the protection of individuals and their information continued to truck on. After many websites simply blocked access unless you accepted their cookies (now deemed unlawful), we received clarity on cookies from the European Data Protection Board (EDPB). With the ending of Privacy Shield, we witnessed the cessation of a legal … More

The post Data protection predictions for 2021 appeared first on Help Net Security.

Moving to the cloud with a security-first, zero trust approach

Many companies tend to jump into the cloud before thinking about security. They may think they’ve thought about security, but when moving to the cloud, the whole concept of security changes. The security model must transform as well. Moving to the cloud and staying secure Most companies maintain a “castle, moat, and drawbridge” attitude to security. They put everything inside the “castle” (datacenter); establish a moat around it, with sharks and alligators, guns on turrets; … More

The post Moving to the cloud with a security-first, zero trust approach appeared first on Help Net Security.

Preventing cybersecurity’s perfect storm

Zerologon might have been cybersecurity’s perfect storm: that moment when multiple conditions collide to create a devastating disaster. Thanks to Secura and Microsoft’s rapid response, it wasn’t. Zerologon scored a perfect 10 CVSS score. Threats rating a perfect 10 are easy to execute and have deep-reaching impact. Fortunately, they aren’t frequent, especially in prominent software brands such as Windows. Still, organizations that perpetually lag when it comes to patching become prime targets for cybercriminals. Flaws … More

The post Preventing cybersecurity’s perfect storm appeared first on Help Net Security.

Can we trust passwordless authentication?

We are beginning to shift away from what has long been our first and last line of defense: the password. It’s an exciting time. Since the beginning, passwords have aggravated people. Meanwhile, passwords have become the de facto first step in most attacks. Yet I can’t help but think, what will the consequences of our actions be? Intended and unintended consequences Back when overhead cameras came to the express toll routes in Ontario, Canada, it … More

The post Can we trust passwordless authentication? appeared first on Help Net Security.

New research shows risk in healthcare supply chain

Exposures and cybersecurity challenges can turn out to be costly, according to statistics from the US Department of Health and Human Services (HHS), 861 breaches of protected health information have been reported over the last 24 months. New research from RiskRecon and the Cyentia Institute pinpointed risk in third-party healthcare supply chain and showed that healthcare’s high exposure rate indicates that managing a comparatively small Internet footprint is a big challenge for many organizations in … More

The post New research shows risk in healthcare supply chain appeared first on Help Net Security.