January 12, 2021

Data Privacy Day: Understanding COVID-19’s Impact

Security Boulevard, January 12, 2020
Data Privacy Day is Jan. 28, just like it is every year. But as with everything else, COVID-19 has forced us to reconsider a new normal for enforcing data privacy in the work-from-home (WFH) environment. Sponsored by the National Cyber Security Alliance (NCSA), Data Privacy Day is designed to “inspire dialogue and empower individuals and companies to take action” on the way personal information is collected, stored and used.

January 11, 2021

IT cleanup at U.S. Capitol presents massive challenge

GCN, January 11, 2021
Federal IT staff have a massive job ahead of them cleaning up after the rioters who broke into the U.S. Capitol building, some of whom rifled through lawmakers offices.
While improving physical security for the building and for lawmakers and staff who work there is the first priority, experts have said the rioters’ unprecedented access to offices, files and computers can have serious cybersecurity ramifications.

January 11, 2021

Experts Weigh In on Cybersecurity Risks of Capitol-Like Attacks

SecurityWeek, January 11, 2021
Hundreds of protesters stormed the U.S. Capitol on Wednesday just as the House and Senate were certifying the election victory of Joe Biden. While much of the focus was on the physical destruction caused by the protesters, many people have pointed out that rioters gained access to computers in the Capitol, which in some cases were still turned on and logged in, as their users were forced to quickly evacuate.

January 8, 2021

Post-Riot, the Capitol Hill IT Staff Faces a Security Mess

WIRED, January 8, 2021
IN THE AFTERMATH of destructive riots that trashed the United States Capitol on Wednesday, the nation is grappling with questions about the stability and trajectory of US democracy. But inside the Capitol building itself, the congressional support staff is dealing with more immediate logistics, like cleanup and repairs. A crucial part of that: the process of securing the offices and digital systems after hundreds of people had unprecedented access to them.

December 16, 2020

SolarWinds Attack Fallout: 18K Customers at Risk, ExtraHop IDs 550 Suspicious IP Addresses

SDxCentral, December 16, 2020
As many as 18,000 SolarWinds customers installed the company’s Orion software updates containing malicious code likely inserted by Russian nation-state hackers, according to documents filed with the U.S. Securities and Exchange Commission on Monday.
The SolarWinds attack may have also hit Microsoft customers. In its SEC filing, SolarWinds said the hackers compromised its Office 365 email and office productivity accounts.

December 16, 2020

Cybersecurity employee training: How to build a solid plan

TechTarget, December 16, 2020
Cybersecurity training programs play a crucial role in keeping employees informed about the changing threat landscape and about their personal role in protecting the organization and its stakeholders. Unfortunately, these programs often suffer from a lack of attention, resulting in dull and potentially outdated content that doesn't effectively engage employees and, therefore, fails to achieve its cybersecurity objectives.

December 15, 2020

Here are the critical responses required of all businesses after SolarWinds supply-chain hack

SC Mag, December 15, 2020
The U.S. Department of Homeland Security, Treasury Department and FireEye are among the most prominent victims affected by the supply chain attack on SolarWinds network monitoring software. But these data breaches are just scratching the surface of one of the most significant foreign hacking incidents in history – one that will have long-lasting repercussions.