Self Improvement Site
On The Internet! Take the Self Improvement Tour
On The Internet! Take the Self Improvement Tour
Articles from Michael Peters | Selfgrowth.com
- What DoD Contractors Need to Know About the CMMC - by Submitted on Jul 18, 2019 from Michael PetersCyberattacks on the U.S. government’s vast network of contractors and subcontractors pose a serious threat to national security, and the DoD is taking action. The agency tasked NIST with developing a set of guidelines addressing advanced persistent threats against contractors who handle ...
Views: 1442 - NIST Proposes Stronger Cyber Standards for Defense Contractors - by Submitted on Jul 10, 2019 from Michael PetersU.S. defense contractors are being heavily targeted by foreign cybercriminals. An internal Navy cyber security audit ordered after a series of successful breaches of Navy contractors revealed an agency in complete cyber chaos “in ways few appreciate, fewer understand, and even fewer know what to ...
Views: 1322 - How Are IT Compliance and Cyber Security Different? - by Submitted on Jul 03, 2019 from Michael PetersIT compliance and cyber security are often used interchangeably, even within the cyber security and compliance fields. This is the basis for the completely incorrect and dangerous notion that achieving compliance automatically equals being secure. While there is some overlap, and the two ...
Views: 1265 - NIST Proposes Secure Software Development Framework - by Submitted on Jun 29, 2019 from Michael PetersApplying software updates and patches as soon as possible is a cyber security best practice, but what if an update contains malicious code inserted by a hacker? Software supply chain attacks are a serious and growing problem for both private-sector organizations and the federal government. Among ...
Views: 1219 - Which FedRAMP Security Impact Level Is Right for You? - by Submitted on Jun 22, 2019 from Michael PetersYou would never pay $1,000 upfront and $30/month for a security system to protect a shed containing $100 worth of lawn equipment. However, you wouldn’t hesitate to spend that much or more to protect your home and family. The same concept applies in information security. Different kinds of data ...
Views: 1142 - Your Guide to the PCI DSS Merchant Levels - by Submitted on Jun 13, 2019 from Michael PetersIf your organization processes, stores, or transmits cardholder data for the major credit card brands, you are required to be compliant with PCI DSS. While PCI DSS is not required by U.S. federal law — it is an industry standard mandated by the credit card companies — but some states have laws ...
Views: 1186 - Understanding the Updated SOC 2 Trust Services Criteria - by Submitted on Jun 13, 2019 from Michael PetersOutsourcing IT services to service organizations has become a normal part of doing business, even for small companies. However, there are risks to using service providers, and these continue to evolve and change. In this dynamic environment, the American Institute of Certified Public Accountants ...
Views: 1141 - Understanding the Role of the FedRAMP 3PAO During Assessment - by Submitted on May 30, 2019 from Michael PetersThe Federal Risk and Authorization Management Program (FedRAMP) was designed to support the federal government’s “cloud-first” initiative by providing a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. All cloud service ...
Views: 1151 - The FedRAMP Assessment Process: Tips for Writing a FedRAMP SSP - by Submitted on May 23, 2019 from Michael PetersA FedRAMP SSP (System Security Plan) is the bedrock of a FedRAMP assessment and the primary document of the security package in which a cloud service provider (CSP) details their system architecture, data flows and authorization boundaries, and all security controls and their ...
Views: 1209 - Lower HIPAA Fines Aren’t a License to Relax Cyber Security - by Submitted on May 16, 2019 from Michael PetersFollowing a record year for HIPAA settlements that saw the U.S. Department of Health and Human Services (HHS) collect $28.7 million in HIPAA fines, HHS has reduced the maximum annual HIPAA fine in three out of the four penalty tiers. However, HHS’ move doesn’t mean that healthcare organizations ...
Views: 1167 - Docker Hub Hack Compromises Sensitive Data from 190,000 Accounts - by Submitted on May 16, 2019 from Michael PetersAccording to an official email sent to users, hackers gained access to Docker Hub, the official repository for Docker container images, “for a brief period.” However, during that “brief period,” approximately 190,000 user accounts were compromised, containing data such as usernames, hashed ...
Views: 1179 - How to Protect Your Business Website from Formjacking - by Submitted on May 05, 2019 from Michael PetersAs individuals become more savvy about avoiding phishing emails, and enterprises get better at filtering them out before they ever reach employees’ inboxes, it’s become more difficult for hackers to infect enterprise systems with ransomware and cryptojacking malware. Companies are also becoming ...
Views: 1295 - Hackers Can Use DICOM Bug to Hide Malware in Medical Images - by Submitted on Apr 24, 2019 from Michael PetersA newly discovered design flaw in DICOM, a three-decade-old medical imaging standard, could be used to deliver malware inside what appears to be an innocuous image file, a researcher from Cylera has discovered. Because the malware would not alter the protected health information (PHI) contained ...
Views: 1226 - Dragonblood Vulnerabilities Discovered in WPA3 WiFi Standard - by Submitted on Apr 24, 2019 from Michael PetersLast year, the Wi-Fi Alliance announced the launch of the WPA3 WiFi security standard, which was developed to eliminate a number of security problems with WPA2. One of the major defense measures in WPA3 is the Simultaneous Authentication of Equals (SAE) handshake, which replaced the Pre-Shared ...
Views: 1143 - Arizona Beverages Ransomware Attack Halts Sales for Days - by Submitted on Apr 12, 2019 from Michael PetersWhat appears to have been a targeted ransomware attack knocked over 200 networked computers and servers offline at Arizona Beverages, one of the largest beverage suppliers in the U.S., TechCrunch reports. The attack, which the company was still struggling to recover from two weeks later, halted ...
Views: 1195 - Business Email Compromise Attacks Increase by Nearly 500% - by Submitted on Apr 03, 2019 from Michael PetersLast year, the FBI reported that incidents of business email compromise (BEC), also known as spear phishing, CEO fraud, and invoice fraud, had been reported in all 50 states and 150 countries, with global losses exceeding $12 billion. BEC scams are continuing to explode in popularity among cyber ...
Views: 1158 - Kubernetes Security Best Practices to Protect Your Cloud Containers - by Submitted on Apr 03, 2019 from Michael PetersLightweight cloud containers are fast replacing resource-sucking virtual machines, and Kubernetes is fast becoming the de facto standard for container orchestration. Kubernetes adoption doubled in 2018. Unfortunately, as with any popular technology, it was only a matter of time before hackers ...
Views: 1133 - Navy Cybersecurity Failures Detailed in New Report - by Submitted on Mar 23, 2019 from Michael PetersEveryone already knew that Navy cybersecurity had big problems. Last fall, a Wall Street Journal report on Navy cybersecurity revealed that Chinese nation-state hackers had successfully breached a number of third-party Navy contractors over an 18-month period, stealing highly classified ...
Views: 1150 - NIST Issues Revised Guidance for Bolstering Federal Email Security - by Submitted on Mar 13, 2019 from Michael PetersEmail breaches can be just as destructive to organizations as customer data breaches; just ask Sony Pictures and the Democratic National Committee. A breach of a federal government agency’s email system may not just be embarrassing or scandalous to the agency; it could put national security at ...
Views: 1113 - Proactive Tips for Preventing Credential Stuffing Attacks - by Submitted on Mar 12, 2019 from Michael PetersNearly everyone knows that reusing passwords across multiple sites and systems is a security risk, but most people continue to do it anyway. As a result, credential stuffing attacks abound, especially among retailers. Dunkin’ Donuts has been victimized twice in the past three months by hackers ...
Views: 1157 - Hybrid Cloud Security Lags Behind Implementation - by Submitted on Mar 01, 2019 from Michael PetersFor many organizations, particularly those in highly regulated industries such as healthcare, hybrid cloud environments offer the best of both worlds. Companies get to enjoy the easy scalability and other benefits of AWS, Microsoft Azure, or Google Cloud while isolating their critical workloads ...
Views: 1160 - GandCrab Ransomware Exploiting an Old Vulnerability to Infect New Victims - by Submitted on Feb 21, 2019 from Michael PetersThird-party vendor hacks, where hackers attack a company by compromising one of their business associates, have been a problem for a while. Now, the hackers behind GandCrab ransomware have gotten into the act, exploiting a year-old SQL injection vulnerability in a common remote IT support ...
Views: 1153 - The Cost of One Cyber Attack Can Cripple an SMB - by Submitted on Feb 13, 2019 from Michael PetersCost is arguably the biggest impediment to robust, proactive cyber security at small and medium sized businesses (SMBs). SMBs are aware of the need to secure their systems and data, but when presented with a solution, the costs may give them pause. Some of them think that hackers are interested ...
Views: 1106 - What Is Ransomware-as-a-Service? Understanding RaaS - by Submitted on Feb 07, 2019 from Michael PetersRansomware isn’t a new threat. It first rose to prominence back in 2016, when Hollywood Presbyterian Medical Center shelled out $17,000 in bitcoin after an attack took the hospital offline. Since then, ransomware has only become more popular, especially for hackers targeting the healthcare ...
Views: 1003 - Browser Extensions Can Pose Significant Cyber Security Threats - by Submitted on Jan 30, 2019 from Michael PetersFrom blocking ads and coin miners to saving news stories for later reading, browser extensions allow users to customize their web browsers for convenience, efficiency, and even privacy and security — usually for free. However, browser extensions need a wealth of access permissions to operate, ...
Views: 1098 - What Your Cloud Business Needs to Know About SOC 2 Certification - by Submitted on Jan 25, 2019 from Michael PetersAs cyber threats present greater risks to enterprises of all sizes and in all industries, more are requiring that their SaaS providers and other cloud services vendors have an SOC 2 certification. Let’s examine what an SOC 2 certification is and why your cloud services business should get ...
Views: 953 - The Top 5 Cyber Threats to the Healthcare Industry - by Submitted on Jan 18, 2019 from Michael PetersThe financial impact of cyber attacks can be devastating, especially to small organizations. The HHS points out that the healthcare industry has the highest data breach cost of any industry, at an average of $408 per record and $2.2 million per organization. In 2016, the healthcare industry as a ...
Views: 1564 - HHS Publishes New Cyber Security Guidelines for Healthcare Industry - by Submitted on Jan 09, 2019 from Michael PetersNoting that cyber security is “the responsibility of every health care professional, from data entry specialists to physicians to board members,” the U.S. Department of Health and Human Services (HHS) has published Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients ...
Views: 1081 - The 6 Most Common Cyber Security Mistakes Your Employees Are Making - by Submitted on Jan 02, 2019 from Michael PetersWith an estimated 90% of cyber attacks caused by human error or behavior, it’s important to understand the most common cyber security mistakes your employees are probably making and know how to mitigate them. Becoming victims of phishing schemes Stolen login credentials are the most common ...
Views: 1038 - Why your cloud business needs FedRAMP certification - by Submitted on Dec 27, 2018 from Michael PetersThe Federal Risk and Authorization Management Program, or FedRAMP, was designed to support the federal government’s “cloud-first” initiative by making it easier for federal agencies to contract with vendors that provide SaaS solutions and other cloud services. Unlike FISMA, which requires ...
Views: 1025 - Chinese Hackers Pose a Serious Threat to Military Contractors - by Submitted on Dec 21, 2018 from Michael PetersThe years-long Marriott Starwood database breach was almost certainly the work of nation-state hackers sponsored by China, likely as part of a larger campaign by Chinese hackers to breach health insurers and government security clearance files, The New York Times reports. Why would foreign spies ...
Views: 1085 - Marriott Starwood Breach Spotlights Multiple Cyber Security Issues - by Submitted on Dec 12, 2018 from Michael PetersThe Marriott Starwood breach, which exposed the personal data of 500 million guests, was not the largest data breach in terms of size; Yahoo still holds that dubious honor. However, because of the nature of the data stolen, it has the potential for a very long reach and highlights multiple cyber ...
Views: 1068 - Common Cyber Security Myths That Hackers Want You to Keep Believing - by Submitted on Dec 07, 2018 from Michael PetersLike other criminals, hackers take advantage of people’s misconceptions regarding their risk of being victimized. Here are six common cyber security myths that could be putting your enterprise at risk. Security Myth #1: Compliance Equals Cyber Security Compliance with regulatory and ...
Views: 1117 - Understanding & Preventing Advanced Persistent Threats (APTs) - by Submitted on Nov 29, 2018 from Michael PetersA guide to advanced persistent threats (APTs), a highly sophisticated, highly destructive form of cyber attack. What is an Advanced Persistent Threat (APT)? “Advanced persistent threat” is a broad term used to describe a cyber attack where hackers covertly gain access to a system and ...
Views: 1040 - Best Practices for Complying with Data Privacy Laws - by Submitted on Nov 23, 2018 from Michael PetersAs California goes, so does the rest of the country. While the California Consumer Privacy Act (CCPA), which was passed this summer and goes into effect in 2020, falls short of being an “American GDPR,” it clearly tore many pages from the far-reaching European data privacy law. Similar to the ...
Views: 1064 - The Top Cyber Security Threats Facing Enterprises in 2019 - by Submitted on Nov 14, 2018 from Michael PetersThe cyber threat environment is becoming more dangerous every day. A recent survey by the World Economic Forum revealed that cyber-attacks were the number-one concern of executives in Europe and other advanced economies. As we approach the winter holidays and the end of the year, let’s ...
Views: 1436 - 5 Practical Applications of Blockchain to Cyber Security and Compliance - by Submitted on Nov 07, 2018 from Michael PetersWhile digital currencies, particularly bitcoin, are the most common and well-known application of blockchain technology, they are far from being the sole or even the most important use. Blockchain is one of the most important technological advancements of the digital age, and its full potential ...
Views: 1369 - SEC Cyber Enforcement Action Cites Lack of Internal Controls - by Submitted on Oct 31, 2018 from Michael PetersDes Moines-based Voya Financial Advisors (VFA) has agreed to pay the U.S. Securities and Exchange Commission a $1 million penalty in the wake of an April 2016 breach that affected several thousand VFA customers. The SEC cyber enforcement action charged VFA with not having sufficient written ...
Views: 989 - 10 Cyber Security Travel Tips to Protect Your Devices & Data - by Submitted on Oct 31, 2018 from Michael PetersThe holiday season is fast approaching, but hackers don’t take vacations. Whether you’re planning to go home for the holidays or travel for business on a regular basis, make sure to protect yourself from cyber crime with these cyber security travel tips. Update Your OS & Software Before ...
Views: 1212 - Tips for Combating Shadow IT Usage in the Enterprise - by Submitted on Oct 18, 2018 from Michael PetersShadow IT is a very serious and growing threat to IT compliance and cyber security, and most organizations have no idea how common it really is. This article will examine some of the risks of shadow IT and discuss ways in which organizations can curb it. What Is Shadow IT? Shadow IT refers ...
Views: 927 - NIST 800–171 Compliance: A Guide for Government Contractors - by Submitted on Oct 14, 2018 from Michael PetersIf your company is part of the federal supply chain, you likely need to comply with NIST 800–171. NIST 800–171 compliance applies to contractors for the DoD, GSA, NASA, and other federal and state agencies; universities and research institutions that accept federal grants; consulting firms with ...
Views: 928 - NIST Privacy Framework Under Development to Complement NIST CSF - by Submitted on Oct 05, 2018 from Michael PetersCiting the success of its cybersecurity framework and the advent of IoT devices, artificial intelligence, and other technologies that are making it more challenging than ever for enterprises to protect their customers’ privacy, NIST has launched a collaborative project to develop a voluntary ...
Views: 910 - Best Practices for Achieving PCI DSS Compliance - by Submitted on Sep 27, 2018 from Michael PetersPCI DSS compliance is mandatory for any organization that accepts or processes payment cards, yet shockingly, a recent study by SecurityScorecard found that over 90% of U.S. retailers fail to meet four or more PCI DSS requirements. Compliance with PCI DSS is not something to be taken lightly. ...
Views: 1015 - Penetration Tests vs. Vulnerability Scans: Understanding the Differences - by Submitted on Sep 19, 2018 from Michael PetersThe difference between penetration tests and vulnerability scans is a common source of confusion. While both are important tools for cyber risk analysis and are mandated under PCI DSS, HIPAA, and other security standards and frameworks, they are quite different. Let’s examine the similarities ...
Views: 857 - Cloud Security: Understanding SOC 2 Type 2 Attestations - by Submitted on Sep 18, 2018 from Michael PetersWe are living in a cloud-first world; cloud services, including storage services and SaaS providers, are wildly popular. Unfortunately, third-party vendor breaches are at epidemic levels, and new regulations such as the EU GDPR are seeking to hold organizations accountable if third-party ...
Views: 906 - NIST Issues Guidance for Medical IoT Device Security - by Submitted on Sep 05, 2018 from Michael PetersThere are more connected devices than there are humans on Earth. Organizations have been as quick to embrace the Internet of Things as consumers have, and the healthcare industry is no exception. Medical IoT devices have exploded in popularity and grown in complexity. Smart medical devices allow ...
Views: 973 - Social Media Cyber Security Risks and Best Practices for Businesses - by Submitted on Aug 29, 2018 from Michael PetersBusinesses tend to gloss over social media cyber security, thinking that it’s more of an issue in their employees’ personal lives than a threat to workplace cyber security. However, one in eight enterprises have suffered a security breach that was traced back to a cyber attack on social ...
Views: 960 - The WPA3 WiFi Security Standard: What Your Enterprise Needs to Know - by Submitted on Aug 21, 2018 from Michael PetersAccording to the Wi-Fi Alliance, there are now more IoT devices than there are humans on Earth, and over 50% of internet traffic travels through wireless networks. As people’s dependence on connected devices has grown, free public WiFi has become insanely popular, but it’s also insanely ...
Views: 929 - Cyber Security Best Practices When Using Public WiFi Networks - by Submitted on Aug 17, 2018 from Michael PetersOnce a luxury item, free public WiFi has morphed into a standard service that consumers expect when patronizing everything from restaurants and retail stores to airports and hotels. Free WiFi users aren’t just checking Facebook or posting vacation photos to Instagram, either; all of us have sat ...
Views: 1031 - Understanding the NIST Cybersecurity Framework (NIST CSF) - by Submitted on Aug 08, 2018 from Michael PetersLast week, the NIST Small Business Cybersecurity Act (S. 770) passed the U.S. Senate and was sent to the White House, where the president is expected to sign it into law shortly. The bipartisan measure directs NIST to provide resources to small businesses to help them implement the NIST ...
Views: 883