Security Magazine

Keep up to date on the latest news and information posted to Securitymagazine.com with our RSS feed.

  1. We are all Jeff Bezos

    As much of the world continues to hunker down at home in response to COVID-19, threat actors continue to find ways of exploiting the crisis to gather sensitive and valuable information from individuals. But while we’re busy making sure that our primary computers and cloud-based accounts are locked down, it’s often the devices we least suspect – our smartphones – that provide the opening that hackers need. The 2018 hacking of Jeff Bezos’s iPhone X, perhaps the most famous example of smartphone hacking, provides an important reminder that these most personal of devices should be used with appropriate caution, especially in this time of upheaval.

  2. UW System to receive $32 million for COVID-19 testing on campuses

    The UW-System and UW-Madison will receive $32 million from the state as they prepare to welcome students back to campus this fall.

  3. Glasgow hospitals forced to increase security procedures after rise in physical attacks

    Hospitals in Glasgow, Scotland have reported a rise in verbal and physical attacks during the COVID-19 pandemic, forcing them to draft in extra security to tackle the attacks. 

  4. Twitter finds security vulnerability in Android app

    Twitter has announced that it has found a security vulnerability in its Android app.

  5. COVID-19 Healthcare Coalition issues guidelines on planning for on-campus K-12 education

    A new document, Planning for on-campus K-12 education during COVID-19, developed by the COVID-19 Healthcare Coalition, provides guidance to be used as a resource by school leaders to develop and implement plans for returning to on-campus learning.

  6. New study reveals the status of climate risk management in Latin American and Caribbean banks

    A survey among 78 financial institutions in Latin America and the Caribbean holding 54 percent of the total assets managed by the banking sector in the region, revealed that 38 percent of banks incorporate guidelines on climate change in their strategy and 24 percent have a policy on climate risk evaluation and disclosure.

  7. NSA releases guidance on limiting location data exposure

    The National Security Agency released a Limiting Location Data Exposure Cybersecurity Information Sheet (CSI) to guide National Security System (NSS) and Department of Defense (DoD) mobile device users on how they might reduce risk associated with sharing sensitive location data.

  8. CISA releases new cybersecurity career pathways tool

    The Cybersecurity and Infrastructure Security Agency (CISA) released the Cyber Career Pathways Tool, an interactive approach for current and future cybersecurity professionals to envision their career and navigate next steps within the NICE Cybersecurity Workforce Framework. 

  9. University of Utah names new Director of Campus Security

    As part of reorganizing and updating safety functions at the University of Utah, Chief Safety Officer Marlon C. Lynch created a new position to direct Campus Security and to oversee public safety compliance and accreditation.

  10. How to lead an economical and efficient infosec program

    Today's challenging reality presents an opportunity for CISO’s to reevaluate the economics and efficiencies of their current infosec program. To do so, CISO’s must narrow their focus on maximizing their return on investments and shift to a risk-based prioritization strategy. No matter the situation, CISO’s are always expected to meet goals and drive results. Even though security professionals cannot reduce risk to zero, they can reduce risk significantly by first eliminating the most impactful risks facing their organization.  Below, I discuss the four critical steps of leading an economical and efficient information security program while following a risk-based approach.

  11. The good, the bad and the ugly: Standard contractual clauses after Schrems II

    Countless businesses export data from the European Union to the United States. Does your human resources office have information on European employees? The sales department information on European clients? That is personal data. The question is if data exports can continue in the wake of the Court of Justice of the European Union’s (CJEU) ruling in the “Schrems II” case.

  12. Data Protection by Design: Eight Questions to Help Protect User Data from the Start

    By implementing a data protection by design approach, both before and during product development, organizations will build more trust with customers and end users, and curtail risk of future privacy-related conflicts.

  13. Hiring a CISO: The evolving role of your security executive

    Before COVID, cybersecurity was a concern for businesses everywhere. In fact, in Microsoft’s 2019 Global Risk Perception Survey, 57 percent of companies ranked cybersecurity as a higher risk than economic uncertainty and brand reputation or damage. Looking ahead, what does all of this mean for the role of the Chief Information Security Officer (CISO)? Not only is it more important than ever before, but the role has shifted since the start of COVID.

  14. Authentication vs. authorization | Why we need authorization standards and what it means for enterprise cybersecurity

    Twenty years ago, almost everything in the IT world was on-premises: hardware and software, including the tools you used to verify who your users were and what they could do in your systems. In today’s cloud-native world, almost nothing is on-prem, and because of the explosion of apps, remote users and devices, it has become a considerably more complicated task, by orders of magnitude, to verify the identity of a user — or a service — and determine policies that say what they are and aren’t allowed to do.

  15. Making the business case for security by design

    Organizations need to evolve their thinking around cybersecurity to stay ahead of these changing threats. A holistic approach that effectively builds security into all infrastructure and processes from the ground up is cost-effective and necessary to safeguard valuable employee and customer data. This requires an overall shift in philosophy – and adopting the concept of security by design is a key first step. 

  16. 94% of organizations experienced at least one business-impacting cyberattack in the past year

    The vast majority of organizations (94 percent) have experienced a business-impacting cyberattack in the past 12 months, according to both business and security executives.

  17. 1.1 billion fraud attacks detected since the beginning of 2020

    A new Arkose Labs study revealed that in the first half of 2020, there were more than 1.1 billion online fraud attacks, double the attack volume compared to the second half of 2019 and a 25 percent attack rate increase across all transactions. 

  18. ​Canon suffers ransomware attack that impacts numerous services

    ​Canon has suffered a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, USA website, and other internal applications.

  19. CISA releases Trusted Internet Connections 3.0 core guidance documentation

    The Cybersecurity and Infrastructure Security Agency (CISA) released core guidance documentation for the Trusted Internet Connections (TIC) program, developed to assist agencies in protecting modern information technology architectures and services.

  20. Chicago Public Schools to begin the school year with full remote learning

    Chicago, Ill. Mayor Lori E. Lightfoot, the Chicago Department of Public Health (CDPH) and Chicago Public Schools (CPS) announced that the 2020-21 CPS school year will begin remotely on September 8. 

  21. Virginia becomes the first US state to launch contact tracing app

    Virginia has unveiled a new app designed to aid in contact tracing during the coronavirus pandemic.

  22. SANS Institute outlines path to effective security metrics use

    Metrics for security are in wide use in organizations today, with more than 80 percent of respondents to a new SANS Institute survey claiming some level of maturity on their effective use of security metrics.

  23. Colorado State University raises 2020 Atlantic Hurricane season forecast to 24 named storms

    The 2020 Atlantic hurricane season could be one of the most active on record, according to a new outlook by Colorado State University.

  24. Security of TikTok: How does a Microsoft acquisition change things?

    Security fears linger around the wildly popular, Chinese-owned social media platform TikTok, and discussions are in the works for the platform to potentially be acquired by Microsoft. Should users be concerned in the interim? Will a change of ownership to a U.S.-based company allay security and privacy fears?

  25. Celebrating Women’s Growing Roles and Presence in Security

    Do an image search using the terms “security manager,” “security director,” “CSO” or “security professional,” and the results will be fairly predictable. With its roots in law enforcement, the security industry has long been dominated by men, whether in management, sales, or technical positions.