A spear phishing attack over the summer led to a Canadian company paying $425,000 in Bitcoin ransom to free its computers.  As we reported earlier, senior officials apparently fell for an old trick. Messages purported to be from a courier company that told recipients attachments were invoices for packages to be picked up, while the other…

Why healthcare organizations need a good strategy to find talent, or get left behind. The recent WannaCry and NotPetya cyber attacks should remove all doubts that organizations are safe from collateral damage when international cybercrime and perhaps even nation-state actors decide to attack. As reports of the attack surfaced, healthcare executives and CIOs especially understood…

The National Institute of Standards and Technology released a report in February identifying products available to enhance the electric grid’s cybersecurity. New technologies employed onto the grid are multiplying the number of access points for cyber threats. An actual cyberattack on an electric grid occurred in December 2015 when Ukraine’s electricity was interrupted. A third…

Infosec teams need to know about EHRs, timing eccentricity and other challenges of detecting inappropriate access. Information security teams use many tools to protect patient data and now a Vanderbilt University researcher said it’s time to add a new tactic for detecting inappropriate access to medical information. “The industry needs to move beyond statistical anomaly…

Another day, another cybersecurity breach. Whole Foods Market — which was recently acquired by tech giant Amazon (AMZN, Tech30) — said Thursday that hackers were able to gain access to credit card information for customers who made purchases at some of its in-store taprooms and restaurants. The company did not disclose details about the locations…

There’s no escaping the fact that there’s a skills shortage, and companies aren’t doing enough to cultivate talent. AI could relieve some of the pressure. The cybersecurity skills shortage is common knowledge. But while it’s true that companies face significant competition to land qualified security employees, it’s myopic to argue there’s not enough talent out…

The recent retirement of Equifax CEO Richard Smith – after a data breach at the credit reporting bureau put the personal information of as many as 143 million Americans at risk – is just the latest development in an ongoing story that represents an urgent call for cybersecurity action. Our critical infrastructure centers are at…

Directors increasingly find themselves held accountable for cybersecurity breaches at their companies. Despite a movement to hold company directors responsible for security breaches at their organization, nearly 40% of in-house attorneys and general counsel fail to disclose security issues h to their board, according to a survey by ALM Intelligence and law firm Morrison &…

Nuclear plant owner has sought to bypass new federal requirements. PLYMOUTH — Federal regulators found two violations related to cybersecurity at Pilgrim Nuclear Power Station during an inspection last month. And although details are scarce, in both instances staff performance at the plant, which is owned and operated by Entergy Corp., again fell short. A…

By the time President Trump signed his Cybersecurity Executive Order on May 11, it had taken on a mythic air. The administration had produced a series of drafts soon after the inauguration that leaked, circulated, provoked criticism, and motivated refinements. While the months-long wait for the final product felt Godot-like, it ultimately received bipartisan praise…