California has a privacy law that took effect on January 1, 2020, and it’s not the California Consumer Privacy Act (CCPA). This new privacy law regulates Internet of Things (IoT)-connected devices. SB 327 was enacted in 2018 and became effective on January 1, 2020. The California IoT law requires manufacturers of connected devices to equip … Continue Reading
CyberX recently released its 2020 Global IoT/ICS Risk Report (Report), which compiles survey questions and answers from 1,821 production networks of electric utilities, and oil and gas companies. Although the Report admitted that oil and gas companies and electric utilities tend to be ahead of the curve on cybersecurity compared to other sectors, they are … Continue Reading
The United States Government Accounting Office (GAO) recently issued a report on the cybersecurity risks facing the electric grid. The GAO reviewed the cybersecurity of the electric grid to determine the risks and challenges facing the grid, to describe federal efforts to address those risks, to assess the extent to which the Department of Energy … Continue Reading
It is so hard to keep up with the latest ways the bad guys try to infiltrate company data. One new technique is called warshipping, and its implementation is pretty simple and a little old school. IBM X-Force Red investigated the technique to give its customers an idea of the newest threats to enterprise systems. … Continue Reading
I once again had the pleasure of presenting Cybersecurity for Tax Professionals at the IRS Nationwide Tax Forum today. The conference is designed for tax professionals in small- to medium-sized businesses. It is always a lively bunch, but following the afternoon session, a crowd of folks got in line to chat more, and they were … Continue Reading
According to a recent survey of cybersecurity professionals by AT&T Cybersecurity entitled “Confidence: the perception and reality of cybersecurity threats,” phishing and cloud security threats are keeping them up at night. The survey polled 733 cybersecurity professionals attending the RSA conference and asked the respondents about what they perceive to be the biggest internal and … Continue Reading
I attended a meeting of cybersecurity professionals recently and overheard several of them talking about their new security cameras and how great it is to see everyone who comes up the driveway and to the front door, and monitors the family members and pets in the home. One mentioned how his wife doesn’t approve of … Continue Reading
This was a busy week for activity and discussions on the federal level regarding existing privacy laws – namely the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). But the real question is, could a federal privacy law actually happen in 2019? Cybersecurity issues and the possibility of a … Continue Reading
Some analysts have predicted that by 2020, there will be 20 billion Internet of Things (IoT) connected devices worldwide, which could grow to over 80 billion by 2025. Sales of IoT devices were $80 billion in 2017, and are predicted to grow to $1.4 trillion by 2021. With the exponential growth of IoT devices, experts … Continue Reading
As more and more companies become victim to data loss through phishing campaigns and insider threats, and the loss of data becomes riskier, companies are struggling to address the risks through employee education efforts. Note that we call it “education” and not “training.” No one likes training, so be mindful of how you are presenting … Continue Reading
California lawmakers have taken the lead in trying to address privacy and security issues with Internet of Things (IoT) devices (which we have been writing about for years), by passing the country’s first IoT security bill, which is now headed to Governor Brown’s desk for signature by September 30. One of the issues addressed by … Continue Reading
The Federal Bureau of Investigation (FBI) released a Public Service Announcement on August 2, 2018 entitled “Cyber Actors Use Internet of Things Devices as Proxies for Anonymity and Pursuit of Malicious Cyber Activities,” which outlines how cyber criminals search for and compromise vulnerable IoT devices “for use as proxies or intermediaries for Internet requests to … Continue Reading
It’s that time of the year again, budget season. A time when organizations set priorities on how to strategically spend their money in 2018. In the information technology (IT) world this can be a daunting task for any CIO. According to Gartner, artificial intelligence (AI), machine learning, and tools such as conversational platforms, digital twins … Continue Reading
We continue to try to alert our clients about the changing threat landscape in cybersecurity. We keep saying how the threats are becoming more and more sophisticated and more and more frequent, and that companies must acknowledge and address the threat as a high priority. Cisco publishes cybersecurity reports that outline the threats to businesses … Continue Reading
Last January, the Federal Trade Commission (FTC) launched the IoT Home Inspector Challenge, a contest that requested participants to come up with a tool that would identify security issues that are caused by out-of-date software in IoT devices to better educate and protect consumers about the security vulnerabilities of IoT devices. To remind you of … Continue Reading
A new survey released by Altman Vilandrie & Company, which surveyed 400 IT personnel who have purchased Internet of Things (IoT) security products, shows that 46 percent of companies that buy IoT security admitted they have experienced an IoT related security intrusion or breach within the last two years, representing hundreds of millions of dollars. … Continue Reading
Last week, Brian Krebs reported that hackers using a malware dubbed “Marai” have identified hundreds of thousands of home and office devices that have weak security. Then the hackers released the malware publicly so anyone can use it and intrude into home and office devices that do not have proper security to thwart the attack … Continue Reading
Hartford Steam Boiler released a study on May 17, 2016, that states that nine out of ten businesses have experienced at least one hacking incident in the past year, which represents a 21 percent increase since 2014. The survey of risk managers showed that 64 percent of risk managers admitted that their organization had experienced more than six … Continue Reading
On September 18, 2015, the National Institute of Standards and Technology (NIST) issued its draft Framework for Cyber-Physical Systems (CPS), which is “intended to provide a methodology for understanding, designing and building CPS including those with multiple applications.” CPS are smart systems that interact between physical and computational components. These interconnected and integrated systems “can … Continue Reading
