Data security and privacy
Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.
Top Stories
-
News
25 Apr 2024
Risk & Repeat: Change Healthcare's bad ransomware bet
This Risk & Repeat podcast discusses Change Healthcare's ransomware attack and the apparent further spread of sensitive data despite the company paying a ransom. Continue Reading
-
News
25 Apr 2024
Cisco zero-day flaws in ASA, FTD software under attack
Cisco revealed that a nation-state threat campaign dubbed 'ArcaneDoor' exploited two zero-day vulnerabilities in its Adaptive Security Appliance and Firepower Threat Defense products. Continue Reading
-
News
23 Apr 2024
U.S. cracks down on commercial spyware with visa restrictions
The move marks the latest effort by the U.S. government to curb the spread of commercial spyware, which has been used to target journalists, politicians and human rights activists. Continue Reading
-
Tip
23 Apr 2024
Creating a patch management policy: Step-by-step guide
A comprehensive patch management policy is insurance against security vulnerabilities and bugs in networked hardware and software that can disrupt your critical business processes. Continue Reading
-
News
22 Apr 2024
Mitre breached by nation-state threat actor via Ivanti flaws
An unnamed nation-state threat actor breached Mitre through two Ivanti Connect Secure zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, disclosed earlier this year. Continue Reading
-
Definition
22 Apr 2024
chief privacy officer (CPO)
A chief privacy officer (CPO) is a corporate executive charged with developing and implementing policies designed to protect employee and customer data from unauthorized access. Continue Reading
-
Tip
19 Apr 2024
7 steps to create a data loss prevention policy
Data loss prevention is an ever-changing process of proactive and reactive protection and planning. Read on to learn how to set up a successful DLP policy. Continue Reading
-
News
19 Apr 2024
CISA: Akira ransomware extorted $42M from 250+ victims
The Akira ransomware gang, which utilizes sophisticated hybrid encryption techniques and multiple ransomware variants, targeted vulnerable Cisco VPNs in a campaign last year. Continue Reading
-
Feature
18 Apr 2024
3 Keycloak authorization strategies to secure app access
Keycloak, an open source IAM tool, offers authorization methods, including RBAC, GBAC and OAuth 2.0, that limit what users can access. Continue Reading
-
Opinion
18 Apr 2024
Optimize encryption and key management in 2024
Enterprise Strategy Group research highlighted the encryption challenges enterprises face, including lack of encryption, cryptographic infrastructure inadequacies and more. Continue Reading
-
News
12 Apr 2024
CISA: Midnight Blizzard obtained federal agency emails
CISA ordered U.S. federal agencies to reset any credentials exposed by Midnight Blizzard's breach against Microsoft and notify CISA in the case of a known or suspected compromise. Continue Reading
-
Feature
11 Apr 2024
7 principles of the GDPR explained
The GDPR's seven data protection principles on the lawful processing of data are directly influencing the way businesses collect, store, erase and monetize personal information. Continue Reading
-
News
11 Apr 2024
CISA discloses Sisense breach, customer data compromised
CISA is investigating a breach of data analytics vendor Sisense that may have exposed customers' credentials and secrets and could impact critical infrastructure organizations. Continue Reading
-
Feature
11 Apr 2024
AI and GDPR: How is AI being regulated?
Amid data privacy issues spawned by proliferating AI and generative AI applications, GDPR provisions need some updating to provide businesses with more specific AI guidelines. Continue Reading
-
Conference Coverage
11 Apr 2024
RSA Conference 2024 focuses on collaboration, resilience
Follow TechTarget Security's RSAC 2024 guide for pre-conference insights and the most pressing presentations and breaking news at the world's biggest infosec event. Continue Reading
-
Opinion
10 Apr 2024
Identity, data security expectations for RSA Conference 2024
Security practitioners can expect to hear about key issues at this year's RSA Conference, including identity and data security, AI and DSPM. Continue Reading
-
Definition
10 Apr 2024
cryptanalysis
Cryptanalysis is the study of ciphertext, ciphers and cryptosystems to understand how they work and to find and improve techniques for defeating or weakening them. Continue Reading
-
Answer
09 Apr 2024
How do companies protect customer data?
Companies can protect customer data through various technical tools and strategies, like authentication and encryption. But some types of data need more protection than others. Continue Reading
-
News
08 Apr 2024
Flaws in legacy D-Link NAS devices under attack
Internet scans show threat actors are targeting CVE-2024-3273 in thousands of end-of-life D-Link NAS devices, and exploitation requires no authentication. Continue Reading
-
Definition
08 Apr 2024
backup storage device
A backup storage device is a hardware component for storing copies of data. Continue Reading
-
Podcast
05 Apr 2024
Risk & Repeat: Cyber Safety Review Board takes Microsoft to task
This podcast episode discusses the Cyber Safety Review Board's report on Microsoft and its conclusion that the software giant must overhaul its security culture. Continue Reading
-
Feature
04 Apr 2024
Thought leaders tips to obtain a secure cloud environment
Securing the cloud ecosystem is a multifaceted endeavor requiring both strategy and cooperation. Learn best practices and practical advice from leading speakers in this space. Continue Reading
-
News
04 Apr 2024
Ransomware attacks ravaged municipal governments in March
Many municipalities across the U.S. faced network outages, data breaches and large ransom demands following a flurry of ransomware attacks last month. Continue Reading
-
Tip
04 Apr 2024
Data protection vs. data backup: How are they different?
They might be viewed as separate functions, but data backup should be part of an overall data protection strategy to thwart ransomware and comply with stringent privacy laws. Continue Reading
-
Tip
03 Apr 2024
How to conduct a data privacy audit, step by step
The vital importance of a data privacy audit can't be underestimated in today's climate of proliferating customer data, more stringent regulations and sophisticated cyber threats. Continue Reading
-
News
03 Apr 2024
Trend Micro: LockBit ransomware gang's comeback is failing
LockBit is struggling to resume operations in part due to the name-and-shame aspect of the international law enforcement operation responsible for the gang's disruption. Continue Reading
-
Feature
01 Apr 2024
6 business benefits of data protection and GDPR compliance
Complying with GDPR and avoiding severe fines is a primary goal of businesses, but the data governing principles and security tools to achieve compliance yield systemic benefits. Continue Reading
-
Definition
28 Mar 2024
sensitive information
Sensitive information is data that must be protected from unauthorized access to safeguard the privacy or security of an individual or organization. Continue Reading
-
Feature
28 Mar 2024
11 core elements of a successful data protection strategy
Your organization's data protection strategy might not include all 11 core elements and associated activities, but the important thing is to have a comprehensive strategy in place. Continue Reading
-
News
27 Mar 2024
Flashpoint observes 84% surge in ransomware attacks in 2023
The threat intelligence vendor anticipates that enterprises will continue to face increases in ransomware activity and data breaches in 2024, with some silver linings ahead. Continue Reading
-
Feature
26 Mar 2024
6 data privacy challenges and how to fix them
Fragmented data protection laws, technology disruptions, AI adoption, data governance and consumer trust are among the complex issues confronting businesses in need of remedies. Continue Reading
-
Opinion
26 Mar 2024
Top 6 data security posture management use cases
Data security posture management is a top 10 security issue for 2024, according to research. Check out the top six use cases for DSPM and weigh in on other possibilities. Continue Reading
-
Tip
22 Mar 2024
Data protection impact assessment template and tips
Conducting a data protection impact assessment is key to evaluating potential risk factors that could pose a serious threat to individuals and their personal information. Continue Reading
-
News
22 Mar 2024
'GoFetch' attack spells trouble for Apple M-series chips
Academic researchers discovered a hardware optimization feature called 'data memory-dependent prefetcher' could be abused to extract secret encryption keys from vulnerable systems. Continue Reading
-
News
21 Mar 2024
NCC Group: Ransomware attacks jump 73% in February
While NCC Group expected an increase in ransomware attacks from January to February, year-over-year data showed just how persistent the threat is to enterprises. Continue Reading
-
Tip
20 Mar 2024
U.S. data privacy protection laws: 2024 guide
Concerns about how personal data is processed and stored is leading to the passage of new privacy regulations that govern how companies handle consumer data. Continue Reading
-
Podcast
19 Mar 2024
Risk & Repeat: Microsoft's Midnight Blizzard mess
This podcast episode discusses the latest disclosure from Microsoft regarding Midnight Blizzard, which accessed internal systems, source code and some cryptographic secrets. Continue Reading
-
Tip
19 Mar 2024
How to manage third-party risk in the cloud
Third parties, including CSPs, remain a weak point in the supply chain. Adding CSPs into your organization's third-party risk management processes is crucial. Continue Reading
-
Tip
19 Mar 2024
EDR vs. antivirus: What's the difference?
Endpoint detection and response and antivirus tools both protect enterprise networks, and both have distinct advantages. Which is better for your organization? Continue Reading
-
Feature
15 Mar 2024
The importance of ethics in information management
Advancements in data collection and processing may tempt information management professionals to use as much customer data as possible. Yet, more data use means less privacy. Continue Reading
-
Definition
14 Mar 2024
cloud encryption
Cloud encryption is a service cloud storage providers offer whereby a customer's data is transformed using encryption algorithms from plaintext into ciphertext and stored in the cloud. Continue Reading
-
Podcast
13 Mar 2024
Risk & Repeat: CISA hacked via Ivanti vulnerabilities
The compromise of two internal CISA systems comes on the heels of ongoing attacks and developments related to two zero-day vulnerabilities Ivanti disclosed in January. Continue Reading
-
Definition
13 Mar 2024
cryptography
Cryptography is a method of protecting information and communications using codes, so that only those for whom the information is intended can read and process it. Continue Reading
-
News
12 Mar 2024
Sophos: Remote ransomware attacks on SMBs increasing
According to new research from Sophos, small businesses are seeing a rise in threats such as remotely executed ransomware attacks, malvertising, driver abuse and more. Continue Reading
-
Definition
12 Mar 2024
asymmetric cryptography
Asymmetric cryptography, also known as public key cryptography, is a process that uses a pair of related keys -- one public key and one private key -- to encrypt and decrypt a message and protect it from unauthorized access or use. Continue Reading
-
News
11 Mar 2024
CISA confirms compromise of its Ivanti systems
CISA said that approximately one month ago, it identified 'activity indicating the exploitation of vulnerabilities in Ivanti products the agency uses.' Continue Reading
-
News
08 Mar 2024
Midnight Blizzard accessed Microsoft systems, source code
Microsoft said Midnight Blizzard used data stolen from a breach of its corporate email system to access other parts of the company's network, including source code repositories. Continue Reading
-
Podcast
07 Mar 2024
Risk & Repeat: Alphv/BlackCat's chaotic exit (scam)
This podcast episode discusses the possible exit scam of ransomware-as-a-service gang Alphv/BlackCat, as well as the chaotic months the gang had leading up to its closure. Continue Reading
-
News
05 Mar 2024
Alphv/BlackCat leak site goes down in possible exit scam
An Alphv/BlackCat affiliate accused the ransomware gang of stealing a ransom payment worth more than $20 million that may have been obtained in the Change Healthcare attack. Continue Reading
-
News
05 Mar 2024
Inside an Alphv/BlackCat ransomware attack
Sygnia researchers investigated an intrusion in a client's network and discovered an Alphv/BlackCat ransomware actor had been lurking in the environment for weeks. Continue Reading
-
Feature
04 Mar 2024
Infosec pros weigh in on proposed ransomware payment bans
Whether for or against a payment ban, security professionals are concerned regulations could negatively affect victims and result in fewer incident disclosures. Continue Reading
-
News
04 Mar 2024
LockBit, Alphv/BlackCat highlight February ransomware activity
With events surrounding the LockBit and Alphv/BlackCat gangs and the ConnectWise ScreenConnect flaws, ransomware activity continues this year after a surge in 2023. Continue Reading
-
Definition
29 Feb 2024
phishing
Phishing is a fraudulent practice in which an attacker masquerades as a reputable entity or person in an email or other form of communication. Continue Reading
-
News
28 Feb 2024
Alphv/BlackCat attacking hospitals following FBI takedown
The ransomware attacks against hospitals and the healthcare sector come after law enforcement agencies, led by the FBI, disrupted Alphv/BlackCat's network in December. Continue Reading
-
Podcast
27 Feb 2024
Risk & Repeat: LockBit resurfaces after takedown
LockBit returns just days after an international law enforcement operation infiltrated the ransomware gang's network and seized infrastructure, source code and decryption keys. Continue Reading
-
News
27 Feb 2024
Ransomware gangs exploiting ConnectWise ScreenConnect flaws
Ransomware activity is ramping up against vulnerable ScreenConnect systems as Black Basta and Bl00dy threat actors were observed exploiting the vulnerabilities. Continue Reading
-
News
26 Feb 2024
LockBit restores servers following law enforcement takedown
Law enforcement agencies last week announced a takedown of the LockBit ransomware gang that involved the seizure of servers, websites and decryption keys, as well as two arrests. Continue Reading
-
Definition
26 Feb 2024
data broker (information broker)
A data broker, also called an information broker or information reseller, is a business that collects large amounts of personal information about consumers. Continue Reading
-
Tip
22 Feb 2024
IoMT device tips for healthcare IT departments
Healthcare providers' IT departments must keep an ever-expanding range of IoT devices powered on, connected and secure. Challenges abound, but they are surmountable. Continue Reading
-
Definition
22 Feb 2024
cybersecurity
Cybersecurity is the practice of protecting internet-connected systems such as hardware, software and data from cyberthreats. Continue Reading
-
News
21 Feb 2024
Apple unveils PQ3 post-quantum encryption for iMessage
Apple said its new PQ3 protocol for iMessage is the first of its kind and addresses both future threats from quantum computing as well as "harvest now, decrypt later" attacks. Continue Reading
-
News
20 Feb 2024
Operation Cronos dismantles LockBit ransomware gang
An international law enforcement operation led by the U.K.'s National Crime Agency seizes LockBit's websites, servers, source code and decryption keys. Continue Reading
-
Definition
20 Feb 2024
Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the U.S. government to protect classified information. Continue Reading
-
News
15 Feb 2024
Ransomware disrupts utilities, infrastructure in January
Ransomware attacks last month caused outages and disruptions at public sector and critical infrastructure organizations as well as a major financial services firm. Continue Reading
-
Tip
14 Feb 2024
What is cybersecurity mesh and how can it help you?
The concept of cybersecurity mesh could help solve and simplify issues created by multi-cloud deployments and the increase in remote work environments. Continue Reading
-
News
13 Feb 2024
Iranian cyberattacks targeting U.S. and Israeli entities
Google said Tuesday that state-backed Iranian actors targeted the U.S. and Israel consistently in the years prior to the start of the Israel-Hamas war as well as the months after. Continue Reading
-
News
13 Feb 2024
Proofpoint: 'Hundreds' of Azure accounts compromised
Proofpoint researchers found that the attackers manipulated the MFA of compromised accounts, registering their own methods to maintain persistent access. Continue Reading
-
Feature
13 Feb 2024
Ransomware preparedness kicks off 2024 summit series
BrightTALK commenced the new year with ransomware readiness, giving viewers workable tips to prevent and recover from a devastating attack. Check out some highlights here. Continue Reading
-
Tip
12 Feb 2024
Top metaverse cybersecurity challenges: How to address them
As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them. Continue Reading
-
Tip
09 Feb 2024
Top 7 data loss prevention tools for 2024
Data loss prevention software is a necessity for most companies. Our guide gives you a quick overview of seven top DLP providers and tells you what works -- and what doesn't. Continue Reading
-
Definition
09 Feb 2024
mobile security (wireless security)
Mobile security, also known as wireless security, refers to the measures taken to protect smartphones, tablets, laptops, smartwatches and other portable computing devices and the networks they connect to, from threats and vulnerabilities associated with wireless computing. Continue Reading
-
News
08 Feb 2024
NCC Group records the most ransomware victims ever in 2023
Enterprises faced an alarming number of ransomware attacks as gangs targeted supply chains and took advantage of zero-day vulnerabilities and organizations' patching struggles. Continue Reading
-
News
07 Feb 2024
Chainalysis: 2023 a 'watershed' year for ransomware
Chainalysis said ransomware payments ballooned to reach $1.1 billion in 2023, marking a complete reversal from the decline in ransomware payments seen the year prior. Continue Reading
-
Definition
07 Feb 2024
encryption
Encryption is the method by which information is converted into secret code that hides the information's true meaning. Continue Reading
-
News
06 Feb 2024
Google: Spyware vendors are driving zero-day exploitation
Google's Threat Analysis Group urged further government action against commercial surveillance vendors that let customers abuse spyware products with impunity. Continue Reading
-
News
05 Feb 2024
AnyDesk hacked, details unclear
Of the hack, AnyDesk said it found 'no evidence that any end-user devices have been affected.' But researchers said they saw AnyDesk customer credentials for sale on the dark web. Continue Reading
-
Definition
02 Feb 2024
communications security (COMSEC)
Communications security (COMSEC) is the prevention of unauthorized access to telecommunications traffic or to any written information that is transmitted or transferred. Continue Reading
-
News
01 Feb 2024
CISA deputy director touts progress, anti-ransomware efforts
In this Q&A, CISA Deputy Director Nitin Natarajan shares his thoughts on scaling up to meet high demand, the agency's new initiative to address ransomware and more. Continue Reading
-
Definition
31 Jan 2024
security operations center (SOC)
A security operations center (SOC) is a command center facility in which a team of information technology (IT) professionals with expertise in information security (infosec) monitors, analyzes and protects an organization from cyberattacks. Continue Reading
-
News
30 Jan 2024
Corvus: 2023 was a 'record-breaking' ransomware year
The insurance company analyzed claims data and ransomware gangs' data leak sites, which suggests as many as 7,600 organizations across the globe were attacked in 2023. Continue Reading
-
Feature
30 Jan 2024
Security executives slam Microsoft over latest breach
Criticisms about Microsoft's breach include the lack of multifactor authentication on the targeted account and the company's approach to disclosing information about the attack. Continue Reading
-
News
29 Jan 2024
Citizen Lab details ongoing battle against spyware vendors
At the SANS Cyber Threat Intelligence Summit, Citizen Lab researcher Bill Marczak discusses spyware proliferation from commercial vendors such as NSO Group, Cytrox and Quadream. Continue Reading
-
Tip
29 Jan 2024
What is attack surface management and why is it necessary?
Attack surface management approaches security from the attacker's perspective. Learn how ASM can help better secure your organization's assets and resources. Continue Reading
-
Tip
29 Jan 2024
Cybersecurity skills gap: Why it exists and how to address it
The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
-
News
26 Jan 2024
Microsoft: Legacy account hacked by Russian APT had no MFA
Microsoft has begun notifying other organizations that have been targeted in recent attacks by Midnight Blizzard, a Russian nation-state actor also known as Cozy Bear and APT29. Continue Reading
-
Definition
26 Jan 2024
digital forensics and incident response (DFIR)
Digital forensics and incident response (DFIR) is a combined set of cybersecurity operations that incident response teams use to detect, investigate and respond to cybersecurity events. Continue Reading
-
News
25 Jan 2024
HPE breached by Russian APT behind Microsoft hack
HPE suspects that Cozy Bear, a Russian state-sponsored threat actor also known as Midnight Blizzard and Nobelium, breached its network twice in 2020. Continue Reading
-
News
24 Jan 2024
NCSC says AI will increase ransomware, cyberthreats
While other threats are likely to increase as well, the U.K.'s National Cyber Security Centre warns that threat actors will use AI to continue the influx of ransomware attacks. Continue Reading
-
Definition
24 Jan 2024
encryption key management
Encryption key management is the practice of generating, organizing, protecting, storing, backing up and distributing encryption keys. Continue Reading
-
News
23 Jan 2024
Attacks begin on critical Atlassian Confluence vulnerability
Exploitation activity for CVE-2023-22527 marks the third time in four months that a critical Atlassian Confluence flaw has gained threat actors' attention. Continue Reading
-
News
22 Jan 2024
Microsoft breached by Russian APT behind SolarWinds attack
Several email accounts belonging to Microsoft senior leadership were accessed as part of the breach, though Microsoft found 'no evidence' of customer environments being accessed. Continue Reading
-
Definition
18 Jan 2024
dark web (darknet)
The dark web is an encrypted portion of the internet not visible to the general public via a traditional search engine such as Google. Continue Reading
-
News
18 Jan 2024
CISA posts incident response guide for water utilities
In its guide, CISA urged water and wastewater sector utility operators to harden their security posture, increase information sharing and build incident response plans. Continue Reading
-
News
18 Jan 2024
Chainalysis observes decrease in cryptocurrency crime in 2023
During 2023, Chainalysis tracked a decrease in the total value and volume of illicit cryptocurrency transactions. But it is unclear if the downward trend will continue. Continue Reading
-
News
17 Jan 2024
Google, researchers in dispute over account hijacking attacks
Google disputes aspects of threat research that CloudSEK published last month claiming threat actors are maintaining persistence after hijacking Google user accounts. Continue Reading
-
Tip
12 Jan 2024
How to recycle mobile phones in the enterprise
Mobile device disposal requires careful planning. IT teams must learn how to recycle mobile phones to keep e-waste out of landfills and enterprise data out of the wrong hands. Continue Reading
-
Tip
11 Jan 2024
How to securely recycle enterprise computers
No matter how an organization wants to retire a device when it reaches its end of life, IT must first ensure that any sensitive data on it has been properly destroyed. Continue Reading
-
News
10 Jan 2024
China claims it cracked Apple's AirDrop, can track senders
The flaw used by Chinese researchers to crack Apple's AirDrop encryption was reported to the company in 2019 by researchers at German university TU Darmstadt. Continue Reading
-
Feature
10 Jan 2024
11 common cryptocurrency scams in 2024
Cryptocurrency scams are rising, and thieves are using new and old techniques to steal money. Some of the latest scams involve rug pull scams, Ponzi schemes and phishing scams. Continue Reading
-
News
09 Jan 2024
Amsterdam arrest leads to Babuk Tortilla ransomware decryptor
A joint effort by Cisco Talos, Avast and Dutch law enforcement results in an all-encompassing Babuk ransomware recovery key and the arrest of a threat actor. Continue Reading
-
News
09 Jan 2024
Account hijacking, cryptocurrency scams spread on X
One company that had its account stolen and used for cryptocurrency scams, CertiK, said it was hacked through a phishing attack from a journalist's compromised account. Continue Reading
-
Feature
09 Jan 2024
How to fix the top 5 cybersecurity vulnerabilities
Check out how to fix five top cybersecurity vulnerabilities to prevent data loss from poor endpoint security, ineffective network monitoring, weak authentication and other issues. Continue Reading