Learning & Resource Center

Financial firms are failing to strengthen their authentication technologies, even after a breach, according to research into the industry. As many as four in five financial services organizations had experienced a breach where authentication weaknesses was a factor. However, 63% failed to update their authentication systems after the attack. According to the report by Vanson Bourne – The State of Authentication in the Finance Industry  – 85% of financial services firms had experienced a...

Accounts receivable management agency Professional Finance Company (PFC) suffered a ransomware attack that impacted 660 of its healthcare organization clients.   Professional Finance Company (PFC), an accounts receivable management agency based in Greeley, Colorado, disclosed a ransomware attack that impacted 660 of its healthcare organization clients. According to a notice on its website, PFC “detected and stopped a sophisticated ransomware attack in which an unauthorized third party...

The number of security breaches stemming from stolen or compromised identities has reached epidemic proportions, according to new data from the non-profit Identity Defined Security Alliance (IDSA). The IDSA polled 500 US identity and security professionals to compile its 2022 Trends in Securing Digital Identities report. It found that 84% had experienced an identity-related breach in the past year, with the vast majority (78%) claiming it had a direct business impact. Part of the problem is...

Document Everything and Audit Regularly This rule is actually two rules in one.  Part of maximizing visibility and uncovering vulnerabilities is regular and consistent internal auditing. To most security professionals, an audit is a tedious, and painful process.  Unfortunately, too many businesses still fall short, making audits a necessary part of cybersecurity. For example, some attackers control victims’ machines for months or years before anyone notices due to insufficient logging...

Nearly a year ago, journalist Martin Banks codified “Five Laws of Cybersecurity”. Cybersecurity is a complicated field, and any way to simplify its many facets into short, easy-to-remember maxims is always welcome. The five laws are a very good start towards developing a robust security program. The laws are: Treat everything like it’s vulnerable. Assume people won’t follow the rules. If you don’t need something, get rid of it. Document everything and audit regularly. Plan for failure. Of...

Environmental sustainability has become a significant concern for businesses today. Yet, many are not seeing the connection between sustainability efforts and cybersecurity.  Despite how different they may seem, these two topics are intertwined. If environmental services and infrastructure don’t embrace better security, the consequences could be severe. If organizations hope to make a positive environmental impact, they need thorough, reliable cybersecurity. Without it, cyberattacks could...

Most smart medical infusion pumps have known security gaps that make them vulnerable to hackers, according to new research by Palo Alto Networks’ Unit 42. Smart infusion pumps are network-connected medication delivery devices that use a combination of computer technology and drug libraries to administer medications and fluids to patients while limiting the potential for dosing errors.  The research team reviewed crowdsourced data from scans of more than 200,000 infusion pumps on the networks...