There is no doubt that digital transformation is changing the way people coordinate and work. While it is a blessing in many ways, as it keeps businesses and people connected by creating opportunities and easy exchange of information, it has also paved way for cybersecurity risks. Ransomware, Phishing, data breaches, denial-of-service attacks have become increasingly common and threaten businesses of all sizes.

HIPAA compliance requires covered entities and business associates to secure protected health information. Social Security numbers, medical record numbers, health plan beneficiary numbers, account numbers, and names of patients, relatives, or employers all must be secured from unauthorized access. The penalties and fines for HIPAA violations can be steep — in some instances reaching millions of dollars. And, HIPAA isn’t prescriptive about what it takes to be in compliance.

Those who work in the healthcare industry know: HIPAA compliance is often fiercely enforced by the Department of Health and Human Services, and penalties can be steep. “Each covered entity is required to implement safeguards to prevent the unauthorized disclosure of PHI. These safeguards will vary depending on the size of the covered entity and the nature of healthcare it provides, but the penalties for failing to safeguard the integrity of PHI can be extremely high.

HIPAA’s regulations refer to two parties: a covered entity and a business associate. These groups are required to achieve PHI compliance. Specifically, this means these groups are liable for protecting the confidentiality, integrity, and availability of personal health information.

Since the beginning of 2022, the unfolding geopolitical conflict between Russia and Ukraine has resulted in the discovery of new malware families and related cyberattacks. In January 2022, a new malware named WhisperGate was found corrupting disks and wiping files in Ukrainian organizations. In February 2022, another destructive malware was found in hundreds of computers in Ukraine, named HermeticWiper, along with IsaacWiper and HermeticWizard.

When a company implements multifactor authentication, the organization is usually confident that it’s using the best system possible. However, not all MFA is built the same and there are times when the MFA solution being implemented is not delivering the protection required.

A month ago I tweeted about my annoyance with SSO or Single Sign On. While single is in the name, I’m required to “single sign on” multiple times a day. I’m not the only one; the tweet went viral with over 25k likes and 2 Million impressions. The tongue-in-check tweet created a lot of fun responses and more rage against SSO user experience than I expected. SSO was meant to solve password fatigue but we got something worse.

A six-figure surprise is awesome when it’s a lottery win. It’s not so awesome when it’s the “Amount Due” appearing in your monthly cloud bill. But enterprises receive these “surprises” all the time, and what can sting even more is trying to explain this preventable expense to management. Inefficient (not optimized) traffic routing to and from your various cloud instances and other services can hurt your business in other ways too.

63%. That's the number of SOC analysts who say they are likely to switch jobs in the next year, according to our Voice of the SOC Analyst report. Considering that SOC teams are understaffed and that the cybersecurity industry as a whole is facing severe staffing shortages, team leaders need to ensure that they're doing everything they can to retain their talent. However, SOC leaders may not know exactly what approach to take.

Contract with a third-party for managed SIEM services is increasingly affordable and requested by all-size organizations. Without any doubt, the advantages associated with this service allow monitoring, analyzing, and responding to cyber security threats more cost-effectively. However, what is a managed SIEM precisely? Is the price the only feature to take into account? What is the difference between a managed SIEM Provider (MSP) and a Managed Security Service Provider (MSSP)?