Arguably, the first malware extortion attack occurred in 1988 – the AIDS Trojan had the potential to be the first example of ransomware, but due to a design flaw, the victims didn’t end up actually having to pay up the 189 bucks. It’s safe to say that over the past 31 years, attackers have perfected the ransomware craft, with organizations shelling out more than $25 billion per year. We don’t expect it to end any time soon.

Together with the National Cybersecurity Center of Excellence (NCCoE), the National Institute of Standards and Technology (NIST) has released a series of practice guides that focuses on data integrity: the property that data has not been altered in an unauthorized manner. Tripwire is very proud to have contributed and collaborated with other technology vendors in the development of these practice guides.

The Payment Card Industry Data Security Standard (PCI DSS) does a great job of outlining how an organization should go about protecting cardholder data. Most organizations take the best practices from the PCI council and implement a strong information security strategy bent on enforcing PCI standards, compliance requirements, and vulnerability management. What happens when an organization doesn’t follow the rules as they should or they suffer a data breach because of negligence?

The Federal Aviation Administration (FAA) reports that there are nearly 1.5 million registered drones in the United States, proving them to be ubiquitous across the country - and there are plenty that are still unregistered, too. From military use to consumers who buy them to start a new hobby, drones are now used in many aspects of today’s society. Even Amazon plans on making drones part of their shipping process at some point in the future.

ManageEngine brought home its first set of accolades for 2020: two InfoSec Awards presented by Cyber Defense Magazine at RSA Conference 2020. Amidst the over 3,000 cyberdefense innovators that were assessed by Cyber Defense Magazine for its 2020 InfoSec Awards, ManageEngine was recognized for its identity and access management (IAM) offering, AD360, and for its insider threat prevention in Log360.

Cyber hygiene is the cybersecurity equivalent to the concept of personal hygiene in public health literature. The European Union's Agency for Network and Information Security (ENISA) states that "cyber hygiene should be viewed in the same manner as personal hygiene and, once properly integrated into an organization will be simple daily routines, good behaviors, and occasional checkups to make sure the organization's online health is in optimum condition".

The security operations center (SOC) plays a critical role in an enterprise organization’s efforts to protect their data from rapidly evolving cybersecurity threats. However, for a variety of reasons revealed in this report by the Ponemon Institute—based on a survey sponsored by Devo of more than 500 IT and security practitioners—organizations are frustrated with their SOC’s lack of effectiveness in performing its vital work.

Last year was a disaster in terms of the number of data breaches. A study produced by the nonprofit Identity Theft Resource Center rounded up 1,473 reported data breaches by the end of 2019 – a staggering 17% more than 2018. While the analysis notes that the actual number of data exposed were considerably less than 2018, it’s still proof of the increasing insecurity of deployed IT systems.

With recent worldwide epidemic scares, many companies are asking their employees to work from home as much as possible. Statistics show that even without an imminent threat from illnesses like the coronavirus, companies would do well to prepare for the ever-increasing proportion of employees who work remotely. According to an analysis by Flexjobs and Global Workplace Analytics, there has been a significant upward trend in the number of people who now work remotely in the United States.

With regard to BCSI (BES (Bulk Electric System) Cyber System Information) in the cloud, responsible entity sentiments at the moment may be akin to Prince Hamlet as he contemplated death and suicide, “bemoaning the pain and unfairness of life but acknowledging that the alternative might be worse.” As currently written and subject to enforcement, components of CIP-011-2 quite frankly make it near impossible to be compliant in designating a cloud-hosted BCSI repository much less actually choos