New HHS Guidance Combats Cyber Threats in Healthcare

A with Reece Hirsch of Morgan Lewis
Late last year, the U.S. Department of Health and Human Services (HHS) released voluntary cybersecurity standards that help bring the HIPAA Security Rule into focus and up to date with current cyber threats. The new guidance could also have implications for the way “reasonable standards” are legally defined going forward. We spoke with Reece Hirsch, co-head of the Privacy and Cybersecurity practice atMorgan Lewis, about the guidance and its advantages for healthcare organizations.

GDPR So Far

A Q&A with Ian Birdsey of Pinsent Masons
The European Union’s General Data Protection Regulation (GDPR) has been implemented for over a year, and we can now start to understand just how this sweeping law is being enforced and the ways it has positively impacted data security. We posed these questions to Ian Birdsey, data protection specialist and partner of Pinsent Masons, LLP.

Measuring Up to NIST CyberSecurity Framework

A Q&A with Matt Barrett, COO of Cyber Engineering Services Incorporated (CyberESI) First introduced in 2014, the National Institute of Standards and Technology (NIST) CyberSecurity Framework (CSF) has since become a widely held best practice far beyond the commerce industry. To get some perspective on the framework and how it’s evolved over the past five years, we talked to Matt Barrett, who was the program manager for CSF. (Note: Barrett currently serves as COO for Cyber Engineering Services Inc (CyberESI), a cyber risk management firm.)

Tuning in to Silent Cyber

A Q&A with Scott Stransky of AIR Worldwide
The exposures associated with cyber incidents and losses reach far and wide, including a whole category of risk called “silent cyber.” With traditional policies offering ambiguous coverage for cyber events, insurers and their insureds face a significant amount of gray area for these risks, which have now become commonplace. To better understand silent cyber and what can be done about it, we talked to Scott Stransky, vice president and director of emerging risk modeling at AIR Worldwide.

Cyber Mercenaries and Insurance Risk

A Q&A with Chris Rock of SIEMonster

Cyber mercenary activity—in which geopolitical states sponsor hackers and private firms to wage acts of cyber offence on other states, organizations and individual citizens—has been on the rise for at least a decade, though the wider public is only now just starting to understand its grave implications. To get a better handle on the current state of global cybersecurity affairs, we talked to professional hacker Chris Rock, CEO and founder of SIEMonster.

Banking Trojans and Financial Risk

A Q&A with Sherri Davidoff, CEO of LMG Security and BrightWise, Inc.
One of the most disturbing developments in financial cybercrime is the advent and increasing popularity of banking Trojans, which pose a grave risk to both consumers and financial organizations. To find out more about banking Trojans and how to avoid them, we spoke to Sherri Davidoff, cybersecurity expert, author, speaker and CEO of both LMG Security and BrightWise, Inc.

Ransomware Negotiations

A Q&A with Bill Siegel of Coveware
Given the prevalence and sophistication of ransomware—not to mention the financial stakes involved in these exploits—it’s no longer wise to leave delicate negotiations to internal staff. We spoke to Coveware’s CEO and cofounder Bill Siegel about the nuances involved in handling threat actors and why having data at the ready can better inform a company’s decision-making.

Catastrophic Ransomware

A Q&A with Chris Nyhuis of Vigilant Technology Solutions
Cyber security threats are always evolving, but in the last six months, a vicious new breed of ransomware attack has emerged, powerful enough to take down an enterprise organization. To learn more about it, we talked to Chris Nyhuis, President and CEO of Vigilant Technology Solutions, an international security and total IT solution provider.

Insights from Forensics Experts

We talked with some of the leading experts in data breach forensics. Here’s what they told us.

Continue Reading

Business Email Compromises in Office 365

A Q&A with Chris Salsberry of Crypsis
One of the most prominent cyber threats affecting companies right now is business email compromise (BEC). These attacks typically begin with phishing emails that capture log-in credentials.The widely used cloud-based Microsoft Office 365 has proven especially vulnerable, with millions of dollars lost in fraudulent wire transfers over the past couple of years. We talked to The Crypsis Group’s senior director Chris Salsberry about this attack vector and how companies can avoid being compromised.

No more posts.