A few days ago, on February 23, the US Senate Intelligence Committee held a hearing with executives from SolarWinds, FireEye, CrowdStrike and Microsoft about the SolarWinds hack. It’s worth listening in full, but we want to focus on one particular aspect described by the participants… Read More »The SolarWinds Hack: What Went Wrong With Missing Alarms and How To Fix It
Tag: Data Protection
TeamViewer is a great utility for remotely helping your relatives or for IT people servicing small businesses. But using it in large organizations, and especially for critical infrastructure, is rather risky, as shown in a recent attempt to poison the water of a city in… Read More »TeamViewer Security Risks And How To Mitigate Them
Security breaches are becoming increasingly commonplace and dangerous. The World Economic Forum nominated cyber-attacks as one of the major threats to global stability for 2019. Not only money is at stake, as breaches have an appalling effect on organizations’ reputation, trustworthiness, and often prove to… Read More »The 2020 Must-Know Security Breach Statistics
This week the US government, as well as many enterprises, were hit by a cyberattack, dubbed Solorigate, via the SUNBURST backdoor. Fireeye (also a victim of the attack) has done a great analysis of how the attack works, and we recommend reading it. But we’ll… Read More »Five Things We Can Learn From Solorigate/SUNBURST, a Sophisticated And Highly Evasive Cyber Attack
There’s an unwritten rule that every machine that becomes visible on the internet is under attack in under 5 seconds. We recently deployed our LogSentinel SIEM honeypot with one of our customers and that rule proved correct – immediately malicious requests from all over the… Read More »LogSentinel Honeypot: Malicious Actors Don’t Wait
SIEMs can help detect different kinds of issues related to information security. Some of these issues are vital to the organization as they affect confidential data, or can even lead to personal data leaks.
Data breaches happen practically every day. Personal, including financial and medical data leak to cyber criminals as well as intelligence agencies. Some notable breaches include the Equifax breach, where dozens of personal data fields were leaked, and the recently announced Marriott breach, where passports, credit… Read More »Preventing Various Types of Data Breaches
Software-as-a-service is the norm now. All organizations, even the most conservative ones, are using some form of SaaS – be it for storage, email, customer management, marketing, or even low-code. But security is always a concern with SaaS, so vendors need to take extra care… Read More »Five Mandatory Security Features for SaaS
Privacy-by-design (PbD) is an engineering and managerial approach taken when creating new technologies and systems. The term speaks for itself – you incorporate privacy measures at the design stage, so no matter the purpose of the system, it will always protect privacy by default. In… Read More »Ebooks: Understanding the Value of Privacy-by-Design
What Is Searchable Encryption? Encryption is the method by which information is converted into a secret code that hides the information’s true meaning. Encryption is widely used to protect different kinds of data stored and transferred online, in order to protect malicious actors from revealing… Read More »Why Is Searchable Encryption So Important?
As the IBM 2020 Cost of a Data Breach report outlines, the year has not been a good one for privacy, so far – with $3.86 million global average cost of a data breach, and the healthcare still being the most vulnerable sector. It is… Read More »Privacy by Design in Practice
Why Is Encryption Important? More and more companies get breached these days, undergoing huge financial and reputational losses. Over 5 billion records were compromised in 2019. The 2019 data breaches cost businesses over $2 trillion in total. The chance of a company becoming a data breach… Read More »Data Encryption: Importance, Best Practices, IT Compliance
We have always focused on backend security on this blog. However, attackers sometimes try to steal sensitive information, including credit card numbers. That’s why we piloted LogSentinel SIEM’s Script Monitoring feature which aims to protect websites from front-end attacks, including formjacking/magecart/form scraping as well as… Read More »Report: Compromised WooCommerce Websites
Electronic signatures are legally meaningful ways to store interaction by end-users. That’s an oversimplified explanation and certainly not a definition, but in the context of web and mobile applications, it is that. The European Union defined electronic signatures in a regulation (eIDAS) in order to… Read More »Practical Electronic Signatures For Your Website
A security vendor should value their own infrastructure in order to prove the attention to detail required in the security world nowadays. We are proud that our infrastructure, where our customers’ data is held, meets security requirements, and follows best practices. LogSentinel and AWS Security… Read More »AWS Security Score: We Focus On The Security Of Our Infrastructure
During the webinar Bozhidar Bozhanov will review the types of encryption, their benefits across different scenarios and the challenges in using encryption.
Due to the COVID-19 crisis, businesses and governments have developed contact tracing apps to help health authorities overcome the situation. Although the effectiveness of those applications is still unclear, they happen to process large amounts of personal data. Respectively some of them tend to operate… Read More »Centralized vs. Decentralized Approaches to Protecting User Data
Personal health information (PHI) is very sensitive and is therefore subject to many regulations around the world – most notably, GDPR in the EU and HIPAA in the US. We have covered both regulations in depth (GDPR articles, HIPAA articles), but the specifics of each… Read More »How to Store Personal Health Information Securely
SWIFT is a global provider of secure financial messaging services that connects thousands of banks, financial institutions and corporations all over the world. However, it does not monitor or control the messages that users send through its system. So, all issues with privacy and compliance… Read More »SWIFT: Covering Key Consumer Security Controls
It has been 2 years since GDPR came into effect and it seems privacy and data protection have never been more important. During this period, many companies like British Airways, Marriott, Google, 1&1 Telecom GmbH were fined for data protection violations and suffered painful reputation… Read More »GDPR: How to Achieve Compliance with Minimal Effort
It is no secret that the German healthcare sector is heavily regulated in all possible aspects. The new Digital Health Applications Ordinance (DiGAV) of 21st April 2020 allows only approved digital health apps (DiGA) to be reimbursed by the patient’s health insurance. We have previously… Read More »How to Easily Cover the New DiGAV Data Protection Requirements
The US presidential election is in a few months and although the coronavirus is currently occupying everyone’s attention, it will soon be shifting to the election. And among the chief concerns is election security and integrity. We have previously covered the importance of audit trail for election… Read More »Technical Guide to Protecting Voter Registration Databases
In light of the COVID-19 pandemic, governments and corporations leverage contact tracing mobile applications to help health authorities overcome the crisis. Those apps process vast amounts of sensitive personal data and sometimes operate in the gray area of data protection regulations. As we believe in privacy… Read More »Webinar: Privacy in Time of Pandemic
Privacy and data protection have never been more important. From anxious consumers to activist regulators, everybody seems to have data protection on their minds. The proliferation of regulations and the increasing complexity of data and IT architectures create challenges for organizations of all types. We… Read More »GDPR: Compliance, Best Practices, Security Safeguards
It’s been almost two years since GDPR came into force. During this period, many huge companies were under the hackers’ radar and they suffered from losing both reputation and financial assets.
The most interesting type of data for cybercriminals is undoubtedly credit card data. For precisely that reason, a dedicated standard exists – PCI-DSS – created and observed by the payment card industry. The PCI DSS standard is pretty thorough and aims at increasing the security… Read More »Why Are Credit Card Numbers Leaking?
Most organizations have clearly separated roles for the Chief Compliance Officer and Chief Technical Officer. And this has worked well up until recently, as most standards and regulations had mostly legal and procedural implications and technical input was rarely required. At the same time, the CTO has been… Read More »The Need For A Chief IT Compliance Officer
HIPAA, the US healthcare regulation, has some rigid requirements about data security and privacy. That aligns perfectly with LogSentinel’s mission so we decided to help our customers in their HIPAA compliance efforts by providing a clear mapping between HIPAA requirements and LogSentinel SIEM’s functionality. #… Read More »How To Cover HIPAA Security Rule Regarding Audit Trail
There are a lot of products that allow collecting data, aggregating it, and displaying it for security or monitoring purposes. That includes SIEMs (Security information and event management systems), UEBAs (User and entity behavior analytics), log collectors, and catch-all multi-purpose data platforms (like Splunk). And… Read More »Track Events You Have Not Tracked Before
California Consumer Privacy Act (CCPA) is the new privacy law in California that affects a lot of organizations due to its extraterritorial effect. We have already covered CCPA with a high-level overview, covering what is it about, who is bounded to comply with it, what are the… Read More »Database Security and CCPA Compliance