element. Don’t add more than one Google tag to each page.

Blog

 

How to Meet the GDPR Deadline Next Week: Cyber Security Guest Blog

The following is a guest blog, published with the author’s permission. Click here to read the original post at Tressler LLP. Discussions on privacy laws have taken front and center in recent weeks as European Union (EU) member states begin enforcing the General Data Protection Regulation (“GDPR”) on May 25, 2018.  As we have been discussing for a while, there is confusion as data collectors try to figure out the impact of this legislation.  There is no question that large, multi-national corporations will have to comply and many of these corporations are already in compliance.  However, with this deadline just around the corner, smaller companies that do not actively target EU residents are struggling with how this legislation impacts them.

onShore Managed Security Services Profiled in CEOCFO Magazine

The following interview is reprinted with permission by CEOCFO Magazine.

Click here to read the interview at CEOCFO Magazine.

Managed Security Provider onShore Security is using a Panoptic Approach to revolutionize Cyberdefence, Governance, Risk and Compliance

Stel Valavanis
CEO

onShore Security

Interview conducted by: Lynn Fosse, Senior Editor, CEOCFO Magazine
Published – May 7, 2018

CEOCFO: Mr. Valavanis, according to the onShore Security website, your mission is to protect the freedom of information by revolutionizing cyber defense and governance. How are you doing that?

Mr. Valavanis: We have been developing our own security detection and event management platform since about 2004. We have been doing cyber security since 1998 or 1999. In 2004, we started building a tool set that we continue to develop today and our approach is what stands out in the industry and that is the Panoptic Cyberdefense approach as we call it, which is about seeing as many different points on the network and lots and lots of disparate data. Most of our competition just looks at the edge, just look at network traffic going through a firewall. We take a much more holistic approach. We are not alone but it is definitely at the cutting-edge of the industry and that is what we mean when we say we are revolutionizing it. This is an ongoing effort so tomorrow what revolutionizing means is different from what it means today and different from what it meant yesterday.

Uber Takes Issue with Municipal Cyber Security Regulations

The following is a guest blog, published with the author’s permission. Click here to read the original post at Tressler LLP.

Uber Claims Municipal Cyber Security Regulations Run Over State Attorney General’s Authority

Uber Takes Issue with Municipal Cyber Security Regulations
“Data collectors have been struggling with the fact that they may be storing data that is subject to various local, state, and federal laws and regulations. Not to mention the fact that data collectors will soon need to also make sure they are complying with international regulations when necessary. (European Union (EU) member states will begin enforcement of the General Data Protection Regulation (“GDPR”) on May 25, 2018.)

Women In Cybersecurity (WiCyS) 2018 Conference Debrief

onShore Security’s Caron Grantham attended the WiCyS conference recently. We asked her to reflect on her experience:

” I was enthusiastic about attending the fifth annual WiCyS (Women In Cybersecurity) 2018 Conference that took place in Chicago on March 23rd through the 24th.

The conference environment was very well organized and attended by hundreds of women. While the majority of the participants were undergrad or graduate students seeking to break into the broad field of cybersecurity, there were several working professionals like myself in attendance.

Learn How the Segregation of Duties Minimizes Cyber Security Risk

Segregation of Duties

Segregation of duties, and specifically segregation of cybersecurity management duties, is a practice that helps mitigate risks that integrated IT/security staffing can fail to reduce or even enable in the first place. The concept of segregating duties as risk management is already in place in some areas in financial institutions. For example, the chief lending officer would not be the person approving loans, nor would one person alone be in charge of outgoing wires. This practice can and should be extended into a financial institution’s cybersecurity operations, but it is common in IT to see one person responsible for both setting up and monitoring the email system or to be responsible for both the network and penetration testing.

What They Should’ve Done Before the Breach: Cyber Security Guest Blog

The following is a guest blog, published with the author’s permission. Click here to read the original post at Tressler LLP.

Here It Is: The Decision That Tells Data Collectors Exactly What They Should Have Known Before They Had A Breach

A class action entitled Wade v. ABM Indus. Inc., 2018 CH 3855 was initiated last week against ABM Industries (“ABM”) in Illinois based on allegations that ABM recently breached its employee’s Personal Information.  In summary, the class action plaintiff claims he was damaged by his employer, ABM, “when it ‘allowed hackers to obtain access to Plaintiff’s and other employees’ Personal Information.”  In particular, the class action plaintiff claims his Personal Information “should not have been susceptible to unauthorized access through the use of one of the oldest, and least sophisticated types of cyber-attacks – the ‘phishing email scheme.’”

Employee Data Breach Class Action Lawsuit: Cyber Security Guest Blog

The following is a guest blog, published with the author’s permission. Click here to read the original post at Tressler LLP.

Illinois Class Action Suit Highlights Issues When An Employer Allegedly Breaches Employee Data

A class action entitled Wade v. ABM Indus. Inc., 2018 CH 3855 was initiated last week against ABM Industries (“ABM”) in Illinois based on allegations that ABM recently breached its employee’s Personal Information.  In summary, the class action plaintiff claims he was damaged by his employer, ABM, “when it ‘allowed hackers to obtain access to Plaintiff’s and other employees’ Personal Information.”  In particular, the class action plaintiff claims his Personal Information “should not have been susceptible to unauthorized access through the use of one of the oldest, and least sophisticated types of cyber-attacks – the ‘phishing email scheme.’”

How to Assess Third-Party Vendor Risk: Cyber Security Guest Blog

The following is a guest blog, published with the author’s permission. Click here to read the original post at Third Party Trust.

Metrics drive the measure of progress and stand as benchmarks during any assessment, audit or review process. They are the life blood of reporting and when it comes to vendor risk management, it is not as straight forward as you might think. Let’s take a deeper look into what Guy Dulberger of Ritchie Bros. has to say about the key metrics to track when assessing vendor risk and how a risk-based approach is the new norm for vendor risk management.

Cyber Security Myth: More Alerts Doesn’t Mean More Security

onShore Security’s Chris Johnson wrote in his entry for MSPblog about a common misconception in cybersecurity. “Many people assume that technology should be doing all of the work when it comes to security (i.e. more alerts = less risk). While technology is a vital part of a robust security posture, it shouldn’t stand on its own. Essentially, blinking lights and shiny objects don’t make you more secure, nor should it be what you base your security service offerings on.” Click here to read the full blog post.  Contact us to learn more about managed security services

onShore’s Ryan Thoryk demonstrates Meltdown

Spectre and Meltdown are a pair of newly discovered cyber attacks that “exploit critical vulnerabilities in modern processors”. These programs, which can attack PCs, mobile devices, and even cloud-based machines, seek sensitive data in the memory of other running programs. In particular, Meltdown penetrates the barrier between user applications and the operating system, allowing a program (the exploit, in this case) to access the memory of other programs, including the OS. Software patches against Meltdown and Spectre have been developed, but are reported to be buggy and could potentially cause problems.

Court Finds Not Every Crime Involving a Computer Is a Cyber Crime

The following is written by Tressler LLP’s Todd Rowe. The original post can be found here – “One-Size Does Not Fit All: Court Finds Not Every Crime Involving A Computer Is A Cyber Crime”

Over the years there have been questions whether the term “cyber” is adequate in light of the exponential growth of privacy law. First, the term “cyber” tried to do too much when it was used to describe everything from large-scale data breaches to small instances of corporate espionage. Further, the term “cyber” did not do enough to distinguish between personal information being compromised through sophisticated computer attacks and information compromised through unsophisticated employee negligence. Finally, the “one-size fits all” use of the term “cyber” has recently been called into question by a federal court.

Court Refuses To “Bail Out” Data Breach Plaintiffs by Dismissing Bailment Claim

At this point in the development of data breach litigation, it is clear that plaintiffs may be on a sinking ship when they try to establish liability and damages against defendants. In order to meet their burden, a plaintiff must show they suffered a concrete injury from a data breach and that they were injured by that particular data breach and not another unrelated incident involving their personal information. Consequently, the potential causes of action available to data breach plaintiffs seem to decrease with each new decision.

eBook: 5 Steps to PCI Compliance

Arrow Payments has put together an ebook on PCI compliance for businesses. What is PCI compliance? Arrow explains: “if you’re planning to accept, store, process, & transmit card payments as well as cardholder data, you need to make sure your data is stored and hosted securely with a PCI compliant provider. Without it, the information is at risk for a data breach and can put your business in jeopardy.” Click here to download the full ebook, The 5 Steps to PCI Compliance. Contact us to learn more about managed security services

Cyber Security Tips for Scanning to Detect Vulnerabilities

cyber securityEach passing year has seen greater malware threats, as cyber security must be treated as a top issue in the business world. Security strength can be measured in levels based on the effectiveness and reliability of technology. Vulnerability scanners and penetration tools can provide extra strength to proactive security strategies. Here are some of the most important strategies you can use for improving your security: