Articles

Articles by Michael Peters

Browse every published article connected to Michael Peters, with exact attribution and full-archive search.

articles
162
shown per page
50
search signals
Topic + expert

Articles

162 articles by Michael Peters · showing 50

Browse every published article connected to Michael Peters, or search within this exact expert archive.

By Michael PetersRecently published1 topic

Top Cyber Threats Organizations Are Facing Right Now

Cyber security is a continuous game of Spy vs. Spy. Every time a new technology is introduced, the potential attack surface expands. The moment one vulnerability is patched, hackers find another way in. Keeping up can feel overwhelming, even for security professionals. In no particular order, here are the top cyber threats that public and private sector organizations face as we head into the latter part of 2018. Cloud Breaches

Primary topic: Business Networking
Business Networking
961 views
Read article
By Michael PetersRecently published1 topic

What is HIPAA Compliance?

Confused about HIPAA and whether your business must comply with it? This article will explai HIPAA and the importance of complying with this complex federal law. What is HIPAA? HIPAA is the Health Insurance Portability and Accountability Act of 1996, which was signed into law by President Bill Clinton. The HITECH Act, which was signed by President Obama in 2009, updated HIPAA by outlining rules and penalties regarding breaches of private health information (PHI).

Primary topic: Business Networking
Business Networking
1,041 views
Read article
By Michael PetersRecently published1 topic

Is the Califo ia Consumer Privacy Act the “American GDPR”?

The recent Exactis data leak, which could surpass Equifax in the sheer number and scope of records exposed, has data privacy advocates calling for an “American GDPR.” While it is unlikely that a federal data privacy law will come to pass anytime soon, some states have already taken matters into their own hands. The Califo ia Consumer Privacy Act (CCPA), which was coincidentally signed into law the day after the Exactis leak hit the news, is the latest example.

Primary topic: Business Networking
Business Networking
1,062 views
Read article
By Michael PetersRecently published1 topic

What DoD Contractors Need to Know About the CMMC

Cyberattacks on the U.S. government’s vast network of contractors and subcontractors pose a serious threat to national security, and the DoD is taking action. The agency tasked NIST with developing a set of guidelines addressing advanced persistent threats against contractors who handle high-value data assets, and it recently unveiled plans for its own set of standards, the Cybersecurity Maturity Model Certification (CMMC). What is the CMMC?

Primary topic: Business Networking
Business Networking
1,549 views
Read article
By Michael PetersRecently published1 topic

Marriott Starwood Breach Spotlights Multiple Cyber Security Issues

The Marriott Starwood breach, which exposed the personal data of 500 million guests, was not the largest data breach in terms of size; Yahoo still holds that dubious honor. However, because of the nature of the data stolen, it has the potential for a very long reach and highlights multiple cyber security and data privacy issues. The importance of cyber security due diligence in M&A transactions

Primary topic: Business Networking
Business Networking
1,175 views
Read article
By Michael PetersRecently published1 topic

GandCrab Ransomware Exploiting an Old Vulnerability to Infect New Victims

Third-party vendor hacks, where hackers attack a company by compromising one of their business associates, have been a problem for a while. Now, the hackers behind GandCrab ransomware have gotten into the act, exploiting a year-old SQL injection vulnerability in a common remote IT support software solution to infect organizations with GandCrab through their MSP’s. ZDNet reports:

Primary topic: Business Networking
Business Networking
1,260 views
Read article
By Michael PetersRecently published1 topic

Thousands of Websites Infected in Massive Cryptojacking Attack

Thousands of websites, including government sites in the United States, the U.K., and Australia, were ensnared in an international cryptojacking scheme, The Register reports: The affected sites all use a fairly popular plugin called Browsealoud, made by Brit biz Texthelp, which reads out webpages for blind or partially sighted people.

Primary topic: Business Networking
Business Networking
1,022 views
Read article
By Michael PetersRecently published1 topic

Why your cloud business needs FedRAMP certification

The Federal Risk and Authorization Management Program, or FedRAMP, was designed to support the federal government’s “cloud-first” initiative by making it easier for federal agencies to contract with vendors that provide SaaS solutions and other cloud services. Unlike FISMA, which requires service providers to seek an Authority to Operate (ATO) from each individual agency they want to do business with, a FedRAMP ATO qualifies a provider to work with any federal agency.

Primary topic: Business Networking
Business Networking
1,134 views
Read article
By Michael PetersRecently published1 topic

Get Ready for Greater SEC Cyber Security Enforcement

SEC cyber security enforcement is set to intensify in light of recent global attacks and new enforcement chiefs Public companies and firms operating in regulated industries, especially finance, should expect more SEC cyber security enforcement in the wake of new and emerging threats, like WannaCry and NotPetya, as well as the appointment of two new cyber-minded enforcement chiefs. Reuters reports:

Primary topic: Business Networking
Business Networking
1,014 views
Read article
By Michael PetersRecently published1 topic

What Is RegTech, and What Can It Do For You?

How RegTech Simplifies Governance, Risk, and Compliance Complying with standards such as HIPAA, PCI DSS, FISMA, and SSAE 16 SOC reporting is complex, costly, and time-consuming, especially for organizations that must comply with multiple standards. You may have heard the term “RegTech” mentioned as a solution. What is RegTech, and how can it help your organization save time, money, and hassle?

Primary topic: Business Networking
Business Networking
1,001 views
Read article
By Michael PetersRecently published1 topic

Business Email Compromise Attacks Increase by Nearly 500%

Last year, the FBI reported that incidents of business email compromise (BEC), also known as spear phishing, CEO fraud, and invoice fraud, had been reported in all 50 states and 150 countries, with global losses exceeding $12 billion. BEC scams are continuing to explode in popularity among cyber criminals, with attacks increasing by 476% betwee Q4 2017 and Q4 2018, according to research from Proofpoint. Recently, a Lithuanian national pled guilty in U.S.

Primary topic: Business Networking
Business Networking
1,274 views
Read article
By Michael PetersRecently published1 topic

Cyber Cooperation Is Crucial in the Era of NotPetya

The NotPetya attacks weren’t as bad as WannaCry; they were worse, and we all need to start cooperating to prevent the next attack. It’s looking more and more like last week’s NotPetya malware attacks, which infected computers around the world but hit Ukraine particularly hard, were designed to cause widespread damage and disruption, not make money.

Primary topic: Business Networking
Business Networking
1,145 views
Read article
By Michael PetersRecently published1 topic

What Is Multi-Factor Authentication, and Why Is It So Important?

Organizations can no longer depend on passwords alone to protect their systems and data, especially since 25% of employees admit to using the same password for all of their accounts, at home and at work, and stolen account credentials are hackers’ preferred way to break into enterprise systems. Passwords, even strong ones, are no longer enough to ensure enterprise cyber security.

Primary topic: Business Networking
Business Networking
944 views
Read article
By Michael PetersRecently published1 topic

Arizona Beverages Ransomware Attack Halts Sales for Days

What appears to have been a targeted ransomware attack knocked over 200 networked computers and servers offline at Arizona Beverages, one of the largest beverage suppliers in the U.S., TechCrunch reports. The attack, which the company was still struggling to recover from two weeks later, halted sales operations for days, allegedly costing the company millions of dollars. Arizona Beverages ransomware attack yet another lesson in what not to do

Primary topic: Business Networking
Business Networking
1,303 views
Read article
By Michael PetersRecently published1 topic

NIST Privacy Framework Under Development to Complement NIST CSF

Citing the success of its cybersecurity framework and the advent of IoT devices, artificial intelligence, and other technologies that are making it more challenging than ever for enterprises to protect their customers’ privacy, NIST has launched a collaborative project to develop a voluntary privacy framework. The NIST Privacy Framework project will kick off with a public workshop in Austin, Texas, on October 16, 2018.

Primary topic: Business Networking
Business Networking
1,025 views
Read article
By Michael PetersRecently published1 topic

The Cost of One Cyber Attack Can Cripple an SMB

Cost is arguably the biggest impediment to robust, proactive cyber security at small and medium sized businesses (SMBs). SMBs are aware of the need to secure their systems and data, but when presented with a solution, the costs may give them pause. Some of them think that hackers are interested in attacking large firms, and their companies are too small to warrant the investment.

Primary topic: Business Networking
Business Networking
1,213 views
Read article
By Michael PetersRecently published1 topic

What Is Ransomware-as-a-Service? Understanding RaaS

Ransomware isn’t a new threat. It first rose to prominence back in 2016, when Hollywood Presbyterian Medical Center shelled out $17,000 in bitcoin after an attack took the hospital offline. Since then, ransomware has only become more popular, especially for hackers targeting the healthcare industry or government organizations. Used to be, launching a ransomware attack required at least some technical prowess; at a minimum, hackers had to possess sufficient coding skills to write a ransomware program. Then, ransomware-as-a-service (RaaS) came on the scene and changed the game.

Primary topic: Business Networking
Business Networking
1,111 views
Read article
By Michael PetersRecently published1 topic

How Are IT Compliance and Cyber Security Different?

IT compliance and cyber security are often used interchangeably, even within the cyber security and compliance fields. This is the basis for the completely incorrect and dangerous notion that achieving compliance automatically equals being secure. While there is some overlap, and the two fields complement each other, IT compliance and cyber security are not the same, and being compliant—with HIPAA, FedRAMP, PCI DSS, or any other framework—is not the same thing as being secure. What is cyber security?

Primary topic: Business Networking
Business Networking
1,379 views
Read article
By Michael PetersRecently published1 topic

Many U.S. Companies Unaware that the GDPR Applies to Them

With just over three weeks to go until the May 25, 2018, deadline, many U.S. companies are woefully unprepared for the EU’s new General Data Protection Regulation, or GDPR. In fact, quite a few of them don’t yet realize they have to achieve GDPR compliance. A new survey by CompTIA found that “A full 52 percent of 400 U.S.

Primary topic: Business Networking
Business Networking
1,027 views
Read article
By Michael PetersRecently published1 topic

Understanding the Updated SOC 2 Trust Services Criteria

Outsourcing IT services to service organizations has become a normal part of doing business, even for small companies. However, there are risks to using service providers, and these continue to evolve and change. In this dynamic environment, the American Institute of Certified Public Accountants (AICPA) made some changes to the SOC 2 Trust Services Criteria in April 2017, effective for all SOC 2 attestations with period ends after December 15, 2018.

Primary topic: Business Networking
Business Networking
1,255 views
Read article
By Michael PetersRecently published1 topic

Docker Hub Hack Compromises Sensitive Data from 190,000 Accounts

According to an official email sent to users, hackers gained access to Docker Hub, the official repository for Docker container images, “for a brief period.” However, during that “brief period,” approximately 190,000 user accounts were compromised, containing data such as use ames, hashed passwords, and Github and Bitbucket tokens for Docker autobuilds. At the time of this writing, Docker is still investigating the hack, so it is unclear how the hackers got into Docker Hub or just how “brief” their time inside the system was.

Primary topic: Business Networking
Business Networking
1,291 views
Read article
By Michael PetersRecently published1 topic

GDPR Compliance Issues Could Cause WHOIS Directory to Go Dark

The deadline for compliance with the EU’s General Data Protection Regulation (GDPR) is fast approaching, and an astounding number of organizations are woefully unprepared to meet it. A new survey of IT decision-makers by Crowd Research Partners found that a whopping 60% of organizations will likely miss the GDPR compliance deadline of May 25, 2018, even though 80% of respondents listed GDPR compliance as one of their organization’s top three priorities.

Primary topic: Business Networking
Business Networking
964 views
Read article
By Michael PetersRecently published1 topic

NIST Issues Guidance for Medical IoT Device Security

There are more connected devices than there are humans on Earth. Organizations have been as quick to embrace the Internet of Things as consumers have, and the healthcare industry is no exception. Medical IoT devices have exploded in popularity and grown in complexity. Smart medical devices allow physicians to make more accurate diagnoses and better monitor their patients, leading to better quality of care. However, the proliferation of medical IoT has given hackers a much broader attack surface on which to target healthcare organizations.

Primary topic: Business Networking
Business Networking
1,094 views
Read article
By Michael PetersRecently published1 topic

Hybrid Cloud Security Lags Behind Implementation

For many organizations, particularly those in highly regulated industries such as healthcare, hybrid cloud environments offer the best of both worlds. Companies get to enjoy the easy scalability and other benefits of AWS, Microsoft Azure, or Google Cloud while isolating their critical workloads and sensitive data in a private cloud that they have complete control over.

Primary topic: Business Networking
Business Networking
1,272 views
Read article
By Michael PetersRecently published1 topic

6 Reasons to Stop Using Spreadsheets for GRC

Despite the availability of modern GRC software, many organizations still use spreadsheets to conduct IT compliance audits and other GRC activities. While spreadsheets are highly useful for many business functions, especially accounting, they are not GRC tools. Depending on spreadsheets to manage GRC processes is time-consuming, costly, and inefficient at best, dangerous to your GRC and cyber security efforts at worst. Here are six reasons why your enterprise should stop using spreadsheets as GRC tools. They Aren’t Databases

Primary topic: Business Networking
Business Networking
1,112 views
Read article
By Michael PetersRecently published1 topic

6 Tips for Writing a GDPR-Compliant Privacy Policy

We’re down to the wire now; the GDPR compliance deadline is next Friday, May 25. As organizations scramble to get ready for the most far-reaching data privacy law ever put on the books, consumers’ email inboxes are being inundated with notices of privacy policy updates. In addition to fundamentally transforming their data governance, most companies will need to update their website’s privacy policy to meet GDPR standards. Following are six tips for writing a GDPR-compliant privacy policy. Use Clear, Plain Language

Primary topic: Business Networking
Business Networking
1,063 views
Read article
By Michael PetersRecently published1 topic

SEC Cyber Enforcement Action Cites Lack of Internal Controls

Des Moines-based Voya Financial Advisors (VFA) has agreed to pay the U.S. Securities and Exchange Commission a $1 million penalty in the wake of an April 2016 breach that affected several thousand VFA customers. The SEC cyber enforcement action charged VFA with not having sufficient written policies and procedures in place to protect customer information, as well as not having a writte Identity Theft Prevention Program as required under the Identity Theft Red Flags Rule.

Primary topic: Business Networking
Business Networking
1,092 views
Read article
By Michael PetersRecently published1 topic

Cyber Security Best Practices When Using Public WiFi Networks

Once a luxury item, free public WiFi has morphed into a standard service that consumers expect when patronizing everything from restaurants and retail stores to airports and hotels. Free WiFi users aren’t just checking Facebook or posting vacation photos to Instagram, either; all of us have sat down on a train or in a coffee shop and seen business people tapping away on their laptops, taking advantage of public WiFi to work on the go. However, public WiFi networks open users up to numerous cyber attacks, especially if anetwork is unsecured. These include:

Primary topic: Business Networking
Business Networking
1,145 views
Read article
By Michael PetersRecently published1 topic

Best Practices for Complying with Data Privacy Laws

As Califo ia goes, so does the rest of the country. While the Califo ia Consumer Privacy Act (CCPA), which was passed this summer and goes into effect in 2020, falls short of being an “American GDPR,” it clearly tore many pages from the far-reaching European data privacy law. Similar to the GDPR, the CCPA defines personal identifying information rather broadly, encompassing not just names and Social Security Numbers but things like IP addresses and browser cookies.

Primary topic: Business Networking
Business Networking
1,184 views
Read article
By Michael PetersRecently published1 topic

What Your Cloud Business Needs to Know About SOC 2 Certification

As cyber threats present greater risks to enterprises of all sizes and in all industries, more are requiring that their SaaS providers and other cloud services vendors have an SOC 2 certification. Let’s examine what an SOC 2 certification is and why your cloud services business should get one. What is an SOC 2 report?

Primary topic: Business Networking
Business Networking
1,061 views
Read article
By Michael PetersRecently published1 topic

Kube etes Security Best Practices to Protect Your Cloud Containers

Lightweight cloud containers are fast replacing resource-sucking virtual machines, and Kube etes is fast becoming the de facto standard for container orchestration. Kube etes adoption doubled in 2018. Unfortunately, as with any popular technology, it was only a matter of time before hackers discovered a way to exploit it.

Primary topic: Business Networking
Business Networking
1,239 views
Read article
By Michael PetersRecently published1 topic

Chinese Hackers Pose a Serious Threat to Military Contractors

The years-long Marriott Starwood database breach was almost certainly the work of nation-state hackers sponsored by China, likely as part of a larger campaign by Chinese hackers to breach health insurers and government security clearance files, The New York Times reports. Why would foreign spies be so interested in the contents of a hotel’s guest database?

Primary topic: Business Networking
Business Networking
1,193 views
Read article
By Michael PetersRecently published1 topic

Understanding the Role of the FedRAMP 3PAO During Assessment

The Federal Risk and Authorization Management Program (FedRAMP) was designed to support the federal government’s “cloud-first” initiative by providing a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. All cloud service providers (CSPs) that work with the U.S. government must comply with FedRAMP, and during the assessment process, all of these CSPs will work with a FedRAMP third-party assessment organization, or 3PAO, such as Lazarus Alliance. What is a FedRAMP 3PAO?

Primary topic: Business Networking
Business Networking
1,256 views
Read article
By Michael PetersRecently published1 topic

Penetration Tests vs. Vulnerability Scans: Understanding the Differences

The difference between penetration tests and vulnerability scans is a common source of confusion. While both are important tools for cyber risk analysis and are mandated under PCI DSS, HIPAA, and other security standards and frameworks, they are quite different. Let’s examine the similarities and differences between vulnerability scans and penetration tests. What Is a Penetration Test?

Primary topic: Business Networking
Business Networking
962 views
Read article
By Michael PetersRecently published1 topic

Dragonblood Vulnerabilities Discovered in WPA3 WiFi Standard

Last year, the Wi-Fi Alliance announced the launch of the WPA3 WiFi security standard, which was developed to eliminate a number of security problems with WPA2. One of the major defense measures in WPA3 is the Simultaneous Authentication of Equals (SAE) handshake, which replaced the Pre-Shared Key (PSK) used in WPA2. Also known as “Dragonfly,” SAE was touted as a way to prevent brute-force offline dictionary attacks and protect past sessions against future password breaches.

Primary topic: Business Networking
Business Networking
1,249 views
Read article
By Michael PetersRecently published1 topic

NIST 800–171 Compliance: A Guide for Government Contractors

If your company is part of the federal supply chain, you likely need to comply with NIST 800–171. NIST 800–171 compliance applies to contractors for the DoD, GSA, NASA, and other federal and state agencies; universities and research institutions that accept federal grants; consulting firms with federal contracts; manufacturers who supply goods to federal agencies; service organizations that provide services to federal agencies; and these organizations’ subcontractors. What Is NIST 800–171?

Primary topic: Business Networking
Business Networking
1,035 views
Read article