In 2017, ransomware, the use of weaponized encryption to block access to a computer system or service until a ransom is paid, is all the rage among hackers. In fact, ransomware is now one of the top three most common malware threats.

The situation is dire, with hackers requesting ransoms of up to $73,000 per attack. Ransomware payments totaled more than $1 billion in 2016, a massive jump from the mere $34 million paid in 2015.

Now that your C-suite understands your company’s information security program, it’s time to move further into the educational phase.

As you evaluate and prioritize the risks your organization faces, identity and access management (IAM) should become a clearer and clearer priority. To help you educate your CEO on the need for increased investment in modern IAM solutions, here is some key IAM terminology that you can use as you work to transition your company to a more modern strategy.  

By now, we should all be aware of the inadequacies of passwords. Breach after breach, it's been made painfully clear that single-factor authentication is not enough. But when the traditional means of authentication are so clearly flawed, what’s the next step?

Generally speaking, the best practice is to step-up your security with either two-factor or multi-factor authentication. As these standards have quickly become essential parts of the information security toolkit, they've also become top-of-mind considerations for many IT and security pros.

*Disclaimer: This article originally appeared on IDG Connect. 

Over the past few years, Governance, Risk, and Compliance (GRC) have become three of the hottest topics in Information Technology circles. The growing demand for compliance with federal and state laws, as well as industry best practices, has necessitated a closer look at IT governance, as well as solutions that help to ensure an organization has invested their time and efforts wisely, through management and implementation of such technologies as access control, data protection, and identity provisioning and management. Proper design, application, and usage of these key technologies (and others) help to control necessary risk management activities and ease the efforts that are required to remediate or address areas where compliance is lacking. 

*Disclaimer: This article originally appeared in eSchool News. 

Student data privacy is quite a different topic from the headlines most people read concerning data breaches. It is not about malicious intruders hacking or stealing credentials to get into a system to steal corporate intellectual property or records to sell on the dark web. Student data privacy concerns, specifically, center on the misuse of personally identifiable information, known by its acronym PII.

One of the most concerning trends for 2016 seems to be "Another day, another healthcare data breach." Breaches are becoming an all too regular occurrence and not just among healthcare providers. Retailers, credit and financial institutions, entertainment giants, and even governmental agencies are falling prey to the hackers, and in many cases are allowing access to very private customer data, at an alarming rate.

The goal of achieving compliance is to make sure that an organization is meeting minimum standards to protect sensitive data. In order to be compliant, a business needs only to meet the outlined requirements.

However, this does not mean that its systems and data are secure. Unfortunately, there are companies that treat compliance merely as a checkbox. Even when the minimum standards are met, data and accounts with elevated access are still vulnerable. Instead, achieving compliance should be viewed as the by-product of sound security practices. This starts with protecting the attacker’s most sought-after prize: privileged accounts with elevated access across the network.

In the first installment in this blog series, we looked at the many trends in the business landscape today (digital transformation, a changing workforce, and the shift to cloud IT infrastructures, among others) that are driving the need for a more comprehensive and integrated IAM solution. In our second blog in this series, we will take a look at why evolving regulatory and threat landscapes, combined with shrinking IT budgets, have necessitated more robust, modern IAM solutions.

The goal of the Payment Card Industry Data Security Standard (PCI) is to protect cardholder information from abuse. While the standard does not make any technology recommendations, its requirements line up with best practices for how payment card information should be handled, communicated, and stored in order to sufficiently secure it.

Intruders Can’t Drive You Nuts If You Don’t Give Them the Keys!