Author: Josh Cigna
-
What CISA and NSA’s ESF guidance means for critical infrastructure cybersecurity The Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently collaborated to produce an important new document, “Identity and Access Management: Recommended Best Practices for Administrators.” Part of the Enduring Security Framework (ESF), it presents a distillation of identity access management (IAM) and cybersecurity guidance put forth by CISA to date, based […] Read more CISA critical infrastructure ESF government NIST -
What do the three recent bank collapses mean for cybersecurity in financial services? When it comes to cybersecurity, in an ideal world it’s important to balance planning for how to minimize risk in the event of an attack while ensuring minimal impact to users and the business. That’s the way it works if all goes according to plan (spoiler alert: it usually doesn’t!) Certainly nothing went according to […] Read more -
Twitter’s changes to MFA: What the move means for the future of authentication A recent announcement by Twitter has begun to rock the multi-factor authentication (MFA) boat, and the ripples have spread throughout the tech world. The company announced that starting on March 20, 2023, unless a user is subscribed to its Twitter Blue program (an $11/month subscription), they will lose access to SMS-based two-factor authentication (2FA). SMS […] Read more FIDO2 MFA SMS 2FA WebAuthn -
Takeaways from modern day cyberattacks in energy sector – Yubico Energy grids have long been a target of cyber criminals looking to disrupt critical infrastructures and attacks across this sector have become commonplace across the globe. The 2021 cyberattack in the U.S. on the Colonial Pipeline showed that password compromises can impact both IT and OT systems and that disruptions to these systems have far […] Read more cyberattack energy and natural resources energy infrastructure supply chain -
Retailers and hoteliers: pay attention to Requirement 12 of PCI DSS v4.0 The PCI Security Standards Council (PCI SSC) published version 4.0 of the PCI Data Security Standard (DSS) at the end of March, kickstarting the transition from PCI DSS v3.2.1, which will be retired on March 31, 2024. Some new requirements may not take full effect until 2025, but that’s no reason to put them off. […] Read more PCI DSS PCI SSC phishing-resistant MFA retail and hospitality -
Why banks need to act now or risk non-compliance with new Consumer Financial Protection Bureau (CFPB) guidance If the gauntlet hadn’t been thrown before to protect financial and banking customers’ data, it’s definitely lying on the floor now. The recent circular bulletin from the CFPB makes it clear that financial institutions can’t slow-walk any security upgrades: “Inadequate security for the sensitive consumer information collected, processed, maintained, or stored by the company can […] Read more CFPB Executive Order financial services MFA phishing-resistant MFA YubiKey -
Shopping for cyber insurance? Six questions to ask before you call the insurer The cyberthreat landscape has always been worrisome, but today there are many more CISOs noticing new gray hairs in the mirror given an anticipated uptick in cyber attacks from nation states and other bad actors. Ransomware attacks and other forms of account compromise continue to grace the news every month with malicious actors – state-sponsored […] Read more authentication cyber insurance MFA phishing-resistant MFA