5 Good Cybersecurity Lessons Learned From FTC Law Enforcement Actions

In case you missed it, the Federal Trade Commission (FTC) released a video that explains how companies can leverage NIST’s Cybersecurity Framework and FTC’s own “Start with Security” guidelines to greatly improve security in their organization. In this article, we highlight the five key tenants from the framework and how they could have possibly prevented FTC action and penalties.

Continue Reading →

How a University Fought Off an IoT Attack and 12 Lessons Learned

The Verizon security team recently announced the first Data Breach Digest, a series of 18 cybercrime cases the team investigated. The Verizon team starts with a sneak peek of one of the case studies that describes how a university was attacked by an IoT botnet consisting of over 5,000 infected hosts. The study concludes with 12 good lessons learned from the attack.

Continue Reading →

Hardware-based Security Controls for IoT

In this article, we highlight some key points from a recent Cloud Security Alliance (CSA) IoT report, to include hardware-based controls to enhance security of IoT products. The CSA IoT Working Group report, is titled “Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products.”

Continue Reading →

How to Establish a Framework, Platform Security and Data Protections for IoT

In this article, we highlight some key points from a recent Cloud Security Alliance (CSA) IoT Working Group report, “Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products,” to include guidance on how to establish a framework, platform and privacy protections to enhance security of IoT products.

Continue Reading →

Cyber Attacks Drive Need for IoT Security Standards

A working group from the Cloud Security Alliance (CSA) published a report to help guide Internet of Things (IoT) developers and designers with security controls in 13 key areas to improve security in IoT products. The security guidance covers secure development, platform security, data/privacy protection, key management and secure communications, just to name a few.

Continue Reading →