In the world of security, the odds are already stacked against you. You have to get security right 100% of the time and a threat actor only needs one lucky shot to get past your defenses. That’s bad. When it comes to ransomware, it gets worse. Volume. Sheer volume. Sheer volume of attacks. You take…
The Home Depot / State Attorneys General Settlement – My 1st and 2nd Thoughts
The Attorneys General of 46 states reached a $17.5 million-dollar settlement with The Home Depot, which was announced on November 24, 2020. Texas Attorney General Ken Paxton announced that this settlement was led by the Connecticut, Illinois, and Texas AGs and Texas will collect $1,777,440.00. I will have more to say about this settlement in…
ASPR Warns Ransomware Threat is Persistent, as Actors Leak More Data
“In general, maintaining anti-ransomware best practices like the 3-2-1 backup system or conducting regular vulnerability scanning to identify and address vulnerabilities will help protect your organization against future threats from other ransomware operators,” according to the alert. — Read on healthitsecurity-com.cdn.ampproject.org/c/s/healthitsecurity.com/news/amp/aspr-warns-ransomware-threat-is-persistent-as-actors-leak-more-data
Free Virtual Event: Reimagine Your Company Operating Again After a Ransomware Attack (DBU Tech Symposium)
You are invited to attend a free virtual DBU Tech Symposium on November 18 – 19, 2020. Did I mention this is both free and virtual? You have no excuse for not attending! RSVP here: https://www.dbu.edu/pages/tech-symposium/ I will be presenting on Wednesday, November 18, from 2:30 – 3:00 pm CT and the title of my…
Podcast: #DtSR Episode 410 – TPA CISO Accountability Problems
I was a guest recently on the Down the Security Rabbithole Podcast with Raf Los, James Jardine, and Brandon Dunlap for episode 410 titled TPA CISO Accountability Problems. As they described it: Because we can’t get enough of Brandon Dunlap and Shawn Tuma over here on the podcast, here we go again. Last episode Brandon…
Podcast: #DtSR Episode 408 – Shawn Tuma Cyber Superhero :)
I was a guest recently on the Down the Security Rabbithole Podcast with my good friends Raf Los and James Jardine who cleverly (and, kindly) titled this episode “Shawn Tuma Cyber Superhero” — thanks, guys! Anyway … as they described it: This week, on episode 408 Shawn Tuma joins us again to talk about the…
Podcast: Unboxing a phishing email from the World Health Organization with Shawn Tuma
I was a guest recently on the “Can I Be Phished? Podcast” where we walked through analyzing an example phishing email to look for tell-tale signs of a a classic “Nigerian Prince” type of a phishing attempt. We also discussed current attack trends that we are seeing in our work as cyber incident response first…
Why did Lifespan Health face such a stiff HIPAA penalty for a stolen laptop? (publication)
Many thanks to HealthcareITNews for publishing my recent article Why did Lifespan Health face such a stiff HIPAA penalty for a stolen laptop? Read more
Shawn Tuma Elected as Chair of TX State Bar Computer & Technology Section
Spencer Fane attorney Shawn Tuma was recently named as Chair of the Texas Bar Association Computer and Technology Section. As Chair, Shawn will help — Read on http://www.spencerfane.com/shawn-tuma-elected-as-chair-of-tx-state-bar-computer-technology-section/
What Can Happen if You Do Not Notify Following a Data Breach?
Here is one of the questions we get asked most often: “Ok, so we’ve had a real data breach and you say we have clear notification obligations, what can happen if we just ignore it and pretend it never happened — that is, we just don’t notify?” Unfortunately, this question is oftentimes coupled with this…