Cynthia Brumfield

Cynthia Brumfield is a veteran communications and technology analyst who is currently focused on cybersecurity. She runs a cybersecurity news destination site, Metacurity.com.

Biden administration brings expertise, new attitude to cybersecurity

Biden administration brings expertise, new attitude to cybersecurity

The US president promises a reckoning for SolarWinds hackers and places cybersecurity at the top of the administration's agenda.

Sprite Spider emerging as one of the most destructive ransomware threat actors

Sprite Spider emerging as one of the most destructive ransomware threat actors

Having flown under the radar for several years, the Sprite Spider group is using a ransomware code suite that is effective and hard to detect.

SolarWinds hack is quickly reshaping Congress’s cybersecurity agenda

SolarWinds hack is quickly reshaping Congress’s cybersecurity agenda

More cybersecurity funding for states and Capitol, new breach reporting rules, and ransomware-related bills will likely be on the agenda for the 117th Congress.

US bulk energy providers must now report attempted breaches

US bulk energy providers must now report attempted breaches

US bulk energy providers must now report attempted breaches as well as successful breaches. Guidance is murky over what constitutes an "attempted" breach.

12 new state privacy and security laws explained: Is your business ready?

12 new state privacy and security laws explained: Is your business ready?

States from Maine to California have recently enacted privacy, data security, cybersecurity, and data breach notification laws. Let's break down what each of these laws entails and how businesses and consumers are affected.

How to prepare for the next SolarWinds-like threat

How to prepare for the next SolarWinds-like threat

It is possible to minimize the risk from nation-state attacks like SolarWinds. This is the best advice based on what experts have learned so far.

26 Cyberspace Solarium Commission recommendations likely to become law with NDAA passage

26 Cyberspace Solarium Commission recommendations likely to become law with NDAA passage

Once passed, the National Defense Authorization Act will create a White House cybersecurity director role, expand CISA's capabilities, and create a K-12 security education assistance program.

New AI privacy, security regulations likely coming with pending federal, state bills

New AI privacy, security regulations likely coming with pending federal, state bills

CISOs should prepare for new requirements to protect data collected for and generated by artificial intelligence algorithms.

Cybersecurity under fire: CISA’s former deputy director decries post-election vilification

Cybersecurity under fire: CISA’s former deputy director decries post-election vilification

Matt Travis talks about CISA's role in the recent US elections and how President Trump and his surrogates have politicized the security function.

New US IoT law aims to improve edge device security

New US IoT law aims to improve edge device security

The Internet of Things Cybersecurity Improvement Act will require device manufacturers to meet new security standards for government contracts. Carryover effect expected for the private sector.

China’s exclusion from US 5G market likely to continue  with Biden administration

China’s exclusion from US 5G market likely to continue with Biden administration

Telecom insiders discuss supply chain security and call for better communication, collaboration, and transparency from the federal government about threats within their industry.

Defining data protection standards could be a hot topic in state legislation in 2021

Defining data protection standards could be a hot topic in state legislation in 2021

Some states could follow the New York Shield Act’s lead and set clearer regulatory expectations for reasonable cybersecurity. Election security legislation likely not on the agenda.

Passage of California privacy act could spur similar new regulations in other states

Passage of California privacy act could spur similar new regulations in other states

Voters approved the California Privacy Rights and Enforcement Act (CPRA), which in part limits how organizations can use personal data. Legal experts expect other states to follow suit.

US DOJ indictments might force Russian hacker group Sandworm to retool

US DOJ indictments might force Russian hacker group Sandworm to retool

Experts hope that indictments against six Russian military intelligence agents will make Russia rethink plans to disrupt the US election.

Common pitfalls in attributing cyberattacks

Common pitfalls in attributing cyberattacks

Attack attribution is always difficult as criminal groups often share code and techniques, and nation-state actors excel at deception. Here, security researchers share their techniques and common pitfalls.

Late-game election security: What to watch and watch out for

Late-game election security: What to watch and watch out for

Despite disruption of the Trickbot botnet network, last-minute leaks of stolen documents and post-election undermining of trust in the election system remain big concerns.

How SilentFade group steals millions from Facebook ad spend accounts

How SilentFade group steals millions from Facebook ad spend accounts

SilentFade steals credentials and ad spend account information and sells the information to other bad actors. The group returned with improved malware after Facebook's initial mitigation efforts.

New FBI strategy seeks to disrupt threat actors, help defenders through better coordination

New FBI strategy seeks to disrupt threat actors, help defenders through better coordination

The FBI sharpens its focus on collaboration among US and foreign government agencies and the private sector. It will acting as a central hub to deal with cybersecurity threats.

CIOs say security must adapt to permanent work-from-home

CIOs say security must adapt to permanent work-from-home

Both private- and public-sector CIOs see many more employees permanently working remotely, and say security needs to adapt to new threats and how they communicate.

Preventing insider threats: What to watch (and watch out) for

Preventing insider threats: What to watch (and watch out) for

Understanding human behaviors that precede malicious actions from an insider is the best way to avoid data loss or disruption, experts say.

Load More