Cynthia Brumfield

Cynthia Brumfield is a veteran communications and technology analyst who is currently focused on cybersecurity. She runs a cybersecurity news destination site, Metacurity.com, consults with companies through her firm DCT-Associates, and is the author of the book published by Wiley, Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework.

Russia-linked cyberattacks on Ukraine: A timeline

Russia-linked cyberattacks on Ukraine: A timeline

Cyber incidents are playing a central role in the Russia-Ukraine conflict. Here's how events are unfolding along with unanswered questions.

Why metrics are crucial to proving cybersecurity programs’ value

Why metrics are crucial to proving cybersecurity programs’ value

Methodologies to measure the effectiveness of cybersecurity efforts exist. Tying them to the real world is the trick.

States step up cybersecurity efforts as threats increase

States step up cybersecurity efforts as threats increase

Spurred by recent attacks, some U.S. states are taking action and allocating funds to boost their defenses against cyber threats.

SEC filings show hidden ransomware costs and losses

SEC filings show hidden ransomware costs and losses

A review of 2021 8-K filings with the U.S. Securities and Exchange Commission reveals a more complete picture of the financial damage from ransomware.

Cyber incident reporting measures approved in the omnibus spending bill

Cyber incident reporting measures approved in the omnibus spending bill

Critical infrastructure entities and federal agencies will have to report significant cyber incidents to CISA within 72 hours and ransomware attacks within 24 hours under legislation passed by the House that will likely become law.

Biden’s cryptocurrency executive order addresses illicit financial risks

Biden’s cryptocurrency executive order addresses illicit financial risks

Early indications are that the cryptocurrency industry will work with the U.S. government to help minimize risk and make it harder for cybercriminals to profit from their activities.

Purported massive leak of Russian soldiers' data could sink morale, digital security

Purported massive leak of Russian soldiers' data could sink morale, digital security

The publication of personal data on 120,000 Russian soldiers, if accurate, could provide a means to demoralize troops in Ukraine and make them targets for cyber campaigns.

Rash of hacktivism incidents accompany Russia’s invasion of Ukraine

Rash of hacktivism incidents accompany Russia’s invasion of Ukraine

Some in the cybersecurity community say actions on behalf of Ukraine help even the odds, while others warn that unauthorized hacking could interfere with government cyber operations.

NIST seeks information on updating its Cybersecurity Framework

NIST seeks information on updating its Cybersecurity Framework

Security community welcomes the update, but a U.S. GAO report cites slow adoption among government.

Skyrocketing cryptocurrency bug bounties expected to lure top hacking talent

Skyrocketing cryptocurrency bug bounties expected to lure top hacking talent

Bounties as high as $10 million dollars make hunting cryptocurrency vulnerabilities lucrative for those with the proper skillsets. It might eventually drive up fees for traditional bounties, too.

NIST releases software, IoT, and consumer cybersecurity labeling guidance

NIST releases software, IoT, and consumer cybersecurity labeling guidance

The new guidance aims to tighten security requirements for federally purchased software and give consumers better insight into the security of software and devices they buy.

4 alternatives to encryption backdoors, but no silver bullet

4 alternatives to encryption backdoors, but no silver bullet

Alternatives to backdoors in end-to-end encryption exist, but not all address privacy and security concerns, say experts at last week’s Engima conference.

DHS creates Cyber Safety Review Board to review significant cybersecurity incidents

DHS creates Cyber Safety Review Board to review significant cybersecurity incidents

The CSRB will advise the President and Department of Homeland Security director, as well as review major security events starting with the Log4j exploits.

Alpha-Omega Project takes a human-centered approach to open-source software security

Alpha-Omega Project takes a human-centered approach to open-source software security

The Linux Foundation and OpenSSF project, with backing from Microsoft and Google, aims to improve security of 10,000 open-source projects.

OMB issues zero-trust strategy for federal agencies

OMB issues zero-trust strategy for federal agencies

All federal agencies must meet zero-trust goals that the U.S. Office of Management and Budget has set by 2024, building on earlier federal cybersecurity initiatives.

SEC eyes more expansive cybersecurity requirements

SEC eyes more expansive cybersecurity requirements

New rules for publicly traded companies could add protections for consumer information, strengthen incident reporting, and require assessment of third-party risk.

Biden memo aims to bolster cybersecurity in national security systems

Biden memo aims to bolster cybersecurity in national security systems

A national security memorandum places new cybersecurity requirements for reporting and preventing security incidents involving sensitive national security systems.

Tech sector embraces public-private collaboration on open-source software security

Tech sector embraces public-private collaboration on open-source software security

Participants in a White House meeting on securing open-source software expressed optimism for working effectively with government to help prevent Log4j-like events.

CISA sees no significant harm from Log4j flaws but worries about future attacks

CISA sees no significant harm from Log4j flaws but worries about future attacks

The U.S. cybersecurity agency can't rule out that adversaries are using Log4j to gain persistent access to launch attacks later.

FTC, SEC raise legal risks surrounding the log4j flaw

FTC, SEC raise legal risks surrounding the log4j flaw

The U.S. Federal Trade Commission also threatened possible legal action for companies that don't address the risk from the Log4j vulnerabilities.

Load More