Cynthia Brumfield
Cynthia Brumfield is a veteran communications and technology analyst who is currently focused on cybersecurity. She runs a cybersecurity news destination site, Metacurity.com, consults with companies through her firm DCT-Associates, and is the author of the book published by Wiley, Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework.
Spyware infections continue as the U.S. federal government takes notice
As more high-profile instances of spyware misuse come to light, the U.S. government begins to take action to address the threat.
Spate of pending U.S. privacy initiatives could significantly impact businesses
Bolstered by the overturned Roe v. Wade decision, several privacy initiatives could force businesses to review how they process, store, and protect data.
Cyber Safety Review Board warns that Log4j event is an “endemic vulnerability”
The CSRB report predicts the Log4J risk will continue for years and offers best practices for mitigating the threat.
U.S. NDAA heads into the home stretch with significant cybersecurity amendments pending
The main defense spending bill might enact the most significant pieces of U.S. cybersecurity legislation this year.
An updated pipeline security directive is underway, reflecting TSA struggles
The TSA directives issued after the Colonial Pipeline attack have been widely criticized, but the agency is working with the industry to improve them.
Microsoft's Defending Ukraine report offers fresh details on digital conflict and disinformation
Russia will use what it learned from its destructive cyber actions in Ukraine for other operations. "There is no going back to normal."
5 years after NotPetya: Lessons learned
NotPetya vastly broadened the scope of damage that malware attacks could do and forced CISOs and security researchers to rethink their approach.
U.S. data privacy and security solutions emerging at the federal level
The American Data Privacy and Protection Act bill faces a tough battle for passage, but the Biden administration is considering actions of its own.
Space-based assets aren’t immune to cyberattacks
Russia's attack on Viasat satellites exposed how vulnerable space-based assets are and the potential for spillover damage.
Ransomware attacks are increasing with more dangerous hybrids ahead
The re-emergence of REvil and anticipated convergence with business email compromise actors are among reasons why ransomware gangs are still dangerous.
Software supply chain security fixes gain prominence at RSA
Attendees are urged to improve asset management, use SBOMs, and collaborate with government cybersecurity agencies to better ensure software integrity.
U.S. cybersecurity congressional outlook for the rest of 2022
The U.S. federal government has enacted important cybersecurity laws in 2022 and will likely move forward with many of these bills before the year's end.
U.S. government proposals spell out 5G security advancements
A joint proposal from federal cybersecurity and defense agencies defines a process for ensuring the security of 5G networks.
Remote bricking of Ukrainian tractors raises agriculture security concerns
Modern agriculture depends on internet-connected machinery that is centrally controlled and collects and analyzes massive amounts of data, making it an inviting target for threat actors.
Data protection concerns spike as states get ready to outlaw abortion
The use of personal data from brokers, apps, smartphones, and browsers to identify those seeking an abortion raises new data protection and privacy risks.
Five Eyes nations warn MSPs of stepped-up cybersecurity threats
The warning likely comes in response to an increase in attacks on managed service providers, through which threat actors can access their clients.
A year later, Biden’s cybersecurity executive order driving positive change
Notable experts say the cybersecurity executive order has improved the nation's security posture, but more work is to be done.
NIST Cybersecurity Framework update comments highlight a gamut of needed changes
Better metrics, implementation guidance, and alignment with other frameworks are high on the list of suggested improvements to the NIST CSF.
U.S. White House releases ambitious agenda to mitigate the risks of quantum computing
The Biden administration issued an executive order to ensure U.S. leadership in quantum computing and a memorandum to mitigate its security risks.