Cynthia Brumfield

Cynthia Brumfield is a veteran communications and technology analyst who is currently focused on cybersecurity. She runs a cybersecurity news destination site, Metacurity.com, consults with companies through her firm DCT-Associates, and is the author of the book published by Wiley, Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework.

The Secret Service’s missing text messages: Lessons for IT security

The Secret Service’s missing text messages: Lessons for IT security

The drama in Washington shines a light on the challenges in securing mobile communications and the role that document destruction and retention policies play in organizational security.

Spyware infections continue as the U.S. federal government takes notice

Spyware infections continue as the U.S. federal government takes notice

As more high-profile instances of spyware misuse come to light, the U.S. government begins to take action to address the threat.

Spate of pending U.S. privacy initiatives could significantly impact businesses

Spate of pending U.S. privacy initiatives could significantly impact businesses

Bolstered by the overturned Roe v. Wade decision, several privacy initiatives could force businesses to review how they process, store, and protect data.

Cyber Safety Review Board warns that Log4j event is an “endemic vulnerability”

Cyber Safety Review Board warns that Log4j event is an “endemic vulnerability”

The CSRB report predicts the Log4J risk will continue for years and offers best practices for mitigating the threat.

U.S. NDAA heads into the home stretch with significant cybersecurity amendments pending

U.S. NDAA heads into the home stretch with significant cybersecurity amendments pending

The main defense spending bill might enact the most significant pieces of U.S. cybersecurity legislation this year.

An updated pipeline security directive is underway, reflecting TSA struggles

An updated pipeline security directive is underway, reflecting TSA struggles

The TSA directives issued after the Colonial Pipeline attack have been widely criticized, but the agency is working with the industry to improve them.

Microsoft's Defending Ukraine report offers fresh details on digital conflict and disinformation

Microsoft's Defending Ukraine report offers fresh details on digital conflict and disinformation

Russia will use what it learned from its destructive cyber actions in Ukraine for other operations. "There is no going back to normal."

5 years after NotPetya: Lessons learned

5 years after NotPetya: Lessons learned

NotPetya vastly broadened the scope of damage that malware attacks could do and forced CISOs and security researchers to rethink their approach.

U.S. data privacy and security solutions emerging at the federal level

U.S. data privacy and security solutions emerging at the federal level

The American Data Privacy and Protection Act bill faces a tough battle for passage, but the Biden administration is considering actions of its own.

Space-based assets aren’t immune to cyberattacks

Space-based assets aren’t immune to cyberattacks

Russia's attack on Viasat satellites exposed how vulnerable space-based assets are and the potential for spillover damage.

Ransomware attacks are increasing with more dangerous hybrids ahead

Ransomware attacks are increasing with more dangerous hybrids ahead

The re-emergence of REvil and anticipated convergence with business email compromise actors are among reasons why ransomware gangs are still dangerous.

Software supply chain security fixes gain prominence at RSA

Software supply chain security fixes gain prominence at RSA

Attendees are urged to improve asset management, use SBOMs, and collaborate with government cybersecurity agencies to better ensure software integrity.

U.S. cybersecurity congressional outlook for the rest of 2022

U.S. cybersecurity congressional outlook for the rest of 2022

The U.S. federal government has enacted important cybersecurity laws in 2022 and will likely move forward with many of these bills before the year's end.

U.S. government proposals spell out 5G security advancements

U.S. government proposals spell out 5G security advancements

A joint proposal from federal cybersecurity and defense agencies defines a process for ensuring the security of 5G networks.

Remote bricking of Ukrainian tractors raises agriculture security concerns

Remote bricking of Ukrainian tractors raises agriculture security concerns

Modern agriculture depends on internet-connected machinery that is centrally controlled and collects and analyzes massive amounts of data, making it an inviting target for threat actors.

Data protection concerns spike as states get ready to outlaw abortion

Data protection concerns spike as states get ready to outlaw abortion

The use of personal data from brokers, apps, smartphones, and browsers to identify those seeking an abortion raises new data protection and privacy risks.

Five Eyes nations warn MSPs of stepped-up cybersecurity threats

Five Eyes nations warn MSPs of stepped-up cybersecurity threats

The warning likely comes in response to an increase in attacks on managed service providers, through which threat actors can access their clients.

A year later, Biden’s cybersecurity executive order driving positive change

A year later, Biden’s cybersecurity executive order driving positive change

Notable experts say the cybersecurity executive order has improved the nation's security posture, but more work is to be done.

NIST Cybersecurity Framework update comments highlight a gamut of needed changes

NIST Cybersecurity Framework update comments highlight a gamut of needed changes

Better metrics, implementation guidance, and alignment with other frameworks are high on the list of suggested improvements to the NIST CSF.

U.S. White House releases ambitious agenda to mitigate the risks of quantum computing

U.S. White House releases ambitious agenda to mitigate the risks of quantum computing

The Biden administration issued an executive order to ensure U.S. leadership in quantum computing and a memorandum to mitigate its security risks.

Load More