Cynthia Brumfield

Cynthia Brumfield is a veteran communications and technology analyst who is currently focused on cybersecurity. She runs a cybersecurity news destination site, Metacurity.com, consults with companies through her firm DCT-Associates, and is the author of the book published by Wiley, Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework.

Blockchain security companies tackle cryptocurrency theft, ransom tracing

Blockchain security companies tackle cryptocurrency theft, ransom tracing

Cybercrime that involves cryptocurrency is at an all-time high, and some security companies hope to help prevent it.

Election security, misinformation threats loom large ahead of the US midterms

Election security, misinformation threats loom large ahead of the US midterms

The FBI and CISA say election infrastructure is secure, but threat actors have other ways to undermine confidence in the US midterm elections.

US CISA reaches a new maturity level with its comprehensive strategic plan

US CISA reaches a new maturity level with its comprehensive strategic plan

The new plan aims to make the cybersecurity agency more efficient and to create a "whole of nation" approach to protecting the United States from cyberattacks.

New US DHS grant program can boost local governments’ cybersecurity strength

New US DHS grant program can boost local governments’ cybersecurity strength

The cybersecurity grant program is designed to initiate state and local governments projects but does not provide ongoing operating funds.

Recent cases highlight need for insider threat awareness and action

Recent cases highlight need for insider threat awareness and action

Insider threats can have a devastating impact even if the harm is unintentional. Here's advice to identify and mitigate insider threat risk.

D&O insurance not yet a priority despite criminal trial of Uber’s former CISO

D&O insurance not yet a priority despite criminal trial of Uber’s former CISO

The cost is too high and the risk too low to offer CISOs directors-and-officers insurance at many companies. Protective governance policies might make more sense.

International cooperation is key to fighting threat actors and cybercrime

International cooperation is key to fighting threat actors and cybercrime

Western intelligence and national security leaders emphasize the importance of collaborating to better prepare and respond to cybersecurity threats.

US OMB releases guidance on federal agency software security requirements

US OMB releases guidance on federal agency software security requirements

The guidance aims to improve the security of software federal agencies use, but expects self-attestation for compliance.

U.S. government offensive cybersecurity actions tied to defensive demands

U.S. government offensive cybersecurity actions tied to defensive demands

Current and former U.S. government officials explain the country's "defense forward" and offensive cybersecurity policies and their risks.

CISA launches incident, ransomware reporting rulemaking RFI

CISA launches incident, ransomware reporting rulemaking RFI

The U.S. Cybersecurity and Infrastructure Security Agency seeks input on a common set of cybersecurity incident reporting regulations.

Russia-linked cyberattacks on Ukraine: A timeline

Russia-linked cyberattacks on Ukraine: A timeline

Cyber incidents are playing a central role in the Russia-Ukraine conflict. Here's how events are unfolding along with unanswered questions.

NIST CSF 2.0 Workshop emphasizes global appeal, metrics and assessment

NIST CSF 2.0 Workshop emphasizes global appeal, metrics and assessment

About 7,000 international workshop attendees heard discussions of NIST's plans for Cybersecurity Framework 2.0, which aims to offer more guidance on supply chain security, measurement, and implementation, among other topics.

FTC begins sweeping commercial surveillance and lax data security rulemaking process

FTC begins sweeping commercial surveillance and lax data security rulemaking process

While some praise the FTC's efforts, some in Congress worry that it overlaps with and possibly jeopardizes the passing of the American Data Privacy and Protection Act.

How a Venezuelan disinformation campaign swayed voters in Colombia

How a Venezuelan disinformation campaign swayed voters in Colombia

A Black Hat presentation explains how Russia-aligned Venezuela influenced the presidential election in Colombia to its political benefit.

How harm reduction can more effectively reduce employee risky behavior

How harm reduction can more effectively reduce employee risky behavior

Black Hat speaker proposes framework to reduce the negative consequences of risky user actions and encourage them to follow security's advice.

The Secret Service’s missing text messages: Lessons for IT security

The Secret Service’s missing text messages: Lessons for IT security

The drama in Washington shines a light on the challenges in securing mobile communications and the role that document destruction and retention policies play in organizational security.

Spyware infections continue as the U.S. federal government takes notice

Spyware infections continue as the U.S. federal government takes notice

As more high-profile instances of spyware misuse come to light, the U.S. government begins to take action to address the threat.

Spate of pending U.S. privacy initiatives could significantly impact businesses

Spate of pending U.S. privacy initiatives could significantly impact businesses

Bolstered by the overturned Roe v. Wade decision, several privacy initiatives could force businesses to review how they process, store, and protect data.

Cyber Safety Review Board warns that Log4j event is an “endemic vulnerability”

Cyber Safety Review Board warns that Log4j event is an “endemic vulnerability”

The CSRB report predicts the Log4J risk will continue for years and offers best practices for mitigating the threat.

U.S. NDAA heads into the home stretch with significant cybersecurity amendments pending

U.S. NDAA heads into the home stretch with significant cybersecurity amendments pending

The main defense spending bill might enact the most significant pieces of U.S. cybersecurity legislation this year.

Load More