Andrzej Kawalec - HP Information Security Interview

| April 26, 2016

article image
An interview with Andrzej Kawalec, Chief Technology Officer, HP Information Security. Filmed at Information Security Leaders 2011.

Spotlight

Protegrity

Protegrity is the leading enterprise data security software company worldwide, providing high performance, infinitely scalable, end-to-end data security solutions. Protegrity delivers centrally managed and controlled data security that protects sensitive information across the enterprise in big data, databases, applications and file systems from the point of acquisition to deletion. Protegrity’s solutions give corporations the ability to implement a variety of data protection methods, including Vaultless Tokenization, strong encryption, masking, and monitoring to ensure the protection of their sensitive data and enable compliance for PCI DSS, HIPAA and other data security requirements. Protegrity’s award winning software products and innovative technology are backed by over 17 industry patents, all of which elevate the Protegrity Data Security Platform above point solutions. Protegrity employees are security technology specialists with deep industry expertise in data security approache

OTHER ARTICLES

How Is Covid-19 Creating Data Breaches?

Article | March 30, 2020

Trevor is working from home for the first time. He loves the freedom and flexibility, but doesn’t read his company’s new BYOD policy. Sadly, he misses the fact that his home PC is not protected with updated security software nor the latest operating system patches. Kelcie’s home PC is faster than the old work laptop that she’s been issued to use during the pandemic. She decides to use a USB stick to transfer large files back and forth between her PCs to speed things up. After a few days, she does all her work on her home PC, using a “safe” virtual desktop app. But unbeknownst to her, there is a keylogger on her home PC.

Read More

3 Trends in Data Privacy Breach Laws That Will Carry Over to 2020

Article | February 12, 2020

During 2019, new privacy laws were introduced, and many current laws evolved in the United States and across the global landscape. With the General Data Protection Regulation (GDPR) in full effect, we saw expensive fines levied upon companies that fell victim to data privacy breaches. As we move into a new year, probably the biggest takeaway from 2019 is that being proactive and having a data privacy strategy in place is important to help mitigate the risk of a data privacy breach. The regulatory landscape continues to evolve as states and countries actively pass new expanded requirements for privacy and cybersecurity regulations. While laws in the U.S., like the California Consumer Privacy Act (CCPA), are getting significant attention, many other states and countries are actively amending their breach notification laws to include tighter restrictions.

Read More

Data Privacy Problem: Are Home Genealogy Kits a Security Threat?

Article | March 2, 2020

Surprising news recently emerged from the personal genetics business. The two leading direct-to-consumer companies in North America, 23andMe and Ancestry.com, announced within a week of each other that they were laying off a significant proportion of their workforce as a result of a steep drop in sales. This past Christmas, the sales of testing kits were expected to take a sharp hike — nothing says family like a gift that says prove it. But sales plummeted instead. According to Second Measure, a company that analyzes website sales, 23andMe’s business plummeted 54 per cent and Ancestry kits sales declined 38 per cent. Industry executives, market watchers and genealogists have all speculated about the causes of the drop in consumer interest. Market saturation? Early adopters tapped out? Limited usefulness? Recession fears? Whatever the theory, everyone seems to agree on one factor: privacy concerns.

Read More

Ryuk: Defending Against This Increasingly Busy Ransomware Family

Article | February 12, 2020

On December 16, 2019, the U.S. Coast Guard disclosed a security incident at a facility regulated by the Maritime Transportation Security Act (MTSA). Forensic analysis suggests that the incident might have begun when an employee clicked on a link embedded in a phishing email.This action enabled a threat actor to set Ryuk ransomware loose on the facility’s network. Ultimately, the infection spread to all IT network files, leading Ryuk to disrupt the corporate IT network and prevent critical process control monitoring systems from functioning properly. Phishing is one of the primary infection vectors for most ransomware families, but there’s an interesting twist with this particular family. As noted by Malwarebytes, a typical Ryuk attack begins when a user opens a weaponized Microsoft Office document attached to a phishing email. Opening the document causes a malicious macro to execute a PowerShell command that attempts to download the banking trojan Emotet. This has the ability to download additional malware onto an infected machine that retrieves and executes Trickbot.

Read More

Spotlight

Protegrity

Protegrity is the leading enterprise data security software company worldwide, providing high performance, infinitely scalable, end-to-end data security solutions. Protegrity delivers centrally managed and controlled data security that protects sensitive information across the enterprise in big data, databases, applications and file systems from the point of acquisition to deletion. Protegrity’s solutions give corporations the ability to implement a variety of data protection methods, including Vaultless Tokenization, strong encryption, masking, and monitoring to ensure the protection of their sensitive data and enable compliance for PCI DSS, HIPAA and other data security requirements. Protegrity’s award winning software products and innovative technology are backed by over 17 industry patents, all of which elevate the Protegrity Data Security Platform above point solutions. Protegrity employees are security technology specialists with deep industry expertise in data security approache

Events