The number of U.S. data breaches bumped up 17% in 2019 but despite the increase, the volume of sensitive consumer records that were exposed declined substantially by 65%, according to a newly published report. These statistics are a complete reversal of what happened in 2018, when the number of exposed consumer records soared by 126% and breaches declined by 23%, according to the Identity Theft Resource Center’s (ITRC) End-of-Year Data Breach Report for 2019  Data breaches tracked in 2019 in the United States jumped to 1,473, from 1,257 in the previous year, the report revealed. Meanwhile, 164,683,455 sensitive records were exposed, compared to 471,225,862 in 2018. The ITRC notes, however, that the 2018 Marriott data alone exposed 383 million records,

On February 3, (ISC)2 announced that it opened the call for speakers for its 2020 Security Congress in Orlando, FL, running from November 16-18. Speaker applicants can either submit for an individual presentation or panel presentation before the March 22 submission deadline. All submissions require a five-step process, which must be fully completed in order to be considered. Proposals must be non‐sales and non‐marketing oriented and no fees are required to submit. All applications must include a title, a proposal abstract (with a limit of 125 words) and three learning objectives to impart to attendees. As a reminder, (ISC)2 is looking for presentation abstracts on the following subject areas: Application Security / Software Assurance Cloud Security Critical Thinking Cryptography Cutting

By Diana Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP Ransomware is in the news lately with attacks on Norsk Hydro, multiple cities in Florida, Baltimore and Atlanta, not to mention the numerous hospitals that have been hit. These attacks have cost companies like Norsk an estimated $45 million due to lost revenues and the cost to restore and recover their IT department. The cost to the two cities in Florida is estimated to be $1.1 million and the tally continues to grow. Ransomware is short for ransom malware and has been around since the late 1980s, but is now gaining in popularity from bad actors. The software typically prevents users from accessing their system or personal files and then will demand a

This is one you won’t want to miss. (ISC)² Director of Cybersecurity Advocacy, John McCumber, will walk through the 2019 Cybersecurity Workforce Study results in a webinar hosted by the Center for Internet Security this Wednesday, February 12 at 12:30 p.m. ET. In an era of high-profile data breaches and devastating cyber attacks, cybersecurity impacts every individual and every organization. But (ISC)² research also shows that those in the field are optimistic that those challenges can be overcome if organizations take the right approach to growing the workforce and building strong cybersecurity teams. The presentation, titled “The Cybersecurity Workforce Shortage & How We Can Combat It” will dive into: An overview of the 2019 (ISC)² Cybersecurity Workforce Study The numbers and

By Dr. Thomas P. Scanlon, CISSP Software Engineering Institute, Carnegie Mellon University Today’s software developers are as much integrators as they are pure coders. There is an abundance of libraries, plug-ins and other third-party software components readily available to speed development. There is no sense in reinventing something when you can just download it, merge it in and move along. Using free and open source software (FOSS) components can save both time and money, so they make for attractive choices. However, including open source software into development projects often makes the cybersecurity professionals in an organization a little uneasy. But, should it? There is often a misconception that FOSS components are ‘less secure’ than commercial products. The reality is that